]> git.saurik.com Git - apple/security.git/blob - SecurityServer/Authorization/AuthorizationData.h
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-177.tar.gz
[apple/security.git] / SecurityServer / Authorization / AuthorizationData.h
1 /*
2 * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
3 *
4 * The contents of this file constitute Original Code as defined in and are
5 * subject to the Apple Public Source License Version 1.2 (the 'License').
6 * You may not use this file except in compliance with the License. Please obtain
7 * a copy of the License at http://www.apple.com/publicsource and read it before
8 * using this file.
9 *
10 * This Original Code and all software distributed under the License are
11 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
12 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
13 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
14 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
15 * specific language governing rights and limitations under the License.
16 */
17
18
19 /*
20 * AuthorizationData.h
21 * Authorization
22 *
23 * Copyright: (c) 2000 by Apple Computer, Inc., all rights reserved
24 *
25 */
26
27 #ifndef _H_AUTHORIZATIONDATA
28 #define _H_AUTHORIZATIONDATA 1
29
30 #include <Security/Authorization.h>
31 #include <Security/AuthorizationPlugin.h>
32
33 #include <Security/refcount.h>
34 #include <Security/cssmalloc.h>
35
36 #include <map>
37 #include <set>
38 #include <string>
39
40 // ptrdiff_t needed, so including STL type closest
41 #include <vector>
42
43 namespace Authorization
44 {
45
46 class AuthValueOverlay : public AuthorizationValue
47 {
48 public:
49 AuthValueOverlay(const string& stringValue) { length = stringValue.length(); data = const_cast<char *>(stringValue.c_str()); }
50 AuthValueOverlay(UInt32 inLength, void *inData) { length = inLength; data = inData; }
51 };
52
53 class AuthValueRef;
54
55 class AuthValue : public RefCount
56 {
57 friend class AuthValueRef;
58 private:
59 AuthValue(const AuthValue& value) {}
60 protected:
61 AuthValue(const AuthorizationValue &value);
62 AuthValue(UInt32 length, void *data);
63 public:
64 AuthValue &operator = (const AuthValue &other);
65 ~AuthValue();
66 void fillInAuthorizationValue(AuthorizationValue &value);
67 const AuthorizationValue& value() const { return mValue; }
68 private:
69 AuthorizationValue mValue;
70 mutable bool mOwnsValue;
71 };
72
73 // AuthValueRef impl
74 class AuthValueRef : public RefPointer<AuthValue>
75 {
76 public:
77 AuthValueRef(const AuthValue &value);
78 AuthValueRef(const AuthorizationValue &value);
79 AuthValueRef(UInt32 length, void *data);
80 };
81
82
83 // vector should become a member with accessors
84 class AuthValueVector : public vector<AuthValueRef>
85 {
86 NOCOPY(AuthValueVector)
87 public:
88 AuthValueVector() {}
89 ~AuthValueVector() {}
90
91 AuthValueVector &operator = (const AuthorizationValueVector& valueVector);
92
93 void copy(AuthorizationValueVector **data, size_t *length) const;
94 };
95
96
97
98 class AuthItemRef;
99
100 class AuthItem : public RefCount
101 {
102 friend class AuthItemRef;
103 private:
104 AuthItem(const AuthItem& item);
105 protected:
106 AuthItem(const AuthorizationItem &item);
107 AuthItem(AuthorizationString name);
108 AuthItem(AuthorizationString name, AuthorizationValue value);
109 AuthItem(AuthorizationString name, AuthorizationValue value, AuthorizationFlags flags);
110
111 bool operator < (const AuthItem &other) const;
112
113 public:
114 AuthItem &operator = (const AuthItem &other);
115 ~AuthItem();
116
117 void fillInAuthorizationItem(AuthorizationItem &item);
118
119 AuthorizationString name() const { return mName; }
120 const AuthorizationValue& value() const { return mValue; }
