/* * Copyright (c) 2013-2014 Apple Inc. All Rights Reserved. * * @APPLE_LICENSE_HEADER_START@ * * This file contains Original Code and/or Modifications of Original Code * as defined in and that are subject to the Apple Public Source License * Version 2.0 (the 'License'). You may not use this file except in * compliance with the License. Please obtain a copy of the License at * http://www.opensource.apple.com/apsl/ and read it before using this * file. * * The Original Code and all software distributed under the License are * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. * Please see the License for the specific language governing rights and * limitations under the License. * * @APPLE_LICENSE_HEADER_END@ */ /*! @header SecDbQuery.h - The thing that does the stuff with the gibli. */ #ifndef _SECURITYD_SECDBQUERY_H_ #define _SECURITYD_SECDBQUERY_H_ #include <securityd/SecKeybagSupport.h> #include <securityd/SecDbItem.h> __BEGIN_DECLS typedef struct Pair *SecDbPairRef; typedef struct Query *SecDbQueryRef; /* Return types. */ typedef uint32_t ReturnTypeMask; enum { kSecReturnDataMask = 1 << 0, kSecReturnAttributesMask = 1 << 1, kSecReturnRefMask = 1 << 2, kSecReturnPersistentRefMask = 1 << 3, }; /* Constant indicating there is no limit to the number of results to return. */ enum { kSecMatchUnlimited = kCFNotFound }; typedef struct Pair { const void *key; const void *value; } Pair; /* Nothing in this struct is retained since all the values below are extracted from the dictionary passed in by the caller. */ typedef struct Query { /* Class of this query. */ const SecDbClass *q_class; /* Dictionary with all attributes and values in clear (to be encrypted). */ CFMutableDictionaryRef q_item; /* q_pairs is an array of Pair structs. Elements with indices [0, q_attr_end) contain attribute key value pairs. Elements with indices [q_match_begin, q_match_end) contain match key value pairs. Thus q_attr_end is the number of attrs in q_pairs and q_match_begin - q_match_end is the number of matches in q_pairs. */ CFIndex q_match_begin; CFIndex q_match_end; CFIndex q_attr_end; CFErrorRef q_error; ReturnTypeMask q_return_type; CFDataRef q_data; CFTypeRef q_ref; sqlite_int64 q_row_id; CFArrayRef q_use_item_list; CFBooleanRef q_use_tomb; #if defined(MULTIPLE_KEYCHAINS) CFArrayRef q_use_keychain; CFArrayRef q_use_keychain_list; #endif /* !defined(MULTIPLE_KEYCHAINS) */ /* Value of kSecMatchLimit key if present. */ CFIndex q_limit; /* True if query contained a kSecAttrSynchronizable attribute, * regardless of its actual value. If this is false, then we * will add an explicit sync=0 to the query. */ bool q_sync; // Set to true if we modified any item as part of executing this query bool q_changed; // Set to true if we modified any synchronizable item as part of executing this query bool q_sync_changed; // Set to true if we want to delete item enum SecKsCryptoOp q_crypto_op; /* Keybag handle to use for this item. */ keybag_handle_t q_keybag; /* ACL and credHandle passed to the query. q_use_cred_handle can contain either CFDataRef passed from outside * or CoreAuth context object. */ SecAccessControlRef q_access_control; CFTypeRef q_use_cred_handle; // Array filled during the query execution with CFDataRef conatining serialized SecAccessControl objects // which need to be verified in order to include all items in the results. CFMutableArrayRef q_required_access_controls; // Text describing the operation for which the application is attempting to authenticate. CFStringRef q_use_operation_prompt; // True if the authentication UI is not allowed. CFBooleanRef q_use_no_authentication_ui; // SHA1 digest of DER encoded primary key CFDataRef q_primary_key_digest; CFArrayRef q_match_issuer; /* Caller acces groups for AKS */ CFArrayRef q_caller_access_groups; Pair q_pairs[]; } Query; Query *query_create(const SecDbClass *qclass, CFDictionaryRef query, CFErrorRef *error); bool query_destroy(Query *q, CFErrorRef *error); bool query_error(Query *q, CFErrorRef *error); Query *query_create_with_limit(CFDictionaryRef query, CFIndex limit, CFErrorRef *error); void query_add_attribute(const void *key, const void *value, Query *q); void query_ensure_access_control(Query *q, CFStringRef agrp); void query_pre_add(Query *q, bool force_date); bool query_notify_and_destroy(Query *q, bool ok, CFErrorRef *error); CFIndex query_match_count(const Query *q); CFIndex query_attr_count(const Query *q); Pair query_attr_at(const Query *q, CFIndex ix); bool query_update_parse(Query *q, CFDictionaryRef update, CFErrorRef *error); void query_pre_update(Query *q); void query_enable_interactive(Query *q); bool query_needs_authentication(Query *q); bool query_authenticate(Query *q, CFErrorRef **error); const SecDbClass *kc_class_with_name(CFStringRef name); void query_set_caller_access_groups(Query *q, CFArrayRef caller_access_groups); __END_DECLS #endif /* _SECURITYD_SECDBQUERY_H_ */