]> git.saurik.com Git - apple/security.git/blob - OSX/libsecurity_keychain/lib/SecKeychain.h
Security-57740.31.2.tar.gz
[apple/security.git] / OSX / libsecurity_keychain / lib / SecKeychain.h
1 /*
2 * Copyright (c) 2000-2004,2011,2013-2014 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24 /*!
25 @header SecKeychain
26 SecKeychain implements a repository for securely storing items with publicly visible attributes by which to find the items.
27 */
28
29 #ifndef _SECURITY_SECKEYCHAIN_H_
30 #define _SECURITY_SECKEYCHAIN_H_
31
32 #include <Security/SecBase.h>
33 #include <Security/cssmapple.h>
34 #include <CoreFoundation/CFArray.h>
35 #include <libkern/OSByteOrder.h>
36
37 #if defined(__cplusplus)
38 extern "C" {
39 #endif
40
41 CF_ASSUME_NONNULL_BEGIN
42
43 /*!
44 @enum KeychainStatus
45 @abstract Defines the current status of a keychain.
46 @constant kSecUnlockStateStatus Indicates the keychain is unlocked.
47 @constant kSecReadPermStatus Indicates the keychain is readable.
48 @constant kSecWritePermStatus Indicates the keychain is writable.
49 */
50 CF_ENUM(UInt32)
51 {
52 kSecUnlockStateStatus = 1,
53 kSecReadPermStatus = 2,
54 kSecWritePermStatus = 4
55 };
56
57 #define SEC_KEYCHAIN_SETTINGS_VERS1 1
58
59
60 /*!
61 @typedef SecKeychainSettings
62 @abstract Contains keychain settings.
63 @field version An unsigned 32-bit integer representing the keychain version.
64 @field lockOnSleep A boolean value indicating whether the keychain locks when the system sleeps.
65 @field useLockInterval A boolean value indicating whether the keychain automatically locks after a certain period of time.
66 @field lockInterval An unsigned 32-bit integer representing the number of seconds before the keychain locks.
67 */
68 struct SecKeychainSettings
69 {
70 UInt32 version;
71 Boolean lockOnSleep;
72 Boolean useLockInterval;
73 UInt32 lockInterval;
74 };
75 typedef struct SecKeychainSettings SecKeychainSettings;
76
77 /*!
78 @enum AuthenticationConstants
79 @abstract Defines constants you can use to identify the type of authentication to use for an Internet password.
80 @constant kSecAuthenticationTypeNTLM Specifies Windows NT LAN Manager authentication.
81 @constant kSecAuthenticationTypeMSN Specifies Microsoft Network default authentication.
82 @constant kSecAuthenticationTypeDPA Specifies Distributed Password authentication.
83 @constant kSecAuthenticationTypeRPA Specifies Remote Password authentication.
84 @constant kSecAuthenticationTypeHTTPBasic Specifies HTTP Basic authentication.
85 @constant kSecAuthenticationTypeHTTPDigest Specifies HTTP Digest Access authentication.
86 @constant kSecAuthenticationTypeHTMLForm Specifies HTML form based authentication.
87 @constant kSecAuthenticationTypeDefault Specifies the default authentication type.
88 @constant kSecAuthenticationTypeAny Specifies that any authentication type is acceptable. When performing a search, use this constant to avoid constraining your search results to a particular authentication type.
89 */
90 #ifdef __LITTLE_ENDIAN__
91 #define AUTH_TYPE_FIX_(x) OSSwapConstInt32(x)
92 #else
93 #define AUTH_TYPE_FIX_(x) (x)
94 #endif
95
96 typedef CF_ENUM(FourCharCode, SecAuthenticationType)
97 {
98 kSecAuthenticationTypeNTLM = AUTH_TYPE_FIX_ ('ntlm'),
99 kSecAuthenticationTypeMSN = AUTH_TYPE_FIX_ ('msna'),
100 kSecAuthenticationTypeDPA = AUTH_TYPE_FIX_ ('dpaa'),
101 kSecAuthenticationTypeRPA = AUTH_TYPE_FIX_ ('rpaa'),
102 kSecAuthenticationTypeHTTPBasic = AUTH_TYPE_FIX_ ('http'),
103 kSecAuthenticationTypeHTTPDigest = AUTH_TYPE_FIX_ ('httd'),
104 kSecAuthenticationTypeHTMLForm = AUTH_TYPE_FIX_ ('form'),
105 kSecAuthenticationTypeDefault = AUTH_TYPE_FIX_ ('dflt'),
106 kSecAuthenticationTypeAny = AUTH_TYPE_FIX_ ( 0 )
107 };
108
109 /*!
110 @enum ProtocolTypeConstants
111 @abstract Defines the protocol type associated with an AppleShare or Internet password.
112 @constant kSecProtocolTypeFTP Indicates FTP.
113 @constant kSecProtocolTypeFTPAccount Indicates FTP Account (client side), usage deprecated.
114 @constant kSecProtocolTypeHTTP Indicates HTTP.
115 @constant kSecProtocolTypeIRC Indicates IRC.
