2 * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
4 * The contents of this file constitute Original Code as defined in and are
5 * subject to the Apple Public Source License Version 1.2 (the 'License').
6 * You may not use this file except in compliance with the License. Please obtain
7 * a copy of the License at http://www.apple.com/publicsource and read it before
10 * This Original Code and all software distributed under the License are
11 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
12 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
13 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
14 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
15 * specific language governing rights and limitations under the License.
20 // passphrases - canonical code to obtain passphrases
22 #ifndef _H_PASSPHRASES
23 #define _H_PASSPHRASES
25 #include "securityserver.h"
26 #include "xdatabase.h"
27 #include <Security/utilities.h>
28 #include "SecurityAgentClient.h"
32 // The common machinery of retryable SecurityAgent queries
34 class SecurityAgentQuery
: protected SecurityAgent::Client
{
35 typedef SecurityAgent::Reason Reason
;
38 virtual ~SecurityAgentQuery();
43 // Specialized for "rogue app" alert queries
45 class QueryKeychainUse
: public SecurityAgent::Client::KeychainChoice
, public SecurityAgentQuery
{
47 void operator () (const char *database
, const char *description
, AclAuthorization action
);
52 // Specialized for passphrase-yielding queries based on Credential markers
54 class QueryPassphrase
: public SecurityAgentQuery
{
56 QueryPassphrase(unsigned int maxTries
) : maxRetries(maxTries
) { }
57 void query(const AccessCredentials
*cred
, CSSM_SAMPLE_TYPE relevantSampleType
);
59 virtual void queryInteractive(CssmOwnedData
&passphrase
) = 0;
60 virtual void retryInteractive(CssmOwnedData
&passphrase
, Reason reason
) = 0;
63 virtual Reason
accept(CssmManagedData
&passphrase
, bool canRetry
) = 0;
66 const unsigned int maxRetries
;
71 // A query for an existing passphrase
73 class QueryUnlock
: public QueryPassphrase
{
74 static const int maxTries
= 3;
76 QueryUnlock(Database
&db
) : QueryPassphrase(maxTries
), database(db
) { }
80 void operator () (const AccessCredentials
*cred
);
83 void queryInteractive(CssmOwnedData
&passphrase
);
84 void retryInteractive(CssmOwnedData
&passphrase
, Reason reason
);
85 Reason
accept(CssmManagedData
&passphrase
, bool canRetry
);
90 // A query for a new passphrase
92 class QueryNewPassphrase
: public QueryPassphrase
{
93 static const int maxTries
= 7;
95 QueryNewPassphrase(Database::Common
&common
, Reason reason
)
96 : QueryPassphrase(maxTries
), dbCommon(common
), initialReason(reason
),
97 mPassphrase(CssmAllocator::standard(CssmAllocator::sensitive
)),
98 mPassphraseValid(false) { }
100 Database::Common
&dbCommon
;
102 void operator () (const AccessCredentials
*cred
, CssmOwnedData
&passphrase
);
105 void queryInteractive(CssmOwnedData
&passphrase
);
106 void retryInteractive(CssmOwnedData
&passphrase
, Reason reason
);
107 Reason
accept(CssmManagedData
&passphrase
, bool canRetry
);
110 Reason initialReason
;
111 CssmAutoData mPassphrase
;
112 bool mPassphraseValid
;
117 // The "give user/passphrase in group" authorization dialog.
118 // This class is not self-contained, since the AuthorizationEngine wants
119 // to micro-manage the retry process.
121 class QueryAuthorizeByGroup
: public SecurityAgentQuery
{
123 QueryAuthorizeByGroup() : mActive(false) { }
124 bool operator () (const char *group
, const char *candidateUser
,
125 char username
[SecurityAgent::maxUsernameLength
],
126 char passphrase
[SecurityAgent::maxPassphraseLength
],
127 Reason reason
= SecurityAgent::userNotInGroup
);
128 void cancel(Reason reason
);
138 #endif //_H_PASSPHRASES
projects / apple / security.git / blob