Developer CD Series 2000 April: Mac OS SDK

home *** CD-ROM | disk | FTP | other *** search

/ Developer CD Series 2000 April: Mac OS SDK / Dev.CD Apr 00 SDK1.toast / Development Kits / Mac OS / Apple Remote Access API / Documentation / Add-on Security API / Add-on Security API

Wrap

Text File | 1994-09-15 | 231.9 KB | 384 lines | [ONLN/HLX2]

Apple Remote AccessAdd-on Security InterfaceAuthor: Farzad SarabiVersion 1.0November 4, 1993Copyright © 1992, 1993 Apple Computer, Inc.Table of ContentsIntroduction 1Overview 2Security Module Structure 5Module Information Resource ('sinf' ID 200) 6Code Resource Structure 8User Configuration (UCNF Resource ID 200) 11Client-side Protocol (CLPR Resource ID 200) 12Server-side Protocol (SRPR Resource ID 200) 13Connection Configuration (CCNF Resource ID 200) 14Client Side Line-level (CLLN Resource ID 200) 15Actions 16kSecurityStartup 16kSecurityShutdown 16kSecurityBegin 16kSecurityEnd 16kSecurityDataAvailable 16kSecurityAbort 16kSecurityTickleAction 17ARA Service Routines 18ARARead 19ARAWrite 21ARALogMessage 22ARACallBackAt 23ARAAllowUser 24ARADontAllowUser 25ARAReadSecurityData 26ARAReadLockSecurityData 27ARAWriteSecurityData 28ARAUnlockSecurityData 29ARAGetUserInfo 30ARATickleMe 31ARACompleteOperation 32Appendix A: Security Interface Header File 33Appendix B: Security Module Shell 41Appendix C: Miscellaneous 48Runtime Environment 48Building an Add-on Security Module 48ARA Security Interface Disk 49IntroductionThis document describes the add-on security interface used in Apple Remote Access (ARA). This document is written for a security module writer, and explains the ARA interface as seen from an add-on security module.Add-on security modules (security modules) contain code resources that allow additional methods of authenticating users. ARA uses passwords and a call-back mechanism as its default security. If you have a system for identifying a user, you can develop a security module to integrate your authentication methods into ARA.We have defined two types of security devices. Devices that sit in front of or behind a modem and physically prevent a connection prior to user authentication are called line-level security devices. Systems that perform their authentication after the ARA server and its client have established a connection are classified as protocol-level security devices. You can develop security modules for each type of device.The next section gives a brief overview of add-on security modules.The Security Module Structure section describes a module and its structure in more detail.The Code Resources section describes the different kinds of code resources that can exist in a security module.The Actions section describes the actions ARA sends to code resources to request services.The ARA Service Routines section describes the services that ARA provides to security modules.Appendix A is the header file for gaining access to ARA Service Routines.Appendix B is an empty shell for building a code resource.Appendix C contains miscellaneous information about security module's such as a modules runtime environment, how you can build a module, and the enclosed developer disk contents.OverviewA security module is a Macintosh file type 'CLMP'. The creator is vendor specific. You can request a creator for your security module from Apple Developer Technical Support (DTS).Internally a security module contains a number of special resources. Every module must contain an information resource that describes your modules capabilities. Additionally your module may contain a number of code resources. These code resources are executed to perform various functions (e.g. authentication, configuration) for your security module. ARA then can use your module to authenticate a user's identity beyond the password mechanism that it contains. ARA security modules that are placed in the Extensions folder.The following diagram illustrates the contents of a security module:The information resource is described in the module Information Resource section.Each of the code resources provides an entry point. This is a routine which will be called when ARA needs to execute a code resource. The entry point routine and the operations it must support are described in the Code Resource Structure section.When a code resource is loaded, it will be able to access ARA to request certain services. For example it can have data sent to the remote machine. These services are provided as routines that can be called from a security module. They are described in the ARA Service Routines section.The following diagram is a high level view of a loaded code resource:Security Module StructureA security module is built by creating a Macintosh file that has a 'CLMP' type. This is used by ARA to identify the file as a security module. The module has to be placed in the Extensions folder for ARA to find it. You can do this by dragging it on top of your system folder after installing ARA. The module's creator is defined by you. You must request a creator from Developer Technical Support (DTS).Additionally the file must contain at least a 'sinf' resource, and a number of code resources for performing various operations. The 'sinf' resource and the code resources are described below.Currently there are five types of code resources that ARA supports. They are described in sub-sections below. Code resources must have the appropriate type, and their resource ID should be 200.Module Information Resource ('sinf' ID 200)Your module must have a 'sinf' resource with a resource ID of 200. The 'sinf' resource describes what the module's capabilities are.In your resource definition file, you should create a 'sinf' resource, and fill in the appropriate fields. The template for the resource is defined in a file named "SecurityTypes.r". This file is found on the developer disk. The following is the template for a 'sinf' resource:type 'sinf' { /* security information resource */ unsigned longint; /* fflags contains info about module */ literal longint; /* fsignature identifies module */ unsigned longint; /* fversion */ unsigned longint; /* fmin_version */ unsigned longint; /* fmax_version */ unsigned longint; /* fserver_data */ unsigned longint; /* fclient_data */ pstring[ 31 ]; /* module name */};The first longint is a set of flags that define what the capabilities of the module are. The values for the flags are defined in "SecurityResInfo.h", found on the developer disk. The values should be a combination of the following using the "OR" operator:kSecurityHasLineLevel Use this flag if your module is to be used for line-level authentication of a user. This flag causes the module to be displayed on the client side. It let's the user select this module for a connection document, used to connect to a port with a physical security device. kSecurityHasProtocolLevel This flag indicates the module provides protocol level authentication. It can be used in combination with the kSecurityHasServerSide and kSecurityHasClientSide flags to indicate if the module supports the client side, server side, or both. kSecurityHasServerSide This flag is set for a module that provides the code resources needed for the server side. Any module that has code to be executed on the server should set this flag, including user configuration. kSecurityHasClientSide This flag is set for a module that provides code resources needed for the client side. Any module that has code to be executed on the client should set this flag. kSecurityHasUserConfig This flag is used for a protocol-level module that has a code resource for configuring users on the server. Has 'UCNF' resource. kSecurityHasConnectionConfig This flag is used for a line-level module that has a code resource for security configuration on the client side. Has a 'CCNF' resource. kSecurityHasUserDialog Don't use this flag. kSecurityHasConnectionDialog Don't use this flag. The second longint is the signature of the module. This value uniquely identifies your security module. You should reserve a value through Apple Developer Technical Support (DTS). This value should be the same as your file's creator, but it can be different. When they are different, ARA uses the value defined in the 'sinf' resource. For protocol-level modules this signature is used to associate a client module with the server module.The next three longints are version numbers and are only used for protocol level modules. The first field is "fversion" and defines the module's version. The field after "fversion" are "fmin_version", and "fmax_version". For protocol-level authentication, they are used for checking the client module's compatibility with the server's. The client's "fversion" must be a number between the server module's "fmin_version" and "fmax_version". The next two longints, "fserver_data" and "fclient_data", are not used, and should be set to zero.The last field is a Pascal string that is your module's name. This name is used in dialog boxes and anywhere your modul'es name is displayed.Code Resource StructureThe following sub-sections describe the structure of code resources.MySecurityProcEntryEvery code resource must provide a routine named "MySecurityProcEntry". This is the entry point to the code resource. ARA calls it through the Security Interface. It should be defined as follows:pascal long MySecurityProcEntry( SecurityActions Action, SecurityReference MyReference, long LongParam )ARA sends actions to your code resources to request it to perform a service. You should process the actions and return control to ARA as quickly as possible. Actions are defined in the file SecurityPublic.h. The "Actions" section describes actions in detail. The following is a list of the actions:kSecurityStartupkSecurityShutdownkSecurityBeginkSecurityEndkSecurityDataAvailable,kSecurityAbortkSecurityTickleActionMyReference is a unique value that defines an instance of the code resource. It is used when you call any of the ARA Service Routines. It uniquely identifies your thread.LongParam is used to pass additional information for an action. Currently it is only used with kSecurityTickleAction.Your entry routine should process the action as soon as possible. It should not stay go into any loops. It can post asynchronous calls to ARA and other Toolbox routines, but it should return control back to ARA quickly. YOU MUST RETURN CONTROL BACK TO ARA AS SOON AS POSSIBLE.Your routine's return value is a result code ARA examines for possible errors in "MySecurityProcEntry". The possible result codes are "SecurityErrors" defined in "SecurityPublic.h". Return "kSecurityNoErr" if your routine is successful.SecurityInterface.o"SecurityInterface.o" is the glue file that provides the ARA Service Routines. It must be linked with each code resource. When linking a code resource, you must have "SecurityInterface.o" as the first file in the linker's object file list. The MPW linker does not shuffle code. The entry point to "SecurityInterface.o" must become the entry point to your code resource.MPW linker uses the -m option to perform code-flow analysis and remove any dead code. To keep your executable code from being stripped, you must provide the following option in the linker command line:-m SECURITYINTERFACEENTRYPROCCompletion RoutineMost of the ARA Service Routines are asynchronous. After an asynch ARA routine finishes, it informs you code resource by calling a completion routine. Your completion routine should have the following declaration:pascal void MyCompletionProc( SecurityReference MyReference, int ResultCode, void * DataPtr, int DataSize, long CompletionParam )You pass a pointer to your completion routine as one of the parameters to asynchronous ARA Service Routines.MyReference should is the same value passed to "MySecurityProcEntry". It identifies your instance.ResultCode is the result of the asynchronous ARA Service you had requested. It will be non zero if the operation failed. It will contain one of the values in ARAErr defined in SecurityPublic.h. You should check its value at the start of your completion routine before you do any other processing. If a read or write times out, the ResultCode will be ARATimeout.DataPtr is the pointer you passed to the asynch ARA Service Routine. E.g. this will point to the data read by ARARead.DataSize will be the actual size of processed data. E.g. the number of bytes read by ARARead.CompletionParam is an additional long you provide. Its value will be the same value you passed to the asynch ARA Service Routine. You can use it as a state indicator. E.g. you can define an enumeration containing the set of all your states. When you call an asynch ARA routine, pass the state you want to be in when the call is done. E.g. pass "kFinished1stRead" to ARARead. When your completion routine gets called with CompletionParam equal to "kFinished1stRead", the ARARead has finished and you can go to the next state. See the sample module on the developer disk for an example of this.You should not call any Memory Manager routines, or any routines that result in a Memory Manager call from a completion routine. If you need to call these types of routines, call ARATickleMe and handle it in the kSecurityTickleAction.Runtime Environment (A5 World)An A5 World is setup for your code resource by ARA. You don't need to be concerned with initializing or setting up the A5 world in the code resource. ARA sets up the A5 world prior to executing any of the code resource (entry routine, and completion routines). Since the code resource has an A5 world, it you can have static (global) data and use the data the same way as an application.During the execution of your code resource, the resource fork of the security module is open, and it is put on top of the resource forks stack. The file is opened in read only mode, so you should not attempt to write any data to the module's resource fork. A better way of storing data is to store it in a separate preference file, which will not be deleted when you update a user's security module.You can make calls to Mac Toolbox routines. Whenever possible you should call asynchronous routines, so you can return control to ARA. Furthermore, you should not go into any loops or call SystemTask as a way of returning control to ARA.ARA Service RoutinesARA provides a number of services accessible through ARA Service Routines. The header file "SecurityInterface.h" has the declarations for these routines. To use them you must link with "SecurityInterface.o".The ARA Service Routines are described in detail in a later section.User Configuration (UCNF Resource ID 200)This code resource is executed when a user window is open on the ARA server admin, and the security module's configuration button is selected. It is used for configuring protocol-level security information on a per-user basis. The code resource should display a modal dialog box and get any needed information. It can store 150 bytes of data for each user (see ARAWriteSecurityData, and ARAReadSecurityData).On kSecurityBegin you should start your processing, e.g. request to read the existing security data (ARAReadLockSecurityData), or to get the user's name (ARAGetUserInfo). When you've obtained this information, you can call ARATickleMe to put up the modal dialog box (it must be a modal dialog box). You must display the user's name at the top of this dialog box. The user can then input/modify the information and either save or cancel. If the user selects to save the data, you must write it out by calling ARAWriteSecurityData. This information will then be available to the server-side protocol-level authentication module.The following ARA Service Routines can be used by a UCNF code resource:ARALogMessageARAReadSecurityDataARAReadLockSecurityDataARAUnlockSecurityDataARAWriteSecurityDataARAGetUserInfoARATickleMeARACompleteOperationClient-side Protocol (CLPR Resource ID 200)This code resource is executed on the ARA client for protocol-level authentication. The corresponding server-side protocol-level module is also executed on the server, and the two module's can communicate with each other.The client module's state should be driven by the server, and when the authentication has been completed, both sides should call ARAAllowUser/ARADontAllowUser, so ARA can progress to the next state.A CLPR module can pass a maximum of 500 bytes of data to ARAWrite/ARARead. The ARAWrite and ARARead will communicate with the server-side protocol (i.e. ARARead on the client side will read data written by the server module).On kSecurityBegin you should start your state machine, getting information from the user and sending it to the server module. The server module should inform the client module when the user is authenticated or rejected, at which time it should call ARAAllowUser, or ARADontAllowUser.The following ARA Service Routines can be used by a CLPR code resource:ARAReadARAWriteARALogMessageARAAllowUserARADontAllowUserARATickleMeARACompleteOperationServer-side Protocol (SRPR Resource ID 200)This code resource is executed on the server to authenticate a user after the ARA protocol has been established. It can communicated with the corresponding client authentication module. ARA loads the client module automatically.This code resource should get the user information from the client module and determine if the user should be allowed in. Once a user has been authenticated or rejected, this code resource should inform the client side, and then call ARAAllowUser/ARADontAllowUser. The client code resource should also call ARAAllowUser/ARADontAllowUser.A SRPR code resource can write and read a maximum of 500 bytes of data using ARAWrite or ARARead. The data is exchanged with client module.This code resource can use ARAReadLockSecurityData, ARAReadSecurityData, ARAWriteSecurityData, and ARAUnlockSecurityData to access and modify the 150 bytes of security data associated with each user. Each security module can have 150 bytes of data for each user.The following ARA Service Routines can be used by a SRPR code resource:ARAReadARAWriteARALogMessageARACallBackAtARAAllowUserARADontAllowUserARAReadSecurityDataARAReadLockSecurityDataARAUnlockSecurityDataARAWriteSecurityDataARAGetUserInfoARAGetMySessionRefARATickleMeARACompleteOperationConnection Configuration (CCNF Resource ID 200)A Connection Configuration code resource is executed on the client side when the user selects "Configuration" button on the client in a connection document's security option. It can store 150 bytes of data in a connection document for a line-level security device.It should display a modal dialog and get any information relevant to connections with line-level security. You can use ARAReadLockSecurityData, ARAReadSecurityData, ARAWriteSecurityData, and ARAUnlockSecurityData to access and modify the security data.On kSecurityBegin you should get the existing security data. Once you have obtained the data, you should display a dialog box, and allow the user to modify it. When the user is done, you can write the security data if it was modified, using ARAWriteSecurityData.The following ARA Service Routines can be used by a CCNF code resource:ARAReadSecurityDataARAReadLockSecurityDataARAUnlockSecurityDataARAWriteSecurityDataARATickleMeARACompleteOperationClient Side Line-level (CLLN Resource ID 200)A client-side line-level code resource is executed after a physical connection has been established, using a connection document configured with security. It should communicate with the line-level device, prompting the user for any information the device requires.A CLLN code resource can use the ARARead and ARAWrite to communicate with the line-level device on the server. The data being read or written is sent over the physical line without any packetization. Your code resource gets control of the line after a connection is established, but before your authentication device allows connection to the ARA server.On kSecurityBegin you should start the communication process with the server line-level device. You can display a dialog box to obtain information from the user. Once the physical device has authenticated or rejected the user the code resource should call ARAAllowUser or ARADontAllowUser to let ARA transition to the next state.You can use ARAReadSecurityData to access the 150 bytes of data stored in the connection document. You can not modify this information during authentication. The security data is stored in an alias to a remote server as well as the original connection document, so you can get the data even if the connection is initiated from an alias to a remote server.A CLLN code resource can use the following ARA Service Routines:ARAReadARAWriteARAAllowUserARADontAllowUserARAReadSecurityDataARATickleMeARACompleteOperationActionsActions are one of the parameters passed to your code resource's entry routine. ARA sends them to request a service from your code resource. All actions are sent during main thread time, so you can allocate memory and make calls to Mac Toolbox routines. The code resource's A5 world is setup prior to calling your routine. The resource fork of your module is open and on top of the resources stack.You should process actions as quickly as possible. You should not go into loops and use SystemTask calls as a way of returning control back to ARA.kSecurityStartupkSecurityStartup is sent immediately after your code resource is loaded. You can allocate any needed memory during the processing of this action, but you should not make any calls to any of the ARA Service Routines. Once processed, you should return kSecurityNoErr. Generally you should use kSecurityBegin to start any processing.kSecurityShutdownkSecurityShutdown is the last action sent prior to unloading your code resource. The code resource will not be called any more after this action. You can release any allocated memory. Make sure you have cleaned everything up before returning. You can not use any of the ARA Service Routines during kSecurityShutdown.kSecurityBeginkSecurityBegin is sent to request your code resource to perform its operation. E.g. requesting a protocol-level module to authenticate a user. The code