+++ /dev/null
-
-#include "SOSAccountPriv.h"
-
-#include <Security/SecureObjectSync/SOSTransportCircle.h>
-#include <Security/SecureObjectSync/SOSTransportMessage.h>
-#include <Security/SecureObjectSync/SOSTransportMessageIDS.h>
-#include <Security/SecureObjectSync/SOSKVSKeys.h>
-#include <Security/SecureObjectSync/SOSTransport.h>
-#include <Security/SecureObjectSync/SOSTransportKeyParameter.h>
-#include <Security/SecureObjectSync/SOSTransportKeyParameterKVS.h>
-
-#include <SOSCircle/CKBridge/SOSCloudKeychainClient.h>
-
-#include <CoreFoundation/CoreFoundation.h>
-
-#include <utilities/SecCFError.h>
-
-// MARK: Engine Logging
-#define LOG_ENGINE_STATE_INTERVAL 20
-
-static void SOSAccountConsiderLoggingEngineState(SOSAccountTransactionRef txn) {
- static int engineLogCountDown = 0;
-
- if(engineLogCountDown <= 0) {
- SOSEngineRef engine = SOSTransportMessageGetEngine(txn->account->kvs_message_transport);
-
- SOSEngineLogState(engine);
- engineLogCountDown = LOG_ENGINE_STATE_INTERVAL;
- } else {
- engineLogCountDown--;
- }
-}
-
-static bool SOSAccountIsThisPeerIDMe(SOSAccountRef account, CFStringRef peerID) {
- SOSPeerInfoRef mypi = SOSFullPeerInfoGetPeerInfo(account->my_identity);
- CFStringRef myPeerID = SOSPeerInfoGetPeerID(mypi);
-
- return myPeerID && CFEqualSafe(myPeerID, peerID);
-}
-
-bool SOSAccountSendIKSPSyncList(SOSAccountRef account, CFErrorRef *error){
- bool result = true;
- __block CFErrorRef localError = NULL;
- __block CFMutableArrayRef ids = NULL;
- SOSCircleRef circle = NULL;
-
- require_action_quiet(SOSAccountIsInCircle(account, NULL), xit,
- SOSCreateError(kSOSErrorNoCircle, CFSTR("This device is not in circle"),
- NULL, &localError));
-
- circle = SOSAccountGetCircle(account, error);
- ids = CFArrayCreateMutableForCFTypes(kCFAllocatorDefault);
-
- SOSCircleForEachValidPeer(circle, account->user_public, ^(SOSPeerInfoRef peer) {
- if (!SOSAccountIsThisPeerIDMe(account, SOSPeerInfoGetPeerID(peer))) {
- if(SOSPeerInfoShouldUseIDSTransport(SOSFullPeerInfoGetPeerInfo(account->my_identity), peer) &&
- SOSPeerInfoShouldUseIDSMessageFragmentation(SOSFullPeerInfoGetPeerInfo(account->my_identity), peer) &&
- !SOSPeerInfoShouldUseACKModel(SOSFullPeerInfoGetPeerInfo(account->my_identity), peer)){
- SOSTransportMessageIDSSetFragmentationPreference(account->ids_message_transport, kCFBooleanTrue);
- CFStringRef deviceID = SOSPeerInfoCopyDeviceID(peer);
- if(deviceID != NULL){
- CFArrayAppendValue(ids, deviceID);
- }
- CFReleaseNull(deviceID);
- }
- }
- });
- require_quiet(CFArrayGetCount(ids) != 0, xit);
- secnotice("IDS Transport", "List of IDS Peers to ping: %@", ids);
-
- SOSCloudKeychainGetIDSDeviceAvailability(ids, SOSAccountGetMyPeerID(account), dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_DEFAULT, 0), ^(CFDictionaryRef returnedValues, CFErrorRef sync_error) {
- bool success = (sync_error == NULL);
- if(!success)
- secerror("Failed to send list of IDS peers to IDSKSP: %@", sync_error);
- });
-xit:
- if(error && *error != NULL)
- secerror("SOSAccountSendIKSPSyncList had an error: %@", *error);
-
- if(localError)
- secerror("SOSAccountSendIKSPSyncList had an error: %@", localError);
