// // secagent.defs - Client-side Mach RPC interface to SecurityAgent. // // Note: one additional message ID code (Client::cancelMessagePseudoID) is used // explicitly without showing up in this file. // #include #include subsystem secagent 1000; serverprefix secagent_server_; userprefix secagent_client_; import ; // // Data types // type OSStatus = int32; type pid_t = int32; type AclAuthorization = unsigned32; type Reason = unsigned32; type String = c_string[*:2048]; type ConstString = c_string[*:2048]; type Username = c_string[*:80]; type Choice = struct[2] of unsigned32; type MigBoolean = unsigned32; type Data = array [] of char; type AuthorizationString = c_string[*:1024]; type AuthorizationItemSetBlob = Data ctype: AuthorizationItemSetPtr; type AuthorizationItemSetPtr = unsigned32; type AuthorizationValueVectorBlob = Data ctype: AuthorizationValueVectorPtr; type AuthorizationValueVectorPtr = unsigned32; type AuthorizationResultInt = unsigned32; // // Common argument profiles // #define UCSP_PORTS requestport sport: mach_port_t; \ replyport rport: mach_port_t; \ out status: OSStatus #define IN_BLOB(name,type) in name: type##Blob; in name##Base: type##Ptr #define OUT_BLOB(name,type) out name: type##Blob; out name##Base: type##Ptr // // Staged query maintainance (common to all staged queries) // routine finishStagedQuery(UCSP_PORTS); routine cancelStagedQuery(UCSP_PORTS; in reason: Reason); // // Unlocking keychains by user input // routine unlockDatabase(UCSP_PORTS; in requestor: ConstString; in requestPid: pid_t; in database: ConstString; out stagePort: mach_port_copy_send_t; out passphrase: String); routine retryUnlockDatabase(UCSP_PORTS; in reason: Reason; out passphrase: String); // // Get a new passphrase for a database // routine queryNewPassphrase(UCSP_PORTS; in requestor: ConstString; in requestPid: pid_t; in database: ConstString; in reason: Reason; out stagePort: mach_port_copy_send_t; out passphrase: String); routine retryNewPassphrase(UCSP_PORTS; in reason: Reason; out passphrase: String); // // "Rogue App" alert/confirm function // routine queryKeychainAccess(UCSP_PORTS; in requestor: ConstString; in requestPid: pid_t; in database: ConstString; in item: ConstString; in operation: AclAuthorization; in needPassphrase: MigBoolean; out choice: Choice); // // Generic new/old password prompt interface // routine queryNewGenericPassphrase(UCSP_PORTS; in requestor: ConstString; in requestPid: pid_t; in prompt: ConstString; in reason: Reason; out stagePort: mach_port_copy_send_t; in showBox: MigBoolean; inout addBox: MigBoolean; out passphrase: String); routine retryNewGenericPassphrase(UCSP_PORTS; in reason: Reason; out addBox: MigBoolean; out passphrase: String); routine queryOldGenericPassphrase(UCSP_PORTS; in requestor: ConstString; in requestPid: pid_t; in prompt: ConstString; out stagePort: mach_port_copy_send_t; in showBox: MigBoolean; inout addBox: MigBoolean; out passphrase: String); routine retryOldGenericPassphrase(UCSP_PORTS; in reason: Reason; out addBox: MigBoolean; out passphrase: String); // // Authorization subsystem authentication option // routine authorizationAuthenticate(UCSP_PORTS; in requestor: ConstString; in requestPid: pid_t; in neededGroup: ConstString; in candidateUser: ConstString; out stagePort: mach_port_copy_send_t; out authenticatedUser: Username; out authenticatedPassword: String); routine retryAuthorizationAuthenticate(UCSP_PORTS; in reason: Reason; out authenticatedUser: Username; out authenticatedPassword: String); routine invokeMechanism(UCSP_PORTS; out stagePort: mach_port_copy_send_t; // plugin id in pluginId: AuthorizationString; // mechanism id in mechanismId: AuthorizationString; IN_BLOB(argumentsIn,AuthorizationValueVector); IN_BLOB(hintsIn,AuthorizationItemSet); IN_BLOB(contextIn,AuthorizationItemSet); // result out resultOut: AuthorizationResultInt; OUT_BLOB(hintsOut,AuthorizationItemSet); OUT_BLOB(contextOut,AuthorizationItemSet) ); routine terminate(requestport sport: mach_port_t; replyport rport: mach_port_t);