objc2_security/generated/

AuthorizationPlugin.rs

//! This file has been automatically generated by `objc2`'s `header-translator`.
//! DO NOT EDIT
use core::cell::UnsafeCell;
use core::ffi::*;
use core::marker::{PhantomData, PhantomPinned};
use core::ptr::NonNull;
#[cfg(feature = "objc2")]
use objc2::__framework_prelude::*;
use objc2_core_foundation::*;

use crate::*;

/// Auxiliary data is passed between the engine and the mechanism as AuthorizationValues
///
/// See also [Apple's documentation](https://developer.apple.com/documentation/security/authorizationvalue?language=objc)
#[repr(C)]
#[derive(Clone, Copy, Debug, PartialEq)]
pub struct AuthorizationValue {
    pub length: usize,
    pub data: *mut c_void,
}

#[cfg(feature = "objc2")]
unsafe impl Encode for AuthorizationValue {
    const ENCODING: Encoding = Encoding::Struct(
        "AuthorizationValue",
        &[<usize>::ENCODING, <*mut c_void>::ENCODING],
    );
}

#[cfg(feature = "objc2")]
unsafe impl RefEncode for AuthorizationValue {
    const ENCODING_REF: Encoding = Encoding::Pointer(&Self::ENCODING);
}

/// A vector of AuthorizationValues.  Used to communicate arguments passed from the
/// configuration file
/// <code>
/// authorization(5)
/// </code>
/// .
///
/// See also [Apple's documentation](https://developer.apple.com/documentation/security/authorizationvaluevector?language=objc)
#[repr(C)]
#[derive(Clone, Copy, Debug, PartialEq)]
pub struct AuthorizationValueVector {
    pub count: u32,
    pub values: NonNull<AuthorizationValue>,
}

#[cfg(feature = "objc2")]
unsafe impl Encode for AuthorizationValueVector {
    const ENCODING: Encoding = Encoding::Struct(
        "AuthorizationValueVector",
        &[<u32>::ENCODING, <NonNull<AuthorizationValue>>::ENCODING],
    );
}

#[cfg(feature = "objc2")]
unsafe impl RefEncode for AuthorizationValueVector {
    const ENCODING_REF: Encoding = Encoding::Pointer(&Self::ENCODING);
}

/// Data produced as context during the authorization evaluation is tagged.
/// If data is set to be extractable (kAuthorizationContextFlagExtractable), it will be possible for the client of authorization to obtain the value of this attribute using AuthorizationCopyInfo().
/// If data is marked as volatile (kAuthorizationContextFlagVolatile), this value will not be remembered in the AuthorizationRef.
/// Sticky data (kAuthorizationContextFlagSticky) persists through a failed or interrupted evaluation. It can be used to propagate an error condition from a downstream plugin to an upstream one. It is not remembered in the AuthorizationRef.
///
/// See also [Apple's documentation](https://developer.apple.com/documentation/security/authorizationcontextflags?language=objc)
// NS_OPTIONS
#[repr(transparent)]
#[derive(Clone, Copy, Debug, PartialEq, Eq, Hash, PartialOrd, Ord)]
pub struct AuthorizationContextFlags(pub u32);
bitflags::bitflags! {
    impl AuthorizationContextFlags: u32 {
        #[doc(alias = "kAuthorizationContextFlagExtractable")]
        const Extractable = 1<<0;
        #[doc(alias = "kAuthorizationContextFlagVolatile")]
        const Volatile = 1<<1;
        #[doc(alias = "kAuthorizationContextFlagSticky")]
        const Sticky = 1<<2;
    }
}

#[cfg(feature = "objc2")]
unsafe impl Encode for AuthorizationContextFlags {
    const ENCODING: Encoding = u32::ENCODING;
}

#[cfg(feature = "objc2")]
unsafe impl RefEncode for AuthorizationContextFlags {
    const ENCODING_REF: Encoding = Encoding::Pointer(&Self::ENCODING);
}

