//
// All unlocking activity ultimately funnels through this method.
// This unlocks a DbCommon using the secrets setup in its crypto core
// component, and performs all the housekeeping needed to represent
// the state change.
// Returns true if unlock was successful, false if it failed due to
// invalid/insufficient secrets. Throws on other errors.
//
bool KeychainDbCommon::unlockDb(DbBlob *blob, void **privateAclBlob)
{
try {
// Tell the cryptocore to (try to) decode itself. This will fail
// in an astonishing variety of ways if the passphrase is wrong.
assert(hasMaster());
decodeCore(blob, privateAclBlob);
secdebug("KCdb", "%p unlock successful", this);
} catch (...) {
secdebug("KCdb", "%p unlock failed", this);
return false;
}
// get the database parameters only if we haven't got them yet
if (!mValidParams) {
mParams = blob->params;
n2hi(mParams.idleTimeout);
mValidParams = true; // sticky
}
bool isLocked = mIsLocked;
setUnlocked(); // mark unlocked
if (isLocked) {
// broadcast unlock notification, but only if we were previously locked
notify(kNotificationEventUnlocked);
SECURITYD_KEYCHAIN_UNLOCK(this, (char*)this->dbName());
}
return true;
}
void KeychainDbCommon::makeNewSecrets()
{
// we already have a master key (right?)
assert(hasMaster());
// tell crypto core to generate the use keys
DatabaseCryptoCore::generateNewSecrets();
// we're now officially "unlocked"; set the timer
setUnlocked();
}
void Mutex::unlock() {
m_mutex->unlock();
setUnlocked();
}
