X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/80e2389990082500d76eb566d4946be3e786c3ef..d8f41ccd20de16f8ebe2ccc84d47bf1cb2b26bbb:/securityd/src/credential.h diff --git a/securityd/src/credential.h b/securityd/src/credential.h new file mode 100644 index 00000000..48004763 --- /dev/null +++ b/securityd/src/credential.h @@ -0,0 +1,104 @@ +/* + * Copyright (c) 2000-2004,2006-2007,2009,2012 Apple Inc. All Rights Reserved. + * + * @APPLE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this + * file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_LICENSE_HEADER_END@ + */ + +#ifndef _H_CREDENTIAL +#define _H_CREDENTIAL + +#include +#include +#include + +namespace Authorization { + + // There should be an abstract base class for Credential so we can have + // different kinds, e.g., those associated with smart-card auth, or those + // not requiring authentication as such at all. () + +/* Credentials are less than comparable so they can be put in sets or maps. */ +class CredentialImpl : public RefCount +{ +public: + CredentialImpl(); + CredentialImpl(const uid_t uid, const string &username, const string &realname, bool shared); + CredentialImpl(const string &username, const string &password, bool shared); + CredentialImpl(const string &right, bool shared); + ~CredentialImpl(); + + bool operator < (const CredentialImpl &other) const; + + // Returns true if this credential should be shared. + bool isShared() const; + + // Merge with other + void merge(const CredentialImpl &other); + + // The time at which this credential was obtained. + CFAbsoluteTime creationTime() const; + + // Return true iff this credential is valid. + bool isValid() const; + + // Make this credential invalid. + void invalidate(); + + // We could make Rule a friend but instead we just expose this for now + inline const uid_t uid() const { return mUid; } + inline const string& name() const { return mName; } + inline const string& realname() const { return mRealName; } + inline const bool isRight() const { return mRight; } + +private: + bool mShared; // credential is shared + bool mRight; // is least-privilege credential + + + // Fields below are not used by less-than operator + + // The user that provided his password. + uid_t mUid; + string mName; + string mRealName; + + CFAbsoluteTime mCreationTime; + bool mValid; +}; + +/* Credentials are less than comparable so they can be put in sets or maps. */ +class Credential : public RefPointer +{ +public: + Credential(); + Credential(CredentialImpl *impl); + Credential(const uid_t uid, const string &username, const string &realname, bool shared); + Credential(const string &username, const string &password, bool shared); + Credential(const string &right, bool shared); + ~Credential(); + + bool operator < (const Credential &other) const; +}; + +typedef set CredentialSet; + +} // namespace Authorization + +#endif // _H_CREDENTIAL