#ifndef _H_AUTHORITY
#define _H_AUTHORITY
#include "securityserver.h"
#include "AuthorizationEngine.h"
using Authorization::CredentialSet;
using Authorization::RightSet;
using Authorization::MutableRightSet;
class Process;
class Session;
class AuthorizationToken {
public:
AuthorizationToken(Session &ssn, const CredentialSet &base);
~AuthorizationToken();
Session &session;
const AuthorizationBlob &handle() const { return mHandle; }
const CredentialSet &baseCreds() const { return mBaseCreds; }
CredentialSet effectiveCreds() const;
typedef CredentialSet::iterator iterator;
iterator begin() { return mBaseCreds.begin(); }
iterator end() { return mBaseCreds.end(); }
void mergeCredentials(const CredentialSet &more);
void addProcess(Process &proc);
bool endProcess(Process &proc);
bool mayExternalize(Process &proc) const;
bool mayInternalize(Process &proc, bool countIt = true);
uid_t creatorUid() const;
public:
static AuthorizationToken &find(const AuthorizationBlob &blob);
class Deleter {
public:
Deleter(const AuthorizationBlob &blob);
void remove();
operator AuthorizationToken &() const { return *mAuth; }
private:
AuthorizationToken *mAuth;
StLock<Mutex> lock;
};
private:
Mutex mLock; AuthorizationBlob mHandle; CredentialSet mBaseCreds;
unsigned int mTransferCount;
typedef set<Process *> ProcessSet;
ProcessSet mUsingProcesses;
uid_t mCreatorUid;
private:
typedef map<AuthorizationBlob, AuthorizationToken *> AuthMap;
static AuthMap authMap; static Mutex authMapLock; };
class Authority : public Authorization::Engine {
public:
Authority(const char *configFile);
virtual ~Authority();
OSStatus authorize(const RightSet &inRights, const AuthorizationEnvironment *environment,
AuthorizationFlags flags, const CredentialSet *inCredentials, CredentialSet *outCredentials,
MutableRightSet *outRights, const AuthorizationToken &auth);
private:
Mutex mLock; };
#endif //_H_AUTHORITY