X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/80e2389990082500d76eb566d4946be3e786c3ef..d8f41ccd20de16f8ebe2ccc84d47bf1cb2b26bbb:/libsecurity_authorization/lib/AuthorizationDB.h diff --git a/libsecurity_authorization/lib/AuthorizationDB.h b/libsecurity_authorization/lib/AuthorizationDB.h deleted file mode 100644 index 326f870d..00000000 --- a/libsecurity_authorization/lib/AuthorizationDB.h +++ /dev/null @@ -1,160 +0,0 @@ -/* - * Copyright (c) 2003 Apple Computer, Inc. All Rights Reserved. - * - * @APPLE_LICENSE_HEADER_START@ - * - * This file contains Original Code and/or Modifications of Original Code - * as defined in and that are subject to the Apple Public Source License - * Version 2.0 (the 'License'). You may not use this file except in - * compliance with the License. Please obtain a copy of the License at - * http://www.opensource.apple.com/apsl/ and read it before using this - * file. - * - * The Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. - * - * @APPLE_LICENSE_HEADER_END@ - */ - -/* - * AuthorizationDB.h -- APIs for managing the authorization policy database - * and daemons. - */ - -#ifndef _SECURITY_AUTHORIZATIONDB_H_ -#define _SECURITY_AUTHORIZATIONDB_H_ - -#include -#include - -#if defined(__cplusplus) -extern "C" { -#endif - -/*! - @header AuthorizationDB - Version 1.0 - - This API allows for any programs to get, modify, delete and add new right definitions to the policy database. Meta-rights specify whether and what authorization is required to make these modifications. - - AuthorizationRightSet(authRef, "com.ifoo.ifax.send", CFSTR(kRuleIsAdmin), CFSTR("You must authenticate to send a fax."), NULL, NULL) - - add a rule for letting admins send faxes using a canned rule, delegating to a pre-specified rule that authorizes everyone who is an admin. - - AuthorizationRightSet(authRef, "com.ifoo.ifax.send", [[CFSTR(kRightRule), CFSTR(kRuleIsAdmin)], [CFSTR(kRightComment), CFSTR("authorizes sending of 1 fax message")]], CFSTR("Authorize sending of a fax"), NULL, NULL) - - add identical rule, but specify additional attributes this time. - - Keep in mind while specifying a comment to be specific about what you need to authorize for (1 fax), in terms of a general message for user. The means of proof required for kRuleIsAdmin (enter username/password for example) should not be included here, since it could be configured differently. Also note that the "authRef" variable used in each of the above examples must be a vaild AuthorizationRef obtained from AuthorizationCreate(). - -*/ - -/*! @define kRightRule - rule delegation key. Instead of specifying exact behavior some canned rules - are shipped that may be switched by configurable security. -*/ -#define kAuthorizationRightRule "rule" - -/*! @defined kRuleIsAdmin - canned rule values for use with rule delegation definitions: require user to be an admin. -*/ -#define kAuthorizationRuleIsAdmin "is-admin" - -/*! @defined kRuleAuthenticateAsSessionUser - canned rule value for use with rule delegation definitions: require user to authenticate as the session owner (logged-in user). -*/ -#define kAuthorizationRuleAuthenticateAsSessionUser "authenticate-session-owner" - -/*! @defined kRuleAuthenticateAsAdmin - Canned rule value for use with rule delegation definitions: require user to authenticate as admin. -*/ -#define kAuthorizationRuleAuthenticateAsAdmin "authenticate-admin" - -/*! @defined kAuthorizationRuleClassAllow - Class that allows anything. -*/ -#define kAuthorizationRuleClassAllow "allow" - -/*! @defined kAuthorizationRuleClassDeny - Class that denies anything. -*/ -#define kAuthorizationRuleClassDeny "deny" - -/*! @defined kAuthorizationComment - comments for the administrator on what is being customized here; - as opposed to (localized) descriptions presented to the user. -*/ -#define kAuthorizationComment "comment" - - - -/*! - @function AuthorizationRightGet - - Retrieves a right definition as a dictionary. There are no restrictions to keep anyone from retrieving these definitions. - - @param rightName (input) the rightname (ASCII). Wildcard rightname definitions are okay. - @param rightDefinition (output/optional) the dictionary with all keys defining the right. See documented keys. Passing in NULL will just check if there is a definition. The caller is responsible for releasing the returned dictionary. - - @result errAuthorizationSuccess 0 No error. - - errAuthorizationDenied -60005 No definition found. - -*/ -OSStatus AuthorizationRightGet(const char *rightName, - CFDictionaryRef *rightDefinition); - -/*! - @function AuthorizationRightSet - - Create or update a right entry. Only normal rights can be registered (wildcard rights are denied); wildcard rights are considered to be put in by an administrator putting together a site configuration. - - @param authRef (input) authRef to authorize modifications. - @param rightName (input) the rightname (ASCII). Wildcard rightnames are not okay. - @param rightDefinition (input) a CFString of the name of a rule to use (delegate) or CFDictionary containing keys defining one. - @param descriptionKey (input/optional) a CFString to use as a key for looking up localized descriptions. If no localization is found this will be the description itself. - @param bundle (input/optional) a bundle to get localizations from if not the main bundle. - @param localeTableName (input/optional) stringtable name to get localizations from. - - @result errAuthorizationSuccess 0 added right definition successfully. - - errAuthorizationDenied -60005 Unable to create or update right definition. - - errAuthorizationCanceled -60006 Authorization was canceled by user. - - errAuthorizationInteractionNotAllowed -60007 Interaction was required but not possible. - -*/ -OSStatus AuthorizationRightSet(AuthorizationRef authRef, - const char *rightName, - CFTypeRef rightDefinition, - CFStringRef descriptionKey, - CFBundleRef bundle, - CFStringRef localeTableName); - - - -/*! - @function AuthorizationRightRemove - - Request to remove a right from the policy database. - - @param authRef (input) authRef, to be used to authorize this action. - @param rightName (input) the rightname (ASCII). Wildcard rightnames are not okay. - -*/ -OSStatus AuthorizationRightRemove(AuthorizationRef authRef, - const char *rightName); - - -#if defined(__cplusplus) -} -#endif - -#endif /* !_SECURITY_AUTHORIZATIONDB_H_ */ -