sec/ipc/securityd_client.h

   1 /*
   2  * Copyright (c) 2007-2009,2013 Apple Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23 #ifndef _SECURITYD_CLIENT_H_
  24 #define _SECURITYD_CLIENT_H_
  25
  26 #include <stdint.h>
  27
  28 # include <Security/SecTrust.h>
  29 #ifndef MINIMIZE_INCLUDES
  30 # include <Security/SecTrustStore.h>
  31 # include <Security/SecCertificatePath.h>
  32 #else
  33 typedef struct __SecTrustStore *SecTrustStoreRef;
  34 # ifndef _SECURITY_SECCERTIFICATE_H_
  35 typedef struct __SecCertificate *SecCertificateRef;
  36 # endif // _SECURITY_SECCERTIFICATE_H_
  37 # ifndef _SECURITY_SECCERTIFICATEPATH_H_
  38 typedef struct SecCertificatePath *SecCertificatePathRef;
  39 # endif // _SECURITY_SECCERTIFICATEPATH_H_
  40 #endif // MINIMIZE_INCLUDES
  41
  42 #include <CoreFoundation/CFArray.h>
  43 #include <CoreFoundation/CFDictionary.h>
  44 #include <CoreFoundation/CFError.h>
  45
  46 #include <SecureObjectSync/SOSCloudCircle.h>
  47
  48 #include <xpc/xpc.h>
  49 #include <CoreFoundation/CFXPCBridge.h>
  50
  51 // TODO: This should be in client of XPC code locations...
  52 #if SECITEM_SHIM_OSX
  53 #define kSecuritydXPCServiceName "com.apple.securityd.xpc"
  54 #else
  55 #define kSecuritydXPCServiceName "com.apple.securityd"
  56 #endif // *** END SECITEM_SHIM_OSX ***
  57
  58 //
  59 // MARK: XPC Information.
  60 //
  61
  62 extern CFStringRef sSecXPCErrorDomain;
  63
  64 extern const char *kSecXPCKeyOperation;
  65 extern const char *kSecXPCKeyResult;
  66 extern const char *kSecXPCKeyError;
  67 extern const char *kSecXPCKeyPeerInfos;
  68 extern const char *kSecXPCKeyUserLabel;
  69 extern const char *kSecXPCKeyBackup;
  70 extern const char *kSecXPCKeyKeybag;
  71 extern const char *kSecXPCKeyUserPassword;
  72
  73 //
  74 // MARK: Dispatch macros
  75 //
  76
  77 #define SECURITYD_XPC(sdp, wrapper, ...) ((gSecurityd && gSecurityd->sdp) ? gSecurityd->sdp(__VA_ARGS__) : wrapper(sdp ## _id, __VA_ARGS__))
  78
  79 //
  80 // MARK: Object to XPC format conversion.
