[apple/security.git] / sec / SOSCircle / CloudKeychainProxy / cloudkeychainproxy.m

/*
 * Copyright (c) 2012 Apple Computer, Inc. All Rights Reserved.
 * 
 * @APPLE_LICENSE_HEADER_START@
 * 
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this
 * file.
 * 
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 * 
 * @APPLE_LICENSE_HEADER_END@
 */

//
//  main.m
//  ckd-xpc
//
//  Created by John Hurley on 7/19/12.
//  Copyright (c) 2012 John Hurley. All rights reserved.
//

/*
    This XPC service is essentially just a proxy to iCloud KVS, which exists since
    the main security code cannot link against Foundation.
    
    See sendTSARequestWithXPC in tsaSupport.c for how to call the service
    
    send message to app with xpc_connection_send_message
    
    For now, build this with:
    
        ~rc/bin/buildit .  --rootsDirectory=/var/tmp -noverify -offline -target CloudKeychainProxy

    and install or upgrade with:
        
        darwinup install /var/tmp/sec.roots/sec~dst
        darwinup upgrade /var/tmp/sec.roots/sec~dst
 
    You must use darwinup during development to update system caches
*/

//------------------------------------------------------------------------------------------------

#include <AssertMacros.h>

#import <Foundation/Foundation.h>
#import <Security/Security.h>
#import <utilities/SecCFRelease.h>
#import <xpc/xpc.h>
#import <xpc/private.h>
#import <CoreFoundation/CFXPCBridge.h>
#import <sysexits.h>
#import <syslog.h>
#import <CommonCrypto/CommonDigest.h>
#include <utilities/SecXPCError.h>

#import "SOSCloudKeychainConstants.h"
#import "CKDKVSProxy.h"

void finalize_connection(void *not_used);
void handle_connection_event(const xpc_connection_t peer);
static void cloudkeychainproxy_peer_dictionary_handler(const xpc_connection_t peer, xpc_object_t event);

static bool operation_put_dictionary(xpc_object_t event);
static bool operation_get_v2(xpc_object_t event);

int ckdproxymain(int argc, const char *argv[]);

static void describeXPCObject(char *prefix, xpc_object_t object)
{
//#ifndef NDEBUG
    // This is useful for debugging.
    if (object)
    {
        char *desc = xpc_copy_description(object);
        secdebug(XPROXYSCOPE, "%s%s\n", prefix, desc);
        free(desc);
    }
    else
        secdebug(XPROXYSCOPE, "%s<NULL>\n", prefix);

//#endif
}

static void cloudkeychainproxy_peer_dictionary_handler(const xpc_connection_t peer, xpc_object_t event)
{
    bool result = false;
    int err = 0;
    
    require_action_string(xpc_get_type(event) == XPC_TYPE_DICTIONARY, xit, err = -51, "expected XPC_TYPE_DICTIONARY");

    const char *operation = xpc_dictionary_get_string(event, kMessageKeyOperation);
    require_action(operation, xit, result = false);
    
    // Check protocol version
    uint64_t version = xpc_dictionary_get_uint64(event, kMessageKeyVersion);
    secdebug(XPROXYSCOPE, "Reply version: %lld\n", version);
    require_action(version == kCKDXPCVersion, xit, result = false);

    // Operations
    secdebug(XPROXYSCOPE, "Handling %s operation", operation);

    if (operation && !strcmp(operation, kOperationPUTDictionary))
         operation_put_dictionary(event);
    else
    if (operation && !strcmp(operation, kOperationGETv2))
         operation_get_v2(event);
    else
    if (operation && !strcmp(operation, kOperationClearStore))
    {
        [[UbiqitousKVSProxy sharedKVSProxy] clearStore];
        xpc_object_t replyMessage = xpc_dictionary_create_reply(event);
        if (replyMessage)   // Caller wanted an ACK, so give one
        {
            xpc_dictionary_set_string(replyMessage, kMessageKeyValue, "ACK");
            xpc_connection_send_message(peer, replyMessage);
        }
    }
    else if (operation && !strcmp(operation, kOperationRemoveObjectForKey))
    {
        const char *keyToRemove = xpc_dictionary_get_string(event, kMessageKeyKey);
        [[UbiqitousKVSProxy sharedKVSProxy] removeObjectForKey:[NSString stringWithCString:keyToRemove encoding:NSUTF8StringEncoding]];
        xpc_object_t replyMessage = xpc_dictionary_create_reply(event);
        if (replyMessage)   // Caller wanted an ACK, so give one
        {
            xpc_dictionary_set_string(replyMessage, kMessageKeyValue, "ACK");
            xpc_connection_send_message(peer, replyMessage);
        }
    }
    else if (operation && !strcmp(operation, kOperationSynchronize))
    {
        [[UbiqitousKVSProxy sharedKVSProxy] requestSynchronization:YES];
        xpc_object_t replyMessage = xpc_dictionary_create_reply(event);
        if (replyMessage)   // Caller wanted an ACK, so give one
        {
            xpc_dictionary_set_string(replyMessage, kMessageKeyValue, "ACK");
            xpc_connection_send_message(peer, replyMessage);
        }
    }
    else if (operation && !strcmp(operation, kOperationSynchronizeAndWait))
    {
        xpc_object_t xkeysToGetDict = xpc_dictionary_get_value(event, kMessageKeyValue);
        xpc_object_t replyMessage = xpc_dictionary_create_reply(event);
        xpc_object_t xkeys = xpc_dictionary_get_value(xkeysToGetDict, kMessageKeyKeysToGet);
        NSArray *keysToGet = (__bridge NSArray *)(_CFXPCCreateCFObjectFromXPCObject(xkeys));
        [[UbiqitousKVSProxy sharedKVSProxy] waitForSynchronization:keysToGet
            handler:^(NSDictionary *values, NSError *err) {
                if (replyMessage)   // Caller wanted an ACK, so give one
                {
                    secdebug("keytrace", "Result from [[UbiqitousKVSProxy sharedKVSProxy] waitForSynchronization:]: %@", err);
                    xpc_object_t xobject = values ? _CFXPCCreateXPCObjectFromCFObject((__bridge CFTypeRef)(values)) : xpc_null_create();
                    xpc_dictionary_set_value(replyMessage, kMessageKeyValue, xobject);
                    if (err)
                    {
                        xpc_object_t xerrobj = SecCreateXPCObjectWithCFError((CFErrorRef)CFBridgingRetain(err));
                        xpc_dictionary_set_value(replyMessage, kMessageKeyError, xerrobj);
                        CFReleaseSafe((__bridge CFTypeRef)(err));
                    }
                    xpc_connection_send_message(peer, replyMessage);
                }
        }];
        CFReleaseSafe((__bridge CFTypeRef)(keysToGet));
    }
    else if (operation && !strcmp(operation, kOperationRegisterKeysAndGet))
    {
        xpc_object_t xkeysToRegisterDict = xpc_dictionary_get_value(event, kMessageKeyValue);
//        describeXPCObject("xkeysToRegister: ", xkeysToRegisterDict);
        // KTR = keysToRegister
        bool getNewKeysOnly = xpc_dictionary_get_bool(xkeysToRegisterDict, kMessageKeyGetNewKeysOnly);
        xpc_object_t xKTRallkeys = xpc_dictionary_get_value(xkeysToRegisterDict, kMessageKeyKeysToGet);
        xpc_object_t xKTRrequiresFirstUnlock = xpc_dictionary_get_value(xkeysToRegisterDict, kMessageKeyKeysRequireFirstUnlock);
        xpc_object_t xKTRrequiresUnlock = xpc_dictionary_get_value(xkeysToRegisterDict, kMessageKeyKeysRequiresUnlocked);

