#ifndef _H_AUTHORITY
#define _H_AUTHORITY
#include "securityserver.h"
#include "AuthorizationEngine.h"
using Authorization::Credential;
using Authorization::CredentialSet;
using Authorization::AuthItemSet;
class Process;
class Session;
class AuthorizationToken {
public:
AuthorizationToken(Session &ssn, const CredentialSet &base, const security_token_t &securityToken);
~AuthorizationToken();
Session &session;
const AuthorizationBlob &handle() const { return mHandle; }
const CredentialSet &baseCreds() const { return mBaseCreds; }
CredentialSet effectiveCreds() const;
typedef CredentialSet::iterator iterator;
iterator begin() { return mBaseCreds.begin(); }
iterator end() { return mBaseCreds.end(); }
void mergeCredentials(const CredentialSet &more);
void addProcess(Process &proc);
bool endProcess(Process &proc);
bool mayExternalize(Process &proc) const;
bool mayInternalize(Process &proc, bool countIt = true);
uid_t creatorUid() const { return mCreatorUid; }
CodeSigning::OSXCode *creatorCode() const { return mCreatorCode; }
pid_t creatorPid() const { return mCreatorPid; }
AuthItemSet infoSet(AuthorizationString tag = NULL);
void setInfoSet(AuthItemSet &newInfoSet);
void setCredentialInfo(const Credential &inCred);
public:
static AuthorizationToken &find(const AuthorizationBlob &blob);
class Deleter {
public:
Deleter(const AuthorizationBlob &blob);
void remove();
operator AuthorizationToken &() const { return *mAuth; }
private:
AuthorizationToken *mAuth;
StLock<Mutex> lock;
};
private:
Mutex mLock; AuthorizationBlob mHandle; CredentialSet mBaseCreds;
unsigned int mTransferCount;
typedef set<Process *> ProcessSet;
ProcessSet mUsingProcesses;
uid_t mCreatorUid; RefPointer<OSXCode> mCreatorCode; pid_t mCreatorPid;
AuthItemSet mInfoSet;
private:
typedef map<AuthorizationBlob, AuthorizationToken *> AuthMap;
static AuthMap authMap; static Mutex authMapLock; };
class Authority : public Authorization::Engine {
public:
Authority(const char *configFile);
~Authority();
};
#endif //_H_AUTHORITY