]> git.saurik.com Git - apple/security.git/blob - OSX/libsecurity_keychain/regressions/kc-16-item-update-password.c
Security-58286.270.3.0.1.tar.gz
[apple/security.git] / OSX / libsecurity_keychain / regressions / kc-16-item-update-password.c
1 /*
2 * Copyright (c) 2016 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the xLicense.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24 #import <Security/Security.h>
25 #import <Security/SecCertificatePriv.h>
26
27 #include "keychain_regressions.h"
28 #include "kc-helpers.h"
29 #include "kc-item-helpers.h"
30
31 static void tests()
32 {
33 SecKeychainRef kc = getPopulatedTestKeychain();
34
35 CFMutableDictionaryRef query = NULL;
36 SecKeychainItemRef item = NULL;
37
38 // Find passwords
39 query = createQueryCustomItemDictionaryWithService(kc, kSecClassInternetPassword, CFSTR("test_service"), CFSTR("test_service"));
40 item = checkNCopyFirst(testName, query, 1);
41 readPasswordContents(item, CFSTR("test_password")); checkPrompts(0, "after reading a password");
42 changePasswordContents(item, CFSTR("new_password")); checkPrompts(0, "changing a internet password");
43 readPasswordContents(item, CFSTR("new_password")); checkPrompts(0, "reading a changed internet password");
44 CFReleaseNull(item);
45
46 query = createQueryCustomItemDictionaryWithService(kc, kSecClassInternetPassword, CFSTR("test_service_restrictive_acl"), CFSTR("test_service_restrictive_acl"));
47 item = checkNCopyFirst(testName, query, 1);
48 readPasswordContentsWithResult(item, errSecAuthFailed, NULL); // we don't expect to be able to read this
49 checkPrompts(1, "trying to read internet password without access");
50
51 changePasswordContents(item, CFSTR("new_password"));
52 checkPrompts(0, "after changing a internet password without access"); // NOTE: we expect this write to succeed, even though we're not on the ACL. Therefore, we should see 0 prompts for this step.
53 readPasswordContentsWithResult(item, errSecAuthFailed, NULL); // we don't expect to be able to read this
54 checkPrompts(1, "after changing a internet password without access");
55 CFReleaseNull(item);
56
57 query = createQueryCustomItemDictionaryWithService(kc, kSecClassGenericPassword, CFSTR("test_service"), CFSTR("test_service"));
58 item = checkNCopyFirst(testName, query, 1);
59 readPasswordContents(item, CFSTR("test_password")); checkPrompts(0, "after reading a generic password");
60 changePasswordContents(item, CFSTR("new_password")); checkPrompts(0, "changing a generic password");
61 readPasswordContents(item, CFSTR("new_password")); checkPrompts(0, "after changing a generic password");
62 CFReleaseNull(item);
63
64 query = createQueryCustomItemDictionaryWithService(kc, kSecClassGenericPassword, CFSTR("test_service_restrictive_acl"), CFSTR("test_service_restrictive_acl"));
65 item = checkNCopyFirst(testName, query, 1);
66 readPasswordContentsWithResult(item, errSecAuthFailed, NULL); // we don't expect to be able to read this
67 checkPrompts(1, "trying to read generic password without access");
68
69 changePasswordContents(item, CFSTR("new_password"));
70 checkPrompts(0, "changing a generic password without access"); // NOTE: we expect this write to succeed, even though we're not on the ACL. Therefore, we should see 0 prompts for this step.
71 readPasswordContentsWithResult(item, errSecAuthFailed, NULL); // we don't expect to be able to read this
72 checkPrompts(1, "after changing a generic password without access");
73 CFReleaseNull(item);
74
75 ok_status(SecKeychainDelete(kc), "%s: SecKeychainDelete", testName);
76 CFReleaseNull(kc);
77 }
78 #define numTests (getPopulatedTestKeychainTests + \
79 checkNTests + readPasswordContentsTests + checkPromptsTests + changePasswordContentsTests + checkPromptsTests + readPasswordContentsTests + checkPromptsTests + \
80 checkNTests + readPasswordContentsTests + checkPromptsTests + changePasswordContentsTests + checkPromptsTests + readPasswordContentsTests + checkPromptsTests + \
81 checkNTests + readPasswordContentsTests + checkPromptsTests + changePasswordContentsTests + checkPromptsTests + readPasswordContentsTests + checkPromptsTests + \
82 checkNTests + readPasswordContentsTests + checkPromptsTests + changePasswordContentsTests + checkPromptsTests + readPasswordContentsTests + checkPromptsTests + \
83 + 1)
84
85 int kc_16_item_update_password(int argc, char *const *argv)
86 {
87 plan_tests(numTests);
88 initializeKeychainTests(__FUNCTION__);
89
90 tests();
91
92 deleteTestFiles();
93 return 0;
94 }