Security-57336.1.9.tar.gz

[apple/security.git] / OSX / sec / ProjectHeaders / Security / SecureObjectSync / SOSChangeTracker.c

/*
 * Copyright (c) 2015 Apple Inc. All Rights Reserved.
 *
 * @APPLE_LICENSE_HEADER_START@
 *
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this
 * file.
 *
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 *
 * @APPLE_LICENSE_HEADER_END@
 */

/*
 * SOSChangeTracker.c -  Implementation of a manifest caching change tracker that forwards changes to children
 */

#include <Security/SecureObjectSync/SOSChangeTracker.h>
#include <Security/SecureObjectSync/SOSDigestVector.h>
#include <Security/SecureObjectSync/SOSEngine.h>
#include <Security/SecureObjectSync/SOSManifest.h>
#include <Security/SecureObjectSync/SOSInternal.h>
#include <utilities/SecCFError.h>
#include <utilities/SecCFWrappers.h>

CFStringRef SOSChangeCopyDescription(SOSChangeRef change) {
    CFTypeRef object = NULL;
    bool isAdd = SOSChangeGetObject(change, &object);
    // TODO: Print objects or digests
    return (isData(object)
            ? isAdd ? CFSTR("a") : CFSTR("d")
            : isAdd ? CFSTR("A") : CFSTR("D"));
}

CFDataRef SOSChangeCopyDigest(SOSDataSourceRef dataSource, SOSChangeRef change, bool *isDel, SOSObjectRef *object, CFErrorRef *error) {
    CFDataRef digest = NULL;
    if (isArray(change)) {
        if (CFArrayGetCount(change) != 1) {
            SecError(errSecDecode, error, CFSTR("change array count: %ld"), CFArrayGetCount(change));
            return NULL;
        }
        change = CFArrayGetValueAtIndex(change, 0);
        *isDel = true;
    } else {
        *isDel = false;
    }

    // If the change is a CFData, this is the signal that it is a delete
    if (isData(change)) {
        digest = (CFDataRef)CFRetain(change);
    } else {
        digest = SOSObjectCopyDigest(dataSource, (SOSObjectRef)change, error);
        *object = (SOSObjectRef)change;
    }
    assert(digest && CFDataGetLength(digest) == CCSHA1_OUTPUT_SIZE);
    return digest;
}

CFStringRef SOSChangesCopyDescription(CFArrayRef changes) {
    CFMutableStringRef desc = CFStringCreateMutableCopy(kCFAllocatorDefault, 0, CFSTR("("));
    CFTypeRef change;
    if (changes) CFArrayForEachC(changes, change) {
        CFStringRef changeDesc = SOSChangeCopyDescription(change);
        CFStringAppend(desc, changeDesc);
        CFRetainSafe(changeDesc);
    }
    CFStringAppend(desc, CFSTR(")"));
    return desc;
}


/* SOSChangeTracker implementation. */
struct __OpaqueSOSChangeTracker {
    CFRuntimeBase _base;
    SOSManifestRef manifest;                // Optional: Only concrete cts have a manifest
    CFMutableArrayRef changeChildren;       // Optional: cts can have children
    CFMutableArrayRef manifestChildren;     // Optional: cts can have children
};

static CFStringRef SOSChangeTrackerCopyFormatDescription(CFTypeRef cf, CFDictionaryRef formatOptions) {
    SOSChangeTrackerRef ct = (SOSChangeTrackerRef)cf;
    CFStringRef desc = CFStringCreateWithFormat(kCFAllocatorDefault, formatOptions, CFSTR("<ChangeTracker %@ children %ld/%ld>"),
                                                ct->manifest ? ct->manifest : (SOSManifestRef)CFSTR("NonConcrete"),
                                                CFArrayGetCount(ct->changeChildren), CFArrayGetCount(ct->manifestChildren));
    return desc;
}

static void SOSChangeTrackerDestroy(CFTypeRef cf) {
    SOSChangeTrackerRef ct = (SOSChangeTrackerRef)cf;
    CFReleaseSafe(ct->manifest);
    CFReleaseSafe(ct->changeChildren);
    CFReleaseSafe(ct->manifestChildren);
}

// Even though SOSChangeTracker instances are used as keys in dictionaries, they are treated as pointers when used as such
// which is fine since the engine ensures instances are singletons.
CFGiblisFor(SOSChangeTracker);

SOSChangeTrackerRef SOSChangeTrackerCreate(CFAllocatorRef allocator, bool isConcrete, CFArrayRef changeChildren, CFErrorRef *error) {
    SOSChangeTrackerRef ct = NULL;
    ct = CFTypeAllocate(SOSChangeTracker, struct __OpaqueSOSChangeTracker, allocator);
    if (ct && isConcrete) {
        ct->manifest = SOSManifestCreateWithData(NULL, error);
        if (!ct->manifest)
            CFReleaseNull(ct);
    }
    if (ct) {
        if (changeChildren)
            ct->changeChildren = CFArrayCreateMutableCopy(kCFAllocatorDefault, 0, changeChildren);
        else
            ct->changeChildren = CFArrayCreateMutableForCFTypes(kCFAllocatorDefault);
        ct->manifestChildren = CFArrayCreateMutableForCFTypes(kCFAllocatorDefault);
    }

    return ct;
}

// Change the concreteness of the current ct (a non concrete ct does not support SOSChangeTrackerCopyManifest().
void SOSChangeTrackerSetConcrete(SOSChangeTrackerRef ct, bool isConcrete) {
    if (!isConcrete)
        CFReleaseNull(ct->manifest);
    else if (!ct->manifest) {
        ct->manifest = SOSManifestCreateWithData(NULL, NULL);
    }
}

