secagent.defs   [plain text]


//
// secagent.defs - Client-side Mach RPC interface to SecurityAgent.
//
// Note: one additional message ID code (Client::cancelMessagePseudoID) is used
// explicitly without showing up in this file.
//
#include <mach/std_types.defs>
#include <mach/mach_types.defs>

subsystem secagent 1000;
serverprefix secagent_server_;
userprefix secagent_client_;

import <Security/secagent_types.h>;


//
// Data types
//
type OSStatus = int32;
type pid_t = int32;
type AclAuthorization = unsigned32;
type Reason = unsigned32;
type String = c_string[*:2048];
type ConstString = c_string[*:2048];
type Username = c_string[*:80];
type Choice = struct[2] of unsigned32;
type MigBoolean = unsigned32;

type Data = array [] of char;

type AuthorizationString = c_string[*:1024];
type AuthorizationItemSetBlob = Data
	ctype: AuthorizationItemSetPtr;
type AuthorizationItemSetPtr = unsigned32;
type AuthorizationValueVectorBlob = Data
	ctype: AuthorizationValueVectorPtr;
type AuthorizationValueVectorPtr = unsigned32;

type AuthorizationResultInt = unsigned32;


//
// Common argument profiles
//

#define UCSP_PORTS	requestport sport: mach_port_t; \
					replyport rport: mach_port_t; \
					out status: OSStatus
#define IN_BLOB(name,type)	in name: type##Blob; in name##Base: type##Ptr
#define OUT_BLOB(name,type)	out name: type##Blob; out name##Base: type##Ptr


//
// Staged query maintainance (common to all staged queries)
//
routine finishStagedQuery(UCSP_PORTS);
routine cancelStagedQuery(UCSP_PORTS; in reason: Reason);


//
// Unlocking keychains by user input
//
routine unlockDatabase(UCSP_PORTS;
	in requestor: ConstString; in requestPid: pid_t; in database: ConstString;
	out stagePort: mach_port_copy_send_t; out passphrase: String);
routine retryUnlockDatabase(UCSP_PORTS; in reason: Reason; out passphrase: String);

//
// Get a new passphrase for a database
//
routine queryNewPassphrase(UCSP_PORTS;
	in requestor: ConstString; in requestPid: pid_t; in database: ConstString;
    in reason: Reason;
    out stagePort: mach_port_copy_send_t; out passphrase: String; out oldPassphrase: String);
routine retryNewPassphrase(UCSP_PORTS; in reason: Reason; out passphrase: String; out oldPassphrase: String);

//
// "Rogue App" alert/confirm function
//
routine queryKeychainAccess(UCSP_PORTS;
	in requestor: ConstString; in requestPid: pid_t; in database: ConstString;
	in item: ConstString; in operation: AclAuthorization; in needPassphrase: MigBoolean;
    out stagePort: mach_port_copy_send_t; out choice: Choice);

routine retryQueryKeychainAccess (UCSP_PORTS;
    in reason: Reason; out choice: Choice);

routine queryCodeIdentity(UCSP_PORTS;
	in requestor: ConstString; in requestPid: pid_t; in aclPath: ConstString; out choice: Choice);
    
//
// Generic new/old password prompt interface
//
routine queryNewGenericPassphrase(UCSP_PORTS;
    in requestor: ConstString; in requestPid: pid_t; in prompt: ConstString;
    in reason: Reason; out stagePort: mach_port_copy_send_t;
    in showBox: MigBoolean; inout addBox: MigBoolean; out passphrase: String);
routine retryNewGenericPassphrase(UCSP_PORTS; in reason: Reason;
    out addBox: MigBoolean; out passphrase: String);

routine queryOldGenericPassphrase(UCSP_PORTS;
    in requestor: ConstString; in requestPid: pid_t; in prompt: ConstString;
    out stagePort: mach_port_copy_send_t;
    in showBox: MigBoolean; inout addBox: MigBoolean; out passphrase: String);
routine retryOldGenericPassphrase(UCSP_PORTS; in reason: Reason;
    out addBox: MigBoolean; out passphrase: String);

//
// Authorization subsystem authentication option
//
routine authorizationAuthenticate(UCSP_PORTS;
	in requestor: ConstString; in requestPid: pid_t;
	in neededGroup: ConstString; in candidateUser: ConstString;
	out stagePort: mach_port_copy_send_t; 
        out authenticatedUser: Username; out authenticatedPassword: String);
routine retryAuthorizationAuthenticate(UCSP_PORTS; in reason: Reason;
	out authenticatedUser: Username; out authenticatedPassword: String);

routine invokeMechanism(UCSP_PORTS;
    out stagePort: mach_port_copy_send_t;
// plugin id 
    in pluginId: AuthorizationString;
// mechanism id 
    in mechanismId: AuthorizationString;
	IN_BLOB(argumentsIn,AuthorizationValueVector);
	IN_BLOB(hintsIn,AuthorizationItemSet);
	IN_BLOB(contextIn,AuthorizationItemSet);
// result 
    out resultOut: AuthorizationResultInt;
	OUT_BLOB(hintsOut,AuthorizationItemSet);
	OUT_BLOB(contextOut,AuthorizationItemSet)
);

routine terminate(requestport sport: mach_port_t;
    replyport rport: mach_port_t);