resource should start the operation that it is responsible for. You can allocate memory and other needed resources. You can also call ARA Service Routines asynchronously.kSecurityEndkSecurityEnd is sent when the operations that the resource performs are being finished. You should do your cleanup at this time. You can not make any calls to ARA Service Routines after or during this action.kSecurityDataAvailablekSecurityDataAvailable is not being used in this release.kSecurityAbortkSecurityAbort is sent when the operation of your code resource is being aborted. You should stop any further processing by your code resource (including in your completion routine. E.g. through the use of a flag). Your code resource should terminate any outstanding asynch calls to routines other than ARA Service Routines. Outstanding ARA Service Routines will be aborted by ARA.kSecurityTickleActionkSecurityTickleAction is sent to your code resource periodically. You can also request a kSecurityTickleAction explicitly by calling the ARATicleMe routine. When you call ARATickleMe you pass an additional parameter which is sent to your "MySecurityProcEntry" as the LongParam. This additional parameter can be used as a state indicator. E.g. an asynchronous call has finished, so from your completion routine you call ARATickleMe with the state indicator "DidMyAsynchCall" (this can be a value in an enum). In processing of kSecurityTickleAction you check the LongParam to see if it matches "DidMyAsynchCall". If it matches you know you have finished your asynchronous operation and are ready to transition to the next state. You should also do an ARATickleMe when you need to perform main thread time operations (e.g. allocate memory) . When kSecurityTickleAction is being sent periodically by ARA LongParam will be 0. For an example on the use of kSecurityTickleAction and ARATickleMe refer to the Sample module.ARA Service RoutinesARA Service Routines are a set of functions that code resources have access to. Using these routines, code resources can request ARA services. The following is a list of ARA Service Routines:ARAReadARAWriteARALogMessageARACallBackAtARAAllowUserARADontAllowUserARAReadSecurityDataARAReadLockSecurityDataARAWriteSecurityDataARAUnlockSecurityDataARAGetUserInfoARATickleMeARACompleteOperationThe following sub-sections describe each of the routines. NoteAll of the routines expect a MyReference parameter. This value is passed to "MySecurityProcEntry", and is a unique value representing the instance of the security code resource.ARAReadSyntaxpascal ARAErr ARARead( SecurityReference MyReference, void * DataPtr, int DataSize, SecurityCompletionProc CompletionProc, long CompletionParam );DescriptionThis routine is used to issue an asynchronous read call to ARA. The read will complete either when ARA times out, or the number of bytes requested is read. This read is used to read data coming from the remote machine. The protocol-level modules read from each other. The line-level module reads from a device on the server side.ParametersMyReference is the unique identifier passed to the code resource's entry routine.DataPtr points to a location where the data will be read to. It must not be released while the asynchronous read has not completed.DataSize is the maximum number of bytes to be read to DataPtr. The maximum data size is 500 bytes.CompletionProc is a function pointer you provide to be called when the read operation has been completed. If a time-out occurs the CompletionProc is called with a kARATimeout result code.CompletionParam is additional information you can provide which will be passed to the CompletionProc.Return ValueResult code. Non kARANoErr result codes are usually because the call was not queued.NoteThis is an asynchronous call and can be called during interrupt time. The DataPtr field must not be released until the call has completed.See AlsoARAWriteARAWriteSyntaxpascal ARAErr ARAWrite( SecurityReference MyReference, void * DataPtr, int DataSize, SecurityCompletionProc CompletionProc, long CompletionParam );DescriptionThis routine can be used to write data to the remote machine. For protocol-level authentication the data is transferred over a reliable link, whereas for line-level authentication the data is just transferred over the connection without any packetization. Protocol-level modules write to each other. Line-level modules write to a security device on the server side.ParametersMyReference is the unique reference passed to the code resource's entry routine.DataPtr is a pointer to the data to be written out.DataSize is the number of bytes to be written. A maximum of 500 bytes can be written.CompletionProc is a pointer to a completion routine which will be called when the write has been completed.CompletionParam is additional information you can provide which will be passed to the CompletionProc.Return ValueResult code. Errors are usually caused when the write call can not be queued.NoteThis is an asynchronous call and can be called at interrupt time. The DataPtr field must not be released until the call has been completed.See AlsoARAReadARALogMessageSyntaxextern pascal ARAErr ARALogMessage( SecurityReference MyReference, char * Message, SecurityCompletionProc CompletionProc, long CompletionParam );DescriptionYou can use this routine to have a message logged to the ARA log file.ParametersMessage is a Pascal string which will be stored in the log file.Return ValueResult code.NoteThis is an asynchronous call that can be made during interrupt time.ARACallBackAtSyntaxpascal ARAErr ARACallBackAt( SecurityReference MyReference, char * DialString, SecurityCompletionProc CompletionProc, long CompletionParam );DescriptionThis routine can be used to change the phone number which ARA will call back at. In order for this routine to work the call-back must be enabled for the given user. The call-back won't be executed until all other add-on security modules have been executed.The new number is only used for the current session, and won't change the permanent call-back number.ParametersDialString is a Pascal string which contains the phone number to dial. It must be a valid phone number.CompletionProc is a routine pointer which will be called when the phone number has been assigned (not when the call-back has been made).CompletionParam can contain additional information you can supply to be passed on to the CompletionProc.Return ValueResult code.NoteThis is an asynchronous call that can be made at interrupt time.The CompletionProc is called when the DialString has been stored by ARA. Since another security module could override this DialString by another call to this routine, the user may not get called at this DialString.This routine can only be used by a server-side protocol-level code resource (SRPR)ARAAllowUserSyntaxpascal ARAErr ARAAllowUser( SecurityReference MyReference, SecurityCompletionProc CompletionProc, long CompletionParam );DescriptionThis routine is used to let ARA know that the user has been authenticated. It also informs ARA that the operation has been completed. ARA will then send the code resource's entry routine a kSecurityEnd action, after which ARA proceeds to the next state.ParametersCompletionProc is a completion routine which will be called when ARA has accepted this call.CompletionParam is additional information you can supply that will be provided to the CompletionProc.Return ValueResult code.NoteThis is an asynchronous call that can be made during interrupt time.See AlsoARADontAllowUser, ARACompleteOperationARADontAllowUserSyntaxpascal ARAErr ARADontAllowUser( SecurityReference MyReference, char * Message, SecurityCompletionProc CompletionProc, long CompletionParam );DescriptionYou can call this routine when the user has failed authentication. ARA will send a kSecurityEnd action to the code resources entry routine, after which ARA will tear down the connection.ParametersMessage is an optional Pascal string which states why the user failed authentication. You can pass a NIL for the pointer.CompletionProc is your routine which will be called when ARA has accepted this call.CompletionParam is a parameter you can supply which is passed to the CompletionProc.Return ValueResult code.NoteThis is an asynchronous call that can be made during interrupt time.See AlsoARAAllowUser, ARACompleteOperationARAReadSecurityDataSyntaxpascal ARAErr ARAReadSecurityData( SecurityReference MyReference, void * DataPtr, int DataSize, SecurityCompletionProc CompletionProc, long CompletionParam );DescriptionThis routine is used to read data for the given type of security module which is associated with either a user or a connection. On the server this data is associated with a given user. On the client side this data is associated with the connection. The maximum amount of data that can be stored is 150 bytes.ParametersDataPtr points to where the security data is to be read to.DataSize is the maximum amount of data to read. It should not be larger than 150.CompletionProc is a pointer to a routine which will be called when the data has been read.CompletionParam is additional information you can provide to be passed to the CompletionProcReturn ValueResult code.NoteOn the ARA server this data is associated with a given user and stored in the users and groups database. On the client side this data is associated with a given connection.See AlsoARAReadLockSecurityData, ARAWriteSecurityData, ARAUnlockSecurityDataARAReadLockSecurityDataSyntaxpascal ARAErr ARAReadLockSecurityData( SecurityReference MyReference, void * DataPtr, int DataSize, SecurityCompletionProc CompletionProc, long CompletionParam );DescriptionThis routine is used to read and lock data for the given type of security module which is associated with either a user or a connection. On the server this data is associated with a given user. On the client side this data is associated with the connection. The maximum amount of data that can be read or written is 150 bytes. You should use the ARAReadLockSecurityData instead of ARAReadSecurityData if you plan to modify or write the security data. This is crucial on the server, because you can have multiple threads attempting to modify the same data.ParametersDataPtr points to where the security data is to be read to.DataSize is the maximum amount of data to read. It should not be larger than 150.CompletionProc is a pointer to a routine which will be called when the data has been read.CompletionParam is additional information you can provide to be passed to the CompletionProcReturn ValueResult code.NoteOn the ARA server this data is associated with a given user and stored in the users and groups database. On the client side this data is associated with a given connection.You must call ARAUnlockSecurityData to remove the lock from the security data.See AlsoARAReadSecurityData, ARAWriteSecurityData, ARAUnlockSecurityDataARAWriteSecurityDataSyntaxpascal ARAErr ARAWriteSecurityData( SecurityReference MyReference, void * DataPtr, int DataSize, SecurityCompletionProc CompletionProc, long CompletionParam );DescriptionThis routine can be used by the security modules (mostly configuration code resources) to store configuration data which is associated with either a user or a connection. On the server this data is associated with a user. On the client this data is associated with a connection.ParametersDataPtr points to the data to be stored.DataSize is the number of bytes to store. It should be less than or equal to 150.CompletionProc is a pointer to a completion routine that will be called when the data has been written.CompletionParam is additional information you can provide to be passed to the CompletionProc.Return ValueResult code.NoteOn the ARA server this data is associated with a given user and stored in the users and groups database. On the client side this data is associated with a given connection.A line-level authentication code resource (CLLN) can not modify the security data.See AlsoARAReadSecurityData, ARAReadLockSecurityData, , ARAUnlockSecurityDataARAUnlockSecurityDataSyntaxpascal ARAErr ARAUnlockSecurityData( SecurityReference MyReference, SecurityCompletionProc CompletionProc, long CompletionParam );DescriptionThis routine removes a lock from security data that has been locked using ARAReadLockSecurityData.ParametersCompletionProc is a pointer to a completion routine that will be called when the data has been written.CompletionParam is additional information you can provide to be passed to the CompletionProc.Return ValueResult code.NoteYou must call ARAUnlockSecurityData after you have called ARAReadLockSecurityData.See AlsoARAReadSecurityData, ARAReadLockSecurityData, ARAWriteSecurityDataARAGetUserInfoSyntaxpascal ARAErr ARAGetUserInfo( SecurityReference MyReference, void * DataPtr, int DataSize, SecurityCompletionProc CompletionProc, long CompletionParam );DescriptionThis routine is used to get information about the user. Currently it returns the user's name. On the server this is the information for the user dialing in, or being configured.ParametersDataPtr points to where this information will be stored.DataSize is the maximum number of bytes to be read.CompletionProc is a completion routine that will be called when the information has been read.CompletionParam is additional information you can provide to be passed to the CompletionProc.Return ValueResult code.ARATickleMeSyntaxpascal ARAErr ARATickleMe( SecurityReference MyReference, long TickleParam );DescriptionThis routine causes ARA to send a kSecurityTickleAction to the code resource's entry routine. For example, you can use this routine from completion routines to have your entry routine invoked.ParametersTickleParam is additional information you can provide which will be passed to the entry routine in its LongParam parameter. When ARA calls the entry routine with a kSecurityTickleAction it passes a 0 for the LongParam parameter. You can use this as a state indicator.Return ValueResult code.NoteThis function can be called during interrupt time. The kSecurityTickleAction is sent to the "MySecurityProcEntry" at SystemTask time.See AlsokSecurityTickleActionARACompleteOperationSyntaxpascal ARAErr ARACompleteOperation( SecurityReference MyReference );DescriptionYou call this routine when you need to end the operation the code resource is performing. It causes ARA to send a kSecurityEnd action. For example the configuration code resource should call this routine when the user has finished inputting information into its dialog box.ParametersMyReference is the unique reference passed to the code resource's entry routine.Return ValueResult code.See AlsokSecurityBegin, and kSecurityEnd actionsAppendix A: Security Interface Header File//234567890123456789012345678901234567890123456789012345678901234567890123456789//===========================================================================// File: SecurityInterface.h//// This file is the header file which a third party security vendor can// use to create an add-on security module. The add-on security modules// can be used to integrate a security device with Apple Remote Access.//// Copyright © 1992, 1993 Apple Computer Inc.// All rights reserved//// Author: Farzad Sarabi//// Modification history://// 9/29/1993 Farzad Removed declarations for some routines that were// obsolete.// 2/15/1993 Farzad The A5 world and a working environment is now// setup for the security modules. As a result of// this some of the routines in this module are// obsolete. Among these are ARAGet/SetMyPrivateData,// ARAGetMyResFile.// 10/6/1992 Farzad Created//===========================================================================#ifndef SECURITY_INTERFACE#define SECURITY_INTERFACE 1#ifndef __FILES__#include <Files.h>#endif#ifndef SECURITY_PUBLIC#include "SecurityPublic.h"#endif//===========================================================================// Macros//===========================================================================#define kSecurityInterfaceVersion 0x0100 // 0x0100 will be release 1#ifdef __cplusplusextern "C" { // in case we are linking into C++ code#endif//===========================================================================// Types//===========================================================================// actions are defined in the SecurityPublic.h file// ARAErr is defined in SecurityPublic.h// SecurityEntryProc is defined in SecurityPublic.h// SecurityCompletionProc is defined in SecurityPublic.h//===========================================================================// Data//===========================================================================//===========================================================================// Functions//===========================================================================// the following are functions you can call to have AppleTalk Remote Access// perform these servicesextern pascal ARAErr ARARead( SecurityReference MyReference, void * DataPtr, int DataSize, SecurityCompletionProc CompletionProc, long CompletionParam );//===========================================================================// Description: this routine is used to post an asynchronous read// operation for data coming from the remote machine.// This routine can be used by line-level and protocol-level// authentication modules. It is not available for // configuration modules.//// Parameters: MyReference this module's unique reference// DataPtr where to put the read data// DataSize the maximum number of bytes to read// CompletionProc this routine will be called when the// read request has finished// CompletionParam this is information you can provide to// be passed to the completion proc//// Return Value: ARAErr result code, nonzero indicates an error//// Creation Date: 10/6/1992//// Modifications:////===========================================================================extern pascal ARAErr ARAWrite( SecurityReference MyReference, void * DataPtr, int DataSize, SecurityCompletionProc CompletionProc, long CompletionParam );//===========================================================================// Description: this routine is used to asynchronously write data to// the remote machine. It can be used by line-level and// protocol-level authentication modules.//// Parameters: MyReference your unique reference// DataPtr the data to be written out// DataSize the amount of data to write// CompletionProc this routine is called when the data// has been written out// CompletionParam this is extra information you can provide// to be passed to the CompletionProc//// Return Value: ARAErr result code, nonzero indicates an error//// Creation Date: 10/6/1992//// Modifications:////===========================================================================extern pascal ARAErr ARALogMessage( SecurityReference MyReference, char * Message, SecurityCompletionProc CompletionProc, long CompletionParam );//===========================================================================// Description: you can use this routine to put a message in AppleTalk// remote accesses log file.//// Parameters: MyReference your unique reference// Message a Pascal string which will be logged to// in the log file// CompletionProc this routine will be called when the// log message has been completed.// CompletionParam additional information you can supply to// be passed on to the completion proc//// Return Value: ARAErr result code, nonzero indicates an error//// Creation Date: 10/6/1992//// Modifications:////===========================================================================extern pascal ARAErr ARACallBackAt( SecurityReference MyReference, char * DialString, SecurityCompletionProc CompletionProc, long CompletionParam );//===========================================================================// Description: this routine can be used during authentication to// cause the server to call the client back at the// specified number.//// Parameters: MyReference your unique reference// DialString this is a pascal string which must// contain a dial string for the number// to call the client back at// CompletionProc this proc will be called when the callback// has been completed.// CompletionParam additional information you can provide// that will be passed to the CompletionProc//// Return Value: ARAErr result code, nonzero indicates an error//// Creation Date: 10/6/1992//// Modifications:////===========================================================================extern pascal ARAErr ARAAllowUser( SecurityReference MyReference, SecurityCompletionProc CompletionProc, long CompletionParam );//===========================================================================// Description: the authentication code on the server can call this// routine to indicate the user has passed this module's// security requirements.//// Parameters: MyReference your unique reference// CompletionProc this routine is called when AppleTalk// Remote Access has finished handling// your authentication information.//// Return Value: ARAErr result code, nonzero indicates an error//// Creation Date: 10/6/1992//// Modifications:////===========================================================================extern pascal ARAErr ARADontAllowUser( SecurityReference MyReference, char * Message, SecurityCompletionProc CompletionProc, long CompletionParam );//===========================================================================// Description: the server security module can call this routine to// prevent a user from being allowed in.//// Parameters: MyReference your unique reference// Message a pascal string stating why the user// was not allowed access// CompletionProc this routine will be called when the// request for not allowing user has bee// processed// CompletionParam additional information you can provide// which will be passed to the completion// proc//// Return Value: ARAErr result code, nonzero indicates an error//// Creation Date: 10/6/1992//// Modifications:////===========================================================================extern pascal ARAErr ARAReadSecurityData( SecurityReference MyReference, void * DataPtr, int DataSize, SecurityCompletionProc CompletionProc, long CompletionParam );//===========================================================================// Description: this routine can be used to read data for this security// module which is associated with either a user (on the// server side), or a connection (on the client side).