[apple/security.git] / OSX / sec / securityd / Regressions / secd-20-keychain_upgrade.m

/*
 * Copyright (c) 2015 Apple Inc. All Rights Reserved.
 *
 * @APPLE_LICENSE_HEADER_START@
 *
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this
 * file.
 *
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 *
 * @APPLE_LICENSE_HEADER_END@
 */

/*
 * This is to fool os services to not provide the Keychain manager
 * interface tht doens't work since we don't have unified headers
 * between iOS and OS X. rdar://23405418/
 */
#define __KEYCHAINCORE__ 1


#import <Foundation/Foundation.h>
#import <CoreFoundation/CoreFoundation.h>
#import <Security/SecBase.h>
#import <Security/SecItem.h>
#import <Security/SecItemPriv.h>
#import <Security/SecInternal.h>
#import <utilities/SecCFRelease.h>
#import <utilities/SecFileLocations.h>
#import <securityd/SecItemServer.h>

#import <stdlib.h>

#include "secd_regressions.h"
#include "SecdTestKeychainUtilities.h"

static int ckmirror_row_exists = 0;
static int ckmirror_row_callback(void* unused, int count, char **data, char **columns)
{
    ckmirror_row_exists = 1;
    for (int i = 0; i < count; i++) {
        if(strcmp(columns[i], "ckzone") == 0) {
            is(strcmp(data[i], "ckzone"), 0, "Data is expected 'ckzone'");
        }
    }

    return 0;
}

static void
keychain_upgrade(bool musr, const char *dbname)
{
    OSStatus res;

    secd_test_setup_temp_keychain(dbname, NULL);

#if TARGET_OS_IOS
    if (musr)
        SecSecuritySetMusrMode(true, 502, 502);
#endif

#if TARGET_OS_IPHONE
    /*
     * Check system keychain migration
     */

    res = SecItemAdd((CFDictionaryRef)@{
        (id)kSecClass :  (id)kSecClassGenericPassword,
        (id)kSecAttrAccount :  @"system-label-me",
        (id)kSecUseSystemKeychain : (id)kCFBooleanTrue,
    }, NULL);
    is(res, 0, "SecItemAdd(system)");
#endif

    /*
     * Check user keychain
     */

    res = SecItemAdd((CFDictionaryRef)@{
        (id)kSecClass :  (id)kSecClassGenericPassword,
        (id)kSecAttrAccount :  @"user-label-me",
    }, NULL);
    is(res, 0, "SecItemAdd(user)");

    NSString *keychain_path = CFBridgingRelease(__SecKeychainCopyPath());

    // Add a row to a non-item table
    /* Create a new keychain sqlite db */
    sqlite3 *db = NULL;

    is(sqlite3_open([keychain_path UTF8String], &db), SQLITE_OK, "open db");
    is(sqlite3_exec(db, "INSERT into ckmirror VALUES(\"ckzone\", \"importantuuid\", \"keyuuid\", 0, \"asdf\", \"qwer\", \"ckrecord\", 0, 0, NULL, NULL, NULL);", NULL, NULL, NULL), SQLITE_OK, "row added to ckmirror table");
    is(sqlite3_close(db), SQLITE_OK, "close db");

    SecKeychainDbReset(^{

        /* Create a new keychain sqlite db */
        sqlite3 *db;

        is(sqlite3_open([keychain_path UTF8String], &db), SQLITE_OK, "create keychain");
        is(sqlite3_exec(db, "UPDATE tversion SET minor = minor - 1", NULL, NULL, NULL), SQLITE_OK,
           "\"downgrade\" keychain");
        is(sqlite3_close(db), SQLITE_OK, "close db");
    });

#if TARGET_OS_IPHONE
    res = SecItemCopyMatching((CFDictionaryRef)@{
        (id)kSecClass :  (id)kSecClassGenericPassword,
        (id)kSecAttrAccount :  @"system-label-me",
        (id)kSecUseSystemKeychain : (id)kCFBooleanTrue,
    }, NULL);
    is(res, 0, "SecItemCopyMatching(system)");
#endif

    res = SecItemCopyMatching((CFDictionaryRef)@{
        (id)kSecClass :  (id)kSecClassGenericPassword,
        (id)kSecAttrAccount :  @"user-label-me",
    }, NULL);
    is(res, 0, "SecItemCopyMatching(user)");

    char* err = NULL;

    is(sqlite3_open([keychain_path UTF8String], &db), SQLITE_OK, "open db");
    is(sqlite3_exec(db, "select * from ckmirror;", ckmirror_row_callback, NULL, &err), SQLITE_OK, "row added to ckmirror table");
    is(sqlite3_close(db), SQLITE_OK, "close db");
    is(ckmirror_row_exists, 1, "SQLite found a row in the ckmirror table");

