]> git.saurik.com Git - apple/securityd.git/blob - tests/exectest.cpp
projects / apple / securityd.git / blob
? search:


8809f29f7da7f69457114be9c5f115114dbeff7e
[apple/securityd.git] / tests / exectest.cpp
1 /*
2 * Copyright (c) 2000-2001,2004 Apple Computer, Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * Copyright (c) 1999-2003 Apple Computer, Inc. All Rights Reserved.
7 *
8 * This file contains Original Code and/or Modifications of Original Code
9 * as defined in and that are subject to the Apple Public Source License
10 * Version 2.0 (the 'License'). You may not use this file except in
11 * compliance with the License. Please obtain a copy of the License at
12 * http://www.opensource.apple.com/apsl/ and read it before using this
13 * file.
14 *
15 * The Original Code and all software distributed under the License are
16 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
17 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
18 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
19 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
20 * Please see the License for the specific language governing rights and
21 * limitations under the License.
22 *
23 * @APPLE_LICENSE_HEADER_END@
24 */
25
26
27 //
28 // Exectest - privileged-execution test driver
29 //
30 #include <Security/Authorization.h>
31 #include <unistd.h>
32 #include <stdlib.h>
33
34
35 void doLoopback(int argc, char *argv[]);
36
37
38 int main(int argc, char **argv)
39 {
40 const char *path = "/usr/bin/id";
41 bool writeToPipe = false;
42 bool loopback = false;
43
44 int arg;
45 extern char *optarg;
46 extern int optind;
47 while ((arg = getopt(argc, argv, "f:lLw")) != -1) {
48 switch (arg) {
49 case 'f':
50 path = optarg;
51 break;
52 case 'l':
53 loopback = true;
54 break;
55 case 'L':
56 doLoopback(argc, argv);
57 exit(0);
58 case 'w':
59 writeToPipe = true;
60 break;
61 case '?':
62 exit(2);
63 }
64 }
65
66 AuthorizationItem right = { "system.privilege.admin", 0, NULL, 0 };
67 AuthorizationRights rights = { 1, &right };
68
69 AuthorizationRef auth;
70 if (OSStatus error = AuthorizationCreate(&rights, NULL /*env*/,
71 kAuthorizationFlagInteractionAllowed |
72 kAuthorizationFlagExtendRights |
73 kAuthorizationFlagPreAuthorize,
74 &auth)) {
75 printf("create error %ld\n", error);
76 exit(1);
77 }
78
79 if (loopback) {
80 path = argv[0];
81 argv[--optind] = "-L"; // backing over existing array element
82 }
83
84 FILE *f;
85 if (OSStatus error = AuthorizationExecuteWithPrivileges(auth,
86 path, 0, argv + optind, &f)) {
87 printf("exec error %ld\n", error);
88 exit(1);
89 }
90 printf("--- execute successful ---\n");
91 if (writeToPipe) {
92 char buffer[1024];
93 while (fgets(buffer, sizeof(buffer), stdin))
94 fprintf(f, "%s", buffer);
95 } else {
96 char buffer[1024];
97 while (fgets(buffer, sizeof(buffer), f))
98 printf("%s", buffer);
99 }
100 printf("--- end of output ---\n");
101 exit(0);
102 }
103
104
105 void doLoopback(int argc, char *argv[])
106 {
107 // general status
108 printf("Authorization Execution Loopback Test\n");
109 printf("Invoked as");
110 for (int n = 0; argv[n]; n++)
111 printf(" %s", argv[n]);
112 printf("\n");
113
114 // recover the authorization handle
115 AuthorizationRef auth;
116 if (OSStatus err = AuthorizationCopyPrivilegedReference(&auth, 0)) {
117 printf("Cannot recover AuthorizationRef: error=%ld\n", err);
118 exit(1);
119 }
120
121 printf("AuthorizationRef recovered.\n");
122 }
mirror of securityd