]> git.saurik.com Git - apple/security.git/blob - SecurityServer/agentquery.h
Security-54.tar.gz
[apple/security.git] / SecurityServer / agentquery.h
1 /*
2 * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
3 *
4 * The contents of this file constitute Original Code as defined in and are
5 * subject to the Apple Public Source License Version 1.2 (the 'License').
6 * You may not use this file except in compliance with the License. Please obtain
7 * a copy of the License at http://www.apple.com/publicsource and read it before
8 * using this file.
9 *
10 * This Original Code and all software distributed under the License are
11 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
12 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
13 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
14 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
15 * specific language governing rights and limitations under the License.
16 */
17
18
19 //
20 // passphrases - canonical code to obtain passphrases
21 //
22 #ifndef _H_AGENTQUERY
23 #define _H_AGENTQUERY
24
25 #include "securityserver.h"
26 #include "xdatabase.h"
27 #include <Security/utilities.h>
28 #include "SecurityAgentClient.h"
29 #include "AuthorizationData.h"
30
31 using Authorization::AuthItemSet;
32
33 //
34 // The common machinery of retryable SecurityAgent queries
35 //
36 class Session;
37
38 class SecurityAgentQuery : protected SecurityAgent::Client {
39 public:
40 typedef SecurityAgent::Reason Reason;
41
42 SecurityAgentQuery(uid_t clientUID, Session &clientSession);
43 virtual ~SecurityAgentQuery();
44
45 virtual void activate(const char *bootstrapName = NULL);
46 virtual void terminate();
47
48 private:
49 Session &mClientSession;
50 };
51
52
53 //
54 // Specialized for "rogue app" alert queries
55 //
56 class QueryKeychainUse : public SecurityAgent::Client::KeychainChoice, public SecurityAgentQuery {
57 public:
58 QueryKeychainUse(uid_t clientUID, Session &clientSession,
59 bool needPass) :
60 SecurityAgentQuery(clientUID, clientSession),
61 needPassphrase(needPass) { }
62 void operator () (const char *database, const char *description, AclAuthorization action);
63
64 const bool needPassphrase;
65 };
66
67
68 //
69 // Specialized for passphrase-yielding queries based on Credential markers
70 //
71 class QueryPassphrase : public SecurityAgentQuery {
72 protected:
73 QueryPassphrase(uid_t clientUID, Session &clientSession,
74 unsigned int maxTries) :
75 SecurityAgentQuery(clientUID, clientSession),
76 maxRetries(maxTries) { }
77 void query(const AccessCredentials *cred, CSSM_SAMPLE_TYPE relevantSampleType);
78
79 virtual void queryInteractive(CssmOwnedData &passphrase) = 0;
80 virtual void retryInteractive(CssmOwnedData &passphrase, Reason reason) = 0;
81
82 protected:
83 virtual Reason accept(CssmManagedData &passphrase, bool canRetry) = 0;
84
85 private:
86 const unsigned int maxRetries;
87 };
88
89
90 //
91 // A query for an existing passphrase
92 //
93 class QueryUnlock : public QueryPassphrase {
94 static const int maxTries = 3;
95 public:
96 QueryUnlock(uid_t clientUID, Session &clientSession,
97 Database &db) :
98 QueryPassphrase(clientUID, clientSession, maxTries),
99 database(db) { }
100
101 Database &database;
102
103 void operator () (const AccessCredentials *cred);
104
105 protected:
106 void queryInteractive(CssmOwnedData &passphrase);
107 void retryInteractive(CssmOwnedData &passphrase, Reason reason);
108 Reason accept(CssmManagedData &passphrase, bool canRetry);
109 };
110
111
112 //
113 // A query for a new passphrase
114 //
115 class QueryNewPassphrase : public QueryPassphrase {
116 static const int maxTries = 7;
117 public:
118 QueryNewPassphrase(uid_t clientUID, Session &clientSession,
119 Database::Common &common, Reason reason) :
120 QueryPassphrase(clientUID, clientSession, maxTries),
121 dbCommon(common), initialReason(reason),
122 mPassphrase(CssmAllocator::standard(CssmAllocator::sensitive)),
123 mPassphraseValid(false) { }
124
125 Database::Common &dbCommon;
126
127 void operator () (const AccessCredentials *cred, CssmOwnedData &passphrase);
128
129 protected:
130 void queryInteractive(CssmOwnedData &passphrase);
131 void retryInteractive(CssmOwnedData &passphrase, Reason reason);
132 Reason accept(CssmManagedData &passphrase, bool canRetry);
133
134 private:
135 Reason initialReason;
136 CssmAutoData mPassphrase;
137 bool mPassphraseValid;
138 };
139
140
141 //
142 // The "give user/passphrase in group" authorization dialog.
143 // This class is not self-contained, since the AuthorizationEngine wants
144 // to micro-manage the retry process.
145 //
146 class AuthorizationToken;
147
148 class QueryAuthorizeByGroup : public SecurityAgentQuery {
149 public:
150 QueryAuthorizeByGroup(uid_t clientUID, const AuthorizationToken &auth);
151
152 bool operator () (const char *group, const char *candidateUser, char username[SecurityAgent::maxUsernameLength], char passphrase[SecurityAgent::maxPassphraseLength], Reason reason = SecurityAgent::userNotInGroup);
153 void cancel(Reason reason);
154 void done();
155
156 uid_t uid();
157
158 const AuthorizationToken &authorization;
159
160 private:
161 bool mActive;
162 };
163
164 class QueryInvokeMechanism : public SecurityAgentQuery {
165 public:
166 QueryInvokeMechanism(uid_t clientUID, const AuthorizationToken &auth);
167 bool operator () (const string &inPluginId, const string &inMechanismId, const AuthorizationValueVector *inArguments, const AuthItemSet &inHints, const AuthItemSet &inContext, AuthorizationResult *outResult, AuthorizationItemSet *&outHintsPtr, AuthorizationItemSet *&outContextPtr);
168 };
169
170 class QueryTerminateAgent : public SecurityAgentQuery {
171 public:
172 QueryTerminateAgent(uid_t clientUID, const AuthorizationToken &auth);
173 void operator () ();
174 };
175
176
177
178 #endif //_H_AGENTQUERY