SetResult

Returns the result of an authorization operation.

Declaration

int (*)(struct __OpaqueAuthorizationEngine *, enum AuthorizationResult) SetResult;

Parameters

inEngine:
An opaque handle that is passed to your plug-in when the authorization engine calls your Mechanismcreate function.
inResult:
The result of the authorization attempt. See Authorizationresult for possible values.

Mentioned in

Extending authorization services with plug-ins

Return Value

A result code. Possible results are errAuthorizationSuccess (no error) and errAuthorizationInternal (Security Server internal error).

Discussion

When an application calls the AuthorizationCopyRights(_:_:_:_:_:) function to request a specific authorization right, the Security Agent looks for that right in the authorization policy database. If that right corresponds to your plug-in, the authorization engine calls the MechanismInvoke function for each mechanism listed in the policy database for your plug-in.

When the authorization engine calls your MechanismInvoke function, your plug-in should invoke the specified mechanism to attempt an authorization operation. You use the SetResult function to return the results of this operation. If the mechanism returns kAuthorizationResultAllow, then the authorization engine calls the next mechanism (if any) specified in the authorization policy database for the policy. If any of the mechanisms report a result other than kAuthorizationResultAllow, the authorization attempt fails. If all of the mechanisms report results of kAuthorizationResultAllow, the authorization is considered to have succeeded.

Note that you can spin off a separate process and return from MechanismInvoke before calling SetResult. For example, you might do so to avoid blocking the Security Server if your mechanism takes a significant amount of time to complete or if you want to be able to cancel the operation by calling the RequestInterrupt function (if, for example, the user has clicked Cancel).In that case, your separate process must call the SetResult function to report the result; the authorization engine does not call the next mechanism until you do so.

The authorization engine sends you the entry point to the SetResult function in an AuthorizationCallbacks structure when you call the AuthorizationPluginCreate function.