-
- CFReleaseNull(ids);
- CFReleaseNull(localError);
-
- return result;
-}
-//
-// MARK: KVS Syncing
-//
-
-static bool SOSAccountSyncWithKVSPeers(SOSAccountTransactionRef txn, CFSetRef peerIDs, CFErrorRef *error) {
- SOSAccountRef account = txn->account;
- CFErrorRef localError = NULL;
- bool result = false;
-
- require_quiet(SOSAccountIsInCircle(account, &localError), xit);
-
- result = SOSTransportMessageSyncWithPeers(account->kvs_message_transport, peerIDs, &localError);
-
- if (result)
- SetCloudKeychainTraceValueForKey(kCloudKeychainNumberOfTimesSyncedWithPeers, 1);
-
-xit:
- if (!result) {
- // Tell account to update SOSEngine with current trusted peers
- if (isSOSErrorCoded(localError, kSOSErrorPeerNotFound)) {
- secnotice("Account", "Arming account to update SOSEngine with current trusted peers");
- account->engine_peer_state_needs_repair = true;
- }
- CFErrorPropagate(localError, error);
- localError = NULL;
- }
- return result;
-
-}
-
-bool SOSAccountSyncWithKVSPeerWithMessage(SOSAccountTransactionRef txn, CFStringRef peerid, CFDataRef message, CFErrorRef *error) {
- SOSAccountRef account = txn->account;
- bool result = false;
- CFErrorRef localError = NULL;
- CFDictionaryRef encapsulatedMessage = NULL;
-
- secnotice("KVS Transport","Syncing with KVS capable peer: %@", peerid);
- secnotice("KVS Transport", "message: %@", message);
-
- require_quiet(message, xit);
- require_quiet(peerid, xit);
-
- encapsulatedMessage = CFDictionaryCreateForCFTypes(kCFAllocatorDefault, peerid, message, NULL);
-
- result = SOSTransportMessageSendMessages(account->kvs_message_transport, encapsulatedMessage, &localError);
- secerror("KVS sync %s. (%@)", result ? "succeeded" : "failed", localError);
-
- SOSAccountConsiderLoggingEngineState(txn);
-
-xit:
- CFReleaseNull(encapsulatedMessage);
- CFErrorPropagate(localError, error);
-
- return result;
-}
-
-
-static bool SOSAccountSyncWithKVSPeer(SOSAccountTransactionRef txn, CFStringRef peerID, CFErrorRef *error)
-{
- bool result = false;
- CFErrorRef localError = NULL;
-
- secnotice("KVS Transport","Syncing with KVS capable peer: %@", peerID);
-
- CFMutableSetRef peerIDs = CFSetCreateMutableForCFTypes(kCFAllocatorDefault);
- CFSetAddValue(peerIDs, peerID);
-
- result = SOSAccountSyncWithKVSPeers(txn, peerIDs, &localError);
- secerror("KVS sync %s. (%@)", result ? "succeeded" : "failed", localError);
-
- CFReleaseNull(peerIDs);
- CFErrorPropagate(localError, error);
-
- return result;
-}
-
-
-static CFMutableArrayRef SOSAccountCopyPeerIDsForDSID(SOSAccountRef account, CFStringRef deviceID, CFErrorRef* error) {
- CFMutableArrayRef peerIDs = CFArrayCreateMutableForCFTypes(kCFAllocatorDefault);
-
- SOSCircleForEachValidPeer(account->trusted_circle, account->user_public, ^(SOSPeerInfoRef peer) {
- CFStringRef peerDeviceID = SOSPeerInfoCopyDeviceID(peer);
- if(peerDeviceID != NULL && CFStringCompare(peerDeviceID, deviceID, 0) == 0){
- CFArrayAppendValue(peerIDs, SOSPeerInfoGetPeerID(peer));
- }
- CFReleaseNull(peerDeviceID);
- });
-
- if (peerIDs == NULL || CFArrayGetCount(peerIDs) == 0) {
- CFReleaseNull(peerIDs);
