2 * Copyright (c) 2012-2016 Apple Inc. All Rights Reserved.
4 * @APPLE_LICENSE_HEADER_START@
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
21 * @APPLE_LICENSE_HEADER_END@
29 #include <CoreFoundation/CFDictionary.h>
30 #include <utilities/SecCFWrappers.h>
32 #include <Security/SecureObjectSync/SOSAccount.h>
33 #include <Security/SecureObjectSync/SOSAccountTrustClassic+Circle.h>
35 #include "secd_regressions.h"
36 #include "SOSAccountTesting.h"
37 #include "SecdTestKeychainUtilities.h"
39 static int kTestTestCount = 530;
42 Make a circle with two peers - alice and bob(bob is iOS and serial#"abababababab")
43 have alice leave the circle
44 release bob, make a new bob - iOS and same serial number
45 try to join the circle - it should resetToOffering with ghost fix
47 For phase 1 we expect the ghostfix to work with iOS devices, but not with MacOSX devices.
50 static void hauntedCircle(SOSPeerInfoDeviceClass devClass, bool expectGhostBusted)
52 CFErrorRef error = NULL;
53 CFDataRef cfpassword = CFDataCreate(NULL, (uint8_t *) "FooFooFoo", 10);
54 CFStringRef cfaccount = CFSTR("test@test.org");
55 CFStringRef ghostSerialID = CFSTR("abababababab");
56 CFStringRef ghostIdsID = CFSTR("targetIDS");
58 CFMutableDictionaryRef changes = CFDictionaryCreateMutableForCFTypes(kCFAllocatorDefault);
59 SOSAccount* alice_account = CreateAccountForLocalChanges(CFSTR("Alice"), CFSTR("TestSource"));
60 SOSAccount* bob_account = SOSTestCreateAccountAsSerialClone(CFSTR("Bob"), devClass, ghostSerialID, ghostIdsID);
63 ok(SOSTestStartCircleWithAccount(alice_account, changes, cfaccount, cfpassword), "Have Alice start a circle");
64 is(ProcessChangesUntilNoChange(changes, alice_account, bob_account, NULL), 1, "updates");
65 ok(SOSTestJoinWithApproval(cfpassword, cfaccount, changes, alice_account, bob_account, KEEP_USERKEY, 2, false), "Bob Joins");
68 ok( [alice_account.trust leaveCircle:alice_account err:&error], "Alice Leaves (%@)", error);
70 is(ProcessChangesUntilNoChange(changes, alice_account, bob_account, NULL), 2, "updates");
71 accounts_agree("Alice bails", bob_account, alice_account);
72 is(countPeers(bob_account), 1, "There should only be 1 valid peer");
73 // We're dropping all peers that are in the circle - leaving a circle with only one peer - and that's a ghost
75 // Make new bob - same as the old bob except peerID
77 SOSAccount* bobFinal = SOSTestCreateAccountAsSerialClone(CFSTR("BobFinal"), devClass, ghostSerialID, ghostIdsID);
78 ok(SOSTestJoinWith(cfpassword, cfaccount, changes, bobFinal), "Application Made");
79 CFReleaseNull(cfpassword);
81 // Did ghostbuster work?
82 is(ProcessChangesUntilNoChange(changes, bobFinal, NULL), 2, "updates");
83 if(expectGhostBusted) { // ghostbusting is currently disabled for MacOSX Peers
84 ok([bobFinal.trust isInCircle:NULL], "Bob is in");
86 ok(![bobFinal.trust isInCircle:NULL], "Bob is not in");
89 is(countPeers(bobFinal), 1, "There should only be 1 valid peer");
91 CFReleaseNull(changes);
99 static void multiBob(SOSPeerInfoDeviceClass devClass, bool expectGhostBusted, bool delayedPrivKey) {
100 CFErrorRef error = NULL;
101 CFDataRef cfpassword = CFDataCreate(NULL, (uint8_t *) "FooFooFoo", 10);
102 CFStringRef cfaccount = CFSTR("test@test.org");
103 CFStringRef ghostSerialID = CFSTR("abababababab");
104 CFStringRef ghostIdsID = CFSTR("targetIDS");
106 CFMutableDictionaryRef changes = CFDictionaryCreateMutableForCFTypes(kCFAllocatorDefault);
107 SOSAccount* alice_account = CreateAccountForLocalChanges(CFSTR("Alice"), CFSTR("TestSource"));
110 ok(SOSAccountAssertUserCredentialsAndUpdate(alice_account, cfaccount, cfpassword, &error), "Credential setting (%@)", error);
111 is(ProcessChangesUntilNoChange(changes, alice_account, NULL), 1, "updates");