  81 //
  82
  83
  84 //
  85 // MARK: XPC Interfaces
  86 //
  87
  88 extern const char *kSecXPCKeyOperation;
  89 extern const char *kSecXPCKeyResult;
  90 extern const char *kSecXPCKeyError;
  91 extern const char *kSecXPCKeyPeerInfos;
  92 extern const char *kSecXPCKeyUserLabel;
  93 extern const char *kSecXPCKeyUserPassword;
  94 extern const char *kSecXPCLimitInMinutes;
  95 extern const char *kSecXPCKeyQuery;
  96 extern const char *kSecXPCKeyAttributesToUpdate;
  97 extern const char *kSecXPCKeyDomain;
  98 extern const char *kSecXPCKeyDigest;
  99 extern const char *kSecXPCKeyCertificate;
 100 extern const char *kSecXPCKeySettings;
 101
 102 //
 103 // MARK: Mach port request IDs
 104 //
 105 enum SecXPCOperation {
 106     sec_item_add_id,
 107     sec_item_copy_matching_id,
 108     sec_item_update_id,
 109     sec_item_delete_id,
 110     // trust_store_for_domain -- NOT an ipc
 111     sec_trust_store_contains_id,
 112     sec_trust_store_set_trust_settings_id,
 113     sec_trust_store_remove_certificate_id,
 114     // remove_all -- NOT an ipc
 115     sec_delete_all_id,
 116     sec_trust_evaluate_id,
 117     sec_keychain_backup_id,
 118     sec_keychain_restore_id,
 119     sec_keychain_sync_update_id,
 120     sec_keychain_backup_syncable_id,
 121     sec_keychain_restore_syncable_id,
 122     sec_ota_pki_asset_version_id,
 123         kSecXPCOpOTAPKIGetNewAsset,
 124         kSecXPCOpOTAGetEscrowCertificates,
 125     kSecXPCOpProcessUnlockNotification,
 126     kSecXPCOpProcessSyncWithAllPeers,
 127     // any process using an operation below here is required to have entitlement keychain-cloud-circle
 128     kSecXPCOpTryUserCredentials,
 129     kSecXPCOpSetUserCredentials,
 130     kSecXPCOpCanAuthenticate,
 131     kSecXPCOpPurgeUserCredentials,
 132     kSecXPCOpDeviceInCircle,
 133     kSecXPCOpRequestToJoin,
 134     kSecXPCOpRequestToJoinAfterRestore,
 135     kSecXPCOpResetToOffering,
 136     kSecXPCOpResetToEmpty,
 137     kSecXPCOpRemoveThisDeviceFromCircle,
 138     kSecXPCOpBailFromCircle,
 139     kSecXPCOpAcceptApplicants,
 140     kSecXPCOpRejectApplicants,
 141     kSecXPCOpCopyApplicantPeerInfo,
 142     kSecXPCOpCopyPeerPeerInfo,
 143     kSecXPCOpCopyConcurringPeerPeerInfo,
 144     kSecXPCOpGetLastDepartureReason,
 145     kSecXPCOpCopyIncompatibilityInfo
 146 };
 147
 148
 149
 150 struct securityd {
 151     bool (*sec_item_add)(CFDictionaryRef attributes, CFArrayRef accessGroups, CFTypeRef *result, CFErrorRef* error);
 152     bool (*sec_item_copy_matching)(CFDictionaryRef query, CFArrayRef accessGroups, CFTypeRef *result, CFErrorRef* error);
 153     bool (*sec_item_update)(CFDictionaryRef query, CFDictionaryRef attributesToUpdate, CFArrayRef accessGroups, CFErrorRef* error);
 154     bool (*sec_item_delete)(CFDictionaryRef query, CFArrayRef accessGroups, CFErrorRef* error);
 155     SecTrustStoreRef (*sec_trust_store_for_domain)(CFStringRef domainName, CFErrorRef* error);       // TODO: remove, has no msg id
 156     bool (*sec_trust_store_contains)(SecTrustStoreRef ts, CFDataRef digest, bool *contains, CFErrorRef* error);
 157     bool (*sec_trust_store_set_trust_settings)(SecTrustStoreRef ts, SecCertificateRef certificate, CFTypeRef trustSettingsDictOrArray, CFErrorRef* error);
 158     bool (*sec_trust_store_remove_certificate)(SecTrustStoreRef ts, CFDataRef digest, CFErrorRef* error);
 159     bool (*sec_truststore_remove_all)(SecTrustStoreRef ts, CFErrorRef* error);                         // TODO: remove, has no msg id
