keychain/securityd/SecItemServer.h

   1 /*
   2  * Copyright (c) 2007-2009,2012-2014 Apple Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23
  24 /*!
  25     @header SecItemServer
  26     The functions provided in SecItemServer.h provide an interface to
  27     the backend for SecItem APIs in the server.
  28 */
  29
  30 #ifndef _SECURITYD_SECITEMSERVER_H_
  31 #define _SECURITYD_SECITEMSERVER_H_
  32
  33 #include <CoreFoundation/CoreFoundation.h>
  34 #include "keychain/SecureObjectSync/SOSCircle.h"
  35 #include "keychain/securityd/SecDbQuery.h"
  36 #include "utilities/SecDb.h"
  37 #include <TargetConditionals.h>
  38 #include "sec/ipc/securityd_client.h"
  39
  40
  41 __BEGIN_DECLS
  42
  43 bool _SecItemAdd(CFDictionaryRef attributes, SecurityClient *client, CFTypeRef *result, CFErrorRef *error);
  44 bool _SecItemCopyMatching(CFDictionaryRef query, SecurityClient *client, CFTypeRef *result, CFErrorRef *error);
  45 bool _SecItemUpdate(CFDictionaryRef query, CFDictionaryRef attributesToUpdate, SecurityClient *client, CFErrorRef *error);
  46 bool _SecItemDelete(CFDictionaryRef query, SecurityClient *client, CFErrorRef *error);
  47 bool _SecItemDeleteAll(CFErrorRef *error);
  48 bool _SecItemServerDeleteAllWithAccessGroups(CFArrayRef accessGroups, SecurityClient *client, CFErrorRef *error);
  49
  50 bool _SecServerRestoreKeychain(CFErrorRef *error);
  51 bool _SecServerMigrateKeychain(int32_t handle_in, CFDataRef data_in, int32_t *handle_out, CFDataRef *data_out, CFErrorRef *error);
  52 CFDataRef _SecServerKeychainCreateBackup(SecurityClient *client, CFDataRef keybag, CFDataRef passcode, bool emcs, CFErrorRef *error);
  53 bool _SecServerKeychainRestore(CFDataRef backup, SecurityClient *client, CFDataRef keybag, CFDataRef passcode, CFErrorRef *error);
  54 CFStringRef _SecServerBackupCopyUUID(CFDataRef backup, CFErrorRef *error);
  55
  56 bool _SecServerBackupKeybagAdd(SecurityClient *client, CFDataRef passcode, CFDataRef *identifier, CFDataRef *pathinfo, CFErrorRef *error);
  57 bool _SecServerBackupKeybagDelete(CFDictionaryRef attributes, bool deleteAll, CFErrorRef *error);
  58
  59 bool _SecItemUpdateTokenItemsForAccessGroups(CFStringRef tokenID, CFArrayRef accessGroups, CFArrayRef items, SecurityClient *client, CFErrorRef *error);
  60
  61 CF_RETURNS_RETAINED CFArrayRef _SecServerKeychainSyncUpdateMessage(CFDictionaryRef updates, CFErrorRef *error);
  62 CF_RETURNS_RETAINED CFDictionaryRef _SecServerBackupSyncable(CFDictionaryRef backup, CFDataRef keybag, CFDataRef password, CFErrorRef *error);
  63
  64 int SecServerKeychainTakeOverBackupFD(CFStringRef backupName, CFErrorRef *error);
  65
  66 bool _SecServerRestoreSyncable(CFDictionaryRef backup, CFDataRef keybag, CFDataRef password, CFErrorRef *error);
  67
  68 #if TARGET_OS_IOS
  69 bool _SecServerTransmogrifyToSystemKeychain(SecurityClient *client, CFErrorRef *error);
  70 bool _SecServerTransmogrifyToSyncBubble(CFArrayRef services, uid_t uid, SecurityClient *client, CFErrorRef *error);
  71 bool _SecServerDeleteMUSERViews(SecurityClient *client, uid_t uid, CFErrorRef *error);
  72 #endif
  73
  74 #if SHAREDWEBCREDENTIALS
  75 bool _SecAddSharedWebCredential(CFDictionaryRef attributes, SecurityClient *client, const audit_token_t *clientAuditToken, CFStringRef appID, CFArrayRef domains, CFTypeRef *result, CFErrorRef *error);