        NSArray *KTRallkeys = (__bridge NSArray *)(_CFXPCCreateCFObjectFromXPCObject(xKTRallkeys));
        NSArray *KTRrequiresFirstUnlock = (__bridge NSArray *)(_CFXPCCreateCFObjectFromXPCObject(xKTRrequiresFirstUnlock));
        NSArray *KTRrequiresUnlock = (__bridge NSArray *)(_CFXPCCreateCFObjectFromXPCObject(xKTRrequiresUnlock));

        id object = [[UbiqitousKVSProxy sharedKVSProxy] registerKeysAndGet:getNewKeysOnly always:KTRallkeys reqFirstUnlock:KTRrequiresFirstUnlock reqUnlocked:KTRrequiresUnlock];
        
        CFReleaseSafe((__bridge CFTypeRef)(KTRallkeys));
        CFReleaseSafe((__bridge CFTypeRef)(KTRrequiresFirstUnlock));
        CFReleaseSafe((__bridge CFTypeRef)(KTRrequiresUnlock));

        secdebug("keytrace", "Result from [[UbiqitousKVSProxy sharedKVSProxy] registerKeysAndGet:]: %@", object);
        
        xpc_object_t xobject = object ? _CFXPCCreateXPCObjectFromCFObject((__bridge CFTypeRef)(object)) : xpc_null_create();
               
        xpc_object_t replyMessage = xpc_dictionary_create_reply(event);
        xpc_dictionary_set_value(replyMessage, kMessageKeyValue, xobject);
        xpc_connection_send_message(peer, replyMessage);
        secdebug(XPROXYSCOPE, "RegisterKeysAndGet message sent");
    }
    else if (operation && !strcmp(operation, kOperationUILocalNotification))
    {
        xpc_object_t xLocalNotificationDict = xpc_dictionary_get_value(event, kMessageKeyValue);
//        describeXPCObject("xLocalNotificationDict: ", xLocalNotificationDict);
        NSDictionary *localNotificationDict = (__bridge NSDictionary *)(_CFXPCCreateCFObjectFromXPCObject(xLocalNotificationDict));
        int64_t outFlags = 0;
        id object = [[UbiqitousKVSProxy sharedKVSProxy] localNotification:localNotificationDict outFlags:&outFlags];
        secdebug(XPROXYSCOPE, "Result from [[UbiqitousKVSProxy sharedKVSProxy] localNotification:]: %@", object);
        xpc_object_t xobject = object ? _CFXPCCreateXPCObjectFromCFObject((__bridge CFTypeRef)(object)) : xpc_null_create();
        xpc_object_t replyMessage = xpc_dictionary_create_reply(event);
        xpc_dictionary_set_int64(xobject, kMessageKeyNotificationFlags, outFlags);
        xpc_dictionary_set_value(replyMessage, kMessageKeyValue, xobject);
        xpc_connection_send_message(peer, replyMessage);
        secdebug(XPROXYSCOPE, "localNotification reply sent");
        CFReleaseSafe((__bridge CFTypeRef)(localNotificationDict));
    }
    else if (operation && !strcmp(operation, kOperationSetParams))
    {
        xpc_object_t xParamsDict = xpc_dictionary_get_value(event, kMessageKeyValue);
        NSDictionary *paramsDict = (__bridge NSDictionary *)(_CFXPCCreateCFObjectFromXPCObject(xParamsDict));
        [[UbiqitousKVSProxy sharedKVSProxy] setParams:paramsDict];
        xpc_object_t replyMessage = xpc_dictionary_create_reply(event);
        if (replyMessage)   // Caller wanted an ACK, so give one
        {
            xpc_dictionary_set_string(replyMessage, kMessageKeyValue, "ACK");
            xpc_connection_send_message(peer, replyMessage);
        }
        secdebug(XPROXYSCOPE, "setParams reply sent");
        CFReleaseSafe((__bridge CFTypeRef)(paramsDict));
    }
    else if (operation && !strcmp(operation, kOperationRequestSyncWithAllPeers))
    {
        [[UbiqitousKVSProxy sharedKVSProxy] requestSyncWithAllPeers];
        xpc_object_t replyMessage = xpc_dictionary_create_reply(event);
        if (replyMessage)   // Caller wanted an ACK, so give one
        {
            xpc_dictionary_set_string(replyMessage, kMessageKeyValue, "ACK");
            xpc_connection_send_message(peer, replyMessage);
        }
        secdebug(XPROXYSCOPE, "RequestSyncWithAllPeers reply sent");
    }
    else
    {
        char *description = xpc_copy_description(event);
        secdebug(XPROXYSCOPE, "Unknown op=%s request from pid %d: %s", operation, xpc_connection_get_pid(peer), description);
        free(description);
    }
    result = true;
xit:
    if (!result)
        describeXPCObject("handle_operation fail: ", event);
}