#if TARGET_OS_IOS
    if (musr)
        SecSecuritySetMusrMode(false, 501, -1);
#endif
}

void SecAccessGroupsSetCurrent(CFArrayRef accessGroups);
CFArrayRef SecAccessGroupsGetCurrent();

int
secd_20_keychain_upgrade(int argc, char *const *argv)
{
#if TARGET_OS_IPHONE
#define have_system_keychain_tests 2
#else
#define have_system_keychain_tests 0
#endif

    plan_tests((kSecdTestSetupTestCount + 5 + have_system_keychain_tests + 8) * 2);

    CFArrayRef currentACL = SecAccessGroupsGetCurrent();

    NSMutableArray *newACL = [NSMutableArray arrayWithArray:(__bridge NSArray *)currentACL];
    [newACL addObjectsFromArray:@[
         @"com.apple.private.system-keychain",
         @"com.apple.private.syncbubble-keychain",
         @"com.apple.private.migrate-musr-system-keychain",
    ]];

    SecAccessGroupsSetCurrent((__bridge CFArrayRef)newACL);

    keychain_upgrade(false, "secd_20_keychain_upgrade");
    keychain_upgrade(true,  "secd_20_keychain_upgrade-musr");

    SecAccessGroupsSetCurrent(currentACL);

    return 0;
}
Commit	Line	Data
e3d460c9 A	1	/*
	2	* Copyright (c) 2015 Apple Inc. All Rights Reserved.
	3	*
	4	* @APPLE_LICENSE_HEADER_START@
	5	*
	6	* This file contains Original Code and/or Modifications of Original Code
	7	* as defined in and that are subject to the Apple Public Source License
	8	* Version 2.0 (the 'License'). You may not use this file except in
	9	* compliance with the License. Please obtain a copy of the License at
	10	* http://www.opensource.apple.com/apsl/ and read it before using this
	11	* file.
	12	*
	13	* The Original Code and all software distributed under the License are
	14	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
	15	* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
	16	* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
	17	* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
	18	* Please see the License for the specific language governing rights and
	19	* limitations under the License.
	20	*
	21	* @APPLE_LICENSE_HEADER_END@
	22	*/
	23
	24	/*
	25	* This is to fool os services to not provide the Keychain manager
	26	* interface tht doens't work since we don't have unified headers
	27	* between iOS and OS X. rdar://23405418/
	28	*/
	29	#define __KEYCHAINCORE__ 1
	30
	31
	32	#import <Foundation/Foundation.h>
	33	#import <CoreFoundation/CoreFoundation.h>
	34	#import <Security/SecBase.h>
	35	#import <Security/SecItem.h>
	36	#import <Security/SecItemPriv.h>
	37	#import <Security/SecInternal.h>
fa7225c8	38	#import <utilities/SecCFRelease.h>
e3d460c9 A	39	#import <utilities/SecFileLocations.h>
	40	#import <securityd/SecItemServer.h>
	41
	42	#import <stdlib.h>
	43
	44	#include "secd_regressions.h"
	45	#include "SecdTestKeychainUtilities.h"
	46
866f8763 A	47	static int ckmirror_row_exists = 0;
	48	static int ckmirror_row_callback(void* unused, int count, char data, char columns)
	49	{
	50	ckmirror_row_exists = 1;
	51	for (int i = 0; i < count; i++) {
	52	if(strcmp(columns[i], "ckzone") == 0) {
	53	is(strcmp(data[i], "ckzone"), 0, "Data is expected 'ckzone'");
	54	}
	55	}
e3d460c9	56
866f8763 A	57	return 0;
866f8763 A	58	}
e3d460c9 A	59
	60	static void
	61	keychain_upgrade(bool musr, const char *dbname)
	62	{
	63	OSStatus res;
	64
	65	secd_test_setup_temp_keychain(dbname, NULL);
	66
	67	#if TARGET_OS_IOS
	68	if (musr)
	69	SecSecuritySetMusrMode(true, 502, 502);
	70	#endif
	71
	72	#if TARGET_OS_IPHONE
	73	/*
	74	* Check system keychain migration
	75	*/
	76
	77	res = SecItemAdd((CFDictionaryRef)@{
