Cradicle Explorer
darling-security
/ keychain / securityd / SecItemServer.h
SecItemServer.h
  1  /*
  2   * Copyright (c) 2007-2009,2012-2014 Apple Inc. All Rights Reserved.
  3   *
  4   * @APPLE_LICENSE_HEADER_START@
  5   * 
  6   * This file contains Original Code and/or Modifications of Original Code
  7   * as defined in and that are subject to the Apple Public Source License
  8   * Version 2.0 (the 'License'). You may not use this file except in
  9   * compliance with the License. Please obtain a copy of the License at
 10   * http://www.opensource.apple.com/apsl/ and read it before using this
 11   * file.
 12   * 
 13   * The Original Code and all software distributed under the License are
 14   * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 15   * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 16   * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 17   * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 18   * Please see the License for the specific language governing rights and
 19   * limitations under the License.
 20   * 
 21   * @APPLE_LICENSE_HEADER_END@
 22   */
 23  
 24  /*!
 25      @header SecItemServer
 26      The functions provided in SecItemServer.h provide an interface to
 27      the backend for SecItem APIs in the server.
 28  */
 29  
 30  #ifndef _SECURITYD_SECITEMSERVER_H_
 31  #define _SECURITYD_SECITEMSERVER_H_
 32  
 33  #include <CoreFoundation/CoreFoundation.h>
 34  #include "keychain/SecureObjectSync/SOSCircle.h"
 35  #include "keychain/securityd/SecDbQuery.h"
 36  #include "utilities/SecDb.h"
 37  #include <TargetConditionals.h>
 38  #include "sec/ipc/securityd_client.h"
 39  
 40  
 41  __BEGIN_DECLS
 42  
 43  bool _SecItemAdd(CFDictionaryRef attributes, SecurityClient *client, CFTypeRef *result, CFErrorRef *error);
 44  bool _SecItemCopyMatching(CFDictionaryRef query, SecurityClient *client, CFTypeRef *result, CFErrorRef *error);
 45  bool _SecItemUpdate(CFDictionaryRef query, CFDictionaryRef attributesToUpdate, SecurityClient *client, CFErrorRef *error);
 46  bool _SecItemDelete(CFDictionaryRef query, SecurityClient *client, CFErrorRef *error);
 47  bool _SecItemDeleteAll(CFErrorRef *error);
 48  bool _SecItemServerDeleteAllWithAccessGroups(CFArrayRef accessGroups, SecurityClient *client, CFErrorRef *error);
 49  
 50  bool _SecServerRestoreKeychain(CFErrorRef *error);
 51  bool _SecServerMigrateKeychain(int32_t handle_in, CFDataRef data_in, int32_t *handle_out, CFDataRef *data_out, CFErrorRef *error);
 52  CFDataRef _SecServerKeychainCreateBackup(SecurityClient *client, CFDataRef keybag, CFDataRef passcode, bool emcs, CFErrorRef *error);
 53  bool _SecServerKeychainRestore(CFDataRef backup, SecurityClient *client, CFDataRef keybag, CFDataRef passcode, CFErrorRef *error);
 54  CFStringRef _SecServerBackupCopyUUID(CFDataRef backup, CFErrorRef *error);
 55  
 56  bool _SecServerBackupKeybagAdd(SecurityClient *client, CFDataRef passcode, CFDataRef *identifier, CFDataRef *pathinfo, CFErrorRef *error);
 57  bool _SecServerBackupKeybagDelete(CFDictionaryRef attributes, bool deleteAll, CFErrorRef *error);
 58  
 59  bool _SecItemUpdateTokenItemsForAccessGroups(CFStringRef tokenID, CFArrayRef accessGroups, CFArrayRef items, SecurityClient *client, CFErrorRef *error);
 60  
 61  CF_RETURNS_RETAINED CFArrayRef _SecServerKeychainSyncUpdateMessage(CFDictionaryRef updates, CFErrorRef *error);
 62  CF_RETURNS_RETAINED CFDictionaryRef _SecServerBackupSyncable(CFDictionaryRef backup, CFDataRef keybag, CFDataRef password, CFErrorRef *error);
 63  
 64  int SecServerKeychainTakeOverBackupFD(CFStringRef backupName, CFErrorRef *error);
 65  
 66  bool _SecServerRestoreSyncable(CFDictionaryRef backup, CFDataRef keybag, CFDataRef password, CFErrorRef *error);
 67  
 68  #if TARGET_OS_IOS
