struct CCL::Security::IAuthorizationManager

Overview

#include <iauthorizationmanager.h>

struct IAuthorizationManager: public CCL::IUnknown
{
    // enums

    enum ComputerIDType;
    enum PolicyMode;

    // methods

    virtual tresult CCL_API setAppIdentity (
        StringRef appSid,
        StringRef appSubSid = nullptr
    ) = 0;

    virtual StringRef CCL_API getAppIdentity () const = 0;
    virtual StringRef CCL_API getAppSubIdentity () const = 0;

    virtual tresult CCL_API getComputerIdentity (
        String& computerSid,
        ComputerIDType type = kDefaultComputerID
    ) = 0;

    virtual tresult CCL_API loadPolicy (IStream& stream, int mode = 0) = 0;
    virtual Authorization::IPolicyItem*CCL_API getPrivileges (StringRef resourceSid) = 0;
    virtual IUnknownIterator*CCL_API createIterator (StringRef dataSid) = 0;
    virtual tresult CCL_API revokePolicy (IStream& stream, int mode = 0) = 0;
};

Inherited Members

public:
    // methods

    virtual tresult CCL_API queryInterface (UIDRef iid, void** ptr) = 0;
    virtual unsigned int CCL_API retain () = 0;
    virtual unsigned int CCL_API release () = 0;

Detailed Documentation

Methods

virtual tresult CCL_API setAppIdentity (
    StringRef appSid,
    StringRef appSubSid = nullptr
) = 0

Set security identifiers of hosting application.

Can be called only once.

virtual StringRef CCL_API getAppIdentity () const = 0

Get primary security identifier of hosting application.

virtual StringRef CCL_API getAppSubIdentity () const = 0

Get secondary security identifier of hosting application (can be empty).

virtual tresult CCL_API getComputerIdentity (
    String& computerSid,
    ComputerIDType type = kDefaultComputerID
) = 0

Get hardware hash identifying the local computer.

virtual tresult CCL_API loadPolicy (IStream& stream, int mode = 0) = 0

Load authorization policy from stream.

Host authorization policy needs to be encrypted and signed with KeyID::kAuthPolicy from key store. Additonal policy snippets can be unsigned (kUnsignedPolicy mode).

virtual Authorization::IPolicyItem*CCL_API getPrivileges (StringRef resourceSid) = 0

Get privileges of given resource based on the active authorization policy.

virtual IUnknownIterator*CCL_API createIterator (StringRef dataSid) = 0

Create iterator for data associated with the active authorization policy.

virtual tresult CCL_API revokePolicy (IStream& stream, int mode = 0) = 0

Revoke given snippet from policy.

Note that this might revoke more than expeced in case items have been merged.