void finalize_connection(void *not_used)
{
    secdebug(XPROXYSCOPE, "finalize_connection");
    [[UbiqitousKVSProxy sharedKVSProxy] requestSynchronization:YES];
	xpc_transaction_end();
}

static bool operation_put_dictionary(xpc_object_t event)
{
    // PUT a set of objects into the KVS store. Return false if error

    describeXPCObject("operation_put_dictionary event: ", event);
    xpc_object_t xvalue = xpc_dictionary_get_value(event, kMessageKeyValue);
    if (!xvalue)
        return false;

    CFTypeRef cfvalue = _CFXPCCreateCFObjectFromXPCObject(xvalue);
    if (cfvalue && (CFGetTypeID(cfvalue)==CFDictionaryGetTypeID()))
    {
        [[UbiqitousKVSProxy sharedKVSProxy] setObjectsFromDictionary:(__bridge NSDictionary *)cfvalue];
        CFReleaseSafe(cfvalue);
        return true;
    }
    else{
        describeXPCObject("operation_put_dictionary unable to convert to CF: ", xvalue);
        CFReleaseSafe(cfvalue);
    }
    return false;
}

static bool operation_get_v2(xpc_object_t event)
{
    // GET a set of objects from the KVS store. Return false if error    
    describeXPCObject("operation_get_v2 event: ", event);
    xpc_connection_t peer = xpc_dictionary_get_remote_connection(event);
    describeXPCObject("operation_get_v2: peer: ", peer);

    xpc_object_t replyMessage = xpc_dictionary_create_reply(event);
    if (!replyMessage)
    {
        secdebug(XPROXYSCOPE, "can't create replyMessage");
        assert(true);   //must have a reply handler
        return false;
    }
    xpc_object_t returnedValues = xpc_dictionary_create(NULL, NULL, 0);
    if (!returnedValues)
    {
        secdebug(XPROXYSCOPE, "can't create returnedValues");
        assert(true);   // must have a spot for the returned values
        return false;
    }

    xpc_object_t xvalue = xpc_dictionary_get_value(event, kMessageKeyValue);
    if (!xvalue)
    {
        secdebug(XPROXYSCOPE, "missing \"value\" key");
        return false;
    }
    
    xpc_object_t xkeystoget = xpc_dictionary_get_value(xvalue, kMessageKeyKeysToGet);
    if (xkeystoget)
    {
        secdebug(XPROXYSCOPE, "got xkeystoget");
        CFTypeRef keystoget = _CFXPCCreateCFObjectFromXPCObject(xkeystoget);
        if (!keystoget || (CFGetTypeID(keystoget)!=CFArrayGetTypeID()))     // not "getAll", this is an error of some kind
        {
            secdebug(XPROXYSCOPE, "can't convert keystoget or is not an array");
            CFReleaseSafe(keystoget);
            return false;
        }
        
        [(__bridge NSArray *)keystoget enumerateObjectsUsingBlock: ^ (id obj, NSUInteger idx, BOOL *stop)
        {
            NSString *key = (NSString *)obj;
            id object = [[UbiqitousKVSProxy sharedKVSProxy] get:key];
            secdebug(XPROXYSCOPE, "[UbiqitousKVSProxy sharedKVSProxy] get: key: %@, object: %@", key, object);
            xpc_object_t xobject = object ? _CFXPCCreateXPCObjectFromCFObject((__bridge CFTypeRef)object) : xpc_null_create();
            xpc_dictionary_set_value(returnedValues, [key UTF8String], xobject);
            describeXPCObject("operation_get_v2: value from kvs: ", xobject);
        }];
    }
    else    // get all values from kvs
    {
        secdebug(XPROXYSCOPE, "get all values from kvs");
        NSDictionary *all = [[UbiqitousKVSProxy sharedKVSProxy] getAll];
        [all enumerateKeysAndObjectsUsingBlock: ^ (id key, id obj, BOOL *stop)
        {
            xpc_object_t xobject = obj ? _CFXPCCreateXPCObjectFromCFObject((__bridge CFTypeRef)obj) : xpc_null_create();
            xpc_dictionary_set_value(returnedValues, [(NSString *)key UTF8String], xobject);
        }];
    }

