#include <Security/SecureObjectSync/SOSPeerInfo.h>
#include <Security/SecureObjectSync/SOSPeerInfoInternal.h>
#include <Security/SecureObjectSync/SOSUserKeygen.h>
+#include <Security/SecureObjectSync/SOSAccountTransaction.h>
#include <utilities/iCloudKeychainTrace.h>
#include <Security/SecItemPriv.h>
-// TODO: Make this happier.
-#define ENABLE_V2_BACKUP 0
+extern const CFStringRef kSOSRecoveryRing;
struct __OpaqueSOSAccount {
CFRuntimeBase _base;
SOSFullPeerInfoRef my_identity;
SOSCircleRef trusted_circle;
+
+ CFStringRef deviceID;
- CFMutableDictionaryRef trusted_rings;
CFMutableDictionaryRef backups;
CFMutableSetRef retirees;
// Non-persistent data
dispatch_queue_t queue;
- CFMutableDictionaryRef notification_cleanups;
SOSDataSourceFactoryRef factory;
SecKeyRef _user_private;
CFDataRef _password_tmp;
+ bool isListeningForSync;
+
dispatch_source_t user_private_timer;
int lock_notification_token;
SOSTransportMessageRef ids_message_transport;
//indicates if changes in circle, rings, or retirements need to be pushed
- bool circle_rings_retirements_need_attention;
+ bool circle_rings_retirements_need_attention;
+ bool engine_peer_state_needs_repair;
+ bool key_interests_need_updating;
// Live Notification
CFMutableArrayRef change_blocks;
+ CFMutableDictionaryRef waitForInitialSync_blocks;
+
+ SOSAccountSaveBlock saveBlock;
};
+extern const CFStringRef kSOSEscrowRecord;
+extern const CFStringRef kSOSTestV2Settings;
SOSAccountRef SOSAccountCreateBasic(CFAllocatorRef allocator,
CFDictionaryRef gestalt,
bool SOSAccountIsMyPeerActive(SOSAccountRef account, CFErrorRef* error);
-SOSTransportMessageRef SOSAccountGetMessageTransportFor(SOSAccountRef account, SOSPeerInfoRef peerInfo);
+// MARK: Notifications
+
+#define kSecServerPeerInfoAvailable "com.apple.security.fpiAvailable"
+
+
+// MARK: Getters and Setters
+
+// UUID, no setter just getter and ensuring value.
+void SOSAccountEnsureUUID(SOSAccountRef account);
+CFStringRef SOSAccountCopyUUID(SOSAccountRef account);
+
+
+// MARK: Transactional
+
+void SOSAccountWithTransaction_Locked(SOSAccountRef account, void (^action)(SOSAccountRef account, SOSAccountTransactionRef txn));
+
+void SOSAccountWithTransaction(SOSAccountRef account, bool sync, void (^action)(SOSAccountRef account, SOSAccountTransactionRef txn));
+void SOSAccountWithTransactionSync(SOSAccountRef account, void (^action)(SOSAccountRef account, SOSAccountTransactionRef txn));
+void SOSAccountWithTransactionAsync(SOSAccountRef account, bool sync, void (^action)(SOSAccountRef account, SOSAccountTransactionRef txn));
+
+void SOSAccountRecordRetiredPeersInCircle(SOSAccountRef account);
// MARK: In Sync checking
+CF_RETURNS_RETAINED CFStringRef SOSAccountCallWhenInSync(SOSAccountRef account, SOSAccountWaitForInitialSyncBlock syncBlock);
+bool SOSAccountUnregisterCallWhenInSync(SOSAccountRef account, CFStringRef id);
+
+bool SOSAccountHandleOutOfSyncUpdate(SOSAccountRef account, CFSetRef oldOOSViews, CFSetRef newOOSViews);
+
+void SOSAccountUpdateOutOfSyncViews(SOSAccountTransactionRef aTxn, CFSetRef viewsInSync);
+
void SOSAccountEnsureSyncChecking(SOSAccountRef account);
void SOSAccountCancelSyncChecking(SOSAccountRef account);
-bool SOSAccountCheckHasBeenInSync(SOSAccountRef account);
-void SOSAccountCleanupNotificationForAllPeers(SOSAccountRef account);
+bool SOSAccountCheckForAlwaysOnViews(SOSAccountRef account);
+
+CFMutableSetRef SOSAccountCopyOutstandingViews(SOSAccountRef account);
+CFMutableSetRef SOSAccountCopyIntersectionWithOustanding(SOSAccountRef account, CFSetRef inSet);
+bool SOSAccountIntersectsWithOutstanding(SOSAccountRef account, CFSetRef views);
+bool SOSAccountIsViewOutstanding(SOSAccountRef account, CFStringRef view);
+bool SOSAccountHasOustandingViews(SOSAccountRef account);
// MARK: DER Stuff
bool SOSAccountIsMyPeerInBackupAndCurrentInView(SOSAccountRef account, CFStringRef viewname);
bool SOSAccountUpdateOurPeerInBackup(SOSAccountRef account, SOSRingRef oldRing, CFErrorRef *error);
bool SOSAccountIsPeerInBackupAndCurrentInView(SOSAccountRef account, SOSPeerInfoRef testPeer, CFStringRef viewname);
+bool SOSDeleteV0Keybag(CFErrorRef *error);
+void SOSAccountForEachBackupView(SOSAccountRef account, void (^operation)(const void *value));
+bool SOSAccountUpdatePeerInfo(SOSAccountRef account, CFStringRef updateDescription, CFErrorRef *error, bool (^update)(SOSFullPeerInfoRef fpi, CFErrorRef *error));
// Currently permitted backup rings.
