Security-57031.10.10.tar.gz

[apple/security.git] / Security / sec / securityd / SecDbQuery.h

/*
 * Copyright (c) 2013-2014 Apple Inc. All Rights Reserved.
 *
 * @APPLE_LICENSE_HEADER_START@
 * 
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this
 * file.
 * 
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 * 
 * @APPLE_LICENSE_HEADER_END@
 */

/*!
 @header SecDbQuery.h - The thing that does the stuff with the gibli.
 */

#ifndef _SECURITYD_SECDBQUERY_H_
#define _SECURITYD_SECDBQUERY_H_

#include <securityd/SecKeybagSupport.h>
#include <securityd/SecDbItem.h>

__BEGIN_DECLS

typedef struct Pair *SecDbPairRef;
typedef struct Query *SecDbQueryRef;

/* Return types. */
typedef uint32_t ReturnTypeMask;
enum
{
    kSecReturnDataMask = 1 << 0,
    kSecReturnAttributesMask = 1 << 1,
    kSecReturnRefMask = 1 << 2,
    kSecReturnPersistentRefMask = 1 << 3,
};

/* Constant indicating there is no limit to the number of results to return. */
enum
{
    kSecMatchUnlimited = kCFNotFound
};

typedef struct Pair
{
    const void *key;
    const void *value;
} Pair;

/* Nothing in this struct is retained since all the
 values below are extracted from the dictionary passed in by the
 caller. */
typedef struct Query
{
    /* Class of this query. */
    const SecDbClass *q_class;

    /* Dictionary with all attributes and values in clear (to be encrypted). */
    CFMutableDictionaryRef q_item;

    /* q_pairs is an array of Pair structs.  Elements with indices
     [0, q_attr_end) contain attribute key value pairs.  Elements with
     indices [q_match_begin, q_match_end) contain match key value pairs.
     Thus q_attr_end is the number of attrs in q_pairs and
     q_match_begin - q_match_end is the number of matches in q_pairs.  */
    CFIndex q_match_begin;
    CFIndex q_match_end;
    CFIndex q_attr_end;

    CFErrorRef q_error;
    ReturnTypeMask q_return_type;

    CFDataRef q_data;
    CFTypeRef q_ref;
    sqlite_int64 q_row_id;

    CFArrayRef q_use_item_list;
    CFBooleanRef q_use_tomb;
#if defined(MULTIPLE_KEYCHAINS)
    CFArrayRef q_use_keychain;
    CFArrayRef q_use_keychain_list;
#endif /* !defined(MULTIPLE_KEYCHAINS) */

    /* Value of kSecMatchLimit key if present. */
    CFIndex q_limit;

    /* True if query contained a kSecAttrSynchronizable attribute,
     * regardless of its actual value. If this is false, then we
     * will add an explicit sync=0 to the query. */
    bool q_sync;

    // Set to true if we modified any item as part of executing this query
    bool q_changed;

    // Set to true if we modified any synchronizable item as part of executing this query
    bool q_sync_changed;
    
    // Set to true if we want to delete item
    enum SecKsCryptoOp q_crypto_op;
    
    /* Keybag handle to use for this item. */
    keybag_handle_t q_keybag;
    
    /* ACL and credHandle passed to the query. q_use_cred_handle can contain either CFDataRef passed from outside
     * or CoreAuth context object. */
    SecAccessControlRef q_access_control;
    CFTypeRef q_use_cred_handle;
    
    // Array filled during the query execution with CFDataRef conatining serialized SecAccessControl objects
    // which need to be verified in order to include all items in the results.
    CFMutableArrayRef q_required_access_controls;

    // Text describing the operation for which the application is attempting to authenticate.
    CFStringRef q_use_operation_prompt;
    
    // True if the authentication UI is not allowed.
    CFBooleanRef q_use_no_authentication_ui;
    
    // SHA1 digest of DER encoded primary key
    CFDataRef q_primary_key_digest;

    CFArrayRef q_match_issuer;

    /* Caller acces groups for AKS */
    CFArrayRef q_caller_access_groups;

    Pair q_pairs[];
} Query;

Query *query_create(const SecDbClass *qclass, CFDictionaryRef query, CFErrorRef *error);
bool query_destroy(Query *q, CFErrorRef *error);
bool query_error(Query *q, CFErrorRef *error);
Query *query_create_with_limit(CFDictionaryRef query, CFIndex limit, CFErrorRef *error);
void query_add_attribute(const void *key, const void *value, Query *q);
void query_ensure_access_control(Query *q, CFStringRef agrp);
void query_pre_add(Query *q, bool force_date);
bool query_notify_and_destroy(Query *q, bool ok, CFErrorRef *error);
CFIndex query_match_count(const Query *q);
CFIndex query_attr_count(const Query *q);
Pair query_attr_at(const Query *q, CFIndex ix);
bool query_update_parse(Query *q, CFDictionaryRef update, CFErrorRef *error);
void query_pre_update(Query *q);
void query_enable_interactive(Query *q);
bool query_needs_authentication(Query *q);
bool query_authenticate(Query *q, CFErrorRef **error);
const SecDbClass *kc_class_with_name(CFStringRef name);
void query_set_caller_access_groups(Query *q, CFArrayRef caller_access_groups);


__END_DECLS

#endif /* _SECURITYD_SECDBQUERY_H_ */