KeychainSyncAccountNotification/KeychainSyncAccountNotification.m

   1 //
   2 //  KeychainSyncAccountNotification.m
   3 //  Security
   4 //
   5
   6 #import "KeychainSyncAccountNotification.h"
   7 #import <Accounts/Accounts.h>
   8 #import <Accounts/Accounts_Private.h>
   9 #if TARGET_OS_IPHONE
  10 #import <AppleAccount/ACAccount+AppleAccount.h>
  11 #else
  12 #import <AOSAccounts/ACAccount+iCloudAccount.h>
  13 #endif
  14 #import <AccountsDaemon/ACDAccountStore.h>
  15 #import <AccountsDaemon/ACDClientAuthorizationManager.h>
  16 #import <AccountsDaemon/ACDClientAuthorization.h>
  17 #import <Security/SecureObjectSync/SOSCloudCircle.h>
  18
  19 #import "utilities/debugging.h"
  20
  21 @implementation KeychainSyncAccountNotification
  22
  23
  24 - (bool)accountIsPrimary:(ACAccount *)account
  25 {
  26 #if TARGET_OS_IPHONE
  27     return [account aa_isPrimaryAccount];
  28 #else
  29     return [account icaIsPrimaryAccount];
  30 #endif
  31 }
  32
  33 - (BOOL)account:(ACAccount *)account willChangeWithType:(ACAccountChangeType)changeType inStore:(ACDAccountStore *)store oldAccount:(ACAccount *)oldAccount {
  34
  35     if ((changeType == kACAccountChangeTypeDeleted) && [oldAccount.accountType.identifier isEqualToString:ACAccountTypeIdentifierAppleAccount]) {
  36         if(oldAccount.identifier != NULL && oldAccount.username !=NULL){
  37
  38             if ([self accountIsPrimary:oldAccount]) {
  39
  40                 CFErrorRef removalError = NULL;
  41
  42                 secinfo("accounts", "Performing SOS circle credential removal for account %@: %@", oldAccount.identifier, oldAccount.username);
  43
  44                 if (!SOSCCLoggedOutOfAccount(&removalError)) {
  45                     secerror("Account %@ could not leave the SOS circle: %@", oldAccount.identifier, removalError);
  46                 }
  47             } else {
  48                 secinfo("accounts", "NOT performing SOS circle credential removal for secondary account %@: %@", account.identifier, account.username);
  49             }
  50         }
  51         else{
  52             secinfo("accounts", "Already logged out of account");
  53
  54         }
  55     }
  56
  57     return YES;
  58 }
  59
  60 - (void)account:(ACAccount *)account didChangeWithType:(ACAccountChangeType)changeType inStore:(ACDAccountStore *)store oldAccount:(ACAccount *)oldAccount {
  61         if (changeType == kACAccountChangeTypeDeleted) {
  62         if (oldAccount.identifier != NULL && oldAccount.username != NULL){
  63
  64             if ([self accountIsPrimary:oldAccount]) {
  65                 CFErrorRef removalError = NULL;
  66                 secinfo("accounts", "Performing SOS circle credential removal for account %@: %@", oldAccount.identifier, oldAccount.username);
  67                 if (!SOSCCLoggedOutOfAccount(&removalError)) {
  68                     secerror("Account %@ could not leave the SOS circle: %@", oldAccount.identifier, removalError);
  69                 }
  70             } else {
  71                 secinfo("accounts", "NOT performing SOS circle credential removal for secondary account %@: %@", account.identifier, account.username);
  72             }
  73         }
  74         secinfo("accounts", "Already logged out of account");
  75     }
  76 }
  77
  78 @end