]> git.saurik.com Git - apple/security.git/blob - OSX/sec/securityd/SecItemServer.h
Security-59306.11.20.tar.gz
[apple/security.git] / OSX / sec / securityd / SecItemServer.h
1 /*
2 * Copyright (c) 2007-2009,2012-2014 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24 /*!
25 @header SecItemServer
26 The functions provided in SecItemServer.h provide an interface to
27 the backend for SecItem APIs in the server.
28 */
29
30 #ifndef _SECURITYD_SECITEMSERVER_H_
31 #define _SECURITYD_SECITEMSERVER_H_
32
33 #include <CoreFoundation/CoreFoundation.h>
34 #include "keychain/SecureObjectSync/SOSCircle.h"
35 #include "securityd/SecDbQuery.h"
36 #include "utilities/SecDb.h"
37 #include <TargetConditionals.h>
38 #include "sec/ipc/securityd_client.h"
39
40
41 __BEGIN_DECLS
42
43 bool _SecItemAdd(CFDictionaryRef attributes, SecurityClient *client, CFTypeRef *result, CFErrorRef *error);
44 bool _SecItemCopyMatching(CFDictionaryRef query, SecurityClient *client, CFTypeRef *result, CFErrorRef *error);
45 bool _SecItemUpdate(CFDictionaryRef query, CFDictionaryRef attributesToUpdate, SecurityClient *client, CFErrorRef *error);
46 bool _SecItemDelete(CFDictionaryRef query, SecurityClient *client, CFErrorRef *error);
47 bool _SecItemDeleteAll(CFErrorRef *error);
48 bool _SecItemServerDeleteAllWithAccessGroups(CFArrayRef accessGroups, SecurityClient *client, CFErrorRef *error);
49
50 bool _SecServerRestoreKeychain(CFErrorRef *error);
51 bool _SecServerMigrateKeychain(int32_t handle_in, CFDataRef data_in, int32_t *handle_out, CFDataRef *data_out, CFErrorRef *error);
52 CFDataRef _SecServerKeychainCreateBackup(SecurityClient *client, CFDataRef keybag, CFDataRef passcode, bool emcs, CFErrorRef *error);
53 bool _SecServerKeychainRestore(CFDataRef backup, SecurityClient *client, CFDataRef keybag, CFDataRef passcode, CFErrorRef *error);
54 CFStringRef _SecServerBackupCopyUUID(CFDataRef backup, CFErrorRef *error);
55
56 bool _SecServerBackupKeybagAdd(SecurityClient *client, CFDataRef passcode, CFDataRef *identifier, CFDataRef *pathinfo, CFErrorRef *error);
57 bool _SecServerBackupKeybagDelete(CFDictionaryRef attributes, bool deleteAll, CFErrorRef *error);
58
59 bool _SecItemUpdateTokenItems(CFStringRef tokenID, CFArrayRef items, SecurityClient *client, CFErrorRef *error);
60
61 CF_RETURNS_RETAINED CFArrayRef _SecServerKeychainSyncUpdateMessage(CFDictionaryRef updates, CFErrorRef *error);
62 CF_RETURNS_RETAINED CFDictionaryRef _SecServerBackupSyncable(CFDictionaryRef backup, CFDataRef keybag, CFDataRef password, CFErrorRef *error);
63
64 int SecServerKeychainTakeOverBackupFD(CFStringRef backupName, CFErrorRef *error);
65
66 bool _SecServerRestoreSyncable(CFDictionaryRef backup, CFDataRef keybag, CFDataRef password, CFErrorRef *error);
67
68 #if TARGET_OS_IOS
69 bool _SecServerTransmogrifyToSystemKeychain(SecurityClient *client, CFErrorRef *error);
70 bool _SecServerTransmogrifyToSyncBubble(CFArrayRef services, uid_t uid, SecurityClient *client, CFErrorRef *error);
71 bool _SecServerDeleteMUSERViews(SecurityClient *client, uid_t uid, CFErrorRef *error);
72 #endif
73
74 #if TARGET_OS_IOS && !TARGET_OS_BRIDGE