 69  bool _SecServerTransmogrifyToSystemKeychain(SecurityClient *client, CFErrorRef *error);
 70  bool _SecServerTransmogrifyToSyncBubble(CFArrayRef services, uid_t uid, SecurityClient *client, CFErrorRef *error);
 71  bool _SecServerDeleteMUSERViews(SecurityClient *client, uid_t uid, CFErrorRef *error);
 72  #endif
 73  
 74  #if SHAREDWEBCREDENTIALS
 75  bool _SecAddSharedWebCredential(CFDictionaryRef attributes, SecurityClient *client, const audit_token_t *clientAuditToken, CFStringRef appID, CFArrayRef domains, CFTypeRef *result, CFErrorRef *error);
 76  bool _SecCopySharedWebCredential(CFDictionaryRef query, SecurityClient *client, const audit_token_t *clientAuditToken, CFStringRef appID, CFArrayRef domains, CFTypeRef *result, CFErrorRef *error);
 77  #endif /* SHAREDWEBCREDENTIALS */
 78  
 79  // Hack to log objects from inside SOS code
 80  void SecItemServerAppendItemDescription(CFMutableStringRef desc, CFDictionaryRef object);
 81  
 82  SecDbRef SecKeychainDbCreate(CFStringRef path, CFErrorRef* error);
 83  SecDbRef SecKeychainDbInitialize(SecDbRef db);
 84  
 85  bool kc_with_dbt(bool writeAndRead, CFErrorRef *error, bool (^perform)(SecDbConnectionRef dbt));
 86  bool kc_with_dbt_non_item_tables(bool writeAndRead, CFErrorRef* error, bool (^perform)(SecDbConnectionRef dbt)); // can be used when only tables which don't store 'items' are accessed - avoids invoking SecItemDataSourceFactoryGetDefault()
 87  bool kc_with_custom_db(bool writeAndRead, bool usesItemTables, SecDbRef db, CFErrorRef *error, bool (^perform)(SecDbConnectionRef dbt));
 88  
 89  
 90  
 91  /* For whitebox testing only */
 92  void SecKeychainDbForceClose(void);
 93  void SecKeychainDbReset(dispatch_block_t inbetween);
 94  
 95  SOSDataSourceFactoryRef SecItemDataSourceFactoryGetDefault(void);
 96  
 97  /* FIXME: there is a specific type for keybag handle (keybag_handle_t)
 98     but it's not defined for simulator so we just use an int32_t */
 99  void SecItemServerSetKeychainKeybag(int32_t keybag);
100  void SecItemServerResetKeychainKeybag(void);
101  
102  void SecItemServerSetKeychainChangedNotification(const char *notification_name);
103  
104  CFStringRef __SecKeychainCopyPath(void);
105  
106  bool _SecServerRollKeys(bool force, SecurityClient *client, CFErrorRef *error);
107  bool _SecServerRollKeysGlue(bool force, CFErrorRef *error);
108  
109  
110  /* initial sync */
111  #define SecServerInitialSyncCredentialFlagTLK                (1 << 0)
112  #define SecServerInitialSyncCredentialFlagPCS                (1 << 1)
113  #define SecServerInitialSyncCredentialFlagPCSNonCurrent      (1 << 2)
114  #define SecServerInitialSyncCredentialFlagBluetoothMigration (1 << 3)
115  
116  CFArrayRef _SecServerCopyInitialSyncCredentials(uint32_t flags, CFErrorRef *error);
117  bool _SecServerImportInitialSyncCredentials(CFArrayRef array, CFErrorRef *error);
118  
119  CF_RETURNS_RETAINED CFArrayRef _SecItemCopyParentCertificates(CFDataRef normalizedIssuer, CFArrayRef accessGroups, CFErrorRef *error);
120  bool _SecItemCertificateExists(CFDataRef normalizedIssuer, CFDataRef serialNumber, CFArrayRef accessGroups, CFErrorRef *error);
121  
122  bool SecKeychainDbGetVersion(SecDbConnectionRef dbt, int *version, CFErrorRef *error);
123  
124  
125  // Should all be blocks called from SecItemDb
126  bool match_item(SecDbConnectionRef dbt, Query *q, CFArrayRef accessGroups, CFDictionaryRef item);
127  bool accessGroupsAllows(CFArrayRef accessGroups, CFStringRef accessGroup, SecurityClient* client);
128  bool itemInAccessGroup(CFDictionaryRef item, CFArrayRef accessGroups);
129  void SecKeychainChanged(void);
130  
131  void deleteCorruptedItemAsync(SecDbConnectionRef dbt, CFStringRef tablename, sqlite_int64 rowid);
132  
133  __END_DECLS
134  
135  #endif /* _SECURITYD_SECITEMSERVER_H_ */