1/* Copyright (c) 2012 Apple Inc. All rights reserved. */ 2 3#ifndef _SECURITY_AUTH_RULE_H_ 4#define _SECURITY_AUTH_RULE_H_ 5 6#include "authdb.h" 7#include <CoreFoundation/CoreFoundation.h> 8#include <Security/SecRequirement.h> 9 10#if defined(__cplusplus) 11extern "C" { 12#endif 13 14typedef bool (^mechanism_iterator_t)(mechanism_t mechanism); 15typedef bool (^delegate_iterator_t)(rule_t delegate); 16 17typedef enum { 18 RT_RIGHT = 1, 19 RT_RULE 20} RuleType; 21 22typedef enum { 23 RC_USER = 1, 24 RC_RULE, 25 RC_MECHANISM, 26 RC_ALLOW, 27 RC_DENY 28} RuleClass; 29 30enum { 31 RuleFlagShared = 1 << 0, 32 RuleFlagAllowRoot = 1 << 1, 33 RuleFlagSessionOwner = 1 << 2, 34 RuleFlagAuthenticateUser = 1 << 3, 35 RuleFlagExtractPassword = 1 << 4, 36 RuleFlagEntitled = 1 << 5, 37 RuleFlagEntitledAndGroup = 1 << 6, 38 RuleFlagRequireAppleSigned = 1 << 7, 39 RuleFlagVPNEntitledAndGroup = 1 << 8 40}; 41typedef uint32_t RuleFlags; 42 43AUTH_WARN_RESULT AUTH_MALLOC AUTH_NONNULL_ALL AUTH_RETURNS_RETAINED 44rule_t rule_create_default(void); 45 46AUTH_WARN_RESULT AUTH_MALLOC AUTH_NONNULL1 AUTH_RETURNS_RETAINED 47rule_t rule_create_with_string(const char *,authdb_connection_t); 48 49AUTH_WARN_RESULT AUTH_MALLOC AUTH_NONNULL_ALL AUTH_RETURNS_RETAINED 50rule_t rule_create_with_plist(RuleType,CFStringRef,CFDictionaryRef,authdb_connection_t); 51 52AUTH_NONNULL_ALL 53size_t rule_get_mechanisms_count(rule_t); 54 55AUTH_NONNULL_ALL 56CFArrayRef rule_get_mechanisms(rule_t); 57 58AUTH_NONNULL_ALL 59bool rule_mechanisms_iterator(rule_t,mechanism_iterator_t iter); 60 61AUTH_NONNULL_ALL 62size_t rule_get_delegates_count(rule_t); 63 64AUTH_NONNULL_ALL 65bool rule_delegates_iterator(rule_t,delegate_iterator_t iter); 66 67AUTH_NONNULL_ALL 68bool rule_sql_fetch(rule_t,authdb_connection_t); 69 70AUTH_NONNULL1 AUTH_NONNULL2 71bool rule_sql_commit(rule_t,authdb_connection_t,CFAbsoluteTime,process_t); 72 73AUTH_NONNULL_ALL 74bool rule_sql_remove(rule_t,authdb_connection_t); 75 76AUTH_NONNULL_ALL 77CFMutableDictionaryRef rule_copy_to_cfobject(rule_t,authdb_connection_t); 78 79AUTH_NONNULL_ALL 80int64_t rule_get_id(rule_t); 81 82AUTH_NONNULL_ALL 83const char * rule_get_name(rule_t); 84 85AUTH_NONNULL_ALL 86RuleType rule_get_type(rule_t); 87 88AUTH_NONNULL_ALL 89RuleClass rule_get_class(rule_t); 90 91AUTH_NONNULL_ALL 92const char * rule_get_group(rule_t); 93 94AUTH_NONNULL_ALL 95int64_t rule_get_kofn(rule_t); 96 97AUTH_NONNULL_ALL 98int64_t rule_get_timeout(rule_t); 99 100AUTH_NONNULL_ALL 101bool rule_check_flags(rule_t,RuleFlags); 102 103AUTH_NONNULL_ALL 104bool rule_get_shared(rule_t); 105 106AUTH_NONNULL_ALL 107bool rule_get_allow_root(rule_t); 108 109AUTH_NONNULL_ALL 110bool rule_get_session_owner(rule_t); 111 112AUTH_NONNULL_ALL 113bool rule_get_authenticate_user(rule_t); 114 115AUTH_NONNULL_ALL 116bool rule_get_extract_password(rule_t); 117 118AUTH_NONNULL_ALL 119int64_t rule_get_tries(rule_t); 120 121AUTH_NONNULL_ALL 122const char * rule_get_comment(rule_t); 123 124AUTH_NONNULL_ALL 125int64_t rule_get_version(rule_t); 126 127AUTH_NONNULL_ALL 128double rule_get_created(rule_t); 129 130AUTH_NONNULL_ALL 131double rule_get_modified(rule_t); 132 133AUTH_NONNULL_ALL 134const char * rule_get_identifier(rule_t); 135 136AUTH_NONNULL_ALL 137CFDataRef rule_get_requirment_data(rule_t); 138 139AUTH_NONNULL_ALL 140SecRequirementRef rule_get_requirment(rule_t); 141 142#if defined(__cplusplus) 143} 144#endif 145 146#endif /* !_SECURITY_AUTH_RULE_H_ */ 147