1/*
2 * Copyright (c) 2000-2004,2009 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24#ifndef _H_CREDENTIAL
25#define _H_CREDENTIAL
26
27#include <security_utilities/refcount.h>
28#include <CoreFoundation/CFDate.h>
29#include <set>
30
31namespace Authorization {
32
33    // There should be an abstract base class for Credential so we can have
34    // different kinds, e.g., those associated with smart-card auth, or those
35    // not requiring authentication as such at all.  (<rdar://problem/6556724>)
36
37/* Credentials are less than comparable so they can be put in sets or maps. */
38class CredentialImpl : public RefCount
39{
40public:
41		CredentialImpl();
42        CredentialImpl(const uid_t uid, const string &username, const string &realname, bool shared);
43        CredentialImpl(const string &username, const string &password, bool shared);
44		CredentialImpl(const string &right, bool shared);
45        ~CredentialImpl();
46
47        bool operator < (const CredentialImpl &other) const;
48
49        // Returns true if this credential should be shared.
50        bool isShared() const;
51
52        // Merge with other
53        void merge(const CredentialImpl &other);
54
55        // The time at which this credential was obtained.
56        CFAbsoluteTime creationTime() const;
57
58        // Return true iff this credential is valid.
59        bool isValid() const;
60
61        // Make this credential invalid.
62        void invalidate();
63
64        // We could make Rule a friend but instead we just expose this for now
65        inline const uid_t uid() const { return mUid; }
66        inline const string& name() const { return mName; }
67        inline const string& realname() const { return mRealName; }
68        inline const bool isRight() const { return mRight; }
69
70private:
71        bool mShared;       // credential is shared
72        bool mRight;            // is least-privilege credential
73
74
75        // Fields below are not used by less-than operator
76
77        // The user that provided his password.
78        uid_t mUid;
79        string mName;
80        string mRealName;
81
82        CFAbsoluteTime mCreationTime;
83        bool mValid;
84};
85
86/* Credentials are less than comparable so they can be put in sets or maps. */
87class Credential : public RefPointer<CredentialImpl>
88{
89public:
90        Credential();
91        Credential(CredentialImpl *impl);
92        Credential(const uid_t uid, const string &username, const string &realname, bool shared);
93        Credential(const string &username, const string &password, bool shared);
94		Credential(const string &right, bool shared);
95        ~Credential();
96
97        bool operator < (const Credential &other) const;
98};
99
100typedef set<Credential> CredentialSet;
101
102} // namespace Authorization
103
104#endif // _H_CREDENTIAL
105