75 bool _SecAddSharedWebCredential(CFDictionaryRef attributes, SecurityClient *client, const audit_token_t *clientAuditToken, CFStringRef appID, CFArrayRef domains, CFTypeRef *result, CFErrorRef *error);
76 bool _SecCopySharedWebCredential(CFDictionaryRef query, SecurityClient *client, const audit_token_t *clientAuditToken, CFStringRef appID, CFArrayRef domains, CFTypeRef *result, CFErrorRef *error);
77 #endif /* TARGET_OS_IOS */
78
79 // Hack to log objects from inside SOS code
80 void SecItemServerAppendItemDescription(CFMutableStringRef desc, CFDictionaryRef object);
81
82 SecDbRef SecKeychainDbCreate(CFStringRef path, CFErrorRef* error);
83 SecDbRef SecKeychainDbInitialize(SecDbRef db);
84
85 bool kc_with_dbt(bool writeAndRead, CFErrorRef *error, bool (^perform)(SecDbConnectionRef dbt));
86 bool kc_with_dbt_non_item_tables(bool writeAndRead, CFErrorRef* error, bool (^perform)(SecDbConnectionRef dbt)); // can be used when only tables which don't store 'items' are accessed - avoids invoking SecItemDataSourceFactoryGetDefault()
87 bool kc_with_custom_db(bool writeAndRead, bool usesItemTables, SecDbRef db, CFErrorRef *error, bool (^perform)(SecDbConnectionRef dbt));
88
89
90 /* For whitebox testing only */
91 void SecKeychainDbReset(dispatch_block_t inbetween);
92
93
94 SOSDataSourceFactoryRef SecItemDataSourceFactoryGetDefault(void);
95
96 /* FIXME: there is a specific type for keybag handle (keybag_handle_t)
97 but it's not defined for simulator so we just use an int32_t */
98 void SecItemServerSetKeychainKeybag(int32_t keybag);
99 void SecItemServerResetKeychainKeybag(void);
100
101 void SecItemServerSetKeychainChangedNotification(const char *notification_name);
102
103 CFStringRef __SecKeychainCopyPath(void);
104
105 bool _SecServerRollKeys(bool force, SecurityClient *client, CFErrorRef *error);
106 bool _SecServerRollKeysGlue(bool force, CFErrorRef *error);
107
108
109 /* initial sync */
110 #define SecServerInitialSyncCredentialFlagTLK (1 << 0)
111 #define SecServerInitialSyncCredentialFlagPCS (1 << 1)
112 #define SecServerInitialSyncCredentialFlagPCSNonCurrent (1 << 2)
113 #define SecServerInitialSyncCredentialFlagBluetoothMigration (1 << 3)
114
115 CFArrayRef _SecServerCopyInitialSyncCredentials(uint32_t flags, CFErrorRef *error);
116 bool _SecServerImportInitialSyncCredentials(CFArrayRef array, CFErrorRef *error);
117
118 CF_RETURNS_RETAINED CFArrayRef _SecItemCopyParentCertificates(CFDataRef normalizedIssuer, CFArrayRef accessGroups, CFErrorRef *error);
119 bool _SecItemCertificateExists(CFDataRef normalizedIssuer, CFDataRef serialNumber, CFArrayRef accessGroups, CFErrorRef *error);
120
121 bool SecKeychainDbGetVersion(SecDbConnectionRef dbt, int *version, CFErrorRef *error);
122
123
124 // Should all be blocks called from SecItemDb
125 bool match_item(SecDbConnectionRef dbt, Query *q, CFArrayRef accessGroups, CFDictionaryRef item);
126 bool accessGroupsAllows(CFArrayRef accessGroups, CFStringRef accessGroup, SecurityClient* client);
127 bool itemInAccessGroup(CFDictionaryRef item, CFArrayRef accessGroups);
128 void SecKeychainChanged(void);
129
130 __END_DECLS
131
132 #endif /* _SECURITYD_SECITEMSERVER_H_ */