2 * Copyright (c) 2000-2004 Apple Computer, Inc. All Rights Reserved.
4 * @APPLE_LICENSE_HEADER_START@
6 * Copyright (c) 1999-2003 Apple Computer, Inc. All Rights Reserved.
8 * This file contains Original Code and/or Modifications of Original Code
9 * as defined in and that are subject to the Apple Public Source License
10 * Version 2.0 (the 'License'). You may not use this file except in
11 * compliance with the License. Please obtain a copy of the License at
12 * http://www.opensource.apple.com/apsl/ and read it before using this
15 * The Original Code and all software distributed under the License are
16 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
17 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
18 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
19 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
20 * Please see the License for the specific language governing rights and
21 * limitations under the License.
23 * @APPLE_LICENSE_HEADER_END@
28 // authority - authorization manager
33 #include "securityserver.h"
34 #include <security_cdsa_utilities/AuthorizationData.h>
35 #include <security_cdsa_client/osxsigning.h>
38 using Authorization::Credential
;
39 using Authorization::CredentialSet
;
40 using Authorization::AuthItemSet
;
45 class AuthorizationToken
: public PerSession
{
47 AuthorizationToken(Session
&ssn
, const CredentialSet
&base
, const security_token_t
&securityToken
);
48 ~AuthorizationToken();
50 Session
&session() const;
52 const AuthorizationBlob
&handle() const { return mHandle
; }
53 const CredentialSet
&baseCreds() const { return mBaseCreds
; }
54 CredentialSet
effectiveCreds() const;
56 typedef CredentialSet::iterator iterator
;
57 iterator
begin() { return mBaseCreds
.begin(); }
58 iterator
end() { return mBaseCreds
.end(); }
60 // add more credential dependencies
61 void mergeCredentials(const CredentialSet
&more
);
63 // maintain process-owning links
64 void addProcess(Process
&proc
);
65 bool endProcess(Process
&proc
);
67 // access control for external representations
68 bool mayExternalize(Process
&proc
) const;
69 bool mayInternalize(Process
&proc
, bool countIt
= true);
71 uid_t
creatorUid() const { return mCreatorUid
; }
72 CodeSigning::OSXCode
*creatorCode() const { return mCreatorCode
; }
73 pid_t
creatorPid() const { return mCreatorPid
; }
75 AuthItemSet
infoSet(AuthorizationString tag
= NULL
);
76 void setInfoSet(AuthItemSet
&newInfoSet
);
77 void setCredentialInfo(const Credential
&inCred
);
81 static AuthorizationToken
&find(const AuthorizationBlob
&blob
);
85 Deleter(const AuthorizationBlob
&blob
);
88 operator AuthorizationToken
&() const { return *mAuth
; }
91 AuthorizationToken
*mAuth
;
96 Mutex mLock
; // object lock
97 AuthorizationBlob mHandle
; // official randomized blob marker
98 CredentialSet mBaseCreds
; // credentials we're based on
100 unsigned int mTransferCount
; // number of internalizations remaining
102 typedef set
<Process
*> ProcessSet
;
103 ProcessSet mUsingProcesses
; // set of process objects using this token
105 uid_t mCreatorUid
; // Uid of proccess that created this authorization
106 RefPointer
<CodeSigning::OSXCode
> mCreatorCode
; // code id of creator
107 pid_t mCreatorPid
; // Pid of processs that created this authorization
109 AuthItemSet mInfoSet
; // Side band info gathered from evaluations in this session
112 typedef map
<AuthorizationBlob
, RefPointer
<AuthorizationToken
> > AuthMap
;
113 static AuthMap authMap
; // set of extant authorizations
114 static Mutex authMapLock
; // lock for mAuthorizations (only)
120 #endif //_H_AUTHORITY
projects / apple / securityd.git / blob