1/* 2 * Copyright (c) 2013-2014 Apple Inc. All Rights Reserved. 3 * 4 * @APPLE_LICENSE_HEADER_START@ 5 * 6 * This file contains Original Code and/or Modifications of Original Code 7 * as defined in and that are subject to the Apple Public Source License 8 * Version 2.0 (the 'License'). You may not use this file except in 9 * compliance with the License. Please obtain a copy of the License at 10 * http://www.opensource.apple.com/apsl/ and read it before using this 11 * file. 12 * 13 * The Original Code and all software distributed under the License are 14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 18 * Please see the License for the specific language governing rights and 19 * limitations under the License. 20 * 21 * @APPLE_LICENSE_HEADER_END@ 22 */ 23 24 25#include "secd_regressions.h" 26 27#include <securityd/SecDbItem.h> 28#include <utilities/SecCFWrappers.h> 29#include <utilities/SecFileLocations.h> 30#include <utilities/fileIo.h> 31 32#include <securityd/SOSCloudCircleServer.h> 33#include <securityd/SecItemServer.h> 34 35#include <Security/SecBasePriv.h> 36 37#include <AssertMacros.h> 38 39#include <stdio.h> 40#include <unistd.h> 41#include <sys/stat.h> 42#include <pthread.h> 43 44#include "SecdTestKeychainUtilities.h" 45 46/* Corrupt 1st and 3rd item */ 47static const char *corrupt_item_sql = "UPDATE inet SET data=X'12345678' WHERE rowid=1 OR rowid=3"; 48 49int secd_04_corrupted_items(int argc, char *const *argv) 50{ 51 plan_tests(11 + kSecdTestSetupTestCount); 52 53 /* custom keychain dir */ 54 secd_test_setup_temp_keychain("secd_04_corrupted_items", NULL); 55 56 /* add a password */ 57 CFTypeRef ref1 = NULL; 58 int v_eighty = 80; 59 CFNumberRef eighty = CFNumberCreate(NULL, kCFNumberSInt32Type, &v_eighty); 60 const char *v_data = "test"; 61 CFDataRef pwdata = CFDataCreate(NULL, (UInt8 *)v_data, strlen(v_data)); 62 CFMutableDictionaryRef query = CFDictionaryCreateMutable(NULL, 0, NULL, NULL); 63 CFDictionaryAddValue(query, kSecClass, kSecClassInternetPassword); 64 CFDictionaryAddValue(query, kSecAttrServer, CFSTR("corrupt.spamcop.net")); 65 CFDictionaryAddValue(query, kSecAttrAccount, CFSTR("smith")); 66 CFDictionaryAddValue(query, kSecAttrPort, eighty); 67 CFDictionaryAddValue(query, kSecAttrProtocol, kSecAttrProtocolHTTP); 68 CFDictionaryAddValue(query, kSecAttrAuthenticationType, kSecAttrAuthenticationTypeDefault); 69 CFDictionaryAddValue(query, kSecValueData, pwdata); 70 CFDictionaryAddValue(query, kSecReturnPersistentRef, kCFBooleanTrue); 71 ok_status(SecItemAdd(query, &ref1), "add internet password port 80"); 72 73 /* add another one */ 74 CFTypeRef ref2 = NULL; 75 int v_eighty_one = 81; 76 CFNumberRef eighty_one = CFNumberCreate(NULL, kCFNumberSInt32Type, &v_eighty_one); 77 CFDictionarySetValue(query, kSecAttrPort, eighty_one); 78 ok_status(SecItemAdd(query, &ref2), "add internet password port 81"); 79 80 /* add another one */ 81 CFTypeRef ref3 = NULL; 82 int v_eighty_two = 82; 83 CFNumberRef eighty_two = CFNumberCreate(NULL, kCFNumberSInt32Type, &v_eighty_two); 84 CFDictionarySetValue(query, kSecAttrPort, eighty_two); 85 ok_status(SecItemAdd(query, &ref3), "add internet password port 82"); 86 87 /* remove the data, and return key from the query */ 88 CFDictionaryRemoveValue(query, kSecValueData); 89 CFDictionaryRemoveValue(query, kSecReturnPersistentRef); 90 91 /* update second password to conflict with first one */ 92 CFDictionarySetValue(query, kSecAttrPort, eighty_one); 93 CFMutableDictionaryRef attributes = CFDictionaryCreateMutable(NULL, 0, NULL, NULL); 94 CFDictionaryAddValue(attributes, kSecAttrPort, eighty); 95 is_status(SecItemUpdate(query, attributes), errSecDuplicateItem, "update internet password port 80 to 81"); 96 97 /* corrupt the first and 3rd password */ 98 CFStringRef keychain_path_cf = __SecKeychainCopyPath(); 99 100 CFStringPerformWithCString(keychain_path_cf, ^(const char *keychain_path) { 101 /* Create a new keychain sqlite db */ 102 sqlite3 *db; 103 104 is(sqlite3_open(keychain_path, &db), SQLITE_OK, "open keychain"); 105 is(sqlite3_exec(db, corrupt_item_sql, NULL, NULL, NULL), SQLITE_OK, 106 "corrupting keychain items"); 107 108 }); 109 110 /* Try the update again */ 111 ok_status(SecItemUpdate(query, attributes), "update internet password port 80 to 81 (after corrupting item)"); 112 113 /* query the persistent ref */ 114 CFTypeRef ref = NULL; 115 CFDictionarySetValue(query, kSecAttrPort, eighty); 116 CFDictionaryAddValue(query, kSecReturnPersistentRef, kCFBooleanTrue); 117 ok_status(SecItemCopyMatching(query, &ref), "Item 80 found"); 118 119 CFDictionaryRemoveValue(query, kSecReturnPersistentRef); 120 ok(CFEqual(ref, ref2), "persistent ref of item 2"); 121 122 CFReleaseNull(attributes); 123 124 /* Update the 3rd item (82) */ 125 CFDictionarySetValue(query, kSecAttrPort, eighty_two); 126 127 attributes = CFDictionaryCreateMutable(NULL, 0, NULL, NULL); 128 CFDictionaryAddValue(attributes, kSecAttrLabel, CFSTR("This is the 3rd password")); 129 is_status(SecItemUpdate(query, attributes), errSecItemNotFound, "update internet password port 82 (after corrupting item)"); 130 131 CFDictionarySetValue(query, kSecValueData, pwdata); 132 ok_status(SecItemAdd(query, NULL), "re-adding internet password port 82 (after corrupting item)"); 133 CFReleaseNull(pwdata); 134 CFReleaseNull(attributes); 135 CFReleaseNull(query); 136 CFReleaseNull(eighty); 137 CFReleaseNull(eighty_one); 138 CFReleaseNull(eighty_two); 139 140 return 0; 141} 142