1/*
2 * Copyright (c) 2001-2002,2004 Apple Computer, Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24
25/*
26 *  AuthorizationPlugin.h
27 *  AuthorizationPlugin -- APIs for implementing authorization plugins.
28 */
29
30#ifndef _SECURITY_AUTHORIZATIONPLUGIN_H_
31#define _SECURITY_AUTHORIZATIONPLUGIN_H_
32
33#include <Security/Authorization.h>
34
35#if defined(__cplusplus)
36extern "C" {
37#endif
38
39
40/*!
41	@header AuthorizationPlugin
42
43	The AuthorizationPlugin API allows the creation of plugins that can participate
44	in authorization decisions.  Using the AuthorizationDB API the system can be configured
45	to use these plugins.  Plugins are loaded into a separate process, the pluginhost, to
46	isolate the process of authorization from the client.  There are two types of pluginhosts.
47	One runs as an anonymous user and can be used to communicate with the user, for example
48	to ask for a password.  Another one runs with root privileges to perform privileged
49	operations that may be required.
50
51    A typical use is to implement additional policies that cannot be expressed in the
52    authorization configuration.
53
54    Plugins implement a handshake function called AuthorizationPluginCreate with which
55    their interface (AuthorizationPluginInterface) and the engine's interface
56    (AuthorizationCallbacks) are exchanged.  Plugins are asked to create
57    Mechanisms, which are the basic element as authorizations are performed.
58
59    Mechanisms are invoked when it is time for them to make a decision.  A decision is
60    made by setting a single result (AuthorizationResult).  Mechanisms in the
61    authorization can communicate auxiliary information by setting and/or getting hints
62    and setting and/or getting context data.  Hints are advisory and don't need to be
63    looked at, nor are they preserved as part of the authorization result. Context data
64    becomes part of the result of the authorization.
65
66    Context data is tagged with a flag that describes whether the information is returned
67    to the authorization client upon request (AuthorizationCopyInfo() in Authorization.h)
68    or whether it's private to the mechanisms making a decision.
69
70*/
71
72
73/*!
74	@typedef AuthorizationValue
75    Auxiliary data is passed between the engine and the mechanism as AuthorizationValues
76*/
77typedef struct AuthorizationValue
78{
79    size_t length;
80    void *data;
81} AuthorizationValue;
82
83/*!
84    @typedef AuthorizationValueVector
85    A vector of AuthorizationValues.  Used to communicate arguments passed from the
86    configuration file <code>authorization(5)</code>.
87*/
88typedef struct AuthorizationValueVector
89{
90	UInt32 count;
91	AuthorizationValue *values;
92} AuthorizationValueVector;
93
94/*!
95    @typedef
96    Data produced as context during the authorization evaluation is tagged.
97    If data is set to be extractable (kAuthorizationContextFlagExtractable), it will be possible for the client of authorization to obtain the value of this attribute using AuthorizationCopyInfo().
98    If data is marked as volatile (kAuthorizationContextFlagVolatile), this value will not be remembered in the AuthorizationRef.
99    Sticky data (kAuthorizationContextFlagSticky) persists through a failed or interrupted evaluation. It can be used to propagate an error condition from a downstream plugin to an upstream one. It is not remembered in the AuthorizationRef.
100*/
101typedef UInt32 AuthorizationContextFlags;
102enum
103{
104    kAuthorizationContextFlagExtractable = (1 << 0),
105    kAuthorizationContextFlagVolatile = (1 << 1),
106    kAuthorizationContextFlagSticky = (1 << 2)
107};
108
109
110/*!
111	@typedef AuthorizationMechanismId
112    The mechanism id specified in the configuration is passed to the plugin to create the appropriate mechanism.
113*/
114typedef const AuthorizationString AuthorizationMechanismId;
115
116/*!
117    @typedef AuthorizationPluginId
118	Not used by plugin writers.  Loaded plugins are identified by their name.
119 */
120typedef const AuthorizationString AuthorizationPluginId;
121
122/*!
123	@typedef AuthorizationPluginRef
124	Handle passed back by the plugin writer when creating a plugin.  Any pluginhost will only instantiate one instance.  The handle is used when creating mechanisms.
125*/
126typedef void *AuthorizationPluginRef;
127
128/*!
129	@typedef AuthorizationMechanismRef
130	Handle passed back by the plugin writer when creating an an instance of a mechanism in a plugin.  One instance will be created for any authorization.
