//
// The main driver.
// This scans a database for referral records and forms corresponding
// credentials to trigger unlocks.
// Returns true if any valid unlock credentials were found; false otherwise.
// Only throws if the database is messed up.
//
bool DefaultCredentials::operator () (Db database)
{
if (!mMade) {
try {
// before we do anything else, see if we have a relation in the database of the appropriate type
KeychainSchema keychainSchema = mKeychainImpl->keychainSchema();
if (keychainSchema->hasRecordType(UnlockReferralRecord::recordType))
{
clear();
Table<UnlockReferralRecord> referrals(database);
for (Table<UnlockReferralRecord>::iterator it = referrals.begin(); it != referrals.end(); it++) {
switch ((*it)->type()) {
case CSSM_APPLE_UNLOCK_TYPE_KEY_DIRECT:
case CSSM_APPLE_UNLOCK_TYPE_WRAPPED_PRIVATE:
keyReferral(**it);
break;
default:
secdebug("kcreferral", "referral type %lu (to %s) not supported",
(unsigned long)(*it)->type(), (*it)->dbName().c_str());
break;
}
}
}
secdebug("kcreferral", "%lu samples generated", (unsigned long)size());
} catch (...) {
secdebug("kcreferral", "exception setting default credentials for %s; using standard value", database->name());
}
mMade = true;
}
return size() > 0; // got credentials?
}