// This routine doesn't lock the data, so use it only when// you just plan to read the data.//// Parameters: MyReference your unique reference// DataPtr where the data will be read to// DataSize maximum number of bytes to read// CompletionProc this routine will be called when the// read request has completed// CompletionParam additional information you can provide// to be passed to the completion proc//// Return Value: ARAErr result code, nonzero indicates an error//// Creation Date: 10/6/1992//// Modifications:////===========================================================================extern pascal ARAErr ARAReadLockSecurityData( SecurityReference MyReference, void * DataPtr, int DataSize, SecurityCompletionProc CompletionProc, long CompletionParam );//===========================================================================// Description: this routine can be used to read security data and lock// it to be modified. If you are planning on modifying your// data and then writing it, you must call this routine.// It locks the data until the a ARAUnlockSecurityData call.//// Parameters: MyReference your unique reference// DataPtr where the data will be read// DataSize the maximum number of bytes to read// CompletionProc this routine will be called when the// data is read into your buffer.// CompletionParam additional information you can provide to// be passed on to the CompletionProc.//// Return Value: ARAErr result code, nonzero indicates an error//// Creation Date: 10/29/1992//// Modifications:////===========================================================================extern pascal ARAErr ARAUnlockSecurityData( SecurityReference MyReference, SecurityCompletionProc CompletionProc, long CompletionParam );//===========================================================================// Description: if you have read the security data with ARAReadLockSecurityData// you must call this routine to unlock the data. After this// call others can then lock the security data.//// Parameters: MyReference your unique reference// CompletionProc this routine is called when the data is unlocked// CompletionParam additiona information you can provide to be// passed to the CompletionProc//// Return Value: ARAErr result code, nonzero indicates an error//// Creation Date: 10/29/1992//// Modifications:////===========================================================================extern pascal ARAErr ARAWriteSecurityData( SecurityReference MyReference, void * DataPtr, int DataSize, SecurityCompletionProc CompletionProc, long CompletionParam );//===========================================================================// Description: this routine can be used by the module to write private// data which is either associated with a user (on the server// side), or a connection (on the client side).//// Parameters: MyReference your unique reference// DataPtr the data to be written out// DataSize the amount of data to write out// CompletionProc this routine is called when AppleTalk// Remote Access has completed the write// operation// CompletionParam additional information you can provide// which is passed to the completion proc//// Return Value: ARAErr result code, nonzero indicates an error//// Creation Date: 10/6/1992//// Modifications:////===========================================================================extern pascal ARAErr ARAGetUserInfo( SecurityReference MyReference, void * DataPtr, int DataSize, SecurityCompletionProc CompletionProc, long CompletionParam );//===========================================================================// Description: this routine can be called to get information about the// the user, such as user name etc. It is an asynchronous// call.//// Parameters: MyReference your unique code reference// DataPtr pointer to where the user's name (Pascal// string) will be stored// DataSize maximum number of bytes to read// CompletionProc this routine will be called when the call// has completed// CompletionParam additional information to be passed to// the CompletionProc//// Return Value: ARAErr result code, nonzero indicates an error//// Creation Date: 10/6/1992//// Modifications:////===========================================================================extern pascal long ARAGetMySessionRef( SecurityReference MyReference );//===========================================================================// Description: You can call this routine to obtain the session reference// for the connection for which your code is loaded. This// value is unique and stays the same during the connection.// If you have a security module which has both a line-level// and a protocol-level authentication, you can use this// unique reference as a key to communicate between the// code resources.//// Parameters: MyReference this is your code's unique reference//// Return Value: long the session reference, NULL if there is an// error//// Creation Date: 10/29/1992//// Modifications:////===========================================================================extern pascal ARAErr ARATickleMe( SecurityReference MyReference, long TickleParam );//===========================================================================// Description: this routine can be used to have AppleTalk Remote Access// call your entry routine with a kSecurityTickleAction.// You can also provide some additional information which// is passed to the entry routine.//// Parameters: MyReference your unique reference// TickleParam additional information you can provide// which is passed to the entry proc//// Return Value: ARAErr result code, nonzero indicates an error//// Creation Date: 10/6/1992//// Modifications:////===========================================================================extern pascal ARAErr ARACompleteOperation( SecurityReference MyReference );//===========================================================================// Description: this routine can be called to terminate an operation.// It causes ARA to send a kSecurityEnd action. During// configuration for example the code resource can call// this routine to indicate that configuration has// completed.//// Parameters: MyReference your unique reference//// Return Value: ARAErr result code, nonzero indicates an error//// Creation Date: 10/6/1992//// Modifications:////===========================================================================#ifdef __cplusplus}#endif#endif // SECURITY_INTERFACEAppendix B: Security Module Shell//234567890123456789012345678901234567890123456789012345678901234567890123456789//===========================================================================// File: SecurityShell.c//// This file contains a shell for add-on security modules for Apple// Remote Access. This code can be duplicated to write an add-on// security code module.//// Copyright © 1992, 1993 Apple Computer Inc.// All rights reserved//// Author: Farzad Sarabi//// Modification history://// 5/10/1993 Farzad A little cleanup, and added a completion routine.// Some more comments// 10/6/1992 Farzad Created//===========================================================================#include "SecurityInterface.h"// #define SecurityShellVersion 0x0100//===========================================================================// Example of Your Code//===========================================================================// function prototypesstatic long DoMyStartup( SecurityReference MyReference, long LongParam );static long DoMyShutdown( SecurityReference MyReference, long LongParam );static long DoMyBegin( SecurityReference MyReference, long LongParam );static long DoMyEnd( SecurityReference MyReference, long LongParam );static long DoMyDataHandler( SecurityReference MyReference, long LongParam );static long DoMyAbortHandler( SecurityReference MyReference, long LongParam );static long DoMyTickleHandler( SecurityReference MyReference, long LongParam );pascal void MyCompletionProc( SecurityReference MyReference, int ResultCode, void * DataPtr, int DataSize, long CompletionParam );// the following is a shell for your code. It shows how your entry routine// should be structured. Empty supporting routines for the actions are// provided.// WARNING:// Don't change the name of this routine. We may change it in the// future. This is the routine ARA expects and calls.pascal long MySecurityProcEntry( SecurityActions Action, SecurityReference MyReference, long LongParam )//===========================================================================// Description: this is the entry point for the ??? security operation.// It is called by AppleTalk Remote Access to have this// security module perform the given operation. It// dispatches to a variety of routines based on the// requested action.//// Parameters: Action the action to be performed// MyReference this is a unique value representing// this instance of this code module.// DataPtr the data for this action// DataSize the size of data//// Return Value: long result code, nonzero indicates an// error. Its value is one of the// SecurityResultCodes.//// Creation Date://// Modifications:////==========================================================================={ switch ( Action ) { case kSecurityStartup: return DoMyStartup( MyReference, LongParam ); case kSecurityShutdown: return DoMyShutdown( MyReference, LongParam ); case kSecurityBegin: return DoMyBegin( MyReference, LongParam ); case kSecurityEnd: return DoMyEnd( MyReference, LongParam ); case kSecurityDataAvailable: return DoMyDataHandler( MyReference, LongParam ); case kSecurityAbort: return DoMyAbortHandler( MyReference, LongParam ); case kSecurityTickleAction: return DoMyTickleHandler( MyReference, LongParam ); } return ( kSecurityUnsupportedAction );}static long DoMyStartup( SecurityReference MyReference, long LongParam )//===========================================================================// Description: this routine handles the kSecurityStartup action. You// should allocate any memory and setup the working// environment (e.g. A5 world) here.//// Parameters: MyReference My unique reference// LongParam additional information//// Return Value: long result code, nonzero indicates error//// Creation Date://// Modifications:////==========================================================================={#pragma unused(MyReference)#pragma unused(LongParam) // this routine is called when the module has just been loaded. You // can preallocate any memory you need. You are not yet starting any // to do what this code resource is responsible for. // You can allocate and release memory in this routine. return ( kSecurityNoErr );}static long DoMyShutdown( SecurityReference MyReference, long LongParam )//===========================================================================// Description: this routine handles the kSecurityShutdown action. You// should release any memory allocated by the DoMyStartup// routine.//// Parameters: MyReference My unique reference// LongParam additional information//// Return Value: long result code, nonzero indicates error//// Creation Date://// Modifications:////==========================================================================={#pragma unused(MyReference)#pragma unused(LongParam) // this is the last routine that is called before your code resource // is released. Just do any cleanup you need to perform. ARA services // are no longer available. // You can allocate and release memory in this routine. return ( kSecurityNoErr );}static long DoMyBegin( SecurityReference MyReference, long LongParam )//===========================================================================// Description: this routine handles the kSecurityBeing action. This// routine should start the operations the code resource// must do. For example an authentication code resource// should start the authentication process.//// Parameters: MyReference My unique reference// LongParam additional information//// Return Value: long result code, nonzero indicates error//// Creation Date://// Modifications:////==========================================================================={#pragma unused(MyReference)#pragma unused(LongParam) // This routine is called to actually start the code resource to do // what it's responsible for. E.g. an authentication code resource // should start the authentication process. A configuration module // can start displaying a dialog etc. // You can allocate and release memory in this routine. return ( kSecurityNoErr );}static long DoMyEnd( SecurityReference MyReference, long LongParam )//===========================================================================// Description: this routine handles the kSecurityEnd action. The action// is sent to signal the end of the operation the code// resource was created to do.//// Parameters: MyReference My unique reference// LongParam additional information//// Return Value: long result code, nonzero indicates error//// Creation Date://// Modifications:////==========================================================================={#pragma unused(MyReference)#pragma unused(LongParam) // This routine is called when the code resource is finished. It is // called as a result of you calling ARAAllowUser, ARADontAllowUser, // ARACompleteOperation, or after ARA aborts your code resource. // You could for example cleanup any outstanding asynch calls to the // Mac OS. ARA services are no longer available. // You can allocate and release memory in this routine. return ( kSecurityNoErr );}static long DoMyDataHandler( SecurityReference MyReference, long LongParam )//===========================================================================// Description: this routine handles the kSecurityDataAvailable action.// The action is sent when data has arrived for the code// resource.//// Parameters: MyReference My unique reference// LongParam additional information//// Return Value: long result code, nonzero indicates error//// Creation Date://// Modifications:////==========================================================================={#pragma unused(MyReference)#pragma unused(LongParam) // This routine is not used in this release of the ARA Add-on Security. // In future releases we may use this to indicate data being available // for you. ARA may in the future send events to a modeless dialog // box using the DataAvailable message. // You can allocate and release memory in this routine. return ( kSecurityNoErr );}static long DoMyAbortHandler( SecurityReference MyReference, long LongParam )//===========================================================================// Description: this routine handles the kSecurityAbort action. The// abort action is sent when the code resources operation// needs to be terminated abnormally.//// Parameters: MyReference My unique reference// LongParam additional information//// Return Value: long result code, nonzero indicates error//// Creation Date://// Modifications:////==========================================================================={// you can remove the unused pragma for any of the parameters you use#pragma unused(MyReference)#pragma unused(LongParam) // This routine is called when the code resource is being aborted. // You should not make any more calls to ARA services, and you should // start your abort process. You will receive the End and Shutdown // actions a little while later. // You can allocate and release memory in this routine. return ( kSecurityNoErr );}static long DoMyTickleHandler( SecurityReference MyReference, long LongParam )//===========================================================================// Description: this routine handles the kSecurityTickle action. ARA// sends this action periodically. The action is also// generated as a result of a call to ARATickleMe routine.// //// Parameters: MyReference My unique reference// LongParam When ARA calls this value will be 0,// otherwise it is the value passed to// the ARATickleMe routine.//// Return Value: long result code, nonzero indicates error//// Creation Date://// Modifications:////==========================================================================={// you can remove the unused pragma for any of the parameters you use#pragma unused(MyReference)#pragma unused(LongParam) // ARA calls this routine periodically. You can also initiate a call // to this routine by calling ARATickleMe. When ARA calls this // routine the LongParam value will be 0 (zero). When it is called as // a result of a call to ARATickleMe the LongParam will have the value // you passed to ARATickleMe. // You can allocate and release memory in this routine. return ( kSecurityNoErr );}pascal void MyCompletionProc( SecurityReference MyReference, int ResultCode, void * DataPtr, int DataSize, long CompletionParam )//===========================================================================// Description: this is an example of your a completion routine you can// use for calls to asynch ARA services. You can use one// completion proc and distinguish the reason it was called// by the value passed in the CompletionParam.// //// Parameters: MyReference your unique reference// ResultCode result of the asynch ARA call you made// DataPtr pointer to the data passed to the ARA// proc// DataSize actual size of the data// CompletionParam additional information you provided // to the ARA service proc//// Return Value: none//// Creation Date://// Modifications:////==========================================================================={// you can remove the unused pragma for any of the parameters you use#pragma unused(MyReference)#pragma unused(ResultCode)#pragma unused(DataPtr)#pragma unused(DataSize)#pragma unused(CompletionParam) // WARNING: // Do not attempt to allocate or release any memory in this // routine. Also don't call any Mac Toolbaox/OS routines // that allocate or release memory. If you need to do this, // you should call ARATickleMe with a state indicator, and // allow your DoMyTickle routine to handle it. return;}Appendix C: MiscellaneousRuntime EnvironmentARA builds an A5 world for a code resource, so the module can have its own global data. ARA sets the A5 world automatically, prior to calling any routines (entry, completion) in the code resource.The module inherits stacks from other executing tasks, and should refrain from recursion and large stack variables.The resource file from which the code resources are loaded will be on the top of the resource file stack, when ARA executes code resources. The security module's resource file is opened as read-only, and you should not attempt to modify or add any resources.You must initialize any Toolbox manager's you are using (e.g. InitGraf).Building an Add-on Security ModuleYou need MPW 3.2 or later and MPW C to build a security module. The ARA Security Interface disk contains the files you need to build a security interface.The EmptyShell is a good starting point for putting together a code resource. You can also use the sample module as the starting point for your module. This code can be used in your security modules, but you must keep Apple's copyrights in the source files.After you have designed your security module (e.g. line-level vs. protocol-level and its working behavior), take the "SecurityShell.c" and code the routines that handle the actions. The Sample Module shows how a protocol-level module that provides a second password is coded.You must also define the proper 'sinf' resource for your module.After you have compiled the module you must link it with "SecurityInterface.o". You must also link in "Runtime.o" (included with MPW). SecurityInterface.o must be the first file in the link command. The link command should also have "-m SECURITYINTERFACEENTRYPROC".For an example of how a security module is build Review the enclosed Sample Module.ARA Security Interface DiskThe enclosed developer disk contains the interface files and sample modules you can use to build an ARA security module. This sections describes the contents of this disk.The "Empty Shell" folder contains a file you can use to build a code resource file. It contains place holder routines for processing the ARA actions.The "Sample Protocol Module" folder contains the complete source for a security module that provides a second password. Using this module, you can assign each user a second password. This is a protocol-level module. You can use this code as a starting point for building your own module."Security Interfaces" folder contains the various header files for interfacing with ARA. "SecurityInterface.h", and "SecurityPublic.h" contain all the declarations that your module needs for accessing ARA Service Routines. "SecurityResInfo.h" contains the flags that are used in the 'sinf' resource. "SecurityTypes.r" has the resource declarations for a security module."SecurityLibraries" contains "SecurityInterface.o" that must be linked as the first file for each of your code resources.ºdˇˇˇˇˇd d,Times.ˇ°dONLNdÅ~ôê+~ì,Palatino°dONLNd≤~Àk*1Apple Remote Access°dONLNdÀ~‰ô*Add-on Security Interface °dONLNd0L6Xö(U6Author: Farzad Sarabi°dONLNdGX6dg*Version 1.0°dONLNdSd6pÖ*November 4, 1993°dONLNddà6î*$+Copyright © 1992, 1993 Apple Computer, Inc.ˇ3Ódˇˇˇˇˇd d,Times.ˇ°dONLNdBN_(KTable of Contents,Palatino °dONLNdk6wm(t6Introduction°dONLNdˇˇ)9 ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P...........°dONLNdˇˇ)1°dONLNd!|6àa(Ö6Overview°dONLNdˇˇ)/ ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P...............°dONLNdˇˇ)'2°dONLNd,ç6ô™(ñ6Security Module Structure°dONLNdˇˇ)w ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P..................°dONLNdˇˇ)/5°dONLNdHôZ•(¢Z+Module Information Resource ('sinf' ID 200)°dONLNdˇˇ)ƒ ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P.....°dONLNdˇˇ)6°dONLNdv•Z±«(ÆZCode Resource Structure°dONLNdˇˇ)o ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P.......