#ifndef _H_AGENTQUERY
#define _H_AGENTQUERY
#include "securityserver.h"
#include "xdatabase.h"
#include <Security/utilities.h>
#include "SecurityAgentClient.h"
#include "AuthorizationData.h"
using Authorization::AuthItemSet;
class Session;
class SecurityAgentQuery : protected SecurityAgent::Client {
public:
typedef SecurityAgent::Reason Reason;
static const char defaultName[];
SecurityAgentQuery();
SecurityAgentQuery(uid_t clientUID, Session &clientSession, const char *agentName = defaultName);
virtual ~SecurityAgentQuery();
virtual void activate();
virtual void terminate();
private:
Session &mClientSession;
};
class QueryKeychainUse : public SecurityAgent::Client::KeychainChoice, public SecurityAgentQuery {
public:
QueryKeychainUse(bool needPass) : needPassphrase(needPass) { }
void queryUser (const Database *db, const char* database, const char *description, AclAuthorization action);
~QueryKeychainUse();
const bool needPassphrase;
};
class QueryCodeCheck : public SecurityAgent::Client::KeychainChoice, public SecurityAgentQuery {
public:
void operator () (const char *aclPath);
};
class QueryUnlock : public SecurityAgentQuery {
static const int maxTries = kMaximumAuthorizationTries;
public:
QueryUnlock(Database &db) : database(db) { }
Database &database;
Reason operator () ();
protected:
Reason query();
void queryInteractive(CssmOwnedData &passphrase);
void retryInteractive(CssmOwnedData &passphrase, Reason reason);
Reason accept(CssmManagedData &passphrase);
};
class QueryNewPassphrase : public SecurityAgentQuery {
static const int maxTries = 7;
public:
QueryNewPassphrase(Database &db, Reason reason) :
database(db), initialReason(reason),
mPassphrase(CssmAllocator::standard(CssmAllocator::sensitive)),
mPassphraseValid(false) { }
Database &database;
Reason operator () (CssmOwnedData &passphrase);
protected:
Reason query();
void queryInteractive(CssmOwnedData &passphrase, CssmOwnedData &oldPassphrase);
void retryInteractive(CssmOwnedData &passphrase, CssmOwnedData &oldPassphrase, Reason reason);
Reason accept(CssmManagedData &passphrase, CssmData *oldPassphrase);
private:
Reason initialReason;
CssmAutoData mPassphrase;
bool mPassphraseValid;
};
class AuthorizationToken;
class QueryAuthorizeByGroup : public SecurityAgentQuery {
public:
QueryAuthorizeByGroup(uid_t clientUID, const AuthorizationToken &auth);
bool operator () (const char *group, const char *candidateUser, char username[SecurityAgent::maxUsernameLength], char passphrase[SecurityAgent::maxPassphraseLength], Reason reason = SecurityAgent::userNotInGroup);
void cancel(Reason reason);
void done();
uid_t uid();
const AuthorizationToken &authorization;
private:
bool mActive;
};
using Authorization::AuthValueVector;
class QueryInvokeMechanism : public SecurityAgentQuery {
public:
QueryInvokeMechanism(uid_t clientUID, const AuthorizationToken &auth, const char *agentName);
bool operator () (const string &inPluginId, const string &inMechanismId, const AuthValueVector &inArguments, AuthItemSet &inHints, AuthItemSet &inContext, AuthorizationResult *outResult);
void terminateAgent();
};
#endif //_H_AGENTQUERY