121 string stringValue() const { return string(static_cast<char *>(mValue.data), mValue.length); }
122 AuthorizationFlags flags() const { return mFlags; }
123 void setFlags(AuthorizationFlags inFlags) { mFlags = inFlags; };
124
125 private:
126 AuthorizationString mName;
127 AuthorizationValue mValue;
128 AuthorizationFlags mFlags;
129 mutable bool mOwnsName;
130 mutable bool mOwnsValue;
131 };
132
133 class AuthItemRef : public RefPointer<AuthItem>
134 {
135 public:
136 AuthItemRef(const AuthorizationItem &item);
137 AuthItemRef(AuthorizationString name);
138 AuthItemRef(AuthorizationString name, AuthorizationValue value, AuthorizationFlags flags = 0);
139
140 bool operator < (const AuthItemRef &other) const
141 {
142 return **this < *other;
143 }
144 };
145
146 // set should become a member with accessors
147 class AuthItemSet : public set<AuthItemRef>
148 {
149 public:
150 AuthItemSet();
151 ~AuthItemSet();
152 AuthItemSet(const AuthorizationItemSet *item);
153
154 AuthItemSet &operator = (const AuthorizationItemSet& itemSet);
155
156 void copy(AuthorizationItemSet *&data, size_t &length, CssmAllocator &alloc = CssmAllocator::standard()) const;
157 };
158
159 class FindAuthItemByRightName
160 {
161 public:
162 FindAuthItemByRightName(const char *find_name) : name(find_name) { }
163
164 bool operator()( const AuthItemRef& authitem )
165 {
166 return (!strcmp(name, authitem->name()));
167 }
168 bool operator()( const AuthorizationItem* authitem )
169 {
170 return (!strcmp(name, authitem->name));
171 }
172
173 private:
174 const char *name;
175 };
176
177
178
179 /* Credentials are less than comparable so they can be put in sets or maps. */
180 class CredentialImpl : public RefCount
181 {
182 public:
183 CredentialImpl(const string &username, const uid_t uid, gid_t gid, bool shared);
184 CredentialImpl(const string &username, const string &password, bool shared);
185 ~CredentialImpl();
186
187 bool operator < (const CredentialImpl &other) const;
188
189 // Returns true if this credential should be shared.
190 bool isShared() const;
191
192 // Merge with other
193 void merge(const CredentialImpl &other);
194
195 // The time at which this credential was obtained.
196 CFAbsoluteTime creationTime() const;
197
198 // Return true iff this credential is valid.
199 bool isValid() const;
200
201 // Make this credential invalid.
202 void invalidate();
203
204 // We could make Rule a friend but instead we just expose this for now
205 inline const string& username() const { return mUsername; }
206 inline const uid_t uid() const { return mUid; }
207 inline const gid_t gid() const { return mGid; }
208
209
210 private:
211 // The username of the user that provided his password.
212 // This and mShared are what make this credential unique.
213 // @@@ We do not deal with the domain as of yet.
214 string mUsername;
215
216 // True iff this credential is shared.
217 bool mShared;
218
219 // Fields below are not used by less than operator
220
221 // cached pw-data as returned by getpwnam(mUsername)
222 uid_t mUid;
223 gid_t mGid;
224
225 CFAbsoluteTime mCreationTime;
226 bool mValid;
227 };
228
229
230 /* Credentials are less than comparable so they can be put in sets or maps. */
231 class Credential : public RefPointer<CredentialImpl>
232 {
233 public:
234 Credential();
235 Credential(CredentialImpl *impl);
236 Credential(const string &username, const uid_t uid, gid_t gid, bool shared);
237 Credential(const string &username, const string &password, bool shared);
238 ~Credential();
239
240 bool operator < (const Credential &other) const;
241 };
242
243
244 typedef set<Credential> CredentialSet;
245
246
247
248
249 }; // namespace Authorization
250
251 #endif /* ! _H_AUTHORIZATIONDATA */
mirror of Security