]> git.saurik.com Git - apple/mdnsresponder.git/blob - mDNSMacOSX/PreferencePane/PrivilegedOperations.c
projects / apple / mdnsresponder.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
mDNSResponder-107.3.tar.gz
[apple/mdnsresponder.git] / mDNSMacOSX / PreferencePane / PrivilegedOperations.c
1 /*
2 File: PrivilegedOperations.c
3
4 Abstract: Interface to "ddnswriteconfig" setuid root tool.
5
6 Copyright: (c) Copyright 2005 Apple Computer, Inc. All rights reserved.
7
8 Disclaimer: IMPORTANT: This Apple software is supplied to you by Apple Computer, Inc.
9 ("Apple") in consideration of your agreement to the following terms, and your
10 use, installation, modification or redistribution of this Apple software
11 constitutes acceptance of these terms. If you do not agree with these terms,
12 please do not use, install, modify or redistribute this Apple software.
13
14 In consideration of your agreement to abide by the following terms, and subject
15 to these terms, Apple grants you a personal, non-exclusive license, under Apple's
16 copyrights in this original Apple software (the "Apple Software"), to use,
17 reproduce, modify and redistribute the Apple Software, with or without
18 modifications, in source and/or binary forms; provided that if you redistribute
19 the Apple Software in its entirety and without modifications, you must retain
20 this notice and the following text and disclaimers in all such redistributions of
21 the Apple Software. Neither the name, trademarks, service marks or logos of
22 Apple Computer, Inc. may be used to endorse or promote products derived from the
23 Apple Software without specific prior written permission from Apple. Except as
24 expressly stated in this notice, no other rights or licenses, express or implied,
25 are granted by Apple herein, including but not limited to any patent rights that
26 may be infringed by your derivative works or by other works in which the Apple
27 Software may be incorporated.
28
29 The Apple Software is provided by Apple on an "AS IS" basis. APPLE MAKES NO
30 WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION THE IMPLIED
31 WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY AND FITNESS FOR A PARTICULAR
32 PURPOSE, REGARDING THE APPLE SOFTWARE OR ITS USE AND OPERATION ALONE OR IN
33 COMBINATION WITH YOUR PRODUCTS.
34
35 IN NO EVENT SHALL APPLE BE LIABLE FOR ANY SPECIAL, INDIRECT, INCIDENTAL OR
36 CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
37 GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
38 ARISING IN ANY WAY OUT OF THE USE, REPRODUCTION, MODIFICATION AND/OR DISTRIBUTION
39 OF THE APPLE SOFTWARE, HOWEVER CAUSED AND WHETHER UNDER THEORY OF CONTRACT, TORT
40 (INCLUDING NEGLIGENCE), STRICT LIABILITY OR OTHERWISE, EVEN IF APPLE HAS BEEN
41 ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
42
43 Change History (most recent first):
44 $Log: PrivilegedOperations.c,v $
45 Revision 1.2 2005/02/10 22:35:20 cheshire
46 <rdar://problem/3727944> Update name
47
48 Revision 1.1 2005/02/05 01:59:19 cheshire
49 Add Preference Pane to facilitate testing of DDNS & wide-area features
50
51 */
52
53 #include "PrivilegedOperations.h"
54 #include "ConfigurationAuthority.h"
55 #include <CoreFoundation/CoreFoundation.h>
56 #include <SystemConfiguration/SystemConfiguration.h>
57 #include <stdio.h>
58 #include <stdint.h>
59 #include <stdlib.h>
60 #include <unistd.h>
61 #include <sys/wait.h>
62 #include <AssertMacros.h>
63 #include <Security/Security.h>
64
65 Boolean gToolApproved = false;
66
67 pid_t execTool(const char *args[])
68 // fork/exec and return new pid
69 {
70 pid_t child;
71
72 child = vfork();
73 if (child == 0)
74 {
75 execv(args[0], (char *const *)args);
76 printf("exec of %s failed; errno = %d\n", args[0], errno);
77 _exit(-1); // exec failed
78 }
79 else
80 return child;
81 }
82
83 OSStatus EnsureToolInstalled(void)
84 // Make sure that the tool is installed in the right place, with the right privs, and the right version.
