SecurityTool/macOS/smartcards.m

   1 //
   2 //  smartcards.m
   3 //  SecurityTool
   4
   5 #import <Foundation/Foundation.h>
   6
   7 #import "smartcards.h"
   8 #import "security_tool.h"
   9
  10 const CFStringRef kTKSmartCardPreferencesDomain = CFSTR("com.apple.security.smartcard");
  11 const CFStringRef kTKDisabledTokensPreferencesKey  = CFSTR("DisabledTokens");
  12
  13 static void listDisabledTokens() {
  14     id value = (__bridge_transfer id)CFPreferencesCopyValue(kTKDisabledTokensPreferencesKey, kTKSmartCardPreferencesDomain, kCFPreferencesAnyUser, kCFPreferencesCurrentHost);
  15     if (value && ![value isKindOfClass:NSArray.class])
  16         return;
  17     NSArray *disabledTokens = (NSArray*)value;
  18     for (id tokenName in disabledTokens) {
  19         if ([tokenName isKindOfClass:NSString.class]) {
  20             printf("\t\"%s\"\n", [tokenName UTF8String]);
  21         }
  22     }
  23 }
  24
  25 static void disable(const char *tokenToDisable) {
  26     id value = (__bridge_transfer id)CFPreferencesCopyValue(kTKDisabledTokensPreferencesKey, kTKSmartCardPreferencesDomain, kCFPreferencesAnyUser, kCFPreferencesCurrentHost);
  27     if (value && ![value isKindOfClass:NSArray.class])
  28         return;
  29     NSMutableArray *disabledTokens = [NSMutableArray arrayWithArray:value];
  30     NSString *tokenName = [NSString stringWithUTF8String:tokenToDisable];
  31     if (![disabledTokens containsObject:tokenName]) {
  32         [disabledTokens addObject:tokenName];
  33         CFPreferencesSetValue(kTKDisabledTokensPreferencesKey, (__bridge CFTypeRef)disabledTokens, kTKSmartCardPreferencesDomain, kCFPreferencesAnyUser, kCFPreferencesCurrentHost);
  34         if (!CFPreferencesSynchronize(kTKSmartCardPreferencesDomain, kCFPreferencesAnyUser, kCFPreferencesCurrentHost))
  35             printf("Permission denied!\n");
  36     }
  37     else
  38         printf("Token is already disabled.\n");
  39 }
  40
  41 static void enable(const char *tokenToEnable) {
  42     id value = (__bridge_transfer id)CFPreferencesCopyValue(kTKDisabledTokensPreferencesKey, kTKSmartCardPreferencesDomain, kCFPreferencesAnyUser, kCFPreferencesCurrentHost);
  43     if (value && ![value isKindOfClass:NSArray.class])
  44         return;
  45     NSString *tokenName = [NSString stringWithUTF8String:tokenToEnable];
  46     NSMutableArray *disabledTokens = [NSMutableArray arrayWithArray:value];
  47     if ([disabledTokens containsObject:tokenName]) {
  48         [disabledTokens removeObject:tokenName];
  49         CFPreferencesSetValue(kTKDisabledTokensPreferencesKey, (__bridge CFTypeRef)disabledTokens, kTKSmartCardPreferencesDomain, kCFPreferencesAnyUser, kCFPreferencesCurrentHost);
  50         if (!CFPreferencesSynchronize(kTKSmartCardPreferencesDomain, kCFPreferencesAnyUser, kCFPreferencesCurrentHost))
  51             printf("Permission denied!\n");
  52     }
  53     else
  54         printf("Token is already enabled.\n");
  55 }
  56
  57 static int token(int argc, char * const *argv)
  58 {
  59     int ch;
  60     while ((ch = getopt(argc, argv, "le:d:")) != -1)
  61     {
  62         switch  (ch)
  63         {
  64             case 'l':
  65                 listDisabledTokens();
  66                 return 0;
  67             case 'e':
  68                 enable(optarg);
  69                 return 0;
  70             case 'd':
  71                 disable(optarg);
  72                 return 0;
  73         }
  74     }
  75
  76     return SHOW_USAGE_MESSAGE;
  77 }
  78
  79 int smartcards(int argc, char * const *argv) {
  80     int result = 2;
  81     require_quiet(argc > 2, out);
  82     @autoreleasepool {
  83         if (!strcmp("token", argv[1])) {
  84             result = token(argc - 1, argv + 1);
  85         }
  86     }
  87
  88 out:
  89     return result;
  90 }