1/* 2 * Copyright (c) 2000-2010 Apple Inc. All Rights Reserved. 3 * 4 * @APPLE_LICENSE_HEADER_START@ 5 * 6 * This file contains Original Code and/or Modifications of Original Code 7 * as defined in and that are subject to the Apple Public Source License 8 * Version 2.0 (the 'License'). You may not use this file except in 9 * compliance with the License. Please obtain a copy of the License at 10 * http://www.opensource.apple.com/apsl/ and read it before using this 11 * file. 12 * 13 * The Original Code and all software distributed under the License are 14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 18 * Please see the License for the specific language governing rights and 19 * limitations under the License. 20 * 21 * @APPLE_LICENSE_HEADER_END@ 22 */ 23 24 25// 26// StorageManager.h -- Working with multiple keychains 27// 28#ifndef _SECURITY_STORAGEMANAGER_H_ 29#define _SECURITY_STORAGEMANAGER_H_ 30 31#include <list> 32#include <set> 33#include <security_keychain/DLDBListCFPref.h> 34#include <security_keychain/DynamicDLDBList.h> 35#include <security_keychain/Keychains.h> 36#include <security_keychain/KeyItem.h> 37#include <Security/Authorization.h> 38 39#define kLegacyKeychainRenamedSuffix "_renamed" 40#define kKeychainRenamedSuffix "_renamed_" 41 42namespace Security 43{ 44 45namespace KeychainCore 46{ 47 48class StorageManager 49{ 50 NOCOPY(StorageManager) 51public: 52 typedef vector<Keychain> KeychainList; 53 typedef vector<DLDbIdentifier> DLDbList; 54 55 StorageManager(); 56 ~StorageManager() {} 57 58 Mutex* getStorageManagerMutex(); 59 60 //bool onlist(const Keychain & keychain); 61 62 // These will call addAndNotify() if the specified keychain already exists 63 Keychain make(const char *fullPathName); 64 Keychain make(const char *fullPathName, bool add); 65 Keychain makeLoginAuthUI(const Item *item); 66 void created(const Keychain &keychain); // Be notified a Keychain just got created. 67 68 // Misc 69 void lockAll(); 70 71 void add(const Keychain& keychainToAdd); // Only add if not there yet. Doesn't write out CFPref 72 73 // Vector-like methods. 74 size_t size(); 75 Keychain at(unsigned int ix); 76 Keychain operator[](unsigned int ix); 77 78 KCCursor createCursor(const SecKeychainAttributeList *attrList); 79 KCCursor createCursor(SecItemClass itemClass, const SecKeychainAttributeList *attrList); 80 81 // Lookup a keychain object in the cache. If it doesn't exist, create a 82 // new one and add to cache. Doesn't modify search lists. 83 // Note this doesn't create an actual database just a reference to one 84 // that may or may not exist. 85 Keychain keychain(const DLDbIdentifier &dLDbIdentifier); 86 87 // Remove a keychain from the cache if it's in it. 88 void removeKeychain(const DLDbIdentifier &dLDbIdentifier, KeychainImpl *keychainImpl); 89 // Be notified a (smart card) keychain was removed. 90 void didRemoveKeychain(const DLDbIdentifier &dLDbIdentifier); 91 92 // Create KC if it doesn't exist, add it to the search list if it exists and is not already on it. 93 Keychain makeKeychain(const DLDbIdentifier &dLDbIdentifier, bool add = true); 94 95 96 // Keychain list maintenance 97 98 // remove kcsToRemove from the search list 99 void remove(const KeychainList &kcsToRemove, bool deleteDb = false); 100 101 void getSearchList(KeychainList &keychainList); 102 void setSearchList(const KeychainList &keychainList); 103 void forceUserSearchListReread (); 104 105 void getSearchList(SecPreferencesDomain domain, KeychainList &keychainList); 106 void setSearchList(SecPreferencesDomain domain, const KeychainList &keychainList); 107 108 void rename(Keychain keychain, const char* newName); 109 void renameUnique(Keychain keychain, CFStringRef newName); 110 111 // Iff keychainOrArray is NULL return the default KeychainList in keychainList otherwise 112 // if keychainOrArray is a CFArrayRef containing SecKeychainRef's convernt it to KeychainList, 113 // if keychainOrArray is a SecKeychainRef return a KeychainList with one element. 114 void optionalSearchList(CFTypeRef keychainOrArray, KeychainList &keychainList); 115 116 // Convert CFArrayRef of SecKeychainRef's a KeychainList. The array must not be NULL 117 static void convertToKeychainList(CFArrayRef keychainArray, KeychainList &keychainList); 118 119 // Convert KeychainList to a CFArrayRef of SecKeychainRef's. 120 static CFArrayRef convertFromKeychainList(const KeychainList &keychainList); 121 122 // Login keychain support 123 void login(AuthorizationRef authRef, UInt32 nameLength, const char* name); 124 void login(ConstStringPtr name, ConstStringPtr password); 125 void login(UInt32 nameLength, const void *name, UInt32 passwordLength, const void *password); 126 void stashLogin(); 127 void stashKeychain(); 128 void logout(); 129 void changeLoginPassword(ConstStringPtr oldPassword, ConstStringPtr newPassword); 130 void changeLoginPassword(UInt32 oldPasswordLength, const void *oldPassword, UInt32 newPasswordLength, const void *newPassword); 131 132 void resetKeychain(Boolean resetSearchList); 133 134 Keychain defaultKeychain(); 135 Keychain defaultKeychainUI(Item &item); 136 void defaultKeychain(const Keychain &keychain); 137 138 Keychain loginKeychain(); 139 void loginKeychain(Keychain keychain); 140 141 Keychain defaultKeychain(SecPreferencesDomain domain); 142 void defaultKeychain(SecPreferencesDomain domain, const Keychain &keychain); 143 144 SecPreferencesDomain domain() { return mDomain; } 145 void domain(SecPreferencesDomain newDomain); 146 147 bool keychainOwnerPermissionsValidForDomain(const char* path, SecPreferencesDomain domain); 148 149 // non-file based Keychain manipulation 150 void addToDomainList(SecPreferencesDomain domain, const char* dbName, const CSSM_GUID &guid, uint32 subServiceType); 151 void isInDomainList(SecPreferencesDomain domain, const char* dbName, const CSSM_GUID &guid, uint32 subServiceType); 152 void removeFromDomainList(SecPreferencesDomain domain, const char* dbName, const CSSM_GUID &guid, uint32 subServiceType); 153 154private: 155 static void convertList(DLDbList &ids, const KeychainList &kcs); 156 void convertList(KeychainList &kcs, const DLDbList &ids); 157 158 // Only add if not there yet. Writes out CFPref and broadcasts KCPrefListChanged notification 159 void addAndNotify(const Keychain& keychainToAdd); 160 161 // remove a keychain from the sync list 162 void removeKeychainFromSyncList (const DLDbIdentifier &id); 163 164 typedef map<DLDbIdentifier, __weak KeychainImpl *> KeychainMap; 165 // Weak reference map of all keychains we know about that aren't deleted 166 // or removed 167 KeychainMap mKeychains; 168 169 // The dynamic search list. 170 DynamicDLDBList mDynamicList; 171 172 DLDbListCFPref mSavedList; 173 DLDbListCFPref mCommonList; 174 SecPreferencesDomain mDomain; // current domain (in mSavedList and cache fields) 175 Mutex mMutex; 176 RecursiveMutex mKeychainMapMutex; 177}; 178 179} // end namespace KeychainCore 180 181} // end namespace Security 182 183#endif // !_SECURITY_STORAGEMANAGER_H_ 184