<key>timeout</key>
<integer>60</integer>
</dict>
+ <key>com.apple.Safari.show-passwords</key>
+ <dict>
+ <key>class</key>
+ <string>user</string>
+ <key>comment</key>
+ <string>This right is used by Safari to show passwords </string>
+ <key>default-prompt</key>
+ <dict>
+ <key>ar</key>
+ <string>يحاول __APPNAME__ إظهار كلمات السر.</string>
+ <key>ca</key>
+ <string>__APPNAME__ està intentant mostrar les contrasenyes.</string>
+ <key>cs</key>
+ <string>__APPNAME__ se pokouší zobrazit hesla.</string>
+ <key>da</key>
+ <string>__APPNAME__ prøver at vise adgangskoder.</string>
+ <key>de</key>
+ <string>__APPNAME__ versucht, Kennwörter einzublenden.</string>
+ <key>el</key>
+ <string>Η εφαρμογή «__APPNAME__» προσπαθεί να εμφανίσει συνθηματικά.</string>
+ <key>en</key>
+ <string>__APPNAME__ is trying to show passwords.</string>
+ <key>es</key>
+ <string>__APPNAME__ está intentando mostrar las contraseñas.</string>
+ <key>fi</key>
+ <string>__APPNAME__ yrittää näyttää salasanat.</string>
+ <key>fr</key>
+ <string>__APPNAME__ essaye d’afficher les mots de passe.</string>
+ <key>he</key>
+ <string>__APPNAME__ מנסה להציג סיסמאות.</string>
+ <key>hr</key>
+ <string>__APPNAME__ pokušava prikazati lozinke.</string>
+ <key>hu</key>
+ <string>A(z) __APPNAME__ megpróbálja megjeleníteni a jelszavakat.</string>
+ <key>it</key>
+ <string>__APPNAME__ tenta di mostrare le password.</string>
+ <key>ja</key>
+ <string>__APPNAME__ は、パスワードを表示しようとしています。</string>
+ <key>ko</key>
+ <string>__APPNAME__이(가) 암호를 보려고 합니다.</string>
+ <key>nb</key>
+ <string>__APPNAME__ prøver å vise passord.</string>
+ <key>nl</key>
+ <string>__APPNAME__ probeert wachtwoorden te tonen.</string>
+ <key>pl</key>
+ <string>__APPNAME__ próbuje pokazać hasła.</string>
+ <key>pt</key>
+ <string>__APPNAME__ está tentando mostrar senhas.</string>
+ <key>pt-PT</key>
+ <string>O __APPNAME__ está a tentar mostrar palavras‑passe.</string>
+ <key>ro</key>
+ <string>__APPNAME__ încearcă să afișeze parole.</string>
+ <key>ru</key>
+ <string>Программа «__APPNAME__» пытается показать пароли.</string>
+ <key>sk</key>
+ <string>Aplikácia __APPNAME__ sa pokúša zobraziť heslá.</string>
+ <key>sv</key>
+ <string>__APPNAME__ försöker visa lösenord.</string>
+ <key>th</key>
+ <string>__APPNAME__ กำลังพยายามแสดงรหัสผ่าน</string>
+ <key>tr</key>
+ <string>__APPNAME__ parolaları göstermeye çalışıyor.</string>
+ <key>uk</key>
+ <string>__APPNAME__ намагається показати паролі.</string>
+ <key>zh-Hans</key>
+ <string>“__APPNAME__” 正在尝试显示密码。</string>
+ <key>zh-Hant</key>
+ <string>“__APPNAME__” 正在嘗試顯示密碼。</string>
+ </dict>
+ <key>session-owner</key>
+ <true/>
+ <key>shared</key>
+ <false/>
+ <key>timeout</key>
+ <integer>10</integer>
+ </dict>
<key>com.apple.ServiceManagement.blesshelper</key>
<dict>
<key>class</key>
<key>shared</key>
<false/>
</dict>
+ <key>com.apple.library-repair</key>
+ <dict>
+ <key>class</key>
+ <string>user</string>
+ <key>default-button</key>
+ <dict>
+ <key>ar</key>
+ <string>تصليح</string>
+ <key>ca</key>
+ <string>Reparar</string>
+ <key>cs</key>
+ <string>Opravit</string>
+ <key>da</key>
+ <string>Reparer</string>
+ <key>de</key>
+ <string>Reparieren</string>
+ <key>el</key>
+ <string>Επισκευή</string>
+ <key>en</key>
+ <string>Repair</string>
+ <key>es</key>
+ <string>Reparar</string>
+ <key>fi</key>
+ <string>Korjaa</string>
+ <key>fr</key>
+ <string>Réparer</string>
+ <key>he</key>
+ <string>תקן</string>
+ <key>hr</key>
+ <string>Popravi</string>
+ <key>hu</key>
+ <string>Javítás</string>
+ <key>it</key>
+ <string>Ripara</string>
+ <key>ja</key>
+ <string>修復</string>
+ <key>ko</key>
+ <string>복구</string>
+ <key>nb</key>
+ <string>Reparer</string>
+ <key>nl</key>
+ <string>Herstel</string>
+ <key>pl</key>
+ <string>Napraw</string>
+ <key>pt</key>
+ <string>Reparar</string>
+ <key>pt-PT</key>
+ <string>Reparar</string>
+ <key>ro</key>
+ <string>Repară</string>
+ <key>ru</key>
+ <string>Исправить</string>
+ <key>sk</key>
+ <string>Opraviť</string>
+ <key>sv</key>
+ <string>Reparera</string>
+ <key>th</key>
+ <string>ซ่อมแซม</string>
+ <key>tr</key>
+ <string>Onar</string>
+ <key>uk</key>
+ <string>Полагодити</string>
+ <key>zh-Hans</key>
+ <string>修复</string>
+ <key>zh-Hant</key>
+ <string>修復</string>
+ </dict>
+ <key>default-prompt</key>
+ <dict>
+ <key>ar</key>
+ <string>يحاول __APPNAME__ تصليح مكتبة الصور الخاصة بك.</string>
+ <key>ca</key>
+ <string>__APPNAME__ està provant de reparar la vostra fototeca.</string>
+ <key>cs</key>
+ <string>__APPNAME__ se pokouší opravit vaši knihovnu fotografií.</string>
+ <key>da</key>
+ <string>__APPNAME__ prøver at reparere dit fotobibliotek.</string>
+ <key>de</key>
+ <string>__APPNAME__ versucht, Ihre Fotomediathek zu reparieren.</string>
+ <key>el</key>
+ <string>Η εφαρμογή __APPNAME__ προσπαθεί να επισκευάσει τη βιβλιοθήκη φωτογραφιών σας.</string>
+ <key>en</key>
+ <string>__APPNAME__ is trying to repair your photo library.</string>
+ <key>es</key>
+ <string>__APPNAME__ está intentando reparar su fototeca.</string>
+ <key>fi</key>
+ <string>__APPNAME__ yrittää korjata kuvakirjastoasi.</string>
+ <key>fr</key>
+ <string>__APPNAME__ essaie de réparer votre bibliothèque de photos.</string>
+ <key>he</key>
+ <string>__APPNAME__ מנסה לתקן את ספריית התמונות שלך.</string>
+ <key>hr</key>
+ <string>__APPNAME__ pokušava popraviti vašu medijateku fotografija.</string>
