2 * Copyright (c) 2001 Apple Computer, Inc. All Rights Reserved.
4 * The contents of this file constitute Original Code as defined in and are
5 * subject to the Apple Public Source License Version 1.2 (the 'License').
6 * You may not use this file except in compliance with the License. Please obtain
7 * a copy of the License at http://www.apple.com/publicsource and read it before
10 * This Original Code and all software distributed under the License are
11 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
12 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
13 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
14 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
15 * specific language governing rights and limitations under the License.
20 * AuthorizationPlugin.h
21 * AuthorizationPlugin -- APIs for implementing authorization plugins.
24 #if !defined(__AuthorizationPlugin__)
25 #define __AuthorizationPlugin__ 1
27 #include <Security/Authorization.h>
29 #if defined(__cplusplus)
35 @header AuthorizationPlugin
36 Version 0.3 05/09/2001
44 @typedef AuthorizationValue
47 typedef struct AuthorizationValue
53 typedef struct AuthorizationValueVector
56 AuthorizationValue
*values
;
57 } AuthorizationValueVector
;
59 typedef UInt32 AuthorizationContextFlags
;
62 /* If set, it will be possible to obtain the value of this attribute usingAuthorizationCopyInfo(). */
63 kAuthorizationContextFlagExtractable
= (1 << 0),
65 /* If set, this value will not be remembered in a "credential". @@@ Do we need this? */
66 kAuthorizationContextFlagVolatile
= (1 << 1)
71 @typedef AuthorizationMechanismId
74 typedef const AuthorizationString AuthorizationMechanismId
;
77 @typedef AuthorizationPluginId
78 @@@ Not used by plugin writers
80 typedef const AuthorizationString AuthorizationPluginId
;
85 @typedef AuthorizationPluginRef
86 An instance of a plugin (even though there will probably only be one).
88 typedef void *AuthorizationPluginRef
;
91 @typedef AuthorizationMechanismRef
92 An instance of a mechanism in a plugin.
94 typedef void *AuthorizationMechanismRef
;
97 @typedef AuthorizationEngineRef
98 The engines handle for an instance of a mechanism in a plugin (corresponds to a particular AuthorizationMechanismRef).
100 typedef struct __OpaqueAuthorizationEngine
*AuthorizationEngineRef
;
104 @typedef AuthorizationSessionId
105 A unique value for an AuthorizationSession being evaluated, provided by the authorization engine.
106 A session is represented by a top level call to an Authorization API.
107 @@@ Should this be changed to tie a session to the lifetime of an AuthorizationRef? -- Michael
109 typedef void *AuthorizationSessionId
;
112 @typedef AuthorizationResult
113 Possible values that SetResult may use.
115 @param kAuthorizationResultAllow the operation succeeded and should be allowed as far as this mechanism is concerned.
116 @param kAuthorizationResultDeny the operation succeeded and should be denied as far as this mechanism is concerned.
117 @param kAuthorizationResultUndefined the operation failed for some reason and should not be retried for this session.
118 @param kAuthorizationResultUserCanceled the user has requested that the evaluation be terminated.
