]> git.saurik.com Git - apple/security.git/blob - OSX/sec/SOSCircle/SecureObjectSync/SOSTransportMessageKVS.c
projects / apple / security.git / blob
? search:


de46ddae97e9a21982eb69f86d8acc3e5cc637fd
[apple/security.git] / OSX / sec / SOSCircle / SecureObjectSync / SOSTransportMessageKVS.c
1 #include <Security/SecureObjectSync/SOSTransport.h>
2 #include <Security/SecureObjectSync/SOSTransportMessage.h>
3 #include <Security/SecureObjectSync/SOSTransportMessageKVS.h>
4 #include <Security/SecureObjectSync/SOSKVSKeys.h>
5 #include <Security/SecureObjectSync/SOSAccountPriv.h>
6 #include <utilities/SecCFWrappers.h>
7 #include <SOSInternal.h>
8 #include <AssertMacros.h>
9 #include <SOSCloudKeychainClient.h>
10
11 struct __OpaqueSOSTransportMessageKVS {
12 struct __OpaqueSOSTransportMessage m;
13 CFMutableDictionaryRef pending_changes;
14
15 };
16
17 //
18 // V-table implementation forward declarations
19 //
20 static bool sendToPeer(SOSTransportMessageRef transport, CFStringRef circleName, CFStringRef peerID, CFDataRef message, CFErrorRef *error);
21 static bool syncWithPeers(SOSTransportMessageRef transport, CFSetRef peers, CFErrorRef *error);
22 static bool sendMessages(SOSTransportMessageRef transport, CFDictionaryRef peersToMessage, CFErrorRef *error);
23 static bool cleanupAfterPeer(SOSTransportMessageRef transport, CFDictionaryRef circle_to_peer_ids, CFErrorRef *error);
24 static void destroy(SOSTransportMessageRef transport);
25 static inline CFIndex getTransportType(SOSTransportMessageRef transport, CFErrorRef *error);
26
27 static CF_RETURNS_RETAINED
28 CFDictionaryRef handleMessages(SOSTransportMessageRef transport, CFMutableDictionaryRef circle_peer_messages_table, CFErrorRef *error);
29
30 static bool flushChanges(SOSTransportMessageRef transport, CFErrorRef *error);
31
32 SOSTransportMessageKVSRef SOSTransportMessageKVSCreate(SOSAccountRef account, CFStringRef circleName, CFErrorRef *error){
33 SOSTransportMessageKVSRef tkvs = (SOSTransportMessageKVSRef) SOSTransportMessageCreateForSubclass(sizeof(struct __OpaqueSOSTransportMessageKVS) - sizeof(CFRuntimeBase), account, circleName, error);
34
35 if (tkvs) {
36 // Fill in vtable:
37 tkvs->m.sendMessages = sendMessages;
38 tkvs->m.syncWithPeers = syncWithPeers;
39 tkvs->m.flushChanges = flushChanges;
40 tkvs->m.cleanupAfterPeerMessages = cleanupAfterPeer;
41 tkvs->m.destroy = destroy;
42 tkvs->m.handleMessages = handleMessages;
43 tkvs->m.getTransportType = getTransportType;
44 // Initialize ourselves
45 tkvs->pending_changes = CFDictionaryCreateMutableForCFTypes(kCFAllocatorDefault);
46 SOSRegisterTransportMessage((SOSTransportMessageRef)tkvs);
47 }
48
49 return tkvs;
50 }
51
52 bool SOSTransportMessageKVSAppendKeyInterest(SOSTransportMessageKVSRef transport, CFMutableArrayRef alwaysKeys, CFMutableArrayRef afterFirstUnlockKeys, CFMutableArrayRef unlockedKeys, CFErrorRef *localError){
53 SOSEngineRef engine = SOSTransportMessageGetEngine((SOSTransportMessageRef)transport);
54 require_quiet(engine, fail);
55
56 CFArrayRef peerInfos = SOSAccountCopyPeersToListenTo(SOSTransportMessageGetAccount((SOSTransportMessageRef) transport), localError);
