1/* Copyright (c) 2012 Apple Inc. All rights reserved. */
2
3#ifndef _SECURITY_AUTH_RULE_H_
4#define _SECURITY_AUTH_RULE_H_
5
6#include "authdb.h"
7#include <CoreFoundation/CoreFoundation.h>
8#include <Security/SecRequirement.h>
9
10#if defined(__cplusplus)
11extern "C" {
12#endif
13
14typedef bool (^mechanism_iterator_t)(mechanism_t mechanism);
15typedef bool (^delegate_iterator_t)(rule_t delegate);
16
17typedef enum {
18    RT_RIGHT = 1,
19    RT_RULE
20} RuleType;
21
22typedef enum {
23    RC_USER = 1,
24    RC_RULE,
25    RC_MECHANISM,
26    RC_ALLOW,
27    RC_DENY
28} RuleClass;
29
30enum {
31    RuleFlagShared              = 1 << 0,
32    RuleFlagAllowRoot           = 1 << 1,
33    RuleFlagSessionOwner        = 1 << 2,
34    RuleFlagAuthenticateUser    = 1 << 3,
35    RuleFlagExtractPassword     = 1 << 4,
36    RuleFlagEntitled            = 1 << 5,
37    RuleFlagEntitledAndGroup    = 1 << 6,
38    RuleFlagRequireAppleSigned  = 1 << 7,
39    RuleFlagVPNEntitledAndGroup = 1 << 8
40};
41typedef uint32_t RuleFlags;
42
43AUTH_WARN_RESULT AUTH_MALLOC AUTH_NONNULL_ALL AUTH_RETURNS_RETAINED
44rule_t rule_create_default(void);
45
46AUTH_WARN_RESULT AUTH_MALLOC AUTH_NONNULL1 AUTH_RETURNS_RETAINED
47rule_t rule_create_with_string(const char *,authdb_connection_t);
48
49AUTH_WARN_RESULT AUTH_MALLOC AUTH_NONNULL_ALL AUTH_RETURNS_RETAINED
50rule_t rule_create_with_plist(RuleType,CFStringRef,CFDictionaryRef,authdb_connection_t);
51
52AUTH_NONNULL_ALL
53size_t rule_get_mechanisms_count(rule_t);
54
55AUTH_NONNULL_ALL
56CFArrayRef rule_get_mechanisms(rule_t);
57
58AUTH_NONNULL_ALL
59bool rule_mechanisms_iterator(rule_t,mechanism_iterator_t iter);
60
61AUTH_NONNULL_ALL
62size_t rule_get_delegates_count(rule_t);
63
64AUTH_NONNULL_ALL
65bool rule_delegates_iterator(rule_t,delegate_iterator_t iter);
66
67AUTH_NONNULL_ALL
68bool rule_sql_fetch(rule_t,authdb_connection_t);
69
70AUTH_NONNULL1 AUTH_NONNULL2
71bool rule_sql_commit(rule_t,authdb_connection_t,CFAbsoluteTime,process_t);
72
73AUTH_NONNULL_ALL
74bool rule_sql_remove(rule_t,authdb_connection_t);
75
76AUTH_NONNULL_ALL
77CFMutableDictionaryRef rule_copy_to_cfobject(rule_t,authdb_connection_t);
78
79AUTH_NONNULL_ALL
80int64_t rule_get_id(rule_t);
81
82AUTH_NONNULL_ALL
83const char * rule_get_name(rule_t);
84
85AUTH_NONNULL_ALL
86RuleType rule_get_type(rule_t);
87
88AUTH_NONNULL_ALL
89RuleClass rule_get_class(rule_t);
90
91AUTH_NONNULL_ALL
92const char * rule_get_group(rule_t);
93
94AUTH_NONNULL_ALL
95int64_t rule_get_kofn(rule_t);
96
97AUTH_NONNULL_ALL
98int64_t rule_get_timeout(rule_t);
99
100AUTH_NONNULL_ALL
101bool rule_check_flags(rule_t,RuleFlags);
102
103AUTH_NONNULL_ALL
104bool rule_get_shared(rule_t);
105
106AUTH_NONNULL_ALL
107bool rule_get_allow_root(rule_t);
108
109AUTH_NONNULL_ALL
110bool rule_get_session_owner(rule_t);
111
112AUTH_NONNULL_ALL
113bool rule_get_authenticate_user(rule_t);
114
115AUTH_NONNULL_ALL
116bool rule_get_extract_password(rule_t);
117
118AUTH_NONNULL_ALL
119int64_t rule_get_tries(rule_t);
120
121AUTH_NONNULL_ALL
122const char * rule_get_comment(rule_t);
123
124AUTH_NONNULL_ALL
125int64_t rule_get_version(rule_t);
126
127AUTH_NONNULL_ALL
128double rule_get_created(rule_t);
129
130AUTH_NONNULL_ALL
131double rule_get_modified(rule_t);
132
133AUTH_NONNULL_ALL
134const char * rule_get_identifier(rule_t);
135
136AUTH_NONNULL_ALL
137CFDataRef rule_get_requirment_data(rule_t);
138
139AUTH_NONNULL_ALL
140SecRequirementRef rule_get_requirment(rule_t);
141
142#if defined(__cplusplus)
143}
144#endif
145
146#endif /* !_SECURITY_AUTH_RULE_H_ */
147