1/* Copyright (c) 2012 Apple Inc. All rights reserved. */
2
3#ifndef _SECURITY_AUTH_AGENT_H_
4#define _SECURITY_AUTH_AGENT_H_
5
6#if defined(__cplusplus)
7extern "C" {
8#endif
9
10typedef enum _PluginState {
11    init,
12    created,
13    current,
14    deactivating,
15    active,
16    interrupting,
17    mechinterrupting,
18    dead
19} PluginState;
20
21typedef enum {
22    privilegedAuthHost,
23    securityAgent,
24    userAuthHost
25} AuthHostType;
26
27//
28// Unified reason codes transmitted to SecurityAgent (and internationalized there)
29//
30enum Reason {
31    noReason = 0,                   // no reason (not used, used as a NULL)
32    unknownReason,                  // something else (catch-all internal error)
33
34    // reasons for asking for a new passphrase
35    newDatabase = 11,               // need passphrase for a new database
36    changePassphrase,               // changing passphrase for existing database
37
38    // reasons for retrying an unlock query
39    invalidPassphrase = 21,         // passphrase was wrong
40
41    // reasons for retrying a new passphrase query
42    passphraseIsNull = 31,          // empty passphrase
43    passphraseTooSimple,            // passphrase is not complex enough
44    passphraseRepeated,             // passphrase was used before (must use new one)
45    passphraseUnacceptable,         // passphrase unacceptable for some other reason
46    oldPassphraseWrong,             // the old passphrase given is wrong
47
48    // reasons for retrying an authorization query
49    userNotInGroup = 41,            // authenticated user not in needed group
50    unacceptableUser,               // authenticated user unacceptable for some other reason
51
52    // reasons for canceling a staged query
53    tooManyTries = 61,              // too many failed attempts to get it right
54    noLongerNeeded,                 // the queried item is no longer needed
55    keychainAddFailed,              // the requested itemed couldn't be added to the keychain
56    generalErrorCancel,              // something went wrong so we have to give up now
57
58    worldChanged = 101
59};
60
61typedef enum {
62    tool = 'TOOL',
63    bundle = 'BNDL',
64    unknown = 'UNKN'
65} RequestorType;
66
67AUTH_WARN_RESULT AUTH_MALLOC AUTH_NONNULL_ALL AUTH_RETURNS_RETAINED
68agent_t agent_create(engine_t engine, mechanism_t mech, auth_token_t auth, process_t proc, bool firstMech);
69
70AUTH_NONNULL_ALL
71uint64_t agent_run(agent_t,auth_items_t hints, auth_items_t context, auth_items_t immutable_hints);
72
73AUTH_NONNULL_ALL
74auth_items_t agent_get_hints(agent_t);
75
76AUTH_NONNULL_ALL
77auth_items_t agent_get_context(agent_t);
78
79AUTH_NONNULL_ALL
80void agent_deactivate(agent_t);
81
82AUTH_NONNULL_ALL
83void agent_destroy(agent_t);
84
85AUTH_NONNULL_ALL
86PluginState agent_get_state(agent_t);
87
88AUTH_NONNULL_ALL
89mechanism_t agent_get_mechanism(agent_t);
90
91AUTH_NONNULL_ALL
92void agent_recieve(agent_t);
93
94AUTH_NONNULL_ALL
95void
96agent_notify_interrupt(agent_t agent);
97
98AUTH_NONNULL_ALL
99void
100agent_clear_interrupt(agent_t agent);
101
102#if defined(__cplusplus)
103}
104#endif
105
106#endif /* !_SECURITY_AUTH_AGENT_H_ */
107