// // GUID <-> string conversions. // Note that we DO check for {} on input and insist on rigid formatting. // We don't require a terminating null byte on input, but generate it on output. // char *Guid::toString(char buffer[stringRepLength+1]) const { sprintf(buffer, "{%8.8x-%4.4hx-%4.4hx-", int(n2h(Data1)), n2h(Data2), n2h(Data3)); for (int n = 0; n < 2; n++) sprintf(buffer + 20 + 2*n, "%2.2hhx", Data4[n]); buffer[24] = '-'; for (int n = 2; n < 8; n++) sprintf(buffer + 21 + 2*n, "%2.2hhx", Data4[n]); buffer[37] = '}'; buffer[38] = '\0'; return buffer; }
bool SharedMemoryListener::needsPrivacyFilter(Notification *notification) { if (notification->domain == kNotificationDomainPCSC || notification->domain == kNotificationDomainCDSA) return false; // kNotificationDomainDatabase = 1, // something happened to a database (aka keychain) switch (notification->event) { case kSecLockEvent: // kNotificationEventLocked case kSecUnlockEvent: // kNotificationEventUnlocked case kSecPasswordChangedEvent: // kNotificationEventPassphraseChanged case kSecDefaultChangedEvent: case kSecDataAccessEvent: case kSecKeychainListChangedEvent: case kSecTrustSettingsChangedEvent: return false; case kSecAddEvent: case kSecDeleteEvent: case kSecUpdateEvent: break; } secdebug("MDSPRIVACY","[%03d] Evaluating event %s", mUID, notification->description().c_str()); NameValueDictionary dictionary (notification->data); const NameValuePair *item = dictionary.FindByName(ITEM_KEY); // If we don't have an item, there is nothing to filter if (!item) { secdebug("MDSPRIVACY","[%03d] Item event did not contain an item", mUID); return false; } pid_t thisPid = 0; const NameValuePair *pidRef = dictionary.FindByName(PID_KEY); if (pidRef != 0) { thisPid = n2h(*reinterpret_cast<pid_t*>(pidRef->Value().data())); } uid_t out_euid = 0; int rx = SharedMemoryListener::get_process_euid(thisPid, out_euid); if (rx != 0) { secdebug("MDSPRIVACY","[%03d] get_process_euid failed (rx=%d), filtering out item", mUID, rx); return true; } if (out_euid == mUID) { return false; // Listener owns this item, so no filtering } // Allow processes running as root to pass through certificates if (out_euid == 0) { CSSM_DB_RECORDTYPE recordType = getRecordType(item->Value()); if (recordType == CSSM_DL_DB_RECORD_X509_CERTIFICATE) { return false; } } secdebug("MDSPRIVACY","[%03d] Filtering event %s", mUID, notification->description().c_str()); return true; }
// // Create a Key object from a database-encoded blob. // Note that this doesn't decode the blob (yet). // KeychainKey::KeychainKey(Database &db, const KeyBlob *blob) : LocalKey(db, n2h(blob->header.attributes())) { // perform basic validation on the incoming blob assert(blob); blob->validate(CSSMERR_APPLEDL_INVALID_KEY_BLOB); switch (blob->version()) { #if defined(COMPAT_OSX_10_0) case KeyBlob::version_MacOS_10_0: break; #endif case KeyBlob::version_MacOS_10_1: break; default: CssmError::throwMe(CSSMERR_APPLEDL_INCOMPATIBLE_KEY_BLOB); } // set it up mBlob = blob->copy(Allocator::standard()); mValidBlob = true; db.addReference(*this); secdebug("SSkey", "%p (handle %#x) created from blob version %x", this, handle(), blob->version()); }