    xpc_dictionary_set_uint64(replyMessage, kMessageKeyVersion, kCKDXPCVersion);
    xpc_dictionary_set_value(replyMessage, kMessageKeyValue, returnedValues);
    xpc_connection_send_message(peer, replyMessage);

    return true;
}

static void initializeProxyObjectWithConnection(const xpc_connection_t connection)
{
    [[UbiqitousKVSProxy sharedKVSProxy] setItemsChangedBlock:^(CFDictionaryRef values)
        {
            secdebug(XPROXYSCOPE, "UbiqitousKVSProxy called back");
            xpc_object_t xobj = _CFXPCCreateXPCObjectFromCFObject(values);
            xpc_object_t message = xpc_dictionary_create(NULL, NULL, 0);
            xpc_dictionary_set_uint64(message, kMessageKeyVersion, kCKDXPCVersion);
            xpc_dictionary_set_string(message, kMessageKeyOperation, kMessageOperationItemChanged);
            xpc_dictionary_set_value(message, kMessageKeyValue, xobj?xobj:xpc_null_create());
            xpc_connection_send_message(connection, message);  // Send message; don't wait for a reply
        }];
}

static void cloudkeychainproxy_peer_event_handler(xpc_connection_t peer, xpc_object_t event) 
{
    describeXPCObject("peer: ", peer);
	xpc_type_t type = xpc_get_type(event);
	if (type == XPC_TYPE_ERROR) {
		if (event == XPC_ERROR_CONNECTION_INVALID) {
			// The client process on the other end of the connection has either
			// crashed or cancelled the connection. After receiving this error,
			// the connection is in an invalid state, and you do not need to
			// call xpc_connection_cancel(). Just tear down any associated state
			// here.
		} else if (event == XPC_ERROR_TERMINATION_IMMINENT) {
			// Handle per-connection termination cleanup.
		}
	} else {
		assert(type == XPC_TYPE_DICTIONARY);
		// Handle the message.
    //    describeXPCObject("dictionary:", event);
        cloudkeychainproxy_peer_dictionary_handler(peer, event);
	}
}

static void cloudkeychainproxy_event_handler(xpc_connection_t peer)
{
	// By defaults, new connections will target the default dispatch
	// concurrent queue.

    if (xpc_get_type(peer) != XPC_TYPE_CONNECTION)
    {
        secdebug(XPROXYSCOPE, "expected XPC_TYPE_CONNECTION");
        return;
    }
    initializeProxyObjectWithConnection(peer);
	xpc_connection_set_event_handler(peer, ^(xpc_object_t event)
    {
        cloudkeychainproxy_peer_event_handler(peer, event);
	});
	
	// This will tell the connection to begin listening for events. If you
	// have some other initialization that must be done asynchronously, then
	// you can defer this call until after that initialization is done.
	xpc_connection_resume(peer);
}

static void diagnostics(int argc, const char *argv[])
{
    @autoreleasepool
    {
        NSDictionary *all = [[UbiqitousKVSProxy sharedKVSProxy] getAll];
        NSLog(@"All: %@",all);
    }
}

int ckdproxymain(int argc, const char *argv[])
{
    secdebug(XPROXYSCOPE, "Starting CloudKeychainProxy");
    char *wait4debugger = getenv("WAIT4DEBUGGER");
    if (wait4debugger && !strcasecmp("YES", wait4debugger))
    {
        syslog(LOG_ERR, "Waiting for debugger");
        kill(getpid(), SIGSTOP);
    }

    if (argc > 1) {
        diagnostics(argc, argv);
        return 0;
    }
    
#if !TARGET_IPHONE_SIMULATOR    
    xpc_track_activity();   // sets us up for idle timeout handling
#endif

    // DISPATCH_TARGET_QUEUE_DEFAULT
	xpc_connection_t listener = xpc_connection_create_mach_service(xpcServiceName, NULL, XPC_CONNECTION_MACH_SERVICE_LISTENER);
	xpc_connection_set_event_handler(listener, ^(xpc_object_t object){ cloudkeychainproxy_event_handler(object); });

    [UbiqitousKVSProxy sharedKVSProxy];

    // It looks to me like there is insufficient locking to allow a request to come in on the XPC connection while doing the initial all items.
    // Therefore I'm leaving the XPC connection suspended until that has time to process.
	xpc_connection_resume(listener);

    @autoreleasepool
    {
        secdebug(XPROXYSCOPE, "Starting mainRunLoop");
        NSRunLoop *runLoop = [NSRunLoop mainRunLoop];
        [runLoop run];
    }

    secdebug(XPROXYSCOPE, "Exiting CloudKeychainProxy");