+ <key>hu</key>
+ <string>A(z) __APPNAME__ megpróbálja kijavítani a fotókönyvtárat.</string>
+ <key>it</key>
+ <string>__APPNAME__ tenta di riparare la libreria foto.</string>
+ <key>ja</key>
+ <string>__APPNAME__ は、フォトライブラリを修復しようとしています。</string>
+ <key>ko</key>
+ <string>__APPNAME__이(가) 사용자의 사진 보관함을 복구하려고 합니다.</string>
+ <key>nb</key>
+ <string>_APPNAME_ forsøker å reparere bildebiblioteket.</string>
+ <key>nl</key>
+ <string>__APPNAME__ probeert uw fotobibliotheek te herstellen.</string>
+ <key>pl</key>
+ <string>__APPNAME__ próbuje naprawić Twoją bibliotekę zdjęć.</string>
+ <key>pt</key>
+ <string>__APPNAME__ está tentando reparar a sua fototeca.</string>
+ <key>pt-PT</key>
+ <string>__APPNAME__ está a tentar reparar a sua fototeca.</string>
+ <key>ro</key>
+ <string>__APPNAME__ încearcă să repare biblioteca dvs. foto.</string>
+ <key>ru</key>
+ <string>Программа «__APPNAME__» пытается исправить Вашу медиатеку.</string>
+ <key>sk</key>
+ <string>Aplikácia __APPNAME__ sa pokúša opraviť vašu knižnicu fotografií.</string>
+ <key>sv</key>
+ <string>__APPNAME__ försöker reparera ditt bildbibliotek.</string>
+ <key>th</key>
+ <string>__APPNAME__ กำลังพยายามซ่อมแซมคลังรูปภาพของคุณ</string>
+ <key>tr</key>
+ <string>__APPNAME__ fotoğraf arşivinizi onarmaya çalışıyor.</string>
+ <key>uk</key>
+ <string>__APPNAME__ намагається полагодити вашу фототеку.</string>
+ <key>zh-Hans</key>
+ <string>__APPNAME__ 正在尝试修复您的照片图库。</string>
+ <key>zh-Hant</key>
+ <string>__APPNAME__ 正在嘗試修復您的照片圖庫。</string>
+ </dict>
+ <key>group</key>
+ <string>admin</string>
+ </dict>
<key>com.apple.pcastagentconfigd.</key>
<dict>
<key>allow-root</key>
<key>shared</key>
<false/>
</dict>
+ <key>com.apple.security.assessment.update</key>
+ <dict>
+ <key>class</key>
+ <string>rule</string>
+ <key>default-button</key>
+ <dict>
+ <key>ar</key>
+ <string>تعديل الإعدادات</string>
+ <key>ca</key>
+ <string>Modificar la configuració</string>
+ <key>cs</key>
+ <string>Změnit nastavení</string>
+ <key>da</key>
+ <string>Juster indstillinger</string>
+ <key>de</key>
+ <string>Einstellungen ändern</string>
+ <key>el</key>
+ <string>Τροποποίηση ρυθμίσεων</string>
+ <key>en</key>
+ <string>Modify Settings</string>
+ <key>es</key>
+ <string>Modificar ajustes</string>
+ <key>fi</key>
+ <string>Muokkaa asetuksia</string>
+ <key>fr</key>
+ <string>Modifer les réglages</string>
+ <key>he</key>
+ <string>ערוך/י הגדרות</string>
+ <key>hr</key>
+ <string>Preinači postavke</string>
+ <key>hu</key>
+ <string>Beállítások módosítása</string>
+ <key>it</key>
+ <string>Modifica impostazioni</string>
+ <key>ja</key>
+ <string>設定を変更</string>
+ <key>ko</key>
+ <string>설정 수정</string>
+ <key>nb</key>
+ <string>Endre innstillinger</string>
+ <key>nl</key>
+ <string>Wijzig instellingen</string>
+ <key>pl</key>
+ <string>Zmień ustawienia</string>
+ <key>pt</key>
+ <string>Modificar Ajustes</string>
+ <key>pt-PT</key>
+ <string>Modificar definições</string>
+ <key>ro</key>
+ <string>Schimbă configurările</string>
+ <key>ru</key>
+ <string>Модифицировать настройки</string>
+ <key>sk</key>
+ <string>Upraviť nastavenia</string>
+ <key>sv</key>
+ <string>Ändra inställningar</string>
+ <key>th</key>
+ <string>แก้ไขค่าติดตั้ง</string>
+ <key>tr</key>
+ <string>Ayarları Değiştir</string>
+ <key>uk</key>
+ <string>Змінити параметри</string>
+ <key>zh-Hans</key>
+ <string>修改设置</string>
+ <key>zh-Hant</key>
+ <string>修改設定</string>
+ </dict>
+ <key>default-prompt</key>
+ <dict>
+ <key>ar</key>
+ <string>يحاول __APPNAME__ السماح لعنصر بأن يكون قيد التشغيل دائمًا.</string>
+ <key>ca</key>
+ <string>__APPNAME__ està provant d’autoritzar un ítem perquè s’executi sempre.</string>
+ <key>cs</key>
+ <string>__APPNAME__ se pokouší nějaké položce povolit, aby byla vždy spuštěna.</string>
+ <key>da</key>
+ <string>__APPNAME__ prøver at give et emne lov til at være aktivt hele tiden.</string>
+ <key>de</key>
+ <string>__APPNAME__ versucht, einem Objekt die Ausführung immer zu erlauben.</string>
+ <key>el</key>
+ <string>Η εφαρμογή «__APPNAME__» προσπαθεί να επιτρέψει σε ένα στοιχείο να εκτελείται πάντα.</string>
+ <key>en</key>
+ <string>__APPNAME__ is trying to allow an item to always run.</string>
+ <key>es</key>
+ <string>__APPNAME__ está intentando permitir que un ítem se ejecute siempre.</string>
+ <key>fi</key>
+ <string>__APPNAME__ yrittää sallia, että kohde on aina käytössä.</string>
+ <key>fr</key>
+ <string>__APPNAME__ essaye d’autoriser un élément à s’exécuter en continu.</string>
+ <key>he</key>
+ <string>__APPNAME__ מנסה לאפשר לפריט לפעול באופן קבוע.</string>
+ <key>hr</key>
+ <string>__APPNAME__ pokušava dozvoliti stavci da uvijek bude pokrenuta.</string>
+ <key>hu</key>
+ <string>A(z) __APPNAME__ megpróbál beállítani egy elemet, hogy az mindig fusson.</string>
+ <key>it</key>
+ <string>__APPNAME__ tenta di consentire che un elemento venga sempre eseguito.</string>
+ <key>ja</key>
+ <string>__APPNAME__ は、項目が常時動作することを許可しようとしています。</string>
+ <key>ko</key>
+ <string>__APPNAME__이(가) 항목이 항상 실행되는 것을 허용하려고 합니다.</string>
+ <key>nb</key>
+ <string>__APPNAME__ prøver å tillate at et program alltid kjører.</string>
+ <key>nl</key>
+ <string>__APPNAME__ probeert een onderdeel toe te staan dat het altijd wordt uitgevoerd.</string>
+ <key>pl</key>
+ <string>__APPNAME__ próbuje zezwolić, aby rzecz była zawsze uruchamiana.</string>
+ <key>pt</key>