-void SOSAccountForEachBackupRingName(SOSAccountRef account, void (^operation)(CFStringRef value));
+void SOSAccountForEachRingName(SOSAccountRef account, void (^operation)(CFStringRef value));
// My Circle
bool SOSAccountHasCircle(SOSAccountRef account, CFErrorRef* error);
bool SOSAccountModifyCircle(SOSAccountRef account,
CFErrorRef* error,
bool (^action)(SOSCircleRef circle));
+CFSetRef SOSAccountCopyPeerSetMatching(SOSAccountRef account, bool (^action)(SOSPeerInfoRef peer));
void AppendCircleKeyName(CFMutableArrayRef array, CFStringRef name);
bool SOSAccountEnsureFullPeerAvailable(SOSAccountRef account, CFErrorRef * error);
bool SOSAccountIsAccountIdentity(SOSAccountRef account, SOSPeerInfoRef peer_info, CFErrorRef *error);
-
+bool SOSAccountFullPeerInfoVerify(SOSAccountRef account, SecKeyRef privKey, CFErrorRef *error);
SOSPeerInfoRef GenerateNewCloudIdentityPeerInfo(CFErrorRef *error);
// Credentials
CFDataRef *newParameters, CFErrorRef* error);
//DSID
-bool SOSAccountUpdateDSID(SOSAccountRef account, CFStringRef dsid);
+void SOSAccountAssertDSID(SOSAccountRef account, CFStringRef dsid);
//
// Key extraction
// Testing
void SOSAccountSetLastDepartureReason(SOSAccountRef account, enum DepartureReason reason);
void SOSAccountSetUserPublicTrustedForTesting(SOSAccountRef account);
+void SOSAccountPeerGotInSync(SOSAccountTransactionRef aTxn, CFStringRef peerID, CFSetRef views);
static inline void CFArrayAppendValueIfNot(CFMutableArrayRef array, CFTypeRef value, CFTypeRef excludedValue)
{
void SOSAccountPurgeIdentity(SOSAccountRef account);
bool sosAccountLeaveCircle(SOSAccountRef account, SOSCircleRef circle, CFErrorRef* error);
bool sosAccountLeaveRing(SOSAccountRef account, SOSRingRef ring, CFErrorRef* error);
-CFMutableDictionaryRef SOSAccountGetRings(SOSAccountRef a, CFErrorRef *error);
+void SOSAccountAddRingDictionary(SOSAccountRef a);
+bool SOSAccountForEachRing(SOSAccountRef account, SOSRingRef (^action)(CFStringRef name, SOSRingRef ring));
CFMutableDictionaryRef SOSAccountGetBackups(SOSAccountRef a, CFErrorRef *error);
bool SOSAccountUpdateBackUp(SOSAccountRef account, CFStringRef viewname, CFErrorRef *error);
+bool SOSAccountEnsureInBackupRings(SOSAccountRef account);
bool SOSAccountEnsurePeerRegistration(SOSAccountRef account, CFErrorRef *error);
-extern CFIndex whichTransportType;
extern const CFStringRef kSOSDSIDKey;
-extern const CFStringRef SOSTransportMessageTypeIDS;
+extern const CFStringRef SOSTransportMessageTypeIDSV2;
extern const CFStringRef SOSTransportMessageTypeKVS;
extern const CFStringRef kSOSUnsyncedViewsKey;
+extern const CFStringRef kSOSPendingEnableViewsToBeSetKey;
+extern const CFStringRef kSOSPendingDisableViewsToBeSetKey;
+extern const CFStringRef kSOSRecoveryKey;
+extern const CFStringRef kSOSAccountUUID;
typedef enum{
+ kSOSTransportNone = 0,
kSOSTransportIDS = 1,
kSOSTransportKVS = 2,
kSOSTransportFuture = 3,
SOSPeerInfoRef SOSAccountCopyPeerWithID(SOSAccountRef account, CFStringRef peerid, CFErrorRef *error);
-bool SOSAccountSetValue(SOSAccountRef account, const void *key, const void *value, CFErrorRef *error);
-bool SOSAccountClearValue(SOSAccountRef account, const void *key, CFErrorRef *error);
-const void *SOSAccountGetValue(SOSAccountRef account, const void *key, CFErrorRef *error);
+// MARK: Value setting/clearing