- SOSErrorCreate(kSOSErrorPeerNotFound, error, NULL, CFSTR("No peer with DSID: %@"), deviceID);
- }
-
- return peerIDs;
-}
-
-static bool SOSAccountSyncWithKVSPeerFromPing(SOSAccountRef account, CFArrayRef peerIDs, CFErrorRef *error) {
-
- CFErrorRef localError = NULL;
- bool result = false;
-
- CFSetRef peerSet = CFSetCreateCopyOfArrayForCFTypes(peerIDs);
- result = SOSTransportMessageSyncWithPeers(account->kvs_message_transport, peerSet, &localError);
-
- CFReleaseNull(peerSet);
-
- return result;
-}
-
-bool SOSAccountSyncWithKVSUsingIDSID(SOSAccountRef account, CFStringRef deviceID, CFErrorRef *error) {
- bool result = false;
- CFErrorRef localError = NULL;
-
- secnotice("KVS Transport","Syncing with KVS capable peer via DSID: %@", deviceID);
-
- CFArrayRef peerIDs = SOSAccountCopyPeerIDsForDSID(account, deviceID, &localError);
- require_quiet(peerIDs, xit);
-
- CFStringArrayPerfromWithDescription(peerIDs, ^(CFStringRef peerIDList) {
- secnotice("KVS Transport", "Syncing with KVS capable peers: %@", peerIDList);
- });
-
- result = SOSAccountSyncWithKVSPeerFromPing(account, peerIDs, &localError);
- secerror("KVS sync %s. (%@)", result ? "succeeded" : "failed", localError);
-
-xit:
- CFReleaseNull(peerIDs);
- CFErrorPropagate(localError, error);
-
- return result;
-}
-
-static __nonnull CF_RETURNS_RETAINED CFSetRef SOSAccountSyncWithPeersOverKVS(SOSAccountTransactionRef txn, CFSetRef peers) {
- CFMutableSetRef handled = CFSetCreateMutableForCFTypes(kCFAllocatorDefault);
-
- CFSetForEach(peers, ^(const void *value) {
- CFStringRef peerID = asString(value, NULL);
- CFErrorRef localError = NULL;
- if (peerID && SOSAccountSyncWithKVSPeer(txn, peerID, &localError)) {
- CFSetAddValue(handled, peerID);
- secnotice("KVS Transport", "synced with peer: %@", peerID);
- } else {
- secnotice("KVS Transport", "failed to sync with peer: %@ error: %@", peerID, localError);
- }
- });
-
- return handled;
-}
-
-static __nonnull CF_RETURNS_RETAINED CFSetRef SOSAccountSyncWithPeersOverIDS(SOSAccountTransactionRef txn, __nonnull CFSetRef peers) {
- CFErrorRef localError = NULL;
-
- CFStringSetPerformWithDescription(peers, ^(CFStringRef peerDescription) {
- secnotice("IDS Transport","Syncing with IDS capable peers: %@", peerDescription);
- });
-
- // We should change this to return a set of peers we succeeded with, but for now assume they all worked.
- bool result = SOSTransportMessageSyncWithPeers(txn->account->ids_message_transport, peers, &localError);
- secnotice("IDS Transport", "IDS Sync result: %d", result);
-
- return CFRetainSafe(peers);
-}
-
-static CF_RETURNS_RETAINED CFMutableSetRef SOSAccountSyncWithPeers(SOSAccountTransactionRef txn, CFSetRef /* CFStringRef */ peerIDs, CFErrorRef *error) {
- CFMutableSetRef notMePeers = NULL;
- CFMutableSetRef handledPeerIDs = NULL;
- CFMutableSetRef peersForIDS = NULL;
- CFMutableSetRef peersForKVS = NULL;
-
- SOSAccountRef account = txn->account;
-
- require_action_quiet(SOSAccountIsInCircle(account, error), done,
- handledPeerIDs = CFSetCreateMutableCopy(kCFAllocatorDefault, 0, peerIDs));
-
- // Kick getting our device ID if we don't have it, and find out if we're setup to use IDS.