°dONLNdˇˇ)8°dONLNdê±ZΩ(∫Z)User Configuration (UCNF Resource ID 200)°dONLNdˇˇ)… ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P...°dONLNdˇˇ) 11°dONLNdΩΩZ…t(ΔZClientE °dONLNd√Ωu…)%-side Protocol (CLPR Resource ID 200)°dONLNdˇˇ)´ ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P....°dONLNdˇˇ)12°dONLNdÏ…Z’v(“ZServerﬁÄ°dONLNdÚ…v’)%-side Protocol (SRPR Resource ID 200)°dONLNdˇˇ)™ ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P.....°dONLNdˇˇ)13°dONLNd’Z·=(ﬁZ/Connection Configuration (CCNF Resource ID 200)°dONLNdˇˇ)‰ ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P........................°dONLNdˇˇ)>14°dONLNdN·ZÌ'(ÍZ-Client Side Line-level (CLLN Resource ID 200)°dONLNdˇˇ)– ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)R15°dONLNdÚ6˛W(˚6Actions°dONLNdˇˇ)% ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P...................°dONLNdˇˇ)116°dONLNdä˛Z §(ZkSecurityStartup°dONLNdˇˇ)L ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P.....................°dONLNdˇˇ)616°dONLNdû Z±(ZkSecurityShutdown°dONLNdˇˇ)[ ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P...............°dONLNdˇˇ)'16°dONLNd≥Z"ú(ZkSecurityBegin°dONLNdˇˇ)D ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P........................°dONLNdˇˇ)>16°dONLNd≈"Z.ï(+ZkSecurityEnd°dONLNdˇˇ)= ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P...........................°dONLNdˇˇ)E16°dONLNd’.Z:√(7ZkSecurityDataAvailable°dONLNdˇˇ)j ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P .........°dONLNdˇˇ)16°dONLNdÔ:ZFù(CZkSecurityAbort°dONLNdˇˇ)G ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P.......................°dONLNdˇˇ);16°dONLNdFZRº(OZkSecurityTickleAction°dONLNdˇˇ)e ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P...........°dONLNdˇˇ)17°dONLNdW6cò(`6ARA Service Routines°dONLNdˇˇ)c ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P..........................°dONLNdˇˇ)C18°dONLNd2cZoÜ(lZARARead°dONLNdˇˇ). ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P.°dONLNdˇˇ)19°dONLNd=oZ{â(xZARAWrite°dONLNdˇˇ)0 ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)R21°dONLNdI{Záß(ÑZARALogMessage°dONLNdˇˇ)N ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P....................°dONLNdˇˇ)422°dONLNdZáZì¢(êZARACallBackAt°dONLNdˇˇ)I ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P......................°dONLNdˇˇ)923°dONLNdkìZü†(úZARAAllowUser°dONLNdˇˇ)G ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P.......................°dONLNdˇˇ);24°dONLNd{üZ´∂(®ZARADontAllowUser°dONLNdˇˇ)` ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P.............°dONLNdˇˇ)"25°dONLNdè´Z∑ø(¥ZARAReadSecurityData°dONLNdˇˇ)g ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P ..........°dONLNdˇˇ)26°dONLNd¶∑Z√’(¿ZARAReadLockSecurityData°dONLNdˇˇ)~ ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P.°dONLNdˇˇ)27°dONLNd¡√Zœ¬(ÃZARAWriteSecurityData°dONLNdˇˇ)j ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P .........°dONLNdˇˇ)28°dONLNdŸœZ€…(ÿZARAUnlockSecurityData°dONLNdˇˇ)q ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P......°dONLNdˇˇ)29°dONLNdÚ€ZÁ¶(‰ZARAGetUserInfo°dONLNdˇˇ)N ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P....................°dONLNdˇˇ)430°dONLNdÁZÛô(ZARATickleMe°dONLNdˇˇ)B ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P.........................°dONLNdˇˇ)@31°dONLNdÛZˇ»(¸ZARACompleteOperation°dONLNdˇˇ)o ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P.......°dONLNdˇˇ)32°dONLNd+6˜(6+Appendix A: Security Interface Header File°dONLNdˇˇ)≈ ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P...................°dONLNdˇˇ)133°dONLNdZ6!‘(6"Appendix B: Security Module Shell°dONLNdˇˇ)ü ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P..°dONLNdˇˇ)41°dONLNdÄ&62≤(/6Appendix C: Miscellaneous°dONLNdˇˇ) ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P...............°dONLNdˇˇ)'48°dONLNdû2Z>Ω(;ZRuntime Environment°dONLNdˇˇ)e ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P...........°dONLNdˇˇ)48°dONLNdµ>ZJ(GZ#Building an Add-on Security Module°dONLNdˇˇ)® ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P................°dONLNdˇˇ)*48°dONLNd‹JZV◊(SZARA Security Interface Disk°dONLNdˇˇ)~ ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P ................................°dONLNdˇˇ)P.°dONLNdˇˇ)49ˇ ûdˇˇˇˇˇd d, Helvetica .ˇ+$,ARA Add-on Security Interface(,Version 1.0,Palatino°dONLNdB6RÜ(N6Introduction R4R/ °dONLNdgZs +$"^This document describes the add-on security interface used in Apple Remote Access (ARA). Thiså°dONLNdlyZÖ *`document is written for a security module writer, and explains the ARA interface as seen from an°dONLNdÕãZóΔ*add-on security module.äf°dONLNdÂßZ≥ *WAdd-on security modules (security modules) contain code resources that allow additionalç´°dONLNd=πZ≈ *]methods of authenticating users. ARA uses passwords and a call-back mechanism as its default÷°dONLNdõÀZ◊ *\security. If you have a system for identifying a user, you can develop a security module to°dONLNd¯›ZÈ3*/integrate your authentication methods into ARA.⁄°dONLNd(˘Z *^We have defined two types of security devices. Devices that sit in front of or behind a modem„–°dONLNdáZ *Pand physically prevent a connection prior to user authentication are called lineìê°dONLNd◊ ( -level security*M°dONLNdÁZ) (&Z\devices. Systems that perform their authentication after the ARA server and its client have“Ö°dONLNdD/Z; *\established a connection are classified as protocol-level security devices. You can develop°dONLNd°AZM*)security modules for each type of device.°dONLNdÀ]ZiÑ*CThe next section gives a brief overview of add-on security modules.°dONLNdyZÖË*ZThe Security Module Structure section describes a module and its structure in more detail.~‰°dONLNdjïZ° *^The Code Resources section describes the different kinds of code resources that can exist in a°dONLNd…ßZ≥§*security module.°dONLNd⁄√ZœÁ*ZThe Actions section describes the actions ARA sends to code resources to request services.°dONLNd5ﬂZÎ*^The ARA Service Routines section describes the services that ARA provides to security modules.°dONLNdî˚Zü*IAppendix A is the header file for gaining access to ARA Service Routines.°dONLNdﬁZ#]*:Appendix B is an empty shell for building a code resource.d¢°dONLNd3Z? *WAppendix C contains miscellaneous information about security module's such as a modules°dONLNdqEZQ˙*Zruntime environment, how you can build a module, and the enclosed developer disk contents. (Ú$*Copyright © 1992, 1993 Apple Computer Inc.(Ú;1ˇÓdˇˇˇˇˇd d, Helvetica .ˇ+$,ARA Add-on Security Interface(,Version 1.0,Palatino°dONLNdB6Rt(N6Overview R4R/ µ^°dONLNd gZs +$"\A security module is a Macintosh file type 'CLMP'. The creator is vendor specific. You can°dONLNdfyZÖÌ*Xrequest a creator for your security module from Apple Developer Technical Support (DTS).<2°dONLNdøïZ° *_Internally a security module contains a number of special resources. Every module must containˇˇÎX°dONLNdßZ≥ *_an information resource that describes your modules capabilities. Additionally your module may'°dONLNdπZ≈ *Ycontain a number of code resources. These code resources are executed to perform various‘G°dONLNdŸÀZ◊ *_functions (e.g. authentication, configuration) for your security module. ARA then can use yourìÑ°dONLNd9›ZÈ *]module to authenticate a user's identity beyond the password mechanism that it contains. ARA°dONLNdóÔZ˚W*:security modules that are placed in the Extensions folder. (Ú$*Copyright © 1992, 1993 Apple Computer Inc.(Ú;2ˇ'~dˇˇˇˇˇd d, Helvetica .ˇ+$,ARA Add-on Security Interface(,Version 1.0,Palatino °dONLNd6ZBÖ(?ZDThe following diagram illustrates the contents of a security module:°ddPro†Ç°‘°d dPro †å J|*Á à"à"à"à"qö8†BùB†8ù8ö8ùB"ù#†ç°ddPro °d dPro †åqÕí”ú–ú”í–íÕí–ú"–}†ç°ddPro °d dPro †åq8BB888B"#†ç°ddPro °d dPro †åqg8lBjBl8j8g8jB"j#†ç°ddPro °d dPro †åqöí†úùú†íùíöíùú"ù}†ç°ddPro °d dPro †åqÕ8”B–B”8–8Õ8–B"–#†ç°ddPro 1Ñè˝ °ñ°ddPro8°öˇ–ˇ‹ JÄV.ˇ‡k§ˇøó°dONLNdˇˇ+(Security Add-on Structure†óˇˇˇˇˇˇ J|*Á 1}â˜ ˇˇˇˇˇˇˇˇ8†å à"à"à"à"Aä‚±˝ˇˇˇˇˇˇ AÑ‹´ˆ ˇˇˇˇˇˇˇˇH†ç°ñ°ddPro0°ö˝eˇ¡ ìÌï°dONLNdˇˇ( ïType: °ddPro0Ä=°dONLNdˇˇ) °ddPro0Â°dONLNdˇˇ)'CLMP'°ddPro0Ìï°dONLNdˇˇ(ï Creator: °ddPro0Â°dONLNdˇˇ)4vendor specific†ó†å J|*Á à"à"à"à"AΩ‚‰˝ˇˇˇˇˇˇ A∑‹ﬁˆ ˇˇˇˇˇˇˇˇH†ç†å à"à"à"à"A‚˝ˇˇˇˇˇˇ AÍ‹ˆ ˇˇˇˇˇˇˇˇH†ç†å à"à"à"à"AV‚}˝ˇˇˇˇˇˇ AP‹wˆ ˇˇˇˇˇˇˇˇH†ç†å à"à"à"à"Aä‚±˝ˇˇˇˇˇˇ AÉ‹™ˆ ˇˇˇˇˇˇˇˇH†ç†å à"à"à"à"AΩ‚‰˝ˇˇˇˇˇˇ A∂‹›ˆ ˇˇˇˇˇˇˇˇH†ç°ñ°ddPro0°öˇoˇ êç≠œàÎ°dONLNdˇˇ(óèInformation°ddPro0àÎ°dONLNdˇˇ* Resource°ddPro0àÎ°dONLNdˇˇ* 'sinf' ID 200†ó°ñ°ddPro0°öˇˇ …çﬁÿàÎ°dONLNdˇˇ*'User Configuration°ddPro0àÎ°dONLNdˇˇ* 'UCNF' ID 200†ó°ñ°ddPro0°ö˛ﬂˇ ˆç–àÎ°dONLNdˇˇ*#Connection°ddPro0àÎ°dONLNdˇˇ* Configuration°ddPro0àÎ°dONLNdˇˇ* 'CCNF' ID 200†ó°ñ°ddPro0°ö˛Oˇ \çzÃàÎ°dONLNdˇˇ*TServer Protocol°ddPro0àÎ°dONLNdˇˇ* Level°ddPro0àÎ°dONLNdˇˇ* 'SRPR' ID 200†ó°ñ°ddPro0°ö˛ˇ èç≠…àÎ°dONLNdˇˇ*!Client Protocol°ddPro0àÎ°dONLNdˇˇ* Level°ddPro0àÎ°dONLNdˇˇ* 'CLPR' ID 200†ó°ñ°ddPro0°ö˝øˇ ¬ç‡ÕàÎ°dONLNdˇˇ*!Client Line°ddPro0àÎ°dONLNdˇˇ* Level°ddPro0àÎ°dONLNdˇˇ* 'CLLN' ID 200†ó†å J|*Á à"à"à"à"1å‰óÓˇˇˇˇˇˇ 1ä‚ïÏ ˇˇˇˇˇˇˇˇ8"å‚"ç‰"ê‚"ë‰"ì‚†ç†å à"à"à"à"1æ„ ˇˇˇˇˇˇ 1Ω‚…Ô ˇˇˇˇˇˇˇˇ8 à"à"Q¡‚…Í ˇˇˇˇˇˇˇˇX ™U™U™U™UQΩÁ≈Ô ˇˇˇˇˇˇˇˇX†ç†å à"à"à"à"1Ò„˝ˇˇˇˇˇˇ 1‚¸Ô ˇˇˇˇˇˇˇˇ8 à"à"QÙ‚¸Í ˇˇˇˇˇˇˇˇX ™U™U™U™UQÁ¯Ô ˇˇˇˇˇˇˇˇX†ç†å à"à"à"à"1W„cˇˇˇˇˇˇ 1V‚bÔ ˇˇˇˇˇˇˇˇ8 à"à"Q[‚bÍ ˇˇˇˇˇˇˇˇX ™U™U™U™UQVÁ^Ô ˇˇˇˇˇˇˇˇX†ç†å à"à"à"à"1ä„ñˇˇˇˇˇˇ 1ä‚ñÔ ˇˇˇˇˇˇˇˇ8 à"à"Qé‚ñÍ ˇˇˇˇˇˇˇˇX ™U™U™U™UQäÁëÔ ˇˇˇˇˇˇˇˇX†ç†å à"à"à"à"1Ω„…ˇˇˇˇˇˇ 1Ω‚…Ô ˇˇˇˇˇˇˇˇ8 à"à"Q¡‚…Í ˇˇˇˇˇˇˇˇX ™U™U™U™UQΩÁƒÔ ˇˇˇˇˇˇˇˇX†ç†å à"à"à"à"AI*cˇˇˇˇˇˇ A˝B$\ ˇˇˇˇˇˇˇˇH†ç†å à"à"à"à"1IVˇˇˇˇˇˇ 1IU ˇˇˇˇˇˇˇˇ8 à"à"QIP ˇˇˇˇˇˇˇˇX ™U™U™U™UQNU ˇˇˇˇˇˇˇˇX†ç†å à"à"à"à"A¢*ºˇˇˇˇˇˇ A˝ú$∂ ˇˇˇˇˇˇˇˇH†ç†å à"à"à"à"1§Æˇˇˇˇˇˇ 1¢¨ ˇˇˇˇˇˇˇˇ8"¢"§" ¢" §"¢†ç°ñ°ddPro0°ö˝e˛ò fèÁ°dONLNdˇˇ+Ÿ.Code°ddPro0Á°dONLNdˇˇ* Resource†ó°ñ°ddPro0°ö˝e˛ ¿ÁhÀ°dONLNdˇˇ( ¬Data°ddPro0hÀ°dONLNdˇˇ* Resource†ó†å J|*Á à"à"à"à"1oC∑ãˇˇˇˇˇˇ 1j<≤Ñ ˇˇˇˇˇˇˇˇ8†ç†å à"à"à"à"1úú‰‰ˇˇˇˇˇˇ 1óïﬂ› ˇˇˇˇˇˇˇˇ8†ç†å à"à"à"à"1‹C$ãˇˇˇˇˇˇ 1◊<Ñ ˇˇˇˇˇˇˇˇ8†ç†å à"à"à"à"1BCäãˇˇˇˇˇˇ 1=<ÖÑ ˇˇˇˇˇˇˇˇ8†ç†å à"à"à"à"1uúΩ‰ˇˇˇˇˇˇ 1pï∏› ˇˇˇˇˇˇˇˇ8†ç†å à"à"à"à"1®Cãˇˇˇˇˇˇ 1£<ÏÑ ˇˇˇˇˇˇˇˇ8†ç°d dPro †åqî2ö<ó<ö2ó2î2ó<"ó#†ç°ddPro °d dPro †åq«ãÕï ïÕã ã«ã ï" |†ç°ddPro °d dPro †åq˙2<˝<2˝2˙2˝<"˝#†ç°ddPro °d dPro †åq`2f<c<f2c2`2c<"c#†ç°ddPro °d dPro †åqìãôïñïôãñãìãñï"ñ|†ç°ddPro °d dPro †åq«2Ã<…<Ã2…2«2…<"…#†ç°ddPro °ñ°ddPro(°öˇù˛Œ p@ëÉ,Times ãÉ°dONLNdˇˇ(wBContains information°ddPro(ãÉ°dONLNdˇˇ*about this security°ddPro(ãÉ°dONLNdˇˇ*module. E.g. code °ddPro(ãÉ°dONLNdˇˇ*resource types.†ó°ñ°ddPro(°öˇ]˛P ùö÷ÿœ°dONLNdˇˇ+ZA code resource that°ddPro(œ°dONLNdˇˇ*is loaded to provide°ddPro(œ°dONLNdˇˇ*an interface for°ddPro(œ°dONLNdˇˇ*configuring security°ddPro(œ°dONLNdˇˇ*information°ddPro(œ°dONLNdˇˇ*for a given user on °ddPro(œ°dONLNdˇˇ* the server†ó°ñ°ddPro(°öˇ˛Œ ›@ãÉ°dONLNdˇˇ(‰BA code resource that°ddPro(ãÉ°dONLNdˇˇ*is loaded to provide°ddPro(ãÉ°dONLNdˇˇ*an interface for°ddPro(ãÉ°dONLNdˇˇ*configuring security°ddPro(ãÉ°dONLNdˇˇ*information for a°ddPro(ãÉ°dONLNdˇˇ*connection °ddPro(ãÉ°dONLNdˇˇ*document on the °ddPro(ãÉ°dONLNdˇˇ*client†ó°ñ°ddPro(°ö˛s˛Œ C@tãÉ°dONLNdˇˇ*/A code resource that °ddPro(ãÉ°dONLNdˇˇ*is loaded by the °ddPro(ãÉ°dONLNdˇˇ*server during the °ddPro(ãÉ°dONLNdˇˇ*protocol level °ddPro(ãÉ°dONLNdˇˇ*authentication of a °ddPro(ãÉ°dONLNdˇˇ*user†ó°ñ°ddPro(°ö˛+˛P vöß€œ°dONLNdˇˇ+ZThis is the code°ddPro(œ°dONLNdˇˇ*resource that is °ddPro(œ°dONLNdˇˇ*loaded°ddPro(œ°dONLNdˇˇ*on the client side°ddPro(œ°dONLNdˇˇ*during protocol°ddPro(œ°dONLNdˇˇ*level authentication†ó°ñ°ddPro(°ö˝„˛Œ ©@À|ãÉ°dONLNdˇˇ(∞BThis resource is°ddPro(ãÉ°dONLNdˇˇ*loaded on the client°ddPro(ãÉ°dONLNdˇˇ*side for line level°ddPro(ãÉ°dONLNdˇˇ*security devices†ó°ñ°ddPro$°ö˝BˇÂ |& ZÌ°dONLNdˇˇ(#|+Copyright © 1992, 1993 Apple Computer, Inc.†ó†É d .ˇ°dONLNdE:ZF«(CZQThe information resource is described in the module Information Resource section.£±°dONLNdóVZb *`Each of the code resources provides an entry point. This is a routine which will be called when∫°dONLNd¯hZt *YARA needs to execute a code resource. The entry point routine and the operations it must°dONLNdRzZÜj*=support are described in the Code Resource Structure section.C¯°dONLNdêñZ¢ *_When a code resource is loaded, it will be able to access ARA to request certain services. ForˇˇÛ°dONLNd®Z¥ *bexample it can have data sent to the remote machine. These services are provided as routines that°dONLNdS∫ZΔ¸*^can be called from a security module. They are described in the ARA Service Routines section. (Ú$*Copyright © 1992, 1993 Apple Computer Inc.(Ú;3ˇ¨dˇˇˇˇˇd d, Helvetica .ˇ+$,ARA Add-on Security Interface(,Version 1.0,Palatino °dONLNd6ZBå(?ZEThe following diagram is a high level view of a loaded code resource:°ddPro†Ç°‘††°§ à"à"à"à""$ı###@####˘##¸E##˙#†£ JSŸ"$ı#@##˘#¸E#˙†°††°§ "n#3##ü#†£ JSŸ"n3#ü†°°d dPro †åqkrnknrn"n˙†ç°ddPro ††°§P "≈h#—##0#†£ JSŸ"≈h—#0†°°d dPro †åq5˝<˝959<˝9"Â9†ç°ddPro Aôi∏H°d dPro †åq™\±hÆh±\Æ\™\Æh"ÆÈs†ç°ddPro 1¯‚a81â\«Î8ˇˇˇˇˇˇ 1ÅTø„ ˇˇˇˇˇˇˇˇ8°ñ°ddPro0°öˇèˇ€ êYµï.ˇèΩ≈˙„°dONLNdˇˇ+[Apple°ddPro0„°dONLNdˇˇ*Remote°ddPro0„°dONLNdˇˇ*Access†óˇˇˇˇˇˇ JSŸ Aëa∞ ˇˇˇˇˇˇˇˇH°ñ°ddPro8°öˇﬁˇ‰ JSfKÙ°dONLNdˇˇ(UTApple Remote Access°ddPro8Ù°dONLNdˇˇ*Add-on Security Code Resources†óˇˇˇˇˇˇ JSŸ 1⁄Y ˇˇˇˇˇˇˇˇ8°ñ°ddPro$°ö˛2˛∂ Δ[Ÿ ™°dONLNdˇˇ(Õ^,Copyright © 1992, 1993 Apple Computer, Inc.†ó°ñ°ddPro0°öˇÅ˛° ùm¬º`ﬁ°dONLNdˇˇ(¶p Security°ddPro0`ﬁ°dONLNdˇˇ*Code °ddPro0`ﬁ°dONLNdˇˇ*Resource†ó°ñ°ddPro0°öˇB˛£ ‘lí≈J°dONLNdˇˇ(ﬁnTypes:°ddPro$, Courier ≈J* °ddPro$≈J°dONLNdˇˇ* °ddPro$n6°dONLNdˇˇ) Server Protocol-Level°ddPro$≈J°dONLNdˇˇ(˘n °ddPro$n6°dONLNdˇˇ) Client Protocol-Level°ddPro$≈J°dONLNdˇˇ(n °ddPro$n6°dONLNdˇˇ) User Configuration°ddPro$Ì)U°ddPro$≈J(n°ddPro$≈J°dONLNdˇˇ* °ddPro$n6°dONLNdˇˇ) Client Line-Level°ddPro$≈J°dONLNdˇˇ(n °ddPro$n6°dONLNdˇˇ) Connection Configuration°ddPro$≈J(%n°ddPro0≈J*°ddPro0≈J*°ddPro0≈J°dONLNdˇˇ*Supported Actions:°ddPro$ ≈J* °ddPro$≈J°dONLNdˇˇ* °ddPro$n6°dONLNdˇˇ) kSecurityStartup°ddPro$≈J°dONLNdˇˇ(bn °ddPro$n6°dONLNdˇˇ) kSecurityShutdown°ddPro$≈J°dONLNdˇˇ(kn °ddPro$n6°dONLNdˇˇ) kSecurityBegin°ddPro$≈J°dONLNdˇˇ(tn °ddPro$n6°dONLNdˇˇ) kSecurityEnd°ddPro$≈J°dONLNdˇˇ(|n °ddPro$n6°dONLNdˇˇ) kSecurityDataAvaialble°ddPro$≈J°dONLNdˇˇ(Ön °ddPro$n6°dONLNdˇˇ) kSecurityAbort°ddPro$≈J°dONLNdˇˇ(én °ddPro$n6°dONLNdˇˇ) kSecurityTickleAction†ó°ñ°ddPro0°öˇˇG ˆ€Pd,°dONLNdˇˇ(ˇﬁARA Service Routines†ó°d dPro †å JSŸq¢T©`¶`©T¶T¢T¶`"¶·s†ç°ddPro °ñ°ddPro$°ö˛·ˇ” +`©‹ R·°dONLNdˇˇ(3cARARead°ddPro$R·°dONLNdˇˇ* ARAWrite°ddPro$R·°dONLNdˇˇ* ARALogMessage°ddPro$R·°dONLNdˇˇ* ARACallBackAt°ddPro$R·°dONLNdˇˇ* ARAAllowUser°ddPro$R·°dONLNdˇˇ*ARADontAllowUser°ddPro$R·°dONLNdˇˇ* ARAReadSecurityData°ddPro$R·°dONLNdˇˇ* ARAReadLockSecurityData°ddPro$R·°dONLNdˇˇ* ARAWriteSecurityData°ddPro$R·°dONLNdˇˇ* ARAUnlockSecurityData°ddPro$R·°dONLNdˇˇ*ARAGetUserInfo°ddPro$R·°dONLNdˇˇ* ARATickleMe°ddPro$R·°dONLNdˇˇ* ARACompleteOperation†ó††°§P "Ω`#—##0#†£ JSŸ"Ω`—#0†°°d dPro †åqÊ-Ú4Ú1Ê-Ê1Ê4Ú1"›1 †ç°ddPro ††°§P "Ì###@####˘##¸E##˙#†£ JSŸ"Ì#@##˘#¸E#˙†°††°§P "f˛#3##ü#†£ JSŸ"f˛3#ü†°°d dPro †åqc˛j f˛c f j f˛"f˙†ç°ddPro †É d.ˇ(Ú$*Copyright © 1992, 1993 Apple Computer Inc.(Ú;4ˇÆdˇˇˇˇˇd d, Helvetica .ˇ+$,ARA Add-on Security Interface(,Version 1.0,Palatino°dONLNdX6hﬂ(d6Security Module Structure h4h/ ⁄°dONLNd}Zâ +$"`A security module is built by creating a Macintosh file that has a 'CLMP' type. This is used by?°°dONLNd{èZõ *]ARA to identify the file as a security module. The module has to be placed in the Extensionsô;°dONLNdŸ°Z≠ *]folder for ARA to find it. You can do this by dragging it on top of your system folder after3ˆ°dONLNd7≥Zø *Yinstalling ARA. The module's creator is defined by you. You must request a creator from°dONLNdë≈Z—˙*"Developer Technical Support (DTS).Ç°dONLNd¥·ZÌ *aAdditionally the file must contain at least a 'sinf' resource, and a number of code resources for°dONLNdÛZˇ˛*_performing various operations. The 'sinf' resource and the code resources are described below.;N°dONLNdvZ *ZCurrently there are five types of code resources that ARA supports. They are described in°dONLNd—!Z-i*subK¿°dONLNd‘!j-∞)-sections below.°dONLNdÊ=ZI–(FZSCode resources must have the appropriate type, and their resource ID should be 200. (Ú$*Copyright © 1992, 1993 Apple Computer Inc.(Ú;5ˇbdˇˇˇˇˇd d, Helvetica .ˇ+$,ARA Add-on Security Interface(,Version 1.0°dONLNd<HJ>(FH+Module Information Resource ('sinf' ID 200) IFI/,Palatino ïú°dONLNd,ZZf +aYour module must have a 'sinf' resource with a resource ID of 200. The 'sinf' resource describes°dONLNdélZxÚ*#what the module's capabilities are.ã°dONLNd≤àZî *bIn your resource definition file, you should create a 'sinf' resource, and fill in the appropriatef\°dONLNdöZ¶ *bfields. The template for the resource is defined in a file named "SecurityTypes.r". This file is°dONLNdx¨Z∏∏*Rfound on the developer disk. The following is the template for a 'sinf' resource:, Courier°dONLNdÀ√gœ©+type 'sinf'°dONLNd◊√Æœ¥)G{°dONLNd›√%œ˜)w#/* security information resource */°dONLNdŸ~ÂÆ(‚~unsigned°dONLNdŸΔÂˆ)Hlongint;°dONLNdŸ%Â)_'/* fflags contains info about module */°dONLNd@Ô~˚®(¯~literal°dONLNdIÔΔ˚ˆ)Hlongint;°dONLNdSÔ%˚Ò)_"/* fsignature identifies module */°dONLNdx˙~Æ(~unsigned°dONLNdÅ˙Δˆ)Hlongint;°dONLNdã˙%y)_/* fversion */°dONLNdú~¥(~ unsigned °dONLNd¶Δˆ)Hlongint;°dONLNd∞%ë)_/* fmin_version */°dONLNd≈~Æ(~unsigned°dONLNdŒΔˆ)Hlongint;°dONLNdÿ%ë)_/* fmax_version */°dONLNdÌ&~2Æ(/~unsigned°dONLNdˆ&Δ2ˆ)Hlongint;°dONLNd&%2ë)_/* fserver_data */°dONLNd1~=Æ(:~unsigned°dONLNd1Δ=ˆ)Hlongint;°dONLNd(1%=ë)_/* fclient_data */°dONLNd=G~S“(P~pstring[ 31 ];°dONLNdOG%Sã)ß/* module name */°dONLNda]gis(fg};º√°dONLNddxZÑ (ÅZdThe first longint is a set of flags that define what the capabilities of the module are. The valuesèŸ°dONLNd…äZñ *afor the flags are defined in "SecurityResInfo.h", found on the developer disk. The values should°dONLNd+úZ®]*:be a combination of the following using the "OR" operator:°dONLNdfæ~ Â+$"kSecurityHasLineLevelƒƒ°dONLNd|º)»‘(≈)%Use this flag if your module is to bet&°dONLNd¢»)‘c*used for lineπå°dONLNdØ»c‘‘):-level authentication of aò‡°dONLNd ‘)‡‘(›)%user. This flag causes the module to{d°dONLNd‡)Ï‘**be displayed on the client side. It let's0ï°dONLNdÏ)¯‘*!the user select this module for aä¯°dONLNd=¯)‘*$connection document, used to connectt‡°dONLNdb)‘*"to a port with a physical security°dONLNdÖ)H*device.°dONLNdé&~2ˆ(/~kSecurityHasProtocolLevel äê°dONLNd©$)0‘(-)This flag indicates the module7Í°dONLNd»0)<‘*'provides protocol level authentication.Sˆ°dONLNdÒ<)H‘*&It can be used in combination with the-\ °dONLNdH)T‘*kSecurityHasServerSide and—0°dONLNd3T)`‘*kSecurityHasClientSide flags toLÏ°dONLNdS`)l‘*#indicate if the module supports the°dONLNdwl)x≤*"client side, server side, or both.°dONLNdõÇ~éË(ã~kSecurityHasServerSide6õ°dONLNd≥Ä)å‘(â)"This flag is set for a module that]»°dONLNd÷å)ò‘*"provides the code resources neededE °dONLNd˘ò)§‘*%for the server side. Any module that {°dONLNd§)∞‘*%has code to be executed on the server‘,°dONLNdE∞)º‘*$should set this flag, including user°dONLNdjº)»g*configuration. (Ú$*Copyright © 1992, 1993 Apple Computer Inc.(Ú;6ˇBdˇˇˇˇˇd d, Helvetica .ˇ+$,ARA Add-on Security Interface(,Version 1.0,Palatino °dONLNd@~LÁ(I~kSecurityHasClientSide6õ°dONLNd>)J‘(G)"This flag is set for a module that¶ °dONLNd;J)V‘*"provides code resources needed forf≤°dONLNd^V)b‘*%the client side. Any module that has≠°dONLNdÑb)n‘*!code to be executed on the client°dONLNd¶n)z~*should set this flag.°dONLNdΩÑ~êÏ(ç~kSecurityHasUserConfig •°dONLNd’Ç)éª(ã) This flag is used for a protocol!ﬁ°dONLNdıÇºé‘)ì-levelM°dONLNd¸é)ö‘(ó)#module that has a code resource for}0°dONLNd ö)¶‘*%configuring users on the server. Has°dONLNdF¶)≤t*'UCNF' resource.°dONLNdXº~» (≈~kSecurityHasConnectionConfig∂∫°dONLNdv∫)Δº(√)This flag is used for a line!‹°dONLNdí∫ΩΔ’)î-levelM°dONLNdôΔ)“‘(œ)#module that has a code resource forI@°dONLNdΩ“)ﬁ‘*$security configuration on the client°dONLNd‚ﬁ)Í®*side. Has a 'CCNF' resource.°dONLNdÙ~Î(˝~kSecurityHasUserDialog°dONLNdÚ)˛{(˚)Don't use this flag.°dONLNd. ~ (~kSecurityHasConnectionDialog°dONLNdL){()Don't use this flag.÷D°dONLNdc2Z> (;Z`The second longint is the signature of the module. This value uniquely identifies your securityy°dONLNdƒDZP *Zmodule. You should reserve a value through Apple Developer Technical Support (DTS). ThisπS°dONLNdVZb *cvalue should be the same as your file's creator, but it can be different. When they are different,6,°dONLNdÉhZt{*@ARA uses the value defined in the 'sinf' resource. For protocol§°dONLNd√h|t (q| -level modules this signature is°dONLNd‰zZÜW(ÉZ9used to associate a client module with the server module.π^°dONLNdñZ¢ *^The next three longints are version numbers and are only used for protocol level modules. TheÒ6°dONLNd}®Z¥ *[first field is "fversion" and defines the module's version. The field after "fversion" areˇˇÈ°dONLNdŸ∫ZΔ5*1"fmin_version", and "fmax_version". For protocol)°dONLNd ∫6Δ )‹1-level authentication, they are used for checking–¿°dONLNd<ÃZÿ (’Z^the client module's compatibility with the server's. The client's "fversion" must be a number°dONLNdõﬁZÍy*>between the server module's "fmin_version" and "fmax_version".°dONLNd€˙Z*bThe next two longints, "fserver_data" and "fclient_data", are not used, and should be set to zero.€°dONLNd>Z" *dThe last field is a Pascal string that is your module's name. This name is used in dialog boxes and°dONLNd£(Z4*)anywhere your modul'es name is displayed. (Ú$*Copyright © 1992, 1993 Apple Computer Inc.(Ú;7ˇÏdˇˇˇˇˇd d, Helvetica .ˇ+$,ARA Add-on Security Interface(,Version 1.0°dONLNd<HJÿ(FHCode Resource Structure IFI/,Palatino °dONLNdZZfÑ+DThe following sub-sections describe the structure of code resources.°dONLNd]vHÑΩ(ÄHMySecurityProcEntry ëÇ°dONLNdqîZ† +ZEvery code resource must provide a routine named "MySecurityProcEntry". This is the entry≈É°dONLNdÃ¶Z≤ *bpoint to the code resource. ARA calls it through the Security Interface. It should be defined as°dONLNd/∏Zƒ}*follows:, Courier°dONLNd8œg€©+pascal long°dONLNdEœΔ€û)_$MySecurityProcEntry( SecurityActions°dONLNdkœŒ€¯(ÿŒAction,°dONLNd|⁄>Ê™(„> SecurityReference°dONLNdê⁄ŒÊ)êMyReference,°dONLNd¶Â>Ò\(Ó> long°dONLNd∞ÂŒÒ)êLongParam )Qæ°dONLNdºZ ( Z`ARA sends actions to your code resources to request it to perform a service. You should process¥«°dONLNdZ *^the actions and return control to ARA as quickly as possible. Actions are defined in the fileΩÊ°dONLNd|$Z0 *eSecurityPublic.h. The "Actions" section describes actions in detail. The following is a list of the°dONLNd‚6ZB{*actions:°dONLNdÎNgZ«+kSecurityStartup°dONLNd¸YgeÕ*kSecurityShutdown°dONLNddgpª*kSecurityBegin°dONLNdog{Ø*kSecurityEnd°dONLNd*zgÜÒ*kSecurityDataAvailable,°dONLNdBÖgëª*kSecurityAbort°dONLNdQêgúÂ*kSecurityTickleAction4”°dONLNdg∂Z¬ (øZaMyReference is a unique value that defines an instance of the code resource. It is used when you°dONLNd…»Z‘ô*Jcall any of the ARA Service Routines. It uniquely identifies your thread.