1  /*
  2   * Copyright (c) 2006-2007,2011 Apple Inc. All Rights Reserved.
  3   * 
  4   * @APPLE_LICENSE_HEADER_START@
  5   * 
  6   * This file contains Original Code and/or Modifications of Original Code
  7   * as defined in and that are subject to the Apple Public Source License
  8   * Version 2.0 (the 'License'). You may not use this file except in
  9   * compliance with the License. Please obtain a copy of the License at
 10   * http://www.opensource.apple.com/apsl/ and read it before using this
 11   * file.
 12   * 
 13   * The Original Code and all software distributed under the License are
 14   * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 15   * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 16   * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 17   * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 18   * Please see the License for the specific language governing rights and
 19   * limitations under the License.
 20   * 
 21   * @APPLE_LICENSE_HEADER_END@
 22   */
 23  #include "filediskrep.h"
 24  #include "StaticCode.h"
 25  #include <security_utilities/macho++.h>
 26  #include <cstring>
 27  
 28  
 29  namespace Security {
 30  namespace CodeSigning {
 31  
 32  using namespace UnixPlusPlus;
 33  
 34  
 35  //
 36  // Everything's lazy in here
 37  //
 38  FileDiskRep::FileDiskRep(const char *path)
 39  	: SingleDiskRep(path)
 40  {
 41  	CODESIGN_DISKREP_CREATE_FILE(this, (char*)path);
 42  }
 43  
 44  
 45  //
 46  // Produce an extended attribute name from a canonical slot name
 47  //
 48  string FileDiskRep::attrName(const char *name)
 49  {
 50  	static const char prefix[] = "com.apple.cs.";
 51  	return string(prefix) + name;
 52  }
 53  
 54  
 55  //
 56  // Retrieve an extended attribute by name
 57  //
 58  CFDataRef FileDiskRep::getAttribute(const char *name)
 59  {
 60  	string aname = attrName(name);
 61  	try {
 62  		ssize_t length = fd().getAttrLength(aname);
 63  		if (length < 0)
 64  			return NULL;		// no such attribute
 65  		CFMallocData buffer(length);
 66  		fd().getAttr(aname, buffer, length);
 67  		return buffer;
 68  	} catch (const UnixError &err) {
 69  		// recover some errors that happen in (relatively) benign circumstances
 70  		switch (err.error) {
 71  		case ENOTSUP:	// no extended attributes on this filesystem
 72  		case EPERM:		// filesystem objects to name(?)
 73  			return NULL;
 74  		default:
 75  			throw;
 76  		}
 77  	}
 78  }
 79  
 80  
 81  //
 82  // Extract and return a component by slot number.
 83  // If we have a Mach-O binary, use embedded components.
 84  // Otherwise, look for and return the extended attribute, if any.
 85  //
 86  CFDataRef FileDiskRep::component(CodeDirectory::SpecialSlot slot)
 87  {
 88  	if (const char *name = CodeDirectory::canonicalSlotName(slot))
 89  		return getAttribute(name);
 90  	else
 91  		return NULL;
 92  }
 93  
 94  
 95  //
 96  // Generate a suggested set of internal requirements.
 97  // We don't really have to say much. However, if we encounter a file that
 98  // starts with the magic "#!" script marker, we do suggest that this should
 99  // be a valid host if we can reasonably make out what that is.
100  //
101  const Requirements *FileDiskRep::defaultRequirements(const Architecture *, const SigningContext &ctx)
102  {
103  	// read start of file
104  	char buffer[256];
105  	size_t length = fd().read(buffer, sizeof(buffer), 0);
106  	if (length > 3 && buffer[0] == '#' && buffer[1] == '!' && buffer[2] == '/') {
107  		// isolate (full) path element in #!/full/path -some -other -stuff
108  		if (length == sizeof(buffer))
109  			length--;
110  		buffer[length] = '\0';
111  		char *cmd = buffer + 2;
112  		cmd[strcspn(cmd, " \t\n\r\f")] = '\0';
113  		secinfo("filediskrep", "looks like a script for %s", cmd);
114  		if (cmd[1])
115  			try {
116  				// find path on disk, get designated requirement (if signed)
117  				string path = ctx.sdkPath(cmd);
118  				if (RefPointer<DiskRep> rep = DiskRep::bestFileGuess(path))
119  					if (SecPointer<SecStaticCode> code = new SecStaticCode(rep))
120  						if (const Requirement *req = code->designatedRequirement()) {
121  							CODESIGN_SIGN_DEP_INTERP(this, (char*)cmd, (void*)req);
122  							// package up as host requirement and return that
123  							Requirements::Maker maker;
124  							maker.add(kSecHostRequirementType, req->clone());
125  							return maker.make();
126  						}
127  			} catch (...) {
128  				secinfo("filediskrep", "exception getting host requirement (ignored)");
129  			}
130  	}
131  	return NULL;
132  }
133  
134  
135  string FileDiskRep::format()
136  {
137  	return "generic";
138  }
139  
140  //
141  // FileDiskRep::Writers
142  //
143  DiskRep::Writer *FileDiskRep::writer()
144  {
145  	return new Writer(this);
146  }
147  
148  
149  //
150  // Write a component.
151  // Note that this isn't concerned with Mach-O writing; this is handled at
152  // a much higher level. If we're called, it's extended attribute time.
153  //
154  void FileDiskRep::Writer::component(CodeDirectory::SpecialSlot slot, CFDataRef data)
155  {
156  	try {
157          std::string name = attrName(CodeDirectory::canonicalSlotName(slot));
158  		fd().setAttr(name, CFDataGetBytePtr(data), CFDataGetLength(data));
159          mWrittenAttributes.insert(name);
160  	} catch (const UnixError &error) {
161  		if (error.error == ERANGE)
162  			MacOSError::throwMe(errSecCSCMSTooLarge);
163  		throw;
164  	}
165  }
166      
167  
168  void FileDiskRep::Writer::flush()
169  {
170      size_t size = fd().listAttr(NULL, 0);
171      std::vector<char> buffer(size);
172      char *s = &buffer[0];
173      char *end = &buffer[size];
174      fd().listAttr(s, size);
175      while (s < end) {
176          std::string name = s;
177          s += strlen(s) + 1;     // skip to next
178          if (name.compare(0, 13, "com.apple.cs.") == 0)  // one of ours
179              if (mWrittenAttributes.find(name) == mWrittenAttributes.end()) {    // not written by this signing operation
180                  fd().removeAttr(name);
181          }
182      }
183  }
184  
185  
186  //
187  // Clear all signing data
188  //
189  void FileDiskRep::Writer::remove()
190  {
191  	for (CodeDirectory::SpecialSlot slot = 0; slot < cdSlotCount; slot++)
192  		if (const char *name = CodeDirectory::canonicalSlotName(slot))
193  			fd().removeAttr(attrName(name));
194  	fd().removeAttr(attrName(kSecCS_SIGNATUREFILE));
195  }
196  
197  
198  //
199  // We are NOT the preferred store for components because our approach
200  // (extended attributes) suffers from some serious limitations.
201  //
202  bool FileDiskRep::Writer::preferredStore()
203  {
204  	return false;
205  }
206  
207  
208  } // end namespace CodeSigning
209  } // end namespace Security