1/*
2 * Copyright (c) 2000-2004 Apple Computer, Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24
25/*
26 *  AuthorizationTags.h -- Right tags for implementing access control in
27 *  applications and daemons
28 */
29
30#ifndef _SECURITY_AUTHORIZATIONTAGS_H_
31#define _SECURITY_AUTHORIZATIONTAGS_H_
32
33
34/*!
35	@header AuthorizationTags
36
37	This header defines some of the supported rights tags to be used in the Authorization API.
38*/
39
40
41/*!
42	@define kAuthorizationEnvironmentUsername
43	The name of the AuthorizationItem that should be passed into the environment when specifying a username.  The value and valueLength should contain the username itself.
44*/
45#define kAuthorizationEnvironmentUsername  "username"
46
47/*!
48	@define kAuthorizationEnvironmentPassword
49	The name of the AuthorizationItem that should be passed into the environment when specifying a password for a given username.  The value and valueLength should contain the actual password data.
50*/
51#define kAuthorizationEnvironmentPassword  "password"
52
53/*!
54	@define kAuthorizationEnvironmentShared
55	The name of the AuthorizationItem that should be passed into the environment when specifying a username and password.  Adding this entry to the environment will cause the username/password to be added to the shared credential pool of the calling applications session.  This means that further calls by other applications in this session will automatically have this credential availible to them.  The value is ignored.
56*/
57#define kAuthorizationEnvironmentShared  "shared"
58
59/*!
60	@define kAuthorizationRightExecute
61	The name of the AuthorizationItem that should be passed into the rights when preauthorizing for a call to AuthorizationExecuteWithPrivileges().
62
63	You need to aquire this right to be able to perform a AuthorizationExecuteWithPrivileges() operation.  In addtion to this right you should obtain whatever rights the tool you are executing with privileges need to perform it's operation on your behalf.  Currently no options are supported but you should pass in the full path of the tool you wish to execute in the value and valueLength fields.  In the future we will limit the right to only execute the requested path, and we will display this information to the user.
64*/
65#define kAuthorizationRightExecute "system.privilege.admin"
66
67/*!
68	@define kAuthorizationEnvironmentPrompt
69	The name of the AuthorizationItem that should be passed into the environment when specifying a invocation specific additional text.  The value should be a localized UTF8 string.
70*/
71#define kAuthorizationEnvironmentPrompt  "prompt"
72
73/*!
74	@define kAuthorizationEnvironmentIcon
75	The name of the AuthorizationItem that should be passed into the environment when specifying an alternate icon to be used.  The value should be a full path to and image NSImage can deal with.
76*/
77#define kAuthorizationEnvironmentIcon  "icon"
78
79
80#endif /* !_SECURITY_AUTHORIZATIONTAGS_H_ */
81