OSX/libsecurity_authorization/lib/trampolineServer.cpp

   1 /*
   2  * Copyright (c) 2000-2001,2011,2013-2014 Apple Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23
  24
  25 //
  26 // trampolineServer.cpp - tool-side trampoline support functions
  27 //
  28 #include <cstdlib>
  29 #include <unistd.h>
  30 #include <Security/Authorization.h>
  31 #include <Security/SecBase.h>
  32 #include <dispatch/dispatch.h>
  33 #include <security_utilities/debugging.h>
  34
  35 //
  36 // In a tool launched via AuthorizationCopyPrivilegedReference, retrieve a copy
  37 // of the AuthorizationRef that started it all.
  38 //
  39 OSStatus AuthorizationCopyPrivilegedReference(AuthorizationRef *authorization,
  40         AuthorizationFlags flags)
  41 {
  42         secalert("AuthorizationCopyPrivilegedReference is deprecated and functionality will be removed in macOS 10.14 - please update your application");
  43         // flags are currently reserved
  44         if (flags != 0)
  45                 return errAuthorizationInvalidFlags;
  46
  47         // retrieve hex form of external form from environment
  48         const char *mboxFdText = getenv("__AUTHORIZATION");
  49         if (!mboxFdText) {
  50                 return errAuthorizationInvalidRef;
  51         }
  52
  53         static AuthorizationExternalForm extForm;
  54         static OSStatus result = errAuthorizationInvalidRef;
  55         static dispatch_once_t onceToken;
  56         dispatch_once(&onceToken, ^{
  57                 // retrieve the pipe and read external form
  58                 int fd;
  59                 if (sscanf(mboxFdText, "auth %d", &fd) != 1) {
  60                         return;
  61                 }
  62                 ssize_t numOfBytes = read(fd, &extForm, sizeof(extForm));
  63                 close(fd);
  64                 if (numOfBytes == sizeof(extForm)) {
  65                         result = errAuthorizationSuccess;
  66                 }
  67         });
  68
  69         if (result) {
  70                 // we had some trouble with reading the extform
  71                 return result;
  72         }
  73
  74         // internalize the authorization
  75         AuthorizationRef auth;
  76         if (OSStatus error = AuthorizationCreateFromExternalForm(&extForm, &auth))
  77                 return error;
  78
  79         if (authorization) {
  80                 *authorization = auth;
  81         }
  82
  83         return errAuthorizationSuccess;
  84 }