dbTool.cpp   [plain text]

/* Copyright (c) 2002-2006 Apple Computer, Inc.
 *
 * dbTool.cpp - DL/DB tool.
 */
#include <stdlib.h>
#include <stdio.h>
#include <time.h>
#include <strings.h>
#include <ctype.h>
#include <Security/cssm.h>
#include <Security/cssmapple.h>
#include <Security/cssmapplePriv.h>
#include "cspwrap.h"
#include "common.h"
#include "dbAttrs.h"
#include "dbCert.h"
#include "cspdlTesting.h"


static void usage(char **argv)
{
	printf("usage: %s dbFileName command [options]\n", argv[0]);
	printf("Commands:\n");
	printf("   r   Dump Schema Relations\n");
	printf("   k   Dump all keys\n");
	printf("   c   Dump certs\n");
	printf("   a   Dump all records\n");
	printf("   d   Delete records (interactively)\n");
	printf("   D   Delete records (noninteractively, requires really arg)\n");
	printf("   i   Import bad cert and its (good) private key\n");
	printf("Options:\n");
	printf("   v   verbose\n");
	printf("   q   quiet\n");
	printf("   R   really! (for D command)\n");
	printf("   d   dump data\n");
	printf("   c=certFile\n");
	printf("   k=keyFile\n");
	exit(1);
}


static unsigned indentVal = 0;
static void indentIncr()
{
	indentVal += 3;
}

static void indentDecr()
{
	if(indentVal) {
		indentVal -= 3;
	}
}

static void doIndent()
{
	unsigned i;
	for(i=0; i<indentVal; i++) {
		printf(" ");
	}
}

#define NORM_KEY_LEN	20

/* print an attribute name, padding out to NORM_KEY_LEN columns */
static void printName(
	const CSSM_DB_ATTRIBUTE_INFO *attrInfo)
{
	switch(attrInfo->AttributeNameFormat) {
		case CSSM_DB_ATTRIBUTE_NAME_AS_STRING:
		{
			char *attrName = attrInfo->Label.AttributeName;
			printf("%s", attrName);
			int len = strlen(attrName);
			if(len > NORM_KEY_LEN) {
				return;
			}
			int numSpaces = NORM_KEY_LEN - len;
			for(int i=0; i<numSpaces; i++) {
				putchar(' ');
			}
			break;
		}
		case CSSM_DB_ATTRIBUTE_NAME_AS_INTEGER:
		{
			/* OSType, endian dependent... */
			char *cp = (char *)&(attrInfo->Label.AttributeID);
			for(unsigned i=0; i<4; i++) {
				putchar(*cp++);
			}
			printf("                ");
			break;
		}
		default:
			printf("Unknown attribute name format (%u)\n", 
				(unsigned)attrInfo->AttributeNameFormat);
			break;
	}
}

/*
 * Attempt to print a numeric value as a string, per a NameValuePair table.
 * If the value is in fact a collection of legal values (per the nameValues
 * array), the value will just be printed in hex.  
 */
static void printValueAsString(
	unsigned val, 
	const NameValuePair *nameValues)
{
	if(nameValues != NULL) {
		while(nameValues->name != NULL) {
			if(nameValues->value == val) {
				printf("%s", nameValues->name);
				return;
			}
			nameValues++;
		}
	}
	/* Oh well */
	printf("0x%x", val);
}

static void safePrint(
	uint8 *cp, 
	uint32 len)
{
	for(unsigned i=0; i<len; i++) {
		printf("%c", *cp++);
	}
}

/* See if a blob is printable. Used for BLOB and UINT32 types, the latter of 
 * which is sometimes used for OSType representation of attr name. */
bool isPrintable(
	const CSSM_DATA *dp)
{
	bool printable = true;
	uint8 *cp = dp->Data;
	for(unsigned i=0; i<dp->Length; i++) {
		if(*cp == 0) {
			if(i != (dp->Length - 1)) {
				/* data contains NULL character before end */
				printable = false;
			}
			/* else end of string */
			break;
		}
		if(!isprint(*cp)) {
			printable = false;
			break;
		}
		cp++;
	}
	return printable;
}