131*/
132typedef void *AuthorizationMechanismRef;
133
134/*!
135	@typedef AuthorizationEngineRef
136	Handle passed from the engine to an instance of a mechanism in a plugin (corresponds to a particular AuthorizationMechanismRef).
137*/
138typedef struct __OpaqueAuthorizationEngine *AuthorizationEngineRef;
139
140/*!
141	@typedef AuthorizationSessionId
142	A unique value for an AuthorizationSession being evaluated, provided by the authorization engine.
143    A session is represented by a top level call to an Authorization API.
144*/
145typedef void *AuthorizationSessionId;
146
147/*!
148	@typedef AuthorizationResult
149	Type for SetResult().  See AuthorizationResultConstants for all allowed values.
150*/
151typedef UInt32 AuthorizationResult;
152
153/*!
154    @enum AuthorizationResultConstants
155	Possible values for SetResult() in AuthorizationCallbacks.
156
157    @constant kAuthorizationResultAllow the operation succeeded and authorization should be granted as far as this mechanism is concerned.
158    @constant kAuthorizationResultDeny the operation succeeded but authorization should be denied as far as this mechanism is concerned.
159    @constant kAuthorizationResultUndefined the operation failed for some reason and should not be retried for this session.
160    @constant kAuthorizationResultUserCanceled the user has requested that the evaluation be terminated.
161*/
162enum {
163    kAuthorizationResultAllow,
164    kAuthorizationResultDeny,
165    kAuthorizationResultUndefined,
166    kAuthorizationResultUserCanceled,
167};
168
169/*!
170    @enum
171    Version of the interface (AuthorizationPluginInterface) implemented by the plugin.
172    The value is matched to the definition in this file.
173*/
174enum {
175    kAuthorizationPluginInterfaceVersion = 0
176};
177
178/*!
179    @enum
180    Version of the callback structure (AuthorizationCallbacks) passed to the plugin.
181    The value is matched to the definition in this file.  The engine may provide a newer
182    interface.
183*/
184enum {
185    kAuthorizationCallbacksVersion = 1
186};
187
188
189/*!
190    @struct
191    Callback API provided by the AuthorizationEngine.
192
193    @field version      Engine callback version.
194    @field SetResult    Set a result after a call to AuthorizationSessionInvoke.
195    @field RequestInterrupt Request authorization engine to interrupt all mechamisms invoked after this mechamism has called SessionSetResult and then call AuthorizationSessionInvoke again.
196    @field DidDeactivate    Respond to the Deactivate request.
197    @field GetContextValue  Read value from context.  AuthorizationValue does not own data.
198    @field SetContextValue  Write value to context.  AuthorizationValue and data are copied.
199    @field GetHintValue     Read value from hints. AuthorizationValue does not own data.
200    @field SetHintValue     Write value to hints.  AuthorizationValue and data are copied.
201    @field GetArguments     Read arguments passed.  AuthorizationValueVector does not own data.
202    @field GetSessionId     Read SessionId.
203*/
204typedef struct AuthorizationCallbacks {
205
206    /* Engine callback version. */
207    UInt32 version;
208
209    /* Set a result after a call to AuthorizationSessionInvoke. */
210    OSStatus (*SetResult)(AuthorizationEngineRef inEngine, AuthorizationResult inResult);
211
212    /* Request authorization engine to interrupt all mechamisms invoked after
213        this mechamism has called SessionSetResult and then call
214        AuthorizationSessionInvoke again. */
215    OSStatus (*RequestInterrupt)(AuthorizationEngineRef inEngine);
216
217    /* Respond to the Deactivate request. */
218    OSStatus (*DidDeactivate)(AuthorizationEngineRef inEngine);
219
220    /* Read value from context.  AuthorizationValue does not own data. */
221    OSStatus (*GetContextValue)(AuthorizationEngineRef inEngine,
222        AuthorizationString inKey,
223        AuthorizationContextFlags *outContextFlags,
224        const AuthorizationValue **outValue);
225
226    /* Write value to context.  AuthorizationValue and data are copied. */
227    OSStatus (*SetContextValue)(AuthorizationEngineRef inEngine,
228        AuthorizationString inKey,
229        AuthorizationContextFlags inContextFlags,
230        const AuthorizationValue *inValue);
231
232    /* Read value from hints. AuthorizationValue does not own data. */
233    OSStatus (*GetHintValue)(AuthorizationEngineRef inEngine,
234        AuthorizationString inKey,
235        const AuthorizationValue **outValue);
236
237    /* Write value to hints.  AuthorizationValue and data are copied. */
238    OSStatus (*SetHintValue)(AuthorizationEngineRef inEngine,
239        AuthorizationString inKey,
240        const AuthorizationValue *inValue);
241
242    /* Read arguments passed.  AuthorizationValueVector does not own data. */
243    OSStatus (*GetArguments)(AuthorizationEngineRef inEngine,
244        const AuthorizationValueVector **outArguments);
245
246    /* Read SessionId. */
247    OSStatus (*GetSessionId)(AuthorizationEngineRef inEngine,
248        AuthorizationSessionId *outSessionId);
249
250    /* Read value from hints. AuthorizationValue does not own data. */
251    OSStatus (*GetImmutableHintValue)(AuthorizationEngineRef inEngine,
252        AuthorizationString inKey,
253        const AuthorizationValue **outValue);
254
255} AuthorizationCallbacks;
256
257
258/*!