120 typedef UInt32 AuthorizationResult
;
123 kAuthorizationResultAllow
,
124 kAuthorizationResultDeny
,
125 kAuthorizationResultUndefined
,
126 kAuthorizationResultUserCanceled
,
130 kAuthorizationPluginInterfaceVersion
= 0
134 kAuthorizationCallbacksVersion
= 0
138 /* Callback API of the AuthorizationEngine. */
139 typedef struct AuthorizationCallbacks
{
140 /* Will be set to kAuthorizationCallbacksVersion. */
145 /* Set a result after a call to AuthorizationSessionInvoke. */
146 OSStatus (*SetResult
)(AuthorizationEngineRef inEngine
, AuthorizationResult inResult
);
148 /* Request authorization engine to interrupt all mechamisms invoked after this mechamism has called SessionSetResult and then call AuthorizationSessionInvoke again. */
149 OSStatus (*RequestInterrupt
)(AuthorizationEngineRef inEngine
);
151 OSStatus (*DidDeactivate
)(AuthorizationEngineRef inEngine
);
154 /* Getters and setters */
155 OSStatus (*GetContextValue
)(AuthorizationEngineRef inEngine
,
156 AuthorizationString inKey
,
157 AuthorizationContextFlags
*outContextFlags
,
158 const AuthorizationValue
**outValue
);
160 OSStatus (*SetContextValue
)(AuthorizationEngineRef inEngine
,
161 AuthorizationString inKey
,
162 AuthorizationContextFlags inContextFlags
,
163 const AuthorizationValue
*inValue
);
165 OSStatus (*GetHintValue
)(AuthorizationEngineRef inEngine
,
166 AuthorizationString inKey
,
167 const AuthorizationValue
**outValue
);
169 OSStatus (*SetHintValue
)(AuthorizationEngineRef inEngine
,
170 AuthorizationString inKey
,
171 const AuthorizationValue
*inValue
);
173 OSStatus (*GetArguments
)(AuthorizationEngineRef inEngine
,
174 const AuthorizationValueVector
**outArguments
);
176 OSStatus (*GetSessionId
)(AuthorizationEngineRef inEngine
,
177 AuthorizationSessionId
*outSessionId
);
180 } AuthorizationCallbacks
;
183 /* Functions that must be implemented by each plugin. */
185 typedef struct AuthorizationPluginInterface
187 /* Must be set to kAuthorizationPluginInterfaceVersion. */
190 /* Notify a plugin that it is about to be unloaded so it get a chance to clean up and release any resources it is holding. */
191 OSStatus (*PluginDestroy
)(AuthorizationPluginRef inPlugin
);
193 /* The plugin should create an AuthorizationMechanismRef and remeber inEngine, mechanismId and callbacks for future reference. It is guaranteed that MechanismDestroy will be called on the returned AuthorizationMechanismRef sometime after this function. */
194 OSStatus (*MechanismCreate
)(AuthorizationPluginRef inPlugin
,
195 AuthorizationEngineRef inEngine
,
196 AuthorizationMechanismId mechanismId
,
197 AuthorizationMechanismRef
*outMechanism
);
199 /* Invoke (or evaluate) an instance of a mechanism (created with MechanismCreate). It should call SetResult during or after returning from this function. */
200 OSStatus (*MechanismInvoke
)(AuthorizationMechanismRef inMechanism
);
202 /* Plugin should respond with a SessionDidDeactivate asap. */
203 OSStatus (*MechanismDeactivate
)(AuthorizationMechanismRef inMechanism
);
205 OSStatus (*MechanismDestroy
)(AuthorizationMechanismRef inMechanism
);
207 } AuthorizationPluginInterface
;
210 /* @function AuthorizationPluginCreate
212 Initialize a plugin after it gets loaded. This is the main entry point to a plugin. This function will only be called once and after all Mechanism instances have been destroyed outPluginInterface->PluginDestroy will be called.
214 @param callbacks (input) A pointer to an AuthorizationCallbacks which contains the callbacks implemented by the AuthorizationEngine.
215 @param outPlugin (output) On successful completion should contain a valid AuthorizationPluginRef. This will be passed in to any subsequent calls the engine makes to outPluginInterface->MechanismCreate and outPluginInterface->PluginDestroy.
216 @param outPluginInterface (output) On successful completion should contain a pointer to a AuthorizationPluginInterface that will stay valid until outPluginInterface->PluginDestroy is called. */
217 OSStatus
AuthorizationPluginCreate(const AuthorizationCallbacks
*callbacks
,
218 AuthorizationPluginRef
*outPlugin
,
219 const AuthorizationPluginInterface
**outPluginInterface
);
221 #if defined(__cplusplus)
225 #endif /* ! __AuthorizationPlugin__ */