#define MAX_BLOB_TO_PRINT	12
static void printBlob(
	const CSSM_DATA *data)
{
	unsigned toPrint = data->Length;
	if(toPrint > MAX_BLOB_TO_PRINT) {
		toPrint = MAX_BLOB_TO_PRINT;
	}
	for(unsigned i=0; i<toPrint; i++) {
		unsigned dat = data->Data[i];
		printf("%02X ", dat);
	}
	if(toPrint < data->Length) {
		printf("...");
	}
}

static void printAttrData(
	const CSSM_DB_ATTRIBUTE_INFO *attrInfo,
	const CSSM_DATA *attrData,
	const NameValuePair *nameValues)		// optional
{
	void *data = attrData->Data;
	
	switch(attrInfo->AttributeFormat) {
	
		case CSSM_DB_ATTRIBUTE_FORMAT_STRING:
			putchar('\'');
			safePrint(attrData->Data, attrData->Length);
			putchar('\'');
			break;
		case CSSM_DB_ATTRIBUTE_FORMAT_SINT32:
		case CSSM_DB_ATTRIBUTE_FORMAT_UINT32:
		{
			unsigned val = *(unsigned *)data;
			printValueAsString(val, nameValues);
			break;
		}
		case CSSM_DB_ATTRIBUTE_FORMAT_BLOB:
		{
			printf("BLOB length %u : ", (unsigned)attrData->Length);
			/* see if it happens to be a printable string */
			if(isPrintable(attrData)) {
				putchar('\'');
				safePrint(attrData->Data, attrData->Length);
				putchar('\'');
			}
			else {
				printBlob(attrData);
			}
			break;
		}
		case CSSM_DB_ATTRIBUTE_FORMAT_MULTI_UINT32:
		{
			printf("multi_int[");
			uint32 numInts = attrData->Length / sizeof(uint32);
			uint32 *uip = (uint32 *)data;
			for(unsigned i=0; i<numInts; i++) {
				if(i > 0) {
					printf(", ");
				}
				printValueAsString(*uip++, nameValues);
			}
			printf("]");
			break;
		}
		case CSSM_DB_ATTRIBUTE_FORMAT_TIME_DATE:
			putchar('\'');
			safePrint(attrData->Data, attrData->Length);
			putchar('\'');
			break;
			
		default:
			printf("***UNKNOWN FORMAT (%u), Length %u",
				(unsigned)attrInfo->AttributeFormat, (unsigned)attrData->Length);
			break;
	}
}

/* free attribute(s) allocated by DL */
static void freeAttrs(
	CSSM_DB_RECORD_ATTRIBUTE_DATA *recordAttrs)
{
	unsigned i;
	
	for(i=0; i<recordAttrs->NumberOfAttributes; i++) {
		CSSM_DB_ATTRIBUTE_DATA_PTR attrData = &recordAttrs->AttributeData[i];
		if(attrData == NULL) {
			/* fault of caller, who allocated the CSSM_DB_ATTRIBUTE_DATA */
			printf("***freeAttrs screwup: NULL attrData\n");
			return;
		}
		unsigned j;
		for(j=0; j<attrData->NumberOfValues; j++) {
			CSSM_DATA_PTR data = &attrData->Value[j];
			if(data == NULL) {
				/* fault of MDS, who said there was a value here */
				printf("***freeAttrs screwup: NULL data\n");
				return;
			}
			CSSM_FREE(data->Data);
			data->Data = NULL;
			data->Length = 0;
		}
		CSSM_FREE(attrData->Value);
		attrData->Value = NULL;
	}
}

static void dumpDataBlob(
	const CSSM_DATA *datap)
{
	doIndent();
	printf("Record data length %lu ", datap->Length);
	if(datap->Length != 0) {
		printf(" : ");
		printBlob(datap);
	}
	printf("\n");
}

static void dumpRecordAttrs(
	const CSSM_DB_RECORD_ATTRIBUTE_DATA *recordAttrs,
	const NameValuePair 				**nameValues,		// parallel to recordAttrs
	const CSSM_DATA						*recordData = NULL)	// optional data
{
	unsigned valNum;
	unsigned dex;

