Contents

SetContextValue

Stores data collected during authorization as a key-value pair.

Declaration

int (*)(struct __OpaqueAuthorizationEngine *, const char *, enum AuthorizationContextFlags, const struct AuthorizationValue *) SetContextValue;

Parameters

  • inEngine:

    An opaque handle that is passed to your plug-in when the authorization engine calls your Mechanismcreate function.

  • inKey:

    A key identifying the value you are storing. For standard values such as user names, use the keys listed in DirectoryService/DirServicesConst.h. If you need to define a new key, use reverse domain notation (such as com.apple.ifoo) and make sure the key is unique. For example, you can use your company name as a prefix for the key name.

  • inContextFlags:

    A flag that indicates whether this value should be available to the authorization client.

  • inValue:

    A pointer to an Authorizationvalue structure that contains the size of the context data and a pointer to the data. Both the structure and the data are copied to the context maintained by the Security Server.

Mentioned in

Return Value

A result code. Possible results are errAuthorizationSuccess (no error) and errAuthorizationInternal (Security Server internal error).

Discussion

Your plug-in authorization mechanism collects data such as the user name and other authentication information during evaluation of authorization. You can use this function to have the Security Server store this data and the GetContextValue function to retrieve it.

When you store this context data, you flag it to indicate whether the authorization client can obtain the value with the AuthorizationCopyInfo(_:_:_:) function. If data is set to be extractable (kAuthorizationContextFlagExtractable), it is possible for the authorization client to use the AuthorizationCopyInfo(_:_:_:) function to obtain the value. If data is marked as volatile (kAuthorizationContextFlagVolatile), the value is not available to the client. In any case, sensitive data such as a user’s password is not provided to the client.

The authorization engine sends you the entry point to the SetContextValue function in an AuthorizationCallbacks structure when you call the AuthorizationPluginCreate function.