116 @constant kSecProtocolTypeNNTP Indicates NNTP.
117 @constant kSecProtocolTypePOP3 Indicates POP3.
118 @constant kSecProtocolTypeSMTP Indicates SMTP.
119 @constant kSecProtocolTypeSOCKS Indicates SOCKS.
120 @constant kSecProtocolTypeIMAP Indicates IMAP.
121 @constant kSecProtocolTypeLDAP Indicates LDAP.
122 @constant kSecProtocolTypeAppleTalk Indicates AFP over AppleTalk.
123 @constant kSecProtocolTypeAFP Indicates AFP over TCP.
124 @constant kSecProtocolTypeTelnet Indicates Telnet.
125 @constant kSecProtocolTypeSSH Indicates SSH.
126 @constant kSecProtocolTypeFTPS Indicates FTPS (FTP over TLS/SSL).
127 @constant kSecProtocolTypeHTTPS Indicates HTTPS (HTTP over TLS/SSL).
128 @constant kSecProtocolTypeHTTPProxy Indicates HTTP proxy.
129 @constant kSecProtocolTypeHTTPSProxy Indicates HTTPS proxy.
130 @constant kSecProtocolTypeFTPProxy Indicates FTP proxy.
131 @constant kSecProtocolTypeSMB Indicates SMB.
132 @constant kSecProtocolTypeRTSP Indicates RTSP.
133 @constant kSecProtocolTypeRTSPProxy Indicates RTSP proxy.
134 @constant kSecProtocolTypeDAAP Indicates DAAP.
135 @constant kSecProtocolTypeEPPC Indicates EPPC (Remote Apple Events).
136 @constant kSecProtocolTypeIPP Indicates IPP.
137 @constant kSecProtocolTypeNNTPS Indicates NNTPS (NNTP over TLS/SSL).
138 @constant kSecProtocolTypeLDAPS Indicates LDAPS (LDAP over TLS/SSL).
139 @constant kSecProtocolTypeTelnetS Indicates Telnet over TLS/SSL.
140 @constant kSecProtocolTypeIMAPS Indicates IMAPS (IMAP4 over TLS/SSL).
141 @constant kSecProtocolTypeIRCS Indicates IRCS (IRC over TLS/SSL).
142 @constant kSecProtocolTypePOP3S Indicates POP3S (POP3 over TLS/SSL).
143 @constant kSecProtocolTypeCVSpserver Indicates CVS pserver.
144 @constant kSecProtocolTypeSVN Indicates Subversion.
145 @constant kSecProtocolTypeAny Indicates that any protocol is acceptable. When performing a search, use this constant to avoid constraining your search results to a particular protocol.
146 */
147 typedef CF_ENUM(FourCharCode, SecProtocolType)
148 {
149 kSecProtocolTypeFTP = 'ftp ',
150 kSecProtocolTypeFTPAccount = 'ftpa',
151 kSecProtocolTypeHTTP = 'http',
152 kSecProtocolTypeIRC = 'irc ',
153 kSecProtocolTypeNNTP = 'nntp',
154 kSecProtocolTypePOP3 = 'pop3',
155 kSecProtocolTypeSMTP = 'smtp',
156 kSecProtocolTypeSOCKS = 'sox ',
157 kSecProtocolTypeIMAP = 'imap',
158 kSecProtocolTypeLDAP = 'ldap',
159 kSecProtocolTypeAppleTalk = 'atlk',
160 kSecProtocolTypeAFP = 'afp ',
161 kSecProtocolTypeTelnet = 'teln',
162 kSecProtocolTypeSSH = 'ssh ',
163 kSecProtocolTypeFTPS = 'ftps',
164 kSecProtocolTypeHTTPS = 'htps',
165 kSecProtocolTypeHTTPProxy = 'htpx',
166 kSecProtocolTypeHTTPSProxy = 'htsx',
167 kSecProtocolTypeFTPProxy = 'ftpx',
168 kSecProtocolTypeCIFS = 'cifs',
169 kSecProtocolTypeSMB = 'smb ',
170 kSecProtocolTypeRTSP = 'rtsp',
171 kSecProtocolTypeRTSPProxy = 'rtsx',
172 kSecProtocolTypeDAAP = 'daap',
173 kSecProtocolTypeEPPC = 'eppc',
174 kSecProtocolTypeIPP = 'ipp ',
175 kSecProtocolTypeNNTPS = 'ntps',
176 kSecProtocolTypeLDAPS = 'ldps',
177 kSecProtocolTypeTelnetS = 'tels',
178 kSecProtocolTypeIMAPS = 'imps',
179 kSecProtocolTypeIRCS = 'ircs',
180 kSecProtocolTypePOP3S = 'pops',
181 kSecProtocolTypeCVSpserver = 'cvsp',
182 kSecProtocolTypeSVN = 'svn ',
183 kSecProtocolTypeAny = 0
184 };
185
186 /*!
187 @enum KeychainEventConstants
188 @abstract Defines the keychain-related event.
189 @constant kSecLockEvent Indicates a keychain was locked.