/// The mechanism id specified in the configuration is passed to the plugin to create the appropriate mechanism.
///
/// See also [Apple's documentation](https://developer.apple.com/documentation/security/authorizationmechanismid?language=objc)
#[cfg(feature = "Authorization")]
pub type AuthorizationMechanismId = AuthorizationString;

/// Not used by plugin writers.  Loaded plugins are identified by their name.
///
/// See also [Apple's documentation](https://developer.apple.com/documentation/security/authorizationpluginid?language=objc)
#[cfg(feature = "Authorization")]
pub type AuthorizationPluginId = AuthorizationString;

/// Handle passed back by the plugin writer when creating a plugin.  Any pluginhost will only instantiate one instance.  The handle is used when creating mechanisms.
///
/// See also [Apple's documentation](https://developer.apple.com/documentation/security/authorizationpluginref?language=objc)
pub type AuthorizationPluginRef = *mut c_void;

/// Handle passed back by the plugin writer when creating an an instance of a mechanism in a plugin.  One instance will be created for any authorization.
///
/// See also [Apple's documentation](https://developer.apple.com/documentation/security/authorizationmechanismref?language=objc)
pub type AuthorizationMechanismRef = *mut c_void;

/// [Apple's documentation](https://developer.apple.com/documentation/security/__opaqueauthorizationengine?language=objc)
#[repr(C)]
#[derive(Debug)]
pub struct __OpaqueAuthorizationEngine {
    inner: [u8; 0],
    _p: UnsafeCell<PhantomData<(*const UnsafeCell<()>, PhantomPinned)>>,
}

#[cfg(feature = "objc2")]
unsafe impl RefEncode for __OpaqueAuthorizationEngine {
    const ENCODING_REF: Encoding =
        Encoding::Pointer(&Encoding::Struct("__OpaqueAuthorizationEngine", &[]));
}

/// Handle passed from the engine to an instance of a mechanism in a plugin (corresponds to a particular AuthorizationMechanismRef).
///
/// See also [Apple's documentation](https://developer.apple.com/documentation/security/authorizationengineref?language=objc)
pub type AuthorizationEngineRef = *mut __OpaqueAuthorizationEngine;

/// A unique value for an AuthorizationSession being evaluated, provided by the authorization engine.
/// A session is represented by a top level call to an Authorization API.
///
/// See also [Apple's documentation](https://developer.apple.com/documentation/security/authorizationsessionid?language=objc)
pub type AuthorizationSessionId = *mut c_void;

/// Possible values for SetResult() in AuthorizationCallbacks.
///
/// See also [Apple's documentation](https://developer.apple.com/documentation/security/authorizationresult?language=objc)
// NS_CLOSED_ENUM
#[repr(u32)]
#[derive(Clone, Copy, Debug, PartialEq, Eq, Hash, PartialOrd, Ord)]
pub enum AuthorizationResult {
    #[doc(alias = "kAuthorizationResultAllow")]
    Allow = 0,
    #[doc(alias = "kAuthorizationResultDeny")]
    Deny = 1,
    #[doc(alias = "kAuthorizationResultUndefined")]
    Undefined = 2,
    #[doc(alias = "kAuthorizationResultUserCanceled")]
    UserCanceled = 3,
}

#[cfg(feature = "objc2")]
unsafe impl Encode for AuthorizationResult {
    const ENCODING: Encoding = u32::ENCODING;
}

#[cfg(feature = "objc2")]
unsafe impl RefEncode for AuthorizationResult {
    const ENCODING_REF: Encoding = Encoding::Pointer(&Self::ENCODING);
}

/// [Apple's documentation](https://developer.apple.com/documentation/security/kauthorizationplugininterfaceversion?language=objc)
pub const kAuthorizationPluginInterfaceVersion: c_uint = 0;

/// [Apple's documentation](https://developer.apple.com/documentation/security/kauthorizationcallbacksversion?language=objc)
pub const kAuthorizationCallbacksVersion: c_uint = 4;

