-/*
- * Copyright (c) 2012,2014 Apple Inc. All Rights Reserved.
- *
- * @APPLE_LICENSE_HEADER_START@
- *
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this
- * file.
- *
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- *
- * @APPLE_LICENSE_HEADER_END@
- */
-
-//
-// ckdxpcclient.c
-// ckd-xpc
-//
-
-/*
- This XPC service is essentially just a proxy to iCloud KVS, which exists since
- the main security code cannot link against Foundation.
-
- See sendTSARequestWithXPC in tsaSupport.c for how to call the service
-
- The client of an XPC service does not get connection events, nor does it
- need to deal with transactions.
-*/
-
-//------------------------------------------------------------------------------------------------
-
-#include <AssertMacros.h>
-
-#include <xpc/xpc.h>
-#include <CoreFoundation/CoreFoundation.h>
-#include <CoreFoundation/CFXPCBridge.h>
-#include <sysexits.h>
-#include <syslog.h>
-
-#include <utilities/debugging.h>
-#include <utilities/SecCFWrappers.h>
-
-#include "CKConstants.h"
-
-#define __CKDXPC_CLIENT_PRIVATE_INDIRECT__ 1
-#include "CKClient.h"
-
-
-#define pdebug(format...) secerror(format)
-
-#define verboseCKDDebugging 1
-
-#ifndef NDEBUG
- #define xpdebug(format...) \
- do { \
- if (verboseCKDDebugging) \
- printf(format); \
- } while (0)
-#else
- //empty
- #define xpdebug(format...)
-#endif
-
-
-static xpc_connection_t serviceConnection = NULL;
-static dispatch_queue_t xpc_queue = NULL;
-static CloudKeychainReplyBlock itemsChangedBlock;
-
-static bool handle_xpc_event(const xpc_connection_t peer, xpc_object_t event);
-static bool xpc_event_filter(const xpc_connection_t peer, xpc_object_t event, CFErrorRef *error);
-
-// extern CFTypeRef _CFXPCCreateCFObjectFromXPCObject(xpc_object_t xo);
-// extern xpc_object_t _CFXPCCreateXPCObjectFromCFObject(CFTypeRef cf);
-
-// Debug
-static void describeXPCObject(char *prefix, xpc_object_t object);
-void describeXPCType(char *prefix, xpc_type_t xtype);
-
-static CFStringRef sErrorDomain = CFSTR("com.apple.security.cloudkeychain");
-
-enum {
- kSOSObjectMallocFailed = 1,
- kAddDuplicateEntry,
- kSOSObjectNotFoundError = 1,
- kSOSObjectCantBeConvertedToXPCObject,
- kSOSOUnexpectedConnectionEvent,
- kSOSOUnexpectedXPCEvent,
- kSOSConnectionNotOpen
-};
-
-#define WANTXPCREPLY 0
-
-#pragma mark ----- utilities -----
-
-static CFErrorRef makeError(CFIndex which)
-{
- CFDictionaryRef userInfo = NULL;
- return CFErrorCreate(kCFAllocatorDefault, sErrorDomain, which, userInfo);
-}
-
-#pragma mark ----- SPI -----
-
-void initXPCConnection()
-{
- pdebug("initXPCConnection\n");
-
- xpc_queue = dispatch_queue_create(xpcServiceName, DISPATCH_QUEUE_SERIAL);
-
- serviceConnection = xpc_connection_create_mach_service(xpcServiceName, xpc_queue, 0);
-
-// serviceConnection = xpc_connection_create(xpcServiceName, xpc_queue);
- pdebug("serviceConnection: %p\n", serviceConnection);
-
- xpc_connection_set_event_handler(serviceConnection, ^(xpc_object_t event)
- {
- pdebug("xpc_connection_set_event_handler\n");
- handle_xpc_event(serviceConnection, event);
- });
-
- xpc_connection_resume(serviceConnection);
- xpc_retain(serviceConnection);
-}
-
-void closeXPCConnection()
-{
- pdebug("closeXPCConnection\n");
- xpc_release(serviceConnection);
-}
-
-void setItemsChangedBlock(CloudKeychainReplyBlock icb)
-{
- if (icb != itemsChangedBlock)
- {
- if (itemsChangedBlock)
- Block_release(itemsChangedBlock);
- itemsChangedBlock = icb;
- Block_copy(itemsChangedBlock);
- }
-}
-
-// typedef void (^CloudKeychainReplyBlock)(CFDictionaryRef returnedValues, CFErrorRef error);
-
-static bool handle_xpc_event(const xpc_connection_t peer, xpc_object_t event)