+ <string>O __APPNAME__ está tentando autorizar um item a ser executado permanentemente.</string>
+ <key>pt-PT</key>
+ <string>O __APPNAME__ está a tentar dar autorização a um elemento para permanecer constantemente aberto.</string>
+ <key>ro</key>
+ <string>__APPNAME__ încearcă să-i permită unui articol să ruleze întotdeauna.</string>
+ <key>ru</key>
+ <string>Программа «__APPNAME__» пытается разрешить объекту постоянно выполнять работу.</string>
+ <key>sk</key>
+ <string>Aplikácia __APPNAME__ sa pokúša povoliť spúšťanie položky. </string>
+ <key>sv</key>
+ <string>__APPNAME__ försöker tillåta ett objekt att alltid köras.</string>
+ <key>th</key>
+ <string>__APPNAME__กำลังพยายามอนุญาตรายการให้ทำงานเสมอ</string>
+ <key>tr</key>
+ <string>__APPNAME__, bir öğenin her zaman çalışmasına izin vermeye çalışıyor.</string>
+ <key>uk</key>
+ <string>__APPNAME__ намагається дозволити елементу завжди запускатися.</string>
+ <key>zh-Hans</key>
+ <string>“__APPNAME__”正在尝试允许一个项目始终运行。</string>
+ <key>zh-Hant</key>
+ <string>“__APPNAME__”正在嘗試允許某個項目持續執行。</string>
+ </dict>
+ <key>rule</key>
+ <string>root-or-entitled-admin-or-authenticate-admin</string>
+ </dict>
<key>com.apple.server.admin.streaming</key>
<dict>
<key>allow-root</key>
<key>fr</key>
<string>__APPNAME__ essaye d’installer un nouveau logiciel.</string>
<key>he</key>
- <string>״ __APPNAME__״ מבקש להתקין תוכנות חדשות.</string>
+ <string>״__APPNAME__״ מבקש להתקין תוכנות חדשות.</string>
<key>hr</key>
<string>__APPNAME__ pokušava instalirati novi softver.</string>
<key>hu</key>
<true/>
</dict>
</dict>
+ <key>rules</key>
+ <dict>
+ <key>root-or-entitled-admin-or-authenticate-admin</key>
+ <dict>
+ <key>class</key>
+ <string>rule</string>
+ <key>k-of-n</key>
+ <integer>1</integer>
+ <key>rule</key>
+ <array>
+ <string>is-root</string>
+ <string>entitled-admin-or-authenticate-admin</string>
+ </array>
+ </dict>
+ </dict>
</dict>
</plist>
<key>timeout</key>
<integer>60</integer>
</dict>
+ <key>com.apple.Safari.show-passwords</key>
+ <dict>
+ <key>class</key>
+ <string>user</string>
+ <key>comment</key>
+ <string>This right is used by Safari to show passwords </string>
+ <key>default-prompt</key>
+ <dict>
+ <key>ar</key>
+ <string>يحاول __APPNAME__ إظهار كلمات السر.</string>
+ <key>ca</key>
+ <string>__APPNAME__ està intentant mostrar les contrasenyes.</string>
+ <key>cs</key>
+ <string>__APPNAME__ se pokouší zobrazit hesla.</string>
+ <key>da</key>
+ <string>__APPNAME__ prøver at vise adgangskoder.</string>
+ <key>de</key>
+ <string>__APPNAME__ versucht, Kennwörter einzublenden.</string>
+ <key>el</key>
+ <string>Η εφαρμογή «__APPNAME__» προσπαθεί να εμφανίσει συνθηματικά.</string>
+ <key>en</key>
+ <string>__APPNAME__ is trying to show passwords.</string>
+ <key>es</key>
+ <string>__APPNAME__ está intentando mostrar las contraseñas.</string>
+ <key>fi</key>
+ <string>__APPNAME__ yrittää näyttää salasanat.</string>
+ <key>fr</key>
+ <string>__APPNAME__ essaye d’afficher les mots de passe.</string>
+ <key>he</key>
+ <string>__APPNAME__ מנסה להציג סיסמאות.</string>
+ <key>hr</key>
+ <string>__APPNAME__ pokušava prikazati lozinke.</string>
+ <key>hu</key>
+ <string>A(z) __APPNAME__ megpróbálja megjeleníteni a jelszavakat.</string>
+ <key>it</key>
+ <string>__APPNAME__ tenta di mostrare le password.</string>
+ <key>ja</key>
+ <string>__APPNAME__ は、パスワードを表示しようとしています。</string>
+ <key>ko</key>
+ <string>__APPNAME__이(가) 암호를 보려고 합니다.</string>
+ <key>nb</key>
+ <string>__APPNAME__ prøver å vise passord.</string>
+ <key>nl</key>
+ <string>__APPNAME__ probeert wachtwoorden te tonen.</string>
+ <key>pl</key>
+ <string>__APPNAME__ próbuje pokazać hasła.</string>
+ <key>pt</key>
+ <string>__APPNAME__ está tentando mostrar senhas.</string>
+ <key>pt-PT</key>
+ <string>O __APPNAME__ está a tentar mostrar palavras‑passe.</string>
+ <key>ro</key>
+ <string>__APPNAME__ încearcă să afișeze parole.</string>
+ <key>ru</key>
+ <string>Программа «__APPNAME__» пытается показать пароли.</string>
+ <key>sk</key>
+ <string>Aplikácia __APPNAME__ sa pokúša zobraziť heslá.</string>
+ <key>sv</key>
+ <string>__APPNAME__ försöker visa lösenord.</string>
+ <key>th</key>
+ <string>__APPNAME__ กำลังพยายามแสดงรหัสผ่าน</string>
+ <key>tr</key>
+ <string>__APPNAME__ parolaları göstermeye çalışıyor.</string>
+ <key>uk</key>
+ <string>__APPNAME__ намагається показати паролі.</string>
+ <key>zh-Hans</key>
+ <string>“__APPNAME__” 正在尝试显示密码。</string>
+ <key>zh-Hant</key>
+ <string>“__APPNAME__” 正在嘗試顯示密碼。</string>
+ </dict>
+ <key>session-owner</key>
+ <true/>
+ <key>shared</key>
+ <false/>
+ <key>timeout</key>
+ <integer>10</integer>
+ </dict>
<key>com.apple.ServiceManagement.blesshelper</key>
<dict>
<key>class</key>
<key>shared</key>
<false/>
</dict>
+ <key>com.apple.library-repair</key>
+ <dict>
+ <key>class</key>
+ <string>user</string>
+ <key>default-button</key>
+ <dict>
+ <key>ar</key>
+ <string>تصليح</string>
+ <key>ca</key>
+ <string>Reparar</string>
+ <key>cs</key>
+ <string>Opravit</string>
+ <key>da</key>
+ <string>Reparer</string>
+ <key>de</key>
+ <string>Reparieren</string>
+ <key>el</key>
+ <string>Επισκευή</string>
+ <key>en</key>
+ <string>Repair</string>
+ <key>es</key>
+ <string>Reparar</string>
+ <key>fi</key>
+ <string>Korjaa</string>
+ <key>fr</key>
+ <string>Réparer</string>
+ <key>he</key>
+ <string>תקן</string>
+ <key>hr</key>
