@wlfi-agent/cli 1.4.14 → 1.4.16

package/crates/vault-cli-daemon/Cargo.toml

@@ -24,5 +24,6 @@ vault-signer = { path = "../vault-signer" }
 vault-transport-unix = { path = "../vault-transport-unix" }
 
 [target.'cfg(target_os = "macos")'.dependencies]
+core-foundation.workspace = true
 security-framework.workspace = true
 security-framework-sys.workspace = true

package/crates/vault-cli-daemon/src/bin/wlfi-agent-system-keychain.rs

@@ -165,14 +165,18 @@ fn replace_generic_password(
             }
         }
 
-        keychain
-            .add_generic_password(&service, &account, password.as_bytes())
-            .with_context(|| {
-                format!(
-                    "failed to store generic password for service '{}' and account '{}'",
-                    service, account
-                )
-            })?;
+        add_generic_password_restricted_to_creator(
+            &keychain,
+            &service,
+            &account,
+            password.as_bytes(),
+        )
+        .with_context(|| {
+            format!(
+                "failed to store generic password for service '{}' and account '{}'",
+                service, account
+            )
+        })?;
         Ok(())
     })();
 
@@ -180,6 +184,116 @@ fn replace_generic_password(
     result
 }
 
+#[cfg(target_os = "macos")]
+fn add_generic_password_restricted_to_creator(
+    keychain: &security_framework::os::macos::keychain::SecKeychain,
+    service: &str,
+    account: &str,
+    password: &[u8],
+) -> Result<()> {
+    use core_foundation::array::{CFArray, CFArrayRef};
+    use core_foundation::base::{CFType, TCFType};
+    use core_foundation::string::CFString;
+    use security_framework::base::Error as SecurityError;
+    use security_framework::os::macos::access::SecAccess;
+    use security_framework::os::macos::keychain_item::SecKeychainItem;
+    use security_framework_sys::base::{
+        SecAccessRef, SecKeychainAttribute, SecKeychainAttributeList, SecKeychainItemRef,
+    };
+
+    const K_SEC_GENERIC_PASSWORD_ITEM_CLASS: u32 = u32::from_be_bytes(*b"genp");
+    const K_SEC_SERVICE_ITEM_ATTR: u32 = u32::from_be_bytes(*b"svce");
+    const K_SEC_ACCOUNT_ITEM_ATTR: u32 = u32::from_be_bytes(*b"acct");
+
+    unsafe extern "C" {
+        fn SecAccessCreate(
+            descriptor: core_foundation::string::CFStringRef,
+            trustedlist: CFArrayRef,
+            access_ref: *mut SecAccessRef,
+        ) -> core_foundation::base::OSStatus;
+
+        fn SecKeychainItemCreateFromContent(
+            item_class: u32,
+            attr_list: *mut SecKeychainAttributeList,
+            length: u32,
+            data: *const libc::c_void,
+            keychain_ref: security_framework_sys::base::SecKeychainRef,
+            initial_access: SecAccessRef,
+            item_ref: *mut SecKeychainItemRef,
+        ) -> core_foundation::base::OSStatus;
+
+        fn SecTrustedApplicationCreateFromPath(
+            path: *const libc::c_char,
+            app: *mut *mut libc::c_void,
+        ) -> core_foundation::base::OSStatus;
+    }
+
+    let descriptor = CFString::from("wlfi-agent-system-keychain");
+    let mut trusted_app_ref: *mut libc::c_void = std::ptr::null_mut();
+    let trusted_app_status =
+        unsafe { SecTrustedApplicationCreateFromPath(std::ptr::null(), &mut trusted_app_ref) };
+    if trusted_app_status != 0 {
+        return Err(SecurityError::from_code(trusted_app_status))
+            .context("failed to create trusted-application ACL entry for helper");
+    }
+    let trusted_app = unsafe { CFType::wrap_under_create_rule(trusted_app_ref.cast()) };
+    let trusted_apps = CFArray::from_CFTypes(&[trusted_app]);
+
+    let mut access_ref: SecAccessRef = std::ptr::null_mut();
+    let access_status = unsafe {
+        SecAccessCreate(
+            descriptor.as_concrete_TypeRef(),
+            trusted_apps.as_concrete_TypeRef(),
+            &mut access_ref,
+        )
+    };
+    if access_status != 0 {
+        return Err(SecurityError::from_code(access_status))
+            .context("failed to create keychain item access rules");
+    }
+    let access = unsafe { SecAccess::wrap_under_create_rule(access_ref) };
+
+    let mut service_bytes = service.as_bytes().to_vec();
+    let mut account_bytes = account.as_bytes().to_vec();
+    let mut attributes = [
+        SecKeychainAttribute {
+            tag: K_SEC_SERVICE_ITEM_ATTR,
+            length: service_bytes.len() as u32,
+            data: service_bytes.as_mut_ptr().cast(),
+        },
+        SecKeychainAttribute {
+            tag: K_SEC_ACCOUNT_ITEM_ATTR,
+            length: account_bytes.len() as u32,
+            data: account_bytes.as_mut_ptr().cast(),
+        },
+    ];
+    let mut attribute_list = SecKeychainAttributeList {
+        count: attributes.len() as u32,
+        attr: attributes.as_mut_ptr(),
+    };
+    let mut item_ref: SecKeychainItemRef = std::ptr::null_mut();
+
+    let create_status = unsafe {
+        SecKeychainItemCreateFromContent(
+            K_SEC_GENERIC_PASSWORD_ITEM_CLASS,
+            &mut attribute_list,
+            password.len() as u32,
+            password.as_ptr().cast(),
+            keychain.as_CFTypeRef() as security_framework_sys::base::SecKeychainRef,
+            access.as_concrete_TypeRef(),
+            &mut item_ref,
+        )
+    };
+    let _item =
+        (!item_ref.is_null()).then(|| unsafe { SecKeychainItem::wrap_under_create_rule(item_ref) });
+    if create_status != 0 {
+        return Err(SecurityError::from_code(create_status))
+            .context("failed to create restricted generic password item");
+    }
+
+    Ok(())
+}
+
 #[cfg(not(target_os = "macos"))]
 fn replace_generic_password(
     _keychain: PathBuf,