    return EXIT_FAILURE;
}
Commit	Line	Data
427c49bc A	1	/*
	2	* Copyright (c) 2012 Apple Computer, Inc. All Rights Reserved.
	3	*
	4	* @APPLE_LICENSE_HEADER_START@
	5	*
	6	* This file contains Original Code and/or Modifications of Original Code
	7	* as defined in and that are subject to the Apple Public Source License
	8	* Version 2.0 (the 'License'). You may not use this file except in
	9	* compliance with the License. Please obtain a copy of the License at
	10	* http://www.opensource.apple.com/apsl/ and read it before using this
	11	* file.
	12	*
	13	* The Original Code and all software distributed under the License are
	14	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
	15	* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
	16	* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
	17	* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
	18	* Please see the License for the specific language governing rights and
	19	* limitations under the License.
	20	*
	21	* @APPLE_LICENSE_HEADER_END@
	22	*/
	23
	24	//
	25	// main.m
	26	// ckd-xpc
	27	//
	28	// Created by John Hurley on 7/19/12.
	29	// Copyright (c) 2012 John Hurley. All rights reserved.
	30	//
	31
	32	/*
	33	This XPC service is essentially just a proxy to iCloud KVS, which exists since
	34	the main security code cannot link against Foundation.
	35
	36	See sendTSARequestWithXPC in tsaSupport.c for how to call the service
	37
	38	send message to app with xpc_connection_send_message
	39
	40	For now, build this with:
	41
	42	~rc/bin/buildit . --rootsDirectory=/var/tmp -noverify -offline -target CloudKeychainProxy
	43
	44	and install or upgrade with:
	45
	46	darwinup install /var/tmp/sec.roots/sec~dst
	47	darwinup upgrade /var/tmp/sec.roots/sec~dst
	48
	49	You must use darwinup during development to update system caches
	50	*/
	51
	52	//------------------------------------------------------------------------------------------------
	53
	54	#include <AssertMacros.h>
	55
	56	#import <Foundation/Foundation.h>
	57	#import <Security/Security.h>
	58	#import <utilities/SecCFRelease.h>
	59	#import <xpc/xpc.h>
	60	#import <xpc/private.h>
	61	#import <CoreFoundation/CFXPCBridge.h>
	62	#import <sysexits.h>
	63	#import <syslog.h>
	64	#import <CommonCrypto/CommonDigest.h>
65	#include <utilities/SecXPCError.h>
66
67	#import "SOSCloudKeychainConstants.h"
68	#import "CKDKVSProxy.h"
69
70	void finalize_connection(void *not_used);
71	void handle_connection_event(const xpc_connection_t peer);
72	static void cloudkeychainproxy_peer_dictionary_handler(const xpc_connection_t peer, xpc_object_t event);
73
74	static bool operation_put_dictionary(xpc_object_t event);
75	static bool operation_get_v2(xpc_object_t event);
76
77	int ckdproxymain(int argc, const char *argv[]);
78
79	static void describeXPCObject(char *prefix, xpc_object_t object)
80	{
81	//#ifndef NDEBUG
82	// This is useful for debugging.
83	if (object)
84	{
85	char *desc = xpc_copy_description(object);
86	secdebug(XPROXYSCOPE, "%s%s\n", prefix, desc);
87	free(desc);
88	}
89	else
90	secdebug(XPROXYSCOPE, "%s<NULL>\n", prefix);
91
92	//#endif
93	}
94
95	static void cloudkeychainproxy_peer_dictionary_handler(const xpc_connection_t peer, xpc_object_t event)
96	{
97	bool result = false;
98	int err = 0;
99
100	require_action_string(xpc_get_type(event) == XPC_TYPE_DICTIONARY, xit, err = -51, "expected XPC_TYPE_DICTIONARY");
101
102	const char *operation = xpc_dictionary_get_string(event, kMessageKeyOperation);
103	require_action(operation, xit, result = false);
104
105	// Check protocol version
106	uint64_t version = xpc_dictionary_get_uint64(event, kMessageKeyVersion);
107	secdebug(XPROXYSCOPE, "Reply version: %lld\n", version);
108	require_action(version == kCKDXPCVersion, xit, result = false);
109
110	// Operations
111	secdebug(XPROXYSCOPE, "Handling %s operation", operation);
112
113	if (operation && !strcmp(operation, kOperationPUTDictionary))
114	operation_put_dictionary(event);
115	else
116	if (operation && !strcmp(operation, kOperationGETv2))
117	operation_get_v2(event);
118	else
119	if (operation && !strcmp(operation, kOperationClearStore))
120	{
121	[[UbiqitousKVSProxy sharedKVSProxy] clearStore];
122	xpc_object_t replyMessage = xpc_dictionary_create_reply(event);
123	if (replyMessage) // Caller wanted an ACK, so give one
124	{
125	xpc_dictionary_set_string(replyMessage, kMessageKeyValue, "ACK");
126	xpc_connection_send_message(peer, replyMessage);
127	}
128	}
129	else if (operation && !strcmp(operation, kOperationRemoveObjectForKey))
130	{
131	const char *keyToRemove = xpc_dictionary_get_string(event, kMessageKeyKey);
132	[[UbiqitousKVSProxy sharedKVSProxy] removeObjectForKey:[NSString stringWithCString:keyToRemove encoding:NSUTF8StringEncoding]];
