#ifndef _H_AGENTQUERY
#define _H_AGENTQUERY
#include "securityserver.h"
#include "xdatabase.h"
#include <Security/utilities.h>
#include "SecurityAgentClient.h"
#include "AuthorizationData.h"
using Authorization::AuthItemSet;
class Session;
class SecurityAgentQuery : protected SecurityAgent::Client {
public:
typedef SecurityAgent::Reason Reason;
SecurityAgentQuery(uid_t clientUID, Session &clientSession);
virtual ~SecurityAgentQuery();
virtual void activate(const char *bootstrapName = NULL);
virtual void terminate();
private:
Session &mClientSession;
};
class QueryKeychainUse : public SecurityAgent::Client::KeychainChoice, public SecurityAgentQuery {
public:
QueryKeychainUse(uid_t clientUID, Session &clientSession,
bool needPass) :
SecurityAgentQuery(clientUID, clientSession),
needPassphrase(needPass) { }
void operator () (const char *database, const char *description, AclAuthorization action);
const bool needPassphrase;
};
class QueryPassphrase : public SecurityAgentQuery {
protected:
QueryPassphrase(uid_t clientUID, Session &clientSession,
unsigned int maxTries) :
SecurityAgentQuery(clientUID, clientSession),
maxRetries(maxTries) { }
void query(const AccessCredentials *cred, CSSM_SAMPLE_TYPE relevantSampleType);
virtual void queryInteractive(CssmOwnedData &passphrase) = 0;
virtual void retryInteractive(CssmOwnedData &passphrase, Reason reason) = 0;
protected:
virtual Reason accept(CssmManagedData &passphrase, bool canRetry) = 0;
private:
const unsigned int maxRetries;
};
class QueryUnlock : public QueryPassphrase {
static const int maxTries = 3;
public:
QueryUnlock(uid_t clientUID, Session &clientSession,
Database &db) :
QueryPassphrase(clientUID, clientSession, maxTries),
database(db) { }
Database &database;
void operator () (const AccessCredentials *cred);
protected:
void queryInteractive(CssmOwnedData &passphrase);
void retryInteractive(CssmOwnedData &passphrase, Reason reason);
Reason accept(CssmManagedData &passphrase, bool canRetry);
};
class QueryNewPassphrase : public QueryPassphrase {
static const int maxTries = 7;
public:
QueryNewPassphrase(uid_t clientUID, Session &clientSession,
Database::Common &common, Reason reason) :
QueryPassphrase(clientUID, clientSession, maxTries),
dbCommon(common), initialReason(reason),
mPassphrase(CssmAllocator::standard(CssmAllocator::sensitive)),
mPassphraseValid(false) { }
Database::Common &dbCommon;
void operator () (const AccessCredentials *cred, CssmOwnedData &passphrase);
protected:
void queryInteractive(CssmOwnedData &passphrase);
void retryInteractive(CssmOwnedData &passphrase, Reason reason);
Reason accept(CssmManagedData &passphrase, bool canRetry);
private:
Reason initialReason;
CssmAutoData mPassphrase;
bool mPassphraseValid;
};
class AuthorizationToken;
class QueryAuthorizeByGroup : public SecurityAgentQuery {
public:
QueryAuthorizeByGroup(uid_t clientUID, const AuthorizationToken &auth);
bool operator () (const char *group, const char *candidateUser, char username[SecurityAgent::maxUsernameLength], char passphrase[SecurityAgent::maxPassphraseLength], Reason reason = SecurityAgent::userNotInGroup);
void cancel(Reason reason);
void done();
uid_t uid();
const AuthorizationToken &authorization;
private:
bool mActive;
};
class QueryInvokeMechanism : public SecurityAgentQuery {
public:
QueryInvokeMechanism(uid_t clientUID, const AuthorizationToken &auth);
bool operator () (const string &inPluginId, const string &inMechanismId, const AuthorizationValueVector *inArguments, const AuthItemSet &inHints, const AuthItemSet &inContext, AuthorizationResult *outResult, AuthorizationItemSet *&outHintsPtr, AuthorizationItemSet *&outContextPtr);
};
class QueryTerminateAgent : public SecurityAgentQuery {
public:
QueryTerminateAgent(uid_t clientUID, const AuthorizationToken &auth);
void operator () ();
};
#endif //_H_AGENTQUERY