package/crates/vault-cli-daemon/src/main.rs

@@ -160,6 +160,7 @@ async fn main() -> Result<()> {
     );
     eprintln!("==> press Ctrl+C to stop");
 
+    let signer_backend_label = relay_signer_backend_label(cli.signer_backend);
     match cli.signer_backend {
         SignerBackendKind::SecureEnclave => {
             let daemon = Arc::new(
@@ -172,7 +173,7 @@ async fn main() -> Result<()> {
                 .context("failed to initialize daemon")?,
             );
             let relay_task =
-                relay_sync::spawn_relay_sync_task(Arc::clone(&daemon), "secure-enclave");
+                relay_sync::spawn_relay_sync_task(Arc::clone(&daemon), signer_backend_label);
             vault_password.zeroize();
             server
                 .run_until_shutdown(daemon, async {
@@ -193,7 +194,7 @@ async fn main() -> Result<()> {
                 .context("failed to initialize daemon")?,
             );
             let relay_task =
-                relay_sync::spawn_relay_sync_task(Arc::clone(&daemon), "secure-enclave");
+                relay_sync::spawn_relay_sync_task(Arc::clone(&daemon), signer_backend_label);
             vault_password.zeroize();
             server
                 .run_until_shutdown(daemon, async {
@@ -208,6 +209,13 @@ async fn main() -> Result<()> {
     Ok(())
 }
 
+fn relay_signer_backend_label(backend: SignerBackendKind) -> &'static str {
+    match backend {
+        SignerBackendKind::SecureEnclave => "secure-enclave",
+        SignerBackendKind::Software => "software",
+    }
+}
+
 fn validate_signer_backend_runtime(backend: SignerBackendKind) -> Result<()> {
     #[cfg(not(target_os = "macos"))]
     {
@@ -506,8 +514,8 @@ fn lock_path(path: &Path) -> PathBuf {
 #[cfg(test)]
 mod tests {
     use super::{
-        ensure_file_parent, resolve_allowed_peer_euids_with_sudo_uid, resolve_vault_password,
-        validate_password, Cli,
+        ensure_file_parent, relay_signer_backend_label, resolve_allowed_peer_euids_with_sudo_uid,
+        resolve_vault_password, validate_password, Cli, SignerBackendKind,
     };
     use clap::Parser;
     use std::collections::BTreeSet;
@@ -608,6 +616,18 @@ mod tests {
         assert_eq!(resolved.agent, BTreeSet::from([0, 22, 33]));
     }
 