„4°dONLNd‰Z *_LongParam is used to pass additional information for an action. Currently it is only used with°dONLNdtˆZæ*kSecurityTickleAction.ß°dONLNdãZ *aYour entry routine should process the action as soon as possible. It should not stay go into any¬°dONLNdÌ$Z0 *^loops. It can post asynchronous calls to ARA and other Toolbox routines, but it should return„$°dONLNdL6ZB *Lcontrol back to ARA quickly. YOU MUST RETURN CONTROL BACK TO ARA AS SOON AS°dONLNdôHZTä* POSSIBLE.0«°dONLNd£dZp *PYour routine's return value is a result code ARA examines for possible errors inx°dONLNdÙvZÇ *Q"MySecurityProcEntry". The possible result codes are "SecurityErrors" defined in°dONLNdFàZîü*L"SecurityPublic.h". Return "kSecurityNoErr" if your routine is successful.°dONLNdì§H≤Ø(ÆHSecurityInterface.o ˘°dONLNdß¬ZŒ +a"SecurityInterface.o" is the glue file that provides the ARA Service Routines. It must be linkedÃ¥°dONLNd ‘Z‡ *^with each code resource. When linking a code resource, you must have "SecurityInterface.o" as (Ú$*Copyright © 1992, 1993 Apple Computer Inc.(Ú;8ˇúdˇˇˇˇˇd d, Helvetica .ˇ+$,ARA Add-on Security Interface(,Version 1.0,Palatino @À°dONLNd6ZB (?Zhthe first file in the linker's object file list. The MPW linker does not shuffle code. The entry point°dONLNdiHZT•*Kto "SecurityInterface.o" must become the entry point to your code resource.∂°dONLNdµdZp6*-MPW linker uses the -m option to perform code‰∞°dONLNd‚d6p )‹,-flow analysis and remove any dead code. ToTΔ°dONLNdvZÇ (Z[keep your executable code from being stripped, you must provide the following option in the°dONLNdkàZî∏*linker command line:, Courier°dONLNdÄ†g¨+-m SECURITYINTERFACEENTRYPROC°dONLNdûªH…∏(≈HCompletion Routine Ÿ°dONLNd±ŸZÂ +\Most of the ARA Service Routines are asynchronous. After an asynch ARA routine finishes, it`°dONLNdÎZ˜ *_informs you code resource by calling a completion routine. Your completion routine should have°dONLNdn˝Z À*the following declaration:°dONLNdâg ©+pascal void°dONLNdñΔ ò)_#MyCompletionProc( SecurityReference°dONLNdª∂ ˛)MyReference,°dONLNd–%+C((% int°dONLNd⁄∂+¯)ëResultCode,°dONLNdÓ*%6I(3% void°dONLNd˘*∂6Ú)ë * DataPtr,°dONLNd5%AC(>% int°dONLNd5∂AÏ)ë DataSize,°dONLNd(@%LI(I% long°dONLNd3@∂L)ëCompletionParam )y°dONLNdE[Zg (dZZYou pass a pointer to your completion routine as one of the parameters to asynchronous ARA°dONLNd†mZy•*Service Routines.íÇ°dONLNd≤âZï *YMyReference should is the same value passed to "MySecurityProcEntry". It identifies your°dONLNdõZßÄ* instance.(t°dONLNd∑Z√ *`ResultCode is the result of the asynchronous ARA Service you had requested. It will be non zeroÒ⁄°dONLNdw…Z’ *bif the operation failed. It will contain one of the values in ARAErr defined in SecurityPublic.h.Ã°dONLNd€€ZÁ *ZYou should check its value at the start of your completion routine before you do any other°dONLNd6ÌZ˘∞*Mprocessing. If a read or write times out, the ResultCode will be ARATimeout.ò”°dONLNdÑ Z *aDataPtr is the pointer you passed to the asynch ARA Service Routine. E.g. this will point to the°dONLNdÊZ'√*data read by ARARead.°dONLNd¸7ZC¥*DataSize will be the ∞ °dONLNd7¥CŒ)ZactualR@°dONLNd7œC˙)C size of processed data. E.g. the number of bytes read by ARARead.‘°dONLNd[SZ_ (\Z_CompletionParam is an additional long you provide. Its value will be the same value you passed›£°dONLNdªeZq *`to the asynch ARA Service Routine. You can use it as a state indicator. E.g. you can define an •°dONLNdwZÉ *aenumeration containing the set of all your states. When you call an asynch ARA routine, pass theu°dONLNd~âZï *^state you want to be in when the call is done. E.g. pass "kFinished1stRead" to ARARead. When7ñ°dONLNd›õZß *Yyour completion routine gets called with CompletionParam equal to "kFinished1stRead", theó°dONLNd7≠Zπ *^ARARead has finished and you can go to the next state. See the sample module on the developer°dONLNdñøZÀ—*disk for an example of this. (Ú$*Copyright © 1992, 1993 Apple Computer Inc.(Ú;9ˇ dˇˇˇˇˇd d, Helvetica .ˇ+$,ARA Add-on Security Interface(,Version 1.0,Palatino ºŒ°dONLNd6ZB (?ZXYou should not call any Memory Manager routines, or any routines that result in a MemoryÈh°dONLNdYHZT *ZManager call from a completion routine. If you need to call these types of routines, call°dONLNd¥ZZfX*7ARATickleMe and handle it in the kSecurityTickleAction.°dONLNdÏvHÑ(ÄHRuntime Environment (A5 World) bH°dONLNdîZ† +XAn A5 World is setup for your code resource by ARA. You don't need to be concerned with´K°dONLNdd¶Z≤ *`initializing or setting up the A5 world in the code resource. ARA sets up the A5 world prior toˇP°dONLNd≈∏Zƒ *\executing any of the code resource (entry routine, and completion routines). Since the code£ı°dONLNd" Z÷ *_resource has an A5 world, it you can have static (global) data and use the data the same way as°dONLNdÇ‹ZËõ*an application.ê°dONLNdí¯Z *aDuring the execution of your code resource, the resource fork of the security module is open, andò\°dONLNdÙ Z *bit is put on top of the resource forks stack. The file is opened in read only mode, so you should¯™°dONLNdWZ( *`not attempt to write any data to the module's resource fork. A better way of storing data is tog#°dONLNd∏.Z: *cstore it in a separate preference file, which will not be deleted when you update a user's security°dONLNd@ZL~*module.æI°dONLNd$\Zh *[You can make calls to Mac Toolbox routines. Whenever possible you should call asynchronousÛ‡°dONLNdÄnZz *]routines, so you can return control to ARA. Furthermore, you should not go into any loops or°dONLNdﬁÄZåI*5call SystemTask as a way of returning control to ARA.°dONLNdúH™¬(¶HARA Service Routines °dONLNd)∫ZΔ +[ARA provides a number of services accessible through ARA Service Routines. The header fileP‰°dONLNdÖÃZÿ *_"SecurityInterface.h" has the declarations for these routines. To use them you must link with°dONLNdÂﬁZÍ∂*"SecurityInterface.o".°dONLNd¸˙ZÄ*DThe ARA Service Routines are described in detail in a later section. (Ú$*Copyright © 1992, 1993 Apple Computer Inc.(Ú610ˇ¨dˇˇˇˇˇd d, Helvetica .ˇ+$,ARA Add-on Security Interface(,Version 1.0°dONLNd<HJA(FH)User Configuration (UCNF Resource ID 200) IFI/,Palatino »…°dONLNd*ZZf +ZThis code resource is executed when a user window is open on the ARA server admin, and theìe°dONLNdÖlZx *^security module's configuration button is selected. It is used for configuring protocol-level’D°dONLNd‰~Zä *^security information on a per-user basis. The code resource should display a modal dialog boxﬁ¯°dONLNdCêZú *Rand get any needed information. It can store 150 bytes of data for each user (see°dONLNdñ¢ZÆF*/ARAWriteSecurityData, and ARAReadSecurityData).ân°dONLNdΔæZ *^On kSecurityBegin you should start your processing, e.g. request to read the existing securityXt°dONLNd%–Z‹ *Xdata (ARAReadLockSecurityData), or to get the user's name (ARAGetUserInfo). When you've^˙°dONLNd~‚ZÓ *^obtained this information, you can call ARATickleMe to put up the modal dialog box (it must beˇˇ˘¥°dONLNd›ÙZ *ca modal dialog box). You must display the user's name at the top of this dialog box. The user cand‹°dONLNdAZ *cthen input/modify the information and either save or cancel. If the user selects to save the data,~´°dONLNd•Z$ *_you must write it out by calling ARAWriteSecurityData. This information will then be available°dONLNd*Z6O*8to the server-side protocol-level authentication module.°dONLNd>FZR©*GThe following ARA Service Routines can be used by a UCNF code resource:, Courier°dONLNdÜ^gjµ+ARALogMessage°dONLNdîiguŸ*ARAReadSecurityData°dONLNd®tgÄÒ*ARAReadLockSecurityData°dONLNd¿gãÂ*ARAUnlockSecurityData°dONLNd÷ägñﬂ*ARAWriteSecurityData°dONLNdÎïg°ª*ARAGetUserInfo°dONLNd˙†g¨©*ARATickleMe°dONLNd´g∑ﬂ*ARACompleteOperation (Ú$*Copyright © 1992, 1993 Apple Computer Inc.(Ú611ˇ2dˇˇˇˇˇd d, Helvetica .ˇ+$,ARA Add-on Security Interface(,Version 1.0°dONLNd<HJi(FHClient”@°dONLNd<iJE)!%-side Protocol (CLPR Resource ID 200) IFI/,Palatino íÆ°dONLNd,ZZf (cZXThis code resource is executed on the ARA client for protocol-level authentication. The(j°dONLNdÖlZx *[corresponding server-side protocol-level module is also executed on the server, and the two°dONLNd·~Zä*)module's can communicate with each other.ÃD°dONLNdöZ¶ *^The client module's state should be driven by the server, and when the authentication has been[F°dONLNdj¨Z∏ *Wcompleted, both sides should call ARAAllowUser/ARADontAllowUser, so ARA can progress to°dONLNd¬æZ ñ*the next state.£Æ°dONLNd“⁄ZÊ *OA CLPR module can pass a maximum of 500 bytes of data to ARAWrite/ARARead. The”Ú°dONLNd"ÏZ¯ *XARAWrite and ARARead will communicate with the server-side protocol (i.e. ARARead on the°dONLNd{˛Z O*9client side will read data written by the server module).°dONLNdµZ& *\On kSecurityBegin you should start your state machine, getting information from the user and€˙°dONLNd,Z8 *\sending it to the server module. The server module should inform the client module when theí°dONLNdo>ZJ *Puser is authenticated or rejected, at which time it should call ARAAllowUser, or°dONLNd¿PZ\π*ARADontAllowUser.°dONLNd“lZx¶*GThe following ARA Service Routines can be used by a CLPR code resource:, Courier°dONLNdÉgèë+ARARead°dONLNd"égöó*ARAWrite°dONLNd+ôg•µ*ARALogMessage°dONLNd9§g∞Ø*ARAAllowUser°dONLNdFØgª«*ARADontAllowUser°dONLNdW∫gΔ©*ARATickleMe°dONLNdc≈g—ﬂ*ARACompleteOperation (Ú$*Copyright © 1992, 1993 Apple Computer Inc.(Ú612ˇ îdˇˇˇˇˇd d, Helvetica .ˇ+$,ARA Add-on Security Interface(,Version 1.0°dONLNd<HJm(FHServerŸ¿°dONLNd<mJJ)%%-side Protocol (SRPR Resource ID 200) IFI/,Palatino 7®°dONLNd,ZZf (cZ^This code resource is executed on the server to authenticate a user after the ARA protocol has“°dONLNdãlZx *[been established. It can communicated with the corresponding client authentication module.°dONLNdË~Zä**ARA loads the client module automatically.∏9°dONLNdöZ¶ *^This code resource should get the user information from the client module and determine if theHL°dONLNdr¨Z∏ *^user should be allowed in. Once a user has been authenticated or rejected, this code resourceÿŒ°dONLNd—æZ *Wshould inform the client side, and then call ARAAllowUser/ARADontAllowUser. The client°dONLNd)–Z‹ã*=code resource should also call ARAAllowUser/ARADontAllowUser.ÔG°dONLNdgÏZ¯ *XA SRPR code resource can write and read a maximum of 500 bytes of data using ARAWrite or°dONLNd¿˛Z I*3ARARead. The data is exchanged with client module.ï°dONLNdÙZ& *HThis code resource can use ARAReadLockSecurityData, ARAReadSecurityData,âÊ°dONLNd=,Z8 *UARAWriteSecurityData, and ARAUnlockSecurityData to access and modify the 150 bytes of k°dONLNdì>ZJ *bsecurity data associated with each user. Each security module can have 150 bytes of data for each°dONLNdˆPZ\o*user.°dONLNd¸lZx§*GThe following ARA Service Routines can be used by a SRPR code resource:, Courier°dONLNdDÉgèë+ARARead°dONLNdLégöó*ARAWrite°dONLNdUôg•µ*ARALogMessage°dONLNdc§g∞µ*ARACallBackAt°dONLNdqØgªØ*ARAAllowUser°dONLNd~∫gΔ«*ARADontAllowUser°dONLNdè≈g—Ÿ*ARAReadSecurityData°dONLNd£–g‹Ò*ARAReadLockSecurityData°dONLNdª€gÁÂ*ARAUnlockSecurityData°dONLNd—ÊgÚﬂ*ARAWriteSecurityData°dONLNdÊÒg˝ª*ARAGetUserInfo°dONLNdı¸g”*ARAGetMySessionRef°dONLNdg©*ARATickleMe°dONLNdgﬂ*ARACompleteOperation (Ú$*Copyright © 1992, 1993 Apple Computer Inc.(Ú613ˇdˇˇˇˇˇd d, Helvetica .ˇ+$,ARA Add-on Security Interface(,Version 1.0°dONLNd<HJi(FH/Connection Configuration (CCNF Resource ID 200) IFI/,Palatino 2†°dONLNd0ZZf +]A Connection Configuration code resource is executed on the client side when the user selects{˘°dONLNdélZx *b"Configuration" button on the client in a connection document's security option. It can store 150°dONLNdÒ~Zäê*Hbytes of data in a connection document for a line-level security device.Ñ‡°dONLNd:öZ¶ *`It should display a modal dialog and get any information relevant to connections with line-level£P°dONLNdõ¨Z∏ *Dsecurity. You can use ARAReadLockSecurityData, ARAReadSecurityData,°dONLNd‡æZ ˜*WARAWriteSecurityData, and ARAUnlockSecurityData to access and modify the security data.πD°dONLNd8⁄ZÊ *^On kSecurityBegin you should get the existing security data. Once you have obtained the data,Û°dONLNdóÏZ¯ *ayou should display a dialog box, and allow the user to modify it. When the user is done, you can°dONLNd˘˛Z ò*Gwrite the security data if it was modified, using ARAWriteSecurityData.°dONLNdAZ&®*GThe following ARA Service Routines can be used by a CCNF code resource:, Courier°dONLNdâ1g=Ÿ+ARAReadSecurityData°dONLNdù<gHÒ*ARAReadLockSecurityData°dONLNdµGgSÂ*ARAUnlockSecurityData°dONLNdÀRg^ﬂ*ARAWriteSecurityData°dONLNd‡]gi©*ARATickleMe°dONLNdÏhgtﬂ*ARACompleteOperation (Ú$*Copyright © 1992, 1993 Apple Computer Inc.(Ú614ˇ Ídˇˇˇˇˇd d, Helvetica .ˇ+$,ARA Add-on Security Interface(,Version 1.0°dONLNd<HJL(FH-Client Side Line-level (CLLN Resource ID 200) IFI/,Palatino å°dONLNd.ZZf +dA client-side line-level code resource is executed after a physical connection has been established,y‚°dONLNdìlZx*Zusing a connection document configured with security. It should communicate with the line°⁄°dONLNdÌlx (u-°dONLNdÓ~Zäõ(áZIlevel device, prompting the user for any information the device requires.p@°dONLNd8öZ¶ *XA CLLN code resource can use the ARARead and ARAWrite to communicate with the line-levelÔê°dONLNdë¨Z∏ *`device on the server. The data being read or written is sent over the physical line without anyn°dONLNdÚæZ *bpacketization. Your code resource gets control of the line after a connection is established, but°dONLNdU–Z‹ï*Fbefore your authentication device allows connection to the ARA server.Sh°dONLNdúÏZ¯ *_On kSecurityBegin you should start the communication process with the server line-level device.ó°dONLNd˝˛Z *_You can display a dialog box to obtain information from the user. Once the physical device hasC®°dONLNd]Z *Pauthenticated or rejected the user the code resource should call ARAAllowUser or°dONLNdÆ"Z._*9ARADontAllowUser to let ARA transition to the next state.:Ç°dONLNdË>ZJ *XYou can use ARAReadSecurityData to access the 150 bytes of data stored in the connectionÀ©°dONLNdAPZ\ *[document. You can not modify this information during authentication. The security data isê°dONLNdùbZn *astored in an alias to a remote server as well as the original connection document, so you can get°dONLNdˇtZÄ¢*Nthe data even if the connection is initiated from an alias to a remote server.°dONLNdNêZúá*@A CLLN code resource can use the following ARA Service Routines:, Courier°dONLNdèßg≥ë+ARARead°dONLNdó≤gæó*ARAWrite°dONLNd†Ωg…Ø*ARAAllowUser°dONLNd≠»g‘«*ARADontAllowUser°dONLNdæ”gﬂŸ*ARAReadSecurityData°dONLNd“ﬁgÍ©*ARATickleMe°dONLNdﬁÈgıﬂ*ARACompleteOperation (Ú$*Copyright © 1992, 1993 Apple Computer Inc.(Ú615ˇ˙dˇˇˇˇˇd d, Helvetica .ˇ+$,ARA Add-on Security Interface(,Version 1.0,Palatino°dONLNdB6Rf(N6Actions R4R/ $¯°dONLNdgZs +$"_Actions are one of the parameters passed to your code resource's entry routine. ARA sends them°dONLNdhyZÖ *-to request a service from your code resource.hí°dONLNdóïZ° *^All actions are sent during main thread time, so you can allocate memory and make calls to Mac°dONLNdˆßZ≥ *\Toolbox routines. The code resource's A5 world is setup prior to calling your routine. The°dONLNdSπZ≈ì*Gresource fork of your module is open and on top of the resources stack.ã®°dONLNdõ’Z· *XYou should process actions as quickly as possible. You should not go into loops and use°dONLNdÙÁZÛd*;SystemTask calls as a way of returning control back to ARA.°dONLNd0˘H®(HkSecurityStartup F/ AP°dONLNdAZ# +^kSecurityStartup is sent immediately after your code resource is loaded. You can allocate any"Z°dONLNd†)Z5 *_needed memory during the processing of this action, but you should not make any calls to any ofÒ,°dONLNd;ZG *[the ARA Service Routines. Once processed, you should return kSecurityNoErr. Generally you°dONLNd\MZY8*2should use kSecurityBegin to start any processing.°dONLNdè_Hm∑(iHkSecurityShutdown lFl/ ;D°dONLNd°}Zâ +ZkSecurityShutdown is the last action sent prior to unloading your code resource. The codeG*°dONLNd¸èZõ *^resource will not be called any more after this action. You can release any allocated memory.ÙÄ°dONLNd\°Z≠ *ZMake sure you have cleaned everything up before returning. You can not use any of the ARA°dONLNd∑≥Zø!**Service Routines during kSecurityShutdown.°dONLNd‚≈H”ü(œHkSecurityBegin “F“/ §°dONLNdÒ„ZÔ +akSecurityBegin is sent to request your code resource to perform its operation. E.g. requesting a4°dONLNdSıZ~*protocolp@°dONLNd[ı )%[-level module to authenticate a user. The code resource should start the operation that itYP°dONLNd∑Z (Z_is responsible for. You can allocate memory and other needed resources. You can also call ARA°dONLNdZ%Ó* Service Routines asynchronously.°dONLNd8+H9î(5HkSecurityEnd 8F8/ år°dONLNdEIZU +\kSecurityEnd is sent when the operations that the resource performs are being finished. Youˇˇ˘V°dONLNd¢[Zg%*.should do your cleanup at this time. You can Üú°dONLNd–[%g3)Ànot‹°dONLNd”[4g )0 make any calls to ARA Service Routines after or°dONLNdmZy™(vZduring this action.°dONLNdHçÃ(âHkSecurityDataAvailable åFå/ °dONLNd/ùZ©R+9kSecurityDataAvailable is not being used in this release. (Ú$*Copyright © 1992, 1993 Apple Computer Inc.(Ú616ˇ dˇˇˇˇˇd d, Helvetica .ˇ+$,ARA Add-on Security Interface(,Version 1.0°dONLNd6HDù(@HkSecurityAbort CFC/,Palatino ˜Ñ°dONLNdTZ` +]kSecurityAbort is sent when the operation of your code resource is being aborted. You shouldç°dONLNdmfZr *^stop any further processing by your code resource (including in your completion routine. E.g.zÚ°dONLNdÃxZÑ *`through the use of a flag). Your code resource should terminate any outstanding asynch calls toˇˇ¯‡°dONLNd-äZñ *^routines other than ARA Service Routines. Outstanding ARA Service Routines will be aborted by°dONLNdåúZ®r*ARA.°dONLNdëÆHº≈(∏HkSecurityTickleAction ªFª/ VL°dONLNdßÃZÿ +YkSecurityTickleAction is sent to your code resource periodically. You can also request a2&°dONLNdﬁZÍ *RkSecurityTickleAction explicitly by calling the ARATicleMe routine. When you calln¿°dONLNdTZ¸ *[ARATickleMe you pass an additional parameter which is sent to your "MySecurityProcEntry" as&°dONLNd∞Z *athe LongParam. This additional parameter can be used as a state indicator. E.g. an asynchronous=P°dONLNdZ *`call has finished, so from your completion routine you call ARATickleMe with the state indicatorˇˇ˝ °dONLNds&Z2 *_"DidMyAsynchCall" (this can be a value in an enum). In processing of kSecurityTickleAction youhÇ°dONLNd”8ZD *\check the LongParam to see if it matches "DidMyAsynchCall". If it matches you know you have n°dONLNd0JZV *_finished your asynchronous operation and are ready to transition to the next state. You should°dONLNdê\Zh *Zalso do an ARATickleMe when you need to perform main thread time operations (e.g. allocatel˝°dONLNdÎnZz *\memory) . When kSecurityTickleAction is being sent periodically by ARA LongParam will be 0.|≥°dONLNdIÄZå *VFor an example on the use of kSecurityTickleAction and ARATickleMe refer to the Sample°dONLNd†íZû~*module. (Ú$*Copyright © 1992, 1993 Apple Computer Inc.(Ú617ˇ&dˇˇˇˇˇd d, Helvetica .ˇ+$,ARA Add-on Security Interface(,Version 1.0,Palatino°dONLNdB6R≈(N6ARA Service Routines R4R/ Δå°dONLNdgZs +$"\ARA Service Routines are a set of functions that code resources have access to. Using thesexÓ°dONLNdryZÖ *Zroutines, code resources can request ARA services. The following is a list of ARA Service°dONLNdÕãZóÉ* Routines:, Courier°dONLNd◊≥gøë+(ARARead°dONLNdﬂæg ó*ARAWrite°dONLNdË…g’µ*ARALogMessage°dONLNdˆ‘g‡µ*ARACallBackAt°dONLNdﬂgÎØ*ARAAllowUser°dONLNdÍgˆ«*ARADontAllowUser°dONLNd"ıgŸ*ARAReadSecurityData°dONLNd6gÒ*ARAReadLockSecurityData°dONLNdNgﬂ*ARAWriteSecurityData°dONLNdcg"Â*ARAUnlockSecurityData°dONLNdy!g-ª*ARAGetUserInfo°dONLNdà,g8©*ARATickleMe°dONLNdî7gCﬂ*ARACompleteOperation°dONLNd©RZ^S([Z9The following sub-sections describe each of the routines.°dONLNdÂnH|b(xHNote pâ°dONLNdÍåZò +LAll of the routines expect a MyReference parameter. This value is passed to7P°dONLNd7ûZ™ *["MySecurityProcEntry", and is a unique value representing the instance of the security code°dONLNdì∞ZºÇ* resource. (Ú$*Copyright © 1992, 1993 Apple Computer Inc.(Ú618ˇ ñdˇˇˇˇˇd d, Helvetica .ˇ+$,ARA Add-on Security Interface(,Version 1.0°dONLNdRH`(\HARARead _F_/,Palatino°dONLNdpH~m*Syntax, Courier °dONLNdägñµ+pascal ARAErr°dONLNdäΔñb)_ARARead( SecurityReference°dONLNd9äÖñÕ)øMyReference,°dONLNdLïˆ°(ûˆ void°dONLNdVïÖ°¡)è * DataPtr,°dONLNdg†ˆ¨(©ˆ int°dONLNdp†Ö¨ª)è DataSize,°dONLNdÄ´ˆ∑Ä(¥ˆ SecurityCompletionProc°dONLNdò´Ö∑ﬂ)èCompletionProc,°dONLNdÆ∂ˆ¬(øˆ long°dONLNd∏∂Ö¬Ò)èCompletionParam );°dONLNdÀ—Hﬂà(€HDescription Ô°dONLNd◊ÔZ˚ +^This routine is used to issue an asynchronous read call to ARA. The read will complete eitherÁ*°dONLNd6Z *]when ARA times out, or the number of bytes requested is read. This read is used to read dataÒ∑°dONLNdîZ*[coming from the remote machine. The protocol-level modules read from each other. The lineä9°dONLNdÔ (-°dONLNd%Z1@(.Z4level module reads from a device on the server side.°dONLNd%AHOÑ(KH Parameters °dONLNd0_Zkº+QMyReference is the unique identifier passed to the code resource's entry routine.M °dONLNdÇ{Zá *_DataPtr points to a location where the data will be read to. It must not be released while the°dONLNd‚çZô*$asynchronous read has not completed.|≥°dONLNd©Zµ *\DataSize is the maximum number of bytes to be read to DataPtr. The maximum data size is 500°dONLNddªZ«s*bytes.fÑ°dONLNdk◊Z„ *^CompletionProc is a function pointer you provide to be called when the read operation has been°dONLNd ÈZı˛*]completed. If a time-out occurs the CompletionProc is called with a kARATimeout result code.T∫°dONLNd(Z *UCompletionParam is additional information you can provide which will be passed to the°dONLNd~Z#§*CompletionProc.°dONLNdé3HAë(=HReturn Value °dONLNdõQZ]ﬂ+UResult code. Non kARANoErr result codes are usually because the call was not queued.