-{
- CFErrorRef localError = NULL;
- pdebug(">>>>> handle_connection_event via event_handler <<<<<\n");
- bool result = false;
- if ((result = xpc_event_filter(peer, event, &localError)))
- {
- const char *operation = xpc_dictionary_get_string(event, kMessageKeyOperation);
- if (!operation || strcmp(operation, kMessageOperationItemChanged)) // some op we don't care about
- {
- pdebug("operation: %s", operation);
- return result;
- }
-
- xpc_object_t xrv = xpc_dictionary_get_value(event, kMessageKeyValue);
- if (!xrv)
- {
- pdebug("xrv null for kMessageKeyValue");
- return result;
- }
- describeXPCObject("xrv", xrv);
-
- CFDictionaryRef returnedValues = _CFXPCCreateCFObjectFromXPCObject(xrv);
- pdebug("returnedValues: %@", returnedValues);
-
- if (itemsChangedBlock)
- itemsChangedBlock(returnedValues, localError);
- }
- CFReleaseSafe(localError);
-
- return result;
-}
-
-static bool xpc_event_filter(const xpc_connection_t peer, xpc_object_t event, CFErrorRef *error)
-{
- // return true if the type is XPC_TYPE_DICTIONARY (and therefore something more to process)
- pdebug("handle_connection_event\n");
- xpc_type_t xtype = xpc_get_type(event);
- describeXPCType("handle_xpc_event", xtype);
- if (XPC_TYPE_CONNECTION == xtype)
- {
- pdebug("handle_xpc_event: XPC_TYPE_CONNECTION (unexpected)");
- // The client of an XPC service does not get connection events
- // For nwo, we log this and keep going
- describeXPCObject("handle_xpc_event: XPC_TYPE_CONNECTION, obj : ", event);
-#if 0
- if (error)
- *error = makeError(kSOSOUnexpectedConnectionEvent); // FIX
- assert(true);
-#endif
- }
- else
- if (XPC_TYPE_ERROR == xtype)
- {
- pdebug("default: xpc error: %s\n", xpc_dictionary_get_string(event, XPC_ERROR_KEY_DESCRIPTION));
- if (error)
- *error = makeError(kSOSOUnexpectedConnectionEvent); // FIX
- }
- else
- if (XPC_TYPE_DICTIONARY == xtype)
- {
- pdebug("received dictionary event %p\n", event);
- return true;
- }
- else
- {
- pdebug("default: unexpected connection event %p\n", event);
- describeXPCObject("handle_xpc_event: obj : ", event);
- if (error)
- *error = makeError(kSOSOUnexpectedXPCEvent);
- }
- return false;
-}
-
-static void talkWithKVS(xpc_object_t message, dispatch_queue_t processQueue, CloudKeychainReplyBlock replyBlock)
-{
- secerror("start");
- __block CFErrorRef error = NULL;
- __block CFTypeRef object = NULL;
-
- dispatch_block_t callback = ^{
- secerror("callback");
- if (replyBlock)
- replyBlock(object, error);
- // if (object)
- // CFRelease(object);
- if (error)
- {
- secerror("callback error: %@", error);
- // CFRelease(error);
- }
- dispatch_release(processQueue);
- };
-
- require_action(serviceConnection, xit, error = makeError(kSOSConnectionNotOpen));
- require_action(message, xit, error = makeError(kSOSObjectNotFoundError));
- dispatch_retain(processQueue);
- secerror("xpc_connection_send_message_with_reply called");
-
- Block_copy(callback);
-
-//#if !WANTXPCREPLY
- // xpc_connection_send_message(serviceConnection, message); // Send message; don't want a reply
-//#else
- xpc_connection_send_message_with_reply(serviceConnection, message, xpc_queue, ^(xpc_object_t reply)
- {
- secerror("xpc_connection_send_message_with_reply handler called back");
- if (xpc_event_filter(serviceConnection, reply, &error) && reply)
- {
- describeXPCObject("getValuesFromKVS: reply : ", reply);
- xpc_object_t xrv = xpc_dictionary_get_value(reply, kMessageKeyValue);
- if (xrv)
- {
- describeXPCObject("talkWithKVS: xrv: ", xrv);
- /*
- * The given XPC object must be one that was previously returned by
- * _CFXPCCreateXPCMessageWithCFObject().