	for(dex=0; dex<recordAttrs->NumberOfAttributes; dex++) {
		const CSSM_DB_ATTRIBUTE_DATA *attrData = &recordAttrs->AttributeData[dex];
		doIndent();
		printName(&attrData->Info);
		printf(": ");
		if(attrData->NumberOfValues == 0) {
			printf("<<not present>>\n");
			continue;
		}
		for(valNum=0; valNum<attrData->NumberOfValues; valNum++) {
			printAttrData(&attrData->Info, &attrData->Value[valNum], nameValues[dex]);
			if(valNum < (attrData->NumberOfValues - 1)) {
				printf(", ");
			}
		}
		printf("\n");
	}
	if(recordData) {
		dumpDataBlob(recordData);
	}
}

static void dumpRelation(
	CSSM_DL_DB_HANDLE 		dlDbHand, 
	const RelationInfo		*relInfo,
	CSSM_BOOL				dumpData)
{
	CSSM_QUERY						query;
	CSSM_DB_UNIQUE_RECORD_PTR		record = NULL;
	CSSM_RETURN						crtn;
	CSSM_HANDLE						resultHand;
	CSSM_DB_ATTRIBUTE_DATA			*attrs;
	CSSM_DB_RECORD_ATTRIBUTE_DATA	recordAttrs;
	unsigned 						attrDex;
	unsigned 						recNum = 0;
	uint32							numAttrs = relInfo->NumberOfAttributes;
	CSSM_DATA						data = {0, NULL};
	CSSM_DATA_PTR					datap = NULL;
	
	if(dumpData) {
		datap = &data;
	}
	
	/* build an attr array from known schema */
	attrs = (CSSM_DB_ATTRIBUTE_DATA *)CSSM_MALLOC(
		sizeof(CSSM_DB_ATTRIBUTE_DATA) * numAttrs);
	memset(attrs, 0, sizeof(CSSM_DB_ATTRIBUTE_DATA) * numAttrs);
	for(attrDex=0; attrDex<numAttrs; attrDex++) {
		attrs[attrDex].Info = relInfo->AttributeInfo[attrDex];
	}
	recordAttrs.DataRecordType = relInfo->DataRecordType;
	recordAttrs.NumberOfAttributes = numAttrs;
	recordAttrs.AttributeData = attrs;
	
	/* just search by recordType, no predicates */
	query.RecordType = relInfo->DataRecordType;
	query.Conjunctive = CSSM_DB_NONE;
	query.NumSelectionPredicates = 0;
	query.SelectionPredicate = NULL;
	query.QueryLimits.TimeLimit = 0;			// FIXME - meaningful?
	query.QueryLimits.SizeLimit = 1;			// FIXME - meaningful?
	query.QueryFlags = 0;		// CSSM_QUERY_RETURN_DATA...FIXME - used?

	crtn = CSSM_DL_DataGetFirst(dlDbHand,
		&query,
		&resultHand,
		&recordAttrs,
		datap,
		&record);
	switch(crtn) {
		case CSSM_OK:
			break;		// proceed
		case CSSMERR_DL_ENDOFDATA:
			printf("%s: no record found\n", relInfo->relationName);
			CSSM_FREE(attrs);
			return;
		default:
			printError("DataGetFirst", crtn);
			CSSM_FREE(attrs);
			return;
	}
	printf("%s:\n", relInfo->relationName);
	printf("   record %d; numAttrs %d:\n", 
		recNum++, (int)recordAttrs.NumberOfAttributes);
	indentIncr();
	
	dumpRecordAttrs(&recordAttrs, relInfo->nameValues, datap);
	CSSM_DL_FreeUniqueRecord(dlDbHand, record);
	freeAttrs(&recordAttrs);
	if(datap) {
		CSSM_FREE(datap->Data);
	}
	
