SecurityServer/Authorization/trampolineServer.cpp

   1 /*
   2  * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
   3  *
   4  * The contents of this file constitute Original Code as defined in and are
   5  * subject to the Apple Public Source License Version 1.2 (the 'License').
   6  * You may not use this file except in compliance with the License. Please obtain
   7  * a copy of the License at http://www.apple.com/publicsource and read it before
   8  * using this file.
   9  *
  10  * This Original Code and all software distributed under the License are
  11  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
  12  * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
  13  * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
  14  * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
  15  * specific language governing rights and limitations under the License.
  16  */
  17
  18
  19 //
  20 // trampolineServer.cpp - tool-side trampoline support functions
  21 //
  22 #include <cstdlib>
  23 #include <unistd.h>
  24 #include <Security/Authorization.h>
  25
  26
  27 //
  28 // In a tool launched via AuthorizationCopyPrivilegedReference, retrieve a copy
  29 // of the AuthorizationRef that started it all.
  30 //
  31 OSStatus AuthorizationCopyPrivilegedReference(AuthorizationRef *authorization,
  32         AuthorizationFlags flags)
  33 {
  34         // flags are currently reserved
  35         if (flags != 0)
  36                 return errAuthorizationInvalidFlags;
  37
  38         // retrieve hex form of external form from environment
  39         const char *mboxFdText = getenv("__AUTHORIZATION");
  40         if (!mboxFdText)
  41                 return errAuthorizationInvalidRef;
  42
  43     // retrieve mailbox file and read external form
  44     AuthorizationExternalForm extForm;
  45     int fd;
  46     if (sscanf(mboxFdText, "auth %d", &fd) != 1)
  47         return errAuthorizationInvalidRef;
  48     if (lseek(fd, 0, SEEK_SET) ||
  49             read(fd, &extForm, sizeof(extForm)) != sizeof(extForm)) {
  50         close(fd);
  51         return errAuthorizationInvalidRef;
  52     }
  53
  54         // internalize the authorization
  55         AuthorizationRef auth;
  56         if (OSStatus error = AuthorizationCreateFromExternalForm(&extForm, &auth))
  57                 return error;
  58
  59         // well, here you go
  60         *authorization = auth;
  61         return noErr;
  62 }