190 @constant kSecUnlockEvent Indicates a keychain was unlocked.
191 @constant kSecAddEvent Indicates an item was added to a keychain.
192 @constant kSecDeleteEvent Indicates an item was deleted from a keychain.
193 @constant kSecUpdateEvent Indicates a keychain item was updated.
194 @constant kSecPasswordChangedEvent Indicates the keychain password was changed.
195 @constant kSecDefaultChangedEvent Indicates that a different keychain was specified as the default.
196 @constant kSecDataAccessEvent Indicates a process has accessed a keychain item's data.
197 @constant kSecKeychainListChangedEvent Indicates the list of keychains has changed.
198 @constant kSecTrustSettingsChangedEvent Indicates Trust Settings changed.
199 */
200 typedef CF_ENUM(UInt32, SecKeychainEvent)
201 {
202 kSecLockEvent = 1,
203 kSecUnlockEvent = 2,
204 kSecAddEvent = 3,
205 kSecDeleteEvent = 4,
206 kSecUpdateEvent = 5,
207 kSecPasswordChangedEvent = 6,
208 kSecDefaultChangedEvent = 9,
209 kSecDataAccessEvent = 10,
210 kSecKeychainListChangedEvent = 11,
211 kSecTrustSettingsChangedEvent = 12
212 };
213
214 /*!
215 @enum KeychainEventConstants
216 @abstract Defines keychain event constants
217 @constant kSecLockEventMask If the bit specified by this mask is set, your callback function will be invoked when a keychain is locked.
218 @constant kSecUnlockEventMask If the bit specified by this mask is set, your callback function will be invoked when a keychain is unlocked.
219 @constant kSecAddEventMask If the bit specified by this mask is set, your callback function will be invoked when an item is added to a keychain.
220 @constant kSecDeleteEventMask If the bit specified by this mask is set, your callback function will be invoked when an item is deleted from a keychain.
221 @constant kSecUpdateEventMask If the bit specified by this mask is set, your callback function will be invoked when a keychain item is updated.
222 @constant kSecPasswordChangedEventMask If the bit specified by this mask is set, your callback function will be invoked when the keychain password is changed.
223 @constant kSecDefaultChangedEventMask If the bit specified by this mask is set, your callback function will be invoked when a different keychain is specified as the default.
224 @constant kSecDataAccessEventMask If the bit specified by this mask is set, your callback function will be invoked when a process accesses a keychain item's data.
225 @constant kSecTrustSettingsChangedEvent If the bit specified by this mask is set, your callback function will be invoked when there is a change in certificate Trust Settings.
226 @constant kSecEveryEventMask If all the bits are set, your callback function will be invoked whenever any event occurs.
227 */
228 typedef CF_OPTIONS(UInt32, SecKeychainEventMask)
229 {
230 kSecLockEventMask = 1 << kSecLockEvent,
231 kSecUnlockEventMask = 1 << kSecUnlockEvent,
232 kSecAddEventMask = 1 << kSecAddEvent,
233 kSecDeleteEventMask = 1 << kSecDeleteEvent,
234 kSecUpdateEventMask = 1 << kSecUpdateEvent,
235 kSecPasswordChangedEventMask = 1 << kSecPasswordChangedEvent,
236 kSecDefaultChangedEventMask = 1 << kSecDefaultChangedEvent,
237 kSecDataAccessEventMask = 1 << kSecDataAccessEvent,
238 kSecKeychainListChangedMask = 1 << kSecKeychainListChangedEvent,
239 kSecTrustSettingsChangedEventMask = 1 << kSecTrustSettingsChangedEvent,
240 kSecEveryEventMask = 0xffffffff
241 };
242
243 /*!
244 @typedef SecKeychainCallbackInfo
245 @abstract Contains information about a keychain event.
246 @field version The version of this structure.
247 @field item A reference to the keychain item associated with this event, if any. Note that some events do not involve a particular keychain item.
248 @field keychain A reference to the keychain in which the event occurred.
249 @field pid The id of the process that generated this event.
250 @discussion The SecKeychainCallbackInfo type represents a structure that contains information about the keychain event for which your application is being notified. For information on how to write a keychain event callback function, see SecKeychainCallback.
251 */
252 struct SecKeychainCallbackInfo
253 {
254 UInt32 version;
255 SecKeychainItemRef __nonnull item;
256 SecKeychainRef __nonnull keychain;
257 pid_t pid;
258 };
259 typedef struct SecKeychainCallbackInfo SecKeychainCallbackInfo;
260
261 /*!
262 @function SecKeychainGetTypeID
263 @abstract Returns the type identifier of SecKeychain instances.
264 @result The CFTypeID of SecKeychain instances.
265 */
266 CFTypeID SecKeychainGetTypeID(void);
267
268 /*!
269 @function SecKeychainGetVersion
270 @abstract Determines the version of the Keychain Manager installed on the userÕs system.
271 @param returnVers On return, a pointer to the version number of the Keychain Manager installed on the current system.
272 @result A result code. See "Security Error Codes" (SecBase.h).
