#ifndef _H_PASSPHRASES
#define _H_PASSPHRASES
#include "securityserver.h"
#include "xdatabase.h"
#include <Security/utilities.h>
#include "SecurityAgentClient.h"
class SecurityAgentQuery : protected SecurityAgent::Client {
typedef SecurityAgent::Reason Reason;
public:
SecurityAgentQuery();
virtual ~SecurityAgentQuery();
};
class QueryKeychainUse : public SecurityAgent::Client::KeychainChoice, public SecurityAgentQuery {
public:
void operator () (const char *database, const char *description, AclAuthorization action);
};
class QueryPassphrase : public SecurityAgentQuery {
protected:
QueryPassphrase(unsigned int maxTries) : maxRetries(maxTries) { }
void query(const AccessCredentials *cred, CSSM_SAMPLE_TYPE relevantSampleType);
virtual void queryInteractive(CssmOwnedData &passphrase) = 0;
virtual void retryInteractive(CssmOwnedData &passphrase, Reason reason) = 0;
protected:
virtual Reason accept(CssmManagedData &passphrase, bool canRetry) = 0;
private:
const unsigned int maxRetries;
};
class QueryUnlock : public QueryPassphrase {
static const int maxTries = 3;
public:
QueryUnlock(Database &db) : QueryPassphrase(maxTries), database(db) { }
Database &database;
void operator () (const AccessCredentials *cred);
protected:
void queryInteractive(CssmOwnedData &passphrase);
void retryInteractive(CssmOwnedData &passphrase, Reason reason);
Reason accept(CssmManagedData &passphrase, bool canRetry);
};
class QueryNewPassphrase : public QueryPassphrase {
static const int maxTries = 7;
public:
QueryNewPassphrase(Database::Common &common, Reason reason)
: QueryPassphrase(maxTries), dbCommon(common), initialReason(reason),
mPassphrase(CssmAllocator::standard(CssmAllocator::sensitive)),
mPassphraseValid(false) { }
Database::Common &dbCommon;
void operator () (const AccessCredentials *cred, CssmOwnedData &passphrase);
protected:
void queryInteractive(CssmOwnedData &passphrase);
void retryInteractive(CssmOwnedData &passphrase, Reason reason);
Reason accept(CssmManagedData &passphrase, bool canRetry);
private:
Reason initialReason;
CssmAutoData mPassphrase;
bool mPassphraseValid;
};
class QueryAuthorizeByGroup : public SecurityAgentQuery {
public:
QueryAuthorizeByGroup() : mActive(false) { }
bool operator () (const char *group, const char *candidateUser,
char username[SecurityAgent::maxUsernameLength],
char passphrase[SecurityAgent::maxPassphraseLength],
Reason reason = SecurityAgent::userNotInGroup);
void cancel(Reason reason);
void done();
uid_t uid();
private:
bool mActive;
};
#endif //_H_PASSPHRASES