Creates a new authorization reference and provides an option to authorize or preauthorize rights.
- macOS 10.0+
A pointer to a set of authorization rights you create. Pass
NULLif the application requires no rights at this time.
Authorizationstructure used when authorizing or preauthorizing rights.
Not used in OS X v10.2 and earlier.
In macOS 10.3 and later, you can pass icon or prompt data to be used in the authentication dialog box.
In macOS 10.4 and later, you can also pass a user name and password in order to authorize a user without user interaction. Possible values for this parameter are listed in
.framework/Headers/Authorization Tags .h
The data passed in this parameter is not stored in the authorization reference; it is used only during authorization. If you are not passing any data in this parameter, pass the constant
Authorization Empty Environment
A bit mask constructed at the bitwise
ORof one or more
Authorizationfor specifying authorization options. Use one of the following option sets:
Use the constant
kif no options are necessary.
Authorization Flag Defaults
Authorization Flag Partial Rights
kflags to request partial rights. You can also add the
Authorization Flag Extend Rights
kflag to allow user interaction.
Authorization Flag Interaction Allowed
kflag to prevent the Security Server from preserving the rights obtained during this call.
Authorization Flag Destroy Rights
A pointer to an authorization reference. On return, this parameter refers to the authorization session the Security Server creates. Pass
NULLif you require a function result but no authorization reference.
A result code. See Authorization Services Result Codes.
The primary purpose of this function is to create the opaque authorization reference structure associated with the authorization reference. You use the authorization reference in other authorization functions.
You can use this function to authorize all or partial rights. Authorizing rights with this function is most useful for applications that require a one-time authorization. By passing
NULL to the
authorization parameter, the Security Server attempts to authorize the requested rights and returns the appropriate result code without actually granting the rights. If you are not going to call any other authorization functions, use this method to determine if a user has authorization without granting any rights.
You can also use this function to preauthorize rights by specifying the
k mask. Preauthorization is most useful when a right has a zero timeout. For example, you can preauthorize in the application and if it succeeds, call the helper tool and request authorization. This eliminates calling the helper tool if the user cannot later authorize the specified rights.
If you do not specify the
k mask and the Security Server requires user interaction, then the status of this function on return is
When your application no longer needs the authorization reference, use the function
Authorization to free the memory associated with it.