// Add a child to the current ct
void SOSChangeTrackerRegisterChangeUpdate(SOSChangeTrackerRef ct, SOSChangeTrackerUpdatesChanges child) {
    CFArrayAppendValue(ct->changeChildren, child);
}

void SOSChangeTrackerRegisterManifestUpdate(SOSChangeTrackerRef ct, SOSChangeTrackerUpdatesManifests child) {
    CFArrayAppendValue(ct->manifestChildren, child);
}

void SOSChangeTrackerResetRegistration(SOSChangeTrackerRef ct) {
    CFArrayRemoveAllValues(ct->changeChildren);
    CFArrayRemoveAllValues(ct->manifestChildren);
}

void SOSChangeTrackerSetManifest(SOSChangeTrackerRef ct, SOSManifestRef manifest) {
    CFRetainAssign(ct->manifest, manifest);
}

SOSManifestRef SOSChangeTrackerCopyManifest(SOSChangeTrackerRef ct, CFErrorRef *error) {
    if (ct->manifest) {
        return (SOSManifestRef)CFRetain(ct->manifest);
    }
    SOSErrorCreate(kSOSErrorNotConcreteError, error, NULL, CFSTR("ChangeTracker is not concrete"));
    return NULL;
}

static bool SOSChangeTrackerCreateManifestsWithChanges(SOSEngineRef engine, CFArrayRef changes, SOSManifestRef *removals, SOSManifestRef *additions, CFErrorRef *error) {
    bool ok = true;
    struct SOSDigestVector dvdels = SOSDigestVectorInit;
    struct SOSDigestVector dvadds = SOSDigestVectorInit;
    struct SOSDigestVector *dv;
    CFTypeRef change;
    CFArrayForEachC(changes, change) {
        CFDataRef digest, allocatedDigest = NULL;
        if (isArray(change)) {
            assert(CFArrayGetCount(change) == 1);
            change = CFArrayGetValueAtIndex(change, 0);
            dv = &dvdels;
        } else {
            dv = &dvadds;
        }

        if (isData(change)) {
            digest = (CFDataRef)change;
        } else {
            CFErrorRef digestError = NULL;
            digest = allocatedDigest = SOSObjectCopyDigest(SOSEngineGetDataSource(engine), (SOSObjectRef)change, &digestError);
            if (!digest) {
                secerror("change %@ SOSObjectCopyDigest: %@", change, digestError);
                CFReleaseNull(digestError);
                continue;
            }
        }

        if (CFDataGetLength(digest) == 20) {
            SOSDigestVectorAppend(dv, CFDataGetBytePtr(digest));
        } else {
            secerror("change %@ bad length digest: %@", change, digest);
        }
        CFReleaseNull(allocatedDigest);
    }
    if (ok && removals)
        ok = *removals = SOSManifestCreateWithDigestVector(&dvdels, error);
    if (ok && additions)
        ok = *additions = SOSManifestCreateWithDigestVector(&dvadds, error);

    SOSDigestVectorFree(&dvadds);
    SOSDigestVectorFree(&dvdels);

    return ok;
}

bool SOSChangeTrackerTrackChanges(SOSChangeTrackerRef ct, SOSEngineRef engine, SOSTransactionRef txn, SOSDataSourceTransactionSource source, SOSDataSourceTransactionPhase phase, CFArrayRef changes, CFErrorRef *error) {
    bool ok = true;
    if (changes && CFArrayGetCount(changes)) {
        CFStringRef changesDesc = SOSChangesCopyDescription(changes);
        secnotice("tracker", "%@ %s %s changes: %@", ct, phase == kSOSDataSourceTransactionWillCommit ? "will-commit" : phase == kSOSDataSourceTransactionDidCommit ? "did-commit" : "did-rollback", source == kSOSDataSourceSOSTransaction ? "sos" : "api", changesDesc);
        CFReleaseSafe(changesDesc);
        if (ct->manifest || ct->manifestChildren) {
            SOSManifestRef additions = NULL;
            SOSManifestRef removals = NULL;
            ok &= SOSChangeTrackerCreateManifestsWithChanges(engine, changes, &removals, &additions, error);
            if (ok) {
                if (ct->manifest) {
                    SOSManifestRef updatedManifest = SOSManifestCreateWithPatch(ct->manifest, removals, additions, error);
                    if (updatedManifest){
                        CFTransferRetained(ct->manifest, updatedManifest);
                    }
                }
                if (ct->manifestChildren) {
                    SOSChangeTrackerUpdatesManifests child;
                    CFArrayForEachC(ct->manifestChildren, child) {
                        ok = ok && child(ct, engine, txn, source, phase, removals, additions, error);
                    }
                }
            }
            CFReleaseSafe(removals);
            CFReleaseSafe(additions);
            // TODO: Potentially filter changes to eliminate any changes that were already in our manifest
            // Backup Peers and the like would probably enjoy this so they don't have to do it themselves.
        }

        if (ct->changeChildren) {
            SOSChangeTrackerUpdatesChanges child;
            CFArrayForEachC(ct->changeChildren, child) {
                ok = ok && child(ct, engine, txn, source, phase, changes, error);
            }
        }
    }
    
    return ok;
}