113 ok(SOSAccountResetToOffering_wTxn(alice_account, &error), "Reset to offering (%@)", error);
114 CFReleaseNull(error);
116 is(ProcessChangesUntilNoChange(changes, alice_account, NULL), 1, "updates");
118 SOSTestMakeGhostInCircle(CFSTR("Bob1"), devClass, ghostSerialID, ghostIdsID, cfpassword, cfaccount, changes, alice_account, 2);
119 SOSTestMakeGhostInCircle(CFSTR("Bob2"), devClass, ghostSerialID, ghostIdsID, cfpassword, cfaccount, changes, alice_account, 3);
120 SOSTestMakeGhostInCircle(CFSTR("Bob3"), devClass, ghostSerialID, ghostIdsID, cfpassword, cfaccount, changes, alice_account, 4);
121 SOSTestMakeGhostInCircle(CFSTR("Bob4"), devClass, ghostSerialID, ghostIdsID, cfpassword, cfaccount, changes, alice_account, 5);
123 SOSAccount* bobFinal_account = SOSTestCreateAccountAsSerialClone(CFSTR("BobFinal"), devClass, ghostSerialID, ghostIdsID);
125 SOSTestJoinWithApproval(cfpassword, cfaccount, changes, alice_account, bobFinal_account, DROP_USERKEY, 6, true);
126 is(countPeers(bobFinal_account), 6, "Expect ghosts still in circle");
127 SOSAccountTryUserCredentials(bobFinal_account, cfaccount, cfpassword, &error);
128 ok(SOSTestChangeAccountDeviceName(bobFinal_account, CFSTR("ThereCanBeOnlyOneBob")), "force an unrelated circle change");
129 is(ProcessChangesUntilNoChange(changes, alice_account, bobFinal_account, NULL), 3, "updates");
131 SOSTestJoinWithApproval(cfpassword, cfaccount, changes, alice_account, bobFinal_account, KEEP_USERKEY, 2, true);
133 CFReleaseNull(cfpassword);
135 is(countPeers(bobFinal_account), 2, "Expect ghostBobs to be gone");
136 is(countPeers(alice_account), 2, "Expect ghostBobs to be gone");
137 accounts_agree_internal("Alice and ThereCanBeOnlyOneBob are the only circle peers and they agree", alice_account, bobFinal_account, false);
139 CFReleaseNull(changes);
142 bobFinal_account = nil;
147 static void iosICloudIdentity() {
148 CFErrorRef error = NULL;
149 CFDataRef cfpassword = CFDataCreate(NULL, (uint8_t *) "FooFooFoo", 10);
150 CFStringRef cfaccount = CFSTR("test@test.org");
151 CFStringRef ghostIdsID = CFSTR("targetIDS");
153 CFMutableDictionaryRef changes = CFDictionaryCreateMutableForCFTypes(kCFAllocatorDefault);
154 SOSAccount* alice_account = CreateAccountForLocalChanges(CFSTR("Alice"), CFSTR("TestSource"));
157 ok(SOSTestStartCircleWithAccount(alice_account, changes, cfaccount, cfpassword), "Have Alice start a circle");
159 SOSCircleRef circle = [alice_account.trust getCircle:NULL];
160 __block CFStringRef serial = NULL;
161 SOSCircleForEachActivePeer(circle, ^(SOSPeerInfoRef peer) {
162 if(SOSPeerInfoIsCloudIdentity(peer)) {
163 serial = SOSPeerInfoCopySerialNumber(peer);
167 SOSAccount* bob_account = SOSTestCreateAccountAsSerialClone(CFSTR("Bob"), SOSPeerInfo_iOS, serial, ghostIdsID);
169 is(ProcessChangesUntilNoChange(changes, alice_account, bob_account, NULL), 1, "updates");
170 ok(SOSTestJoinWithApproval(cfpassword, cfaccount, changes, alice_account, bob_account, KEEP_USERKEY, 2, false), "Bob Joins");
171 CFReleaseNull(cfpassword);
173 circle = [alice_account.trust getCircle:&error];
174 __block bool hasiCloudIdentity = false;
175 SOSCircleForEachActivePeer(circle, ^(SOSPeerInfoRef peer) {
176 if(SOSPeerInfoIsCloudIdentity(peer)) {
177 hasiCloudIdentity = true;
181 ok(hasiCloudIdentity, "GhostBusting didn't mess with the iCloud Identity");
183 CFReleaseNull(changes);
188 int secd_68_ghosts(int argc, char *const *argv)
190 plan_tests(kTestTestCount);
192 secd_test_setup_temp_keychain(__FUNCTION__, NULL);
194 hauntedCircle(SOSPeerInfo_iOS, true);
195 hauntedCircle(SOSPeerInfo_macOS, false);
196 multiBob(SOSPeerInfo_iOS, true, false);
197 multiBob(SOSPeerInfo_iOS, false, true);