85 {
86 CFURLRef bundleURL;
87 pid_t toolPID;
88 int status;
89 OSStatus err = noErr;
90 const char *args[] = { kToolPath, "0", "V", NULL };
91 char toolPath[PATH_MAX] = {};
92
93 if (gToolApproved)
94 return noErr;
95
96 // Check version of installed tool
97 toolPID = execTool(args);
98 if (toolPID > 0)
99 {
100 waitpid(toolPID, &status, 0);
101 if (WIFEXITED(status) && WEXITSTATUS(status) == PRIV_OP_TOOL_VERS)
102 return noErr;
103 }
104
105 // Locate our in-bundle copy of privop tool
106 bundleURL = CFBundleCopyBundleURL(CFBundleGetBundleWithIdentifier(CFSTR("com.apple.preference.bonjour")) );
107 if (bundleURL != NULL)
108 {
109 CFURLGetFileSystemRepresentation(bundleURL, false, (UInt8*) toolPath, sizeof toolPath);
110 strcat(toolPath, "/Contents/Resources/" kToolName);
111 }
112 else
113 return coreFoundationUnknownErr;
114
115 // Obtain authorization and run in-bundle copy as root to install it
116 {
117 AuthorizationItem aewpRight = { kAuthorizationRightExecute, strlen(toolPath), toolPath, 0 };
118 AuthorizationItemSet rights = { 1, &aewpRight };
119 AuthorizationRef authRef;
120
121 err = AuthorizationCreate(&rights, (AuthorizationEnvironment*) NULL,
122 kAuthorizationFlagInteractionAllowed | kAuthorizationFlagExtendRights |
123 kAuthorizationFlagPreAuthorize, &authRef);
124 if (err == noErr)
125 {
126 args[2] = "I";
127 err = AuthorizationExecuteWithPrivileges(authRef, toolPath, 0, (char * const *)&args[1], (FILE**) NULL);
128 if (err == noErr)
129 gToolApproved = true;
130 (void) AuthorizationFree(authRef, kAuthorizationFlagDestroyRights);
131 }
132 }
133
134 return err;
135 }
136
137
138 static OSStatus ExecWithCmdAndParam(const char *subCmd, CFDataRef paramData)
139 // Execute our privop tool with the supplied subCmd and parameter
140 {
141 OSStatus err = noErr;
142 int commFD, dataLen;
143 u_int32_t len;
144 pid_t child;
145 char fileNum[16];
146 UInt8 *buff;
147 const char *args[] = { kToolPath, NULL, "A", NULL, NULL };
148 AuthorizationExternalForm authExt;
149
150 err = ExternalizeAuthority(&authExt);
151 require_noerr(err, AuthFailed);
152
153 dataLen = CFDataGetLength(paramData);
154 buff = (UInt8*) malloc(dataLen * sizeof(UInt8));
155 require_action(buff != NULL, AllocBuffFailed, err=memFullErr;);
156 {
157 CFRange all = { 0, dataLen };
158 CFDataGetBytes(paramData, all, buff);
159 }
160
161 commFD = fileno(tmpfile());
162 sprintf(fileNum, "%d", commFD);
163 args[1] = fileNum;
164 args[3] = subCmd;
165
166 // write authority to pipe
167 len = 0; // tag, unused
168 write(commFD, &len, sizeof len);
169 len = sizeof authExt; // len
170 write(commFD, &len, sizeof len);
171 write(commFD, &authExt, len);
172
173 // write parameter to pipe
174 len = 0; // tag, unused
175 write(commFD, &len, sizeof len);
176 len = dataLen; // len
177 write(commFD, &len, sizeof len);
178 write(commFD, buff, len);
179
180 child = execTool(args);
181 if (child > 0) {
182 int status;
183 waitpid(child, &status, 0);
184 if (WIFEXITED(status))
185 err = WEXITSTATUS(status);
186 //fprintf(stderr, "child exited; status = %d (%ld)\n", status, err);
187 }
188
189 close(commFD);
190
191 free(buff);
192 AllocBuffFailed:
193 AuthFailed:
194 return err;
195 }
196
197 OSStatus
198 WriteBrowseDomain(CFDataRef domainArrayData)
199 {
200 if (!CurrentlyAuthorized())
201 return authFailErr;
202 return ExecWithCmdAndParam("Wb", domainArrayData);
203 }
204
205 OSStatus
206 WriteRegistrationDomain(CFDataRef domainArrayData)
207 {
208 if (!CurrentlyAuthorized())
209 return authFailErr;
210 return ExecWithCmdAndParam("Wd", domainArrayData);
211 }
212
213 OSStatus
214 WriteHostname(CFDataRef domainArrayData)
215 {
216 if (!CurrentlyAuthorized())
217 return authFailErr;
218 return ExecWithCmdAndParam("Wh", domainArrayData);
219 }
220
221 OSStatus
222 SetKeyForDomain(CFDataRef secretData)
223 {
224 if (!CurrentlyAuthorized())
225 return authFailErr;
226 return ExecWithCmdAndParam("Wk", secretData);
227 }
mirror of mDNSResponder