273 */
274 OSStatus SecKeychainGetVersion(UInt32 * __nonnull returnVers);
275
276 #pragma mark ---- Keychain Management ----
277 /*!
278 @function SecKeychainOpen
279 @abstract Create a SecKeychainRef for a keychain at pathName. This keychain might
280 not currently exist, use SecKeychainGetStatus if you want to confirm the existence
281 of this keychain.
282 @param pathName The POSIX path to a keychain.
283 @param keychain On return, a pointer to the keychain reference. The memory that keychain occupies must be released by calling CFRelease when finished with it.
284 @result A result code. See "Security Error Codes" (SecBase.h). In addition, errSecParam (-50) may be returned if the keychain parameter is invalid (NULL).
285 */
286 OSStatus SecKeychainOpen(const char *pathName, SecKeychainRef * __nonnull CF_RETURNS_RETAINED keychain);
287
288 /*!
289 @function SecKeychainCreate
290 @abstract Creates a new keychain.
291 @param pathName The POSIX path to a keychain file.
292 @param passwordLength An unsigned 32-bit integer representing the length of the password buffer.
293 @param password A pointer to the buffer containing the password. The password must be in canonical UTF8 encoding.
294 @param promptUser A boolean representing whether to display a password dialog to the user.
295 @param initialAccess An access reference.
296 @param keychain On return, a pointer to a keychain reference. The memory that keychain occupies must be released by calling CFRelease when finished with it.
297 @result A result code. See "Security Error Codes" (SecBase.h). In addition, errSecParam (-50) may be returned if the keychain parameter is invalid (NULL).
298 */
299 OSStatus SecKeychainCreate(const char *pathName, UInt32 passwordLength, const void * __nullable password, Boolean promptUser, SecAccessRef __nullable initialAccess, SecKeychainRef * __nonnull CF_RETURNS_RETAINED keychain);
300
301 /*!
302 @function SecKeychainDelete
303 @abstract Removes one or more keychains from the current keychain searchlist, and deletes the keychain storage (if the keychains are file-based).
304 @param keychainOrArray A single keychain reference or a reference to an array of keychains to delete. IMPORTANT: SecKeychainDelete does not dispose the memory occupied by keychain references; use the CFRelease function when you are completely finished with a keychain.
305 @result A result code. See "Security Error Codes" (SecBase.h). In addition, errSecInvalidKeychain (-25295) may be returned if the keychain parameter is invalid (NULL).
306 */
307 OSStatus SecKeychainDelete(SecKeychainRef __nullable keychainOrArray);
308
309 /*!
310 @function SecKeychainSetSettings
311 @abstract Changes the settings of a keychain.
312 @param keychain A reference to a keychain.
313 @param newSettings A pointer to the new keychain settings.
314 @result A result code. See "Security Error Codes" (SecBase.h).
315 */
316 OSStatus SecKeychainSetSettings(SecKeychainRef __nullable keychain, const SecKeychainSettings *newSettings);
317
318 /*!
319 @function SecKeychainCopySettings
320 @abstract Copy the keychain settings.
321 @param keychain A reference to the keychain from which to copy its settings.
322 @param outSettings A pointer to a keychain settings structure. Since this structure is versioned, you must preallocate it and fill in the version of the structure.
323 @result A result code. See "Security Error Codes" (SecBase.h).
324 */
325 OSStatus SecKeychainCopySettings(SecKeychainRef __nullable keychain, SecKeychainSettings *outSettings);
326
327 /*!
328 @function SecKeychainUnlock
329 @abstract Unlocks the specified keychain.
330 @param keychain A reference to the keychain to unlock. Pass NULL to specify the default keychain. If you pass NULL and the default keychain is currently locked, the keychain will appear as the default choice. If you pass a locked keychain, SecKeychainUnlock will use the password provided to unlock it. If the default keychain is currently unlocked, SecKeychainUnlock returns errSecSuccess.
331 @param passwordLength An unsigned 32-bit integer representing the length of the password buffer.
332 @param password A buffer containing the password for the keychain. Pass NULL if the user password is unknown. In this case, SecKeychainUnlock displays the Unlock Keychain dialog box, and the authentication user interface associated with the keychain about to be unlocked.
333 @param usePassword A boolean indicating whether the password parameter is used. You should pass TRUE if it is used or FALSE if it is ignored.
334 @result A result code. See "Security Error Codes" (SecBase.h).
335 @discussion In most cases, your application does not need to call the SecKeychainUnlock function directly, since most Keychain Manager functions that require an unlocked keychain call SecKeychainUnlock automatically. If your application needs to verify that a keychain is unlocked, call the function SecKeychainGetStatus.
336 */
337 OSStatus SecKeychainUnlock(SecKeychainRef __nullable keychain, UInt32 passwordLength, const void * __nullable password, Boolean usePassword);
338
339 /*!
340 @function SecKeychainLock
341 @abstract Locks the specified keychain.
342 @param keychain A reference to the keychain to lock.
343 @result A result code. See "Security Error Codes" (SecBase.h).
344 */
345 OSStatus SecKeychainLock(SecKeychainRef __nullable keychain);
346
347 /*!
