OSX/libsecurity_keychain/regressions/kc-16-item-update-password.c

   1 /*
   2  * Copyright (c) 2016 Apple Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the xLicense.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23
  24 #import <Security/Security.h>
  25 #import <Security/SecCertificatePriv.h>
  26
  27 #include "keychain_regressions.h"
  28 #include "kc-helpers.h"
  29 #include "kc-item-helpers.h"
  30
  31 static void tests()
  32 {
  33     SecKeychainRef kc = getPopulatedTestKeychain();
  34
  35     CFMutableDictionaryRef query = NULL;
  36     SecKeychainItemRef item = NULL;
  37
  38     // Find passwords
  39     query = makeQueryCustomItemDictionaryWithService(kc, kSecClassInternetPassword, CFSTR("test_service"), CFSTR("test_service"));
  40     item = checkN(testName, query, 1);
  41     readPasswordContents(item, CFSTR("test_password"));  checkPrompts(0, "after reading a password");
  42     changePasswordContents(item, CFSTR("new_password")); checkPrompts(0, "changing a internet password");
  43     readPasswordContents(item, CFSTR("new_password"));   checkPrompts(0, "reading a changed internet password");
  44     CFReleaseNull(item);
  45
  46     query = makeQueryCustomItemDictionaryWithService(kc, kSecClassInternetPassword, CFSTR("test_service_restrictive_acl"), CFSTR("test_service_restrictive_acl"));
  47     item = checkN(testName, query, 1);
  48     readPasswordContentsWithResult(item, errSecAuthFailed, NULL); // we don't expect to be able to read this
  49     checkPrompts(1, "trying to read internet password without access");
  50
  51     changePasswordContents(item, CFSTR("new_password"));
  52     checkPrompts(0, "after changing a internet password without access"); // NOTE: we expect this write to succeed, even though we're not on the ACL. Therefore, we should see 0 prompts for this step.
  53     readPasswordContentsWithResult(item, errSecAuthFailed, NULL); // we don't expect to be able to read this
  54     checkPrompts(1, "after changing a internet password without access");
  55     CFReleaseNull(item);
  56
  57     query = makeQueryCustomItemDictionaryWithService(kc, kSecClassGenericPassword, CFSTR("test_service"), CFSTR("test_service"));
  58     item = checkN(testName, query, 1);
  59     readPasswordContents(item, CFSTR("test_password"));   checkPrompts(0, "after reading a generic password");
  60     changePasswordContents(item, CFSTR("new_password"));  checkPrompts(0, "changing a generic password");
  61     readPasswordContents(item, CFSTR("new_password"));    checkPrompts(0, "after changing a generic password");
  62     CFReleaseNull(item);
  63
  64     query = makeQueryCustomItemDictionaryWithService(kc, kSecClassGenericPassword, CFSTR("test_service_restrictive_acl"), CFSTR("test_service_restrictive_acl"));
  65     item = checkN(testName, query, 1);
  66     readPasswordContentsWithResult(item, errSecAuthFailed, NULL); // we don't expect to be able to read this
  67     checkPrompts(1, "trying to read generic password without access");
  68
  69     changePasswordContents(item, CFSTR("new_password"));
  70     checkPrompts(0, "changing a generic password without access"); // NOTE: we expect this write to succeed, even though we're not on the ACL. Therefore, we should see 0 prompts for this step.
  71     readPasswordContentsWithResult(item, errSecAuthFailed, NULL); // we don't expect to be able to read this
  72     checkPrompts(1, "after changing a generic password without access");
  73     CFReleaseNull(item);
  74
  75     ok_status(SecKeychainDelete(kc), "%s: SecKeychainDelete", testName);
  76     CFReleaseNull(kc);
  77 }
  78 #define numTests (getPopulatedTestKeychainTests + \
  79 checkNTests + readPasswordContentsTests + checkPromptsTests + changePasswordContentsTests + checkPromptsTests + readPasswordContentsTests + checkPromptsTests + \
  80 checkNTests + readPasswordContentsTests + checkPromptsTests + changePasswordContentsTests + checkPromptsTests + readPasswordContentsTests + checkPromptsTests + \
  81 checkNTests + readPasswordContentsTests + checkPromptsTests + changePasswordContentsTests + checkPromptsTests + readPasswordContentsTests + checkPromptsTests + \
  82 checkNTests + readPasswordContentsTests + checkPromptsTests + changePasswordContentsTests + checkPromptsTests + readPasswordContentsTests + checkPromptsTests + \
  83 + 1)
  84
  85 int kc_16_item_update_password(int argc, char *const *argv)
  86 {
  87     plan_tests(numTests);
  88     initializeKeychainTests(__FUNCTION__);
  89
  90     tests();
  91
  92     deleteTestFiles();
  93     return 0;
  94 }