57
58 if(peerInfos){
59 CFArrayForEach(peerInfos, ^(const void *value) {
60 SOSPeerInfoRef peer = (SOSPeerInfoRef)value;
61 CFStringRef peerID = SOSPeerInfoGetPeerID(peer);
62 CFStringRef peerMessage = SOSMessageKeyCreateFromPeerToTransport((SOSTransportMessageRef)transport, peerID);
63 if(peerMessage != NULL)
64 CFArrayAppendValue(unlockedKeys, peerMessage);
65 CFReleaseNull(peerMessage);
66 });
67 CFReleaseNull(peerInfos);
68 }
69 return true;
70 fail:
71 return false;
72 }
73 static void destroy(SOSTransportMessageRef transport){
74 SOSTransportMessageKVSRef tkvs = (SOSTransportMessageKVSRef)transport;
75 CFReleaseNull(tkvs->pending_changes);
76 SOSUnregisterTransportMessage((SOSTransportMessageRef)tkvs);
77
78 }
79
80 static inline CFIndex getTransportType(SOSTransportMessageRef transport, CFErrorRef *error){
81 return kKVS;
82 }
83
84 static bool SOSTransportMessageKVSUpdateKVS(SOSTransportMessageKVSRef transport, CFDictionaryRef changes, CFErrorRef *error){
85
86 CloudKeychainReplyBlock log_error = ^(CFDictionaryRef returnedValues __unused, CFErrorRef block_error) {
87 if (block_error) {
88 secerror("Error putting: %@", block_error);
89 }
90 };
91
92 SOSCloudKeychainPutObjectsInCloud(changes, dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_DEFAULT, 0), log_error);
93 return true;
94 }
95
96 static bool SOSTransportMessageKVSSendPendingChanges(SOSTransportMessageKVSRef transport, CFErrorRef *error) {
97 CFErrorRef changeError = NULL;
98
99 if (transport->pending_changes == NULL || CFDictionaryGetCount(transport->pending_changes) == 0) {
100 CFReleaseNull(transport->pending_changes);
101 return true;
102 }
103 SOSAccountRef account = SOSTransportMessageGetAccount((SOSTransportMessageRef)transport);
104 CFTypeRef dsid = SOSAccountGetValue(account, kSOSDSIDKey, error);
105
106 if(dsid == NULL)
107 dsid = kCFNull;
108
109 CFDictionaryAddValue(transport->pending_changes, kSOSKVSRequiredKey, dsid);
110
111 bool success = SOSTransportMessageKVSUpdateKVS(transport, transport->pending_changes, &changeError);
112 if (success) {
113 CFDictionaryRemoveAllValues(transport->pending_changes);
114 } else {
115 SOSCreateErrorWithFormat(kSOSErrorSendFailure, changeError, error, NULL,
116 CFSTR("Send changes block failed [%@]"), transport->pending_changes);
117 }
118
119 return success;
120 }
121
122 static void SOSTransportMessageKVSAddToPendingChanges(SOSTransportMessageKVSRef transport, CFStringRef message_key, CFDataRef message_data){
123 if (transport->pending_changes == NULL) {
124 transport->pending_changes = CFDictionaryCreateMutableForCFTypes(kCFAllocatorDefault);
125 }
126 if (message_data == NULL) {
127 CFDictionarySetValue(transport->pending_changes, message_key, kCFNull);
128 } else {
129 CFDictionarySetValue(transport->pending_changes, message_key, message_data);
130 }
131 }
132
133 static bool SOSTransportMessageKVSCleanupAfterPeerMessages(SOSTransportMessageKVSRef transport, CFDictionaryRef circle_to_peer_ids, CFErrorRef *error)
134 {
135 CFArrayRef enginePeers = SOSEngineGetPeerIDs(SOSTransportMessageGetEngine((SOSTransportMessageRef)transport));