348 @function SecKeychainLockAll
349 @abstract Locks all keychains belonging to the current user.
350 @result A result code. See "Security Error Codes" (SecBase.h).
351 */
352 OSStatus SecKeychainLockAll(void);
353
354 /*!
355 @function SecKeychainCopyDefault
356 @abstract Retrieves a reference to the default keychain.
357 @param keychain On return, a pointer to the default keychain reference.
358 @result A result code. See "Security Error Codes" (SecBase.h).
359 */
360 OSStatus SecKeychainCopyDefault(SecKeychainRef * __nonnull CF_RETURNS_RETAINED keychain);
361
362 /*!
363 @function SecKeychainSetDefault
364 @abstract Sets the default keychain.
365 @param keychain A reference to the keychain to set as default.
366 @result A result code. See "Security Error Codes" (SecBase.h). In addition, errSecParam (-50) may be returned if the keychain parameter is invalid (NULL).
367 */
368 OSStatus SecKeychainSetDefault(SecKeychainRef __nullable keychain);
369
370 /*!
371 @function SecKeychainCopySearchList
372 @abstract Retrieves a keychain search list.
373 @param searchList The returned list of keychains to search. When finished with the array, you must call CFRelease() to release the memory.
374 @result A result code. See "Security Error Codes" (SecBase.h). In addition, errSecParam (-50) may be returned if the keychain list is not specified (NULL).
375 */
376 OSStatus SecKeychainCopySearchList(CFArrayRef * __nonnull CF_RETURNS_RETAINED searchList);
377
378 /*!
379 @function SecKeychainSetSearchList
380 @abstract Specifies the list of keychains to use in a keychain search list.
381 @param searchList The list of keychains to use in a search list when the SecKeychainCopySearchList function is called. An empty array clears the search list.
382 @result A result code. See "Security Error Codes" (SecBase.h). In addition, errSecParam (-50) may be returned if the keychain list is not specified (NULL).
383 */
384 OSStatus SecKeychainSetSearchList(CFArrayRef searchList);
385
386
387 /*
388 * New versions of {Copy,Get}{SearchList,Default} that address multiple preference domains.
389 * These calls subsume the old forms with domain == kPreferenceDomainUser.
390 */
391 typedef CF_ENUM(int, SecPreferencesDomain) {
392 kSecPreferencesDomainUser, /* user domain */
393 kSecPreferencesDomainSystem, /* system (daemon) domain */
394 kSecPreferencesDomainCommon, /* preferences to be merged to everyone */
395 kSecPreferencesDomainDynamic /* dynamic searchlist (typically removable keychains like smartcards) */
396 };
397
398 OSStatus SecKeychainCopyDomainDefault(SecPreferencesDomain domain, SecKeychainRef * __nonnull CF_RETURNS_RETAINED keychain);
399 OSStatus SecKeychainSetDomainDefault(SecPreferencesDomain domain, SecKeychainRef __nullable keychain);
400 OSStatus SecKeychainCopyDomainSearchList(SecPreferencesDomain domain, CFArrayRef * __nonnull CF_RETURNS_RETAINED searchList);
401 OSStatus SecKeychainSetDomainSearchList(SecPreferencesDomain domain, CFArrayRef searchList);
402 OSStatus SecKeychainSetPreferenceDomain(SecPreferencesDomain domain);
403 OSStatus SecKeychainGetPreferenceDomain(SecPreferencesDomain *domain);
404
405
406 /*!
407 @function SecKeychainGetStatus
408 @abstract Retrieves status information for the specified keychain.
409 @param keychain A keychain reference. Pass NULL to specify the default keychain.
410 @param keychainStatus On return, a pointer to the status of the specified keychain. See KeychainStatus for valid status constants.
411 @result A result code. See "Security Error Codes" (SecBase.h).
412 */
413 OSStatus SecKeychainGetStatus(SecKeychainRef __nullable keychain, SecKeychainStatus *keychainStatus);
414
415 /*!
416 @function SecKeychainGetPath
417 @abstract Get the path of the specified keychain.
418 @param keychain A reference to a keychain.
419 @param ioPathLength On input, a pointer to the size of the buffer pointed to by pathName. On return, the size of the buffer without the zero termination.
420 @param pathName On return, the POSIX path to the keychain.
421 @result A result code. See "Security Error Codes" (SecBase.h).
422 */
423 OSStatus SecKeychainGetPath(SecKeychainRef __nullable keychain, UInt32 *ioPathLength, char *pathName);
424
425 #pragma mark ---- Keychain Item Attribute Information ----
426 /*!
427 @function SecKeychainAttributeInfoForItemID
428 @abstract Obtains tags for all possible attributes for a given item class.
429 @param keychain A keychain reference.
430 @param itemID The relation identifier of the item tags (an itemID is a CSSM_DB_RECORDTYPE defined in cssmapple.h).
431 @param info On return, a pointer to the keychain attribute information. User should call the SecKeychainFreeAttributeInfo function to release the structure when done with it.
