+++ /dev/null
-/* Copyright (c) 2012 Apple Inc. All Rights Reserved. */
-
-#include "mechanism.h"
-#include "authdb.h"
-#include "authutilities.h"
-#include "crc.h"
-#include "debugging.h"
-#include "server.h"
-#include "authitems.h"
-
-#define MECHANISM_ID "id"
-#define MECHANISM_PLUGIN "plugin"
-#define MECHANISM_PARAM "param"
-#define MECHANISM_PRIVILEGED "privileged"
-
-static const char SystemPlugins[] = "/System/Library/CoreServices/SecurityAgentPlugins";
-static const char LibraryPlugins[] = "/Library/Security/SecurityAgentPlugins";
-static const char BuiltinMechanismPrefix[] = "builtin";
-
-typedef struct _mechTypeItem
-{
- const char * name;
- uint64_t type;
-} mechTypeItem;
-
-static mechTypeItem mechTypeMap[] =
-{
- { "entitled", kMechanismTypeEntitled }
-};
-
-struct _mechanism_s {
- __AUTH_BASE_STRUCT_HEADER__;
-
- auth_items_t data;
-
- bool valid;
- char * string;
-
- uint64_t type;
-};
-
-static void
-_mechanism_finalize(CFTypeRef value)
-{
- mechanism_t mech = (mechanism_t)value;
-
- CFReleaseSafe(mech->data);
- free_safe(mech->string);
-}
-
-static Boolean
-_mechanism_equal(CFTypeRef value1, CFTypeRef value2)
-{
- mechanism_t mech1 = (mechanism_t)value1;
- mechanism_t mech2 = (mechanism_t)value2;
-
- if (mech1 == mech2) {
- return true;
- }
-
- if (!_compare_string(mechanism_get_plugin(mech1), mechanism_get_plugin(mech2))) {
- return false;
- }
-
- if (!_compare_string(mechanism_get_param(mech1), mechanism_get_param(mech2))) {
- return false;
- }
-
- return mechanism_is_privileged(mech1) == mechanism_is_privileged(mech2);
-}
-
-static CFStringRef
-_mechanism_copy_description(CFTypeRef value)
-{
- mechanism_t mech = (mechanism_t)value;
- return CFCopyDescription(mech->data);
-}
-
-static CFHashCode
-_mechanism_hash(CFTypeRef value)
-{
- uint64_t crc = crc64_init();
- mechanism_t mech = (mechanism_t)value;
-
- const char * str = mechanism_get_plugin(mech);
- crc = crc64_update(crc, str, strlen(str));
- str = mechanism_get_plugin(mech);
- crc = crc64_update(crc, str, strlen(str));
- bool priv = mechanism_is_privileged(mech);
- crc = crc64_update(crc, &priv, sizeof(priv));
- crc = crc64_final(crc);
-
- return crc;
-}
-
-AUTH_TYPE_INSTANCE(mechanism,
- .init = NULL,
- .copy = NULL,
- .finalize = _mechanism_finalize,
- .equal = _mechanism_equal,
- .hash = _mechanism_hash,
- .copyFormattingDesc = NULL,
- .copyDebugDesc = _mechanism_copy_description
- );
-
-static CFTypeID mechanism_get_type_id() {
- static CFTypeID type_id = _kCFRuntimeNotATypeID;
- static dispatch_once_t onceToken;
-
- dispatch_once(&onceToken, ^{
- type_id = _CFRuntimeRegisterClass(&_auth_type_mechanism);
- });
-
- return type_id;
-}
-
-static mechanism_t
-_mechanism_create()
-{
- mechanism_t mech = (mechanism_t)_CFRuntimeCreateInstance(kCFAllocatorDefault, mechanism_get_type_id(), AUTH_CLASS_SIZE(mechanism), NULL);
- require(mech != NULL, done);
-
- mech->data = auth_items_create();
-
-done:
- return mech;
-}
-
-static void _mechanism_set_type(mechanism_t mech)
-{
- const char * plugin = mechanism_get_plugin(mech);
- const char * param = mechanism_get_param(mech);
- if (strncasecmp(plugin, BuiltinMechanismPrefix, sizeof(BuiltinMechanismPrefix)) == 0) {
- size_t n = sizeof(mechTypeMap)/sizeof(mechTypeItem);
- for (size_t i = 0; i < n; i++) {
- if (strcasecmp(mechTypeMap[i].name, param) == 0) {
- mech->type = mechTypeMap[i].type;
- break;
- }
- }
- }
-}
-
-mechanism_t
-mechanism_create_with_sql(auth_items_t sql)
-{
- mechanism_t mech = NULL;
- require(sql != NULL, done);
- require(auth_items_get_int64(sql, MECHANISM_ID) != 0, done);
-
- mech = _mechanism_create();
- require(mech != NULL, done);
-
- auth_items_copy(mech->data, sql);
-
- _mechanism_set_type(mech);
-
-done:
- return mech;
-}
-
-mechanism_t
