]> git.saurik.com Git - apple/security.git/blob - OSX/libsecurity_authorization/lib/trampolineServer.cpp
Security-58286.200.222.tar.gz
[apple/security.git] / OSX / libsecurity_authorization / lib / trampolineServer.cpp
1 /*
2 * Copyright (c) 2000-2001,2011,2013-2014 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24
25 //
26 // trampolineServer.cpp - tool-side trampoline support functions
27 //
28 #include <cstdlib>
29 #include <unistd.h>
30 #include <Security/Authorization.h>
31 #include <Security/SecBase.h>
32 #include <dispatch/dispatch.h>
33
34 //
35 // In a tool launched via AuthorizationCopyPrivilegedReference, retrieve a copy
36 // of the AuthorizationRef that started it all.
37 //
38 OSStatus AuthorizationCopyPrivilegedReference(AuthorizationRef *authorization,
39 AuthorizationFlags flags)
40 {
41 // flags are currently reserved
42 if (flags != 0)
43 return errAuthorizationInvalidFlags;
44
45 // retrieve hex form of external form from environment
46 const char *mboxFdText = getenv("__AUTHORIZATION");
47 if (!mboxFdText) {
48 return errAuthorizationInvalidRef;
49 }
50
51 static AuthorizationExternalForm extForm;
52 static OSStatus result = errAuthorizationInvalidRef;
53 static dispatch_once_t onceToken;
54 dispatch_once(&onceToken, ^{
55 // retrieve the pipe and read external form
56 int fd;
57 if (sscanf(mboxFdText, "auth %d", &fd) != 1) {
58 return;
59 }
60 ssize_t numOfBytes = read(fd, &extForm, sizeof(extForm));
61 close(fd);
62 if (numOfBytes == sizeof(extForm)) {
63 result = errAuthorizationSuccess;
64 }
65 });
66
67 if (result) {
68 // we had some trouble with reading the extform
69 return result;
70 }
71
72 // internalize the authorization
73 AuthorizationRef auth;
74 if (OSStatus error = AuthorizationCreateFromExternalForm(&extForm, &auth))
75 return error;
76
77 if (authorization) {
78 *authorization = auth;
79 }
80
81 return errAuthorizationSuccess;
82 }