]> git.saurik.com Git - apple/security.git/blob - KeychainSyncAccountNotification/KeychainSyncAccountNotification.m
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Security-57031.30.12.tar.gz
[apple/security.git] / KeychainSyncAccountNotification / KeychainSyncAccountNotification.m
1 //
2 // KeychainSyncAccountNotification.m
3 // Security
4 //
5 // Created by keith on 5/2/13.
6 //
7 //
8
9 #import "KeychainSyncAccountNotification.h"
10 #import <Accounts/ACLogging.h>
11 #import <Accounts/Accounts.h>
12 #import <Accounts/Accounts_Private.h>
13 #pragma clang diagnostic push
14 #pragma clang diagnostic ignored "-Wnewline-eof"
15 #import <AppleAccount/ACAccount+AppleAccount.h>
16 #pragma clang diagnostic pop
17 #import <AccountsDaemon/ACDAccountStore.h>
18 #import <AccountsDaemon/ACDClientAuthorizationManager.h>
19 #import <AccountsDaemon/ACDClientAuthorization.h>
20 #import <Security/SOSCloudCircle.h>
21
22 @implementation KeychainSyncAccountNotification
23
24 - (BOOL)account:(ACAccount *)account willChangeWithType:(ACAccountChangeType)changeType inStore:(ACDAccountStore *)store oldAccount:(ACAccount *)oldAccount {
25 if ((changeType == kACAccountChangeTypeDeleted) && [oldAccount.accountType.identifier isEqualToString:ACAccountTypeIdentifierAppleAccount]) {
26 if ([account aa_isPrimaryAccount]) {
27
28 CFErrorRef removalError = NULL;
29
30 ACLogDebug(@"Performing SOS circle credential removal for account %@: %@", oldAccount.identifier, oldAccount.username);
31
32 if (!SOSCCRemoveThisDeviceFromCircle(&removalError)) {
33 ACLogError(@"Account %@ could not leave the SOS circle: %@", oldAccount.identifier, removalError);
34 }
35 } else {
36 ACLogDebug(@"NOT performing SOS circle credential removal for secondary account %@: %@", account.identifier, account.username);
37 }
38 }
39
40 return YES;
41 }
42
43 - (void)account:(ACAccount *)account didChangeWithType:(ACAccountChangeType)changeType inStore:(ACDAccountStore *)store oldAccount:(ACAccount *)oldAccount {
44 if ((changeType == kACAccountChangeTypeAdded || changeType == kACAccountChangeTypeModified) && [account.accountType.identifier isEqualToString:ACAccountTypeIdentifierAppleAccount]) {
45 if ([account aa_isPrimaryAccount]) {
46 NSError *errObject;
47 ACAccountCredential *accountCred = [store credentialForAccount:account error:&errObject];
48 if (accountCred != NULL) {
49 CFErrorRef authenticateError = NULL;
50 if (accountCred.password != NULL) {
51 const char *accountPassword = [accountCred.password cStringUsingEncoding:NSUTF8StringEncoding];
52 CFDataRef passwordData = CFDataCreate(kCFAllocatorDefault, (const uint8_t *)accountPassword, strlen(accountPassword));
53 if (NULL != passwordData) {
54 ACLogDebug(@"Performing SOS circle credential set for account %@: %@", account.identifier, account.username);
55 if (!SOSCCSetUserCredentials((__bridge CFStringRef)(account.username), passwordData, &authenticateError)) {
56 ACLogError(@"Unable to set SOS circle credentials for account %@: %@", account.identifier, authenticateError);
57 if (NULL != authenticateError) {
58 CFRelease(authenticateError);
59 }
60 }
61 CFRelease(passwordData);
62 }
63 } else {
64 if (!SOSCCCanAuthenticate(&authenticateError)) {
65 ACLogError(@"Account %@ did not present a password and we could not authenticate the SOS circle: %@", account.identifier, authenticateError);
66 if (NULL != authenticateError) {
67 CFRelease(authenticateError);
68 }
69 }
70 }
71 } else {
72 ACLogError(@"Account %@ did not present a credential for SOS circle: %@", account.identifier, errObject);
73 }
74 } else {
75 ACLogDebug(@"NOT performing SOS circle credential set for secondary account %@: %@", account.identifier, account.username);
76 }
77 }
78 }
79
80 @end
mirror of Security