OSX/libsecurity_authorization/lib/Authorization.cpp

   1 /*
   2  * Copyright (c) 2000-2004,2011-2014 Apple Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23
  24
  25 //
  26 // Authorization.cpp
  27 //
  28 // This file is the unified implementation of the Authorization and AuthSession APIs.
  29 //
  30 #include <stdint.h>
  31 #include <Security/AuthSession.h>
  32 #include <Security/AuthorizationPriv.h>
  33 #include <security_utilities/ccaudit.h>
  34 #include <security_cdsa_utilities/cssmbridge.h>
  35 #include <Security/SecBase.h>
  36 #include <security_utilities/logging.h>
  37 #include "LegacyAPICounts.h"
  38
  39 //
  40 // This no longer talks to securityd; it is a kernel function.
  41 //
  42 OSStatus SessionGetInfo(SecuritySessionId requestedSession,
  43     SecuritySessionId *sessionId,
  44     SessionAttributeBits *attributes)
  45 {
  46     BEGIN_API
  47         CommonCriteria::AuditInfo session;
  48         if (requestedSession == callerSecuritySession)
  49                 session.get();
  50         else
  51                 session.get(requestedSession);
  52         if (sessionId)
  53                 *sessionId = session.sessionId();
  54         if (attributes)
  55         *attributes = (SessionAttributeBits)session.flags();
  56     END_API(CSSM)
  57 }
  58
  59
  60 //
  61 // Create a new session.
  62 // This no longer talks to securityd; it is a kernel function.
  63 // Securityd will pick up the new session when we next talk to it.
  64 //
  65 OSStatus SessionCreate(SessionCreationFlags flags,
  66     SessionAttributeBits attributes)
  67 {
  68     BEGIN_API
  69
  70         // we don't support the session creation flags anymore
  71         if (flags)
  72                 Syslog::warning("SessionCreate flags=0x%lx unsupported (ignored)", (unsigned long)flags);
  73         CommonCriteria::AuditInfo session;
  74         session.create(attributes);
  75
  76         // retrieve the (new) session id and set it into the process environment
  77         session.get();
  78         char idString[80];
  79         snprintf(idString, sizeof(idString), "%x", session.sessionId());
  80         setenv("SECURITYSESSIONID", idString, 1);
  81
  82     END_API(CSSM)
  83 }
  84
  85
  86 //
  87 // Get and set the distinguished uid (optionally) associated with the session.
  88 //
  89 OSStatus SessionSetDistinguishedUser(SecuritySessionId session, uid_t user)
  90 {
  91         BEGIN_API
  92         CommonCriteria::AuditInfo session;
  93         session.get();
  94         session.ai_auid = user;
  95         session.set();
  96         END_API(CSSM)
  97 }
  98
  99
 100 OSStatus SessionGetDistinguishedUser(SecuritySessionId session, uid_t *user)
 101 {
 102     BEGIN_API
 103         CommonCriteria::AuditInfo session;
 104         session.get();
 105         Required(user) = session.uid();
 106     END_API(CSSM)
 107 }
 108
 109 OSStatus SessionSetUserPreferences(SecuritySessionId session)
 110 {
 111     return errSecSuccess;
 112 }