+ <string>Popravi</string>
+ <key>hu</key>
+ <string>Javítás</string>
+ <key>it</key>
+ <string>Ripara</string>
+ <key>ja</key>
+ <string>修復</string>
+ <key>ko</key>
+ <string>복구</string>
+ <key>nb</key>
+ <string>Reparer</string>
+ <key>nl</key>
+ <string>Herstel</string>
+ <key>pl</key>
+ <string>Napraw</string>
+ <key>pt</key>
+ <string>Reparar</string>
+ <key>pt-PT</key>
+ <string>Reparar</string>
+ <key>ro</key>
+ <string>Repară</string>
+ <key>ru</key>
+ <string>Исправить</string>
+ <key>sk</key>
+ <string>Opraviť</string>
+ <key>sv</key>
+ <string>Reparera</string>
+ <key>th</key>
+ <string>ซ่อมแซม</string>
+ <key>tr</key>
+ <string>Onar</string>
+ <key>uk</key>
+ <string>Полагодити</string>
+ <key>zh-Hans</key>
+ <string>修复</string>
+ <key>zh-Hant</key>
+ <string>修復</string>
+ </dict>
+ <key>default-prompt</key>
+ <dict>
+ <key>ar</key>
+ <string>يحاول __APPNAME__ تصليح مكتبة الصور الخاصة بك.</string>
+ <key>ca</key>
+ <string>__APPNAME__ està provant de reparar la vostra fototeca.</string>
+ <key>cs</key>
+ <string>__APPNAME__ se pokouší opravit vaši knihovnu fotografií.</string>
+ <key>da</key>
+ <string>__APPNAME__ prøver at reparere dit fotobibliotek.</string>
+ <key>de</key>
+ <string>__APPNAME__ versucht, Ihre Fotomediathek zu reparieren.</string>
+ <key>el</key>
+ <string>Η εφαρμογή __APPNAME__ προσπαθεί να επισκευάσει τη βιβλιοθήκη φωτογραφιών σας.</string>
+ <key>en</key>
+ <string>__APPNAME__ is trying to repair your photo library.</string>
+ <key>es</key>
+ <string>__APPNAME__ está intentando reparar su fototeca.</string>
+ <key>fi</key>
+ <string>__APPNAME__ yrittää korjata kuvakirjastoasi.</string>
+ <key>fr</key>
+ <string>__APPNAME__ essaie de réparer votre bibliothèque de photos.</string>
+ <key>he</key>
+ <string>__APPNAME__ מנסה לתקן את ספריית התמונות שלך.</string>
+ <key>hr</key>
+ <string>__APPNAME__ pokušava popraviti vašu medijateku fotografija.</string>
+ <key>hu</key>
+ <string>A(z) __APPNAME__ megpróbálja kijavítani a fotókönyvtárat.</string>
+ <key>it</key>
+ <string>__APPNAME__ tenta di riparare la libreria foto.</string>
+ <key>ja</key>
+ <string>__APPNAME__ は、フォトライブラリを修復しようとしています。</string>
+ <key>ko</key>
+ <string>__APPNAME__이(가) 사용자의 사진 보관함을 복구하려고 합니다.</string>
+ <key>nb</key>
+ <string>_APPNAME_ forsøker å reparere bildebiblioteket.</string>
+ <key>nl</key>
+ <string>__APPNAME__ probeert uw fotobibliotheek te herstellen.</string>
+ <key>pl</key>
+ <string>__APPNAME__ próbuje naprawić Twoją bibliotekę zdjęć.</string>
+ <key>pt</key>
+ <string>__APPNAME__ está tentando reparar a sua fototeca.</string>
+ <key>pt-PT</key>
+ <string>__APPNAME__ está a tentar reparar a sua fototeca.</string>
+ <key>ro</key>
+ <string>__APPNAME__ încearcă să repare biblioteca dvs. foto.</string>
+ <key>ru</key>
+ <string>Программа «__APPNAME__» пытается исправить Вашу медиатеку.</string>
+ <key>sk</key>
+ <string>Aplikácia __APPNAME__ sa pokúša opraviť vašu knižnicu fotografií.</string>
+ <key>sv</key>
+ <string>__APPNAME__ försöker reparera ditt bildbibliotek.</string>
+ <key>th</key>
+ <string>__APPNAME__ กำลังพยายามซ่อมแซมคลังรูปภาพของคุณ</string>
+ <key>tr</key>
+ <string>__APPNAME__ fotoğraf arşivinizi onarmaya çalışıyor.</string>
+ <key>uk</key>
+ <string>__APPNAME__ намагається полагодити вашу фототеку.</string>
+ <key>zh-Hans</key>
+ <string>__APPNAME__ 正在尝试修复您的照片图库。</string>
+ <key>zh-Hant</key>
+ <string>__APPNAME__ 正在嘗試修復您的照片圖庫。</string>
+ </dict>
+ <key>group</key>
+ <string>admin</string>
+ </dict>
<key>com.apple.pcastagentconfigd.</key>
<dict>
<key>allow-root</key>
<key>shared</key>
<false/>
</dict>
+ <key>com.apple.security.assessment.update</key>
+ <dict>
+ <key>class</key>
+ <string>rule</string>
+ <key>default-button</key>
+ <dict>
+ <key>ar</key>
+ <string>تعديل الإعدادات</string>
+ <key>ca</key>
+ <string>Modificar la configuració</string>
+ <key>cs</key>
+ <string>Změnit nastavení</string>
+ <key>da</key>
+ <string>Juster indstillinger</string>
+ <key>de</key>
+ <string>Einstellungen ändern</string>
+ <key>el</key>
+ <string>Τροποποίηση ρυθμίσεων</string>
+ <key>en</key>
+ <string>Modify Settings</string>
+ <key>es</key>
+ <string>Modificar ajustes</string>
+ <key>fi</key>
+ <string>Muokkaa asetuksia</string>
+ <key>fr</key>
+ <string>Modifer les réglages</string>
+ <key>he</key>
+ <string>ערוך/י הגדרות</string>
+ <key>hr</key>
+ <string>Preinači postavke</string>
+ <key>hu</key>
+ <string>Beállítások módosítása</string>
+ <key>it</key>
+ <string>Modifica impostazioni</string>
+ <key>ja</key>
+ <string>設定を変更</string>
+ <key>ko</key>
+ <string>설정 수정</string>
+ <key>nb</key>
+ <string>Endre innstillinger</string>
+ <key>nl</key>
+ <string>Wijzig instellingen</string>
+ <key>pl</key>
+ <string>Zmień ustawienia</string>
+ <key>pt</key>
+ <string>Modificar Ajustes</string>
+ <key>pt-PT</key>
+ <string>Modificar definições</string>
+ <key>ro</key>
+ <string>Schimbă configurările</string>
+ <key>ru</key>
+ <string>Модифицировать настройки</string>
+ <key>sk</key>
+ <string>Upraviť nastavenia</string>
+ <key>sv</key>
+ <string>Ändra inställningar</string>
+ <key>th</key>
+ <string>แก้ไขค่าติดตั้ง</string>
+ <key>tr</key>
+ <string>Ayarları Değiştir</string>
+ <key>uk</key>
+ <string>Змінити параметри</string>
+ <key>zh-Hans</key>
+ <string>修改设置</string>
+ <key>zh-Hant</key>
+ <string>修改設定</string>
+ </dict>
+ <key>default-prompt</key>
