1/* 2 * Copyright (c) 2000-2004,2009 Apple Inc. All Rights Reserved. 3 * 4 * @APPLE_LICENSE_HEADER_START@ 5 * 6 * This file contains Original Code and/or Modifications of Original Code 7 * as defined in and that are subject to the Apple Public Source License 8 * Version 2.0 (the 'License'). You may not use this file except in 9 * compliance with the License. Please obtain a copy of the License at 10 * http://www.opensource.apple.com/apsl/ and read it before using this 11 * file. 12 * 13 * The Original Code and all software distributed under the License are 14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 18 * Please see the License for the specific language governing rights and 19 * limitations under the License. 20 * 21 * @APPLE_LICENSE_HEADER_END@ 22 */ 23 24#ifndef _H_CREDENTIAL 25#define _H_CREDENTIAL 26 27#include <security_utilities/refcount.h> 28#include <CoreFoundation/CFDate.h> 29#include <set> 30 31namespace Authorization { 32 33 // There should be an abstract base class for Credential so we can have 34 // different kinds, e.g., those associated with smart-card auth, or those 35 // not requiring authentication as such at all. (<rdar://problem/6556724>) 36 37/* Credentials are less than comparable so they can be put in sets or maps. */ 38class CredentialImpl : public RefCount 39{ 40public: 41 CredentialImpl(); 42 CredentialImpl(const uid_t uid, const string &username, const string &realname, bool shared); 43 CredentialImpl(const string &username, const string &password, bool shared); 44 CredentialImpl(const string &right, bool shared); 45 ~CredentialImpl(); 46 47 bool operator < (const CredentialImpl &other) const; 48 49 // Returns true if this credential should be shared. 50 bool isShared() const; 51 52 // Merge with other 53 void merge(const CredentialImpl &other); 54 55 // The time at which this credential was obtained. 56 CFAbsoluteTime creationTime() const; 57 58 // Return true iff this credential is valid. 59 bool isValid() const; 60 61 // Make this credential invalid. 62 void invalidate(); 63 64 // We could make Rule a friend but instead we just expose this for now 65 inline const uid_t uid() const { return mUid; } 66 inline const string& name() const { return mName; } 67 inline const string& realname() const { return mRealName; } 68 inline const bool isRight() const { return mRight; } 69 70private: 71 bool mShared; // credential is shared 72 bool mRight; // is least-privilege credential 73 74 75 // Fields below are not used by less-than operator 76 77 // The user that provided his password. 78 uid_t mUid; 79 string mName; 80 string mRealName; 81 82 CFAbsoluteTime mCreationTime; 83 bool mValid; 84}; 85 86/* Credentials are less than comparable so they can be put in sets or maps. */ 87class Credential : public RefPointer<CredentialImpl> 88{ 89public: 90 Credential(); 91 Credential(CredentialImpl *impl); 92 Credential(const uid_t uid, const string &username, const string &realname, bool shared); 93 Credential(const string &username, const string &password, bool shared); 94 Credential(const string &right, bool shared); 95 ~Credential(); 96 97 bool operator < (const Credential &other) const; 98}; 99 100typedef set<Credential> CredentialSet; 101 102} // namespace Authorization 103 104#endif // _H_CREDENTIAL 105