2 * Copyright (c) 2000-2004,2009 Apple Inc. All Rights Reserved.
4 * @APPLE_LICENSE_HEADER_START@
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
21 * @APPLE_LICENSE_HEADER_END@
27 #include <security_utilities/refcount.h>
28 #include <CoreFoundation/CFDate.h>
31 namespace Authorization
{
33 // There should be an abstract base class for Credential so we can have
34 // different kinds, e.g., those associated with smart-card auth, or those
35 // not requiring authentication as such at all. (<rdar://problem/6556724>)
37 /* Credentials are less than comparable so they can be put in sets or maps. */
38 class CredentialImpl
: public RefCount
42 CredentialImpl(const uid_t uid
, const string
&username
, const string
&realname
, const string
&groupname
, bool shared
);
43 CredentialImpl(const string
&username
, const string
&password
, bool shared
);
44 CredentialImpl(const string
&right
, const uid_t uid
, bool shared
);
47 bool operator < (const CredentialImpl
&other
) const;
49 // Returns true if this credential should be shared.
50 bool isShared() const;
53 void merge(const CredentialImpl
&other
);
55 // The time at which this credential was obtained.
56 CFAbsoluteTime
creationTime() const;
58 // Return true iff this credential is valid.
61 // Make this credential invalid.
64 // We could make Rule a friend but instead we just expose this for now
65 inline const uid_t
uid() const { return mUid
; }
66 inline const string
& username() const { return mUserName
; }
67 inline const string
& realname() const { return mRealName
; }
68 inline const bool isRight() const { return mRight
; }
69 inline const string
&rightname() const { return mRightName
; }
70 inline const string
&groupname() const { return mGroupName
; }
72 // sometimes the Credential exists before we've validated it, so we need
73 // a setter for group name
74 inline void setGroupname(const string
&group
) { mGroupName
= group
; }
77 bool mShared
; // credential is shared
78 bool mRight
; // is least-privilege credential
79 string mRightName
; // least-privilege name
80 string mGroupName
; // if it's not least-priv, it boils down to
83 // Fields below are not used by less-than operator
85 // The user that provided his password.
90 CFAbsoluteTime mCreationTime
;
94 /* Credentials are less than comparable so they can be put in sets or maps. */
95 class Credential
: public RefPointer
<CredentialImpl
>
99 Credential(CredentialImpl
*impl
);
100 Credential(const uid_t uid
, const string
&username
, const string
&realname
, const string
&groupname
, bool shared
);
101 Credential(const string
&username
, const string
&password
, bool shared
);
102 Credential(const string
&right
, const uid_t uid
, bool shared
);
105 bool operator < (const Credential
&other
) const;
108 typedef set
<Credential
> CredentialSet
;
110 } // namespace Authorization
112 #endif // _H_CREDENTIAL
projects / apple / securityd.git / blob