#ifndef _H_AGENTQUERY
#define _H_AGENTQUERY
-#include <security_agent_client/agentclient.h>
#include <security_cdsa_utilities/AuthorizationData.h>
#include <security_utilities/ccaudit.h> // some queries do their own authentication
#include <Security/AuthorizationPlugin.h>
#include "kcdatabase.h"
-#include "AuthorizationEngine.h"
#include "authhost.h"
#include "server.h"
#include "session.h"
using Authorization::AuthValueVector;
using Security::OSXCode;
-//
-// base for classes talking to SecurityAgent and authorizationhost
-//
-class SecurityAgentConnection : public SecurityAgent::Client,
-public SecurityAgentConnectionInterface
-{
-public:
- SecurityAgentConnection(const AuthHostType type = securityAgent, Session &session = Server::session());
- virtual ~SecurityAgentConnection();
- virtual void activate();
- virtual void reconnect();
- virtual void disconnect() { };
- virtual void terminate();
-
- AuthHostType hostType() { return mAuthHostType; }
-
-protected:
- AuthHostType mAuthHostType;
- RefPointer<AuthHostInstance> mHostInstance;
- Port mPort;
- const RefPointer<Connection> mConnection;
- audit_token_t *mAuditToken;
-};
+#define kMaximumAuthorizationTries (10000)
//
// base for classes talking to com.apple.security.agent and com.apple.security.authhost
//
-class SecurityAgentXPCConnection : public SecurityAgentConnectionInterface
+class SecurityAgentXPCConnection
{
public:
- SecurityAgentXPCConnection(const AuthHostType type = securityAgent, Session &session = Server::session());
+ SecurityAgentXPCConnection(Session &session = Server::session());
virtual ~SecurityAgentXPCConnection();
virtual void activate(bool ignoreUid);
- virtual void reconnect();
virtual void disconnect() { };
virtual void terminate();
-
- AuthHostType hostType() { return mAuthHostType; }
-
+
protected:
- AuthHostType mAuthHostType;
RefPointer<AuthHostInstance> mHostInstance;
Session &mSession;
xpc_connection_t mXPCConnection;
- xpc_connection_t mXPCStubConnection;
const RefPointer<Connection> mConnection;
audit_token_t *mAuditToken;
uid_t mNobodyUID;
};
-//
-// The main SecurityAgent/authorizationhost interaction base class
-//
-class SecurityAgentQuery : public SecurityAgentConnection
-{
-public:
- typedef SecurityAgent::Reason Reason;
-
- SecurityAgentQuery(const AuthHostType type = securityAgent, Session &session = Server::session());
-
-
- void inferHints(Process &thisProcess);
- void addHint(const char *name, const void *value = NULL, UInt32 valueLen = 0, UInt32 flags = 0);
-
- virtual ~SecurityAgentQuery();
-
- virtual void disconnect();
- virtual void terminate();
- void create(const char *pluginId, const char *mechanismId, const SessionId inSessionId);
-
- void readChoice();
-
- bool allow;
- bool remember;
-
-protected:
- AuthItemSet mClientHints;
-};
//
-// The main com.apple.security.agent/com.apple.security.authhost interaction base class
+// The main com.apple.security.agent interaction base class
//
class SecurityAgentXPCQuery : public SecurityAgentXPCConnection
{
typedef SecurityAgent::Reason Reason;
- SecurityAgentXPCQuery(const AuthHostType type = securityAgent, Session &session = Server::session());
+ SecurityAgentXPCQuery(Session &session = Server::session());
void inferHints(Process &thisProcess);
virtual void disconnect();
virtual void terminate();
- void create(const char *pluginId, const char *mechanismId, const SessionId inSessionId);
- OSStatus invoke();
+ void create(const char *pluginId, const char *mechanismId);
+ void invoke();
void setTerminateOnSleep(bool terminateOnSleep) {mTerminateOnSleep = terminateOnSleep;}
bool getTerminateOnSleep() {return mTerminateOnSleep;}
void setInput(const AuthItemSet& inHints, const AuthItemSet& inContext) { mInHints = inHints; mInContext = inContext; }
};
-//
-// Specialized for code signature adjustment queries
-//
-class QueryCodeCheck : public SecurityAgentXPCQuery {
-public:
- bool operator () (const char *aclPath);
-};
-
-
//
// A query for an existing passphrase
//
Reason accept(CssmManagedData &passphrase, DbHandle *dbHandlesToAuthenticate, uint8 dbHandleCount, DbHandle *dbHandleAuthenticated);
};
-class QueryInvokeMechanism : public SecurityAgentQuery, public RefCount {
-public:
- QueryInvokeMechanism(const AuthHostType type, Session &session);
- void initialize(const string &inPluginId, const string &inMechanismId, const AuthValueVector &arguments, const SessionId inSessionId = 0);
- void run(const AuthValueVector &inArguments, AuthItemSet &inHints, AuthItemSet &inContext, AuthorizationResult *outResult);
-
- bool operator () (const string &inPluginId, const string &inMechanismId, const Authorization::AuthValueVector &inArguments, AuthItemSet &inHints, AuthItemSet &inContext, AuthorizationResult *outResult);
- void terminateAgent();
- //~QueryInvokeMechanism();
-
- AuthValueVector mArguments;
-};
-
// hybrid of confirm-access and generic authentication queries, for
// securityd's use; keep the Frankenstein references to yourself
// (the alternative is to ask the user to unlock the system keychain,
public:
QueryKeychainAuth() { }
// "prompt" can be NULL
- Reason operator () (const char *database, const char *description, AclAuthorization action, const char *prompt);
+ Reason performQuery(const KeychainDatabase&, const char *description, AclAuthorization action, const char *prompt);
Reason accept(string &username, string &passphrase);
};
projects / apple / security.git / blobdiff