 160     bool (*sec_item_delete_all)(CFErrorRef* error);
 161     SecTrustResultType (*sec_trust_evaluate)(CFArrayRef certificates, CFArrayRef anchors, bool anchorsOnly, CFArrayRef policies, CFAbsoluteTime verifyTime, __unused CFArrayRef accessGroups, CFArrayRef *details, CFDictionaryRef *info, SecCertificatePathRef *chain, CFErrorRef *error);
 162     CFDataRef (*sec_keychain_backup)(CFDataRef keybag, CFDataRef passcode, CFErrorRef* error);
 163     bool (*sec_keychain_restore)(CFDataRef backup, CFDataRef keybag, CFDataRef passcode, CFErrorRef* error);
 164     bool (*sec_keychain_sync_update)(CFDictionaryRef update, CFErrorRef *error);
 165     CFDictionaryRef (*sec_keychain_backup_syncable)(CFDictionaryRef backup_in, CFDataRef keybag, CFDataRef passcode, CFErrorRef* error);
 166     bool (*sec_keychain_restore_syncable)(CFDictionaryRef backup, CFDataRef keybag, CFDataRef passcode, CFErrorRef* error);
 167     int (*sec_ota_pki_asset_version)(CFErrorRef* error);
 168     bool (*soscc_TryUserCredentials)(CFStringRef user_label, CFDataRef user_password, CFErrorRef *error);
 169     bool (*soscc_SetUserCredentials)(CFStringRef user_label, CFDataRef user_password, CFErrorRef *error);
 170     bool (*soscc_CanAuthenticate)(CFErrorRef *error);
 171     bool (*soscc_PurgeUserCredentials)(CFErrorRef *error);
 172     SOSCCStatus (*soscc_ThisDeviceIsInCircle)(CFErrorRef* error);
 173     bool (*soscc_RequestToJoinCircle)(CFErrorRef* error);
 174     bool (*soscc_RequestToJoinCircleAfterRestore)(CFErrorRef* error);
 175     bool (*soscc_ResetToOffering)(CFErrorRef* error);
 176     bool (*soscc_ResetToEmpty)(CFErrorRef* error);
 177     bool (*soscc_RemoveThisDeviceFromCircle)(CFErrorRef* error);
 178     bool (*soscc_BailFromCircle)(uint64_t limit_in_seconds, CFErrorRef* error);
 179     bool (*soscc_AcceptApplicants)(CFArrayRef applicants, CFErrorRef* error);
 180     bool (*soscc_RejectApplicants)(CFArrayRef applicants, CFErrorRef* error);
 181     CFArrayRef (*soscc_CopyApplicantPeerInfo)(CFErrorRef* error);
 182     CFArrayRef (*soscc_CopyPeerInfo)(CFErrorRef* error);
 183     CFArrayRef (*soscc_CopyConcurringPeerInfo)(CFErrorRef* error);
 184     CFStringRef (*soscc_CopyIncompatibilityInfo)(CFErrorRef* error);
 185     enum DepartureReason (*soscc_GetLastDepartureReason)(CFErrorRef* error);
 186         CFArrayRef (*ota_CopyEscrowCertificates)(CFErrorRef* error);
 187         int (*sec_ota_pki_get_new_asset)(CFErrorRef* error);
 188     SyncWithAllPeersReason (*soscc_ProcessSyncWithAllPeers)(CFErrorRef* error);
 189 };
 190
 191 extern struct securityd *gSecurityd;
 192
 193 CFArrayRef SecAccessGroupsGetCurrent(void);
 194
 195 // TODO Rename me
 196 CFStringRef SOSCCGetOperationDescription(enum SecXPCOperation op);
 197 xpc_object_t securityd_message_with_reply_sync(xpc_object_t message, CFErrorRef *error);
 198 xpc_object_t securityd_create_message(enum SecXPCOperation op, CFErrorRef *error);
 199 bool securityd_message_no_error(xpc_object_t message, CFErrorRef *error);
 200
 201
 202 bool securityd_send_sync_and_do(enum SecXPCOperation op, CFErrorRef *error,
 203                                 bool (^add_to_message)(xpc_object_t message, CFErrorRef* error),
 204                                 bool (^handle_response)(xpc_object_t response, CFErrorRef* error));
 205
 206 // For testing only, never call this in a threaded program!
 207 void SecServerSetMachServiceName(const char *name);
 208
 209 #endif /* _SECURITYD_CLIENT_H_ */