2 * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
4 * The contents of this file constitute Original Code as defined in and are
5 * subject to the Apple Public Source License Version 1.2 (the 'License').
6 * You may not use this file except in compliance with the License. Please obtain
7 * a copy of the License at http://www.apple.com/publicsource and read it before
10 * This Original Code and all software distributed under the License are
11 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
12 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
13 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
14 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
15 * specific language governing rights and limitations under the License.
21 * AuthSession - APIs for managing login, authorization, and security Sessions.
23 #if !defined(__AuthSession__)
24 #define __AuthSession__ 1
26 #include <Security/Authorization.h>
28 #if defined(__cplusplus)
36 The Session API provides specialized applications access to Session management and inquiry
37 functions. This is a specialized API that should not be of interest to most people.
39 If you do not know what "Session" means in the context of MacOS Authorization and security,
40 please check with your documentation and come back when you have figured it out - we won't
43 This API is tentative, preliminary, incomplete, internal, and subject to change.
49 @typedef SecuritySessionId
50 These are externally visible identifiers for authorization sessions.
51 Different sessions have different identifiers; beyond that, you can't
52 tell anything from these values.
53 SessionIds can be compared for equality as you'd expect, but you should be careful
54 to use attribute bits wherever appropriate. For example, don't rely on there being
55 "the" graphical login session - some day, we may have more than one...
57 typedef UInt32 SecuritySessionId
;
61 @enum SecuritySessionId
62 Here are some special values for SecuritySessionId. You may specify those
63 on input to SessionAPI functions. They will never be returned from such
67 noSecuritySession
= 0, /* definitely not a valid SecuritySessionId */
68 callerSecuritySession
= -1 /* the Session I (the caller) am in */
73 @enum SessionAttributeBits
74 Each Session has a set of attribute bits. You can get those from the
75 SessionGetInfo API function.
77 typedef UInt32 SessionAttributeBits
;
80 sessionIsRoot
= 0x0001, /* is the root session (startup/system programs) */
81 sessionHasGraphicAccess
= 0x0010, /* graphic subsystem (CoreGraphics et al) available */
82 sessionHasTTY
= 0x0020, /* /dev/tty is available */
83 sessionIsRemote
= 0x1000, /* session was established over the network */
85 sessionWasInitialized
= 0x8000 /* session has been set up by its leader */
90 @enum SessionCreationFlags
91 These flags control how a new session is created by SessionCreate.
92 They have no permanent meaning beyond that.
94 typedef UInt32 SessionCreationFlags
;
97 sessionKeepCurrentBootstrap
= 0x8000 /* caller has allocated sub-bootstrap (expert use only) */
103 Error codes returned by AuthSession API.
104 Note that the AuthSession APIs can also return Authorization API error codes.
107 errSessionSuccess
= 0, /* all is well */
108 errSessionInvalidId
= -60500, /* invalid session id specified */
109 errSessionInvalidAttributes
= -60501, /* invalid set of requested attribute bits */
110 errSessionAuthorizationDenied
= -60502, /* you are not allowed to do this */
112 errSessionInternal
= errAuthorizationInternal
, /* internal error */
113 errSessionInvalidFlags
= errAuthorizationInvalidFlags
/* invalid flags/options */
118 @function SessionGetInfo
119 Obtain information about a session.
121 @param session (input) The Session you are asking about. Can be one of the
122 special constants defined above.
124 @param sessionId (output/optional) The actual SecuritySessionId for the session you asked about.
125 Will never be one of those constants.
127 @param attributes (output/optional) Receives the attribute bits for the session.
129 @result An OSStatus indicating success (noErr) or an error cause.
131 errSessionInvalidId -60500 Invalid session id specified
134 OSStatus
SessionGetInfo(SecuritySessionId session
,
135 SecuritySessionId
*sessionId
,
136 SessionAttributeBits
*attributes
);
140 @function SessionCreate
141 This (very specialized) function creates and/or initializes a security session.
142 It always sets up the session that the calling process belongs to - you cannot
143 create a session for someone else.
144 By default, a new bootstrap subset port is created for the calling process. The process
145 acquires this new port as its bootstrap port, which all its children will inherit.
146 If you happen to have created the subset port on your own, you can pass the
147 sessionKeepCurrentBootstrap flag, and SessionCreate will use it. Note however that
148 you cannot supersede a prior SessionCreate call that way; only a single SessionCreate
149 call is allowed for each Session (however made).
151 @param flags Flags controlling how the session is created.
153 @param attributes The set of attribute bits to set for the new session.
154 Not all bits can be set this way.
156 @result An OSStatus indicating success (noErr) or an error cause.
158 errSessionInvalidAttributes -60501 Attempt to set invalid attribute bits
159 errSessionAuthorizationDenied -60502 Attempt to re-initialize a session
160 errSessionInvalidFlags -60011 Attempt to specify unsupported flag bits
163 OSStatus
SessionCreate(SessionCreationFlags flags
,
164 SessionAttributeBits attributes
);
167 #if defined(__cplusplus)
171 #endif /* ! __AuthSession__ */
projects / apple / security.git / blob