	/* now the rest of them */
	/* hopefully we don't have to re-init the recordAttr array */
	for(;;) {
		crtn = CSSM_DL_DataGetNext(dlDbHand,
			resultHand, 
			&recordAttrs,
			datap,
			&record);
		switch(crtn) {
			case CSSM_OK:
				printf("   record %d; numAttrs %d:\n", 
					recNum++, (int)recordAttrs.NumberOfAttributes);
				dumpRecordAttrs(&recordAttrs, relInfo->nameValues, datap);
				CSSM_DL_FreeUniqueRecord(dlDbHand, record);
				freeAttrs(&recordAttrs);
				if(datap) {
					CSSM_FREE(datap->Data);
				}
				break;		// and go again 
			case CSSMERR_DL_ENDOFDATA:
				/* normal termination */
				break;
			default:
				printError("DataGetNext", crtn);
				break;
		}
		if(crtn != CSSM_OK) {
			break;
		}
	}
	indentDecr();
	CSSM_FREE(attrs);
}

/*
 * Given a record type and a CSSM_DB_UNIQUE_RECORD, fetch and parse all the 
 * attributes we can.
 */
static void fetchParseRecord(
	CSSM_DL_DB_HANDLE				dlDbHand,
	CSSM_DB_RECORD_ATTRIBUTE_DATA	*inRecordAttrs,
	CSSM_DB_UNIQUE_RECORD_PTR		record,
	const CSSM_DATA_PTR				datap,
	CSSM_BOOL						dumpData)
{
	const RelationInfo *relInfo = NULL;
	
	/* infer RelationInfo from recordType */
	switch(inRecordAttrs->DataRecordType) {
		case CSSM_DL_DB_RECORD_PUBLIC_KEY:
		case CSSM_DL_DB_RECORD_PRIVATE_KEY:
		case CSSM_DL_DB_RECORD_SYMMETRIC_KEY:
			relInfo = &allKeysRelation;
			break;
		case CSSM_DL_DB_RECORD_GENERIC_PASSWORD:
		case CSSM_DL_DB_RECORD_INTERNET_PASSWORD:
		case CSSM_DL_DB_RECORD_APPLESHARE_PASSWORD:
			relInfo = &genericKcRelation;
			break;
		case CSSM_DL_DB_RECORD_CERT:
			relInfo = &certRecordRelation;
			break;
		case CSSM_DL_DB_RECORD_X509_CERTIFICATE:
			relInfo = &x509CertRecordRelation;
			break;
		case CSSM_DL_DB_RECORD_X509_CRL:
			relInfo = &x509CrlRecordRelation;
			break;
		case CSSM_DL_DB_RECORD_USER_TRUST:
			relInfo = &userTrustRelation;
			break;
		case CSSM_DL_DB_RECORD_UNLOCK_REFERRAL:
			relInfo = &referralRecordRelation;
			break;
		case CSSM_DL_DB_RECORD_EXTENDED_ATTRIBUTE:
			relInfo = &extendedAttrRelation;
			break;
		case DBBlobRelationID:
			relInfo = NULL;
			doIndent();
			printf("--- No attributes ---\n");
			if(dumpData) {
				dumpDataBlob(datap);
			}
			return;
		default:
			doIndent();
			printf("<<unparsed>>\n");
			if(dumpData) {
				doIndent();
				printf("Record blob (length %ld): ", datap->Length);
				printBlob(datap);
				printf("\n");
			}
			return;
	}
	
	CSSM_DB_ATTRIBUTE_DATA			*attrs = NULL;
	CSSM_DB_RECORD_ATTRIBUTE_DATA	recordAttrs;
	unsigned 						attrDex;
	uint32							numAttrs = relInfo->NumberOfAttributes;
	CSSM_RETURN						crtn;
	CSSM_DATA 						recordData = {0, NULL};
	CSSM_DATA_PTR					recordDataP = dumpData ? &recordData : NULL;
	
	/* build an attr array from known schema */
	attrs = (CSSM_DB_ATTRIBUTE_DATA *)CSSM_MALLOC(
		sizeof(CSSM_DB_ATTRIBUTE_DATA) * numAttrs);
	memset(attrs, 0, sizeof(CSSM_DB_ATTRIBUTE_DATA) * numAttrs);
	for(attrDex=0; attrDex<numAttrs; attrDex++) {
		attrs[attrDex].Info = relInfo->AttributeInfo[attrDex];
	}