133	xpc_object_t replyMessage = xpc_dictionary_create_reply(event);
134	if (replyMessage) // Caller wanted an ACK, so give one
135	{
136	xpc_dictionary_set_string(replyMessage, kMessageKeyValue, "ACK");
137	xpc_connection_send_message(peer, replyMessage);
138	}
139	}
140	else if (operation && !strcmp(operation, kOperationSynchronize))
141	{
142	[[UbiqitousKVSProxy sharedKVSProxy] requestSynchronization:YES];
143	xpc_object_t replyMessage = xpc_dictionary_create_reply(event);
144	if (replyMessage) // Caller wanted an ACK, so give one
145	{
146	xpc_dictionary_set_string(replyMessage, kMessageKeyValue, "ACK");
147	xpc_connection_send_message(peer, replyMessage);
148	}
149	}
150	else if (operation && !strcmp(operation, kOperationSynchronizeAndWait))
151	{
152	xpc_object_t xkeysToGetDict = xpc_dictionary_get_value(event, kMessageKeyValue);
153	xpc_object_t replyMessage = xpc_dictionary_create_reply(event);
154	xpc_object_t xkeys = xpc_dictionary_get_value(xkeysToGetDict, kMessageKeyKeysToGet);
155	NSArray keysToGet = (__bridge NSArray )(_CFXPCCreateCFObjectFromXPCObject(xkeys));
156	[[UbiqitousKVSProxy sharedKVSProxy] waitForSynchronization:keysToGet
157	handler:^(NSDictionary values, NSError err) {
158	if (replyMessage) // Caller wanted an ACK, so give one
159	{
160	secdebug("keytrace", "Result from [[UbiqitousKVSProxy sharedKVSProxy] waitForSynchronization:]: %@", err);
161	xpc_object_t xobject = values ? _CFXPCCreateXPCObjectFromCFObject((__bridge CFTypeRef)(values)) : xpc_null_create();
162	xpc_dictionary_set_value(replyMessage, kMessageKeyValue, xobject);
163	if (err)
164	{
165	xpc_object_t xerrobj = SecCreateXPCObjectWithCFError((CFErrorRef)CFBridgingRetain(err));
166	xpc_dictionary_set_value(replyMessage, kMessageKeyError, xerrobj);
167	CFReleaseSafe((__bridge CFTypeRef)(err));
168	}
169	xpc_connection_send_message(peer, replyMessage);
170	}
171	}];
172	CFReleaseSafe((__bridge CFTypeRef)(keysToGet));
173	}
174	else if (operation && !strcmp(operation, kOperationRegisterKeysAndGet))
175	{
176	xpc_object_t xkeysToRegisterDict = xpc_dictionary_get_value(event, kMessageKeyValue);
177	// describeXPCObject("xkeysToRegister: ", xkeysToRegisterDict);
178	// KTR = keysToRegister
179	bool getNewKeysOnly = xpc_dictionary_get_bool(xkeysToRegisterDict, kMessageKeyGetNewKeysOnly);
180	xpc_object_t xKTRallkeys = xpc_dictionary_get_value(xkeysToRegisterDict, kMessageKeyKeysToGet);
181	xpc_object_t xKTRrequiresFirstUnlock = xpc_dictionary_get_value(xkeysToRegisterDict, kMessageKeyKeysRequireFirstUnlock);
182	xpc_object_t xKTRrequiresUnlock = xpc_dictionary_get_value(xkeysToRegisterDict, kMessageKeyKeysRequiresUnlocked);
183
184	NSArray KTRallkeys = (__bridge NSArray )(_CFXPCCreateCFObjectFromXPCObject(xKTRallkeys));
185	NSArray KTRrequiresFirstUnlock = (__bridge NSArray )(_CFXPCCreateCFObjectFromXPCObject(xKTRrequiresFirstUnlock));
186	NSArray KTRrequiresUnlock = (__bridge NSArray )(_CFXPCCreateCFObjectFromXPCObject(xKTRrequiresUnlock));
187
188	id object = [[UbiqitousKVSProxy sharedKVSProxy] registerKeysAndGet:getNewKeysOnly always:KTRallkeys reqFirstUnlock:KTRrequiresFirstUnlock reqUnlocked:KTRrequiresUnlock];
189
190	CFReleaseSafe((__bridge CFTypeRef)(KTRallkeys));
191	CFReleaseSafe((__bridge CFTypeRef)(KTRrequiresFirstUnlock));
192	CFReleaseSafe((__bridge CFTypeRef)(KTRrequiresUnlock));
193
194	secdebug("keytrace", "Result from [[UbiqitousKVSProxy sharedKVSProxy] registerKeysAndGet:]: %@", object);
195
196	xpc_object_t xobject = object ? _CFXPCCreateXPCObjectFromCFObject((__bridge CFTypeRef)(object)) : xpc_null_create();
197
198	xpc_object_t replyMessage = xpc_dictionary_create_reply(event);
199	xpc_dictionary_set_value(replyMessage, kMessageKeyValue, xobject);
200	xpc_connection_send_message(peer, replyMessage);
201	secdebug(XPROXYSCOPE, "RegisterKeysAndGet message sent");
202	}
203	else if (operation && !strcmp(operation, kOperationUILocalNotification))
204	{
205	xpc_object_t xLocalNotificationDict = xpc_dictionary_get_value(event, kMessageKeyValue);
206	// describeXPCObject("xLocalNotificationDict: ", xLocalNotificationDict);
207	NSDictionary localNotificationDict = (__bridge NSDictionary )(_CFXPCCreateCFObjectFromXPCObject(xLocalNotificationDict));
208	int64_t outFlags = 0;
209	id object = [[UbiqitousKVSProxy sharedKVSProxy] localNotification:localNotificationDict outFlags:&outFlags];
210	secdebug(XPROXYSCOPE, "Result from [[UbiqitousKVSProxy sharedKVSProxy] localNotification:]: %@", object);
211	xpc_object_t xobject = object ? _CFXPCCreateXPCObjectFromCFObject((__bridge CFTypeRef)(object)) : xpc_null_create();
212	xpc_object_t replyMessage = xpc_dictionary_create_reply(event);
213	xpc_dictionary_set_int64(xobject, kMessageKeyNotificationFlags, outFlags);