°dONLNdÒmH{b(wHNote U“°dONLNdˆãZó +aThis is an asynchronous call and can be called during interrupt time. The DataPtr field must not°dONLNdXùZ© *)be released until the call has completed. (Ú$*Copyright © 1992, 1993 Apple Computer Inc.(Ú619ˇBdˇˇˇˇˇd d, Helvetica .ˇ+$,ARA Add-on Security Interface(,Version 1.0,Palatino°dONLNd6HDw(@HSee Also °dONLNd TZ`â+ARAWrite (Ú$*Copyright © 1992, 1993 Apple Computer Inc.(Ú620ˇ @dˇˇˇˇˇd d, Helvetica .ˇ+$,ARA Add-on Security Interface(,Version 1.0°dONLNdHHV(RHARAWrite UFU/,Palatino°dONLNd fHtm*Syntax, Courier °dONLNdÄgåµ+pascal ARAErr°dONLNdÄΔåh)_ARAWrite( SecurityReference°dONLNd<ÄùåÂ)◊MyReference,°dONLNdOãˆó(îˆ void°dONLNd[ãùóŸ)ß * DataPtr,°dONLNdlñˆ¢(üˆ int°dONLNdwñù¢”)ß DataSize,°dONLNdá°ˆ≠Ü(™ˆ SecurityCompletionProc°dONLNd†°ù≠˜)ßCompletionProc,°dONLNd∂¨ˆ∏(µˆ long°dONLNd¬¨ù∏ )ßCompletionParam );°dONLNd’«H’à(—HDescription ¡Ã°dONLNd·ÂZÒÆ+KThis routine can be used to write data to the remote machine. For protocolà°dONLNd,ÂØÒ (ÓØ-level authenticationf°dONLNdB˜Zf(Z>the data is transferred over a reliable link, whereas for line;<°dONLNdÄ˜g (g&-level authentication the data is justrç°dONLNdß Z (Z`transferred over the connection without any packetization. Protocol-level modules write to each°dONLNdZ'ë*Iother. Line-level modules write to a security device on the server side.°dONLNdR7HEÑ(AH Parameters °dONLNd]UZaº+PMyReference is the unique reference passed to the code resource's entry routine.°dONLNdÆqZ}0*3DataPtr is a pointer to the data to be written out.°dONLNd‚çZô⁄*VDataSize is the number of bytes to be written. A maximum of 500 bytes can be written.(°dONLNd9©Zµ *`CompletionProc is a pointer to a completion routine which will be called when the write has been°dONLNdöªZ«ã* completed.T∫°dONLNd•◊Z„ *UCompletionParam is additional information you can provide which will be passed to the°dONLNd˚ÈZı§*CompletionProc.°dONLNdHë(HReturn Value °dONLNd#Z/±+NResult code. Errors are usually caused when the write call can not be queued.°dONLNdg?HMb(IHNote ’5°dONLNdl]Zi +`This is an asynchronous call and can be called at interrupt time. The DataPtr field must not be°dONLNdÕoZ{*+released until the call has been completed.°dONLNd˘ãHôw(ïHSee Also °dONLNd©ZµÜ+ARARead (Ú$*Copyright © 1992, 1993 Apple Computer Inc.(Ú621ˇﬁdˇˇˇˇˇd d, Helvetica .ˇ+$,ARA Add-on Security Interface(,Version 1.0°dONLNdHHV™(RHARALogMessage UFU/,Palatino°dONLNdfHtm*Syntax, Courier °dONLNdÄgå•+5extern pascal ARAErr ARALogMessage( SecurityReference°dONLNdKÄ∂å˛(â∂MyReference,°dONLNd`ã%óU(î% char°dONLNdlã∂óÚ)ë * Message,°dONLNdñ%¢!(ü%* SecurityCompletionProc CompletionProc,°dONLNd≤°%≠U* long°dONLNdæ°∂≠")ëCompletionParam );°dONLNd—«H’à(—HDescription °dONLNd›ÂZÒè+FYou can use this routine to have a message logged to the ARA log file.°dONLNd$HÑ(H Parameters °dONLNd/Z+g+@Message is a Pascal string which will be stored in the log file.°dONLNdp;HIë(EHReturn Value °dONLNd}YZeè+Result code.°dONLNdäuHÉb(HNote °dONLNdèìZüá+DThis is an asynchronous call that can be made during interrupt time. (Ú$*Copyright © 1992, 1993 Apple Computer Inc.(Ú622ˇ 6dˇˇˇˇˇd d, Helvetica .ˇ+$,ARA Add-on Security Interface(,Version 1.0°dONLNdRH`°(\HARACallBackAt _F_/,Palatino°dONLNdpH~m*Syntax, Courier °dONLNdägñ{+.pascal ARAErr ARACallBackAt( SecurityReference°dONLNdEäùñÂ(ìùMyReference,°dONLNdXïˆ°(ûˆ °dONLNd[ï°,) char°dONLNdeïù°Î)è* DialString,°dONLNdy†ˆ¨ò(©ˆ SecurityCompletionProc°dONLNdï†ù¨˜)ßCompletionProc,°dONLNd´´ˆ∑,(¥ˆ long°dONLNdπ´ù∑ )ßCompletionParam );°dONLNdÃΔH‘à(–HDescription Ñ°dONLNdÿ‰Z +^This routine can be used to change the phone number which ARA will call back at. In order fori–°dONLNd7ˆZ *^this routine to work the call-back must be enabled for the given user. The call-back won't be°dONLNdñZ”*executed until all other add`°dONLNd≤‘å)z(-on security modules have been executed.ÑÓ°dONLNd€$Z0 (-Z]The new number is only used for the current session, and won't change the permanent call-back°dONLNd96ZB*number.°dONLNdARH`Ñ(\H Parameters ®|°dONLNdLpZ| +`DialString is a Pascal string which contains the phone number to dial. It must be a valid phone°dONLNd≠ÇZé*number.°dONLNdµûZ™ *WCompletionProc is a routine pointer which will be called when the phone number has been°dONLNd∞Zº4*0assigned (not when the call-back has been made).Ô§°dONLNd>ÃZÿ *XCompletionParam can contain additional information you can supply to be passed on to the°dONLNdóﬁZÍ§*CompletionProc.°dONLNdß˙Hë(HReturn Value °dONLNd¥Z$è+Result code.°dONLNd¡4HBb(>HNote °dONLNdΔRZ^q+@This is an asynchronous call that can be made at interrupt time._Î°dONLNdnZz *WThe CompletionProc is called when the DialString has been stored by ARA. Since anotherÎY°dONLNd_ÄZå *`security module could override this DialString by another call to this routine, the user may not°dONLNd¿íZû‘*get called at this DialString.°dONLNdﬂÆZ∫≈*RThis routine can only be used by a server-side protocol-level code resource (SRPR) (Ú$*Copyright © 1992, 1993 Apple Computer Inc.(Ú623ˇ⁄dˇˇˇˇˇd d, Helvetica .ˇ+$,ARA Add-on Security Interface(,Version 1.0°dONLNdRH`ú(\HARAAllowUser _F_/,Palatino°dONLNdpH~m*Syntax, Courier °dONLNdâgï{+.pascal ARAErr ARAAllowUser( SecurityReference°dONLNdDâùïÂ(íùMyReference,°dONLNdXî†ò(ù SecurityCompletionProc°dONLNdpîù†˜)èCompletionProc,°dONLNdáü´,(® long°dONLNdëüù´ )èCompletionParam );°dONLNd§∫H»à(ƒHDescription â`°dONLNd∞ÿZ‰ +_This routine is used to let ARA know that the user has been authenticated. It also informs ARA◊|°dONLNdÍZˆ *^that the operation has been completed. ARA will then send the code resource's entry routine a°dONLNdo¸Zw*@kSecurityEnd action, after which ARA proceeds to the next state.°dONLNd∞H&Ñ("H Parameters °dONLNdª6ZB˚+\CompletionProc is a completion routine which will be called when ARA has accepted this call.üí°dONLNdRZ^ *UCompletionParam is additional information you can supply that will be provided to the°dONLNdndZp§*CompletionProc.°dONLNd~ÄHéë(äHReturn Value °dONLNdãûZ™è+Result code.°dONLNdò∫H»b(ƒHNote °dONLNdùÿZ‰á+DThis is an asynchronous call that can be made during interrupt time.°dONLNd‚ÙHw(˛HSee Also °dONLNdÎZ*+&ARADontAllowUser, ARACompleteOperation (Ú$*Copyright © 1992, 1993 Apple Computer Inc.(Ú624ˇ<dˇˇˇˇˇd d, Helvetica .ˇ+$,ARA Add-on Security Interface(,Version 1.0°dONLNdRH`∑(\HARADontAllowUser _F_/,Palatino°dONLNdpH~m*Syntax, Courier °dONLNdâgïì+2pascal ARAErr ARADontAllowUser( SecurityReference°dONLNdLâ∂ï˛(í∂MyReference,°dONLNdaî%†C(ù% char°dONLNdkî∂†Ú)ë * Message,°dONLNd~ü%´Ø(®% SecurityCompletionProc°dONLNdñü∂´)ëCompletionProc,°dONLNdÆ™%∂C(≥% long°dONLNd∏™∂∂")ëCompletionParam );°dONLNdÀ≈H”à(œHDescription VX°dONLNd◊„ZÔ +`You can call this routine when the user has failed authentication. ARA will send a kSecurityEnd°dONLNd8ıZÈ*Zaction to the code resources entry routine, after which ARA will tear down the connection.°dONLNdìHÑ(H Parameters 9˘°dONLNdû/Z; +^Message is an optional Pascal string which states why the user failed authentication. You can°dONLNd˝AZMŒ*pass a NIL for the pointer.°dONLNd]Zi÷*TCompletionProc is your routine which will be called when ARA has accepted this call.°dONLNdnyZÖ‰*TCompletionParam is a parameter you can supply which is passed to the CompletionProc.°dONLNd√ïH£ë(üHReturn Value °dONLNd–≥Zøè+Result code.°dONLNd›œH›b(ŸHNote °dONLNd‚ÌZ˘á+DThis is an asynchronous call that can be made during interrupt time.°dONLNd' Hw(HSee Also °dONLNd0'Z3+"ARAAllowUser, ARACompleteOperation (Ú$*Copyright © 1992, 1993 Apple Computer Inc.(Ú625ˇ dˇˇˇˇˇd d, Helvetica .ˇ+$,ARA Add-on Security Interface(,Version 1.0°dONLNdRH`»(\HARAReadSecurityData _F_/,Palatino°dONLNdpH~m*Syntax, Courier °dONLNdägñ•+5pascal ARAErr ARAReadSecurityData( SecurityReference°dONLNdQä∂ñ˛(ì∂MyReference,°dONLNdfï%°U(û% void°dONLNdrï∂°Ú)ë * DataPtr,°dONLNdÜ†%¨O(©% int°dONLNdí†∂¨Ï)ë DataSize,°dONLNd£´∑í(¥SecurityCompletionProc°dONLNdª´∂∑)®CompletionProc,°dONLNd”∂%¬U(ø% long°dONLNdﬂ∂∂¬")ëCompletionParam );°dONLNdÚ—Hﬂà(€HDescription ∏!°dONLNd˛ÔZ˚ +`This routine is used to read data for the given type of security module which is associated with<c°dONLNd_Z *`either a user or a connection. On the server this data is associated with a given user. On theZk°dONLNd¿Z *`client side this data is associated with the connection. The maximum amount of data that can be°dONLNd!%Z1≠*stored is 150 bytes.°dONLNd6AHOÑ(KH Parameters °dONLNdA_ZkU+;DataPtr points to where the security data is to be read to.°dONLNd}{ZáΔ*RDataSize is the maximum amount of data to read. It should not be larger than 150.°dONLNd–óZ£È*ZCompletionProc is a pointer to a routine which will be called when the data has been read.°dONLNd+≥Zø*\CompletionParam is additional information you can provide to be passed to the CompletionProc°dONLNdàœH›ë(ŸHReturn Value °dONLNdïÌZ˘è+Result code.°dONLNd¢ Hb(HNote æÿ°dONLNdß'Z3 +^On the ARA server this data is associated with a given user and stored in the users and groups°dONLNd9ZE¶*Ndatabase. On the client side this data is associated with a given connection.°dONLNdUUHcw(_HSee Also °dONLNd^sZ∑+DARAReadLockSecurityData, ARAWriteSecurityData, ARAUnlockSecurityData (Ú$*Copyright © 1992, 1993 Apple Computer Inc.(Ú626ˇ Êdˇˇˇˇˇd d, Helvetica .ˇ+$,ARA Add-on Security Interface(,Version 1.0°dONLNd<HJ‰(FHARAReadLockSecurityData IFI/,Palatino°dONLNdZHhm*Syntax, Courier °dONLNdtgÄΩ+9pascal ARAErr ARAReadLockSecurityData( SecurityReference°dONLNdYtŒÄ(}ŒMyReference,°dONLNdn%ã+(à% °dONLNdp>ã\) void°dONLNdy∂ãÚ)x * DataPtr,°dONLNdçä%ñU(ì% int°dONLNdôä∂ñÏ)ë DataSize,°dONLNd™ï°í(ûSecurityCompletionProc°dONLNd¬ï∂°)®CompletionProc,°dONLNd⁄†%¨7(©% °dONLNdﬁ†>¨\) long°dONLNdÁ†∂¨")xCompletionParam );°dONLNd˙ªH…à(≈HDescription Ç˛°dONLNdŸZÂ +YThis routine is used to read and lock data for the given type of security module which is∏‡°dONLNd`ÎZ˜ *bassociated with either a user or a connection. On the server this data is associated with a given!∏°dONLNd√˝Z *]user. On the client side this data is associated with the connection. The maximum amount ofey°dONLNd!Z *Zdata that can be read or written is 150 bytes. You should use the ARAReadLockSecurityDataS∞°dONLNd|!Z- *ainstead of ARAReadSecurityData if you plan to modify or write the security data. This is crucial°dONLNdﬁ3Z?Á*Xon the server, because you can have multiple threads attempting to modify the same data.°dONLNd7OH]Ñ(YH Parameters °dONLNdBmZyU+;DataPtr points to where the security data is to be read to.°dONLNd~âZïΔ*RDataSize is the maximum amount of data to read. It should not be larger than 150.°dONLNd—•Z±È*ZCompletionProc is a pointer to a routine which will be called when the data has been read.°dONLNd,¡ZÕ*\CompletionParam is additional information you can provide to be passed to the CompletionProc°dONLNdâ›HÎë(ÁHReturn Value °dONLNdñ˚Zè+Result code.°dONLNd£H%b(!HNote æÿ°dONLNd®5ZA +^On the ARA server this data is associated with a given user and stored in the users and groups°dONLNdGZS¶*Ndatabase. On the client side this data is associated with a given connection.°dONLNdVcZo√*NYou must call ARAUnlockSecurityData to remove the lock from the security data.°dONLNd•Hçw(âHSee Also °dONLNdÆùZ©°+@ARAReadSecurityData, ARAWriteSecurityData, ARAUnlockSecurityData (Ú$*Copyright © 1992, 1993 Apple Computer Inc.(Ú627ˇ bdˇˇˇˇˇd d, Helvetica .ˇ+$,ARA Add-on Security Interface(,Version 1.0°dONLNdRH`…(\HARAWriteSecurityData _F_/,Palatino°dONLNdpH~m*Syntax, Courier °dONLNdâgï•+5pascal ARAErr ARAWriteSecurityData( SecurityReference°dONLNdRâ∂ï˛(í∂MyReference,°dONLNdgî%†U(ù% void°dONLNdsî∂†Ú)ë * DataPtr,°dONLNdÜü%´O(®% int°dONLNdíü∂´Ï)ë DataSize,°dONLNd£™∂§(≥ SecurityCompletionProc°dONLNdΩ™∂∂)®CompletionProc,°dONLNd’µ%¡U(æ% long°dONLNd·µ∂¡")ëCompletionParam );°dONLNdÙ–Hﬁà(⁄HDescription ∏B°dONLNdÓZ˙ +_This routine can be used by the security modules (mostly configuration code resources) to storeA∂°dONLNd`Z *cconfiguration data which is associated with either a user or a connection. On the server this data°dONLNdƒZ∫*Tis associated with a user. On the client this data is associated with a connection.°dONLNd.H<Ñ(8H Parameters °dONLNd$LZX+(DataPtr points to the data to be stored.°dONLNdMhZt≥*RDataSize is the number of bytes to store. It should be less than or equal to 150.·Í°dONLNd†ÑZê *^CompletionProc is a pointer to a completion routine that will be called when the data has been°dONLNdˇñZ¢|*written.°dONLNd≤Zæ*]CompletionParam is additional information you can provide to be passed to the CompletionProc.°dONLNdfŒH‹ë(ÿHReturn Value °dONLNdsÏZ¯è+Result code.°dONLNdÄHb(HNote æÿ°dONLNdÖ&Z2 +^On the ARA server this data is associated with a given user and stored in the users and groups°dONLNd‰8ZD¶*Ndatabase. On the client side this data is associated with a given connection.°dONLNd3TZ`«*RA line-level authentication code resource (CLLN) can not modify the security data.°dONLNdÜpH~w(zHSee Also °dONLNdèéZöπ+EARAReadSecurityData, ARAReadLockSecurityData, , ARAUnlockSecurityData (Ú$*Copyright © 1992, 1993 Apple Computer Inc.(Ú628ˇbdˇˇˇˇˇd d, Helvetica .ˇ+$,ARA Add-on Security Interface(,Version 1.0°dONLNdHHV”(RHARAUnlockSecurityData UFU/,Palatino°dONLNdfHtm*Syntax, Courier °dONLNdgã´+6pascal ARAErr ARAUnlockSecurityData( SecurityReference°dONLNdT∂ã˛(à∂MyReference,°dONLNdhäñ§(ì SecurityCompletionProc°dONLNdÇä∂ñ)®CompletionProc,°dONLNdöï%°a(û% long°dONLNd®ï∂°")ëCompletionParam );°dONLNdª∞Hæà(∫HDescription ”ç°dONLNd«ŒZ⁄ +IThis routine removes a lock from security data that has been locked using°dONLNd‡ZÏÿ*ARAReadLockSecurityData.°dONLNd*¸H Ñ(H Parameters ·Í°dONLNd5Z& +^CompletionProc is a pointer to a completion routine that will be called when the data has been°dONLNdî,Z8|*written.°dONLNdùHZT*]CompletionParam is additional information you can provide to be passed to the CompletionProc.°dONLNd˚dHrë(nHReturn Value °dONLNdÇZéè+Result code.°dONLNdûH¨b(®HNote °dONLNdºZ»Á+RYou must call ARAUnlockSecurityData after you have called ARAReadLockSecurityData.°dONLNdmÿHÊw(‚HSee Also °dONLNdvˆZ≠+BARAReadSecurityData, ARAReadLockSecurityData, ARAWriteSecurityData (Ú$*Copyright © 1992, 1993 Apple Computer Inc.(Ú629ˇ|dˇˇˇˇˇd d, Helvetica .ˇ+$,ARA Add-on Security Interface(,Version 1.0°dONLNdRH`¶(\HARAGetUserInfo _F_/,Palatino°dONLNdpH~m*Syntax, Courier °dONLNdâgïµ+pascal ARAErr°dONLNd$âΔïå)_!ARAGetUserInfo( SecurityReference°dONLNdFâùïÂ)◊MyReference,°dONLNd[î%†=(ù%void°dONLNdcîù†Ÿ)x * DataPtr,°dONLNdvü%´7(®%int°dONLNd~üù´”)x DataSize,°dONLNdê™%∂©(≥%SecurityCompletionProc°dONLNdß™∂∂)ëCompletionProc,°dONLNdøµ%¡=(æ%long°dONLNd«µù¡ )xCompletionParam );°dONLNd⁄–Hﬁà(⁄HDescription åJ°dONLNdÊÓZ˙ +bThis routine is used to get information about the user. Currently it returns the user's name. On°dONLNdIZ™*Pthe server this is the information for the user dialing in, or being configured.°dONLNdöH*Ñ(&H Parameters °dONLNd•:ZFN+8DataPtr points to where this information will be stored.°dONLNdﬁVZbF*3DataSize is the maximum number of bytes to be read.°dONLNdrZ~*^CompletionProc is a completion routine that will be called when the information has been read.°dONLNdqéZö*]CompletionParam is additional information you can provide to be passed to the CompletionProc.°dONLNdœ™H∏ë(¥HReturn Value °dONLNd‹»Z‘è+Result code. (Ú$*Copyright © 1992, 1993 Apple Computer Inc.(Ú630ˇÚdˇˇˇˇˇd d, Helvetica .ˇ+$,ARA Add-on Security Interface(,Version 1.0°dONLNdRH`î(\HARATickleMe _F_/,Palatino°dONLNdpH~m*Syntax, Courier °dONLNdägñµ+pascal ARAErr°dONLNd!äΔñz)_ARATickleMe( SecurityReference°dONLNdAäùñÂ)◊MyReference,°dONLNdUï°,(û long°dONLNd_ïù°Ò)èTickleParam );°dONLNdn∞Hæà(∫HDescription %0°dONLNdzŒZ⁄ +^This routine causes ARA to send a kSecurityTickleAction to the code resource's entry routine.=$°dONLNd⁄‡ZÏ *YFor example, you can use this routine from completion routines to have your entry routine°dONLNd4ÚZ˛Ä*invoked.°dONLNd=HÑ(H Parameters ^‚°dONLNdH,Z8 +_TickleParam is additional information you can provide which will be passed to the entry routineºÚ°dONLNd®>ZJ *]in its LongParam parameter. When ARA calls the entry routine with a kSecurityTickleAction it°dONLNdPZ\≤*Opasses a 0 for the LongParam parameter. You can use this as a state indicator.°dONLNdVlHzë(vHReturn Value °dONLNdcäZñè+Result code.°dONLNdp¶H¥b(∞HNote aY°dONLNduƒZ– +\This function can be called during interrupt time. The kSecurityTickleAction is sent to the°dONLNd“÷Z‚*)"MySecurityProcEntry" at SystemTask time.°dONLNd¸ÚHw(¸HSee Also °dONLNdZº+kSecurityTickleAction (Ú$*Copyright © 1992, 1993 Apple Computer Inc.(Ú631ˇ,dˇˇˇˇˇd d, Helvetica .ˇ+$,ARA Add-on Security Interface(,Version 1.0°dONLNdHHV—(RHARACompleteOperation UFU/,Palatino°dONLNdfHtm*Syntax, Courier °dONLNdgãµ+pascal ARAErr°dONLNd*Δã∂)_(ARACompleteOperation( SecurityReference °dONLNdSŒã"(àŒMyReference );°dONLNdböH®à(§HDescription Vç°dONLNdn∏Zƒ +]You call this routine when you need to end the operation the code resource is performing. Itvñ°dONLNdÃ Z÷ *]causes ARA to send a kSecurityEnd action. For example the configuration code resource should°dONLNd*‹ZËœ*Wcall this routine when the user has finished inputting information into its dialog box.°dONLNdÇ¯HÑ(H Parameters °dONLNdçZ"º+PMyReference is the unique reference passed to the code resource's entry routine.°dONLNdﬁ2H@ë(<HReturn Value °dONLNdÎPZ\è+Result code.°dONLNd¯lHzw(vHSee Also °dONLNdäZñ+(kSecurityBegin, and kSecurityEnd actions (Ú$*Copyright © 1992, 1993 Apple Computer Inc.(Ú632ˇfdˇˇˇˇˇd d, Helvetica .ˇ+$,ARA Add-on Security Interface(,Version 1.0,Palatino°dONLNdX6hM(d6+Appendix A: Security Interface Header File h4h/, Courier °dONLNd,m6y*P//234567890123456789012345678901234567890123456789012345678901234567890123456789°dONLNd}x6Ñ*M//===========================================================================°dONLNdÀÉ6èB*//°dONLNdŒÉNèl)File:°dONLNd‘É~è)0SecurityInterface.h°dONLNdËé6öB(ó6//°dONLNdÎô6•B*//°dONLNdÓôN•Ê)DThis file is the header file which a third party security vendor can°dONLNd3§6∞B(≠6//°dONLNd6§N∞Ï)Euse to create an add-on security module. The add-on security modules°dONLNd|Ø6ªB(∏6//°dONLNdØNªÊ)Dcan be used to integrate a security device with Apple Remote Access.°dONLNdƒ∫6ΔB(√6//°dONLNd«≈6—B*//°dONLNd ≈N—L)*Copyright © 1992, 1993 Apple Computer Inc.°dONLNdı–6‹B(Ÿ6//°dONLNd¯–N‹¿)All rights reserved°dONLNd€6ÁB(‰6//°dONLNdÊ6ÚB*//°dONLNdÊNÚ“)Author: Farzad Sarabi°dONLNd)Ò6˝B(˙6//°dONLNd,¸6B*//°dONLNd/¸NÃ)Modification history:°dONLNdE6B(6//°dONLNdH6B*//°dONLNdKNÑ) 9/29/1993°dONLNdUòº)JFarzad°dONLNd]ﬁ˛)F0Removed declarations for some routines that were°dONLNdé6)B(&6//°dONLNdóﬁ))® obsolete.°dONLNd°(64B(16//°dONLNd§(N4Ñ) 2/15/1993°dONLNdÆ(ò4º)JFarzad°dONLNd∂(ﬁ4Ï)F-The A5 world and a working environment is now°dONLNd‰36?B(<6//°dONLNdÌ3ﬁ?¯)®/setup for the security modules. As a result of°dONLNd>6JB(G6//°dONLNd&>ﬁJÊ)®,this some of the routines in this module are°dONLNdSI6UB(R6//°dONLNd\IﬁU)®3obsolete. Among these are ARAGet/SetMyPrivateData,°dONLNdêT6`B(]6//°dONLNdôTﬁ`>)®ARAGetMyResFile.°dONLNd™_6kB(h6//°dONLNd≠_NkÑ) 10/6/1992°dONLNd∑_òkº)JFarzad°dONLNdø_ﬁk)FCreated°dONLNd«j6v(s6M//===========================================================================°dONLNdã6ó“*!#ifndef SECURITY_INTERFACE°dONLNd0ñ6¢ﬁ*#define SECURITY_INTERFACE 1°dONLNdM¨6∏ú*#ifndef __FILES__°dONLNd_∑6√f*#include°dONLNdh∑~√¥)H <Files.h>°dONLNdr¬6ŒZ(À6#endif°dONLNdy„6Ô¿*!#ifndef SECURITY_PUBLIC°dONLNdëÓ6˙f*#include°dONLNdöÓ~˙Í)H"SecurityPublic.h"°dONLNd≠˘6Z(6#endif°dONLNd¥6&*!M//===========================================================================°dONLNd%61B*//°dONLNd%N1r)Macros°dONLNd06<(96M//===========================================================================°dONLNdZF6R&*(#define kSecurityInterfaceVersion 0x0100°dONLNdÉF>R‡(O>// 0x0100 will be release 1°dONLNdüg6s¢(p6#ifdef __cplusplus°dONLNd≤r6~r* extern "C"°dONLNdΩr~~Ñ)H{°dONLNd¬rﬁ~»)`'// in case we are linking into C++ code°dONLNdÍ}6âZ(Ü6#endif°dONLNdÒ©6µ*,M//===========================================================================°dONLNd?¥6¿B*//°dONLNdB¥N¿l)Types°dONLNdHø6À(»6M//===========================================================================°dONLNdñ’6·h*3// actions are defined in the SecurityPublic.h file (Ú$*Copyright © 1992, 1993 Apple Computer Inc.(Ú633ˇNdˇˇˇˇˇd d, Helvetica .ˇ+$,ARA Add-on Security Interface(,Version 1.0, Courier °dONLNd66B&(?6(// ARAErr is defined in SecurityPublic.h°dONLNd)A6Mh*3// SecurityEntryProc is defined in SecurityPublic.h°dONLNd]L6XÜ*8// SecurityCompletionProc is defined in SecurityPublic.h°dONLNdñb6n*M//===========================================================================°dONLNd‰m6yB*//°dONLNdÁmNyf)Data°dONLNdÏx6Ñ(Å6M//===========================================================================°dONLNd:ô6•*!M//===========================================================================°dONLNdà§6∞B*//°dONLNdã§N∞Ñ) Functions°dONLNdïØ6ª(∏6M//===========================================================================°dONLNd„≈6—¯*K// the following are functions you can call to have AppleTalk Remote Access°dONLNd/–6‹Ã*// perform these services°dONLNdI¸6Æ*,extern pascal ARAErr°dONLNd^¸Δb)êARARead( SecurityReference°dONLNdz¸ÖÕ)øMyReference,°dONLNdèˆ(ˆ void°dONLNdôÖ¡)è * DataPtr,°dONLNd¨ˆ(ˆ int°dONLNdµÖª)è DataSize,°dONLNd«ˆ)Ä(&ˆ SecurityCompletionProc°dONLNdﬂÖ)ﬂ)èCompletionProc,°dONLNd˜(ˆ4(1ˆ long°dONLNd(Ö4Ò)èCompletionParam );°dONLNd36?(<6M//===========================================================================°dONLNdb>6JB*//°dONLNde>NJñ)Description:°dONLNdr>ÆJ‘)`1this routine is used to post an asynchronous read°dONLNd§I6UB(R6//°dONLNd´IÆU⁄)x2operation for data coming from the remote machine.°dONLNdﬁT6`B(]6//°dONLNdÂTÆ`)x9This routine can be used by line-level and protocol-level°dONLNd_6kB(h6//°dONLNd&_ÆkŒ)x0authentication modules. It is not available for°dONLNdXj6vB(s6//°dONLNd_jÆv2)xconfiguration modules.