1/* 2 * Copyright (c) 2000-2004 Apple Computer, Inc. All Rights Reserved. 3 * 4 * @APPLE_LICENSE_HEADER_START@ 5 * 6 * This file contains Original Code and/or Modifications of Original Code 7 * as defined in and that are subject to the Apple Public Source License 8 * Version 2.0 (the 'License'). You may not use this file except in 9 * compliance with the License. Please obtain a copy of the License at 10 * http://www.opensource.apple.com/apsl/ and read it before using this 11 * file. 12 * 13 * The Original Code and all software distributed under the License are 14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 18 * Please see the License for the specific language governing rights and 19 * limitations under the License. 20 * 21 * @APPLE_LICENSE_HEADER_END@ 22 */ 23 24 25/* 26 * AuthorizationTags.h -- Right tags for implementing access control in 27 * applications and daemons 28 */ 29 30#ifndef _SECURITY_AUTHORIZATIONTAGS_H_ 31#define _SECURITY_AUTHORIZATIONTAGS_H_ 32 33 34/*! 35 @header AuthorizationTags 36 37 This header defines some of the supported rights tags to be used in the Authorization API. 38*/ 39 40 41/*! 42 @define kAuthorizationEnvironmentUsername 43 The name of the AuthorizationItem that should be passed into the environment when specifying a username. The value and valueLength should contain the username itself. 44*/ 45#define kAuthorizationEnvironmentUsername "username" 46 47/*! 48 @define kAuthorizationEnvironmentPassword 49 The name of the AuthorizationItem that should be passed into the environment when specifying a password for a given username. The value and valueLength should contain the actual password data. 50*/ 51#define kAuthorizationEnvironmentPassword "password" 52 53/*! 54 @define kAuthorizationEnvironmentShared 55 The name of the AuthorizationItem that should be passed into the environment when specifying a username and password. Adding this entry to the environment will cause the username/password to be added to the shared credential pool of the calling applications session. This means that further calls by other applications in this session will automatically have this credential availible to them. The value is ignored. 56*/ 57#define kAuthorizationEnvironmentShared "shared" 58 59/*! 60 @define kAuthorizationRightExecute 61 The name of the AuthorizationItem that should be passed into the rights when preauthorizing for a call to AuthorizationExecuteWithPrivileges(). 62 63 You need to aquire this right to be able to perform a AuthorizationExecuteWithPrivileges() operation. In addtion to this right you should obtain whatever rights the tool you are executing with privileges need to perform it's operation on your behalf. Currently no options are supported but you should pass in the full path of the tool you wish to execute in the value and valueLength fields. In the future we will limit the right to only execute the requested path, and we will display this information to the user. 64*/ 65#define kAuthorizationRightExecute "system.privilege.admin" 66 67/*! 68 @define kAuthorizationEnvironmentPrompt 69 The name of the AuthorizationItem that should be passed into the environment when specifying a invocation specific additional text. The value should be a localized UTF8 string. 70*/ 71#define kAuthorizationEnvironmentPrompt "prompt" 72 73/*! 74 @define kAuthorizationEnvironmentIcon 75 The name of the AuthorizationItem that should be passed into the environment when specifying an alternate icon to be used. The value should be a full path to and image NSImage can deal with. 76*/ 77#define kAuthorizationEnvironmentIcon "icon" 78 79 80#endif /* !_SECURITY_AUTHORIZATIONTAGS_H_ */ 81