cs.h   [plain text]

/*
 * Copyright (c) 2006 Apple Computer, Inc. All Rights Reserved.
 * 
 * @APPLE_LICENSE_HEADER_START@
 * 
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this
 * file.
 * 
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 * 
 * @APPLE_LICENSE_HEADER_END@
 */

//
// cs.h - code signing core header
//
#ifndef _H_CS
#define _H_CS

#include "cserror.h"
#include "codesigning_dtrace.h"
#include <Security/CSCommonPriv.h>
#include <Security/SecCodePriv.h>
#include <Security/SecStaticCodePriv.h>
#include <Security/SecRequirementPriv.h>
#include <Security/SecCodeSigner.h>
#include <Security/SecBasePriv.h>
#include <CoreServices/../Frameworks/CarbonCore.framework/Headers/MacErrors.h>
#include <security_utilities/globalizer.h>
#include <security_utilities/seccfobject.h>
#include <security_utilities/cfclass.h>
#include <security_utilities/errors.h>
#include <security_utilities/sqlite++.h>
#include <security_utilities/cfutilities.h>


namespace Security {
namespace CodeSigning {


//
// API per-thread globals
//
struct PerThread {
	SecCSFlags flags;				// flags of pending API call
};


//
// API globals
//
struct CFObjects {
	CFObjects();
	CFClass Code;
	CFClass StaticCode;
	CFClass Requirement;
	CFClass CodeSigner;

	ThreadNexus<PerThread> perThread;
	
	SecCSFlags &flags() { return perThread().flags; }
};

extern ModuleNexus<CFObjects> gCFObjects;

static inline SecCSFlags apiFlags() { return gCFObjects().flags(); }

OSStatus dbError(const SQLite3::Error &err);


//
// Code Signing API brackets
//
#define BEGIN_CSAPI \
    try {
	
#define END_CSAPI \
    } \
	catch (const UnixError &err) { \
		switch (err.error) { \
		case ENOEXEC: return errSecCSBadObjectFormat; \
		default: return err.osStatus(); \
		}} \
    catch (const MacOSError &err) { return err.osStatus(); } \
    catch (const SQLite3::Error &err) { return dbError(err); } \
    catch (const CommonError &err) { return SecKeychainErrFromOSStatus(err.osStatus()); } \
    catch (const std::bad_alloc &) { return memFullErr; } \
    catch (...) { return errSecCSInternalError; } \
	return noErr;
	
#define END_CSAPI_ERRORS \
	} \
	catch (const CSError &err) { return err.cfError(errors); } \
	catch (const UnixError &err) { \
		switch (err.error) { \
		case ENOEXEC: return CSError::cfError(errors, errSecCSBadObjectFormat); \
		default: return CSError::cfError(errors, err.osStatus()); \
		}} \
    catch (const MacOSError &err) { return CSError::cfError(errors, err.osStatus()); } \
    catch (const SQLite3::Error &err) { return CSError::cfError(errors, dbError(err)); } \
    catch (const CommonError &err) { return CSError::cfError(errors, SecKeychainErrFromOSStatus(err.osStatus())); } \
    catch (const std::bad_alloc &) { return CSError::cfError(errors, memFullErr); } \
    catch (...) { return CSError::cfError(errors, errSecCSInternalError); } \
	return noErr;
	
#define END_CSAPI1(bad)    } catch (...) { return bad; }

	
#define END_CSAPI_ERRORS1(bad) \
	} \
	catch (const CSError &err) { err.cfError(errors); } \
	catch (const UnixError &err) { \
		switch (err.error) { \
		case ENOEXEC: CSError::cfError(errors, errSecCSBadObjectFormat); \
		default: CSError::cfError(errors, err.osStatus()); \
		}} \
    catch (const MacOSError &err) { CSError::cfError(errors, err.osStatus()); } \
    catch (const SQLite3::Error &err) { CSError::cfError(errors, dbError(err)); } \
    catch (const CommonError &err) { CSError::cfError(errors, SecKeychainErrFromOSStatus(err.osStatus())); } \
    catch (const std::bad_alloc &) { CSError::cfError(errors, memFullErr); } \
    catch (...) { CSError::cfError(errors, errSecCSInternalError); } \
	return bad;


//
// A version of CodeSigning::Required
//
template <class T>
static inline T &Required(T *ptr)
{
	if (ptr == NULL)
		MacOSError::throwMe(errSecCSObjectRequired);
	return *ptr;
}

static inline void Required(const void *ptr)
{
	if (ptr == NULL)
		MacOSError::throwMe(errSecCSObjectRequired);
}


//
// Check flags against a validity mask
//
static inline void checkFlags(SecCSFlags flags, SecCSFlags acceptable = 0)
{
	if (flags & ~acceptable)
		MacOSError::throwMe(errSecCSInvalidFlags);
	gCFObjects().flags() = flags;
}


//
// DTrace USDT function bracket.
// Use like this:
//	DTRACK(PROVIDER_PROBE_PREFIX, arguments-after-this);
// which will call
//	PROVIDER_PROBE_PREFIX_START(this, arguments-after-this)
// and
//	PROVIDER_PROBE_PREFIX_END(this)
//
#define DTRACK(_prefix, _obj, _args...) \
	if (_prefix ## _START_ENABLED()) _prefix ## _START((_obj), ## _args); \
	struct _DTFrame ## _prefix { void *me; \
		_DTFrame ## _prefix(void *m) : me(m) { } \
		~_DTFrame ## _prefix() { _prefix ## _END(me); } \
	} _dtframe##_prefix((_obj));


}	// CodeSigning
}	// Security

#endif //_H_CS