#ifndef _H_AUTHORITY
#define _H_AUTHORITY
#include "securityserver.h"
#include "AuthorizationEngine.h"
using Authorization::Credential;
using Authorization::CredentialSet;
using Authorization::RightSet;
using Authorization::MutableRightSet;
using Authorization::AuthItemSet;
class Process;
class Session;
class AuthorizationToken {
public:
AuthorizationToken(Session &ssn, const CredentialSet &base);
~AuthorizationToken();
Session &session;
const AuthorizationBlob &handle() const { return mHandle; }
const CredentialSet &baseCreds() const { return mBaseCreds; }
CredentialSet effectiveCreds() const;
typedef CredentialSet::iterator iterator;
iterator begin() { return mBaseCreds.begin(); }
iterator end() { return mBaseCreds.end(); }
void mergeCredentials(const CredentialSet &more);
void addProcess(Process &proc);
bool endProcess(Process &proc);
bool mayExternalize(Process &proc) const;
bool mayInternalize(Process &proc, bool countIt = true);
uid_t creatorUid() const { return mCreatorUid; }
CodeSigning::OSXCode *creatorCode() const { return mCreatorCode; }
AuthorizationItemSet &infoSet();
void setInfoSet(AuthorizationItemSet &newInfoSet);
void setCredentialInfo(const Credential &inCred);
public:
static AuthorizationToken &find(const AuthorizationBlob &blob);
class Deleter {
public:
Deleter(const AuthorizationBlob &blob);
void remove();
operator AuthorizationToken &() const { return *mAuth; }
private:
AuthorizationToken *mAuth;
StLock<Mutex> lock;
};
private:
Mutex mLock; AuthorizationBlob mHandle; CredentialSet mBaseCreds;
unsigned int mTransferCount;
typedef set<Process *> ProcessSet;
ProcessSet mUsingProcesses;
uid_t mCreatorUid; RefPointer<OSXCode> mCreatorCode;
AuthorizationItemSet *mInfoSet;
private:
typedef map<AuthorizationBlob, AuthorizationToken *> AuthMap;
static AuthMap authMap; static Mutex authMapLock; };
class Authority : public Authorization::Engine {
public:
Authority(const char *configFile);
~Authority();
};
#endif //_H_AUTHORITY