OSX/libsecurity_authorization/lib/trampolineServer.cpp

   1 /*
   2  * Copyright (c) 2000-2001,2011,2013-2014 Apple Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23
  24
  25 //
  26 // trampolineServer.cpp - tool-side trampoline support functions
  27 //
  28 #include <cstdlib>
  29 #include <unistd.h>
  30 #include <Security/Authorization.h>
  31 #include <Security/SecBase.h>
  32
  33 //
  34 // In a tool launched via AuthorizationCopyPrivilegedReference, retrieve a copy
  35 // of the AuthorizationRef that started it all.
  36 //
  37 OSStatus AuthorizationCopyPrivilegedReference(AuthorizationRef *authorization,
  38         AuthorizationFlags flags)
  39 {
  40         // flags are currently reserved
  41         if (flags != 0)
  42                 return errAuthorizationInvalidFlags;
  43
  44         // retrieve hex form of external form from environment
  45         const char *mboxFdText = getenv("__AUTHORIZATION");
  46         if (!mboxFdText)
  47                 return errAuthorizationInvalidRef;
  48
  49     // retrieve mailbox file and read external form
  50     AuthorizationExternalForm extForm;
  51     int fd;
  52     if (sscanf(mboxFdText, "auth %d", &fd) != 1)
  53         return errAuthorizationInvalidRef;
  54     if (lseek(fd, 0, SEEK_SET) ||
  55             read(fd, &extForm, sizeof(extForm)) != sizeof(extForm)) {
  56         close(fd);
  57         return errAuthorizationInvalidRef;
  58     }
  59
  60         // internalize the authorization
  61         AuthorizationRef auth;
  62         if (OSStatus error = AuthorizationCreateFromExternalForm(&extForm, &auth))
  63                 return error;
  64
  65         // well, here you go
  66         *authorization = auth;
  67         return errSecSuccess;
  68 }