X-Git-Url: https://git.saurik.com/apple/securityd.git/blobdiff_plain/f7aa9f666a1c7ab343b4ce8f1677ea253c4e126e..4cd1cad0dea00daa03e1b54fdf2797a02373ad5b:/src/credential.cpp

diff --git a/src/credential.cpp b/src/credential.cpp
index eab7c83..dcb38c2 100644
--- a/src/credential.cpp
+++ b/src/credential.cpp
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000-2004 Apple Computer, Inc. All Rights Reserved.
+ * Copyright (c) 2000-2004,2009 Apple Inc. All Rights Reserved.
  * 
  * @APPLE_LICENSE_HEADER_START@
  * 
@@ -32,16 +32,16 @@ extern "C" int checkpw_internal( const struct passwd *pw, const char* password )
 namespace Authorization {
 
 // default credential: invalid for everything, needed as a default session credential
-CredentialImpl::CredentialImpl() : mUid(0), mShared(false), mName(""), mRealname(""), mCreationTime(CFAbsoluteTimeGetCurrent()), mValid(false), mRight(false)
+CredentialImpl::CredentialImpl() : mShared(false), mRight(false), mUid(0), mName(""), mCreationTime(CFAbsoluteTimeGetCurrent()), mValid(false)
 {
 }
 
 // only for testing whether this credential is usable
-CredentialImpl::CredentialImpl(const uid_t uid, const string &username, const string &realname, bool shared) : mUid(uid), mShared(shared), mName(username), mRealname(realname), mCreationTime(CFAbsoluteTimeGetCurrent()), mValid(true), mRight(false)
+CredentialImpl::CredentialImpl(const uid_t uid, const string &username, const string &realname, bool shared) : mShared(shared), mRight(false), mUid(uid), mName(username), mRealName(realname), mCreationTime(CFAbsoluteTimeGetCurrent()), mValid(true)
 {
 }
 
-CredentialImpl::CredentialImpl(const string &username, const string &password, bool shared) : mShared(shared), mName(username), mCreationTime(CFAbsoluteTimeGetCurrent()), mValid(false), mRight(false)
+CredentialImpl::CredentialImpl(const string &username, const string &password, bool shared) : mShared(shared), mRight(false), mName(username), mCreationTime(CFAbsoluteTimeGetCurrent()), mValid(false)
 {
     Server::active().longTermActivity();
     const char *user = username.c_str();
@@ -55,7 +55,7 @@ CredentialImpl::CredentialImpl(const string &username, const string &password, b
 
         mUid = pw->pw_uid;
         mName = pw->pw_name;
-        mRealname = pw->pw_gecos;
+        mRealName = pw->pw_gecos;
 
         const char *passwd = password.c_str();
         int checkpw_status = checkpw_internal(pw, passwd);
@@ -73,7 +73,10 @@ CredentialImpl::CredentialImpl(const string &username, const string &password, b
     } while (0);
 }
 
-CredentialImpl::CredentialImpl(const string &right, bool shared) : mUid(-2), mShared(shared), mName(right), mCreationTime(CFAbsoluteTimeGetCurrent()), mValid(true), mRight(true)
+// least-privilege
+    // @@@  arguably we don't care about the UID any more and should not
+    // require it in this ctor
+CredentialImpl::CredentialImpl(const string &right, bool shared) : mShared(shared), mRight(true), mUid(-2), mName(right), mRealName(""), mCreationTime(CFAbsoluteTimeGetCurrent()), mValid(true)
 {
 }
 
@@ -84,12 +87,36 @@ CredentialImpl::~CredentialImpl()
 bool
 CredentialImpl::operator < (const CredentialImpl &other) const
 {
-        if (!mShared && other.mShared)
-                return true;
-        if (!other.mShared && mShared)
-                return false;
-
+    // all shared creds are placed into mSessionCreds
+    // all non shared creds are placed into AuthorizationToken
+    //
+    // There are 2 types of credentials UID and Right
+    // UID = Authenticated Identity
+    // Right = Rights which were previously authenticated by a uid credential
+    
+    // Right Credentials are only used during kAuthorizationFlagLeastPrivileged 
+    // operations and should not have a valid uid set    
+
+    // this allows shared and none shared co-exist in the same container
+    // used when processing multiple rights shared vs non-shared during evaluation 
+    if (!mShared && other.mShared)
+        return true;
+    if (!other.mShared && mShared)
+        return false;
+    
+    // this allows uids and rights co-exist in the same container
+    // used when holding onto Rights inside of the AuthorizationToken
+    if (mRight && !other.mRight)
+        return true;
+    if (!mRight && other.mRight)
+        return false;
+    
+    // this is the actual comparision
+    if (mRight) {
+        return mName < other.mName;
+    } else {
         return mUid < other.mUid;
+    }
 }
 
 // Returns true if this CredentialImpl should be shared.
@@ -103,13 +130,18 @@ CredentialImpl::isShared() const
 void
 CredentialImpl::merge(const CredentialImpl &other)
 {
+    // try to ensure that the credentials are the same type
+    assert(mRight == other.mRight);
+    if (mRight)
+        assert(mName == other.mName);
+    else 
         assert(mUid == other.mUid);
 
-        if (other.mValid && (!mValid || mCreationTime < other.mCreationTime))
-        {
-                mCreationTime = other.mCreationTime;
-                mValid = true;
-        }
+    if (other.mValid && (!mValid || mCreationTime < other.mCreationTime))
+    {
+        mCreationTime = other.mCreationTime;
+        mValid = true;
+    }
 }
 
 // The time at which this credential was obtained.