+ <dict>
+ <key>ar</key>
+ <string>يحاول __APPNAME__ السماح لعنصر بأن يكون قيد التشغيل دائمًا.</string>
+ <key>ca</key>
+ <string>__APPNAME__ està provant d’autoritzar un ítem perquè s’executi sempre.</string>
+ <key>cs</key>
+ <string>__APPNAME__ se pokouší nějaké položce povolit, aby byla vždy spuštěna.</string>
+ <key>da</key>
+ <string>__APPNAME__ prøver at give et emne lov til at være aktivt hele tiden.</string>
+ <key>de</key>
+ <string>__APPNAME__ versucht, einem Objekt die Ausführung immer zu erlauben.</string>
+ <key>el</key>
+ <string>Η εφαρμογή «__APPNAME__» προσπαθεί να επιτρέψει σε ένα στοιχείο να εκτελείται πάντα.</string>
+ <key>en</key>
+ <string>__APPNAME__ is trying to allow an item to always run.</string>
+ <key>es</key>
+ <string>__APPNAME__ está intentando permitir que un ítem se ejecute siempre.</string>
+ <key>fi</key>
+ <string>__APPNAME__ yrittää sallia, että kohde on aina käytössä.</string>
+ <key>fr</key>
+ <string>__APPNAME__ essaye d’autoriser un élément à s’exécuter en continu.</string>
+ <key>he</key>
+ <string>__APPNAME__ מנסה לאפשר לפריט לפעול באופן קבוע.</string>
+ <key>hr</key>
+ <string>__APPNAME__ pokušava dozvoliti stavci da uvijek bude pokrenuta.</string>
+ <key>hu</key>
+ <string>A(z) __APPNAME__ megpróbál beállítani egy elemet, hogy az mindig fusson.</string>
+ <key>it</key>
+ <string>__APPNAME__ tenta di consentire che un elemento venga sempre eseguito.</string>
+ <key>ja</key>
+ <string>__APPNAME__ は、項目が常時動作することを許可しようとしています。</string>
+ <key>ko</key>
+ <string>__APPNAME__이(가) 항목이 항상 실행되는 것을 허용하려고 합니다.</string>
+ <key>nb</key>
+ <string>__APPNAME__ prøver å tillate at et program alltid kjører.</string>
+ <key>nl</key>
+ <string>__APPNAME__ probeert een onderdeel toe te staan dat het altijd wordt uitgevoerd.</string>
+ <key>pl</key>
+ <string>__APPNAME__ próbuje zezwolić, aby rzecz była zawsze uruchamiana.</string>
+ <key>pt-PT</key>
+ <string>O __APPNAME__ está a tentar dar autorização a um elemento para permanecer constantemente aberto.</string>
+ <key>pt</key>
+ <string>O __APPNAME__ está tentando autorizar um item a ser executado permanentemente.</string>
+ <key>ro</key>
+ <string>__APPNAME__ încearcă să-i permită unui articol să ruleze întotdeauna.</string>
+ <key>ru</key>
+ <string>Программа «__APPNAME__» пытается разрешить объекту постоянно выполнять работу.</string>
+ <key>sk</key>
+ <string>Aplikácia __APPNAME__ sa pokúša povoliť spúšťanie položky. </string>
+ <key>sv</key>
+ <string>__APPNAME__ försöker tillåta ett objekt att alltid köras.</string>
+ <key>th</key>
+ <string>__APPNAME__กำลังพยายามอนุญาตรายการให้ทำงานเสมอ</string>
+ <key>tr</key>
+ <string>__APPNAME__, bir öğenin her zaman çalışmasına izin vermeye çalışıyor.</string>
+ <key>uk</key>
+ <string>__APPNAME__ намагається дозволити елементу завжди запускатися.</string>
+ <key>zh-Hans</key>
+ <string>“__APPNAME__”正在尝试允许一个项目始终运行。</string>
+ <key>zh-Hant</key>
+ <string>“__APPNAME__”正在嘗試允許某個項目持續執行。</string>
+ </dict>
+ <key>rule</key>
+ <string>root-or-entitled-admin-or-authenticate-admin</string>
+ </dict>
<key>com.apple.server.admin.streaming</key>
<dict>
<key>allow-root</key>
<key>fr</key>
<string>__APPNAME__ essaye d’installer un nouveau logiciel.</string>
<key>he</key>
- <string>״ __APPNAME__״ מבקש להתקין תוכנות חדשות.</string>
+ <string>״__APPNAME__״ מבקש להתקין תוכנות חדשות.</string>
<key>hr</key>
<string>__APPNAME__ pokušava instalirati novi softver.</string>
<key>hu</key>
BUILD_VARIANTS = debug;
COPY_PHASE_STRIP = NO;
CSSM_HEADERS = "$(BUILT_PRODUCTS_DIR)/Security.framework/Headers:$(SYSTEM_LIBRARY_DIR)/Frameworks/Security.framework/Headers";
- CURRENT_PROJECT_VERSION = 55111;
+ CURRENT_PROJECT_VERSION = 55126.2;
FRAMEWORK_SEARCH_PATHS = (
/usr/local/SecurityPieces/Frameworks,
/usr/local/SecurityPieces/Components/securityd,
);
COPY_PHASE_STRIP = "(null)";
CSSM_HEADERS = "$(BUILT_PRODUCTS_DIR)/Security.framework/Headers:$(SYSTEM_LIBRARY_DIR)/Frameworks/Security.framework/Headers";
- CURRENT_PROJECT_VERSION = 55111;
+ CURRENT_PROJECT_VERSION = 55126.2;
DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym";
FRAMEWORK_SEARCH_PATHS = (
/usr/local/SecurityPieces/Frameworks,
BUILD_VARIANTS = normal;
COPY_PHASE_STRIP = NO;
CSSM_HEADERS = "$(BUILT_PRODUCTS_DIR)/Security.framework/Headers:$(SYSTEM_LIBRARY_DIR)/Frameworks/Security.framework/Headers";
- CURRENT_PROJECT_VERSION = 55111;
+ CURRENT_PROJECT_VERSION = 55126.2;
FRAMEWORK_SEARCH_PATHS = (
/usr/local/SecurityPieces/Frameworks,
/usr/local/SecurityPieces/Components/securityd,
);
COPY_PHASE_STRIP = "(null)";
CSSM_HEADERS = "";
- CURRENT_PROJECT_VERSION = 55111;
+ CURRENT_PROJECT_VERSION = 55126.2;
FRAMEWORK_SEARCH_PATHS = (
/usr/local/SecurityPieces/Frameworks,
/usr/local/SecurityPieces/Components/securityd,
break;
}
}
+
+ // purge all uid credentials from the outCredentials for least privileged mode
+ if (auth.operatesAsLeastPrivileged()) {
+ CredentialSet::const_iterator current, it = outCredentials->begin();
+ while(it != outCredentials->end()) {
+ current = it++;
+ if (!(*current)->isRight()) {
+ outCredentials->erase(current);
+ }
+ }
+ }
if (outCredentials)
outCredentials->swap(credentials);
Credential hintCredential;
if (errAuthorizationSuccess == evaluateSessionOwner(inRight, inRule, environmentToClient, now, auth, hintCredential, reason)) {
- if (hintCredential->username().length())
