overby.me
this repo has no description
1/*
2 * Copyright (c) 2009-2012 Apple Inc. All rights reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24#import <Foundation/Foundation.h>
25#import <OpenDirectory/OpenDirectory.h>
26
27enum {
28 ODPacketSigningDisabled = 0,
29 ODPacketSigningAllow = 1,
30 ODPacketSigningRequired = 2,
31};
32
33enum {
34 ODPacketEncryptionDisabled = 0,
35 ODPacketEncryptionAllow = 1,
36 ODPacketEncryptionRequired = 2,
37 ODPacketEncryptionSSL = 3,
38};
39
40@class SFAuthorization;
41@class ODMappings;
42
43/* Signifies that the configuration is "joined" to the directory (a.k.a., Authenticated binding) with it's own dedicated account (often a computer account) */
44FOUNDATION_EXPORT NSString *const ODTrustTypeJoined NS_AVAILABLE_MAC(10_9);
45
46/* Signfies that some form of credentials is being used to talk to this directory node */
47FOUNDATION_EXPORT NSString *const ODTrustTypeUsingCredentials NS_AVAILABLE_MAC(10_9);
48
49/* Signifies there is no account associated with this configuration */
50FOUNDATION_EXPORT NSString *const ODTrustTypeAnonymous NS_AVAILABLE_MAC(10_9);
51
52NS_CLASS_AVAILABLE(10_9, NA)
53@interface ODConfiguration : NSObject {
54 @protected
55 ODSession *session;
56 NSString *nodeName;
57 NSString *comment;
58 NSArray *defaultModuleEntries;
59 NSArray *authenticationModuleEntries;
60 NSArray *discoveryModuleEntries;
61 NSArray *generalModuleEntries;
62 ODMappings *defaultMappings;
63 NSString *templateName;
64 NSArray *virtualSubnodes;
65 BOOL hideRegistration;
66 NSString *preferredDestinationHostName;
67 uint16_t preferredDestinationHostPort;
68 NSString *trustAccount;
69 NSString *trustType;
70 NSString *trustKerberosPrincipal;
71 NSString *trustMetaAccount;
72 BOOL trustUsesMutualAuthentication;
73 BOOL trustUsesKerberosKeytab;
74 BOOL trustUsesSystemKeychain;
75 NSInteger packetSigning;
76 NSInteger packetEncryption;
77 BOOL manInTheMiddleProtection;
78 NSInteger queryTimeoutInSeconds;
79 NSInteger connectionSetupTimeoutInSeconds;
80 NSInteger connectionIdleTimeoutInSeconds;
81}
82
83/* the nodename associated with this configuration */
84@property(copy) NSString *nodeName NS_AVAILABLE_MAC(10_9);
85
86/* comment for this configuration */
87@property(copy) NSString *comment NS_AVAILABLE_MAC(10_9);
88
89/* default mappings for this configuration (used for all modules unless specific ones are set for the module) */
90@property(strong) ODMappings *defaultMappings NS_AVAILABLE_MAC(10_9);
91
92/*
93 * Name of the template used for this configuration, specifically loaded from /System/Library/OpenDirectory/Templates or /Library/OpenDirectory/Templates. These templates
94 * specify the module layout, settings, etc. appropriate for that template. Any settings in this configuration will override settings from the template
95 */
96@property(copy) NSString *templateName NS_AVAILABLE_MAC(10_9);
97
98/*
99 * A list of subnodenames to be registered on behalf of this configuration. For example, "subnode1" would register "/Nodename/subnode1" automatically so it is visible
100 * without loading the actual configuration/modules.