432 @result A result code. See "Security Error Codes" (SecBase.h). In addition, errSecParam (-50) may be returned if not enough valid parameters were supplied (NULL).
433 @discussion Warning, this call returns more attributes than are support by the old style Keychain API and passing them into older calls will yield an invalid attribute error. The recommended call to retrieve the attribute values is the SecKeychainItemCopyAttributesAndData function.
434 */
435 OSStatus SecKeychainAttributeInfoForItemID(SecKeychainRef __nullable keychain, UInt32 itemID, SecKeychainAttributeInfo * __nullable * __nonnull info);
436
437 /*!
438 @function SecKeychainFreeAttributeInfo
439 @abstract Releases the memory acquired by calling the SecKeychainAttributeInfoForItemID function.
440 @param info A pointer to the keychain attribute information to release.
441 @result A result code. See "Security Error Codes" (SecBase.h). In addition, errSecParam (-50) may be returned if not enough valid parameters were supplied (NULL).
442 */
443 OSStatus SecKeychainFreeAttributeInfo(SecKeychainAttributeInfo *info);
444
445 #pragma mark ---- Keychain Manager Callbacks ----
446
447 /*!
448 @typedef SecKeychainCallback
449 @abstract Defines a pointer to a customized callback function. You supply the customized callback function to do a callback tailored to your application's needs.
450 @param keychainEvent The keychain event that your application wishes to be notified of. See SecKeychainEvent for a description of possible values. The type of event that can trigger your callback depends on the bit mask you passed in the eventMask parameter of the function SecKeychainAddCallback. For more information, see the discussion.
451 @param info A pointer to a structure of type SecKeychainCallbackInfo. On return, the structure contains information about the keychain event that occurred. The Keychain Manager passes this information to your callback function via the info parameter.
452 @param context A pointer to application-defined storage that your application previously passed to the function SecKeychainAddCallback. You can use this value to perform operations like track which instance of a function is operating.
453 @result A result code. See "Security Error Codes" (SecBase.h).
454 @discussion If you name your function MyKeychainEventCallback, you would declare it like this:
455 OSStatus MyKeychainEventCallback (
456 SecKeychainEvent keychainEvent,
457 SecKeychainCallbackInfo *info,
458 void *context);
459
460 To add your callback function, use the SecKeychainAddCallback function. To remove your callback function, use the SecKeychainRemoveCallback function.
461 */
462 typedef OSStatus (*SecKeychainCallback)(SecKeychainEvent keychainEvent, SecKeychainCallbackInfo *info, void * __nullable context);
463
464 /*!
465 @function SecKeychainAddCallback
466 @abstract Registers your keychain event callback function
467 @param callbackFunction A pointer to your keychain event callback function, described in SecKeychainCallback. You indicate the type of keychain events you want to receive by passing a bit mask of the desired events in the eventMask parameter.
468 @param eventMask A bit mask indicating the keychain events that your application wishes to be notified of. See SecKeychainEventMask for a description of this bit mask. The Keychain Manager tests this mask to determine the keychain events that you wish to receive, and passes these events in the keychainEvent parameter of your callback function. See SecKeychainEvent for a description of these events.
469 @param userContext A pointer to application-defined storage that will be passed to your callback function. Your application can use this to associate any particular call of SecKeychainAddCallback with any particular call of your keychain event callback function.
470 @result A result code. See "Security Error Codes" (SecBase.h).
471 */
472 OSStatus SecKeychainAddCallback(SecKeychainCallback callbackFunction, SecKeychainEventMask eventMask, void * __nullable userContext);
473
474 /*!
475 @function SecKeychainRemoveCallback
476 @abstract Unregisters your keychain event callback function. Once removed, keychain events won't be sent to the owner of the callback.
477 @param callbackFunction The callback function pointer to remove
478 @result A result code. See "Security Error Codes" (SecBase.h).
479 */
480 OSStatus SecKeychainRemoveCallback(SecKeychainCallback callbackFunction);
481
482 #pragma mark ---- High Level Keychain Manager Calls ----
483 /*!
484 @function SecKeychainAddInternetPassword
485 @abstract Adds an Internet password to the specified keychain.
486 @param keychain A reference to a keychain in which to store an Internet password. Pass NULL to specify the user's default keychain.
487 @param serverNameLength The length of the buffer pointed to by serverName.
488 @param serverName A pointer to a string containing the server name associated with this password.
489 @param securityDomainLength The length of the buffer pointed to by securityDomain.
490 @param securityDomain A pointer to a string containing the security domain associated with this password, or NULL if there is no relevant security domain.
491 @param accountNameLength The length of the buffer pointed to by accountName.
492 @param accountName A pointer to a string containing the account name associated with this password.
493 @param pathLength The length of the buffer pointed to by path.
494 @param path A pointer to a string containing the path associated with this password, or NULL if there is no relevant path string.
495 @param port The TCP/IP port number. If no specific port number is associated with this item, pass 0.
496 @param protocol The protocol associated with this password. See SecProtocolType for a description of possible values.