- environmentToClient.insert(AuthItemRef(AGENT_HINT_SUGGESTED_USER, AuthValueOverlay(hintCredential->username())));
+ if (hintCredential->name().length())
+ environmentToClient.insert(AuthItemRef(AGENT_HINT_SUGGESTED_USER, AuthValueOverlay(hintCredential->name())));
if (hintCredential->realname().length())
environmentToClient.insert(AuthItemRef(AGENT_HINT_SUGGESTED_USER_LONG, AuthValueOverlay(hintCredential->realname())));
}
// @@@ we log the uid a process was running under when it created the authref, which is misleading in the case of loginwindow
if (newCredential->isValid()) {
- Syslog::info("UID %u authenticated as user %s (UID %u) for right '%s'", auth.creatorUid(), newCredential->username().c_str(), newCredential->uid(), rightName);
- rightAuthLogger.logSuccess(auth.creatorUid(), newCredential->uid(), newCredential->username().c_str());
+ Syslog::info("UID %u authenticated as user %s (UID %u) for right '%s'", auth.creatorUid(), newCredential->name().c_str(), newCredential->uid(), rightName);
+ rightAuthLogger.logSuccess(auth.creatorUid(), newCredential->uid(), newCredential->name().c_str());
} else {
// we can't be sure that the user actually exists so inhibit logging of uid
- Syslog::error("UID %u failed to authenticate as user '%s' for right '%s'", auth.creatorUid(), newCredential->username().c_str(), rightName);
- rightAuthLogger.logFailure(auth.creatorUid(), newCredential->username().c_str());
+ Syslog::error("UID %u failed to authenticate as user '%s' for right '%s'", auth.creatorUid(), newCredential->name().c_str(), rightName);
+ rightAuthLogger.logFailure(auth.creatorUid(), newCredential->name().c_str());
}
if (!newCredential->isValid())
if (status == errAuthorizationSuccess)
{
if (auth.operatesAsLeastPrivileged()) {
- Credential rightCredential(rightName, newCredential->uid(), mShared);
+ Credential rightCredential(rightName, mShared);
credentials.erase(rightCredential); credentials.insert(rightCredential);
if (mShared)
- credentials.insert(Credential(rightName, newCredential->uid(), false));
- } else {
- // whack an equivalent credential, so it gets updated to a later achieved credential which must have been more stringent
- credentials.erase(newCredential); credentials.insert(newCredential);
- // just got a new credential - if it's shared also add a non-shared one that to stick in the authorizationref local cache
- if (mShared)
- credentials.insert(Credential(newCredential->uid(), newCredential->username(), newCredential->realname(), newCredential->groupname(), false));
- }
+ credentials.insert(Credential(rightName, false));
+ }
+
+ // whack an equivalent credential, so it gets updated to a later achieved credential which must have been more stringent
+ credentials.erase(newCredential); credentials.insert(newCredential);
+ // just got a new credential - if it's shared also add a non-shared one that to stick in the authorizationref local cache
+ if (mShared)
+ credentials.insert(Credential(newCredential->uid(), newCredential->name(), newCredential->realname(), false));
// use valid credential to set context info
// XXX/cs keeping this for now, such that the uid is passed back
auth.setCredentialInfo(newCredential, savePassword);
- secdebug("SSevalMech", "added valid credential for user %s", newCredential->username().c_str());
+ secdebug("SSevalMech", "added valid credential for user %s", newCredential->name().c_str());
// set the sessionHasAuthenticated
if (newCredential->uid() == auth.session().originatorUid()) {
secdebug("AuthEvalMech", "We authenticated as the session owner.\n");
if (username.length() && uid)
{
// credential is valid because mechanism says so
- newCredentials.insert(Credential(*uid, username, "", "", mShared));
+ newCredentials.insert(Credential(*uid, username, "", mShared));
}
} while(0);
// Check if username will authorize the request and set username to
// be used as a hint to the user if so
secdebug("AuthEvalMech", "preflight credential from current user, result follows:");
- sessionCredential = Credential(pw->pw_uid, pw->pw_name, pw->pw_gecos, "", mShared/*ignored*/);
+ sessionCredential = Credential(pw->pw_uid, pw->pw_name, pw->pw_gecos, mShared/*ignored*/);
} //fi
endpwent();
}
RuleImpl::evaluateCredentialForRight(const AuthorizationToken &auth, const AuthItemRef &inRight, const Rule &inRule, const AuthItemSet &environment, CFAbsoluteTime now, const Credential &credential, bool ignoreShared, SecurityAgent::Reason &reason) const
{
if (auth.operatesAsLeastPrivileged()) {
- if (credential->isRight() && credential->isValid() && (inRight->name() == credential->rightname()))
- return errAuthorizationSuccess;
- else
+ if (credential->isRight() && credential->isValid() && (inRight->name() == credential->name()))
{
+ if (!ignoreShared && !mShared && credential->isShared())
+ {
+ // @@@ no proper SA::Reason
+ reason = SecurityAgent::unknownReason;
+ secdebug("autheval", "shared credential cannot be used, denying right %s", inRight->name());
+ return errAuthorizationDenied;
+ } else {
+ return errAuthorizationSuccess;
+ }
+ } else {
// @@@ no proper SA::Reason
reason = SecurityAgent::unknownReason;
- return errAuthorizationDenied;
+ return errAuthorizationDenied;
}
} else
return evaluateUserCredentialForRight(auth, inRight, inRule, environment, now, credential, false, reason);
// everywhere, from RuleImpl::evaluate() on down.