101 */
102@property(copy) NSArray *virtualSubnodes NS_AVAILABLE_MAC(10_9);
103
104/* Hides the registration of this node so it is not visible to clients in the UI. */
105@property(assign) BOOL hideRegistration NS_AVAILABLE_MAC(10_9);
106
107/* The optional hostname to be used with this configuration */
108@property(copy) NSString *preferredDestinationHostName NS_AVAILABLE_MAC(10_9);
109
110/* An optional port to be used in conjunction with the preferred hostname for this configuration */
111@property(assign) uint16_t preferredDestinationHostPort NS_AVAILABLE_MAC(10_9);
112
113/* The current trust account used with this configuration */
114@property(readonly, copy) NSString *trustAccount NS_AVAILABLE_MAC(10_9);
115
116/* The current trust meta account used with this configuration */
117@property(readonly, copy) NSString *trustMetaAccount NS_AVAILABLE_MAC(10_9);
118
119/* The current trust kerberos account used with this configuration */
120@property(readonly, copy) NSString *trustKerberosPrincipal NS_AVAILABLE_MAC(10_9);
121
122/* Type of trust established for this configuration */
123@property(readonly, copy) NSString *trustType NS_AVAILABLE_MAC(10_9);
124
125/* Trust uses mutual authentication for security */
126@property(readonly) BOOL trustUsesMutualAuthentication NS_AVAILABLE_MAC(10_9);
127
128/* Trust uses keytab for password storage */
129@property(readonly) BOOL trustUsesKerberosKeytab NS_AVAILABLE_MAC(10_9);
130
131/* Trust uses the system keychain to store password */
132@property(readonly) BOOL trustUsesSystemKeychain NS_AVAILABLE_MAC(10_9);
133
134/* Determines if packet signing is used for this configuration, should be one of the ODPacketSigning values */
135@property(assign) NSInteger packetSigning NS_AVAILABLE_MAC(10_9);
136
137/* Determins if packet encryption is used for this configuration, should be one of the ODPacketEncryption values */
138@property(assign) NSInteger packetEncryption NS_AVAILABLE_MAC(10_9);
139
140/* States if some man-in-the-middle protection is required */
141@property(assign) BOOL manInTheMiddleProtection NS_AVAILABLE_MAC(10_9);
142
143/* Timeout in seconds for all queries issued for this configuration */
144@property(assign) NSInteger queryTimeoutInSeconds NS_AVAILABLE_MAC(10_9);
145
146/* Timeout in seconds for connection setup for this configuration */
147@property(assign) NSInteger connectionSetupTimeoutInSeconds NS_AVAILABLE_MAC(10_9);
148
149/* Default timeout in seconds for all connections associated with this configuration */
150@property(assign) NSInteger connectionIdleTimeoutInSeconds NS_AVAILABLE_MAC(10_9);
151
152/* A list of default ODModuleEntry objects. Default modules are used in all categories, after all "specific" modules */
153@property(copy) NSArray *defaultModuleEntries NS_AVAILABLE_MAC(10_9);
154
155/* A list of authentication ODModuleEntry objects */
156@property(copy) NSArray *authenticationModuleEntries NS_AVAILABLE_MAC(10_9);
157
158/* A list of discovery ODModuleEntry objects */
159@property(copy) NSArray *discoveryModuleEntries NS_AVAILABLE_MAC(10_9);
160
161/* A list of general ODModuleEntry objects used for all other APIs (Queries, modifications, etc.) */
162@property(copy) NSArray *generalModuleEntries NS_AVAILABLE_MAC(10_9);
163
164/*!
165 * @method configuration
166 *
167 * @abstract
168 * Returns an initialized and autoreleased ODConfiguration object.
169 *
170 * @discussion
171 * Returns an initialized and autoreleased ODConfiguration object.
172 */
173+ (instancetype)configuration;
174
175/*!
176 * @method suggestedTrustAccount:
177 *
178 * @abstract
179 * Returns a suggested name to use for the trust account.
180 *
181 * @discussion
182 * Returns a suggested name to use for a trust account. This name will be derived from the hostname
183 * (if provided), otherwise it will be derived from the local hostname removing special characters
184 * that may not be allowed by many systems.
185 */
186+ (NSString *) suggestedTrustAccount:(NSString *)hostname NS_AVAILABLE_MAC(10_9);
187
188/*!
189 * @method suggestedTrustPassword:
190 *
191 * @abstract
192 * Returns a suggested password to be used for trust account with the requested length.
193 *
194 * @discussion
195 * Returns a suggested password to be used for trust account with the requested length.
196 */
197+ (NSString *) suggestedTrustPassword:(size_t)length NS_AVAILABLE_MAC(10_9);
198
199/*!
200 * @method saveUsingAuthorization:error:
201 *
202 * @abstract
203 * Saves the configuration using the provided authorization.
204 *
205 * @discussion
206 * Saves the configuration using the provided authorization.
207 */
208- (BOOL) saveUsingAuthorization:(SFAuthorization *)authorization error:(NSError **)error NS_AVAILABLE_MAC(10_9);
209
210/*!
211 * @method addTrustType:trustAccount:trustPassword:username:password:joinExisting:error:
212 *
213 * @abstract
214 * Adds a trust account with the provided name and password using the credentials provided by the user.
215 *
216 * @discussion
217 * Adds a trust account with the provided name and password using the credentials provided by the user. User can
218 * request that the trust be forcibly created (replacing existing trust if found in directory). A trust should be
219 * established only after enough configuration is available and the configuration been saved. If the trust is
220 * required, then the configuration can be deleted if necessary upon failure.
221 */
222- (BOOL) addTrustType:(NSString *)trustType trustAccount:(NSString *)account trustPassword:(NSString *)accountPassword username:(NSString *)username password:(NSString *)password joinExisting:(BOOL)join error:(NSError **)error NS_AVAILABLE_MAC(10_9);
223
224/*!
225 * @method removeTrustUsingUsername:password:deleteTrustAccount:error:
226 *
227 * @abstract
228 * Removes trust using the provided username and password.
229 *
230 * @discussion
231 * Removes trust using the provided username and password. The trust account will be removed from the directory only if requested.
232 */
233- (BOOL) removeTrustUsingUsername:(NSString *)username password:(NSString *)password deleteTrustAccount:(BOOL)deleteAccount error:(NSError **)error NS_AVAILABLE_MAC(10_9);
234
235@end