	78	(id)kSecClass : (id)kSecClassGenericPassword,
	79	(id)kSecAttrAccount : @"system-label-me",
	80	(id)kSecUseSystemKeychain : (id)kCFBooleanTrue,
	81	}, NULL);
	82	is(res, 0, "SecItemAdd(system)");
	83	#endif
	84
	85	/*
	86	* Check user keychain
	87	*/
	88
	89	res = SecItemAdd((CFDictionaryRef)@{
	90	(id)kSecClass : (id)kSecClassGenericPassword,
	91	(id)kSecAttrAccount : @"user-label-me",
	92	}, NULL);
	93	is(res, 0, "SecItemAdd(user)");
	94
866f8763 A	95	NSString *keychain_path = CFBridgingRelease(__SecKeychainCopyPath());
	96
	97	// Add a row to a non-item table
	98	/* Create a new keychain sqlite db */
	99	sqlite3 *db = NULL;
	100
	101	is(sqlite3_open([keychain_path UTF8String], &db), SQLITE_OK, "open db");
	102	is(sqlite3_exec(db, "INSERT into ckmirror VALUES(\"ckzone\", \"importantuuid\", \"keyuuid\", 0, \"asdf\", \"qwer\", \"ckrecord\", 0, 0, NULL, NULL, NULL);", NULL, NULL, NULL), SQLITE_OK, "row added to ckmirror table");
	103	is(sqlite3_close(db), SQLITE_OK, "close db");
	104
e3d460c9	105	SecKeychainDbReset(^{
e3d460c9 A	106
	107	/* Create a new keychain sqlite db */
	108	sqlite3 *db;
	109
	110	is(sqlite3_open([keychain_path UTF8String], &db), SQLITE_OK, "create keychain");
866f8763	111	is(sqlite3_exec(db, "UPDATE tversion SET minor = minor - 1", NULL, NULL, NULL), SQLITE_OK,
e3d460c9 A	112	"\"downgrade\" keychain");
e3d460c9 A	113	is(sqlite3_close(db), SQLITE_OK, "close db");
e3d460c9 A	114	});
	115
	116	#if TARGET_OS_IPHONE
	117	res = SecItemCopyMatching((CFDictionaryRef)@{
	118	(id)kSecClass : (id)kSecClassGenericPassword,
	119	(id)kSecAttrAccount : @"system-label-me",
	120	(id)kSecUseSystemKeychain : (id)kCFBooleanTrue,
	121	}, NULL);
	122	is(res, 0, "SecItemCopyMatching(system)");
	123	#endif
	124
	125	res = SecItemCopyMatching((CFDictionaryRef)@{
	126	(id)kSecClass : (id)kSecClassGenericPassword,
	127	(id)kSecAttrAccount : @"user-label-me",
	128	}, NULL);
	129	is(res, 0, "SecItemCopyMatching(user)");
	130
866f8763 A	131	char* err = NULL;
	132
	133	is(sqlite3_open([keychain_path UTF8String], &db), SQLITE_OK, "open db");
	134	is(sqlite3_exec(db, "select * from ckmirror;", ckmirror_row_callback, NULL, &err), SQLITE_OK, "row added to ckmirror table");
	135	is(sqlite3_close(db), SQLITE_OK, "close db");
	136	is(ckmirror_row_exists, 1, "SQLite found a row in the ckmirror table");
	137
e3d460c9 A	138	#if TARGET_OS_IOS
	139	if (musr)
	140	SecSecuritySetMusrMode(false, 501, -1);
	141	#endif
	142	}
	143
	144	void SecAccessGroupsSetCurrent(CFArrayRef accessGroups);
	145	CFArrayRef SecAccessGroupsGetCurrent();
	146
	147	int
	148	secd_20_keychain_upgrade(int argc, char const argv)
	149	{
	150	#if TARGET_OS_IPHONE
	151	#define have_system_keychain_tests 2
	152	#else
	153	#define have_system_keychain_tests 0
	154	#endif
	155
866f8763	156	plan_tests((kSecdTestSetupTestCount + 5 + have_system_keychain_tests + 8) * 2);
e3d460c9 A	157
	158	CFArrayRef currentACL = SecAccessGroupsGetCurrent();
	159
	160	NSMutableArray newACL = [NSMutableArray arrayWithArray:(__bridge NSArray )currentACL];
	161	[newACL addObjectsFromArray:@[
	162	@"com.apple.private.system-keychain",
	163	@"com.apple.private.syncbubble-keychain",
	164	@"com.apple.private.migrate-musr-system-keychain",
	165	]];
	166
	167	SecAccessGroupsSetCurrent((__bridge CFArrayRef)newACL);
	168
	169	keychain_upgrade(false, "secd_20_keychain_upgrade");
	170	keychain_upgrade(true, "secd_20_keychain_upgrade-musr");
	171
	172	SecAccessGroupsSetCurrent(currentACL);
	173
	174	return 0;
	175	}