214	xpc_dictionary_set_value(replyMessage, kMessageKeyValue, xobject);
215	xpc_connection_send_message(peer, replyMessage);
216	secdebug(XPROXYSCOPE, "localNotification reply sent");
217	CFReleaseSafe((__bridge CFTypeRef)(localNotificationDict));
218	}
219	else if (operation && !strcmp(operation, kOperationSetParams))
220	{
221	xpc_object_t xParamsDict = xpc_dictionary_get_value(event, kMessageKeyValue);
222	NSDictionary paramsDict = (__bridge NSDictionary )(_CFXPCCreateCFObjectFromXPCObject(xParamsDict));
223	[[UbiqitousKVSProxy sharedKVSProxy] setParams:paramsDict];
224	xpc_object_t replyMessage = xpc_dictionary_create_reply(event);
225	if (replyMessage) // Caller wanted an ACK, so give one
226	{
227	xpc_dictionary_set_string(replyMessage, kMessageKeyValue, "ACK");
228	xpc_connection_send_message(peer, replyMessage);
229	}
230	secdebug(XPROXYSCOPE, "setParams reply sent");
231	CFReleaseSafe((__bridge CFTypeRef)(paramsDict));
232	}
233	else if (operation && !strcmp(operation, kOperationRequestSyncWithAllPeers))
234	{
235	[[UbiqitousKVSProxy sharedKVSProxy] requestSyncWithAllPeers];
236	xpc_object_t replyMessage = xpc_dictionary_create_reply(event);
237	if (replyMessage) // Caller wanted an ACK, so give one
238	{
239	xpc_dictionary_set_string(replyMessage, kMessageKeyValue, "ACK");
240	xpc_connection_send_message(peer, replyMessage);
241	}
242	secdebug(XPROXYSCOPE, "RequestSyncWithAllPeers reply sent");
243	}
244	else
245	{
246	char *description = xpc_copy_description(event);
247	secdebug(XPROXYSCOPE, "Unknown op=%s request from pid %d: %s", operation, xpc_connection_get_pid(peer), description);
248	free(description);
249	}
250	result = true;
251	xit:
252	if (!result)
253	describeXPCObject("handle_operation fail: ", event);
254	}
255
256	void finalize_connection(void *not_used)
257	{
258	secdebug(XPROXYSCOPE, "finalize_connection");
259	[[UbiqitousKVSProxy sharedKVSProxy] requestSynchronization:YES];
260	xpc_transaction_end();
261	}
262
263	static bool operation_put_dictionary(xpc_object_t event)
264	{
265	// PUT a set of objects into the KVS store. Return false if error
266
267	describeXPCObject("operation_put_dictionary event: ", event);
268	xpc_object_t xvalue = xpc_dictionary_get_value(event, kMessageKeyValue);
269	if (!xvalue)
270	return false;
271
272	CFTypeRef cfvalue = _CFXPCCreateCFObjectFromXPCObject(xvalue);
273	if (cfvalue && (CFGetTypeID(cfvalue)==CFDictionaryGetTypeID()))
274	{
275	[[UbiqitousKVSProxy sharedKVSProxy] setObjectsFromDictionary:(__bridge NSDictionary *)cfvalue];
276	CFReleaseSafe(cfvalue);
277	return true;
278	}
279	else{
280	describeXPCObject("operation_put_dictionary unable to convert to CF: ", xvalue);
281	CFReleaseSafe(cfvalue);
282	}
283	return false;
284	}
285
286	static bool operation_get_v2(xpc_object_t event)
287	{
288	// GET a set of objects from the KVS store. Return false if error
289	describeXPCObject("operation_get_v2 event: ", event);
290	xpc_connection_t peer = xpc_dictionary_get_remote_connection(event);
291	describeXPCObject("operation_get_v2: peer: ", peer);
292
293	xpc_object_t replyMessage = xpc_dictionary_create_reply(event);
294	if (!replyMessage)
295	{
296	secdebug(XPROXYSCOPE, "can't create replyMessage");
297	assert(true); //must have a reply handler
298	return false;
299	}
300	xpc_object_t returnedValues = xpc_dictionary_create(NULL, NULL, 0);
301	if (!returnedValues)
302	{
303	secdebug(XPROXYSCOPE, "can't create returnedValues");
304	assert(true); // must have a spot for the returned values
305	return false;
306	}
307
308	xpc_object_t xvalue = xpc_dictionary_get_value(event, kMessageKeyValue);
309	if (!xvalue)
310	{
311	secdebug(XPROXYSCOPE, "missing \"value\" key");
312	return false;
313	}
314
315	xpc_object_t xkeystoget = xpc_dictionary_get_value(xvalue, kMessageKeyKeysToGet);
316	if (xkeystoget)
317	{
318	secdebug(XPROXYSCOPE, "got xkeystoget");
319	CFTypeRef keystoget = _CFXPCCreateCFObjectFromXPCObject(xkeystoget);
320	if (!keystoget \|\| (CFGetTypeID(keystoget)!=CFArrayGetTypeID())) // not "getAll", this is an error of some kind
321	{
322	secdebug(XPROXYSCOPE, "can't convert keystoget or is not an array");
323	CFReleaseSafe(keystoget);
324	return false;
325	}
326
327	[(__bridge NSArray )keystoget enumerateObjectsUsingBlock: ^ (id obj, NSUInteger idx, BOOL stop)
328	{
329	NSString key = (NSString )obj;
330	id object = [[UbiqitousKVSProxy sharedKVSProxy] get:key];
331	secdebug(XPROXYSCOPE, "[UbiqitousKVSProxy sharedKVSProxy] get: key: %@, object: %@", key, object);
332	xpc_object_t xobject = object ? _CFXPCCreateXPCObjectFromCFObject((__bridge CFTypeRef)object) : xpc_null_create();
333	xpc_dictionary_set_value(returnedValues, [key UTF8String], xobject);