497 @param authenticationType The authentication scheme used. See SecAuthenticationType for a description of possible values. Pass the constant kSecAuthenticationTypeDefault to specify the default authentication scheme.
498 @param passwordLength The length of the buffer pointed to by passwordData.
499 @param passwordData A pointer to a buffer containing the password data to be stored in the keychain.
500 @param itemRef On return, a reference to the new keychain item.
501 @result A result code. See "Security Error Codes" (SecBase.h).
502 @discussion The SecKeychainAddInternetPassword function adds a new Internet server password to the specified keychain. Required parameters to identify the password are serverName and accountName (you cannot pass NULL for both parameters). In addition, some protocols may require an optional securityDomain when authentication is requested. SecKeychainAddInternetPassword optionally returns a reference to the newly added item.
503 */
504 OSStatus SecKeychainAddInternetPassword(SecKeychainRef __nullable keychain, UInt32 serverNameLength, const char * __nullable serverName, UInt32 securityDomainLength, const char * __nullable securityDomain, UInt32 accountNameLength, const char * __nullable accountName, UInt32 pathLength, const char * __nullable path, UInt16 port, SecProtocolType protocol, SecAuthenticationType authenticationType, UInt32 passwordLength, const void *passwordData, SecKeychainItemRef * __nullable CF_RETURNS_RETAINED itemRef);
505
506 /*!
507 @function SecKeychainFindInternetPassword
508 @abstract Finds an Internet password based on the attributes passed.
509 @param keychainOrArray A reference to an array of keychains to search, a single keychain, or NULL to search the user's default keychain search list.
510 @param serverNameLength The length of the buffer pointed to by serverName.
511 @param serverName A pointer to a string containing the server name.
512 @param securityDomainLength The length of the buffer pointed to by securityDomain.
513 @param securityDomain A pointer to a string containing the security domain. This parameter is optional, as not all protocols will require it.
514 @param accountNameLength The length of the buffer pointed to by accountName.
515 @param accountName A pointer to a string containing the account name.
516 @param pathLength The length of the buffer pointed to by path.
517 @param path A pointer to a string containing the path.
518 @param port The TCP/IP port number. Pass 0 to ignore the port number.
519 @param protocol The protocol associated with this password. See SecProtocolType for a description of possible values.
520 @param authenticationType The authentication scheme used. See SecAuthenticationType for a description of possible values. Pass the constant kSecAuthenticationTypeDefault to specify the default authentication scheme.
521 @param passwordLength On return, the length of the buffer pointed to by passwordData.
522 @param passwordData On return, a pointer to a data buffer containing the password. Your application must call SecKeychainItemFreeContent(NULL, passwordData) to release this data buffer when it is no longer needed. Pass NULL if you are not interested in retrieving the password data at this time, but simply want to find the item reference.
523 @param itemRef On return, a reference to the keychain item which was found.
524 @result A result code. See "Security Error Codes" (SecBase.h).
525 @discussion The SecKeychainFindInternetPassword function finds the first Internet password item which matches the attributes you provide. Most attributes are optional; you should pass only as many as you need to narrow the search sufficiently for your application's intended use. SecKeychainFindInternetPassword optionally returns a reference to the found item.
526 */
527 OSStatus SecKeychainFindInternetPassword(CFTypeRef __nullable keychainOrArray, UInt32 serverNameLength, const char * __nullable serverName, UInt32 securityDomainLength, const char * __nullable securityDomain, UInt32 accountNameLength, const char * __nullable accountName, UInt32 pathLength, const char * __nullable path, UInt16 port, SecProtocolType protocol, SecAuthenticationType authenticationType, UInt32 * __nullable passwordLength, void * __nullable * __nullable passwordData, SecKeychainItemRef * __nullable CF_RETURNS_RETAINED itemRef);
528
529 /*!
530 @function SecKeychainAddGenericPassword
531 @abstract Adds a generic password to the specified keychain.
532 @param keychain A reference to the keychain in which to store a generic password. Pass NULL to specify the user's default keychain.
533 @param serviceNameLength The length of the buffer pointed to by serviceName.
534 @param serviceName A pointer to a string containing the service name associated with this password.
535 @param accountNameLength The length of the buffer pointed to by accountName.
536 @param accountName A pointer to a string containing the account name associated with this password.
537 @param passwordLength The length of the buffer pointed to by passwordData.
538 @param passwordData A pointer to a buffer containing the password data to be stored in the keychain.
539 @param itemRef On return, a reference to the new keychain item.
540 @result A result code. See "Security Error Codes" (SecBase.h).
541 @discussion The SecKeychainAddGenericPassword function adds a new generic password to the default keychain. Required parameters to identify the password are serviceName and accountName, which are application-defined strings. SecKeychainAddGenericPassword optionally returns a reference to the newly added item.
542 */
543 OSStatus SecKeychainAddGenericPassword(SecKeychainRef __nullable keychain, UInt32 serviceNameLength, const char * __nullable serviceName, UInt32 accountNameLength, const char * __nullable accountName, UInt32 passwordLength, const void *passwordData, SecKeychainItemRef * __nullable CF_RETURNS_RETAINED itemRef);
544
545 /*!