- bool canUseIDS = SOSTransportMessageIDSGetIDSDeviceID(account);
-
- handledPeerIDs = CFSetCreateMutableForCFTypes(kCFAllocatorDefault);
- peersForIDS = CFSetCreateMutableForCFTypes(kCFAllocatorDefault);
- peersForKVS = CFSetCreateMutableForCFTypes(kCFAllocatorDefault);
-
- SOSPeerInfoRef myPeerInfo = SOSAccountGetMyPeerInfo(account);
- require(myPeerInfo, done);
-
- CFStringRef myPeerID = SOSPeerInfoGetPeerID(myPeerInfo);
-
- notMePeers = CFSetCreateMutableCopy(kCFAllocatorDefault, 0, peerIDs);
- CFSetRemoveValue(notMePeers, myPeerID);
-
- if(!SOSAccountSendIKSPSyncList(account, error)){
- if(error != NULL)
- secnotice("IDS Transport", "Did not send list of peers to ping (pre-E): %@", *error);
- }
-
- CFSetForEach(notMePeers, ^(const void *value) {
- CFErrorRef localError = NULL;
- CFStringRef peerID = asString(value, &localError);
- SOSPeerInfoRef peerInfo = NULL;
-
- require_quiet(peerID, skip);
-
- peerInfo = SOSCircleCopyPeerWithID(account->trusted_circle, peerID, NULL);
- if (peerInfo && SOSCircleHasValidSyncingPeer(account->trusted_circle, peerInfo, account->user_public, NULL)) {
- if (canUseIDS && SOSPeerInfoShouldUseIDSTransport(myPeerInfo, peerInfo) && SOSPeerInfoShouldUseACKModel(myPeerInfo, peerInfo)) {
- CFSetAddValue(peersForIDS, peerID);
- } else {
- CFSetAddValue(peersForKVS, peerID);
- }
- } else {
- CFSetAddValue(handledPeerIDs, peerID);
- }
-
- skip:
- CFReleaseNull(peerInfo);
- if (localError) {
- secnotice("sync-with-peers", "Skipped peer ID: %@ due to %@", peerID, localError);
- }
- CFReleaseNull(localError);
- });
-
- CFSetRef handledIDSPeerIDs = SOSAccountSyncWithPeersOverIDS(txn, peersForIDS);
- CFSetUnion(handledPeerIDs, handledIDSPeerIDs);
- CFReleaseNull(handledIDSPeerIDs);
-
- CFSetRef handledKVSPeerIDs = SOSAccountSyncWithPeersOverKVS(txn, peersForKVS);
- CFSetUnion(handledPeerIDs, handledKVSPeerIDs);
- CFReleaseNull(handledKVSPeerIDs);
-
- SOSAccountConsiderLoggingEngineState(txn);
-
-done:
- CFReleaseNull(notMePeers);
- CFReleaseNull(peersForIDS);
- CFReleaseNull(peersForKVS);
- return handledPeerIDs;
-}
-
-bool SOSAccountClearPeerMessageKey(SOSAccountTransactionRef txn, CFStringRef peerID, CFErrorRef *error)
-{
- SOSAccountRef account = txn->account;
-
- secnotice("IDS Transport", "clearing peer message for %@", peerID);
- CFTypeRef dsid = SOSAccountGetValue(account, kSOSDSIDKey, error);
-
- if(dsid == NULL)
- dsid = kCFNull;
-
- CFStringRef message_to_peer_key = SOSMessageKeyCreateFromTransportToPeer(account->kvs_message_transport, peerID);
- CFDictionaryRef a_message_to_a_peer = CFDictionaryCreateForCFTypes(NULL, message_to_peer_key, kCFNull, kSOSKVSRequiredKey, dsid, NULL);
-
- CloudKeychainReplyBlock log_error = ^(CFDictionaryRef returnedValues __unused, CFErrorRef block_error) {
- if (block_error) {
- secerror("Error putting: %@", block_error);