// Get the username from the credential
- const char *user = credential->username().c_str();
+ const char *user = credential->name().c_str();
// If the credential is not valid or its age is more than the allowed maximum age
// for a credential, deny.
if (is_member)
{
- credential->setGroupname(mGroupName);
secdebug("autheval", "user %s is a member of group %s, granting right %s",
user, groupname, inRight->name());
return errAuthorizationSuccess;
{
OSStatus status = evaluateUserCredentialForRight(auth, inRight, inRule, environmentToClient, now, *it, false, reason);
if (errAuthorizationSuccess == status) {
- Credential rightCredential(inRight->name(), (*it)->uid(), mShared);
+ Credential rightCredential(inRight->name(), mShared);
credentials.erase(rightCredential); credentials.insert(rightCredential);
if (mShared)
- credentials.insert(Credential(inRight->name(), (*it)->uid(), false));
+ credentials.insert(Credential(inRight->name(), false));
return status;
}
}
// (try to) attach the authorizing UID to the least-priv cred
if (auth.operatesAsLeastPrivileged())
{
+ outCredentials.insert(Credential(rightName, mShared));
+ if (mShared)
+ outCredentials.insert(Credential(rightName, false));
+
RightAuthenticationLogger logger(auth.creatorAuditToken(), AUE_ssauthint);
logger.setRight(rightName);
uid_t authorizedUid;
memcpy(&authorizedUid, uidItem->value().data, sizeof(authorizedUid));
secdebug("AuthEvalMech", "generating least-privilege cred for '%s' authorized by UID %u", inRight->name(), authorizedUid);
- outCredentials.insert(Credential(rightName, authorizedUid, mShared));
logger.logLeastPrivilege(authorizedUid, true);
}
else // cltUid is better than nothing
{
secdebug("AuthEvalMech", "generating least-privilege cred for '%s' with process- or auth-UID %u", inRight->name(), cltUid);
- outCredentials.insert(Credential(rightName, cltUid, mShared));
logger.logLeastPrivilege(cltUid, false);
}
}
- else {
- if (0 == strcmp(rightName, "system.login.console") && NULL == eval.context().find(AGENT_CONTEXT_AUTO_LOGIN)) {
- secdebug("AuthEvalMech", "We logged in as the session owner.\n");
- SessionAttributeBits flags = auth.session().attributes();
- flags |= AU_SESSION_FLAG_HAS_AUTHENTICATED;
- auth.session().setAttributes(flags);
- }
- CredentialSet newCredentials = makeCredentials(auth);
- outCredentials.insert(newCredentials.begin(), newCredentials.end());
- }
+
+ if (0 == strcmp(rightName, "system.login.console") && NULL == eval.context().find(AGENT_CONTEXT_AUTO_LOGIN)) {
+ secdebug("AuthEvalMech", "We logged in as the session owner.\n");
+ SessionAttributeBits flags = auth.session().attributes();
+ flags |= AU_SESSION_FLAG_HAS_AUTHENTICATED;
+ auth.session().setAttributes(flags);
+ }
+ CredentialSet newCredentials = makeCredentials(auth);
+ outCredentials.insert(newCredentials.begin(), newCredentials.end());
}
}
return referent<Session>();
}
+bool AuthHostInstance::inDarkWake()
+{
+ return this->session().server().inDarkWake();
+}
+
void
AuthHostInstance::childAction()
{
/* PR-7483709 const */ uuid_t instanceId = UUID_INITIALIZER_FROM_SESSIONID(jobId);
uuid_string_t s;
- if ((mHostType == securityAgent) &&
- !(session().attributes() & sessionHasGraphicAccess))
- CssmError::throwMe(CSSM_ERRCODE_NO_USER_INTERACTION);
+ if ((mHostType == securityAgent)) {
+ if (!(session().attributes() & sessionHasGraphicAccess))
+ CssmError::throwMe(CSSM_ERRCODE_NO_USER_INTERACTION);
+ if (inDarkWake())
+ CssmError::throwMe(CSSM_ERRCODE_IN_DARK_WAKE);
+ }
if (mHostType == securityAgent)
serviceName = SECURITYAGENT_BOOTSTRAP_NAME_BASE;
StLock<Mutex> _(*this);
if (state() != alive)
{
- if ((mHostType == securityAgent) &&
- !(session().attributes() & sessionHasGraphicAccess))
+ if ((mHostType == securityAgent)) {
+ if (!(session().attributes() & sessionHasGraphicAccess))
CssmError::throwMe(CSSM_ERRCODE_NO_USER_INTERACTION);
+ if (inDarkWake())
+ CssmError::throwMe(CSSM_ERRCODE_IN_DARK_WAKE);
+ }
fork();
switch (ServerChild::state()) {
private:
AuthHostType mHostType;
+
+ bool inDarkWake();
};
#endif /* _H_AUTHHOST */
AuthItemRef uidHint("uid", AuthValueOverlay(sizeof(uid), &uid));
dstInfoSet.insert(uidHint);
- AuthItemRef userHint("username", AuthValueOverlay(inCred->username()), 0);
+ AuthItemRef userHint("username", AuthValueOverlay(inCred->name()), 0);
dstInfoSet.insert(userHint);
setInfoSet(dstInfoSet, savePassword);
namespace Authorization {
// default credential: invalid for everything, needed as a default session credential
-CredentialImpl::CredentialImpl() : mShared(false), mRight(false), mRightName(""), mGroupName(""), mUid(0), mUserName(""), mRealName(""), mCreationTime(CFAbsoluteTimeGetCurrent()), mValid(false)
+CredentialImpl::CredentialImpl() : mShared(false), mRight(false), mUid(0), mName(""), mCreationTime(CFAbsoluteTimeGetCurrent()), mValid(false)
{
}
// only for testing whether this credential is usable
-CredentialImpl::CredentialImpl(const uid_t uid, const string &username, const string &realname, const string &groupname, bool shared) : mShared(shared), mRight(false), mRightName(""), mGroupName(groupname), mUid(uid), mUserName(username), mRealName(realname), mCreationTime(CFAbsoluteTimeGetCurrent()), mValid(true)
+CredentialImpl::CredentialImpl(const uid_t uid, const string &username, const string &realname, bool shared) : mShared(shared), mRight(false), mUid(uid), mName(username), mRealName(realname), mCreationTime(CFAbsoluteTimeGetCurrent()), mValid(true)
{
}
-CredentialImpl::CredentialImpl(const string &username, const string &password, bool shared) : mShared(shared), mRight(false), mRightName(""), mGroupName(""), mUserName(username), mCreationTime(CFAbsoluteTimeGetCurrent()), mValid(false)
+CredentialImpl::CredentialImpl(const string &username, const string &password, bool shared) : mShared(shared), mRight(false), mName(username), mCreationTime(CFAbsoluteTimeGetCurrent()), mValid(false)
{
Server::active().longTermActivity();
const char *user = username.c_str();
}
mUid = pw->pw_uid;
- mUserName = pw->pw_name;
+ mName = pw->pw_name;
mRealName = pw->pw_gecos;
const char *passwd = password.c_str();
// least-privilege