546 @function SecKeychainFindGenericPassword
547 @abstract Find a generic password based on the attributes passed.
548 @param keychainOrArray A reference to an array of keychains to search, a single keychain, or NULL to search the user's default keychain search list.
549 @param serviceNameLength The length of the buffer pointed to by serviceName.
550 @param serviceName A pointer to a string containing the service name.
551 @param accountNameLength The length of the buffer pointed to by accountName.
552 @param accountName A pointer to a string containing the account name.
553 @param passwordLength On return, the length of the buffer pointed to by passwordData.
554 @param passwordData On return, a pointer to a data buffer containing the password. Your application must call SecKeychainItemFreeContent(NULL, passwordData) to release this data buffer when it is no longer needed. Pass NULL if you are not interested in retrieving the password data at this time, but simply want to find the item reference.
555 @param itemRef On return, a reference to the keychain item which was found.
556 @result A result code. See "Security Error Codes" (SecBase.h).
557 @discussion The SecKeychainFindGenericPassword function finds the first generic password item which matches the attributes you provide. Most attributes are optional; you should pass only as many as you need to narrow the search sufficiently for your application's intended use. SecKeychainFindGenericPassword optionally returns a reference to the found item.
558 */
559 OSStatus SecKeychainFindGenericPassword(CFTypeRef __nullable keychainOrArray, UInt32 serviceNameLength, const char * __nullable serviceName, UInt32 accountNameLength, const char * __nullable accountName, UInt32 * __nullable passwordLength, void * __nullable * __nullable passwordData, SecKeychainItemRef * __nullable CF_RETURNS_RETAINED itemRef);
560
561 #pragma mark ---- Managing User Interaction ----
562 /*!
563 @function SecKeychainSetUserInteractionAllowed
564 @abstract Turns on or off any optional user interaction
565 @param state A boolean representing the state of user interaction. You should pass TRUE to allow user interaction, and FALSE to disallow user interaction
566 @result A result code. See "Security Error Codes" (SecBase.h).
567 */
568 OSStatus SecKeychainSetUserInteractionAllowed(Boolean state);
569
570 /*!
571 @function SecKeychainGetUserInteractionAllowed
572 @abstract Retrieves the current state of user interaction.
573 @param state On return, a pointer to the current state of user interaction. If this is TRUE then user interaction is allowed, if it is FALSE, then user interaction is not allowed.
574 @result A result code. See "Security Error Codes" (SecBase.h).
575 */
576 OSStatus SecKeychainGetUserInteractionAllowed(Boolean *state);
577
578 #pragma mark ---- CSSM Bridge Functions ----
579 /*!
580 @function SecKeychainGetCSPHandle
581 @abstract Returns the CSSM_CSP_HANDLE attachment for the given keychain reference. The handle is valid until the keychain reference is released.
582 @param keychain A keychain reference.
583 @param cspHandle On return, a pointer to the CSSM_CSP_HANDLE for the given keychain.
584 @result A result code. See "Security Error Codes" (SecBase.h).
585 @discussion This API is deprecated for 10.7. It should nho longer be needed.
586 */
587 OSStatus SecKeychainGetCSPHandle(SecKeychainRef __nullable keychain, CSSM_CSP_HANDLE *cspHandle)
588 DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
589
590 /*!
591 @function SecKeychainGetDLDBHandle
592 @abstract Returns the CSSM_DL_DB_HANDLE for a given keychain reference. The handle is valid until the keychain reference is released.
593 @param keychain A keychain reference.
594 @param dldbHandle On return, a pointer to the CSSM_DL_DB_HANDLE for the given keychain.
595 @result A result code. See "Security Error Codes" (SecBase.h).
596 @discussion This API is deprecated for 10.7. It should nho longer be needed.
597 */
598 OSStatus SecKeychainGetDLDBHandle(SecKeychainRef __nullable keychain, CSSM_DL_DB_HANDLE *dldbHandle)
599 DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
600
601 #pragma mark ---- Keychain Access Management ----
602 /*!
603 @function SecKeychainCopyAccess
604 @abstract Retrieves the access for a keychain.
605 @param keychain A reference to the keychain from which to copy the access.
606 @param access On return, a pointer to the access reference.
607 @result A result code. See "Security Error Codes" (SecBase.h).
608 */
609 OSStatus SecKeychainCopyAccess(SecKeychainRef __nullable keychain, SecAccessRef * __nonnull CF_RETURNS_RETAINED access);
610
611 /*!
612 @function SecKeychainSetAccess
613 @abstract Sets the access for a keychain.
614 @param keychain A reference to the keychain for which to set the access.
615 @param access An access reference.
616 @result A result code. See "Security Error Codes" (SecBase.h).
617 */
618 OSStatus SecKeychainSetAccess(SecKeychainRef __nullable keychain, SecAccessRef access);
619
620 CF_ASSUME_NONNULL_END
621
622 #if defined(__cplusplus)
623 }
624 #endif
625
626 #endif /* !_SECURITY_SECKEYCHAIN_H_ */