259    @struct
260    Interface that must be implemented by each plugin.
261
262    @field version  Must be set to kAuthorizationPluginInterfaceVersion
263    @field PluginDestroy    Plugin should clean up and release any resources it is holding.
264    @field MechanismCreate  The plugin should create a mechanism named mechanismId.  The mechanism needs to use the AuthorizationEngineRef for the callbacks and pass back a   AuthorizationMechanismRef for itself.  MechanismDestroy will be called when it is no longer needed.
265    @field MechanismInvoke  Invoke an instance of a mechanism.  It should call SetResult during or after returning from this function.
266    @field MechanismDeactivate  Mechanism should respond with a DidDeactivate as soon as possible
267    @field MechanismDestroy Mechanism should clean up and release any resources it is holding
268*/
269typedef struct AuthorizationPluginInterface
270{
271    /* Must be set to kAuthorizationPluginInterfaceVersion. */
272    UInt32 version;
273
274    /* Notify a plugin that it is about to be unloaded so it get a chance to clean up and release any resources it is holding.  */
275    OSStatus (*PluginDestroy)(AuthorizationPluginRef inPlugin);
276
277    /* The plugin should create a mechanism named mechanismId.  The mechanism needs to use the
278        AuthorizationEngineRef for the callbacks and pass back an AuthorizationMechanismRef for
279        itself.  MechanismDestroy will be called when it is no longer needed. */
280    OSStatus (*MechanismCreate)(AuthorizationPluginRef inPlugin,
281        AuthorizationEngineRef inEngine,
282        AuthorizationMechanismId mechanismId,
283        AuthorizationMechanismRef *outMechanism);
284
285    /* Invoke an instance of a mechanism.  It should call SetResult during or after returning from this function.  */
286    OSStatus (*MechanismInvoke)(AuthorizationMechanismRef inMechanism);
287
288    /* Mechanism should respond with a DidDeactivate as soon as possible. */
289    OSStatus (*MechanismDeactivate)(AuthorizationMechanismRef inMechanism);
290
291    /* Mechanism should clean up and release any resources it is holding. */
292    OSStatus (*MechanismDestroy)(AuthorizationMechanismRef inMechanism);
293
294} AuthorizationPluginInterface;
295
296
297/*!
298    @function AuthorizationPluginCreate
299
300    Initialize a plugin after it gets loaded.  This is the main entry point to a plugin.  This function will only be called once.
301    After all Mechanism instances have been destroyed outPluginInterface->PluginDestroy will be called.
302
303    @param callbacks (input) A pointer to an AuthorizationCallbacks which contains the callbacks implemented by the AuthorizationEngine.
304    @param outPlugin (output) On successful completion should contain a valid AuthorizationPluginRef.  This will be passed in to any subsequent calls the engine makes to  outPluginInterface->MechanismCreate and outPluginInterface->PluginDestroy.
305    @param outPluginInterface (output) On successful completion should contain a pointer to a AuthorizationPluginInterface that will stay valid until outPluginInterface->PluginDestroy is called. */
306OSStatus AuthorizationPluginCreate(const AuthorizationCallbacks *callbacks,
307    AuthorizationPluginRef *outPlugin,
308    const AuthorizationPluginInterface **outPluginInterface);
309
310#if defined(__cplusplus)
311}
312#endif
313
314#endif /* _SECURITY_AUTHORIZATIONPLUGIN_H_ */
315