/// Callback API provided by the AuthorizationEngine.
///
/// Field: version      Engine callback version.
/// Field: SetResult    Set a result after a call to AuthorizationSessionInvoke.
/// Field: RequestInterrupt Request authorization engine to interrupt all mechamisms invoked after this mechamism has called SessionSetResult and then call AuthorizationSessionInvoke again.
/// Field: DidDeactivate    Respond to the Deactivate request.
/// Field: GetContextValue  Read value from context.  AuthorizationValue does not own data.
/// Field: SetContextValue  Write value to context.  AuthorizationValue and data are copied.
/// Field: GetHintValue     Read value from hints. AuthorizationValue does not own data.
/// Field: SetHintValue     Write value to hints.  AuthorizationValue and data are copied.
/// Field: GetArguments     Read arguments passed.  AuthorizationValueVector does not own data.
/// Field: GetSessionId     Read SessionId.
/// Field: GetLAContext     Returns LAContext which will have LACredentialCTKPIN credential set if PIN is available otherwise context without credentials is returned. LAContext can be used for operations with Tokens which would normally require PIN. Caller owns returned context and is responsible for release.
/// Field: GetTokenIdentities   Returns array of identities. Caller owns returned array and is reponsible for release.
/// Field: GetTKTokenWatcher    Returns TKTokenWatcher object. Caller owns returned context and is responsible for release.
/// Field: RemoveContextValue   Removes value from context.
/// Field: RemoveHintValue      Removes value from hints.
///
/// See also [Apple's documentation](https://developer.apple.com/documentation/security/authorizationcallbacks?language=objc)
#[cfg(feature = "Authorization")]
#[repr(C)]
#[allow(unpredictable_function_pointer_comparisons)]
#[derive(Clone, Copy, Debug, PartialEq)]
pub struct AuthorizationCallbacks {
    pub version: u32,
    pub SetResult:
        unsafe extern "C-unwind" fn(AuthorizationEngineRef, AuthorizationResult) -> OSStatus,
    pub RequestInterrupt: unsafe extern "C-unwind" fn(AuthorizationEngineRef) -> OSStatus,
    pub DidDeactivate: unsafe extern "C-unwind" fn(AuthorizationEngineRef) -> OSStatus,
    pub GetContextValue: unsafe extern "C-unwind" fn(
        AuthorizationEngineRef,
        AuthorizationString,
        *mut AuthorizationContextFlags,
        *mut *const AuthorizationValue,
    ) -> OSStatus,
    pub SetContextValue: unsafe extern "C-unwind" fn(
        AuthorizationEngineRef,
        AuthorizationString,
        AuthorizationContextFlags,
        NonNull<AuthorizationValue>,
    ) -> OSStatus,
    pub GetHintValue: unsafe extern "C-unwind" fn(
        AuthorizationEngineRef,
        AuthorizationString,
        *mut *const AuthorizationValue,
    ) -> OSStatus,
    pub SetHintValue: unsafe extern "C-unwind" fn(
        AuthorizationEngineRef,
        AuthorizationString,
        NonNull<AuthorizationValue>,
    ) -> OSStatus,
    pub GetArguments: unsafe extern "C-unwind" fn(
        AuthorizationEngineRef,
        NonNull<*const AuthorizationValueVector>,
    ) -> OSStatus,
    pub GetSessionId: unsafe extern "C-unwind" fn(
        AuthorizationEngineRef,
        *mut AuthorizationSessionId,
    ) -> OSStatus,
    pub GetImmutableHintValue: unsafe extern "C-unwind" fn(
        AuthorizationEngineRef,
        AuthorizationString,
        *mut *const AuthorizationValue,
    ) -> OSStatus,
    pub GetLAContext:
        unsafe extern "C-unwind" fn(AuthorizationEngineRef, *mut *const CFType) -> OSStatus,
    pub GetTokenIdentities: unsafe extern "C-unwind" fn(
        AuthorizationEngineRef,
        NonNull<CFType>,
        *mut *const CFArray,
    ) -> OSStatus,
    pub GetTKTokenWatcher:
        unsafe extern "C-unwind" fn(AuthorizationEngineRef, *mut *const CFType) -> OSStatus,
    pub RemoveHintValue:
        unsafe extern "C-unwind" fn(AuthorizationEngineRef, AuthorizationString) -> OSStatus,
    pub RemoveContextValue:
        unsafe extern "C-unwind" fn(AuthorizationEngineRef, AuthorizationString) -> OSStatus,
}

