]> git.saurik.com Git - apple/security.git/blobdiff - OSX/libsecurity_authorization/lib/trampolineServer.cpp
projects / apple / security.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Security-59306.61.1.tar.gz
[apple/security.git] / OSX / libsecurity_authorization / lib / trampolineServer.cpp
diff --git a/OSX/libsecurity_authorization/lib/trampolineServer.cpp b/OSX/libsecurity_authorization/lib/trampolineServer.cpp
index bf25a801d53eab9874abe4113ab9426466f40332..fc8c0ffdfd93e3f8e7261a904dd0d889d1c80466 100644 (file)
--- a/OSX/libsecurity_authorization/lib/trampolineServer.cpp
+++ b/OSX/libsecurity_authorization/lib/trampolineServer.cpp
@@ -29,6 +29,8 @@
 #include <unistd.h>
 #include <Security/Authorization.h>
 #include <Security/SecBase.h>
 #include <unistd.h>
 #include <Security/Authorization.h>
 #include <Security/SecBase.h>
+#include <dispatch/dispatch.h>
+#include <security_utilities/debugging.h>
 
 //
 // In a tool launched via AuthorizationCopyPrivilegedReference, retrieve a copy
 
 //
 // In a tool launched via AuthorizationCopyPrivilegedReference, retrieve a copy
@@ -37,32 +39,46 @@
 OSStatus AuthorizationCopyPrivilegedReference(AuthorizationRef *authorization,
        AuthorizationFlags flags)
 {
 OSStatus AuthorizationCopyPrivilegedReference(AuthorizationRef *authorization,
        AuthorizationFlags flags)
 {
+       secalert("AuthorizationCopyPrivilegedReference is deprecated and functionality will be removed in macOS 10.14 - please update your application");
        // flags are currently reserved
        if (flags != 0)
                return errAuthorizationInvalidFlags;
 
        // retrieve hex form of external form from environment
        const char *mboxFdText = getenv("__AUTHORIZATION");
        // flags are currently reserved
        if (flags != 0)
                return errAuthorizationInvalidFlags;
 
        // retrieve hex form of external form from environment
        const char *mboxFdText = getenv("__AUTHORIZATION");
-       if (!mboxFdText)
+       if (!mboxFdText) {
                return errAuthorizationInvalidRef;
                return errAuthorizationInvalidRef;
+       }
 
 
-    // retrieve mailbox file and read external form
-    AuthorizationExternalForm extForm;
-    int fd;
-    if (sscanf(mboxFdText, "auth %d", &fd) != 1)
-        return errAuthorizationInvalidRef;
-    if (lseek(fd, 0, SEEK_SET) ||
-            read(fd, &extForm, sizeof(extForm)) != sizeof(extForm)) {
-        close(fd);
-        return errAuthorizationInvalidRef;
-    }
+       static AuthorizationExternalForm extForm;
+       static OSStatus result = errAuthorizationInvalidRef;
+       static dispatch_once_t onceToken;
+       dispatch_once(&onceToken, ^{
+               // retrieve the pipe and read external form
+               int fd;
+               if (sscanf(mboxFdText, "auth %d", &fd) != 1) {
+                       return;
+               }
+               ssize_t numOfBytes = read(fd, &extForm, sizeof(extForm));
+               close(fd);
+               if (numOfBytes == sizeof(extForm)) {
+                       result = errAuthorizationSuccess;
+               }
+       });
+
+       if (result) {
+               // we had some trouble with reading the extform
+               return result;
+       }
 
        // internalize the authorization
        AuthorizationRef auth;
        if (OSStatus error = AuthorizationCreateFromExternalForm(&extForm, &auth))
                return error;
 
 
        // internalize the authorization
        AuthorizationRef auth;
        if (OSStatus error = AuthorizationCreateFromExternalForm(&extForm, &auth))
                return error;
 
-       // well, here you go
-       *authorization = auth;
-       return errSecSuccess;
+       if (authorization) {
+               *authorization = auth;
+       }
+
+       return errAuthorizationSuccess;
 }
 }
mirror of Security