]> git.saurik.com Git - apple/security.git/blob - SecurityServer/secagent.defs
Security-164.1.tar.gz
[apple/security.git] / SecurityServer / secagent.defs
1 //
2 // secagent.defs - Client-side Mach RPC interface to SecurityAgent.
3 //
4 // Note: one additional message ID code (Client::cancelMessagePseudoID) is used
5 // explicitly without showing up in this file.
6 //
7 #include <mach/std_types.defs>
8 #include <mach/mach_types.defs>
9
10 subsystem secagent 1000;
11 serverprefix secagent_server_;
12 userprefix secagent_client_;
13
14 import <Security/secagent_types.h>;
15
16
17 //
18 // Data types
19 //
20 type OSStatus = int32;
21 type pid_t = int32;
22 type AclAuthorization = unsigned32;
23 type Reason = unsigned32;
24 type String = c_string[*:2048];
25 type ConstString = c_string[*:2048];
26 type Username = c_string[*:80];
27 type Choice = struct[2] of unsigned32;
28 type MigBoolean = unsigned32;
29
30 type Data = array [] of char;
31
32 type AuthorizationString = c_string[*:1024];
33 type AuthorizationItemSetBlob = Data
34 ctype: AuthorizationItemSetPtr;
35 type AuthorizationItemSetPtr = unsigned32;
36 type AuthorizationValueVectorBlob = Data
37 ctype: AuthorizationValueVectorPtr;
38 type AuthorizationValueVectorPtr = unsigned32;
39
40 type AuthorizationResultInt = unsigned32;
41
42
43 //
44 // Common argument profiles
45 //
46
47 #define UCSP_PORTS requestport sport: mach_port_t; \
48 replyport rport: mach_port_t; \
49 out status: OSStatus
50 #define IN_BLOB(name,type) in name: type##Blob; in name##Base: type##Ptr
51 #define OUT_BLOB(name,type) out name: type##Blob; out name##Base: type##Ptr
52
53
54 //
55 // Staged query maintainance (common to all staged queries)
56 //
57 routine finishStagedQuery(UCSP_PORTS);
58 routine cancelStagedQuery(UCSP_PORTS; in reason: Reason);
59
60
61 //
62 // Unlocking keychains by user input
63 //
64 routine unlockDatabase(UCSP_PORTS;
65 in requestor: ConstString; in requestPid: pid_t; in database: ConstString;
66 out stagePort: mach_port_copy_send_t; out passphrase: String);
67 routine retryUnlockDatabase(UCSP_PORTS; in reason: Reason; out passphrase: String);
68
69 //
70 // Get a new passphrase for a database
71 //
72 routine queryNewPassphrase(UCSP_PORTS;
73 in requestor: ConstString; in requestPid: pid_t; in database: ConstString;
74 in reason: Reason;
75 out stagePort: mach_port_copy_send_t; out passphrase: String; out oldPassphrase: String);
76 routine retryNewPassphrase(UCSP_PORTS; in reason: Reason; out passphrase: String; out oldPassphrase: String);
77
78 //
79 // "Rogue App" alert/confirm function
80 //
81 routine queryKeychainAccess(UCSP_PORTS;
82 in requestor: ConstString; in requestPid: pid_t; in database: ConstString;
83 in item: ConstString; in operation: AclAuthorization; in needPassphrase: MigBoolean;
84 out stagePort: mach_port_copy_send_t; out choice: Choice);
85
86 routine retryQueryKeychainAccess (UCSP_PORTS;
87 in reason: Reason; out choice: Choice);
88
89 routine queryCodeIdentity(UCSP_PORTS;
90 in requestor: ConstString; in requestPid: pid_t; in aclPath: ConstString; out choice: Choice);
91
92 //
93 // Generic new/old password prompt interface
94 //
95 routine queryNewGenericPassphrase(UCSP_PORTS;
96 in requestor: ConstString; in requestPid: pid_t; in prompt: ConstString;
97 in reason: Reason; out stagePort: mach_port_copy_send_t;
98 in showBox: MigBoolean; inout addBox: MigBoolean; out passphrase: String);
99 routine retryNewGenericPassphrase(UCSP_PORTS; in reason: Reason;
100 out addBox: MigBoolean; out passphrase: String);
101
102 routine queryOldGenericPassphrase(UCSP_PORTS;
103 in requestor: ConstString; in requestPid: pid_t; in prompt: ConstString;
104 out stagePort: mach_port_copy_send_t;
105 in showBox: MigBoolean; inout addBox: MigBoolean; out passphrase: String);
106 routine retryOldGenericPassphrase(UCSP_PORTS; in reason: Reason;
107 out addBox: MigBoolean; out passphrase: String);
108
109 //
110 // Authorization subsystem authentication option
111 //
112 routine authorizationAuthenticate(UCSP_PORTS;
113 in requestor: ConstString; in requestPid: pid_t;
114 in neededGroup: ConstString; in candidateUser: ConstString;
115 out stagePort: mach_port_copy_send_t;
116 out authenticatedUser: Username; out authenticatedPassword: String);
117 routine retryAuthorizationAuthenticate(UCSP_PORTS; in reason: Reason;
118 out authenticatedUser: Username; out authenticatedPassword: String);
119
120 routine invokeMechanism(UCSP_PORTS;
121 out stagePort: mach_port_copy_send_t;
122 // plugin id
123 in pluginId: AuthorizationString;
124 // mechanism id
125 in mechanismId: AuthorizationString;
126 IN_BLOB(argumentsIn,AuthorizationValueVector);
127 IN_BLOB(hintsIn,AuthorizationItemSet);
128 IN_BLOB(contextIn,AuthorizationItemSet);
129 // result
130 out resultOut: AuthorizationResultInt;
131 OUT_BLOB(hintsOut,AuthorizationItemSet);
132 OUT_BLOB(contextOut,AuthorizationItemSet)
133 );
134
135 routine terminate(requestport sport: mach_port_t;
136 replyport rport: mach_port_t);
137