136 __block SOSAccountRef account = SOSTransportMessageGetAccount((SOSTransportMessageRef)transport);
137
138 CFDictionaryForEach(circle_to_peer_ids, ^(const void *key, const void *value) {
139 if (isString(key) && isArray(value)) {
140 CFStringRef circle_name = (CFStringRef) key;
141 CFArrayRef peers_to_cleanup_after = (CFArrayRef) value;
142
143 CFArrayForEach(peers_to_cleanup_after, ^(const void *value) {
144 if (isString(value)) {
145 CFStringRef cleanup_id = (CFStringRef) value;
146 // TODO: Since the enginePeers list is not authorative (the Account is) this could inadvertently clean up active peers or leave behind stale peers
147 if (enginePeers) CFArrayForEach(enginePeers, ^(const void *value) {
148 if (isString(value)) {
149 CFStringRef in_circle_id = (CFStringRef) value;
150
151 CFStringRef kvsKey = SOSMessageKeyCreateWithCircleNameAndPeerNames(circle_name, cleanup_id, in_circle_id);
152 SOSTransportMessageKVSAddToPendingChanges(transport, kvsKey, NULL);
153 CFReleaseSafe(kvsKey);
154
155 CFStringRef lastCirclePushedKey = SOSLastCirclePushedKeyCreateWithCircleNameAndPeerID(circle_name, cleanup_id);
156 SOSTransportMessageKVSAddToPendingChanges(transport, lastCirclePushedKey, NULL);
157 CFReleaseSafe(lastCirclePushedKey);
158
159 CFStringRef lastKeyParameterPushedKey = SOSLastKeyParametersPushedKeyCreateWithPeerID(cleanup_id);
160 SOSTransportMessageKVSAddToPendingChanges(transport, lastKeyParameterPushedKey, NULL);
161 CFReleaseSafe(lastKeyParameterPushedKey);
162
163 CFStringRef lastCirclePushedWithAccountGestaltKey = SOSLastCirclePushedKeyCreateWithAccountGestalt(account);
164 SOSTransportMessageKVSAddToPendingChanges(transport, lastCirclePushedKey, NULL);
165 CFReleaseSafe(lastCirclePushedWithAccountGestaltKey);
166
167 CFStringRef lastKeyParameterWithAccountGestaltKey = SOSLastKeyParametersPushedKeyCreateWithAccountGestalt(account);
168 SOSTransportMessageKVSAddToPendingChanges(transport, lastCirclePushedKey, NULL);
169 CFReleaseSafe(lastKeyParameterWithAccountGestaltKey);
170
171 kvsKey = SOSMessageKeyCreateWithCircleNameAndPeerNames(circle_name, in_circle_id, cleanup_id);
172 SOSTransportMessageKVSAddToPendingChanges(transport, kvsKey, NULL);
173 CFReleaseSafe(kvsKey);
174 }
175 });
176
177 }
178 });
179 }
180 });
181
182 return SOSTransportMessageFlushChanges((SOSTransportMessageRef)transport, error);
183 }
184
185 static CF_RETURNS_RETAINED
186 CFDictionaryRef handleMessages(SOSTransportMessageRef transport, CFMutableDictionaryRef circle_peer_messages_table, CFErrorRef *error) {
187
188 CFMutableDictionaryRef handled = CFDictionaryCreateMutableForCFTypes(kCFAllocatorDefault);
189 CFDictionaryRef peerToMessage = CFDictionaryGetValue(circle_peer_messages_table, transport->circleName);
190 CFMutableArrayRef handled_peers = CFArrayCreateMutableForCFTypes(kCFAllocatorDefault);
191
192 if(peerToMessage){
193 CFDictionaryForEach(peerToMessage, ^(const void *key, const void *value) {
194 CFStringRef peer_id = asString(key, NULL);
195 CFDataRef peer_message = asData(value, NULL);
196 CFErrorRef localError = NULL;
