#ifndef _H_ACLS
#define _H_ACLS
#include "securityserver.h"
#include <Security/cssmacl.h>
#include <Security/acl_process.h>
#include <Security/acl_codesigning.h>
class Connection;
class Database;
class SecurityServerAcl : public ObjectAcl {
public:
SecurityServerAcl(AclKind k, CssmAllocator &alloc) :ObjectAcl(alloc), mKind(k) { }
virtual ~SecurityServerAcl();
AclKind kind() const { return mKind; }
void validate(AclAuthorization auth, const AccessCredentials *cred);
void validate(AclAuthorization auth, const Context &context);
void cssmChangeAcl(const AclEdit &edit, const AccessCredentials *cred);
void cssmChangeOwner(const AclOwnerPrototype &newOwner, const AccessCredentials *cred);
virtual const Database *relatedDatabase() const;
Mutex aclSequence;
private:
AclKind mKind;
};
class SecurityServerEnvironment : public virtual AclValidationEnvironment,
public virtual ProcessAclSubject::Environment,
public virtual CodeSignatureAclSubject::Environment {
public:
SecurityServerEnvironment(const SecurityServerAcl &baseAcl)
: acl(baseAcl) { }
const SecurityServerAcl &acl;
const Database *database() const { return acl.relatedDatabase(); }
uid_t getuid() const;
gid_t getgid() const;
pid_t getpid() const;
bool verifyCodeSignature(const CodeSigning::Signature *signature, const CssmData *comment);
};
#endif //_H_ACLS