+    #[test]
+    fn relay_signer_backend_label_matches_runtime_backend() {
+        assert_eq!(
+            relay_signer_backend_label(SignerBackendKind::SecureEnclave),
+            "secure-enclave"
+        );
+        assert_eq!(
+            relay_signer_backend_label(SignerBackendKind::Software),
+            "software"
+        );
+    }
+
     #[cfg(unix)]
     #[test]
     fn assert_allowed_directory_owner_rejects_non_root_owner_for_root_runtime() {

package/crates/vault-cli-daemon/src/relay_sync.rs

@@ -11,7 +11,7 @@ use serde::{Deserialize, Serialize};
 use tokio::task::JoinHandle;
 use tokio::time::{self, MissedTickBehavior};
 use uuid::Uuid;
-use vault_daemon::{InMemoryDaemon, RelayRegistrationSnapshot};
+use vault_daemon::{DaemonError, InMemoryDaemon, RelayRegistrationSnapshot};
 use vault_domain::{
     manual_approval_capability_hash, manual_approval_capability_token, AgentAction, AssetId,
     EntityScope, ManualApprovalDecision, ManualApprovalStatus, PolicyType, SpendingPolicy,
@@ -178,6 +178,72 @@ struct ProcessedFeedback {
     status: &'static str,
 }
 
+fn manual_approval_feedback(
+    approval_request_id: Uuid,
+    status: ManualApprovalStatus,
+    note: Option<&str>,
+    message: String,
+) -> ProcessedFeedback {
+    let mut details = BTreeMap::new();
+    details.insert("approvalRequestId".to_string(), approval_request_id.to_string());
+    details.insert(
+        "manualApprovalStatus".to_string(),
+        map_approval_status(status).to_string(),
+    );
+    if let Some(note) = note.filter(|value| !value.trim().is_empty()) {
+        details.insert("note".to_string(), note.to_string());
+    }
+
+    ProcessedFeedback {
+        details: Some(details),
+        message: Some(message),
+        status: "applied",
+    }
+}
+
+fn manual_approval_error_feedback(
+    approval_request_id: Uuid,
+    decision: ManualApprovalDecision,
+    note: Option<&str>,
+    error: &DaemonError,
+) -> ProcessedFeedback {
+    if let DaemonError::ManualApprovalRequestNotPending { status, .. } = error {
+        let same_decision_already_applied = matches!(
+            (decision, status),
+            (
+                ManualApprovalDecision::Approve,
+                ManualApprovalStatus::Approved | ManualApprovalStatus::Completed,
+            ) | (ManualApprovalDecision::Reject, ManualApprovalStatus::Rejected)
+        );
+
+        if same_decision_already_applied {
+            return manual_approval_feedback(
+                approval_request_id,
+                *status,
+                note,
+                format!(
+                    "manual approval {} was already applied to {}",
+                    match decision {
+                        ManualApprovalDecision::Approve => "approve",
+                        ManualApprovalDecision::Reject => "reject",
+                    },
+                    approval_request_id
+                ),
+            );
+        }
+    }
+
+    ProcessedFeedback {
+        details: None,
+        message: Some(error.to_string()),
+        status: if matches!(decision, ManualApprovalDecision::Reject) {
+            "rejected"
+        } else {
+            "failed"
+        },
+    }
+}
+
 pub fn spawn_relay_sync_task<B>(
     daemon: Arc<InMemoryDaemon<B>>,
     signer_backend: &'static str,
@@ -528,38 +594,25 @@ where
         )
         .await
     {
-        Ok(request) => {
-            let mut details = BTreeMap::new();
-            details.insert("approvalRequestId".to_string(), request.id.to_string());
-            details.insert(
-                "manualApprovalStatus".to_string(),
-                map_approval_status(request.status).to_string(),
-            );
-            if let Some(note) = payload.note.filter(|value| !value.trim().is_empty()) {
-                details.insert("note".to_string(), note);
-            }
-            ProcessedFeedback {
-                details: Some(details),
-                message: Some(format!(
-                    "manual approval {} applied to {}",
-                    match decision {
-                        ManualApprovalDecision::Approve => "approve",
-                        ManualApprovalDecision::Reject => "reject",
-                    },
-                    request.id
-                )),
-                status: "applied",
-            }
-        }
-        Err(error) => ProcessedFeedback {
-            details: None,
-            message: Some(error.to_string()),
-            status: if matches!(decision, ManualApprovalDecision::Reject) {
-                "rejected"
-            } else {
-                "failed"
-            },
-        },
+        Ok(request) => manual_approval_feedback(
+            request.id,
+            request.status,
+            payload.note.as_deref(),
+            format!(
+                "manual approval {} applied to {}",
+                match decision {
+                    ManualApprovalDecision::Approve => "approve",
+                    ManualApprovalDecision::Reject => "reject",
+                },
+                request.id
+            ),
+        ),
+        Err(error) => manual_approval_error_feedback(
+            approval_request_id,
+            decision,
+            payload.note.as_deref(),
+            &error,
+        ),
     }
 }
 
