X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/5c19dc3ae3bd8e40a9c028b0deddd50ff337692c..7e6b461318c8a779d91381531435a68ee4e8b6ed:/OSX/libsecurity_authorization/lib/trampolineServer.cpp

diff --git a/OSX/libsecurity_authorization/lib/trampolineServer.cpp b/OSX/libsecurity_authorization/lib/trampolineServer.cpp
index bf25a801..fc8c0ffd 100644
--- a/OSX/libsecurity_authorization/lib/trampolineServer.cpp
+++ b/OSX/libsecurity_authorization/lib/trampolineServer.cpp
@@ -29,6 +29,8 @@
 #include <unistd.h>
 #include <Security/Authorization.h>
 #include <Security/SecBase.h>
+#include <dispatch/dispatch.h>
+#include <security_utilities/debugging.h>
 
 //
 // In a tool launched via AuthorizationCopyPrivilegedReference, retrieve a copy
@@ -37,32 +39,46 @@
 OSStatus AuthorizationCopyPrivilegedReference(AuthorizationRef *authorization,
 	AuthorizationFlags flags)
 {
+	secalert("AuthorizationCopyPrivilegedReference is deprecated and functionality will be removed in macOS 10.14 - please update your application");
 	// flags are currently reserved
 	if (flags != 0)
 		return errAuthorizationInvalidFlags;
 
 	// retrieve hex form of external form from environment
 	const char *mboxFdText = getenv("__AUTHORIZATION");
-	if (!mboxFdText)
+	if (!mboxFdText) {
 		return errAuthorizationInvalidRef;
+	}
 
-    // retrieve mailbox file and read external form
-    AuthorizationExternalForm extForm;
-    int fd;
-    if (sscanf(mboxFdText, "auth %d", &fd) != 1)
-        return errAuthorizationInvalidRef;
-    if (lseek(fd, 0, SEEK_SET) ||
-            read(fd, &extForm, sizeof(extForm)) != sizeof(extForm)) {
-        close(fd);
-        return errAuthorizationInvalidRef;
-    }
+	static AuthorizationExternalForm extForm;
+	static OSStatus result = errAuthorizationInvalidRef;
+	static dispatch_once_t onceToken;
+	dispatch_once(&onceToken, ^{
+		// retrieve the pipe and read external form
+		int fd;
+		if (sscanf(mboxFdText, "auth %d", &fd) != 1) {
+			return;
+		}
+		ssize_t numOfBytes = read(fd, &extForm, sizeof(extForm));
+		close(fd);
+		if (numOfBytes == sizeof(extForm)) {
+			result = errAuthorizationSuccess;
+		}
+	});
+
+	if (result) {
+		// we had some trouble with reading the extform
+		return result;
+	}
 
 	// internalize the authorization
 	AuthorizationRef auth;
 	if (OSStatus error = AuthorizationCreateFromExternalForm(&extForm, &auth))
 		return error;
 
-	// well, here you go
-	*authorization = auth;
-	return errSecSuccess;
+	if (authorization) {
+		*authorization = auth;
+	}
+
+	return errAuthorizationSuccess;
 }