- }
- };
-
- SOSCloudKeychainPutObjectsInCloud(a_message_to_a_peer, dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_DEFAULT, 0), log_error);
-
- CFReleaseNull(a_message_to_a_peer);
- CFReleaseNull(message_to_peer_key);
-
- return true;
-}
-
-CF_RETURNS_RETAINED CFSetRef SOSAccountProcessSyncWithPeers(SOSAccountTransactionRef txn, CFSetRef /* CFStringRef */ peers, CFSetRef /* CFStringRef */ backupPeers, CFErrorRef *error)
-{
- CFErrorRef localError = NULL;
- CFMutableSetRef handled = SOSAccountSyncWithPeers(txn, peers, &localError);
-
- SOSTransportMessageIDSGetIDSDeviceID(txn->account);
-
- if (!handled) {
- secnotice("account-sync", "Peer Sync failed: %@", localError);
- handled = CFSetCreateMutableForCFTypes(kCFAllocatorDefault);
- }
- CFReleaseNull(localError);
-
- SOSEngineRef engine = SOSTransportMessageGetEngine(txn->account->kvs_message_transport);
- CFSetRef engineHandled = SOSEngineSyncWithBackupPeers(engine, backupPeers, error);
-
- if (engineHandled) {
- CFSetUnion(handled, engineHandled);
- } else {
- secnotice("account-sync", "Engine Backup Sync failed: %@", localError);
- }
- CFReleaseNull(localError);
- CFReleaseNull(engineHandled);
-
- return handled;
-}
-
-bool SOSAccountRequestSyncWithAllPeers(SOSAccountTransactionRef txn, CFErrorRef *error)
-{
- bool success = false;
- CFMutableSetRef allSyncingPeers = NULL;
-
- require_quiet(SOSAccountIsInCircle(txn->account, error), xit);
-
- SOSTransportMessageIDSGetIDSDeviceID(txn->account);
-
- allSyncingPeers = CFSetCreateMutableForCFTypes(kCFAllocatorDefault);
-
- SOSCircleForEachValidSyncingPeer(txn->account->trusted_circle, txn->account->user_public, ^(SOSPeerInfoRef peer) {
- CFSetAddValue(allSyncingPeers, SOSPeerInfoGetPeerID(peer));
- });
-
- SOSAccountTransactionAddSyncRequestForAllPeerIDs(txn, allSyncingPeers);
-
- success = true;
-
-xit:
- CFReleaseNull(allSyncingPeers);
- return success;
-}
-
-//
-// MARK: Syncing status functions
-//
-bool SOSAccountMessageFromPeerIsPending(SOSAccountTransactionRef txn, SOSPeerInfoRef peer, CFErrorRef *error) {
- bool success = false;
- require_quiet(SOSAccountIsInCircle(txn->account, error), xit);
-
- // This translation belongs inside KVS..way down in CKD, but for now we reach over and do it here.
- CFStringRef peerMessage = SOSMessageKeyCreateFromPeerToTransport(txn->account->kvs_message_transport, SOSPeerInfoGetPeerID(peer));
-
- success = SOSCloudKeychainHasPendingKey(peerMessage, error);
-
-xit:
- return success;
-}
-
-bool SOSAccountSendToPeerIsPending(SOSAccountTransactionRef txn, SOSPeerInfoRef peer, CFErrorRef *error) {
- bool success = false;
- require_quiet(SOSAccountIsInCircle(txn->account, error), xit);
-
- success = SOSCCIsSyncPendingFor(SOSPeerInfoGetPeerID(peer), error);
-xit:
- return success;
-
-
-}
projects / apple / security.git / blobdiff