//
// secagent.defs - Client-side Mach RPC interface to SecurityAgent.
//
// Note: one additional message ID code (Client::cancelMessagePseudoID) is used
// explicitly without showing up in this file.
//
#include <mach/std_types.defs>
#include <mach/mach_types.defs>
subsystem secagent 1000;
serverprefix secagent_server_;
userprefix secagent_client_;
import <Security/secagent_types.h>;
//
// Data types
//
type OSStatus = int32;
type pid_t = int32;
type AclAuthorization = unsigned32;
type Reason = unsigned32;
type String = c_string[*:2048];
type ConstString = c_string[*:2048];
type Username = c_string[*:80];
type Choice = struct[2] of unsigned32;
type MigBoolean = unsigned32;
//
// Common argument profiles
//
#define UCSP_PORTS requestport sport: mach_port_t; \
replyport rport: mach_port_t; \
out status: OSStatus
#define IN_BLOB(name) in name: name##Blob; in name##Base: name##Ptr
//
// Staged query maintainance (common to all staged queries)
//
routine finishStagedQuery(UCSP_PORTS);
routine cancelStagedQuery(UCSP_PORTS; in reason: Reason);
//
// Unlocking keychains by user input
//
routine unlockDatabase(UCSP_PORTS;
in requestor: ConstString; in requestPid: pid_t; in database: ConstString;
out stagePort: mach_port_copy_send_t; out passphrase: String);
routine retryUnlockDatabase(UCSP_PORTS; in reason: Reason; out passphrase: String);
//
// Get a new passphrase for a database
//
routine queryNewPassphrase(UCSP_PORTS;
in requestor: ConstString; in requestPid: pid_t; in database: ConstString;
in reason: Reason;
out stagePort: mach_port_copy_send_t; out passphrase: String);
routine retryNewPassphrase(UCSP_PORTS; in reason: Reason; out passphrase: String);
//
// "Rogue App" alert/confirm function
//
routine queryKeychainAccess(UCSP_PORTS;
in requestor: ConstString; in requestPid: pid_t; in database: ConstString;
in item: ConstString; in operation: AclAuthorization;
out choice: Choice);
//
// Generic new/old password prompt interface
//
routine queryNewGenericPassphrase(UCSP_PORTS;
in requestor: ConstString; in requestPid: pid_t; in prompt: ConstString;
in reason: Reason; out stagePort: mach_port_copy_send_t;
in showBox: MigBoolean; inout addBox: MigBoolean; out passphrase: String);
routine retryNewGenericPassphrase(UCSP_PORTS; in reason: Reason;
out addBox: MigBoolean; out passphrase: String);
routine queryOldGenericPassphrase(UCSP_PORTS;
in requestor: ConstString; in requestPid: pid_t; in prompt: ConstString;
out stagePort: mach_port_copy_send_t;
in showBox: MigBoolean; inout addBox: MigBoolean; out passphrase: String);
routine retryOldGenericPassphrase(UCSP_PORTS; in reason: Reason;
out addBox: MigBoolean; out passphrase: String);
//
// Authorization subsystem authentication option
//
routine authorizationAuthenticate(UCSP_PORTS;
in requestor: ConstString; in requestPid: pid_t;
in neededGroup: ConstString; in candidateUser: ConstString;
out stagePort: mach_port_copy_send_t;
out authenticatedUser: Username; out authenticatedPassword: String);
routine retryAuthorizationAuthenticate(UCSP_PORTS; in reason: Reason;
out authenticatedUser: Username; out authenticatedPassword: String);