OSX/sec/securityd/SecItemServer.h

   1 /*
   2  * Copyright (c) 2007-2009,2012-2014 Apple Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23
  24 /*!
  25     @header SecItemServer
  26     The functions provided in SecItemServer.h provide an interface to
  27     the backend for SecItem APIs in the server.
  28 */
  29
  30 #ifndef _SECURITYD_SECITEMSERVER_H_
  31 #define _SECURITYD_SECITEMSERVER_H_
  32
  33 #include <CoreFoundation/CoreFoundation.h>
  34 #include <Security/SecureObjectSync/SOSCircle.h>
  35 #include <securityd/SecDbQuery.h>
  36 #include <utilities/SecDb.h>
  37 #include <TargetConditionals.h>
  38 #include "securityd_client.h"
  39
  40
  41 __BEGIN_DECLS
  42
  43 bool _SecItemAdd(CFDictionaryRef attributes, SecurityClient *client, CFTypeRef *result, CFErrorRef *error);
  44 bool _SecItemCopyMatching(CFDictionaryRef query, SecurityClient *client, CFTypeRef *result, CFErrorRef *error);
  45 bool _SecItemUpdate(CFDictionaryRef query, CFDictionaryRef attributesToUpdate, SecurityClient *client, CFErrorRef *error);
  46 bool _SecItemDelete(CFDictionaryRef query, SecurityClient *client, CFErrorRef *error);
  47 bool _SecItemDeleteAll(CFErrorRef *error);
  48 bool _SecItemServerDeleteAllWithAccessGroups(CFArrayRef accessGroups, SecurityClient *client, CFErrorRef *error);
  49
  50 bool _SecServerRestoreKeychain(CFErrorRef *error);
  51 bool _SecServerMigrateKeychain(int32_t handle_in, CFDataRef data_in, int32_t *handle_out, CFDataRef *data_out, CFErrorRef *error);
  52 CFDataRef _SecServerKeychainCreateBackup(SecurityClient *client, CFDataRef keybag, CFDataRef passcode, CFErrorRef *error);
  53 bool _SecServerKeychainRestore(CFDataRef backup, SecurityClient *client, CFDataRef keybag, CFDataRef passcode, CFErrorRef *error);
  54 CFStringRef _SecServerBackupCopyUUID(CFDataRef backup, CFErrorRef *error);
  55
  56 bool _SecItemUpdateTokenItems(CFStringRef tokenID, CFArrayRef items, SecurityClient *client, CFErrorRef *error);
  57
  58 CF_RETURNS_RETAINED CFArrayRef _SecServerKeychainSyncUpdateMessage(CFDictionaryRef updates, CFErrorRef *error);
  59 bool _SecServerKeychainSyncUpdateIDSMessage(CFDictionaryRef updates, CFErrorRef *error);
  60 CF_RETURNS_RETAINED CFDictionaryRef _SecServerBackupSyncable(CFDictionaryRef backup, CFDataRef keybag, CFDataRef password, CFErrorRef *error);
  61
  62 int SecServerKeychainTakeOverBackupFD(CFStringRef backupName, CFErrorRef *error);
  63
  64 bool _SecServerRestoreSyncable(CFDictionaryRef backup, CFDataRef keybag, CFDataRef password, CFErrorRef *error);
  65
  66 #if TARGET_OS_IOS
  67 bool _SecServerTransmogrifyToSystemKeychain(SecurityClient *client, CFErrorRef *error);
  68 bool _SecServerTransmogrifyToSyncBubble(CFArrayRef services, uid_t uid, SecurityClient *client, CFErrorRef *error);
  69 bool _SecServerDeleteMUSERViews(SecurityClient *client, uid_t uid, CFErrorRef *error);
  70
  71 bool _SecAddSharedWebCredential(CFDictionaryRef attributes, SecurityClient *client, const audit_token_t *clientAuditToken, CFStringRef appID, CFArrayRef domains, CFTypeRef *result, CFErrorRef *error);
  72 bool _SecCopySharedWebCredential(CFDictionaryRef query, SecurityClient *client, const audit_token_t *clientAuditToken, CFStringRef appID, CFArrayRef domains, CFTypeRef *result, CFErrorRef *error);
  73 #endif /* TARGET_OS_IOS */
  74
  75 // Hack to log objects from inside SOS code
  76 void SecItemServerAppendItemDescription(CFMutableStringRef desc, CFDictionaryRef object);
  77
  78 SecDbRef SecKeychainDbCreate(CFStringRef path);
  79
  80 void
  81 _SecServerDatabaseSetup(void);
  82
  83
  84 /* For whitebox testing only */
  85 void SecKeychainDbReset(dispatch_block_t inbetween);
  86
  87
  88 SOSDataSourceFactoryRef SecItemDataSourceFactoryGetDefault(void);
  89
  90 /* FIXME: there is a specific type for keybag handle (keybag_handle_t)
  91    but it's not defined for simulator so we just use an int32_t */
  92 void SecItemServerSetKeychainKeybag(int32_t keybag);
  93 void SecItemServerResetKeychainKeybag(void);
  94
  95 void SecItemServerSetKeychainChangedNotification(const char *notification_name);
  96
  97 CFStringRef __SecKeychainCopyPath(void);
  98
  99 bool _SecServerRollKeys(bool force, SecurityClient *client, CFErrorRef *error);
 100 bool _SecServerRollKeysGlue(bool force, CFErrorRef *error);
 101
 102 struct _SecServerKeyStats {
 103     unsigned long items;
 104     CFIndex maxDataSize;
 105     CFIndex averageSize;
 106 };
 107
 108 bool _SecServerGetKeyStats(const SecDbClass *qclass, struct _SecServerKeyStats *stats);
 109
 110
 111
 112
 113 // Should all be blocks called from SecItemDb
 114 bool match_item(SecDbConnectionRef dbt, Query *q, CFArrayRef accessGroups, CFDictionaryRef item);
 115 bool itemInAccessGroup(CFDictionaryRef item, CFArrayRef accessGroups);
 116 void SecKeychainChanged(void);
 117
 118 extern void (*SecTaskDiagnoseEntitlements)(CFArrayRef accessGroups);
 119
 120 __END_DECLS
 121
 122 #endif /* _SECURITYD_SECITEMSERVER_H_ */