2 * Copyright (c) 2008-2010,2013-2014,2016 Apple Inc. All Rights Reserved.
4 * @APPLE_LICENSE_HEADER_START@
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
21 * @APPLE_LICENSE_HEADER_END@
25 #include <CoreFoundation/CoreFoundation.h>
26 #include <Security/SecBase.h>
27 #include <Security/SecItem.h>
28 #include <Security/SecInternal.h>
29 #include <utilities/SecFileLocations.h>
30 #include <utilities/SecCFWrappers.h>
38 #include "secd_regressions.h"
40 #include <securityd/SecItemServer.h>
42 #include "SecdTestKeychainUtilities.h"
45 #if !(TARGET_OS_IOS && TARGET_OS_SIMULATOR)
46 static void setKeychainPermissions(int perm
) {
47 CFStringRef kc_path_cf
= __SecKeychainCopyPath();
48 CFStringPerformWithCString(kc_path_cf
, ^(const char *path
) {
49 ok_unix(chmod(path
, perm
), "chmod keychain file %s to be %d", path
, perm
);
54 int secd_31_keychain_unreadable(int argc
, char *const *argv
)
56 #if TARGET_OS_IOS && TARGET_OS_SIMULATOR
57 // When running on iOS device in debugger, the target usually runs
58 // as root, which means it has access to the file even after setting 000.
61 plan_tests(10 + kSecdTestSetupTestCount
);
62 secd_test_setup_temp_keychain("secd_31_keychain_unreadable", ^{
63 CFStringRef keychain_path_cf
= __SecKeychainCopyPath();
65 CFStringPerformWithCString(keychain_path_cf
, ^(const char *keychain_path
) {
67 ok_unix(fd
= open(keychain_path
, O_RDWR
| O_CREAT
| O_TRUNC
, 0644),
68 "create keychain file '%s'", keychain_path
);
69 ok_unix(fchmod(fd
, 0), " keychain file '%s'", keychain_path
);
70 ok_unix(close(fd
), "close keychain file '%s'", keychain_path
);
74 CFReleaseSafe(keychain_path_cf
);
78 CFNumberRef eighty
= CFNumberCreate(NULL
, kCFNumberSInt32Type
, &v_eighty
);
79 const char *v_data
= "test";
80 CFDataRef pwdata
= CFDataCreate(NULL
, (UInt8
*)v_data
, strlen(v_data
));
81 CFMutableDictionaryRef query
= CFDictionaryCreateMutable(NULL
, 0, NULL
, NULL
);
82 CFDictionaryAddValue(query
, kSecClass
, kSecClassInternetPassword
);
83 CFDictionaryAddValue(query
, kSecAttrServer
, CFSTR("members.spamcop.net"));
84 CFDictionaryAddValue(query
, kSecAttrAccount
, CFSTR("smith"));
85 CFDictionaryAddValue(query
, kSecAttrPort
, eighty
);
86 CFDictionaryAddValue(query
, kSecAttrProtocol
, kSecAttrProtocolHTTP
);
87 CFDictionaryAddValue(query
, kSecAttrAuthenticationType
, kSecAttrAuthenticationTypeDefault
);
88 CFDictionaryAddValue(query
, kSecValueData
, pwdata
);
90 is_status(SecItemAdd(query
, NULL
), errSecNotAvailable
, "Cannot add items to unreadable keychain");
91 is_status(SecItemCopyMatching(query
, NULL
), errSecNotAvailable
, "Cannot read items in unreadable keychain");
93 setKeychainPermissions(0644);
95 ok_status(SecItemAdd(query
, NULL
), "Add internet password");
96 is_status(SecItemAdd(query
, NULL
), errSecDuplicateItem
,
97 "Add internet password again");
98 ok_status(SecItemCopyMatching(query
, NULL
), "Found the item we added");
100 // For commented tests need to convince secd to let go of connections.
101 // Without intervention it keeps them and accesses continue to succeed.
103 setKeychainPermissions(0);
104 is_status(SecItemCopyMatching(query, NULL), errSecNotAvailable, "Still cannot read items in unreadable keychain");
106 setKeychainPermissions(0644);
107 ok_status(SecItemCopyMatching(query, NULL), "Found the item again");
109 ok_status(SecItemDelete(query
),"Deleted the item we added");
111 CFReleaseNull(eighty
);
112 CFReleaseNull(pwdata
);
113 CFReleaseNull(query
);
114 #endif // !(TARGET_OS_IOS && TARGET_OS_SIMULATOR)