]> git.saurik.com Git - apple/security.git/blob - SecurityTests/clxutils/trustApps/trustApps.cpp
Security-57031.1.35.tar.gz
[apple/security.git] / SecurityTests / clxutils / trustApps / trustApps.cpp
1 /*
2 * trustApps.cpp - set list of trusted apps for specified executable
3 */
4 #include <Security/Security.h>
5 #include <stdio.h>
6 #include <stdlib.h>
7 #include <utilLib/common.h>
8 #include <clAppUtils/identPicker.h>
9
10 static void usage(char **argv)
11 {
12 printf("Usage: %s keychain [-q(uiet)] executable ...\n", argv[0]);
13 exit(1);
14 }
15
16 int main(int argc, char **argv)
17 {
18 if(argc < 3) {
19 usage(argv);
20 }
21
22 const char *keychainName = argv[1];
23 int nextArg;
24 bool quiet = false;
25 OSStatus ortn;
26
27 for(nextArg=2; nextArg<argc; ) {
28 char *argp = argv[nextArg];
29 if(argp[0] != '-') {
30 break;
31 }
32 switch(argp[2]) {
33 case 'q':
34 quiet = true;
35 break;
36 default:
37 usage(argv);
38 }
39 }
40 if(nextArg == argc) {
41 usage(argv);
42 }
43
44 /* create an array of SecTrustedApplications */
45 CFMutableArrayRef appList = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks);
46 for(; nextArg<argc; nextArg++) {
47 SecTrustedApplicationRef appRef;
48 ortn = SecTrustedApplicationCreateFromPath(argv[nextArg], &appRef);
49 if(ortn) {
50 cssmPerror("SecTrustedApplicationCreateFromPath", ortn);
51 exit(1);
52 }
53 CFArrayAppendValue(appList, appRef);
54 }
55
56 /* Find a signing identity; extract its private key */
57 SecKeychainRef kcRef;
58 ortn = SecKeychainOpen(keychainName, &kcRef);
59 if(ortn) {
60 cssmPerror("SecKeychainOpen", ortn);
61 exit(1);
62 }
63 SecIdentityRef identRef;
64 ortn = sslSimpleIdentPicker(kcRef, &identRef);
65 if(ortn) {
66 exit(1);
67 }
68
69 SecKeyRef keyRef;
70 ortn = SecIdentityCopyPrivateKey(identRef, &keyRef);
71 if(ortn) {
72 cssmPerror("SecIdentityCopyPrivateKey", ortn);
73 exit(1);
74 }
75
76 /*
77 * Get existing ACL list (may be empty)
78 */
79 SecAccessRef accessRef;
80 CFArrayRef aclList = NULL;
81 ortn = SecKeychainItemCopyAccess((SecKeychainItemRef)keyRef, &accessRef);
82 if(ortn) {
83 cssmPerror("SecIdentityCopyPrivateKey", ortn);
84 exit(1);
85 }
86 ortn = SecAccessCopySelectedACLList(accessRef, CSSM_ACL_AUTHORIZATION_DECRYPT,
87 &aclList);
88 if(ortn) {
89 cssmPerror("SecAccessCopySelectedACLList", ortn);
90 exit(1);
91 }
92 if((aclList == NULL) || (CFArrayGetCount(aclList) == 0)) {
93 printf("No ACL list found. I don't know how to set the trusted app list.\n");
94 exit(1);
95 }
96
97 /* append our app list to each ACL's trusted app list */
98 for(int aclDex=0; aclDex<CFArrayGetCount(aclList); aclDex++) {
99
100 /* get existing app list */
101 SecACLRef aclRef = (SecACLRef)CFArrayGetValueAtIndex(aclList, aclDex);
102 CFArrayRef existApps = NULL;
103 CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR promptSelector;
104 CFStringRef promptDescription;
105
106 ortn = SecACLCopySimpleContents(aclRef, &existApps, &promptDescription,
107 &promptSelector);
108 if(ortn) {
109 cssmPerror("SecACLCopySimpleContents", ortn);
110 exit(1);
111 }
112
113 /* appends its contents to our list */
114 if(existApps != NULL) {
115 for(int i=0; i<CFArrayGetCount(existApps); i++) {
116 CFArrayAppendValue(appList, CFArrayGetValueAtIndex(existApps, i));
117 }
118 }
119
120 /* turn off possible keychain prompt flag */
121 promptSelector.flags &= ~CSSM_ACL_KEYCHAIN_PROMPT_REQUIRE_PASSPHRASE;
122
123 /* Update */
124 ortn = SecACLSetSimpleContents(aclRef, appList, promptDescription,
125 &promptSelector);
126 if(ortn) {
127 cssmPerror("SecACLCopySimpleContents", ortn);
128 exit(1);
129 }
130 if(existApps != NULL) {
131 CFRelease(existApps);
132 }
133 }
134
135 /* presumably we're been operating on "the" ACL list in "the" SecAccess,
136 * not a separate copy... */
137 ortn = SecKeychainItemSetAccess((SecKeychainItemRef)keyRef, accessRef);
138 if(ortn) {
139 cssmPerror("SecKeychainItemSetAccess", ortn);
140 exit(1);
141 }
142
143 /* is that it? */
144 CFRelease(appList);
145 CFRelease(kcRef);
146 CFRelease(identRef);
147 CFRelease(keyRef);
148 CFRelease(accessRef);
149 CFRelease(aclList);
150 if(!quiet) {
151 printf("...success\n");
152 }
153 }