2  *  Copyright (c) 2003-2004 Apple Computer, Inc. All Rights Reserved. 
   4  *  @APPLE_LICENSE_HEADER_START@ 
   6  *  This file contains Original Code and/or Modifications of Original Code 
   7  *  as defined in and that are subject to the Apple Public Source License 
   8  *  Version 2.0 (the 'License'). You may not use this file except in 
   9  *  compliance with the License. Please obtain a copy of the License at 
  10  *  http://www.opensource.apple.com/apsl/ and read it before using this 
  13  *  The Original Code and all software distributed under the License are 
  14  *  distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 
  15  *  EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 
  16  *  INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 
  17  *  FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 
  18  *  Please see the License for the specific language governing rights and 
  19  *  limitations under the License. 
  21  *  @APPLE_LICENSE_HEADER_END@ 
  26  *  Created by Conrad Sauerwald on Wed Mar 19 2003. 
  29 #ifndef _H_AUTHORIZATIONRULE 
  30 #define _H_AUTHORIZATIONRULE  1 
  32 #include <CoreFoundation/CoreFoundation.h> 
  33 #include <security_cdsa_utilities/AuthorizationData.h> 
  34 #include "authority.h" 
  36 namespace Authorization
 
  41 class RuleImpl 
: public RefCount
 
  45         RuleImpl(const string 
&inRightName
, CFDictionaryRef cfRight
, CFDictionaryRef cfRules
); 
  47         OSStatus 
evaluate(const AuthItemRef 
&inRight
, const Rule 
&inRule
, AuthItemSet 
&environmentToClient
, 
  48                 AuthorizationFlags flags
, CFAbsoluteTime now
, 
  49                 const CredentialSet 
*inCredentials
, CredentialSet 
&credentials
, 
  50                 AuthorizationToken 
&auth
) const; 
  52         string 
name() const { return mRightName
; } 
  57         // evaluate credential for right 
  58         OSStatus 
evaluateCredentialForRight(const AuthorizationToken 
&auth
, const AuthItemRef 
&inRight
, const Rule 
&inRule
,  
  59                 const AuthItemSet 
&environment
, CFAbsoluteTime now
, const Credential 
&credential
, bool ignoreShared
) const; 
  61         OSStatus 
evaluateRules(const AuthItemRef 
&inRight
, const Rule 
&inRule
, 
  62     AuthItemSet 
&environmentToClient
, AuthorizationFlags flags
, 
  63         CFAbsoluteTime now
, const CredentialSet 
*inCredentials
, CredentialSet 
&credentials
, 
  64         AuthorizationToken 
&auth
) const; 
  66         void setAgentHints(const AuthItemRef 
&inRight
, const Rule 
&inTopLevelRule
, AuthItemSet 
&environmentToClient
, AuthorizationToken 
&auth
) const; 
  68         // perform authorization based on running specified mechanisms (see evaluateMechanism) 
  69         OSStatus 
evaluateAuthorization(const AuthItemRef 
&inRight
, const Rule 
&inRule
, AuthItemSet 
&environmentToClient
, AuthorizationFlags flags
, CFAbsoluteTime now
, const CredentialSet 
*inCredentials
, CredentialSet 
&credentials
, AuthorizationToken 
&auth
) const; 
  71         OSStatus 
evaluateUser(const AuthItemRef 
&inRight
, const Rule 
&inRule
, 
  72                 AuthItemSet 
&environmentToClient
, AuthorizationFlags flags
, 
  73                 CFAbsoluteTime now
, const CredentialSet 
*inCredentials
, CredentialSet 
&credentials
, 
  74                 AuthorizationToken 
&auth
) const; 
  76         OSStatus 
evaluateMechanismOnly(const AuthItemRef 
&inRight
, const Rule 
&inRule
, AuthItemSet 
&environmentToClient
, AuthorizationToken 
&auth
, CredentialSet 
&outCredentials
) const; 
  78         // find username hint based on session owner 
  79         OSStatus 
evaluateSessionOwner(const AuthItemRef 
&inRight
, const Rule 
&inRule
, const AuthItemSet 
&environment
, const CFAbsoluteTime now
, const AuthorizationToken 
&auth
, string
& usernamehint
) const; 
  81         CredentialSet 
makeCredentials(const AuthorizationToken 
&auth
) const; 
  83         map
<string
,string
> localizedPrompts() const { return mLocalizedPrompts
; } 
 100         CFTimeInterval mMaxCredentialAge
; 
 103         vector
<string
> mEvalDef
; 
 105         vector
<Rule
> mRuleDef
; 
 107         mutable uint32_t mTries
; 
 108         bool mAuthenticateUser
; 
 109         map
<string
,string
> mLocalizedPrompts
; 
 116                 static bool getBool(CFDictionaryRef config
, CFStringRef key
, bool required
, bool defaultValue
); 
 117                 static double getDouble(CFDictionaryRef config
, CFStringRef key
, bool required
, double defaultValue
); 
 118                 static string 
getString(CFDictionaryRef config
, CFStringRef key
, bool required
, char *defaultValue
); 
 119                 static vector
<string
> getVector(CFDictionaryRef config
, CFStringRef key
, bool required
); 
 120                 static bool getLocalizedPrompts(CFDictionaryRef config
, map
<string
,string
> &localizedPrompts
); 
 125         static CFStringRef kUserGroupID
; 
 126         static CFStringRef kTimeoutID
; 
 127         static CFStringRef kSharedID
; 
 128         static CFStringRef kAllowRootID
; 
 129         static CFStringRef kMechanismsID
; 
 130         static CFStringRef kSessionOwnerID
; 
 131         static CFStringRef kKofNID
; 
 132         static CFStringRef kPromptID
; 
 133     static CFStringRef kTriesID
; 
 135         static CFStringRef kRuleClassID
; 
 136         static CFStringRef kRuleAllowID
; 
 137         static CFStringRef kRuleDenyID
; 
 138         static CFStringRef kRuleUserID
; 
 139         static CFStringRef kRuleDelegateID
; 
 140         static CFStringRef kRuleMechanismsID
; 
 141         static CFStringRef kRuleAuthenticateUserID
; 
 144 class Rule 
: public RefPointer
<RuleImpl
> 
 148         Rule(const string 
&inRightName
, CFDictionaryRef cfRight
, CFDictionaryRef cfRules
); 
 151 }; /* namespace Authorization */ 
 153 #endif /* ! _H_AUTHORIZATIONRULE */