°dONLNdvu6ÅB(~6//°dONLNdyÄ6åB*//°dONLNd|ÄNåê)Parameters:°dONLNdâÄÆå)`MyReference°dONLNdñÄå¬)`this module's unique reference°dONLNdµã6óB(î6//°dONLNdºãÆóÿ)xDataPtr°dONLNdΔãó™)`where to put the read data°dONLNd·ñ6¢B(ü6//°dONLNdËñÆ¢ﬁ)xDataSize°dONLNdÚñ¢‡)`#the maximum number of bytes to read°dONLNd°6≠B(™6//°dONLNd°Æ≠)xCompletionProc°dONLNd,°≠Ê)`$this routine will be called when the°dONLNdQ¨6∏B(µ6//°dONLNd\¨∏§)ÿread request has finished°dONLNdv∑6√B(¿6//°dONLNd}∑Æ√)xCompletionParam°dONLNdç∑√Ú)`&this is information you can provide to°dONLNd¥¬6ŒB(À6//°dONLNdø¬ŒŒ)ÿ be passed to the completion proc°dONLNd‡Õ6ŸB(÷6//°dONLNd„ÿ6‰B*//°dONLNdÊÿN‰ú)Return Value:°dONLNdÙÿÆ‰“)`ARAErr°dONLNd˝ÿ‰¯)`'result code, nonzero indicates an error°dONLNd%„6ÔB(Ï6//°dONLNd(Ó6˙B*//°dONLNd+ÓN˙¢)Creation Date:°dONLNd:ÓÆ˙‰)` 10/6/1992°dONLNdD˘6B(6//°dONLNdG6B*//°dONLNdJN¢)Modifications:°dONLNdY6B(6//°dONLNd\6&*M//===========================================================================°dONLNd™F6RÆ*,extern pascal ARAErr°dONLNdøFΔRh)êARAWrite( SecurityReference°dONLNd›FùRÂ)◊MyReference,°dONLNdÚQˆ](Zˆ void°dONLNd˛Qù]Ÿ)ß * DataPtr,°dONLNd\ˆh(eˆ int°dONLNd\ùh”)ß DataSize,°dONLNd.gˆsÜ(pˆ SecurityCompletionProc°dONLNdGgùs˜)ßCompletionProc,°dONLNd_rˆ~({ˆ long°dONLNdkrù~ )ßCompletionParam );°dONLNd~}6â(Ü6M//===========================================================================°dONLNdÃà6îB*//°dONLNdœàNîñ)Description:°dONLNd‹àÆîÊ)`4this routine is used to asynchronously write data to°dONLNdì6üB(ú6//°dONLNdìÆüÏ)x5the remote machine. It can be used by line-level and°dONLNdNû6™B(ß6//°dONLNdUûÆ™í)x&protocol-level authentication modules.°dONLNd|©6µB(≤6//°dONLNd¥6¿B*//°dONLNdÇ¥N¿ê)Parameters:°dONLNdè¥Æ¿)`MyReference°dONLNdú¥¿å)`your unique reference°dONLNd≤ø6ÀB(»6//°dONLNdπøÆÀÿ)xDataPtr°dONLNd√øÀ™)`the data to be written out°dONLNdﬁ 6÷B(”6//°dONLNdÂ Æ÷ﬁ)xDataSize°dONLNdÔ ÷∞)`the amount of data to write°dONLNd ’6·B(ﬁ6//°dONLNd ’Æ·)xCompletionProc°dONLNd !’·Ê)`$this routine is called when the data (Ú$*Copyright © 1992, 1993 Apple Computer Inc.(Ú634ˇdˇˇˇˇˇd d, Helvetica .ˇ+$,ARA Add-on Security Interface(,Version 1.0, Courier °dONLNd66BB(?6//°dONLNd6BÜ)ÿhas been written out°dONLNd A6MB(J6//°dONLNd'AÆM)xCompletionParam°dONLNd7AM)`)this is extra information you can provide°dONLNdaL6XB(U6//°dONLNdlLX⁄)ÿ"to be passed to the CompletionProc°dONLNdèW6cB(`6//°dONLNdíb6nB*//°dONLNdïbNnú)Return Value:°dONLNd£bÆn“)`ARAErr°dONLNd¨bn¯)`'result code, nonzero indicates an error°dONLNd‘m6yB(v6//°dONLNd◊x6ÑB*//°dONLNd⁄xNÑ¢)Creation Date:°dONLNdÈxÆÑ‰)` 10/6/1992°dONLNdÛÉ6èB(å6//°dONLNdˆé6öB*//°dONLNd˘éNö¢)Modifications:°dONLNdô6•B(¢6//°dONLNd§6∞*M//===========================================================================°dONLNdY–6‹t*,5extern pascal ARAErr ARALogMessage( SecurityReference°dONLNdê–ù‹Â(ŸùMyReference,°dONLNd•€ˆÁ&(‰ˆ char°dONLNd≤€ùÁŸ)ß * Message,°dONLNd≈ÊˆÚí(Ôˆ SecurityCompletionProc°dONLNd‡ÊùÚ˜)ßCompletionProc,°dONLNd¯Òˆ˝&(˙ˆ long°dONLNdÒù˝ )ßCompletionParam );°dONLNd¸6(6M//===========================================================================°dONLNdf6B*//°dONLNdiNñ)Description:°dONLNdvÆÚ)`6you can use this routine to put a message in AppleTalk°dONLNd≠6B(6//°dONLNd¥ÆD)xremote accesses log file.°dONLNdŒ6)B(&6//°dONLNd—(64B*//°dONLNd‘(N4ê)Parameters:°dONLNd·(Æ4)`MyReference°dONLNdÓ(4å)`your unique reference°dONLNd36?B(<6//°dONLNd3Æ?ÿ)xMessage°dONLNd3?¯)`'a Pascal string which will be logged to°dONLNd=>6JB(G6//°dONLNdH>Jh)ÿin the log file°dONLNdXI6UB(R6//°dONLNd_IÆU)xCompletionProc°dONLNdnIUÊ)`$this routine will be called when the°dONLNdìT6`B(]6//°dONLNdûT`»)ÿlog message has been completed.°dONLNdæ_6kB(h6//°dONLNd≈_Æk)xCompletionParam°dONLNd’_k˛)`(additional information you can supply to°dONLNd˛j6vB(s6//°dONLNd jv‡)ÿ#be passed on to the completion proc°dONLNd-u6ÅB(~6//°dONLNd0Ä6åB*//°dONLNd3ÄNåú)Return Value:°dONLNdAÄÆå“)`ARAErr°dONLNdJÄå¯)`'result code, nonzero indicates an error°dONLNdrã6óB(î6//°dONLNduñ6¢B*//°dONLNdxñN¢¢)Creation Date:°dONLNdáñÆ¢‰)` 10/6/1992°dONLNdë°6≠B(™6//°dONLNdî¨6∏B*//°dONLNdó¨N∏¢)Modifications:°dONLNd¶∑6√B(¿6//°dONLNd©¬6Œ*M//===========================================================================°dONLNd˜Ó6˙t*,5extern pascal ARAErr ARACallBackAt( SecurityReference°dONLNd.Óù˙Â(˜ùMyReference,°dONLNdC˘ˆ&(ˆ char°dONLNdP˘ùÎ)ß* DialString,°dONLNdfˆí(ˆ SecurityCompletionProc°dONLNdÅù˜)ßCompletionProc,°dONLNdôˆ&(ˆ long°dONLNd¶ù )ßCompletionParam );°dONLNdπ6&(#6M//===========================================================================°dONLNd%61B*//°dONLNd %N1ñ)Description:°dONLNd%Æ1‘)`1this routine can be used during authentication to°dONLNdI06<B(96//°dONLNdP0Æ<»)x/cause the server to call the client back at the°dONLNdÄ;6GB(D6//°dONLNdá;ÆG)xspecified number.°dONLNdôF6RB(O6//°dONLNdúQ6]B*//°dONLNdüQN]ê)Parameters:°dONLNd¨QÆ])`MyReference°dONLNdπQ]å)`your unique reference°dONLNdœ\6hB(e6//°dONLNd÷\ÆhÍ)x DialString°dONLNd‚\h⁄)`"this is a pascal string which must°dONLNdg6sB(p6//°dONLNdgsÊ)ÿ$contain a dial string for the number°dONLNd5r6~B({6//°dONLNd@r~™)ÿto call the client back at°dONLNd[}6âB(Ü6//°dONLNdb}Æâ)xCompletionProc°dONLNdq}â )`*this proc will be called when the callback°dONLNdúà6îB(ë6//°dONLNdßàîÄ)ÿhas been completed.°dONLNdªì6üB(ú6//°dONLNd¬ìÆü)xCompletionParam°dONLNd“ìüÚ)`&additional information you can provide°dONLNd˘û6™B(ß6//°dONLNdû™)ÿ)that will be passed to the CompletionProc°dONLNd.©6µB(≤6//°dONLNd1¥6¿B*//°dONLNd4¥N¿ú)Return Value:°dONLNdB¥Æ¿“)`ARAErr°dONLNdK¥¿¯)`'result code, nonzero indicates an error°dONLNdsø6ÀB(»6//°dONLNdv 6÷B*//°dONLNdy N÷¢)Creation Date:°dONLNdà Æ÷‰)` 10/6/1992°dONLNdí’6·B(ﬁ6// (Ú$*Copyright © 1992, 1993 Apple Computer Inc.(Ú635ˇ dˇˇˇˇˇd d, Helvetica .ˇ+$,ARA Add-on Security Interface(,Version 1.0, Courier °dONLNd66BB(?6//°dONLNd6NB¢)Modifications:°dONLNdA6MB(J6//°dONLNdL6X*M//===========================================================================°dONLNdcx6Ñt*,5extern pascal ARAErr ARAAllowUser( SecurityReference°dONLNdöxùÑÂ(ÅùMyReference,°dONLNd∞Éèí(åSecurityCompletionProc°dONLNd«Éùè˜)èCompletionProc,°dONLNd‡éö&(ólong°dONLNdÈéùö )èCompletionParam );°dONLNd¸ô6•(¢6M//===========================================================================°dONLNdJ§6∞B*//°dONLNdM§N∞ñ)Description:°dONLNdZ§Æ∞‡)`3the authentication code on the server can call this°dONLNdéØ6ªB(∏6//°dONLNdïØÆªÏ)x5routine to indicate the user has passed this module's°dONLNdÀ∫6ΔB(√6//°dONLNd“∫ÆΔ2)xsecurity requirements.°dONLNdÈ≈6—B(Œ6//°dONLNdÏ–6‹B*//°dONLNdÔ–N‹ê)Parameters:°dONLNd¸–Æ‹)`MyReference°dONLNd –‹å)`your unique reference°dONLNd€6ÁB(‰6//°dONLNd&€ÆÁ)xCompletionProc°dONLNd5€ÁÏ)`%this routine is called when AppleTalk°dONLNd[Ê6ÚB(Ô6//°dONLNdfÊÚ‡)ÿ#Remote Access has finished handling°dONLNdäÒ6˝B(˙6//°dONLNdïÒ˝Œ)ÿ your authentication information.°dONLNd∂¸6B(6//°dONLNdπ6B*//°dONLNdºNú)Return Value:°dONLNd Æ“)`ARAErr°dONLNd”¯)`'result code, nonzero indicates an error°dONLNd˚6B(6//°dONLNd˛6)B*//°dONLNdN)¢)Creation Date:°dONLNdÆ)‰)` 10/6/1992°dONLNd(64B(16//°dONLNd36?B*//°dONLNd 3N?¢)Modifications:°dONLNd/>6JB(G6//°dONLNd2I6U*M//===========================================================================°dONLNdÄu6Åå*,9extern pascal ARAErr ARADontAllowUser( SecurityReference°dONLNdªu∂Å˛(~∂MyReference,°dONLNd“Ä%å=(â%char°dONLNd€Ä∂åÚ)ë * Message,°dONLNdã%ó©(î%SecurityCompletionProc°dONLNdã∂ó)ëCompletionProc,°dONLNd!ñ%¢=(ü%long°dONLNd*ñ∂¢")ëCompletionParam );°dONLNd=°6≠(™6M//===========================================================================°dONLNdã¨6∏B*//°dONLNdé¨N∏ñ)Description:°dONLNdõ¨Æ∏‡)`3the server security module can call this routine to°dONLNdœ∑6√B(¿6//°dONLNd÷∑Æ√å)x%prevent a user from being allowed in.°dONLNd¸¬6ŒB(À6//°dONLNdˇÕ6ŸB*//°dONLNdÕNŸê)Parameters:°dONLNdÕÆŸ)`MyReference°dONLNdÕŸå)`your unique reference°dONLNd2ÿ6‰B(·6//°dONLNd9ÿÆ‰ÿ)xMessage°dONLNdCÿ‰Ê)`$a pascal string stating why the user°dONLNdh„6ÔB(Ï6//°dONLNds„Ôí)ÿwas not allowed access°dONLNdäÓ6˙B(˜6//°dONLNdëÓÆ˙)xCompletionProc°dONLNd†Ó˙Ê)`$this routine will be called when the°dONLNd≈˘6B(6//°dONLNd–˘Ï)ÿ%request for not allowing user has bee°dONLNdˆ6B(6//°dONLNdD)ÿ processed°dONLNd6B(6//°dONLNdÆ)xCompletionParam°dONLNd"Ú)`&additional information you can provide°dONLNdI6&B(#6//°dONLNdT&Ú)ÿ&which will be passed to the completion°dONLNd{%61B(.6//°dONLNdÜ%1&)ÿproc°dONLNdã06<B(96//°dONLNdé;6GB*//°dONLNdë;NGú)Return Value:°dONLNdü;ÆG“)`ARAErr°dONLNd®;G¯)`'result code, nonzero indicates an error°dONLNd–F6RB(O6//°dONLNd”Q6]B*//°dONLNd÷QN]¢)Creation Date:°dONLNdÂQÆ]‰)` 10/6/1992°dONLNdÔ\6hB(e6//°dONLNdÚg6sB*//°dONLNdıgNs¢)Modifications:°dONLNdr6~B({6//°dONLNd}6â*M//===========================================================================°dONLNdU¥6¿û*7<extern pascal ARAErr ARAReadSecurityData( SecurityReference°dONLNdí¥∂¿˛(Ω∂MyReference,°dONLNd©ø%ÀO(»% void°dONLNdµø∂ÀÚ)ë * DataPtr,°dONLNd %÷I(”% int°dONLNd’ ∂÷Ï)ë DataSize,°dONLNdË’·í(ﬁSecurityCompletionProc°dONLNd’∂·)®CompletionProc, (Ú$*Copyright © 1992, 1993 Apple Computer Inc.(Ú636ˇ»dˇˇˇˇˇd d, Helvetica .ˇ+$,ARA Add-on Security Interface(,Version 1.0, Courier °dONLNd6%BO(?% long°dONLNd6∂B")ëCompletionParam );°dONLNdA6M(J6M//===========================================================================°dONLNdmL6XB*//°dONLNdpLNXñ)Description:°dONLNd}LÆX¯)`7this routine can be used to read data for this security°dONLNdµW6cB(`6//°dONLNdºWÆcÏ)x5module which is associated with either a user (on the°dONLNdÚb6nB(k6//°dONLNd˘bÆn‡)x3server side), or a connection (on the client side).°dONLNd-m6yB(v6//°dONLNd4mÆy¯)x7This routine doesn't lock the data, so use it only when°dONLNdlx6ÑB(Å6//°dONLNdsxÆÑh)xyou just plan to read the data.°dONLNdìÉ6èB(å6//°dONLNdñé6öB*//°dONLNdôéNöê)Parameters:°dONLNd¶éÆö)`MyReference°dONLNd≥éöå)`your unique reference°dONLNd…ô6•B(¢6//°dONLNd–ôÆ•ÿ)xDataPtr°dONLNd⁄ô•¬)`where the data will be read to°dONLNd˘§6∞B(≠6//°dONLNd§Æ∞ﬁ)xDataSize°dONLNd §∞»)`maximum number of bytes to read°dONLNd*Ø6ªB(∏6//°dONLNd1ØÆª)xCompletionProc°dONLNd@ØªÊ)`$this routine will be called when the°dONLNde∫6ΔB(√6//°dONLNdp∫Δ™)ÿread request has completed°dONLNdã≈6—B(Œ6//°dONLNdí≈Æ—)xCompletionParam°dONLNd¢≈—Ú)`&additional information you can provide°dONLNd…–6‹B(Ÿ6//°dONLNd‘–‹‡)ÿ#to be passed to the completion proc°dONLNd¯€6ÁB(‰6//°dONLNd˚Ê6ÚB*//°dONLNd˛ÊNÚú)Return Value:°dONLNdÊÆÚ“)`ARAErr°dONLNdÊÚ¯)`'result code, nonzero indicates an error°dONLNd=Ò6˝B(˙6//°dONLNd@¸6B*//°dONLNdC¸N¢)Creation Date:°dONLNdR¸Æ‰)` 10/6/1992°dONLNd\6B(6//°dONLNd_6B*//°dONLNdbN¢)Modifications:°dONLNdq6)B(&6//°dONLNdt(64*M//===========================================================================°dONLNd¬T6`∞*,?extern pascal ARAErr ARAReadLockSecurityData( SecurityReference°dONLNdT∂`˛(]∂MyReference,°dONLNd_>kb(h> void°dONLNd$_∂kÚ)x * DataPtr,°dONLNd:j>v\(s> int°dONLNdCj∂vÏ)x DataSize,°dONLNdWu%Å©(~%SecurityCompletionProc°dONLNdnu∂Å)ëCompletionProc,°dONLNdâÄ>åb(â> long°dONLNdìÄ∂å")xCompletionParam );°dONLNd¶ã6ó(î6M//===========================================================================°dONLNdÙñ6¢B*//°dONLNd˜ñN¢ñ)Description:°dONLNdñÆ¢¯)`7this routine can be used to read security data and lock°dONLNd<°6≠B(™6//°dONLNdC°Æ≠)x9it to be modified. If you are planning on modifying your°dONLNd}¨6∏B(µ6//°dONLNdÑ¨Æ∏Ï)x5data and then writing it, you must call this routine.°dONLNd∫∑6√B(¿6//°dONLNd¡∑Æ√)x9It locks the data until the a ARAUnlockSecurityData call.°dONLNd˚¬6ŒB(À6//°dONLNd˛Õ6ŸB*//°dONLNdÕNŸê)Parameters:°dONLNdÕÆŸ)`MyReference°dONLNdÕŸå)`your unique reference°dONLNd1ÿ6‰B(·6//°dONLNd8ÿÆ‰ÿ)xDataPtr°dONLNdBÿ‰∞)`where the data will be read°dONLNd^„6ÔB(Ï6//°dONLNde„ÆÔﬁ)xDataSize°dONLNdo„Ô‡)`#the maximum number of bytes to read°dONLNdìÓ6˙B(˜6//°dONLNdöÓÆ˙)xCompletionProc°dONLNd©Ó˙Ê)`$this routine will be called when the°dONLNdŒ˘6B(6//°dONLNdŸ˘¬)ÿdata is read into your buffer.°dONLNd¯6B(6//°dONLNdˇÆ)xCompletionParam°dONLNd)`)additional information you can provide to°dONLNd96B(6//°dONLNdD‡)ÿ#be passed on to the CompletionProc.°dONLNdh6&B(#6//°dONLNdk%61B*//°dONLNdn%N1ú)Return Value:°dONLNd|%Æ1“)`ARAErr°dONLNdÖ%1¯)`'result code, nonzero indicates an error°dONLNd≠06<B(96//°dONLNd∞;6GB*//°dONLNd≥;NG¢)Creation Date:°dONLNd¬;ÆGÍ)` 10/29/1992°dONLNdÕF6RB(O6//°dONLNd–Q6]B*//°dONLNd”QN]¢)Modifications:°dONLNd‚\6hB(e6//°dONLNdÂg6s*M//===========================================================================°dONLNd3û6™Æ*7extern pascal ARAErr°dONLNdHûΔ™∂)ê(ARAUnlockSecurityData( SecurityReference°dONLNdqûŒ™(ßŒMyReference,°dONLNdâ©>µ¬(≤>SecurityCompletionProc°dONLNd†©Œµ()êCompletionProc,°dONLNdª¥>¿h(Ω> long°dONLNd«¥Œ¿()êCompletionParam°dONLNd◊ø6ÀB(»6);°dONLNd⁄ 6÷*M//===========================================================================°dONLNd (’6·B*//°dONLNd +’N·ñ)Description:°dONLNd 8’Æ·()`?if you have read the security data with ARAReadLockSecurityData (Ú$*Copyright © 1992, 1993 Apple Computer Inc.(Ú637ˇ∫dˇˇˇˇˇd d, Helvetica .ˇ+$,ARA Add-on Security Interface(,Version 1.0, Courier °dONLNd66BB(?6//°dONLNd6ÆB )x:you must call this routine to unlock the data. After this°dONLNdBA6MB(J6//°dONLNdIAÆM∂)x,call others can then lock the security data.°dONLNdvL6XB(U6//°dONLNdyW6cB*//°dONLNd|WNcê)Parameters:°dONLNdâWÆc)`MyReference°dONLNdñWcå)`your unique reference°dONLNd¨b6nB(k6//°dONLNd≥bÆn)xCompletionProc°dONLNd¬bn.)`0this routine is called when the data is unlocked°dONLNdÛm6yB(v6//°dONLNd˙mÆy)xCompletionParam°dONLNd my)`+additiona information you can provide to be°dONLNd6x6ÑB(Å6//°dONLNdAxÑ∂)ÿpassed to the CompletionProc°dONLNd^É6èB(å6//°dONLNdaé6öB*//°dONLNddéNöú)Return Value:°dONLNdréÆö“)`ARAErr°dONLNd{éö¯)`'result code, nonzero indicates an error°dONLNd£ô6•B(¢6//°dONLNd¶§6∞B*//°dONLNd©§N∞¢)Creation Date:°dONLNd∏§Æ∞Í)` 10/29/1992°dONLNd√Ø6ªB(∏6//°dONLNdΔ∫6ΔB*//°dONLNd…∫NΔ¢)Modifications:°dONLNdÿ≈6—B(Œ6//°dONLNd€–6‹*M//===========================================================================°dONLNd)¸6û*,<extern pascal ARAErr ARAWriteSecurityData( SecurityReference°dONLNdf¸∂˛(∂MyReference,°dONLNd}%O(% void°dONLNdâ∂Ú)ë * DataPtr,°dONLNdû%I(% int°dONLNd©∂Ï)ë DataSize,°dONLNdº)(&) SecurityCompletionProc CompletionProc,°dONLNd(%4O+ long°dONLNd˚(ù4 )xCompletionParam );°dONLNd36?(<6M//===========================================================================°dONLNd\>6JB*//°dONLNd_>NJñ)Description:°dONLNdl>ÆJ¯)`7this routine can be used by the module to write private°dONLNd§I6UB(R6//°dONLNd´IÆU )x:data which is either associated with a user (on the server°dONLNdÊT6`B(]6//°dONLNdÌTÆ`∂)x,side), or a connection (on the client side).°dONLNd_6kB(h6//°dONLNdj6vB*//°dONLNd jNvê)Parameters:°dONLNd-jÆv)`MyReference°dONLNd:jvå)`your unique reference°dONLNdPu6ÅB(~6//°dONLNdWuÆÅÿ)xDataPtr°dONLNdauÅ™)`the data to be written out°dONLNd|Ä6åB(â6//°dONLNdÉÄÆåﬁ)xDataSize°dONLNdçÄå»)`the amount of data to write out°dONLNd≠ã6óB(î6//°dONLNd¥ãÆó)xCompletionProc°dONLNd√ãóÏ)`%this routine is called when AppleTalk°dONLNdÈñ6¢B(ü6//°dONLNdÙñ¢Ï)ÿ%Remote Access has completed the write°dONLNd°6≠B(™6//°dONLNd%°≠D)ÿ operation°dONLNd/¨6∏B(µ6//°dONLNd6¨Æ∏)xCompletionParam°dONLNdF¨∏Ú)`&additional information you can provide°dONLNdm∑6√B(¿6//°dONLNdx∑√Ú)ÿ&which is passed to the completion proc°dONLNdü¬6ŒB(À6//°dONLNd¢Õ6ŸB*//°dONLNd•ÕNŸú)Return Value:°dONLNd≥ÕÆŸ“)`ARAErr°dONLNdºÕŸ¯)`'result code, nonzero indicates an error°dONLNd‰ÿ6‰B(·6//°dONLNdÁ„6ÔB*//°dONLNdÍ„NÔ¢)Creation Date:°dONLNd˘„ÆÔ‰)` 10/6/1992°dONLNdÓ6˙B(˜6//°dONLNd˘6B*//°dONLNd ˘N¢)Modifications:°dONLNd6B(6//°dONLNd6*M//===========================================================================°dONLNdi;6GÆ*,extern pascal ARAErr°dONLNd~;ΔGå)ê!ARAGetUserInfo( SecurityReference°dONLNd†;ùGÂ)◊MyReference,°dONLNd∑F%R=(O%void°dONLNdøFùRŸ)x * DataPtr,°dONLNd‘Q%]7(Z%int°dONLNd‹Qù]”)x DataSize,°dONLNdÔ\hí(eSecurityCompletionProc°dONLNd\ùh˜)èCompletionProc,°dONLNd g%s=(p%long°dONLNd(gùs )xCompletionParam );°dONLNd;r6~({6M//===========================================================================°dONLNdâ}6âB*//°dONLNdå}Nâñ)Description:°dONLNdô}Æâ¯)`7this routine can be called to get information about the°dONLNd—à6îB(ë6//°dONLNdÿàÆî¯)x7the user, such as user name etc. It is an asynchronous°dONLNdì6üB(ú6//°dONLNdìÆüÃ)xcall.°dONLNdû6™B(ß6//°dONLNd ©6µB*//°dONLNd#©Nµê)Parameters:°dONLNd0©Æµ)`MyReference°dONLNd=©µ™)`your unique code reference°dONLNdX¥6¿B(Ω6//°dONLNd_¥Æ¿ÿ)xDataPtr°dONLNdi¥¿˛)`(pointer to where the user's name (Pascal°dONLNdíø6ÀB(»6//°dONLNdùøÀí)ÿstring) will be stored°dONLNd¥ 6÷B(”6//°dONLNdª Æ÷ﬁ)xDataSize°dONLNd≈ ÷»)`maximum number of bytes to read°dONLNdÂ’6·B(ﬁ6//°dONLNdÏ’Æ·)xCompletionProc°dONLNd˚’·)`)this routine will be called when the call (Ú$*Copyright © 1992, 1993 Apple Computer Inc.(Ú638ˇdˇˇˇˇˇd d, Helvetica .ˇ+$,ARA Add-on Security Interface(,Version 1.0, Courier °dONLNd66BB(?6//°dONLNd6B\)ÿhas completed°dONLNdA6MB(J6//°dONLNd AÆM)xCompletionParam°dONLNd0AMÚ)`&additional information to be passed to°dONLNdWL6XB(U6//°dONLNdbLXz)ÿthe CompletionProc°dONLNduW6cB(`6//°dONLNdxb6nB*//°dONLNd{bNnú)Return Value:°dONLNdâbÆn“)`ARAErr°dONLNdíbn¯)`'result code, nonzero indicates an error°dONLNd∫m6yB(v6//°dONLNdΩx6ÑB*//°dONLNd¿xNÑ¢)Creation Date:°dONLNdœxÆÑ‰)` 10/6/1992°dONLNdŸÉ6èB(å6//°dONLNd‹é6öB*//°dONLNdﬂéNö¢)Modifications:°dONLNdÓô6•B(¢6//°dONLNdÒ§6∞*M//===========================================================================°dONLNd?€6Á¢*7extern pascal long°dONLNdR€ÆÁå)x%ARAGetMySessionRef( SecurityReference°dONLNdx€ùÁÒ)ÔMyReference );°dONLNdáÊ6Ú(Ô6M//===========================================================================°dONLNd’Ò6˝B*//°dONLNdÿÒN˝ñ)Description:°dONLNdÂÒÆ˝)`9You can call this routine to obtain the session reference°dONLNd¸6B(6//°dONLNd&¸Æ¯)x7for the connection for which your code is loaded. This°dONLNd^6B(6//°dONLNdeÆ)x9value is unique and stays the same during the connection.°dONLNdü6B(6//°dONLNd¶Æ)x9If you have a security module which has both a line-level°dONLNd‡6)B(&6//°dONLNdÁÆ)Ï)x5and a protocol-level authentication, you can use this°dONLNd(64B(16//°dONLNd$(Æ4Ê)x4unique reference as a key to communicate between the°dONLNdY36?B(<6//°dONLNd`3Æ?)xcode resources.°dONLNdp>6JB(G6//°dONLNdsI6UB*//°dONLNdvINUê)Parameters:°dONLNdÉIÆU)`MyReference°dONLNdêIUÊ)`$this is your code's unique reference°dONLNdµT6`B(]6//°dONLNd∏_6kB*//°dONLNdª_Nkú)Return Value:°dONLNd…_ÆkΔ)`long°dONLNd–_k )`*the session reference, NULL if there is an°dONLNd˚j6vB(s6//°dONLNdjv,)ÿerror°dONLNdu6ÅB(~6//°dONLNdÄ6åB*//°dONLNdÄNå¢)Creation Date:°dONLNd!ÄÆåÍ)` 10/29/1992°dONLNd,ã6óB(î6//°dONLNd/ñ6¢B*//°dONLNd2ñN¢¢)Modifications:°dONLNdA°6≠B(™6//°dONLNdD¨6∏*M//===========================================================================°dONLNdí„6ÔÆ*7extern pascal ARAErr°dONLNdß„ΔÔz)êARATickleMe( SecurityReference°dONLNd«„ùÔÂ)◊MyReference,°dONLNd›Ó˙,(˜ long°dONLNdÁÓù˙Ò)èTickleParam );°dONLNdˆ˘6(6M//===========================================================================°dONLNdD6B*//°dONLNdGNñ)Description:°dONLNdTÆ˛)`8this routine can be used to have AppleTalk Remote Access°dONLNdç6B(6//°dONLNdîÆÏ)x5call your entry routine with a kSecurityTickleAction.°dONLNd 6&B(#6//°dONLNd—Æ&Ú)x6You can also provide some additional information which°dONLNd%61B(.6//°dONLNd%Æ1h)xis passed to the entry routine.°dONLNd/06<B(96//°dONLNd2;6GB*//°dONLNd5;NGê)Parameters:°dONLNdB;ÆG)`MyReference°dONLNdO;Gå)`your unique reference°dONLNdeF6RB(O6//°dONLNdlFÆR)xTickleParam°dONLNdyFRÚ)`&additional information you can provide°dONLNd†Q6]B(Z6//°dONLNd´Q]‘)ÿ!which is passed to the entry proc°dONLNdÕ\6hB(e6//°dONLNd–g6sB*//°dONLNd”gNsú)Return Value:°dONLNd·gÆs“)`ARAErr°dONLNdÍgs¯)`'result code, nonzero indicates an error°dONLNdr6~B({6//°dONLNd}6âB*//°dONLNd}Nâ¢)Creation Date:°dONLNd'}Æâ‰)` 10/6/1992°dONLNd1à6îB(ë6//°dONLNd4ì6üB*//°dONLNd7ìNü¢)Modifications:°dONLNdFû6™B(ß6//°dONLNdI©6µ*M//===========================================================================°dONLNdó’6·§*,=extern pascal ARAErr ARACompleteOperation( SecurityReference °dONLNd’’∂· (ﬁ∂MyReference ); (Ú$*Copyright © 1992, 1993 Apple Computer Inc.(Ú639ˇdˇˇˇˇˇd d, Helvetica .ˇ+$,ARA Add-on Security Interface(,Version 1.0, Courier °dONLNd66B(?6M//===========================================================================°dONLNdNA6MB*//°dONLNdQANMñ)Description:°dONLNd^AÆMÏ)`5this routine can be called to terminate an operation.°dONLNdîL6XB(U6//°dONLNdõLÆXÊ)x4It causes ARA to send a kSecurityEnd action. During°dONLNd–W6cB(`6//°dONLNd◊WÆcÊ)x4configuration for example the code resource can call°dONLNdb6nB(k6//°dONLNdbÆn»)x/this routine to indicate that configuration has°dONLNdCm6yB(v6//°dONLNdJmÆyÍ)x completed.°dONLNdUx6ÑB(Å6//°dONLNdXÉ6èB*//°dONLNd[ÉNèê)Parameters:°dONLNdhÉÆè)`MyReference°dONLNduÉèå)`your unique reference°dONLNdãé6öB(ó6//°dONLNdéô6•B*//°dONLNdëôN•ú)Return Value:°dONLNdüôÆ•“)`ARAErr°dONLNd®ô•¯)`'result code, nonzero indicates an error°dONLNd–§6∞B(≠6//°dONLNd”Ø6ªB*//°dONLNd÷ØNª¢)Creation Date:°dONLNdÂØÆª‰)` 10/6/1992°dONLNdÔ∫6ΔB(√6//°dONLNdÚ≈6—B*//°dONLNdı≈N—¢)Modifications:°dONLNd–6‹B(Ÿ6//°dONLNd€6Á*M//===========================================================================°dONLNdU6¢*,#ifdef __cplusplus°dONLNdh6<*}°dONLNdj6)Z*#endif°dONLNdq>6Jﬁ*!#endif // SECURITY_INTERFACE (Ú$*Copyright © 1992, 1993 Apple Computer Inc.(Ú640ˇ≤dˇˇˇˇˇd d, Helvetica .ˇ+$,ARA Add-on Security Interface(,Version 1.0,Palatino°dONLNdN6^(Z6"Appendix B: Security Module Shell ^4^/, Courier °dONLNd#c6o*P//234567890123456789012345678901234567890123456789012345678901234567890123456789°dONLNdtn6z*M//===========================================================================°dONLNd¬y6ÖB*//°dONLNd≈yNÖl)File:°dONLNdÀy~Öÿ)0SecurityShell.c°dONLNd€Ñ6êB(ç6//°dONLNdﬁè6õB*//°dONLNd·èNõŒ)@This file contains a shell for add-on security modules for Apple°dONLNd"ö6¶B(£6//°dONLNd%öN¶¬)>Remote Access. This code can be duplicated to write an add-on°dONLNdd•6±B(Æ6//°dONLNdg•N±Ã)security code module.°dONLNd}∞6ºB(π6//°dONLNdÄª6«B*//°dONLNdÉªN«L)*Copyright © 1992, 1993 Apple Computer Inc.°dONLNdÆΔ6“B(œ6//°dONLNd±ΔN“¿)All rights reserved°dONLNd≈—6›B(⁄6//°dONLNd»‹6ËB*//°dONLNdÀ‹NË“)Author: Farzad Sarabi°dONLNd‚Á6ÛB(6//°dONLNdÂÚ6˛B*//°dONLNdËÚN˛Ã)Modification history:°dONLNd˛˝6 B(6//°dONLNd6B*//°dONLNdNÑ) 5/10/1993°dONLNdòº)JFarzad°dONLNdﬁ)F1A little cleanup, and added a completion routine.°dONLNdH6B(6//°dONLNdQﬁJ)®Some more comments°dONLNdd6*B('6//°dONLNdgN*Ñ) 10/6/1992°dONLNdqò*º)JFarzad°dONLNdyﬁ*)FCreated°dONLNdÅ)65(26M//===========================================================================°dONLNdœU6af*,#include°dONLNdÿU~a¸)H"SecurityInterface.h"°dONLNdÓv6Ç(6&// #define SecurityShellVersion 0x0100°dONLNdó6£*!M//===========================================================================°dONLNdc¢6ÆB*//°dONLNdf¢NÆΔ)Example of Your Code°dONLNd{≠6π(∂6M//===========================================================================°dONLNd…√6œ∫*// function prototypes°dONLNd‡Œ6⁄x*static long°dONLNdÌŒò⁄L)bDoMyStartup( SecurityReference°dONLNdŒU⁄ù)ΩMyReference,°dONLNd ŸﬁÂ¸(‚ﬁ long°dONLNd)ŸUÂù)wLongParam );°dONLNd6‰6x(Ì6static long°dONLNdC‰òR)bDoMyShutdown( SecurityReference°dONLNdd‰ÖÕ)ÌMyReference,°dONLNdxÔﬁ˚(¯ﬁ long°dONLNdÉÔn˚∂)êLongParam );°dONLNdê˙6x(6static long°dONLNdù˙ò@)bDoMyBegin( SecurityReference°dONLNd∫˙Uù)ΩMyReference,°dONLNdÕΔ(Δ long°dONLNdŸUù)èLongParam );°dONLNdÊ6x(6static long°dONLNdÛò4)bDoMyEnd( SecurityReference°dONLNd>Ü)¶MyReference,°dONLNd!