]> git.saurik.com Git - apple/security.git/blob - OSX/libsecurity_authorization/lib/AuthorizationPlugin.h
projects / apple / security.git / blob
? search:


66c919df5663abdea2b5695370663d3708914adc
[apple/security.git] / OSX / libsecurity_authorization / lib / AuthorizationPlugin.h
1 /*
2 * Copyright (c) 2001-2002,2004,2011-2012,2014 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24
25 /*
26 * AuthorizationPlugin.h
27 * AuthorizationPlugin -- APIs for implementing authorization plugins.
28 */
29
30 #ifndef _SECURITY_AUTHORIZATIONPLUGIN_H_
31 #define _SECURITY_AUTHORIZATIONPLUGIN_H_
32
33 #include <Security/Authorization.h>
34
35 #if defined(__cplusplus)
36 extern "C" {
37 #endif
38
39 CF_ASSUME_NONNULL_BEGIN
40
41 /*!
42 @header AuthorizationPlugin
43
44 The AuthorizationPlugin API allows the creation of plugins that can participate
45 in authorization decisions. Using the AuthorizationDB API the system can be configured
46 to use these plugins. Plugins are loaded into a separate process, the pluginhost, to
47 isolate the process of authorization from the client. There are two types of pluginhosts.
48 One runs as an anonymous user and can be used to communicate with the user, for example
49 to ask for a password. Another one runs with root privileges to perform privileged
50 operations that may be required.
51
52 A typical use is to implement additional policies that cannot be expressed in the
53 authorization configuration.
54
55 Plugins implement a handshake function called AuthorizationPluginCreate with which
56 their interface (AuthorizationPluginInterface) and the engine's interface
57 (AuthorizationCallbacks) are exchanged. Plugins are asked to create
58 Mechanisms, which are the basic element as authorizations are performed.
59
60 Mechanisms are invoked when it is time for them to make a decision. A decision is
61 made by setting a single result (AuthorizationResult). Mechanisms in the
62 authorization can communicate auxiliary information by setting and/or getting hints
63 and setting and/or getting context data. Hints are advisory and don't need to be
64 looked at, nor are they preserved as part of the authorization result. Context data
65 becomes part of the result of the authorization.
66
67 Context data is tagged with a flag that describes whether the information is returned
68 to the authorization client upon request (AuthorizationCopyInfo() in Authorization.h)
69 or whether it's private to the mechanisms making a decision.
70
71 */
72
73
74 /*!
75 @typedef AuthorizationValue
76 Auxiliary data is passed between the engine and the mechanism as AuthorizationValues
77 */
78 typedef struct AuthorizationValue
79 {
80 size_t length;
81 void *data;
82 } AuthorizationValue;
83
84 /*!
85 @typedef AuthorizationValueVector
86 A vector of AuthorizationValues. Used to communicate arguments passed from the
87 configuration file <code>authorization(5)</code>.
88 */
89 typedef struct AuthorizationValueVector
90 {
91 UInt32 count;
92 AuthorizationValue *values;
93 } AuthorizationValueVector;
94
95 /*!
96 @typedef
97 Data produced as context during the authorization evaluation is tagged.
98 If data is set to be extractable (kAuthorizationContextFlagExtractable), it will be possible for the client of authorization to obtain the value of this attribute using AuthorizationCopyInfo().
99 If data is marked as volatile (kAuthorizationContextFlagVolatile), this value will not be remembered in the AuthorizationRef.
100 Sticky data (kAuthorizationContextFlagSticky) persists through a failed or interrupted evaluation. It can be used to propagate an error condition from a downstream plugin to an upstream one. It is not remembered in the AuthorizationRef.
101 */
102 typedef CF_OPTIONS(UInt32, AuthorizationContextFlags)
103 {
104 kAuthorizationContextFlagExtractable = (1 << 0),
105 kAuthorizationContextFlagVolatile = (1 << 1),
106 kAuthorizationContextFlagSticky = (1 << 2)
107 };
108
109
110 /*!
111 @typedef AuthorizationMechanismId
112 The mechanism id specified in the configuration is passed to the plugin to create the appropriate mechanism.
113 */
114 typedef const AuthorizationString AuthorizationMechanismId;
115
116 /*!
117 @typedef AuthorizationPluginId
118 Not used by plugin writers. Loaded plugins are identified by their name.
119 */
120 typedef const AuthorizationString AuthorizationPluginId;
121
122 /*!
123 @typedef AuthorizationPluginRef
124 Handle passed back by the plugin writer when creating a plugin. Any pluginhost will only instantiate one instance. The handle is used when creating mechanisms.