// @@@ arguably we don't care about the UID any more and should not
// require it in this ctor
-CredentialImpl::CredentialImpl(const string &right, const uid_t uid, bool shared) : mShared(shared), mRight(true), mRightName(right), mGroupName(""), mUid(uid), mUserName(""), mRealName(""), mCreationTime(CFAbsoluteTimeGetCurrent()), mValid(true)
+CredentialImpl::CredentialImpl(const string &right, bool shared) : mShared(shared), mRight(true), mUid(-2), mName(right), mRealName(""), mCreationTime(CFAbsoluteTimeGetCurrent()), mValid(true)
{
}
bool
CredentialImpl::operator < (const CredentialImpl &other) const
{
- // Desired ordering characteristics:
+ // all shared creds are placed into mSessionCreds
+ // all non shared creds are placed into AuthorizationToken
//
- // - unshared before shared
- // - least privilege before non-least privilege
- // - for least privilege credentials with the same sharing characteristics,
- // order on the basis of right strings
- // - orthographic order of group names
- //
- // UID used to be the primary distinguishing element, but it can't be
- // trusted--it's gathered as a side effect, potentially by an external
- // process.
- //
- // Nothing is sacred about this ordering; we just had to pick something.
+ // There are 2 types of credentials UID and Right
+ // UID = Authenticated Identity
+ // Right = Rights which were previously authenticated by a uid credential
+ // Right Credentials are only used during kAuthorizationFlagLeastPrivileged
+ // operations and should not have a valid uid set
+
+ // this allows shared and none shared co-exist in the same container
+ // used when processing multiple rights shared vs non-shared during evaluation
if (!mShared && other.mShared)
return true;
if (!other.mShared && mShared)
return false;
+
+ // this allows uids and rights co-exist in the same container
+ // used when holding onto Rights inside of the AuthorizationToken
if (mRight && !other.mRight)
return true;
if (!mRight && other.mRight)
return false;
- if (mRight && other.mRight)
- return mRightName < other.mRightName;
- else
- return mGroupName < other.mGroupName;
+
+ // this is the actual comparision
+ if (mRight) {
+ return mName < other.mName;
+ } else {
+ return mUid < other.mUid;
+ }
}
// Returns true if this CredentialImpl should be shared.
// try to ensure that the credentials are the same type
assert(mRight == other.mRight);
if (mRight)
- assert(mRightName == other.mRightName);
- else
- assert(mGroupName == other.mGroupName);
+ assert(mName == other.mName);
+ else
+ assert(mUid == other.mUid);
if (other.mValid && (!mValid || mCreationTime < other.mCreationTime))
{
{
}
-Credential::Credential(const uid_t uid, const string &username, const string &realname, const string &groupname, bool shared) :
-RefPointer<CredentialImpl>(new CredentialImpl(uid, username, realname, groupname, shared))
+Credential::Credential(const uid_t uid, const string &username, const string &realname, bool shared) :
+RefPointer<CredentialImpl>(new CredentialImpl(uid, username, realname, shared))
{
}
{
}
-Credential::Credential(const string &right, const uid_t uid, bool shared) : RefPointer<CredentialImpl>(new CredentialImpl(right, uid, shared))
+Credential::Credential(const string &right, bool shared) : RefPointer<CredentialImpl>(new CredentialImpl(right, shared))
{
}
{
public:
CredentialImpl();
- CredentialImpl(const uid_t uid, const string &username, const string &realname, const string &groupname, bool shared);
+ CredentialImpl(const uid_t uid, const string &username, const string &realname, bool shared);
CredentialImpl(const string &username, const string &password, bool shared);
- CredentialImpl(const string &right, const uid_t uid, bool shared);
+ CredentialImpl(const string &right, bool shared);
~CredentialImpl();
bool operator < (const CredentialImpl &other) const;
// We could make Rule a friend but instead we just expose this for now
inline const uid_t uid() const { return mUid; }
- inline const string& username() const { return mUserName; }
+ inline const string& name() const { return mName; }
inline const string& realname() const { return mRealName; }
- inline const bool isRight() const { return mRight; }
- inline const string &rightname() const { return mRightName; }
- inline const string &groupname() const { return mGroupName; }
-
- // sometimes the Credential exists before we've validated it, so we need
- // a setter for group name
- inline void setGroupname(const string &group) { mGroupName = group; }
+ inline const bool isRight() const { return mRight; }
private:
bool mShared; // credential is shared
- bool mRight; // is least-privilege credential
- string mRightName; // least-privilege name
- string mGroupName; // if it's not least-priv, it boils down to
- // user-in-group
+ bool mRight; // is least-privilege credential
+
// Fields below are not used by less-than operator
// The user that provided his password.
uid_t mUid;
- string mUserName;
+ string mName;
string mRealName;
CFAbsoluteTime mCreationTime;
public:
Credential();
Credential(CredentialImpl *impl);
- Credential(const uid_t uid, const string &username, const string &realname, const string &groupname, bool shared);
+ Credential(const uid_t uid, const string &username, const string &realname, bool shared);
Credential(const string &username, const string &password, bool shared);
- Credential(const string &right, const uid_t uid, bool shared);
+ Credential(const string &right, bool shared);
~Credential();
bool operator < (const Credential &other) const;
void beginShutdown(); // start delayed shutdown if configured
bool shuttingDown() const { return mShuttingDown; }
void shutdownSnitch(); // report lingering clients
+ bool inDarkWake() { return sleepWatcher.inDarkWake(); }
private:
// mach bootstrap registration name
}
+Server &Session::server() const
+{
+ return parent<Server>();
+}
+
+
//
// Locate a session object by session identifier
//
Session(const CommonCriteria::AuditInfo &audit, Server &server);
virtual ~Session();
+ Server &server() const;
+
SessionId sessionId() const { return mAudit.sessionId(); }
CommonCriteria::AuditInfo &auditInfo() { return mAudit; }