Δ'‰($Δ long°dONLNd*>'Ü)xLongParam );°dONLNd7&62x(/6static long°dONLNdD&ò2d)b"DoMyDataHandler( SecurityReference°dONLNdg&n2∂)÷MyReference,°dONLNd|1ˆ=(:ˆ long°dONLNdÖ1n=∂)xLongParam );°dONLNdí<6Hx(E6static long°dONLNdü<òHj)b#DoMyAbortHandler( SecurityReference°dONLNdƒ<ùHÂ(EùMyReference,°dONLNdŸGˆS(Pˆ long°dONLNd‰GÖSÕ)èLongParam );°dONLNdÒR6^x([6static long°dONLNd˛Rò^p)b$DoMyTickleHandler( SecurityReference°dONLNd#RÖ^Õ)ÌMyReference,°dONLNd8]ˆi (fˆ long°dONLNdD]ÖiÕ)èLongParam );°dONLNdQh6tx(q6pascal void°dONLNd^hòtj)b#MyCompletionProc( SecurityReference°dONLNdÉhùtÂ(qùMyReference,°dONLNdòsˆ(|ˆ int°dONLNd¢sÖ«)èResultCode,°dONLNd∂~ˆä(áˆ void°dONLNd¡~Öä¡)è * DataPtr,°dONLNd‘âˆï(íˆ int°dONLNdﬁâÖïª)è DataSize,°dONLNdîˆ†(ùˆ long°dONLNd˚îÖ†Ò)èCompletionParam );°dONLNdÀ6◊¯(‘6K// the following is a shell for your code. It shows how your entry routine°dONLNdZ÷6‚‡*G// should be structured. Empty supporting routines for the actions are (Ú$*Copyright © 1992, 1993 Apple Computer Inc.(Ú641ˇ$dˇˇˇˇˇd d, Helvetica .ˇ+$,ARA Add-on Security Interface(,Version 1.0, Courier °dONLNd66B~(?6// provided.°dONLNdW6cx*!// WARNING:°dONLNdb6nB*//°dONLNdbgn·)1?Don't change the name of this routine. We may change it in the°dONLNd]m6yB(v6//°dONLNdamgyô)13future. This is the routine ARA expects and calls.°dONLNdïÉ6èx(å6pascal long°dONLNd¢Éòèp)b$MySecurityProcEntry( SecurityActions°dONLNd»Éùè«(åùAction,°dONLNdŸéöz(ó SecurityReference°dONLNdÌéùöÂ)èMyReference,°dONLNdô•,(¢ long°dONLNdôù•ﬂ)èLongParam )°dONLNd§6∞(≠6M//===========================================================================°dONLNdgØ6ªB*//°dONLNdjØNªñ)Description:°dONLNdwØÆª¯)`7this is the entry point for the ??? security operation.°dONLNdØ∫6ΔB(√6//°dONLNd∂∫ÆΔÊ)x4It is called by AppleTalk Remote Access to have this°dONLNdÎ≈6—B(Œ6//°dONLNdÚ≈Æ—Œ)x0security module perform the given operation. It°dONLNd#–6‹B(Ÿ6//°dONLNd*–Æ‹Œ)x0dispatches to a variety of routines based on the°dONLNd[€6ÁB(‰6//°dONLNdb€ÆÁ)xrequested action.°dONLNdtÊ6ÚB(Ô6//°dONLNdwÒ6˝B*//°dONLNdzÒN˝ê)Parameters:°dONLNdáÒÆ˝“)`Action°dONLNdëÒ%˝¡)wthe action to be performed°dONLNd¨¸6B(6//°dONLNd≥¸Æ)xMyReference°dONLNd¡¸%˜)w#this is a unique value representing°dONLNdÂ6B(6//°dONLNdÒ%Ò)Ô"this instance of this code module.°dONLNd6B(6//°dONLNdÆÿ)xDataPtr°dONLNd&%µ)wthe data for this action°dONLNd?6)B(&6//°dONLNdFÆ)ﬁ)xDataSize°dONLNdQ%)Ö)wthe size of data°dONLNdb(64B(16//°dONLNde36?B*//°dONLNdh3N?ú)Return Value:°dONLNdv3Æ?Δ)`long°dONLNd~3%?Î)w!result code, nonzero indicates an°dONLNd†>6JB(G6//°dONLNd¨>%Jﬂ)Ôerror. Its value is one of the°dONLNdÃI6UB(R6//°dONLNdÿI%Uù)ÔSecurityResultCodes.°dONLNdÌT6`B(]6//°dONLNd_6kB*//°dONLNdÛ_Nk¢)Creation Date:°dONLNdj6vB(s6//°dONLNdu6ÅB*//°dONLNduNÅ¢)Modifications:°dONLNdÄ6åB(â6//°dONLNdã6ó*M//===========================================================================°dONLNdhñ6¢<*{°dONLNdk°N≠¥+switch ( Action )°dONLNd}°Δ≠Ã)x{°dONLNdÄ∑N√r(¿N case°dONLNdá∑~√‰)0kSecurityStartup:°dONLNdõ¬gŒu(Àg-return DoMyStartup( MyReference, LongParam );°dONLNd „NÔr(ÏN case°dONLNd—„~ÔÍ)0kSecurityShutdown:°dONLNdÂÓN˙Z(˜N °dONLNdËÓg˙{).return DoMyShutdown( MyReference, LongParam );°dONLNdNr(N case°dONLNd~ÿ)0kSecurityBegin:°dONLNd0N&Z(#N °dONLNd3g&i)+return DoMyBegin( MyReference, LongParam );°dONLNd`;NGr(DN case°dONLNdg;~GÃ)0kSecurityEnd:°dONLNdvFNRZ(ON °dONLNdyFgR]))return DoMyEnd( MyReference, LongParam );°dONLNd§gNsr(pN case°dONLNd´g~s)0kSecurityDataAvailable:°dONLNd≈rg~ç({g1return DoMyDataHandler( MyReference, LongParam );°dONLNd¯ìNür(úN case°dONLNdˇì~üÿ)0kSecurityAbort:°dONLNdûg™ì(ßg2return DoMyAbortHandler( MyReference, LongParam );°dONLNdEøNÀr(»N case°dONLNdLø~À)0kSecurityTickleAction:°dONLNdd N÷Z(”N °dONLNdg g÷ô)3return DoMyTickleHandler( MyReference, LongParam ); (Ú$*Copyright © 1992, 1993 Apple Computer Inc.(Ú642ˇdˇˇˇˇˇd d, Helvetica .ˇ+$,ARA Add-on Security Interface(,Version 1.0, Courier °dONLNd6NBT(?N}°dONLNdLNX2*&return ( kSecurityUnsupportedAction );°dONLNd*W6c<(`6}°dONLNd,é6öx*7static long°dONLNd9éòöL)bDoMyStartup( SecurityReference°dONLNdXéUöù)ΩMyReference,°dONLNdlôﬁ•¸(¢ﬁ long°dONLNduôU•ó)wLongParam )°dONLNdÅ§6∞(≠6M//===========================================================================°dONLNdœØ6ªB*//°dONLNd“ØNªñ)Description:°dONLNdﬂØÆªÚ)`6this routine handles the kSecurityStartup action. You°dONLNd∫6ΔB(√6//°dONLNd∫ÆΔŒ)x0should allocate any memory and setup the working°dONLNdN≈6—B(Œ6//°dONLNdU≈Æ—t)x!environment (e.g. A5 world) here.°dONLNdw–6‹B(Ÿ6//°dONLNdz€6ÁB*//°dONLNd}€NÁê)Parameters:°dONLNdä€ÆÁ)`MyReference°dONLNdó€ÁÄ)`My unique reference°dONLNd´Ê6ÚB(Ô6//°dONLNd≤ÊÆÚ‰)x LongParam°dONLNdΩÊÚí)`additional information°dONLNd‘Ò6˝B(˙6//°dONLNd◊¸6B*//°dONLNd⁄¸Nú)Return Value:°dONLNdË¸ÆΔ)`long°dONLNdÔ¸Ê)`$result code, nonzero indicates error°dONLNd6B(6//°dONLNd6B*//°dONLNdN¢)Creation Date:°dONLNd)6)B(&6//°dONLNd,(64B*//°dONLNd/(N4¢)Modifications:°dONLNd>36?B(<6//°dONLNdA>6J*M//===========================================================================°dONLNdèI6U<*{°dONLNdëT6`ÿ*#pragma unused(MyReference)°dONLNd≠_6kÃ*#pragma unused(LongParam)°dONLNd»uNÅÊ+D// this routine is called when the module has just been loaded. You°dONLNdÄNåÏ*E// can preallocate any memory you need. You are not yet starting any°dONLNdUãNóÜ*4// to do what this code resource is responsible for.°dONLNdã°N≠ò*7// You can allocate and release memory in this routine.°dONLNdƒ∑N√Í*return ( kSecurityNoErr );°dONLNdﬂ¬6Œ<(À6}°dONLNd·Ó6˙x*,static long°dONLNdÓÓò˙R)bDoMyShutdown( SecurityReference°dONLNdÓÖ˙Õ)ÌMyReference,°dONLNd#˘ﬁ(ﬁ long°dONLNd.˘n∞)êLongParam )°dONLNd:6(6M//===========================================================================°dONLNdà6B*//°dONLNdãNñ)Description:°dONLNdòÆ¯)`7this routine handles the kSecurityShutdown action. You°dONLNd–6&B(#6//°dONLNd◊Æ&Ú)x6should release any memory allocated by the DoMyStartup°dONLNd%61B(.6//°dONLNd%Æ1ﬁ)xroutine.°dONLNd06<B(96//°dONLNd!;6GB*//°dONLNd$;NGê)Parameters:°dONLNd1;ÆG)`MyReference°dONLNd>;GÄ)`My unique reference°dONLNdRF6RB(O6//°dONLNdYFÆR‰)x LongParam°dONLNddFRí)`additional information°dONLNd{Q6]B(Z6//°dONLNd~\6hB*//°dONLNdÅ\Nhú)Return Value:°dONLNdè\ÆhΔ)`long°dONLNdñ\hÊ)`$result code, nonzero indicates error°dONLNdªg6sB(p6//°dONLNdær6~B*//°dONLNd¡rN~¢)Creation Date:°dONLNd–}6âB(Ü6//°dONLNd”à6îB*//°dONLNd÷àNî¢)Modifications:°dONLNdÂì6üB(ú6//°dONLNdËû6™*M//===========================================================================°dONLNd6©6µ<*{°dONLNd8¥6¿ÿ*#pragma unused(MyReference)°dONLNdTø6ÀÃ*#pragma unused(LongParam)°dONLNdo’N·Ê+D// this is the last routine that is called before your code resource (Ú$*Copyright © 1992, 1993 Apple Computer Inc.(Ú643ˇ⁄dˇˇˇˇˇd d, Helvetica .ˇ+$,ARA Add-on Security Interface(,Version 1.0, Courier °dONLNd6NB¯(?NG// is released. Just do any cleanup you need to perform. ARA services°dONLNdIANM*// are no longer available.°dONLNdfWNcò*7// You can allocate and release memory in this routine.°dONLNdümNyÍ*return ( kSecurityNoErr );°dONLNd∫x6Ñ<(Å6}°dONLNdº§6∞x*,static long°dONLNd…§ò∞@)bDoMyBegin( SecurityReference°dONLNdÊ§U∞ù)ΩMyReference,°dONLNd˘ØΔª(∏Δ long°dONLNdØUªó)èLongParam )°dONLNd∫6Δ(√6M//===========================================================================°dONLNd_≈6—B*//°dONLNdb≈N—ñ)Description:°dONLNdo≈Æ—Ï)`5this routine handles the kSecurityBeing action. This°dONLNd•–6‹B(Ÿ6//°dONLNd¨–Æ‹Ï)x5routine should start the operations the code resource°dONLNd‚€6ÁB(‰6//°dONLNdÈ€ÆÁÏ)x5must do. For example an authentication code resource°dONLNdÊ6ÚB(Ô6//°dONLNd&ÊÆÚû)x(should start the authentication process.°dONLNdOÒ6˝B(˙6//°dONLNdR¸6B*//°dONLNdU¸Nê)Parameters:°dONLNdb¸Æ)`MyReference°dONLNdo¸Ä)`My unique reference°dONLNdÉ6B(6//°dONLNdäÆ‰)x LongParam°dONLNdïí)`additional information°dONLNd¨6B(6//°dONLNdØ6)B*//°dONLNd≤N)ú)Return Value:°dONLNd¿Æ)Δ)`long°dONLNd«)Ê)`$result code, nonzero indicates error°dONLNdÏ(64B(16//°dONLNdÔ36?B*//°dONLNdÚ3N?¢)Creation Date:°dONLNd>6JB(G6//°dONLNdI6UB*//°dONLNdINU¢)Modifications:°dONLNdT6`B(]6//°dONLNd_6k*M//===========================================================================°dONLNdgj6v<*{°dONLNdiu6Åÿ*#pragma unused(MyReference)°dONLNdÖÄ6åÃ*#pragma unused(LongParam)°dONLNd†ñN¢‡+C// This routine is called to actually start the code resource to do°dONLNdÂ°N≠‡*C// what it's responsible for. E.g. an authentication code resource°dONLNd*¨N∏‡*C// should start the authentication process. A configuration module°dONLNdo∑N√,*%// can start displaying a dialog etc.°dONLNdñÕNŸò*7// You can allocate and release memory in this routine.°dONLNdœ„NÔÍ*return ( kSecurityNoErr );°dONLNdÍÓ6˙<(˜6}°dONLNdÏ6&x*,static long°dONLNd˘ò&4)bDoMyEnd( SecurityReference°dONLNd>&Ü)¶MyReference,°dONLNd'%Δ1‰(.Δ long°dONLNd0%>1Ä)xLongParam )°dONLNd<06<(96M//===========================================================================°dONLNdä;6GB*//°dONLNdç;NGñ)Description:°dONLNdö;ÆG)`9this routine handles the kSecurityEnd action. The action°dONLNd‘F6RB(O6//°dONLNd€FÆR‡)x3is sent to signal the end of the operation the code°dONLNdQ6]B(Z6//°dONLNdQÆ]P)xresource was created to do.°dONLNd2\6hB(e6//°dONLNd5g6sB*//°dONLNd8gNsê)Parameters:°dONLNdEgÆs)`MyReference°dONLNdRgsÄ)`My unique reference°dONLNdfr6~B({6//°dONLNdmrÆ~‰)x LongParam°dONLNdxr~í)`additional information°dONLNdè}6âB(Ü6//°dONLNdíà6îB*//°dONLNdïàNîú)Return Value:°dONLNd£àÆîΔ)`long°dONLNd™àîÊ)`$result code, nonzero indicates error°dONLNdœì6üB(ú6//°dONLNd“û6™B*//°dONLNd’ûN™¢)Creation Date:°dONLNd‰©6µB(≤6//°dONLNdÁ¥6¿B*//°dONLNdÍ¥N¿¢)Modifications:°dONLNd˘ø6ÀB(»6//°dONLNd¸ 6÷*M//===========================================================================°dONLNdJ’6·<*{ (Ú$*Copyright © 1992, 1993 Apple Computer Inc.(Ú644ˇ¯dˇˇˇˇˇd d, Helvetica .ˇ+$,ARA Add-on Security Interface(,Version 1.0, Courier °dONLNd66Bÿ(?6#pragma unused(MyReference)°dONLNdA6MÃ*#pragma unused(LongParam)°dONLNd7WNcÊ+D// This routine is called when the code resource is finished. It is°dONLNd}bNnÊ*D// called as a result of you calling ARAAllowUser, ARADontAllowUser,°dONLNd√mNyŒ*@// ARACompleteOperation, or after ARA aborts your code resource.°dONLNdxNÑÊ*D// You could for example cleanup any outstanding asynch calls to the°dONLNdKÉNèt*1// Mac OS. ARA services are no longer available.°dONLNd~ôN•ò*7// You can allocate and release memory in this routine.°dONLNd∑ØNªÍ*return ( kSecurityNoErr );°dONLNd“∫6Δ<(√6}°dONLNd‘Ê6Úx*,static long°dONLNd·ÊòÚd)b"DoMyDataHandler( SecurityReference°dONLNdÊnÚ∂)÷MyReference,°dONLNdÒˆ˝(˙ˆ long°dONLNd"Òn˝∞)xLongParam )°dONLNd.¸6(6M//===========================================================================°dONLNd|6B*//°dONLNdNñ)Description:°dONLNdåÆ¯)`7this routine handles the kSecurityDataAvailable action.°dONLNdƒ6B(6//°dONLNdÀÆÏ)x5The action is sent when data has arrived for the code°dONLNd6)B(&6//°dONLNdÆ)‰)x resource.°dONLNd(64B(16//°dONLNd36?B*//°dONLNd3N?ê)Parameters:°dONLNd%3Æ?)`MyReference°dONLNd23?Ä)`My unique reference°dONLNdF>6JB(G6//°dONLNdM>ÆJ‰)x LongParam°dONLNdX>Jí)`additional information°dONLNdoI6UB(R6//°dONLNdrT6`B*//°dONLNduTN`ú)Return Value:°dONLNdÉTÆ`Δ)`long°dONLNdäT`Ê)`$result code, nonzero indicates error°dONLNdØ_6kB(h6//°dONLNd≤j6vB*//°dONLNdµjNv¢)Creation Date:°dONLNdƒu6ÅB(~6//°dONLNd«Ä6åB*//°dONLNd ÄNå¢)Modifications:°dONLNdŸã6óB(î6//°dONLNd‹ñ6¢*M//===========================================================================°dONLNd*°6≠<*{°dONLNd,¨6∏ÿ*#pragma unused(MyReference)°dONLNdH∑6√Ã*#pragma unused(LongParam)°dONLNdcÕNŸ¯+G// This routine is not used in this release of the ARA Add-on Security.°dONLNd¨ÿN‰Ú*F// In future releases we may use this to indicate data being available°dONLNdÙ„NÔ‡*C// for you. ARA may in the future send events to a modeless dialog°dONLNd9ÓN˙8*'// box using the DataAvailable message.°dONLNdbNò*7// You can allocate and release memory in this routine.°dONLNdõN&Í*return ( kSecurityNoErr );°dONLNd∂%61<(.6}°dONLNd∏Q6]x*,static long°dONLNd≈Qò]j)b#DoMyAbortHandler( SecurityReference°dONLNdÍQù]Â(ZùMyReference,°dONLNdˇ\ˆh(eˆ long°dONLNd \Öh«)èLongParam )°dONLNdg6s(p6M//===========================================================================°dONLNddr6~B*//°dONLNdgrN~ñ)Description:°dONLNdtrÆ~Ê)`4this routine handles the kSecurityAbort action. The°dONLNd©}6âB(Ü6//°dONLNd∞}ÆâÚ)x6abort action is sent when the code resources operation°dONLNdÁà6îB(ë6//°dONLNdÓàÆîz)x"needs to be terminated abnormally.°dONLNdì6üB(ú6//°dONLNdû6™B*//°dONLNdûN™ê)Parameters:°dONLNd$ûÆ™)`MyReference°dONLNd1û™Ä)`My unique reference°dONLNdE©6µB(≤6//°dONLNdL©Æµ‰)x LongParam°dONLNdW©µí)`additional information°dONLNdn¥6¿B(Ω6//°dONLNdqø6ÀB*//°dONLNdtøNÀú)Return Value:°dONLNdÇøÆÀΔ)`long°dONLNdâøÀÊ)`$result code, nonzero indicates error°dONLNdÆ 6÷B(”6//°dONLNd±’6·B*//°dONLNd¥’N·¢)Creation Date: (Ú$*Copyright © 1992, 1993 Apple Computer Inc.(Ú645ˇ‹dˇˇˇˇˇd d, Helvetica .ˇ+$,ARA Add-on Security Interface(,Version 1.0, Courier °dONLNd66BB(?6//°dONLNdA6MB*//°dONLNdANM¢)Modifications:°dONLNdL6XB(U6//°dONLNdW6c*M//===========================================================================°dONLNdfb6n<*{°dONLNdhm6y‘*E// you can remove the unused pragma for any of the parameters you use°dONLNdÆx6Ñÿ*#pragma unused(MyReference)°dONLNd É6èÃ*#pragma unused(LongParam)°dONLNdÂôN•⁄+B// This routine is called when the code resource is being aborted.°dONLNd)§N∞Ï*E// You should not make any more calls to ARA services, and you should°dONLNdpØNª‡*C// start your abort process. You will receive the End and Shutdown°dONLNdµ∫NΔ* // actions a little while later.°dONLNd◊–N‹ò*7// You can allocate and release memory in this routine.°dONLNdÊNÚÍ*return ( kSecurityNoErr );°dONLNd+Ò6˝<(˙6}°dONLNd-6)x*,static long°dONLNd:ò)p)b$DoMyTickleHandler( SecurityReference°dONLNd_Ö)Õ)ÌMyReference,°dONLNdt(ˆ4 (1ˆ long°dONLNdÄ(Ö4«)èLongParam )°dONLNdå36?(<6M//===========================================================================°dONLNd⁄>6JB*//°dONLNd›>NJñ)Description:°dONLNdÍ>ÆJÏ)`5this routine handles the kSecurityTickle action. ARA°dONLNd I6UB(R6//°dONLNd'IÆU‡)x3sends this action periodically. The action is also°dONLNd[T6`B(]6//°dONLNdbTÆ`¯)x7generated as a result of a call to ARATickleMe routine.°dONLNdö_6kB(h6//°dONLNd¢j6vB*//°dONLNd•u6ÅB*//°dONLNd®uNÅê)Parameters:°dONLNdµuÆÅ)`MyReference°dONLNd¬uÅÄ)`My unique reference°dONLNd÷Ä6åB(â6//°dONLNd›ÄÆå‰)x LongParam°dONLNdËÄåÊ)`$When ARA calls this value will be 0,°dONLNdã6óB(î6//°dONLNdãó‡)ÿ#otherwise it is the value passed to°dONLNd<ñ6¢B(ü6//°dONLNdGñ¢û)ÿthe ARATickleMe routine.°dONLNd`°6≠B(™6//°dONLNdc¨6∏B*//°dONLNdf¨N∏ú)Return Value:°dONLNdt¨Æ∏Δ)`long°dONLNd{¨∏Ê)`$result code, nonzero indicates error°dONLNd†∑6√B(¿6//°dONLNd£¬6ŒB*//°dONLNd¶¬NŒ¢)Creation Date:°dONLNdµÕ6ŸB(÷6//°dONLNd∏ÿ6‰B*//°dONLNdªÿN‰¢)Modifications:°dONLNd „6ÔB(Ï6//°dONLNdÕÓ6˙*M//===========================================================================°dONLNd˘6<*{°dONLNd6‘*E// you can remove the unused pragma for any of the parameters you use°dONLNdc6ÿ*#pragma unused(MyReference)°dONLNd6&Ã*#pragma unused(LongParam)°dONLNdö0N<Ï+E// ARA calls this routine periodically. You can also initiate a call°dONLNd·;NG»*?// to this routine by calling ARATickleMe. When ARA calls this°dONLNd"FNRÚ*F// routine the LongParam value will be 0 (zero). When it is called as°dONLNdjQN]Ú*F// a result of a call to ARATickleMe the LongParam will have the value°dONLNd≤\Nh¸*// you passed to ARATickleMe.°dONLNd—rN~ò*7// You can allocate and release memory in this routine.°dONLNd àNîÍ*return ( kSecurityNoErr );°dONLNd%ì6ü<(ú6}°dONLNd'ø6Àx*,pascal void°dONLNd4øòÀj)b#MyCompletionProc( SecurityReference°dONLNdYøùÀÂ(»ùMyReference,°dONLNdn ˆ÷(”ˆ int°dONLNdx Ö÷«)èResultCode,°dONLNdå’ˆ·(ﬁˆ void°dONLNdó’Ö·¡)è * DataPtr, (Ú$*Copyright © 1992, 1993 Apple Computer Inc.(Ú646ˇdˇˇˇˇˇd d, Helvetica .ˇ+$,ARA Add-on Security Interface(,Version 1.0, Courier °dONLNd6ˆB(?ˆ int°dONLNd 6ÖBª)è DataSize,°dONLNdAˆM(Jˆ long°dONLNd'AÖMÎ)èCompletionParam )°dONLNd9L6X(U6M//===========================================================================°dONLNdáW6cB*//°dONLNdäWNcñ)Description:°dONLNdóWÆc¯)`7this is an example of your a completion routine you can°dONLNdœb6nB(k6//°dONLNd÷bÆnÚ)x6use for calls to asynch ARA services. You can use one°dONLNdm6yB(v6//°dONLNdmÆy˛)x8completion proc and distinguish the reason it was called°dONLNdMx6ÑB(Å6//°dONLNdTxÆÑ∞)x+by the value passed in the CompletionParam.°dONLNdÄÉ6èB(å6//°dONLNdàé6öB*//°dONLNdãô6•B*//°dONLNdéôN•ê)Parameters:°dONLNdõôÆ•)`MyReference°dONLNd®ô•å)`your unique reference°dONLNdæ§6∞B(≠6//°dONLNd≈§Æ∞Í)x ResultCode°dONLNd—§∞Ú)`&result of the asynch ARA call you made°dONLNd¯Ø6ªB(∏6//°dONLNdˇØÆªÿ)xDataPtr°dONLNd ØªÏ)`%pointer to the data passed to the ARA°dONLNd/∫6ΔB(√6//°dONLNd:∫Δ&)ÿproc°dONLNd?≈6—B(Œ6//°dONLNdF≈Æ—ﬁ)xDataSize°dONLNdP≈—ò)`actual size of the data°dONLNdh–6‹B(Ÿ6//°dONLNdo–Æ‹)xCompletionParam°dONLNd–‹‡)`#additional information you provided°dONLNd§€6ÁB(‰6//°dONLNdØ€Áò)ÿto the ARA service proc°dONLNd«Ê6ÚB(Ô6//°dONLNd Ò6˝B*//°dONLNdÕÒN˝ú)Return Value:°dONLNd€ÒÆ˝Δ)`none°dONLNd‡¸6B(6//°dONLNd„6B*//°dONLNdÊN¢)Creation Date:°dONLNdı6B(6//°dONLNd¯6)B*//°dONLNd˚N)¢)Modifications:°dONLNd (64B(16//°dONLNd36?*M//===========================================================================°dONLNd[>6J<*{°dONLNd]I6U‘*E// you can remove the unused pragma for any of the parameters you use°dONLNd£T6`ÿ*#pragma unused(MyReference)°dONLNdø_6k“*#pragma unused(ResultCode)°dONLNd⁄j6v¿*#pragma unused(DataPtr)°dONLNdÚu6ÅΔ*#pragma unused(DataSize)°dONLNdÄ6å*#pragma unused(CompletionParam)°dONLNd,ñN¢ê+// WARNING:°dONLNd9°N≠Z*//°dONLNd>°ò≠Ë)J8Do not attempt to allocate or release any memory in this°dONLNdx¨N∏Z(µN//°dONLNd}¨ò∏‹)J6routine. Also don't call any Mac Toolbaox/OS routines°dONLNd∂∑N√Z(¿N//°dONLNdª∑ò√Ó)J9that allocate or release memory. If you need to do this,°dONLNdˆ¬NŒZ(ÀN//°dONLNd˚¬òŒ‚)J7you should call ARATickleMe with a state indicator, and°dONLNd4ÕNŸZ(÷N//°dONLNd9ÕòŸö)J+allow your DoMyTickle routine to handle it.°dONLNdf„NÔx(ÏNreturn;°dONLNdnÓ6˙<(˜6} (Ú$*Copyright © 1992, 1993 Apple Computer Inc.(Ú647ˇÄdˇˇˇˇˇd d, Helvetica .ˇ+$,ARA Add-on Security Interface(,Version 1.0,Palatino°dONLNdN6^Í(Z6Appendix C: Miscellaneous ^4^/°dONLNdiHwƒ+Runtime Environment vFv/ }ﬁ°dONLNd/áZì +\ARA builds an A5 world for a code resource, so the module can have its own global data. ARAΩ›°dONLNdåôZ• *^sets the A5 world automatically, prior to calling any routines (entry, completion) in the code°dONLNdÎ´Z∑Ç* resource.cÓ°dONLNdı«Z” *\The module inherits stacks from other executing tasks, and should refrain from recursion and°dONLNdRŸZÂ∂*large stack variables.fû°dONLNdiıZ *bThe resource file from which the code resources are loaded will be on the top of the resource file°dONLNdÃZ *Zstack, when ARA executes code resources. The security module's resource file is opened as°dONLNd'Z%m*readX°dONLNd+n%î)A-only, and you should not attempt to modify or add any resources.°dONLNdm5ZAñ(>ZHYou must initialize any Toolbox manager's you are using (e.g. InitGraf).°dONLNd∂GHU(QH#Building an Add-on Security Module TFT/ e—°dONLNd⁄eZq +[You need MPW 3.2 or later and MPW C to build a security module. The ARA Security Interface°dONLNd6wZÉb*?disk contains the files you need to build a security interface.’¸°dONLNdvìZü *_The EmptyShell is a good starting point for putting together a code resource. You can also use=⁄°dONLNd÷•Z± *`the sample module as the starting point for your module. This code can be used in your security°dONLNd7∑Z√Ä*Bmodules, but you must keep Apple's copyrights in the source files.Ø…°dONLNdz”Zﬂ *`After you have designed your security module (e.g. line-level vs. protocol-level and its workingΩ°dONLNd€ÂZÒ *`behavior), take the "SecurityShell.c" and code the routines that handle the actions. The Sample°dONLNd<˜Z€*RModule shows how a protocol-level module that provides a second password is coded.°dONLNdèZu*@You must also define the proper 'sinf' resource for your module.úπ°dONLNd–/Z; *^After you have compiled the module you must link it with "SecurityInterface.o". You must alsoM°dONLNd/AZM *`link in "Runtime.o" (included with MPW). SecurityInterface.o must be the first file in the link°dONLNdêSZ_Ò*Lcommand. The link command should also have "-m SECURITYINTERFACEENTRYPROC".°dONLNd›oZ{›*SFor an example of how a security module is build Review the enclosed Sample Module. (Ú$*Copyright © 1992, 1993 Apple Computer Inc.(Ú648ˇjdˇˇˇˇˇd d, Helvetica .ˇ+$,ARA Add-on Security Interface(,Version 1.0°dONLNd<HJÊ(FHARA Security Interface Disk IFI/,Palatino y°dONLNdZZf +`The enclosed developer disk contains the interface files and sample modules you can use to build°dONLNd}lZx°*Kan ARA security module. This sections describes the contents of this disk.ˇˇ˛x°dONLNd…àZî *fThe "Empty Shell" folder contains a file you can use to build a code resource file. It contains place°dONLNd0öZ¶,*/holder routines for processing the ARA actions.{Æ°dONLNd`∂Z¬ *[The "Sample Protocol Module" folder contains the complete source for a security module that‚Y°dONLNdº»Z‘ *[provides a second password. Using this module, you can assign each user a second password.y °dONLNd⁄ZÊß*This is a protocolö~°dONLNd+⁄ßÊ)MO-level module. You can use this code as a starting point for building your own°dONLNd{ÏZ¯~(ıZmodule.…Ó°dONLNdÉZ *X"Security Interfaces" folder contains the various header files for interfacing with ARA.∏ˆ°dONLNd›Z& *a"SecurityInterface.h", and "SecurityPublic.h" contain all the declarations that your module needst°dONLNd?,Z8 *`for accessing ARA Service Routines. "SecurityResInfo.h" contains the flags that are used in the°dONLNd†>ZJ–*X'sinf' resource. "SecurityTypes.r" has the resource declarations for a security module.'°dONLNd˘ZZf *d"SecurityLibraries" contains "SecurityInterface.o" that must be linked as the first file for each of°dONLNd^lZxµ*your code resources. (Ú$*Copyright © 1992, 1993 Apple Computer Inc.(Ú649ˇ