197
198 if (peer_id && peer_message && SOSTransportMessageHandlePeerMessage(transport, peer_id, peer_message, &localError)) {
199 CFArrayAppendValue(handled_peers, key);
200 } else {
201 secnotice("transport", "%@ KVSTransport handle message failed: %@", peer_id, localError);
202 }
203 CFReleaseNull(localError);
204 });
205 }
206 CFDictionaryAddValue(handled, transport->circleName, handled_peers);
207 CFReleaseNull(handled_peers);
208
209 return handled;
210 }
211
212
213 static bool sendToPeer(SOSTransportMessageRef transport, CFStringRef circleName, CFStringRef peerID, CFDataRef message, CFErrorRef *error) {
214 SOSTransportMessageKVSRef kvsTransport = (SOSTransportMessageKVSRef) transport;
215 bool result = true;
216 SOSAccountRef account = SOSTransportMessageGetAccount((SOSTransportMessageRef)transport);
217 CFTypeRef dsid = SOSAccountGetValue(account, kSOSDSIDKey, error);
218
219 if(dsid == NULL)
220 dsid = kCFNull;
221
222 CFStringRef message_to_peer_key = SOSMessageKeyCreateFromTransportToPeer((SOSTransportMessageRef)kvsTransport, peerID);
223
224 CFTypeRef messageToSend = message != NULL ? (CFTypeRef) message : (CFTypeRef) kCFNull;
225 CFDictionaryRef a_message_to_a_peer = CFDictionaryCreateForCFTypes(NULL,
226 message_to_peer_key, messageToSend,
227 kSOSKVSRequiredKey, dsid,
228 NULL);
229
230 if (!SOSTransportMessageKVSUpdateKVS(kvsTransport, a_message_to_a_peer, error)) {
231 secerror("Sync with peers failed to send to %@ [%@], %@", peerID, a_message_to_a_peer, *error);
232 result = false;
233 }
234 CFReleaseNull(a_message_to_a_peer);
235 CFReleaseNull(message_to_peer_key);
236
237 return result;
238 }
239
240 static bool syncWithPeers(SOSTransportMessageRef transport, CFSetRef peers, CFErrorRef *error) {
241 // Each entry is keyed by circle name and contains a list of peerIDs
242 __block bool result = true;
243
244 CFSetForEach(peers, ^(const void *value) {
245 CFStringRef peerID = asString(value, NULL);
246 result &= SOSTransportMessageSendMessageIfNeeded(transport, transport->circleName, peerID, error);
247 });
248
249 return result;
250 }
251
252 static bool sendMessages(SOSTransportMessageRef transport, CFDictionaryRef peersToMessage, CFErrorRef *error) {
253 __block bool result = true;
254
255 CFStringRef circleName = transport->circleName;
256 CFDictionaryForEach(peersToMessage, ^(const void *key, const void *value) {
257 CFStringRef peerID = asString(key, NULL);
258 CFDataRef message = asData(value,NULL);
259 if (peerID && message) {
260 bool rx = sendToPeer(transport, circleName, peerID, message, error);
261 result &= rx;
262 }
263 });
264
265 return true;
266 }
267
268 static bool flushChanges(SOSTransportMessageRef transport, CFErrorRef *error)
269 {
270 return SOSTransportMessageKVSSendPendingChanges((SOSTransportMessageKVSRef) transport, error);
271 }
272
273 static bool cleanupAfterPeer(SOSTransportMessageRef transport, CFDictionaryRef circle_to_peer_ids, CFErrorRef *error)
274 {
275 return SOSTransportMessageKVSCleanupAfterPeerMessages((SOSTransportMessageKVSRef) transport, circle_to_peer_ids, error);
276 }
277
mirror of Security