  76 bool _SecCopySharedWebCredential(CFDictionaryRef query, SecurityClient *client, const audit_token_t *clientAuditToken, CFStringRef appID, CFArrayRef domains, CFTypeRef *result, CFErrorRef *error);
  77 #endif /* SHAREDWEBCREDENTIALS */
  78
  79 // Hack to log objects from inside SOS code
  80 void SecItemServerAppendItemDescription(CFMutableStringRef desc, CFDictionaryRef object);
  81
  82 SecDbRef SecKeychainDbCreate(CFStringRef path, CFErrorRef* error);
  83 SecDbRef SecKeychainDbInitialize(SecDbRef db);
  84
  85 bool kc_with_dbt(bool writeAndRead, CFErrorRef *error, bool (^perform)(SecDbConnectionRef dbt));
  86 bool kc_with_dbt_non_item_tables(bool writeAndRead, CFErrorRef* error, bool (^perform)(SecDbConnectionRef dbt)); // can be used when only tables which don't store 'items' are accessed - avoids invoking SecItemDataSourceFactoryGetDefault()
  87 bool kc_with_custom_db(bool writeAndRead, bool usesItemTables, SecDbRef db, CFErrorRef *error, bool (^perform)(SecDbConnectionRef dbt));
  88
  89
  90
  91 /* For whitebox testing only */
  92 void SecKeychainDbForceClose(void);
  93 void SecKeychainDbReset(dispatch_block_t inbetween);
  94
  95 SOSDataSourceFactoryRef SecItemDataSourceFactoryGetDefault(void);
  96
  97 /* FIXME: there is a specific type for keybag handle (keybag_handle_t)
  98    but it's not defined for simulator so we just use an int32_t */
  99 void SecItemServerSetKeychainKeybag(int32_t keybag);
 100 void SecItemServerResetKeychainKeybag(void);
 101
 102 void SecItemServerSetKeychainChangedNotification(const char *notification_name);
 103
 104 CFStringRef __SecKeychainCopyPath(void);
 105
 106 bool _SecServerRollKeys(bool force, SecurityClient *client, CFErrorRef *error);
 107 bool _SecServerRollKeysGlue(bool force, CFErrorRef *error);
 108
 109
 110 /* initial sync */
 111 #define SecServerInitialSyncCredentialFlagTLK                (1 << 0)
 112 #define SecServerInitialSyncCredentialFlagPCS                (1 << 1)
 113 #define SecServerInitialSyncCredentialFlagPCSNonCurrent      (1 << 2)
 114 #define SecServerInitialSyncCredentialFlagBluetoothMigration (1 << 3)
 115
 116 CFArrayRef _SecServerCopyInitialSyncCredentials(uint32_t flags, CFErrorRef *error);
 117 bool _SecServerImportInitialSyncCredentials(CFArrayRef array, CFErrorRef *error);
 118
 119 CF_RETURNS_RETAINED CFArrayRef _SecItemCopyParentCertificates(CFDataRef normalizedIssuer, CFArrayRef accessGroups, CFErrorRef *error);
 120 bool _SecItemCertificateExists(CFDataRef normalizedIssuer, CFDataRef serialNumber, CFArrayRef accessGroups, CFErrorRef *error);
 121
 122 bool SecKeychainDbGetVersion(SecDbConnectionRef dbt, int *version, CFErrorRef *error);
 123
 124
 125 // Should all be blocks called from SecItemDb
 126 bool match_item(SecDbConnectionRef dbt, Query *q, CFArrayRef accessGroups, CFDictionaryRef item);
 127 bool accessGroupsAllows(CFArrayRef accessGroups, CFStringRef accessGroup, SecurityClient* client);
 128 bool itemInAccessGroup(CFDictionaryRef item, CFArrayRef accessGroups);
 129 void SecKeychainChanged(void);
 130
 131 void deleteCorruptedItemAsync(SecDbConnectionRef dbt, CFStringRef tablename, sqlite_int64 rowid);
 132
 133 __END_DECLS
 134
 135 #endif /* _SECURITYD_SECITEMSERVER_H_ */