125 */
126 typedef void *AuthorizationPluginRef;
127
128 /*!
129 @typedef AuthorizationMechanismRef
130 Handle passed back by the plugin writer when creating an an instance of a mechanism in a plugin. One instance will be created for any authorization.
131 */
132 typedef void *AuthorizationMechanismRef;
133
134 /*!
135 @typedef AuthorizationEngineRef
136 Handle passed from the engine to an instance of a mechanism in a plugin (corresponds to a particular AuthorizationMechanismRef).
137 */
138 typedef struct __OpaqueAuthorizationEngine *AuthorizationEngineRef;
139
140 /*!
141 @typedef AuthorizationSessionId
142 A unique value for an AuthorizationSession being evaluated, provided by the authorization engine.
143 A session is represented by a top level call to an Authorization API.
144 */
145 typedef void *AuthorizationSessionId;
146
147 /*!
148 @enum AuthorizationResult
149 Possible values for SetResult() in AuthorizationCallbacks.
150
151 @constant kAuthorizationResultAllow the operation succeeded and authorization should be granted as far as this mechanism is concerned.
152 @constant kAuthorizationResultDeny the operation succeeded but authorization should be denied as far as this mechanism is concerned.
153 @constant kAuthorizationResultUndefined the operation failed for some reason and should not be retried for this session.
154 @constant kAuthorizationResultUserCanceled the user has requested that the evaluation be terminated.
155 */
156 typedef CF_ENUM(UInt32, AuthorizationResult) {
157 kAuthorizationResultAllow,
158 kAuthorizationResultDeny,
159 kAuthorizationResultUndefined,
160 kAuthorizationResultUserCanceled,
161 };
162
163 /*!
164 @enum
165 Version of the interface (AuthorizationPluginInterface) implemented by the plugin.
166 The value is matched to the definition in this file.
167 */
168 enum {
169 kAuthorizationPluginInterfaceVersion = 0
170 };
171
172 /*!
173 @enum
174 Version of the callback structure (AuthorizationCallbacks) passed to the plugin.
175 The value is matched to the definition in this file. The engine may provide a newer
176 interface.
177 */
178 enum {
179 kAuthorizationCallbacksVersion = 1
180 };
181
182
183 /*!
184 @struct
185 Callback API provided by the AuthorizationEngine.
186
187 @field version Engine callback version.
188 @field SetResult Set a result after a call to AuthorizationSessionInvoke.
189 @field RequestInterrupt Request authorization engine to interrupt all mechamisms invoked after this mechamism has called SessionSetResult and then call AuthorizationSessionInvoke again.
190 @field DidDeactivate Respond to the Deactivate request.
191 @field GetContextValue Read value from context. AuthorizationValue does not own data.
192 @field SetContextValue Write value to context. AuthorizationValue and data are copied.
193 @field GetHintValue Read value from hints. AuthorizationValue does not own data.
194 @field SetHintValue Write value to hints. AuthorizationValue and data are copied.
195 @field GetArguments Read arguments passed. AuthorizationValueVector does not own data.
196 @field GetSessionId Read SessionId.
197 */
198 typedef struct AuthorizationCallbacks {
199
200 /* Engine callback version. */
201 UInt32 version;
202
203 /* Set a result after a call to AuthorizationSessionInvoke. */
204 OSStatus (*SetResult)(AuthorizationEngineRef inEngine, AuthorizationResult inResult);
205
206 /* Request authorization engine to interrupt all mechamisms invoked after
207 this mechamism has called SessionSetResult and then call
208 AuthorizationSessionInvoke again. */
209 OSStatus (*RequestInterrupt)(AuthorizationEngineRef inEngine);
210
211 /* Respond to the Deactivate request. */
212 OSStatus (*DidDeactivate)(AuthorizationEngineRef inEngine);
213
214 /* Read value from context. AuthorizationValue does not own data. */
215 OSStatus (*GetContextValue)(AuthorizationEngineRef inEngine,
216 AuthorizationString inKey,
217 AuthorizationContextFlags * __nullable outContextFlags,
218 const AuthorizationValue * __nullable * __nullable outValue);
219
220 /* Write value to context. AuthorizationValue and data are copied. */
221 OSStatus (*SetContextValue)(AuthorizationEngineRef inEngine,
222 AuthorizationString inKey,
223 AuthorizationContextFlags inContextFlags,
224 const AuthorizationValue *inValue);
225
226 /* Read value from hints. AuthorizationValue does not own data. */
227 OSStatus (*GetHintValue)(AuthorizationEngineRef inEngine,
228 AuthorizationString inKey,
229 const AuthorizationValue * __nullable * __nullable outValue);
230
231 /* Write value to hints. AuthorizationValue and data are copied. */
232 OSStatus (*SetHintValue)(AuthorizationEngineRef inEngine,
233 AuthorizationString inKey,
234 const AuthorizationValue *inValue);
235
236 /* Read arguments passed. AuthorizationValueVector does not own data. */
237 OSStatus (*GetArguments)(AuthorizationEngineRef inEngine,
238 const AuthorizationValueVector * __nullable * __nonnull outArguments);
239
240 /* Read SessionId. */
241 OSStatus (*GetSessionId)(AuthorizationEngineRef inEngine,
242 AuthorizationSessionId __nullable * __nullable outSessionId);
243
244 /* Read value from hints. AuthorizationValue does not own data. */
245 OSStatus (*GetImmutableHintValue)(AuthorizationEngineRef inEngine,
246 AuthorizationString inKey,
247 const AuthorizationValue * __nullable * __nullable outValue);
248
249 } AuthorizationCallbacks;
250
251
252 /*!