#[cfg(all(feature = "Authorization", feature = "objc2"))]
unsafe impl Encode for AuthorizationCallbacks {
    const ENCODING: Encoding = Encoding::Struct("AuthorizationCallbacks", &[
        <u32>::ENCODING,
        <unsafe extern "C-unwind" fn(AuthorizationEngineRef,AuthorizationResult,) -> OSStatus>::ENCODING,
        <unsafe extern "C-unwind" fn(AuthorizationEngineRef,) -> OSStatus>::ENCODING,
        <unsafe extern "C-unwind" fn(AuthorizationEngineRef,) -> OSStatus>::ENCODING,
        <unsafe extern "C-unwind" fn(AuthorizationEngineRef,AuthorizationString,*mut AuthorizationContextFlags,*mut *const AuthorizationValue,) -> OSStatus>::ENCODING,
        <unsafe extern "C-unwind" fn(AuthorizationEngineRef,AuthorizationString,AuthorizationContextFlags,NonNull<AuthorizationValue>,) -> OSStatus>::ENCODING,
        <unsafe extern "C-unwind" fn(AuthorizationEngineRef,AuthorizationString,*mut *const AuthorizationValue,) -> OSStatus>::ENCODING,
        <unsafe extern "C-unwind" fn(AuthorizationEngineRef,AuthorizationString,NonNull<AuthorizationValue>,) -> OSStatus>::ENCODING,
        <unsafe extern "C-unwind" fn(AuthorizationEngineRef,NonNull<*const AuthorizationValueVector>,) -> OSStatus>::ENCODING,
        <unsafe extern "C-unwind" fn(AuthorizationEngineRef,*mut AuthorizationSessionId,) -> OSStatus>::ENCODING,
        <unsafe extern "C-unwind" fn(AuthorizationEngineRef,AuthorizationString,*mut *const AuthorizationValue,) -> OSStatus>::ENCODING,
        <unsafe extern "C-unwind" fn(AuthorizationEngineRef,*mut *const CFType,) -> OSStatus>::ENCODING,
        <unsafe extern "C-unwind" fn(AuthorizationEngineRef,NonNull<CFType>,*mut *const CFArray,) -> OSStatus>::ENCODING,
        <unsafe extern "C-unwind" fn(AuthorizationEngineRef,*mut *const CFType,) -> OSStatus>::ENCODING,
        <unsafe extern "C-unwind" fn(AuthorizationEngineRef,AuthorizationString,) -> OSStatus>::ENCODING,
        <unsafe extern "C-unwind" fn(AuthorizationEngineRef,AuthorizationString,) -> OSStatus>::ENCODING,
    ]);
}

#[cfg(all(feature = "Authorization", feature = "objc2"))]
unsafe impl RefEncode for AuthorizationCallbacks {
    const ENCODING_REF: Encoding = Encoding::Pointer(&Self::ENCODING);
}