	/* from inRecordAttrs, not the relInfo, which could be a typeless template */
	recordAttrs.DataRecordType = relInfo->DataRecordType;
	recordAttrs.NumberOfAttributes = numAttrs;
	recordAttrs.AttributeData = attrs;

	crtn = 	CSSM_DL_DataGetFromUniqueRecordId(dlDbHand,
		record,
		&recordAttrs,
		recordDataP);
	if(crtn) {
		printError("CSSM_DL_DataGetFromUniqueRecordId", crtn);
		goto abort;
	}
	dumpRecordAttrs(&recordAttrs, relInfo->nameValues, recordDataP);
	freeAttrs(&recordAttrs);
	if(recordData.Data) {
		CSSM_FREE(recordData.Data);
	}
abort:
	if(attrs) {
		CSSM_FREE(attrs);
	}
	return;
}
	
static void deleteRecord(
	CSSM_DL_DB_HANDLE 			dlDbHand,
	CSSM_DB_UNIQUE_RECORD_PTR	record,
	CSSM_BOOL					interact)
{
	if(interact) {
		fpurge(stdin);
		printf("\nDelete this record [y/anything] ? ");
		char resp = getchar();
		if(resp != 'y') {
			return;
		}
	}
	CSSM_RETURN crtn;
	crtn = CSSM_DL_DataDelete(dlDbHand, record);
	if(crtn) {
		printError("CSSM_DL_DataDelete", crtn);
	}
	else if(interact) {
		printf("...record deleted\n\n");
	}
}

/*
 * In this case we search for CSSM_DL_DB_RECORD_ANY. The current schema results
 * in no single attribute which all interesting records have in common, so we
 * can't grab any attributes at GetFirst/GetNext time. Instead we have
 * to deal with the returned record per its record type. 
 */
static void dumpAllRecords(
	CSSM_DL_DB_HANDLE 		dlDbHand,
	CSSM_BOOL				deleteAll,
	CSSM_BOOL				interact,
	CSSM_BOOL				dumpData)
{
	CSSM_QUERY						query;
	CSSM_DB_UNIQUE_RECORD_PTR		record = NULL;
	CSSM_RETURN						crtn;
	CSSM_HANDLE						resultHand;
	CSSM_DB_RECORD_ATTRIBUTE_DATA	recordAttrs;
	CSSM_DATA						data = {0, NULL};
	CSSM_DATA_PTR					datap = NULL;
	
	if(dumpData) {
		datap = &data;
	}
	
	recordAttrs.DataRecordType = CSSM_DL_DB_RECORD_ANY;
	recordAttrs.NumberOfAttributes = 0;
	recordAttrs.AttributeData = NULL;
	
	/* just search by recordType, no predicates */
	query.RecordType = CSSM_DL_DB_RECORD_ANY;
	query.Conjunctive = CSSM_DB_NONE;
	query.NumSelectionPredicates = 0;
	query.SelectionPredicate = NULL;
	query.QueryLimits.TimeLimit = 0;			// FIXME - meaningful?
	query.QueryLimits.SizeLimit = 1;			// FIXME - meaningful?
	query.QueryFlags = 0;		// CSSM_QUERY_RETURN_DATA...FIXME - used?

	crtn = CSSM_DL_DataGetFirst(dlDbHand,
		&query,
		&resultHand,
		&recordAttrs,
		datap,	
		&record);
	switch(crtn) {
		case CSSM_OK:
			break;		// proceed
		case CSSMERR_DL_ENDOFDATA:
			printf("CSSM_DL_DB_RECORD_ANY: no record found\n");
			return;
		default:
			printError("DataGetFirst", crtn);
			return;
	}

	/* could be anything; check it out */
	if(interact) {
		doIndent();
		printValueAsString(recordAttrs.DataRecordType, recordTypeNames);
		printf("\n");
		indentIncr();
		fetchParseRecord(dlDbHand, &recordAttrs, record, datap, dumpData);
		indentDecr();
	}
	if(deleteAll && (recordAttrs.DataRecordType != DBBlobRelationID)) {
		/* NEVER delete a DBBlob */
		deleteRecord(dlDbHand, record, interact);
	}
	CSSM_DL_FreeUniqueRecord(dlDbHand, record);
	
