]> git.saurik.com Git - apple/securityd.git/blobdiff - src/authority.cpp
projects / apple / securityd.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
securityd-55137.5.tar.gz
[apple/securityd.git] / src / authority.cpp
diff --git a/src/authority.cpp b/src/authority.cpp
index 5577188bb46abb4d6ca250f6322e8b8e3499b5c0..f3371af3ac581e7a7d6407dd617364db2ce3fced 100644 (file)
--- a/src/authority.cpp
+++ b/src/authority.cpp
@@ -65,13 +65,17 @@ const audit_token_t &auditToken, bool operateAsLeastPrivileged)
        mCreatorUid = mCreatorAuditToken.euid();
        mCreatorGid = mCreatorAuditToken.egid();
 
-       if (sandbox_check(mCreatorPid, "authorization-right-obtain", SANDBOX_FILTER_NONE) != 0)
+       if (sandbox_check(mCreatorPid, "authorization-right-obtain", SANDBOX_CHECK_NO_REPORT) != 0)
                mCreatorSandboxed = true;
        else
                mCreatorSandboxed = false;
        
-       if (SecCodeRef code = Server::process().currentGuest())
-               MacOSError::check(SecCodeCopyStaticCode(code, kSecCSDefaultFlags, &mCreatorCode.aref()));
+       {
+               Process &thisProcess = Server::process();
+               StLock<Mutex> _(thisProcess);
+               if (SecCodeRef code = thisProcess.currentGuest())
+                       MacOSError::check(SecCodeCopyStaticCode(code, kSecCSDefaultFlags, &mCreatorCode.aref()));
+       }
                
        // link to session
        referent(ssn);
@@ -103,6 +107,18 @@ Session &AuthorizationToken::session() const
 }
 
 
+std::string AuthorizationToken::creatorPath() const
+{
+       if (mCreatorCode) {
+               StLock<Mutex> _(mLock);
+               CFRef<CFURLRef> path;
+               if (SecCodeCopyPath(mCreatorCode, kSecCSDefaultFlags, &path.aref()) == noErr)
+                       return cfString(path);
+       }
+       return "unknown";
+}
+
+
 //
 // Locate an authorization given its blob.
 //
@@ -273,7 +289,7 @@ AuthorizationToken::setCredentialInfo(const Credential &inCred, bool savePasswor
     AuthItemRef uidHint("uid", AuthValueOverlay(sizeof(uid), &uid));
     dstInfoSet.insert(uidHint);
  
-    AuthItemRef userHint("username", AuthValueOverlay(inCred->username()), 0);
+    AuthItemRef userHint("username", AuthValueOverlay(inCred->name()), 0);
     dstInfoSet.insert(userHint);
  
        setInfoSet(dstInfoSet, savePassword);
mirror of securityd