@@ -775,14 +828,18 @@ fn format_time(value: OffsetDateTime) -> Result<String> {
 
 #[cfg(test)]
 mod tests {
-    use super::{approval_metadata, resolve_relay_daemon_token_with};
+    use super::{approval_metadata, manual_approval_error_feedback, resolve_relay_daemon_token_with};
     use std::collections::BTreeMap;
     use std::fs;
     use std::path::Path;
     use std::time::{SystemTime, UNIX_EPOCH};
     use time::OffsetDateTime;
     use uuid::Uuid;
-    use vault_domain::{AgentAction, AssetId, ManualApprovalRequest, ManualApprovalStatus};
+    use vault_daemon::DaemonError;
+    use vault_domain::{
+        AgentAction, AssetId, ManualApprovalDecision, ManualApprovalRequest,
+        ManualApprovalStatus,
+    };
 
     #[test]
     fn approval_metadata_includes_admin_reissue_token_and_public_hash_for_pending_requests() {
@@ -891,4 +948,67 @@ mod tests {
 
         assert_eq!(token, None);
     }
+
+    #[test]
+    fn manual_approval_error_feedback_marks_replayed_approve_updates_as_applied() {
+        let approval_request_id =
+            Uuid::parse_str("aaaaaaaa-aaaa-4aaa-8aaa-aaaaaaaaaaaa").expect("uuid");
+
+        let feedback = manual_approval_error_feedback(
+            approval_request_id,
+            ManualApprovalDecision::Approve,
+            Some("approved earlier"),
+            &DaemonError::ManualApprovalRequestNotPending {
+                approval_request_id,
+                status: ManualApprovalStatus::Completed,
+            },
+        );
+
+        assert_eq!(feedback.status, "applied");
+        assert_eq!(
+            feedback
+                .details
+                .as_ref()
+                .and_then(|details| details.get("manualApprovalStatus")),
+            Some(&"completed".to_string())
+        );
+        assert_eq!(
+            feedback
+                .details
+                .as_ref()
+                .and_then(|details| details.get("note")),
+            Some(&"approved earlier".to_string())
+        );
+        assert!(
+            feedback
+                .message
+                .as_deref()
+                .is_some_and(|message| message.contains("already applied"))
+        );
+    }
+
+    #[test]
+    fn manual_approval_error_feedback_keeps_conflicting_approve_updates_failed() {
+        let approval_request_id =
+            Uuid::parse_str("bbbbbbbb-bbbb-4bbb-8bbb-bbbbbbbbbbbb").expect("uuid");
+
+        let feedback = manual_approval_error_feedback(
+            approval_request_id,
+            ManualApprovalDecision::Approve,
+            None,
+            &DaemonError::ManualApprovalRequestNotPending {
+                approval_request_id,
+                status: ManualApprovalStatus::Rejected,
+            },
+        );
+
+        assert_eq!(feedback.status, "failed");
+        assert!(feedback.details.is_none());
+        assert!(
+            feedback
+                .message
+                .as_deref()
+                .is_some_and(|message| message.contains("already Rejected"))
+        );
+    }
 }

package/crates/vault-cli-daemon/tests/system_keychain_helper_acl.rs

@@ -6,6 +6,12 @@ mod macos {
     use std::process::{Command, Output, Stdio};
     use std::time::{SystemTime, UNIX_EPOCH};
 
