]> git.saurik.com Git - apple/security.git/blob - SecurityServer/tests/exectest.cpp
Security-176.tar.gz
[apple/security.git] / SecurityServer / tests / exectest.cpp
1 /*
2 * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
3 *
4 * The contents of this file constitute Original Code as defined in and are
5 * subject to the Apple Public Source License Version 1.2 (the 'License').
6 * You may not use this file except in compliance with the License. Please obtain
7 * a copy of the License at http://www.apple.com/publicsource and read it before
8 * using this file.
9 *
10 * This Original Code and all software distributed under the License are
11 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
12 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
13 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
14 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
15 * specific language governing rights and limitations under the License.
16 */
17
18
19 //
20 // Exectest - privileged-execution test driver
21 //
22 #include <Security/Authorization.h>
23 #include <unistd.h>
24 #include <stdlib.h>
25
26
27 void doLoopback(int argc, char *argv[]);
28
29
30 int main(int argc, char **argv)
31 {
32 const char *path = "/usr/bin/id";
33 bool writeToPipe = false;
34 bool loopback = false;
35
36 int arg;
37 extern char *optarg;
38 extern int optind;
39 while ((arg = getopt(argc, argv, "f:lLw")) != -1) {
40 switch (arg) {
41 case 'f':
42 path = optarg;
43 break;
44 case 'l':
45 loopback = true;
46 break;
47 case 'L':
48 doLoopback(argc, argv);
49 exit(0);
50 case 'w':
51 writeToPipe = true;
52 break;
53 case '?':
54 exit(2);
55 }
56 }
57
58 AuthorizationItem right = { "system.privilege.admin", 0, NULL, 0 };
59 AuthorizationRights rights = { 1, &right };
60
61 AuthorizationRef auth;
62 if (OSStatus error = AuthorizationCreate(&rights, NULL /*env*/,
63 kAuthorizationFlagInteractionAllowed |
64 kAuthorizationFlagExtendRights |
65 kAuthorizationFlagPreAuthorize,
66 &auth)) {
67 printf("create error %ld\n", error);
68 exit(1);
69 }
70
71 if (loopback) {
72 path = argv[0];
73 argv[--optind] = "-L"; // backing over existing array element
74 }
75
76 FILE *f;
77 if (OSStatus error = AuthorizationExecuteWithPrivileges(auth,
78 path, 0, argv + optind, &f)) {
79 printf("exec error %ld\n", error);
80 exit(1);
81 }
82 printf("--- execute successful ---\n");
83 if (writeToPipe) {
84 char buffer[1024];
85 while (fgets(buffer, sizeof(buffer), stdin))
86 fprintf(f, "%s", buffer);
87 } else {
88 char buffer[1024];
89 while (fgets(buffer, sizeof(buffer), f))
90 printf("%s", buffer);
91 }
92 printf("--- end of output ---\n");
93 exit(0);
94 }
95
96
97 void doLoopback(int argc, char *argv[])
98 {
99 // general status
100 printf("Authorization Execution Loopback Test\n");
101 printf("Invoked as");
102 for (int n = 0; argv[n]; n++)
103 printf(" %s", argv[n]);
104 printf("\n");
105
106 // recover the authorization handle
107 AuthorizationRef auth;
108 if (OSStatus err = AuthorizationCopyPrivilegedReference(&auth, 0)) {
109 printf("Cannot recover AuthorizationRef: error=%ld\n", err);
110 exit(1);
111 }
112
113 printf("AuthorizationRef recovered.\n");
114 }