- */
- object = _CFXPCCreateCFObjectFromXPCObject(xrv); // CF object is retained; release in callback
- secerror("converted CF object: %@", object);
- }
- else
- secerror("missing value reply");
- }
- dispatch_async(processQueue, callback);
- });
-//#endif
-
-//sleep(5); // DEBUG DEBUG FIX
- // xpc_release(message);
- return;
-
-xit:
- secerror("talkWithKVS error: %@", error);
- if (replyBlock)
- dispatch_async(processQueue, callback);
-}
-
-void putValuesWithXPC(CFDictionaryRef values, dispatch_queue_t processQueue, CloudKeychainReplyBlock replyBlock)
-{
- CFErrorRef error = NULL;
-
- require_action(values, xit, error = makeError(kSOSObjectNotFoundError));
-
- xpc_object_t message = xpc_dictionary_create(NULL, NULL, 0);
- xpc_dictionary_set_uint64(message, kMessageKeyVersion, kCKDXPCVersion);
- xpc_dictionary_set_string(message, kMessageKeyOperation, kOperationPUTDictionary);
-
- xpc_object_t xobject = _CFXPCCreateXPCObjectFromCFObject(values);
- require_action(xobject, xit, error = makeError(kSOSObjectCantBeConvertedToXPCObject));
- xpc_dictionary_set_value(message, kMessageKeyValue, xobject);
-
- talkWithKVS(message, processQueue, replyBlock);
- return;
-
-xit:
- if (replyBlock)
- replyBlock(NULL, error);
-}
-
-void synchronizeKVS(dispatch_queue_t processQueue, CloudKeychainReplyBlock replyBlock)
-{
- xpc_object_t message = xpc_dictionary_create(NULL, NULL, 0);
- xpc_dictionary_set_uint64(message, kMessageKeyVersion, kCKDXPCVersion);
- xpc_dictionary_set_string(message, kMessageKeyOperation, kOperationSynchronize);
- talkWithKVS(message, processQueue, replyBlock);
-}
-
-void clearAll(dispatch_queue_t processQueue, CloudKeychainReplyBlock replyBlock)
-{
- xpc_object_t message = xpc_dictionary_create(NULL, NULL, 0);
- xpc_dictionary_set_uint64(message, kMessageKeyVersion, kCKDXPCVersion);
- xpc_dictionary_set_string(message, kMessageKeyOperation, kOperationClearStore);
- talkWithKVS(message, processQueue, replyBlock);
-}
-
-/*
-extern xpc_object_t xpc_create_reply_with_format(xpc_object_t original, const char * format, ...);
- xpc_object_t reply = xpc_create_reply_with_format(event,
- "{keychain-paths: %value, all-paths: %value, extensions: %value, keychain-home: %value}",
- keychain_paths, all_paths, sandbox_extensions, home);
-*/
-
-void getValuesFromKVS(CFArrayRef keysToGet, dispatch_queue_t processQueue, CloudKeychainReplyBlock replyBlock)
-{
- secerror("start");
- CFErrorRef error = NULL;
- xpc_object_t xkeysOfInterest = xpc_dictionary_create(NULL, NULL, 0);
- xpc_object_t xkeysToGet = keysToGet ? _CFXPCCreateXPCObjectFromCFObject(keysToGet) : xpc_null_create();
-
- require_action(xkeysToGet, xit, error = makeError(kSOSObjectNotFoundError));
-
- xpc_dictionary_set_value(xkeysOfInterest, kMessageKeyKeysToGet, xkeysToGet);
-
- xpc_object_t message = xpc_dictionary_create(NULL, NULL, 0);
- xpc_dictionary_set_uint64(message, kMessageKeyVersion, kCKDXPCVersion);
- xpc_dictionary_set_string(message, kMessageKeyOperation, kOperationGETv2);
- xpc_dictionary_set_value(message, kMessageKeyValue, xkeysOfInterest);
-
- talkWithKVS(message, processQueue, replyBlock);
-
- xpc_release(message);
- return;
-
-xit:
- if (replyBlock)
- replyBlock(NULL, error);
-}
-
-void registerKeysForKVS(CFArrayRef keysToGet, CFStringRef clientIdentifier, dispatch_queue_t processQueue, CloudKeychainReplyBlock replyBlock)
-{
- secerror("start");
-
- xpc_object_t xkeysOfInterest = xpc_dictionary_create(NULL, NULL, 0);
- xpc_object_t xkeysToRegister = keysToGet ? _CFXPCCreateXPCObjectFromCFObject(keysToGet) : xpc_null_create();
