--- /dev/null
+//
+// SOSAuthKitHelpers.m
+// Security
+//
+// Created by murf on 6/19/18.
+//
+
+#import <Foundation/Foundation.h>
+#import "SOSAuthKitHelpers.h"
+#import <utilities/debugging.h>
+#import <Security/SecureObjectSync/SOSAccount.h>
+#import <Security/SecureObjectSync/SOSAccountPriv.h>
+#import <Security/SecureObjectSync/SOSFullPeerInfo.h>
+#import <Security/SecureObjectSync/SOSPeerInfoV2.h>
+#import <Security/SecureObjectSync/SOSPeerInfoPriv.h>
+
+#if !TARGET_OS_BRIDGE && !TARGET_OS_SIMULATOR
+#import <AppleAccount/AppleAccount_Private.h>
+#import <AuthKit/AuthKit.h>
+#import <AuthKit/AuthKit_Private.h>
+
+#define SUPPORT_MID 1
+#endif
+
+@implementation SOSAuthKitHelpers
+
+#if SUPPORT_MID
+
+SOFT_LINK_FRAMEWORK(PrivateFrameworks, AuthKit);
+SOFT_LINK_FRAMEWORK(Frameworks, Accounts);
+
+#pragma clang diagnostic push
+#pragma clang diagnostic ignored "-Wstrict-prototypes"
+SOFT_LINK_CLASS(AuthKit, AKAccountManager);
+SOFT_LINK_CLASS(AuthKit, AKAnisetteProvisioningController);
+SOFT_LINK_CLASS(AuthKit, AKAppleIDAuthenticationController);
+SOFT_LINK_CLASS(AuthKit, AKDeviceListRequestContext);
+SOFT_LINK_CLASS(Accounts, Accounts);
+SOFT_LINK_CLASS(Accounts, ACAccountStore);
+SOFT_LINK_CONSTANT(AuthKit, AKServiceNameiCloud, const NSString *);
+#pragma clang diagnostic pop
+
+
+
++ (NSString *) machineID {
+ NSError *error = nil;
+ NSString *retval = nil;
+ secnotice("sosauthkit", "Entering machineID");
+
+ AKAnisetteProvisioningController *anisetteController = [getAKAnisetteProvisioningControllerClass() new];
+ if(anisetteController) {
+ AKAnisetteData *anisetteData = [anisetteController anisetteDataWithError:&error];
+ if (anisetteData) {
+ retval = [anisetteData.machineID copy];
+ if(retval) {
+ secnotice("sosauthkit", "machineID is %@", retval);
+ } else {
+ secnotice("sosauthkit", "Failed to get machineID");
+ }
+ } else {
+ secnotice("sosauthkit", "can't get mID: %@", error);
+ }
+ } else {
+ secnotice("sosauthkit", "can't get controller");
+ }
+ return retval;
+}
+
++ (bool) peerinfoHasMID: (SOSAccount *) account {
+ SOSPeerInfoRef pi = SOSFullPeerInfoGetPeerInfo(account.fullPeerInfo);
+ if(!pi) return false;
+ return SOSPeerInfoV2DictionaryHasString(pi, sMachineIDKey);
+}
+
++ (bool) updateMIDInPeerInfo: (SOSAccount *) account {
+ NSString *mid = [SOSAuthKitHelpers machineID];
+ if(!mid) return true;
+ CFErrorRef error = NULL;
+ SOSAccountSetValue(account, sMachineIDKey, (__bridge CFStringRef)mid, &error);
+ bool peerUpdated = SOSAccountUpdatePeerInfoAndPush(account, CFSTR("Add Machine ID"), &error, ^bool(SOSPeerInfoRef pi, CFErrorRef *error) {
+ if(SOSPeerInfoV2DictionaryHasString(pi, sMachineIDKey)) {
+ return false;
+ }
+ secnotice("sosauthkit", "Setting PeerInfo MID to %@", mid);
+ SOSPeerInfoV2DictionarySetValue(pi, sMachineIDKey, (__bridge CFStringRef)mid);
+ return true;
+ });
+ if(!peerUpdated) {
+ secnotice("sosauthkit", "Failed to record MID in PeerInfo: %@", error);
+ }
+ CFReleaseNull(error);
+ return peerUpdated;
+}
+
++ (void)activeMIDs:(void(^_Nonnull)(NSSet *activeMIDs, NSError *error))complete {
+ AKDeviceListRequestContext *context;
+ ACAccount *primaryAccount;
+
+ ACAccountStore *store = [getACAccountStoreClass() new];
+ if(!store) {
+ complete(NULL, [NSError errorWithDomain:(__bridge NSString *)kSecErrorDomain code:errSecParam userInfo:@{NSLocalizedDescriptionKey : @"can't get store"}]);
+ return;
+ }
+ primaryAccount = [store aa_primaryAppleAccount];
+ if(!primaryAccount) {
+ secnotice("sosauthkit", "can't get account");
+ complete(NULL, [NSError errorWithDomain:(__bridge NSString *)kSecErrorDomain code:errSecParam userInfo:@{NSLocalizedDescriptionKey : @"no primary account"}]);
+ return;
+ }
+
+ context = [getAKDeviceListRequestContextClass() new];
+ if (context == NULL) {
+ complete(NULL, [NSError errorWithDomain:(__bridge NSString *)kSecErrorDomain code:errSecParam userInfo:@{NSLocalizedDescriptionKey : @"can't get AKDeviceListRequestContextClass"}]);
+ return;
+ }
+ context.altDSID = primaryAccount.aa_altDSID;
+ context.services = @[ getAKServiceNameiCloud() ];
+
+ AKAppleIDAuthenticationController *authController = [getAKAppleIDAuthenticationControllerClass() new];
+ if(!authController) {
+ complete(NULL, [NSError errorWithDomain:(__bridge NSString *)kSecErrorDomain code:errSecParam userInfo:@{NSLocalizedDescriptionKey : @"can't get authController"}]);
+ return;
+ }
+
+ [authController fetchDeviceListWithContext:context completion:^(NSArray<AKRemoteDevice *> *deviceList, NSError *error) {
+ NSMutableSet *mids = [[NSMutableSet alloc] init];
+ if (deviceList != nil) {
+ for (AKRemoteDevice *device in deviceList) {
+ [mids addObject:device.machineId];
+ }
+ } else {
+ secnotice("sosauthkit", "got no mIDs: %@", error);
+ }
+ if([mids count] == 0) {
+ secnotice("sosauthkit", "found not devices in account");
+ mids = nil;
+ }
+
+ complete(mids, error);
+ }];
+}
+
+
+#else /* TARGET_OS_BRIDGE || TARGET_OS_SIMULATOR */
+
++ (NSString *) machineID {
+ return nil;
+}
+
++ (void)activeMIDs:(void(^_Nonnull)(NSSet *activeMIDs, NSError *error))complete {
+ complete(NULL, NULL);
+}
+
++ (bool) updateMIDInPeerInfo: (SOSAccount *) account {
+ return true;
+}
+
++ (bool) peerinfoHasMID: (SOSAccount *) account {
+ return false;
+}
+
+#endif
+
+@end
+
projects / apple / security.git / blobdiff