/// Interface that must be implemented by each plugin.
///
/// Field: version  Must be set to kAuthorizationPluginInterfaceVersion
/// Field: PluginDestroy    Plugin should clean up and release any resources it is holding.
/// Field: MechanismCreate  The plugin should create a mechanism named mechanismId.  The mechanism needs to use the AuthorizationEngineRef for the callbacks and pass back a   AuthorizationMechanismRef for itself.  MechanismDestroy will be called when it is no longer needed.
/// Field: MechanismInvoke  Invoke an instance of a mechanism.  It should call SetResult during or after returning from this function.
/// Field: MechanismDeactivate  Mechanism should respond with a DidDeactivate as soon as possible
/// Field: MechanismDestroy Mechanism should clean up and release any resources it is holding
///
/// See also [Apple's documentation](https://developer.apple.com/documentation/security/authorizationplugininterface?language=objc)
#[cfg(feature = "Authorization")]
#[repr(C)]
#[allow(unpredictable_function_pointer_comparisons)]
#[derive(Clone, Copy, Debug, PartialEq)]
pub struct AuthorizationPluginInterface {
    pub version: u32,
    pub PluginDestroy: unsafe extern "C-unwind" fn(AuthorizationPluginRef) -> OSStatus,
    pub MechanismCreate: unsafe extern "C-unwind" fn(
        AuthorizationPluginRef,
        AuthorizationEngineRef,
        AuthorizationMechanismId,
        NonNull<AuthorizationMechanismRef>,
    ) -> OSStatus,
    pub MechanismInvoke: unsafe extern "C-unwind" fn(AuthorizationMechanismRef) -> OSStatus,
    pub MechanismDeactivate: unsafe extern "C-unwind" fn(AuthorizationMechanismRef) -> OSStatus,
    pub MechanismDestroy: unsafe extern "C-unwind" fn(AuthorizationMechanismRef) -> OSStatus,
}

#[cfg(all(feature = "Authorization", feature = "objc2"))]
unsafe impl Encode for AuthorizationPluginInterface {
    const ENCODING: Encoding = Encoding::Struct(
        "AuthorizationPluginInterface",
        &[
            <u32>::ENCODING,
            <unsafe extern "C-unwind" fn(AuthorizationPluginRef) -> OSStatus>::ENCODING,
            <unsafe extern "C-unwind" fn(
                AuthorizationPluginRef,
                AuthorizationEngineRef,
                AuthorizationMechanismId,
                NonNull<AuthorizationMechanismRef>,
            ) -> OSStatus>::ENCODING,
            <unsafe extern "C-unwind" fn(AuthorizationMechanismRef) -> OSStatus>::ENCODING,
            <unsafe extern "C-unwind" fn(AuthorizationMechanismRef) -> OSStatus>::ENCODING,
            <unsafe extern "C-unwind" fn(AuthorizationMechanismRef) -> OSStatus>::ENCODING,
        ],
    );
}

#[cfg(all(feature = "Authorization", feature = "objc2"))]
unsafe impl RefEncode for AuthorizationPluginInterface {
    const ENCODING_REF: Encoding = Encoding::Pointer(&Self::ENCODING);
}

extern "C-unwind" {
    /// Initialize a plugin after it gets loaded.  This is the main entry point to a plugin.  This function will only be called once.
    /// After all Mechanism instances have been destroyed outPluginInterface->PluginDestroy will be called.
    ///
    ///
    /// Parameter `callbacks`: (input) A pointer to an AuthorizationCallbacks which contains the callbacks implemented by the AuthorizationEngine.
    ///
    /// Parameter `outPlugin`: (output) On successful completion should contain a valid AuthorizationPluginRef.  This will be passed in to any subsequent calls the engine makes to  outPluginInterface->MechanismCreate and outPluginInterface->PluginDestroy.
    ///
    /// Parameter `outPluginInterface`: (output) On successful completion should contain a pointer to a AuthorizationPluginInterface that will stay valid until outPluginInterface->PluginDestroy is called.
    ///
    /// # Safety
    ///
    /// - `callbacks` must be a valid pointer.
    /// - `out_plugin` must be a valid pointer.
    /// - `out_plugin_interface` must be a valid pointer.
    #[cfg(feature = "Authorization")]
    pub fn AuthorizationPluginCreate(
        callbacks: NonNull<AuthorizationCallbacks>,
        out_plugin: NonNull<AuthorizationPluginRef>,
        out_plugin_interface: NonNull<*const AuthorizationPluginInterface>,
    ) -> OSStatus;
}