+    use security_framework::os::macos::keychain::SecKeychain;
+    use security_framework_sys::base::errSecAuthFailed;
+
+    const ERR_SEC_AUTH_FAILED: i32 = errSecAuthFailed;
+    const ERR_SEC_INTERACTION_NOT_ALLOWED: i32 = -25308;
+
     fn unique_temp_dir() -> PathBuf {
         let unique = SystemTime::now()
             .duration_since(UNIX_EPOCH)
@@ -57,7 +63,7 @@ mod macos {
     }
 
     #[test]
-    fn helper_owned_items_are_not_readable_via_security_cli() {
+    fn helper_owned_items_are_not_readable_without_interaction() {
         let helper = PathBuf::from(env!("CARGO_BIN_EXE_wlfi-agent-system-keychain"));
         let temp_dir = unique_temp_dir();
         let keychain_path = temp_dir.join("acl-test.keychain-db");
@@ -117,23 +123,22 @@ mod macos {
             String::from_utf8_lossy(&replace.stderr)
         );
 
-        let raw_security = run(
-            "security",
-            &[
-                "find-generic-password",
-                "-w",
-                "-s",
-                service,
-                "-a",
-                account,
-                keychain_path_str,
-            ],
-        );
-        assert!(
-            !raw_security.status.success(),
-            "security CLI unexpectedly read helper-owned password: {}",
-            String::from_utf8_lossy(&raw_security.stdout)
-        );
+        let _interaction_guard =
+            SecKeychain::disable_user_interaction().expect("disable keychain UI for test process");
+        let keychain = SecKeychain::open(&keychain_path).expect("open test keychain");
+        let non_helper_read = keychain.find_generic_password(service, account);
+        match non_helper_read {
+            Ok((password, _)) => panic!(
+                "untrusted process unexpectedly read helper-owned password: {}",
+                String::from_utf8_lossy(password.as_ref())
+            ),
+            Err(error)
+                if matches!(
+                    error.code(),
+                    ERR_SEC_INTERACTION_NOT_ALLOWED | ERR_SEC_AUTH_FAILED
+                ) => {}
+            Err(error) => panic!("unexpected keychain error for untrusted read: {error:?}"),
+        }
 
         let helper_read = run(
             helper.to_str().expect("helper path utf-8"),

package/crates/vault-daemon/src/daemon_parts/api_impl_and_utils.rs

@@ -292,6 +292,12 @@ where
             let request = requests.get_mut(&approval_request_id).ok_or(
                 DaemonError::UnknownManualApprovalRequest(approval_request_id),
             )?;
+            if request.status != ManualApprovalStatus::Pending {
+                return Err(DaemonError::ManualApprovalRequestNotPending {
+                    approval_request_id,
+                    status: request.status,
+                });
+            }
             request.updated_at = now;
             match decision {
                 ManualApprovalDecision::Approve => {

package/crates/vault-daemon/src/daemon_parts/types_api_rpc.rs

@@ -81,6 +81,12 @@ pub enum DaemonError {
     /// Existing manual approval request was rejected.
     #[error("manual approval request {approval_request_id} was rejected")]
     ManualApprovalRejected { approval_request_id: Uuid },
+    /// Manual approval request was already resolved and cannot be decided again.
+    #[error("manual approval request {approval_request_id} is already {status:?}")]
+    ManualApprovalRequestNotPending {
+        approval_request_id: Uuid,
+        status: ManualApprovalStatus,
+    },
     /// Policy engine denied request.
     #[error("policy check failed: {0}")]
     Policy(#[from] PolicyError),