	/* now the rest of them */
	/* hopefully we don't have to re-init the recordAttr array */
	for(;;) {
		crtn = CSSM_DL_DataGetNext(dlDbHand,
			resultHand, 
			&recordAttrs,
			datap,
			&record);
		switch(crtn) {
			case CSSM_OK:
				if(interact) {
					doIndent();
					printValueAsString(recordAttrs.DataRecordType, recordTypeNames);
					printf("\n");
					indentIncr();
					fetchParseRecord(dlDbHand, &recordAttrs, record, datap, dumpData);
					indentDecr();
				}
				if(deleteAll && (recordAttrs.DataRecordType != DBBlobRelationID)) {
					/* NEVER delete a DBBlob */
					deleteRecord(dlDbHand, record, interact);
				}
				CSSM_DL_FreeUniqueRecord(dlDbHand, record);
				break;		// and go again 
			case CSSMERR_DL_ENDOFDATA:
				/* normal termination */
				break;
			default:
				printError("DataGetNext", crtn);
				break;
		}
		if(crtn != CSSM_OK) {
			break;
		}
	}
}

int main(
	int argc, 
	char **argv)
{
	int					arg;
	char				*argp;
	char				*dbFileName;
	char				cmd;
	CSSM_DL_DB_HANDLE	dlDbHand;
	CSSM_BOOL			verbose = CSSM_FALSE;
	CSSM_BOOL			quiet = CSSM_FALSE;
	char				*certFile = NULL;
	char				*keyFile = NULL;
	CSSM_BOOL			interact = CSSM_TRUE;
	CSSM_BOOL			dumpData = CSSM_FALSE;
	
	/* should be cmd line opts */
	CSSM_ALGORITHMS		keyAlg = CSSM_ALGID_RSA;
	CSSM_BOOL			pemFormat = CSSM_FALSE;
	CSSM_KEYBLOB_FORMAT	keyFormat = CSSM_KEYBLOB_RAW_FORMAT_NONE;
	CSSM_RETURN 		crtn = CSSM_OK;
	
	if(argc < 3) {
		usage(argv);
	}
	dbFileName = argv[1];
	cmd = argv[2][0];
	
	for(arg=3; arg<argc; arg++) {
		argp = argv[arg];
		switch(argp[0]) {
			case 'v':
				verbose = CSSM_TRUE;
				break;
			case 'q':
				quiet = CSSM_TRUE;
				break;
			case 'R':
				if(cmd == 'D') {
					interact = CSSM_FALSE;
				}
				break;
			case 'd':
				dumpData = CSSM_TRUE;
				break;
			case 'c':
				certFile = &argp[2];
				break;
			case 'k':
				keyFile = &argp[2];
				break;
		    case 'h':
		    default:
				usage(argv);
		}
	}
	
	dlDbHand.DLHandle = dlStartup();
	if(dlDbHand.DLHandle == 0) {
		exit(1);
	}
	if(cmd == 'i') {
		crtn = importBadCert(dlDbHand.DLHandle, dbFileName, certFile, 
			keyFile, keyAlg, pemFormat, keyFormat, verbose);
		goto done;
	}
	crtn = dbCreateOpen(dlDbHand.DLHandle, dbFileName, 
		CSSM_FALSE, CSSM_FALSE, NULL, &dlDbHand.DBHandle);
	if(crtn) {
		exit(1);
	}
	switch(cmd) {
		case 'r':
			dumpRelation(dlDbHand, &schemaInfoRelation, dumpData);
			break;
		case 'k':
			dumpRelation(dlDbHand, &allKeysRelation, dumpData);
			break;
		case 'c':
			dumpRelation(dlDbHand, &x509CertRecordRelation, dumpData);
			break;
		case 'a':
			dumpAllRecords(dlDbHand, CSSM_FALSE, CSSM_TRUE, dumpData);
			break;
		case 'd':
		case 'D':
			dumpAllRecords(dlDbHand, CSSM_TRUE, interact, dumpData);
			if(!interact) {
				/* we ignored errors.... */
				if(!quiet) {
					printf("...DB %s wiped clean\n", dbFileName);
				}
			}
			break;
		default:
			usage(argv);
	}
	CSSM_DL_DbClose(dlDbHand);
done:
	CSSM_ModuleDetach(dlDbHand.DLHandle);
	return crtn;
}