]> git.saurik.com Git - apple/security.git/blob - OSX/libsecurity_authorization/lib/trampolineServer.cpp
Security-59306.41.2.tar.gz
[apple/security.git] / OSX / libsecurity_authorization / lib / trampolineServer.cpp
1 /*
2 * Copyright (c) 2000-2001,2011,2013-2014 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24
25 //
26 // trampolineServer.cpp - tool-side trampoline support functions
27 //
28 #include <cstdlib>
29 #include <unistd.h>
30 #include <Security/Authorization.h>
31 #include <Security/SecBase.h>
32 #include <dispatch/dispatch.h>
33 #include <security_utilities/debugging.h>
34
35 //
36 // In a tool launched via AuthorizationCopyPrivilegedReference, retrieve a copy
37 // of the AuthorizationRef that started it all.
38 //
39 OSStatus AuthorizationCopyPrivilegedReference(AuthorizationRef *authorization,
40 AuthorizationFlags flags)
41 {
42 secalert("AuthorizationCopyPrivilegedReference is deprecated and functionality will be removed in macOS 10.14 - please update your application");
43 // flags are currently reserved
44 if (flags != 0)
45 return errAuthorizationInvalidFlags;
46
47 // retrieve hex form of external form from environment
48 const char *mboxFdText = getenv("__AUTHORIZATION");
49 if (!mboxFdText) {
50 return errAuthorizationInvalidRef;
51 }
52
53 static AuthorizationExternalForm extForm;
54 static OSStatus result = errAuthorizationInvalidRef;
55 static dispatch_once_t onceToken;
56 dispatch_once(&onceToken, ^{
57 // retrieve the pipe and read external form
58 int fd;
59 if (sscanf(mboxFdText, "auth %d", &fd) != 1) {
60 return;
61 }
62 ssize_t numOfBytes = read(fd, &extForm, sizeof(extForm));
63 close(fd);
64 if (numOfBytes == sizeof(extForm)) {
65 result = errAuthorizationSuccess;
66 }
67 });
68
69 if (result) {
70 // we had some trouble with reading the extform
71 return result;
72 }
73
74 // internalize the authorization
75 AuthorizationRef auth;
76 if (OSStatus error = AuthorizationCreateFromExternalForm(&extForm, &auth))
77 return error;
78
79 if (authorization) {
80 *authorization = auth;
81 }
82
83 return errAuthorizationSuccess;
84 }