package/crates/vault-daemon/src/tests.rs

@@ -8,8 +8,8 @@ use serde_json::to_vec;
 use uuid::Uuid;
 use vault_domain::{
     AgentAction, AgentCredentials, AssetId, BroadcastTx, EntityScope, EvmAddress, KeySource, Lease,
-    NonceReleaseRequest, NonceReservationRequest, PolicyAttachment, PolicyType, SignRequest,
-    SpendingPolicy,
+    ManualApprovalDecision, ManualApprovalStatus, NonceReleaseRequest, NonceReservationRequest,
+    PolicyAttachment, PolicyType, SignRequest, SpendingPolicy,
 };
 use vault_signer::SoftwareSignerBackend;
 

package/crates/vault-daemon/src/tests_parts/part4.rs

@@ -602,3 +602,113 @@ async fn persistent_store_rejects_group_readable_state_file() {
         .expect("restore state file permissions for cleanup");
     std::fs::remove_file(&state_path).expect("cleanup state file");
 }
+
+#[tokio::test]
+async fn manual_approval_requests_cannot_be_decided_after_resolution() {
+    let daemon = InMemoryDaemon::new(
+        "vault-password",
+        SoftwareSignerBackend::default(),
+        DaemonConfig::default(),
+    )
+    .expect("daemon");
+
+    let lease = daemon.issue_lease("vault-password").await.expect("lease");
+    let session = AdminSession {
+        vault_password: "vault-password".to_string(),
+        lease,
+    };
+
+    daemon
+        .add_policy(
+            &session,
+            SpendingPolicy::new_manual_approval(
+                1,
+                1,
+                1_000_000_000_000_000_000,
+                EntityScope::All,
+                EntityScope::All,
+                EntityScope::All,
+            )
+            .expect("manual approval policy"),
+        )
+        .await
+        .expect("add policy");
+
+    let key = daemon
+        .create_vault_key(&session, KeyCreateRequest::Generate)
+        .await
+        .expect("key");
+    let agent_credentials = daemon
+        .create_agent_key(&session, key.id, PolicyAttachment::AllPolicies)
+        .await
+        .expect("agent");
+
+    let request = sign_request(
+        &agent_credentials,
+        AgentAction::Transfer {
+            chain_id: 1,
+            token: "0x1000000000000000000000000000000000000000"
+                .parse()
+                .expect("token"),
+            to: "0x2000000000000000000000000000000000000000"
+                .parse()
+                .expect("recipient"),
+            amount_wei: 42,
+        },
+    );
+    let approval_request_id = match daemon.sign_for_agent(request.clone()).await {
+        Err(DaemonError::ManualApprovalRequired {
+            approval_request_id, ..
+        }) => approval_request_id,
+        other => panic!("expected manual approval request, got {other:?}"),
+    };
+
+    daemon
+        .decide_manual_approval_request(
+            &session,
+            approval_request_id,
+            ManualApprovalDecision::Approve,
+            None,
+        )
+        .await
+        .expect("approve request");
+
+    let err = daemon
+        .decide_manual_approval_request(
+            &session,
+            approval_request_id,
+            ManualApprovalDecision::Reject,
+            Some("late rejection".to_string()),
+        )
+        .await
+        .expect_err("resolved request must reject a second decision");
+    assert!(matches!(
+        err,
+        DaemonError::ManualApprovalRequestNotPending {
+            approval_request_id: id,
+            status: ManualApprovalStatus::Approved,
+        } if id == approval_request_id
+    ));
+
+    daemon
+        .sign_for_agent(request)
+        .await
+        .expect("approved request should sign");
+
+    let err = daemon
+        .apply_relay_manual_approval_decision(
+            "vault-password",
+            approval_request_id,
+            ManualApprovalDecision::Reject,
+            Some("too late".to_string()),
+        )
+        .await
+        .expect_err("completed request must reject relay retries");
+    assert!(matches!(
+        err,
+        DaemonError::ManualApprovalRequestNotPending {
+            approval_request_id: id,
+            status: ManualApprovalStatus::Completed,
+        } if id == approval_request_id
+    ));
+}