-mechanism_create_with_string(const char * str, authdb_connection_t dbconn)
-{
- mechanism_t mech = NULL;
- require(str != NULL, done);
- require(strchr(str,':') != NULL, done);
-
- mech = _mechanism_create();
- require(mech != NULL, done);
-
- const char delimiters[] = ":,";
- size_t buf_len = strlen(str)+1;
- char * buf = (char*)calloc(1u, buf_len);
- strlcpy(buf, str, buf_len);
-
- char * tok = strtok(buf, delimiters);
- if (tok) {
- auth_items_set_string(mech->data, MECHANISM_PLUGIN, tok);
- }
- tok = strtok(NULL, delimiters);
- if (tok) {
- auth_items_set_string(mech->data, MECHANISM_PARAM, tok);
- }
- tok = strtok(NULL, delimiters);
- if (tok) {
- auth_items_set_int64(mech->data, MECHANISM_PRIVILEGED, strcasecmp("privileged", tok) == 0);
- }
- free(buf);
-
- if (dbconn) {
- mechanism_sql_fetch(mech, dbconn);
- }
-
- _mechanism_set_type(mech);
-
-done:
- return mech;
-}
-
-static
-bool _pluginExists(const char * plugin, const char * base)
-{
- bool result = false;
-
- require(plugin != NULL, done);
- require(base != NULL, done);
-
- char filePath[PATH_MAX];
- char realPath[PATH_MAX+1];
- snprintf(filePath, sizeof(filePath), "%s/%s.bundle", base, plugin);
-
- require(realpath(filePath, realPath) != NULL, done);
- require(strncmp(realPath, base, strlen(base)) == 0, done);
-
- if (access(filePath, F_OK) == 0) {
- result = true;
- }
-
-done:
- return result;
-}
-
-bool
-mechanism_exists(mechanism_t mech)
-{
- if (mech->valid) {
- return true;
- }
-
- const char * plugin = mechanism_get_plugin(mech);
- if (plugin == NULL) {
- return false;
- }
-
- if (strncasecmp(plugin, BuiltinMechanismPrefix, sizeof(BuiltinMechanismPrefix)) == 0) {
- mech->valid = true;
- return true;
- }
-
- if (_pluginExists(plugin, SystemPlugins)) {
- mech->valid = true;
- return true;
- }
-
- if (_pluginExists(plugin,LibraryPlugins)) {
- mech->valid = true;
- return true;
- }
-
- return false;
-}
-
-bool
-mechanism_sql_fetch(mechanism_t mech, authdb_connection_t dbconn)
-{
- __block bool result = false;
-
- authdb_step(dbconn, "SELECT id FROM mechanisms WHERE plugin = ? AND param = ? AND privileged = ? LIMIT 1", ^(sqlite3_stmt * stmt) {
- sqlite3_bind_text(stmt, 1, mechanism_get_plugin(mech), -1, NULL);
- sqlite3_bind_text(stmt, 2, mechanism_get_param(mech), -1, NULL);
- sqlite3_bind_int(stmt, 3, mechanism_is_privileged(mech));
- }, ^bool(auth_items_t data) {
- result = true;
- auth_items_copy(mech->data, data);
- return true;
- });
-
- return result;
-}
-
-bool
-mechanism_sql_commit(mechanism_t mech, authdb_connection_t dbconn)
-{
- bool result = false;
-
- result = authdb_step(dbconn, "INSERT INTO mechanisms VALUES (NULL,?,?,?)", ^(sqlite3_stmt *stmt) {
- sqlite3_bind_text(stmt, 1, mechanism_get_plugin(mech), -1, NULL);
- sqlite3_bind_text(stmt, 2, mechanism_get_param(mech), -1, NULL);
- sqlite3_bind_int(stmt, 3, mechanism_is_privileged(mech));
- }, NULL);
-
- return result;
-}
-
-const char *
-mechanism_get_string(mechanism_t mech)
-{
- if (!mech->string) {
- asprintf(&mech->string, "%s:%s%s", mechanism_get_plugin(mech), mechanism_get_param(mech), mechanism_is_privileged(mech) ? ",privileged" : "");
- }
-
- return mech->string;
-}
-
-int64_t
-mechanism_get_id(mechanism_t mech)
-{
- return auth_items_get_int64(mech->data, MECHANISM_ID);
-}
-
-const char *
-mechanism_get_plugin(mechanism_t mech)
-{
- return auth_items_get_string(mech->data, MECHANISM_PLUGIN);
-}
-
-const char *
-mechanism_get_param(mechanism_t mech)
-{
- return auth_items_get_string(mech->data, MECHANISM_PARAM);
-}
-
-bool
-mechanism_is_privileged(mechanism_t mech)
-{
- return auth_items_get_int64(mech->data, MECHANISM_PRIVILEGED);
-}
-
-uint64_t
-mechanism_get_type(mechanism_t mech)
-{
- return mech->type;
-}
projects / apple / security.git / blobdiff