OSX/libsecurity_authorization/lib/trampolineServer.cpp

   1 /*
   2  * Copyright (c) 2000-2001,2011,2013-2014 Apple Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23
  24
  25 //
  26 // trampolineServer.cpp - tool-side trampoline support functions
  27 //
  28 #include <cstdlib>
  29 #include <unistd.h>
  30 #include <Security/Authorization.h>
  31 #include <Security/SecBase.h>
  32 #include <dispatch/dispatch.h>
  33
  34 //
  35 // In a tool launched via AuthorizationCopyPrivilegedReference, retrieve a copy
  36 // of the AuthorizationRef that started it all.
  37 //
  38 OSStatus AuthorizationCopyPrivilegedReference(AuthorizationRef *authorization,
  39         AuthorizationFlags flags)
  40 {
  41         // flags are currently reserved
  42         if (flags != 0)
  43                 return errAuthorizationInvalidFlags;
  44
  45         // retrieve hex form of external form from environment
  46         const char *mboxFdText = getenv("__AUTHORIZATION");
  47         if (!mboxFdText) {
  48                 return errAuthorizationInvalidRef;
  49         }
  50
  51         static AuthorizationExternalForm extForm;
  52         static OSStatus result = errAuthorizationInvalidRef;
  53         static dispatch_once_t onceToken;
  54         dispatch_once(&onceToken, ^{
  55                 // retrieve the pipe and read external form
  56                 int fd;
  57                 if (sscanf(mboxFdText, "auth %d", &fd) != 1) {
  58                         return;
  59                 }
  60                 ssize_t numOfBytes = read(fd, &extForm, sizeof(extForm));
  61                 close(fd);
  62                 if (numOfBytes == sizeof(extForm)) {
  63                         result = errAuthorizationSuccess;
  64                 }
  65         });
  66
  67         if (result) {
  68                 // we had some trouble with reading the extform
  69                 return result;
  70         }
  71
  72         // internalize the authorization
  73         AuthorizationRef auth;
  74         if (OSStatus error = AuthorizationCreateFromExternalForm(&extForm, &auth))
  75                 return error;
  76
  77         if (authorization) {
  78                 *authorization = auth;
  79         }
  80
  81         return errAuthorizationSuccess;
  82 }