+bool SOSAccountSetValue(SOSAccountRef account, CFStringRef key, CFTypeRef value, CFErrorRef *error);
+bool SOSAccountClearValue(SOSAccountRef account, CFStringRef key, CFErrorRef *error);
+CFTypeRef SOSAccountGetValue(SOSAccountRef account, CFStringRef key, CFErrorRef *error);
+
+// MARK: Value as Set
+bool SOSAccountValueSetContainsValue(SOSAccountRef account, CFStringRef key, CFTypeRef value);
+void SOSAccountValueUnionWith(SOSAccountRef account, CFStringRef key, CFSetRef valuesToUnion);
+void SOSAccountValueSubtractFrom(SOSAccountRef account, CFStringRef key, CFSetRef valuesToSubtract);
+
+bool SOSAccountAddEscrowToPeerInfo(SOSAccountRef account, SOSFullPeerInfoRef myPeer, CFErrorRef *error);
+bool SOSAccountAddEscrowRecords(SOSAccountRef account, CFStringRef dsid, CFDictionaryRef record, CFErrorRef *error);
bool SOSAccountCheckForRings(SOSAccountRef a, CFErrorRef *error);
bool SOSAccountHandleUpdateRing(SOSAccountRef account, SOSRingRef prospective_ring, bool writeUpdate, CFErrorRef *error);
-SOSRingRef SOSAccountGetRing(SOSAccountRef a, CFStringRef ringName, CFErrorRef *error);
+SOSRingRef SOSAccountCopyRing(SOSAccountRef a, CFStringRef ringName, CFErrorRef *error);
+bool SOSAccountSetRing(SOSAccountRef a, SOSRingRef ring, CFStringRef ringName, CFErrorRef *error);
+void SOSAccountRemoveRing(SOSAccountRef a, CFStringRef ringName);
+SOSRingRef SOSAccountCopyRingNamed(SOSAccountRef a, CFStringRef ringName, CFErrorRef *error);
SOSRingRef SOSAccountRingCreateForName(SOSAccountRef a, CFStringRef ringName, CFErrorRef *error);
-bool SOSAccountEnsureRings(SOSAccountRef a, CFErrorRef *error);
bool SOSAccountUpdateRingFromRemote(SOSAccountRef account, SOSRingRef newRing, CFErrorRef *error);
bool SOSAccountUpdateRing(SOSAccountRef account, SOSRingRef newRing, CFErrorRef *error);
bool SOSAccountModifyRing(SOSAccountRef account, CFStringRef ringName,
CFErrorRef* error,
bool (^action)(SOSRingRef ring));
-CFDataRef SOSAccountRingGetPayload(SOSAccountRef account, CFStringRef ringName, CFErrorRef *error);
+CFDataRef SOSAccountRingCopyPayload(SOSAccountRef account, CFStringRef ringName, CFErrorRef *error);
SOSRingRef SOSAccountRingCopyWithPayload(SOSAccountRef account, CFStringRef ringName, CFDataRef payload, CFErrorRef *error);
bool SOSAccountRemoveBackupPeers(SOSAccountRef account, CFArrayRef peerIDs, CFErrorRef *error);
+bool SOSAccountResetRing(SOSAccountRef account, CFStringRef ringName, CFErrorRef *error);
+bool SOSAccountResetAllRings(SOSAccountRef account, CFErrorRef *error);
+bool SOSAccountCheckPeerAvailability(SOSAccountRef account, CFErrorRef *error);
+bool SOSAccountUpdateNamedRing(SOSAccountRef account, CFStringRef ringName, CFErrorRef *error,
+ SOSRingRef (^create)(CFStringRef ringName, CFErrorRef *error),
+ SOSRingRef (^copyModified)(SOSRingRef existing, CFErrorRef *error));
//
// MARK: Backup translation functions
CFStringRef SOSBackupCopyRingNameForView(CFStringRef viewName);
+//
+// Security tool test/debug functions
+//
+
+CFDataRef SOSAccountCopyAccountStateFromKeychain(CFErrorRef *error);
+bool SOSAccountDeleteAccountStateFromKeychain(CFErrorRef *error);
+CFDataRef SOSAccountCopyEngineStateFromKeychain(CFErrorRef *error);
+bool SOSAccountDeleteEngineStateFromKeychain(CFErrorRef *error);
+
+bool SOSAccountIsNew(SOSAccountRef account, CFErrorRef *error);
+
+
#endif
projects / apple / security.git / blobdiff