- xpc_dictionary_set_value(xkeysOfInterest, kMessageKeyKeysToGet, xkeysToRegister);
-
- xpc_object_t message = xpc_dictionary_create(NULL, NULL, 0);
- xpc_dictionary_set_uint64(message, kMessageKeyVersion, kCKDXPCVersion);
- xpc_dictionary_set_string(message, kMessageKeyOperation, kOperationRegisterKeysAndGet);
- xpc_dictionary_set_value(message, kMessageKeyValue, xkeysOfInterest);
-
- if (clientIdentifier)
- {
- char *clientid = CFStringToCString(clientIdentifier);
- if (clientid)
- {
- xpc_dictionary_set_string(message, kMessageKeyClientIdentifier, clientid);
- free(clientid);
- }
- }
-
- setItemsChangedBlock(replyBlock);
- talkWithKVS(message, processQueue, replyBlock);
-
- xpc_release(message);
-}
-
-void unregisterKeysForKVS(CFArrayRef keysToUnregister, CFStringRef clientIdentifier, dispatch_queue_t processQueue, CloudKeychainReplyBlock replyBlock)
-{
-#if NO_SERVERz
- if (gCKD->unregisterKeys) {
- return gCKD->unregisterKeys(...);
- }
-#endif
-
- secerror("start");
-
- xpc_object_t xkeysOfInterest = xpc_dictionary_create(NULL, NULL, 0);
- xpc_object_t xkeysToUnregister = keysToUnregister ? _CFXPCCreateXPCObjectFromCFObject(keysToUnregister) : xpc_null_create();
- xpc_dictionary_set_value(xkeysOfInterest, kMessageKeyKeysToGet, xkeysToUnregister);
-
- xpc_object_t message = xpc_dictionary_create(NULL, NULL, 0);
- xpc_dictionary_set_uint64(message, kMessageKeyVersion, kCKDXPCVersion);
- xpc_dictionary_set_string(message, kMessageKeyOperation, kOperationUnregisterKeys);
- xpc_dictionary_set_value(message, kMessageKeyValue, xkeysOfInterest);
-
- if (clientIdentifier)
- {
- char *clientid = CFStringToCString(clientIdentifier);
- if (clientid)
- {
- xpc_dictionary_set_string(message, kMessageKeyClientIdentifier, clientid);
- free(clientid);
- }
- }
-
- talkWithKVS(message, processQueue, replyBlock);
-
- xpc_release(message);
-}
-
-#pragma mark ----- CF-XPC Utilities -----
-
-
-#pragma mark ----- DEBUG Utilities -----
-
-//------------------------------------------------------------------------------------------------
-// DEBUG only
-//------------------------------------------------------------------------------------------------
-
-void clearStore()
-{
- xpc_object_t message = xpc_dictionary_create(NULL, NULL, 0);
- xpc_dictionary_set_uint64(message, kMessageKeyVersion, kCKDXPCVersion);
- xpc_dictionary_set_string(message, kMessageKeyOperation, kOperationClearStore);
- xpc_connection_send_message(serviceConnection, message); // Send message; don't wait for a reply
- xpc_release(message);
-}
-
-void describeXPCObject(char *prefix, xpc_object_t object)
-{
-//#ifndef NDEBUG
- // This is useful for debugging.
- if (object)
- {
- char *desc = xpc_copy_description(object);
- pdebug("%s%s\n", prefix, desc);
- free(desc);
- }
- else
- pdebug("%s<NULL>\n", prefix);
-//#endif
-}
-
-void describeXPCType(char *prefix, xpc_type_t xtype)
-{
- /*
- Add these as necessary:
- XPC_TYPE_ENDPOINT
- XPC_TYPE_NULL
- XPC_TYPE_BOOL
- XPC_TYPE_INT64
- XPC_TYPE_UINT64
- XPC_TYPE_DOUBLE
- XPC_TYPE_DATE
- XPC_TYPE_DATA
- XPC_TYPE_STRING
- XPC_TYPE_UUID
- XPC_TYPE_FD
- XPC_TYPE_SHMEM
- XPC_TYPE_ARRAY
- */
-
-#ifndef NDEBUG
- // This is useful for debugging.
- char msg[256]={0,};
- if (XPC_TYPE_CONNECTION == xtype)
- strcpy(msg, "XPC_TYPE_CONNECTION");
- else if (XPC_TYPE_ERROR == xtype)
- strcpy(msg, "XPC_TYPE_ERROR");
- else if (XPC_TYPE_DICTIONARY == xtype)
- strcpy(msg, "XPC_TYPE_DICTIONARY");
- else
- strcpy(msg, "<unknown>");
-
- pdebug("%s type:%s\n", prefix, msg);
-#endif
-}
-
-
-
projects / apple / security.git / blobdiff