]> git.saurik.com Git - apple/security.git/blob - keychain/securityd/Regressions/secd-668-ghosts.m
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Security-59306.41.2.tar.gz
[apple/security.git] / keychain / securityd / Regressions / secd-668-ghosts.m
1 /*
2 * Copyright (c) 2012-2016 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24 //
25 // secd-668-ghosts.c
26 // sec
27 //
28
29 #include <CoreFoundation/CFDictionary.h>
30 #include <utilities/SecCFWrappers.h>
31
32 #include "keychain/SecureObjectSync/SOSAccount.h"
33 #include "keychain/SecureObjectSync/SOSAccountTrustClassic+Circle.h"
34
35 #include "secd_regressions.h"
36 #include "SOSAccountTesting.h"
37 #include "SecdTestKeychainUtilities.h"
38
39 /*
40 Make a circle with two peers - alice and bob(bob is iOS and serial#"abababababab")
41 have alice leave the circle
42 release bob, make a new bob - iOS and same serial number
43 try to join the circle - it should resetToOffering with ghost fix
44
45 For phase 1 we expect the ghostfix to work with iOS devices, but not with MacOSX devices.
46 */
47
48 #if 0
49 static void hauntedCircle(SOSPeerInfoDeviceClass devClass, bool expectGhostBusted)
50 {
51 CFErrorRef error = NULL;
52 CFDataRef cfpassword = CFDataCreate(NULL, (uint8_t *) "FooFooFoo", 10);
53 CFStringRef cfaccount = CFSTR("test@test.org");
54 CFStringRef ghostSerialID = CFSTR("abababababab");
55 CFStringRef ghostIdsID = CFSTR("targetIDS");
56
57 CFMutableDictionaryRef changes = CFDictionaryCreateMutableForCFTypes(kCFAllocatorDefault);
58 SOSAccount* alice_account = CreateAccountForLocalChanges(CFSTR("Alice"), CFSTR("TestSource"));
59 SOSAccount* bob_account = SOSTestCreateAccountAsSerialClone(CFSTR("Bob"), devClass, ghostSerialID, ghostIdsID);
60
61 // Start Circle
62 ok(SOSTestStartCircleWithAccount(alice_account, changes, cfaccount, cfpassword), "Have Alice start a circle");
63 is(ProcessChangesUntilNoChange(changes, alice_account, bob_account, NULL), 1, "updates");
64 ok(SOSTestJoinWithApproval(cfpassword, cfaccount, changes, alice_account, bob_account, KEEP_USERKEY, 2, false), "Bob Joins");
65
66 // Alice Leaves
67 ok( [alice_account.trust leaveCircle:alice_account err:&error], "Alice Leaves (%@)", error);
68 CFReleaseNull(error);
69 is(ProcessChangesUntilNoChange(changes, alice_account, bob_account, NULL), 2, "updates");
70 accounts_agree("Alice bails", bob_account, alice_account);
71 is(countPeers(bob_account), 1, "There should only be 1 valid peer");
72 // We're dropping all peers that are in the circle - leaving a circle with only one peer - and that's a ghost
73
74 // Make new bob - same as the old bob except peerID
75
76 SOSAccount* bobFinal = SOSTestCreateAccountAsSerialClone(CFSTR("BobFinal"), devClass, ghostSerialID, ghostIdsID);
77 is(ProcessChangesUntilNoChange(changes, bobFinal, NULL), 1, "updates");
78
79 ok(SOSTestJoinWith(cfpassword, cfaccount, changes, bobFinal), "Application Made");
80 CFReleaseNull(cfpassword);
81
82 // Did ghostbuster work?
83 is(ProcessChangesUntilNoChange(changes, bobFinal, NULL), 2, "updates");
84 if(expectGhostBusted) { // ghostbusting is currently disabled for MacOSX Peers
85 ok([bobFinal isInCircle:NULL], "Bob is in");
86 } else {
87 ok(![bobFinal isInCircle:NULL], "Bob is not in");
88 }
89
90 is(countPeers(bobFinal), 1, "There should only be 1 valid peer");
91
92 CFReleaseNull(changes);
93
94 bob_account = nil;
95 alice_account = nil;
96 bobFinal = nil;
97 SOSTestCleanup();
98 }
99
100 static void multiBob(SOSPeerInfoDeviceClass devClass, bool expectGhostBusted, bool delayedPrivKey, bool pairJoin) {
101 CFErrorRef error = NULL;
102 CFDataRef cfpassword = CFDataCreate(NULL, (uint8_t *) "FooFooFoo", 10);
103 CFStringRef cfaccount = CFSTR("test@test.org");
104 CFStringRef ghostSerialID = CFSTR("abababababab");
105 CFStringRef ghostIdsID = CFSTR("targetIDS");
106
107 CFMutableDictionaryRef changes = CFDictionaryCreateMutableForCFTypes(kCFAllocatorDefault);
108 SOSAccount* alice_account = CreateAccountForLocalChanges(CFSTR("Alice"), CFSTR("TestSource"));
109
110 // Start Circle
111 ok(SOSAccountAssertUserCredentialsAndUpdate(alice_account, cfaccount, cfpassword, &error), "Credential setting (%@)", error);
112 is(ProcessChangesUntilNoChange(changes, alice_account, NULL), 1, "updates");
113
114 ok(SOSAccountResetToOffering_wTxn(alice_account, &error), "Reset to offering (%@)", error);
115 CFReleaseNull(error);
116
117 is(ProcessChangesUntilNoChange(changes, alice_account, NULL), 1, "updates");
