]> git.saurik.com Git - apple/security.git/blob - securityd/tests/exectest.cpp
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-58286.270.3.0.1.tar.gz
[apple/security.git] / securityd / tests / exectest.cpp
1 /*
2 * Copyright (c) 2000-2001,2003-2004 Apple Computer, Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24
25 //
26 // Exectest - privileged-execution test driver
27 //
28 #include <Security/Authorization.h>
29 #include <unistd.h>
30 #include <stdlib.h>
31
32
33 void doLoopback(int argc, char *argv[]);
34
35
36 int main(int argc, char **argv)
37 {
38 const char *path = "/usr/bin/id";
39 bool writeToPipe = false;
40 bool loopback = false;
41
42 int arg;
43 extern char *optarg;
44 extern int optind;
45 while ((arg = getopt(argc, argv, "f:lLw")) != -1) {
46 switch (arg) {
47 case 'f':
48 path = optarg;
49 break;
50 case 'l':
51 loopback = true;
52 break;
53 case 'L':
54 doLoopback(argc, argv);
55 exit(0);
56 case 'w':
57 writeToPipe = true;
58 break;
59 case '?':
60 exit(2);
61 }
62 }
63
64 AuthorizationItem right = { "system.privilege.admin", 0, NULL, 0 };
65 AuthorizationRights rights = { 1, &right };
66
67 AuthorizationRef auth;
68 if (OSStatus error = AuthorizationCreate(&rights, NULL /*env*/,
69 kAuthorizationFlagInteractionAllowed |
70 kAuthorizationFlagExtendRights |
71 kAuthorizationFlagPreAuthorize,
72 &auth)) {
73 printf("create error %ld\n", error);
74 exit(1);
75 }
76
77 if (loopback) {
78 path = argv[0];
79 argv[--optind] = "-L"; // backing over existing array element
80 }
81
82 FILE *f;
83 if (OSStatus error = AuthorizationExecuteWithPrivileges(auth,
84 path, 0, argv + optind, &f)) {
85 printf("exec error %ld\n", error);
86 exit(1);
87 }
88 printf("--- execute successful ---\n");
89 if (writeToPipe) {
90 char buffer[1024];
91 while (fgets(buffer, sizeof(buffer), stdin))
92 fprintf(f, "%s", buffer);
93 } else {
94 char buffer[1024];
95 while (fgets(buffer, sizeof(buffer), f))
96 printf("%s", buffer);
97 }
98 printf("--- end of output ---\n");
99 exit(0);
100 }
101
102
103 void doLoopback(int argc, char *argv[])
104 {
105 // general status
106 printf("Authorization Execution Loopback Test\n");
107 printf("Invoked as");
108 for (int n = 0; argv[n]; n++)
109 printf(" %s", argv[n]);
110 printf("\n");
111
112 // recover the authorization handle
113 AuthorizationRef auth;
114 if (OSStatus err = AuthorizationCopyPrivilegedReference(&auth, 0)) {
115 printf("Cannot recover AuthorizationRef: error=%ld\n", err);
116 exit(1);
117 }
118
119 printf("AuthorizationRef recovered.\n");
120 }
mirror of Security