334	describeXPCObject("operation_get_v2: value from kvs: ", xobject);
335	}];
336	}
337	else // get all values from kvs
338	{
339	secdebug(XPROXYSCOPE, "get all values from kvs");
340	NSDictionary *all = [[UbiqitousKVSProxy sharedKVSProxy] getAll];
341	[all enumerateKeysAndObjectsUsingBlock: ^ (id key, id obj, BOOL *stop)
342	{
343	xpc_object_t xobject = obj ? _CFXPCCreateXPCObjectFromCFObject((__bridge CFTypeRef)obj) : xpc_null_create();
344	xpc_dictionary_set_value(returnedValues, [(NSString *)key UTF8String], xobject);
345	}];
346	}
347
348	xpc_dictionary_set_uint64(replyMessage, kMessageKeyVersion, kCKDXPCVersion);
349	xpc_dictionary_set_value(replyMessage, kMessageKeyValue, returnedValues);
350	xpc_connection_send_message(peer, replyMessage);
351
352	return true;
353	}
354
355	static void initializeProxyObjectWithConnection(const xpc_connection_t connection)
356	{
357	[[UbiqitousKVSProxy sharedKVSProxy] setItemsChangedBlock:^(CFDictionaryRef values)
358	{
359	secdebug(XPROXYSCOPE, "UbiqitousKVSProxy called back");
360	xpc_object_t xobj = _CFXPCCreateXPCObjectFromCFObject(values);
361	xpc_object_t message = xpc_dictionary_create(NULL, NULL, 0);
362	xpc_dictionary_set_uint64(message, kMessageKeyVersion, kCKDXPCVersion);
363	xpc_dictionary_set_string(message, kMessageKeyOperation, kMessageOperationItemChanged);
364	xpc_dictionary_set_value(message, kMessageKeyValue, xobj?xobj:xpc_null_create());
365	xpc_connection_send_message(connection, message); // Send message; don't wait for a reply
366	}];
367	}
368
369	static void cloudkeychainproxy_peer_event_handler(xpc_connection_t peer, xpc_object_t event)
370	{
371	describeXPCObject("peer: ", peer);
372	xpc_type_t type = xpc_get_type(event);
373	if (type == XPC_TYPE_ERROR) {
374	if (event == XPC_ERROR_CONNECTION_INVALID) {
375	// The client process on the other end of the connection has either
376	// crashed or cancelled the connection. After receiving this error,
377	// the connection is in an invalid state, and you do not need to
378	// call xpc_connection_cancel(). Just tear down any associated state
379	// here.
380	} else if (event == XPC_ERROR_TERMINATION_IMMINENT) {
381	// Handle per-connection termination cleanup.
382	}
383	} else {
384	assert(type == XPC_TYPE_DICTIONARY);
385	// Handle the message.
386	// describeXPCObject("dictionary:", event);
387	cloudkeychainproxy_peer_dictionary_handler(peer, event);
388	}
389	}
390
391	static void cloudkeychainproxy_event_handler(xpc_connection_t peer)
392	{
393	// By defaults, new connections will target the default dispatch
394	// concurrent queue.
395
396	if (xpc_get_type(peer) != XPC_TYPE_CONNECTION)
397	{
398	secdebug(XPROXYSCOPE, "expected XPC_TYPE_CONNECTION");
399	return;
400	}
401	initializeProxyObjectWithConnection(peer);
402	xpc_connection_set_event_handler(peer, ^(xpc_object_t event)
403	{
404	cloudkeychainproxy_peer_event_handler(peer, event);
405	});
406
407	// This will tell the connection to begin listening for events. If you
408	// have some other initialization that must be done asynchronously, then
409	// you can defer this call until after that initialization is done.
410	xpc_connection_resume(peer);
411	}
412
413	static void diagnostics(int argc, const char *argv[])
414	{
415	@autoreleasepool
416	{
417	NSDictionary *all = [[UbiqitousKVSProxy sharedKVSProxy] getAll];
418	NSLog(@"All: %@",all);
419	}
420	}
421
422	int ckdproxymain(int argc, const char *argv[])
423	{
424	secdebug(XPROXYSCOPE, "Starting CloudKeychainProxy");
425	char *wait4debugger = getenv("WAIT4DEBUGGER");
426	if (wait4debugger && !strcasecmp("YES", wait4debugger))
427	{
428	syslog(LOG_ERR, "Waiting for debugger");
429	kill(getpid(), SIGSTOP);
430	}
431
432	if (argc > 1) {
433	diagnostics(argc, argv);
434	return 0;
435	}
436
437	#if !TARGET_IPHONE_SIMULATOR
438	xpc_track_activity(); // sets us up for idle timeout handling
439	#endif
440
441	// DISPATCH_TARGET_QUEUE_DEFAULT
442	xpc_connection_t listener = xpc_connection_create_mach_service(xpcServiceName, NULL, XPC_CONNECTION_MACH_SERVICE_LISTENER);
443	xpc_connection_set_event_handler(listener, ^(xpc_object_t object){ cloudkeychainproxy_event_handler(object); });
444
445	[UbiqitousKVSProxy sharedKVSProxy];
446
447	// It looks to me like there is insufficient locking to allow a request to come in on the XPC connection while doing the initial all items.
448	// Therefore I'm leaving the XPC connection suspended until that has time to process.
449	xpc_connection_resume(listener);
450
451	@autoreleasepool
452	{
453	secdebug(XPROXYSCOPE, "Starting mainRunLoop");
454	NSRunLoop *runLoop = [NSRunLoop mainRunLoop];
455	[runLoop run];
456	}
457
458	secdebug(XPROXYSCOPE, "Exiting CloudKeychainProxy");
459
460	return EXIT_FAILURE;
461	}