118
119 SOSTestMakeGhostInCircle(CFSTR("Bob1"), devClass, ghostSerialID, ghostIdsID, cfpassword, cfaccount, changes, alice_account, 2);
120 SOSTestMakeGhostInCircle(CFSTR("Bob2"), devClass, ghostSerialID, ghostIdsID, cfpassword, cfaccount, changes, alice_account, 3);
121 SOSTestMakeGhostInCircle(CFSTR("Bob3"), devClass, ghostSerialID, ghostIdsID, cfpassword, cfaccount, changes, alice_account, 4);
122 SOSTestMakeGhostInCircle(CFSTR("Bob4"), devClass, ghostSerialID, ghostIdsID, cfpassword, cfaccount, changes, alice_account, 5);
123
124 SOSAccount* bobFinal_account = SOSTestCreateAccountAsSerialClone(CFSTR("BobFinal"), devClass, ghostSerialID, ghostIdsID);
125
126 if(pairJoin) {
127 SOSTestJoinThroughPiggyBack(cfpassword, cfaccount, changes, alice_account, bobFinal_account, KEEP_USERKEY, 6, true);
128 is(countPeers(bobFinal_account), 6, "Expect ghosts still in circle");
129 } else if(delayedPrivKey) {
130 SOSTestJoinWithApproval(cfpassword, cfaccount, changes, alice_account, bobFinal_account, DROP_USERKEY, 6, true);
131 is(countPeers(bobFinal_account), 6, "Expect ghosts still in circle");
132 } else {
133 SOSTestJoinWithApproval(cfpassword, cfaccount, changes, alice_account, bobFinal_account, KEEP_USERKEY, 2, true);
134 }
135
136 if(pairJoin || delayedPrivKey) { // this allows the ghostbusting to be done in a delayed fashion for the instances where that is proper
137 SOSAccountTryUserCredentials(bobFinal_account, cfaccount, cfpassword, &error);
138 ok(SOSTestChangeAccountDeviceName(bobFinal_account, CFSTR("ThereCanBeOnlyOneBob")), "force an unrelated circle change");
139 is(ProcessChangesUntilNoChange(changes, alice_account, bobFinal_account, NULL), 3, "updates");
140 }
141
142 CFReleaseNull(cfpassword);
143
144
145 ok([bobFinal_account isInCircle:NULL], "bobFinal_account is in");
146
147 is(countPeers(bobFinal_account), 2, "Expect ghostBobs to be gone");
148 is(countPeers(alice_account), 2, "Expect ghostBobs to be gone");
149 accounts_agree_internal("Alice and ThereCanBeOnlyOneBob are the only circle peers and they agree", alice_account, bobFinal_account, false);
150
151 CFReleaseNull(changes);
152
153 alice_account = nil;
154 bobFinal_account = nil;
155
156 SOSTestCleanup();
157 }
158
159 static void iosICloudIdentity() {
160 CFErrorRef error = NULL;
161 CFDataRef cfpassword = CFDataCreate(NULL, (uint8_t *) "FooFooFoo", 10);
162 CFStringRef cfaccount = CFSTR("test@test.org");
163 CFStringRef ghostIdsID = CFSTR("targetIDS");
164
165 CFMutableDictionaryRef changes = CFDictionaryCreateMutableForCFTypes(kCFAllocatorDefault);
166 SOSAccount* alice_account = CreateAccountForLocalChanges(CFSTR("Alice"), CFSTR("TestSource"));
167
168 // Start Circle
169 ok(SOSTestStartCircleWithAccount(alice_account, changes, cfaccount, cfpassword), "Have Alice start a circle");
170
171 SOSCircleRef circle = [alice_account.trust getCircle:NULL];
172 __block CFStringRef serial = NULL;
173 SOSCircleForEachActivePeer(circle, ^(SOSPeerInfoRef peer) {
174 if(SOSPeerInfoIsCloudIdentity(peer)) {
175 serial = SOSPeerInfoCopySerialNumber(peer);
176 }
177 });
178
179 SOSAccount* bob_account = SOSTestCreateAccountAsSerialClone(CFSTR("Bob"), SOSPeerInfo_iOS, serial, ghostIdsID);
180
181 is(ProcessChangesUntilNoChange(changes, alice_account, bob_account, NULL), 1, "updates");
182 ok(SOSTestJoinWithApproval(cfpassword, cfaccount, changes, alice_account, bob_account, KEEP_USERKEY, 2, false), "Bob Joins");
183 CFReleaseNull(cfpassword);
184
185 circle = [alice_account.trust getCircle:&error];
186 __block bool hasiCloudIdentity = false;
187 SOSCircleForEachActivePeer(circle, ^(SOSPeerInfoRef peer) {
188 if(SOSPeerInfoIsCloudIdentity(peer)) {
189 hasiCloudIdentity = true;
190 }
191 });
192
193 ok(hasiCloudIdentity, "GhostBusting didn't mess with the iCloud Identity");
194
195 CFReleaseNull(changes);
196 alice_account = nil;
197 SOSTestCleanup();
198 }
199 #endif // 0
200
201 int secd_68_ghosts(int argc, char *const *argv)
202 {
203 plan_tests(1);
204
205 secd_test_setup_temp_keychain(__FUNCTION__, NULL);
206
207 #if 0
208 // changing ghostbusting. handleUpdateCircle version is going away.
209 hauntedCircle(SOSPeerInfo_iOS, true);
210 hauntedCircle(SOSPeerInfo_macOS, false);
211 multiBob(SOSPeerInfo_iOS, true, false, false);
212 multiBob(SOSPeerInfo_iOS, false, true, false);
213 multiBob(SOSPeerInfo_iOS, false, false, true); // piggyback join case
214
215 iosICloudIdentity();
216 #endif
217 return 0;
218 }
mirror of Security