Cradicle Explorer
darling-security
/ OSX / libsecurity_keychain / regressions / kc-16-item-update-password.c
kc-16-item-update-password.c
 1  /*
 2   * Copyright (c) 2016 Apple Inc. All Rights Reserved.
 3   *
 4   * @APPLE_LICENSE_HEADER_START@
 5   *
 6   * This file contains Original Code and/or Modifications of Original Code
 7   * as defined in and that are subject to the Apple Public Source License
 8   * Version 2.0 (the 'License'). You may not use this file except in
 9   * compliance with the License. Please obtain a copy of the License at
10   * http://www.opensource.apple.com/apsl/ and read it before using this
11   * file.
12   *
13   * The Original Code and all software distributed under the License are
14   * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15   * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16   * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17   * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18   * Please see the License for the specific language governing rights and
19   * limitations under the xLicense.
20   *
21   * @APPLE_LICENSE_HEADER_END@
22   */
23  
24  #import <Security/Security.h>
25  #import <Security/SecCertificatePriv.h>
26  
27  #include "keychain_regressions.h"
28  #include "kc-helpers.h"
29  #include "kc-item-helpers.h"
30  
31  static void tests()
32  {
33      SecKeychainRef kc = getPopulatedTestKeychain();
34  
35      CFMutableDictionaryRef query = NULL;
36      SecKeychainItemRef item = NULL;
37  
38      // Find passwords
39      query = createQueryCustomItemDictionaryWithService(kc, kSecClassInternetPassword, CFSTR("test_service"), CFSTR("test_service"));
40      item = checkNCopyFirst(testName, query, 1);
41      readPasswordContents(item, CFSTR("test_password"));  checkPrompts(0, "after reading a password");
42      changePasswordContents(item, CFSTR("new_password")); checkPrompts(0, "changing a internet password");
43      readPasswordContents(item, CFSTR("new_password"));   checkPrompts(0, "reading a changed internet password");
44      CFReleaseNull(item);
45  
46      query = createQueryCustomItemDictionaryWithService(kc, kSecClassInternetPassword, CFSTR("test_service_restrictive_acl"), CFSTR("test_service_restrictive_acl"));
47      item = checkNCopyFirst(testName, query, 1);
48      readPasswordContentsWithResult(item, errSecAuthFailed, NULL); // we don't expect to be able to read this
49      checkPrompts(1, "trying to read internet password without access");
50  
51      changePasswordContents(item, CFSTR("new_password"));
52      checkPrompts(0, "after changing a internet password without access"); // NOTE: we expect this write to succeed, even though we're not on the ACL. Therefore, we should see 0 prompts for this step.
53      readPasswordContentsWithResult(item, errSecAuthFailed, NULL); // we don't expect to be able to read this
54      checkPrompts(1, "after changing a internet password without access");
55      CFReleaseNull(item);
56  
57      query = createQueryCustomItemDictionaryWithService(kc, kSecClassGenericPassword, CFSTR("test_service"), CFSTR("test_service"));
58      item = checkNCopyFirst(testName, query, 1);
59      readPasswordContents(item, CFSTR("test_password"));   checkPrompts(0, "after reading a generic password");
60      changePasswordContents(item, CFSTR("new_password"));  checkPrompts(0, "changing a generic password");
61      readPasswordContents(item, CFSTR("new_password"));    checkPrompts(0, "after changing a generic password");
62      CFReleaseNull(item);
63  
64      query = createQueryCustomItemDictionaryWithService(kc, kSecClassGenericPassword, CFSTR("test_service_restrictive_acl"), CFSTR("test_service_restrictive_acl"));
65      item = checkNCopyFirst(testName, query, 1);
66      readPasswordContentsWithResult(item, errSecAuthFailed, NULL); // we don't expect to be able to read this
67      checkPrompts(1, "trying to read generic password without access");
68  
69      changePasswordContents(item, CFSTR("new_password"));
70      checkPrompts(0, "changing a generic password without access"); // NOTE: we expect this write to succeed, even though we're not on the ACL. Therefore, we should see 0 prompts for this step.
71      readPasswordContentsWithResult(item, errSecAuthFailed, NULL); // we don't expect to be able to read this
72      checkPrompts(1, "after changing a generic password without access");
73      CFReleaseNull(item);
74  
75      ok_status(SecKeychainDelete(kc), "%s: SecKeychainDelete", testName);
76      CFReleaseNull(kc);
77  }
78  #define numTests (getPopulatedTestKeychainTests + \
79  checkNTests + readPasswordContentsTests + checkPromptsTests + changePasswordContentsTests + checkPromptsTests + readPasswordContentsTests + checkPromptsTests + \
80  checkNTests + readPasswordContentsTests + checkPromptsTests + changePasswordContentsTests + checkPromptsTests + readPasswordContentsTests + checkPromptsTests + \
81  checkNTests + readPasswordContentsTests + checkPromptsTests + changePasswordContentsTests + checkPromptsTests + readPasswordContentsTests + checkPromptsTests + \
82  checkNTests + readPasswordContentsTests + checkPromptsTests + changePasswordContentsTests + checkPromptsTests + readPasswordContentsTests + checkPromptsTests + \
83  + 1)
84  
85  int kc_16_item_update_password(int argc, char *const *argv)
86  {
87      plan_tests(numTests);
88      initializeKeychainTests(__FUNCTION__);
89  
90      tests();
91  
92      deleteTestFiles();
93      return 0;
94  }