5 * Copyright (c) 2002,2008 Apple Inc.. All rights reserved.
10 #define _H_AGENTCLIENT
12 #include <Security/Authorization.h>
13 #include <Security/AuthorizationPlugin.h>
14 #include <Security/AuthorizationTags.h>
15 #include <Security/AuthorizationTagsPriv.h>
17 #include <security_agent_client/sa_types.h>
19 #if defined(__cplusplus)
22 #include <security_utilities/mach++.h>
23 #include <security_cdsa_utilities/AuthorizationData.h>
25 namespace SecurityAgent
{
26 #endif /* __cplusplus__ */
28 // Manimum number of failed authentications before
29 // SecurityAgent dialog is killed.
30 #define kMaximumAuthorizationTries 10000
32 // Number of failed authentications before a password
34 #define kAuthorizationTriesBeforeHint 3
36 #define maxPassphraseLength 1024
39 // Unified reason codes transmitted to SecurityAgent (and internationalized there)
42 noReason
= 0, // no reason (not used, used as a NULL)
43 unknownReason
, // something else (catch-all internal error)
45 // reasons for asking for a new passphrase
46 newDatabase
= 11, // need passphrase for a new database
47 changePassphrase
, // changing passphrase for existing database
49 // reasons for retrying an unlock query
50 invalidPassphrase
= 21, // passphrase was wrong
52 // reasons for retrying a new passphrase query
53 passphraseIsNull
= 31, // empty passphrase
54 passphraseTooSimple
, // passphrase is not complex enough
55 passphraseRepeated
, // passphrase was used before (must use new one)
56 passphraseUnacceptable
, // passphrase unacceptable for some other reason
57 oldPassphraseWrong
, // the old passphrase given is wrong
59 // reasons for retrying an authorization query
60 userNotInGroup
= 41, // authenticated user not in needed group
61 unacceptableUser
, // authenticated user unacceptable for some other reason
63 // reasons for canceling a staged query
64 tooManyTries
= 61, // too many failed attempts to get it right
65 noLongerNeeded
, // the queried item is no longer needed
66 keychainAddFailed
, // the requested itemed couldn't be added to the keychain
67 generalErrorCancel
, // something went wrong so we have to give up now
68 resettingPassword
, // The user has indicated that they wish to reset their password
79 #if defined(__cplusplus)
81 using MachPlusPlus::Port
;
82 using MachPlusPlus::PortSet
;
83 using MachPlusPlus::Bootstrap
;
84 using MachPlusPlus::ReceivePort
;
85 using MachPlusPlus::Message
;
86 using Authorization::AuthItemSet
;
87 using Authorization::AuthValueVector
;
95 enum MessageType
{ requestInterruptMessage
, didDeactivateMessage
, reportErrorMessage
};
101 static AuthItemSet
clientHints(SecurityAgent::RequestorType type
, std::string
&path
, pid_t clientPid
, uid_t clientUid
);
103 static OSStatus
startTransaction(Port serverPort
);
104 static OSStatus
endTransaction(Port serverPort
);
107 void establishServer();
110 void activate(Port serverPort
);
112 OSStatus
contact(mach_port_t jobId
, Bootstrap processBootstrap
, mach_port_t userPrefs
);
113 OSStatus
create(const char *pluginId
, const char *mechanismId
, const SessionId inSessionId
);
114 void setArguments(const Authorization::AuthValueVector
& inArguments
) { mArguments
= inArguments
; }
115 void setInput(const Authorization::AuthItemSet
& inHints
, const Authorization::AuthItemSet
& inContext
) { mInHints
= inHints
; mInContext
= inContext
; }
117 OSStatus
deactivate();
119 OSStatus
terminate();
122 void didCreate(const mach_port_t inStagePort
);
123 void setResult(const AuthorizationResult inResult
, const AuthorizationItemSet
*inHints
, const AuthorizationItemSet
*inContext
);
124 void requestInterrupt(); // setMessageType(requestInterrupt);
125 void didDeactivate(); // setMessageType(didDeactivate);
127 void setError(const OSStatus inMechanismError
); // setMessageType(reportError); setError(mechanismError);
129 AuthorizationResult
result() { return mResult
; }
131 typedef enum _PluginState
{
140 PluginState
state() { return mState
; }
143 void setMessageType(const MessageType inMessageType
);
144 // allow didCreate to set stagePort
145 void setStagePort(const mach_port_t inStagePort
);
146 // allow server routines to use request port to find instance
148 // @@@ implement lessThan operator for set in terms of instance
152 void teardown() throw();
158 MessageType mMessageType
;
160 OSStatus mErrorState
;
162 AuthorizationResult mResult
;
163 AuthValueVector mArguments
;
164 AuthItemSet mInHints
;
165 AuthItemSet mInContext
;
166 AuthItemSet mOutHints
;
167 AuthItemSet mOutContext
;
170 void setState(PluginState mState
);
172 bool mTerminateOnSleep
;
175 mach_port_t
instance() const { return mClientPort
; }
176 // bool operator == (const Client &other) const { return this->instance() == other.instance(); }
177 bool operator < (const Client
&other
) const { return this->instance() < other
.instance(); }
179 AuthItemSet
&inHints() { return mInHints
; }
180 AuthItemSet
&inContext() { return mInContext
; }
181 AuthItemSet
&outHints() { return mOutHints
; }
182 AuthItemSet
&outContext() { return mOutContext
; }
184 void setTerminateOnSleep(bool terminateOnSleep
) {mTerminateOnSleep
= terminateOnSleep
;}
185 bool getTerminateOnSleep() {return mTerminateOnSleep
;}
188 void check(mach_msg_return_t returnCode
);
197 set
<Client
*> mClients
;
198 PortSet mClientPortSet
;
201 void create(); // create an agentclient
202 void insert(Client
*agent
) { StLock
<Mutex
> _(mLock
); mClients
.insert(agent
); mClientPortSet
+= agent
->instance(); }
203 void remove(Client
*agent
) { StLock
<Mutex
> _(mLock
); mClientPortSet
-= agent
->instance(); mClients
.erase(agent
); }
204 Client
&find(const mach_port_t instance
) const;
206 bool compare(const Client
* client
, mach_port_t instance
);
209 static ThreadNexus
<Clients
> gClients
;
210 static ModuleNexus
<RecursiveMutex
> gAllClientsMutex
;
211 static ModuleNexus
<set
<Client
*> > allClients
;
212 static void killAllClients();
215 } // end namespace Authorization
217 #endif /* __cplusplus__ */
219 #endif /* _H_AGENTCLIENT */
projects / apple / securityd.git / blob