253 @struct
254 Interface that must be implemented by each plugin.
255
256 @field version Must be set to kAuthorizationPluginInterfaceVersion
257 @field PluginDestroy Plugin should clean up and release any resources it is holding.
258 @field MechanismCreate The plugin should create a mechanism named mechanismId. The mechanism needs to use the AuthorizationEngineRef for the callbacks and pass back a AuthorizationMechanismRef for itself. MechanismDestroy will be called when it is no longer needed.
259 @field MechanismInvoke Invoke an instance of a mechanism. It should call SetResult during or after returning from this function.
260 @field MechanismDeactivate Mechanism should respond with a DidDeactivate as soon as possible
261 @field MechanismDestroy Mechanism should clean up and release any resources it is holding
262 */
263 typedef struct AuthorizationPluginInterface
264 {
265 /* Must be set to kAuthorizationPluginInterfaceVersion. */
266 UInt32 version;
267
268 /* Notify a plugin that it is about to be unloaded so it get a chance to clean up and release any resources it is holding. */
269 OSStatus (*PluginDestroy)(AuthorizationPluginRef inPlugin);
270
271 /* The plugin should create a mechanism named mechanismId. The mechanism needs to use the
272 AuthorizationEngineRef for the callbacks and pass back an AuthorizationMechanismRef for
273 itself. MechanismDestroy will be called when it is no longer needed. */
274 OSStatus (*MechanismCreate)(AuthorizationPluginRef inPlugin,
275 AuthorizationEngineRef inEngine,
276 AuthorizationMechanismId mechanismId,
277 AuthorizationMechanismRef __nullable * __nonnull outMechanism);
278
279 /* Invoke an instance of a mechanism. It should call SetResult during or after returning from this function. */
280 OSStatus (*MechanismInvoke)(AuthorizationMechanismRef inMechanism);
281
282 /* Mechanism should respond with a DidDeactivate as soon as possible. */
283 OSStatus (*MechanismDeactivate)(AuthorizationMechanismRef inMechanism);
284
285 /* Mechanism should clean up and release any resources it is holding. */
286 OSStatus (*MechanismDestroy)(AuthorizationMechanismRef inMechanism);
287
288 } AuthorizationPluginInterface;
289
290
291 /*!
292 @function AuthorizationPluginCreate
293
294 Initialize a plugin after it gets loaded. This is the main entry point to a plugin. This function will only be called once.
295 After all Mechanism instances have been destroyed outPluginInterface->PluginDestroy will be called.
296
297 @param callbacks (input) A pointer to an AuthorizationCallbacks which contains the callbacks implemented by the AuthorizationEngine.
298 @param outPlugin (output) On successful completion should contain a valid AuthorizationPluginRef. This will be passed in to any subsequent calls the engine makes to outPluginInterface->MechanismCreate and outPluginInterface->PluginDestroy.
299 @param outPluginInterface (output) On successful completion should contain a pointer to a AuthorizationPluginInterface that will stay valid until outPluginInterface->PluginDestroy is called. */
300 OSStatus AuthorizationPluginCreate(const AuthorizationCallbacks *callbacks,
301 AuthorizationPluginRef __nullable * __nonnull outPlugin,
302 const AuthorizationPluginInterface * __nullable * __nonnull outPluginInterface);
303
304 CF_ASSUME_NONNULL_END
305
306 #if defined(__cplusplus)
307 }
308 #endif
309
310 #endif /* _SECURITY_AUTHORIZATIONPLUGIN_H_ */
mirror of Security