securityd-55126.2.tar.gz

author Apple <opensource@apple.com>

Wed, 7 Mar 2012 22:00:52 +0000 (22:00 +0000)

committer Apple <opensource@apple.com>

Wed, 7 Mar 2012 22:00:52 +0000 (22:00 +0000)
author Apple <opensource@apple.com>
Wed, 7 Mar 2012 22:00:52 +0000 (22:00 +0000)
committer Apple <opensource@apple.com>
Wed, 7 Mar 2012 22:00:52 +0000 (22:00 +0000)
diff --git a/etc/authorization.merge b/etc/authorization.merge

index 93e32b46f7faf37aaee44d65053196f347ece0ba..b7b0367cb9e2583a44790d983f4d8774840a27a3 100644 (file)
--- a/etc/authorization.merge
+++ b/etc/authorization.merge
@@ -569,6 +569,82 @@
                         <key>timeout</key>
                         <integer>60</integer>
                 </dict>
                         <key>timeout</key>
                         <integer>60</integer>
                 </dict>
+               <key>com.apple.Safari.show-passwords</key>
+               <dict>
+                       <key>class</key>
+                       <string>user</string>
+                       <key>comment</key>
+                       <string>This right is used by Safari to show passwords </string>
+                       <key>default-prompt</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>يحاول __APPNAME__ إظهار كلمات السر.</string>
+                               <key>ca</key>
+                               <string>__APPNAME__ està intentant mostrar les contrasenyes.</string>
+                               <key>cs</key>
+                               <string>__APPNAME__ se pokouší zobrazit hesla.</string>
+                               <key>da</key>
+                               <string>__APPNAME__ prøver at vise adgangskoder.</string>
+                               <key>de</key>
+                               <string>__APPNAME__ versucht, Kennwörter einzublenden.</string>
+                               <key>el</key>
+                               <string>Η εφαρμογή «__APPNAME__» προσπαθεί να εμφανίσει συνθηματικά.</string>
+                               <key>en</key>
+                               <string>__APPNAME__ is trying to show passwords.</string>
+                               <key>es</key>
+                               <string>__APPNAME__ está intentando mostrar las contraseñas.</string>
+                               <key>fi</key>
+                               <string>__APPNAME__ yrittää näyttää salasanat.</string>
+                               <key>fr</key>
+                               <string>__APPNAME__ essaye d’afficher les mots de passe.</string>
+                               <key>he</key>
+                               <string>__APPNAME__ מנסה להציג סיסמאות.</string>
+                               <key>hr</key>
+                               <string>__APPNAME__ pokušava prikazati lozinke.</string>
+                               <key>hu</key>
+                               <string>A(z) __APPNAME__ megpróbálja megjeleníteni a jelszavakat.</string>
+                               <key>it</key>
+                               <string>__APPNAME__ tenta di mostrare le password.</string>
+                               <key>ja</key>
+                               <string>__APPNAME__ は、パスワードを表示しようとしています。</string>
+                               <key>ko</key>
+                               <string>__APPNAME__이(가) 암호를 보려고 합니다.</string>
+                               <key>nb</key>
+                               <string>__APPNAME__ prøver å vise passord.</string>
+                               <key>nl</key>
+                               <string>__APPNAME__ probeert wachtwoorden te tonen.</string>
+                               <key>pl</key>
+                               <string>__APPNAME__ próbuje pokazać hasła.</string>
+                               <key>pt</key>
+                               <string>__APPNAME__ está tentando mostrar senhas.</string>
+                               <key>pt-PT</key>
+                               <string>O __APPNAME__ está a tentar mostrar palavras‑passe.</string>
+                               <key>ro</key>
+                               <string>__APPNAME__ încearcă să afișeze parole.</string>
+                               <key>ru</key>
+                               <string>Программа «__APPNAME__» пытается показать пароли.</string>
+                               <key>sk</key>
+                               <string>Aplikácia __APPNAME__ sa pokúša zobraziť heslá.</string>
+                               <key>sv</key>
+                               <string>__APPNAME__ försöker visa lösenord.</string>
+                               <key>th</key>
+                               <string>__APPNAME__ กำลังพยายามแสดงรหัสผ่าน</string>
+                               <key>tr</key>
+                               <string>__APPNAME__ parolaları göstermeye çalışıyor.</string>
+                               <key>uk</key>
+                               <string>__APPNAME__ намагається показати паролі.</string>
+                               <key>zh-Hans</key>
+                               <string>“__APPNAME__” 正在尝试显示密码。</string>
+                               <key>zh-Hant</key>
+                               <string>“__APPNAME__” 正在嘗試顯示密碼。</string>
+                       </dict>
+                       <key>session-owner</key>
+                       <true/>
+                       <key>shared</key>
+                       <false/>
+                       <key>timeout</key>
+                       <integer>10</integer>
+               </dict>
                 <key>com.apple.ServiceManagement.blesshelper</key>
                 <dict>
                         <key>class</key>
                 <key>com.apple.ServiceManagement.blesshelper</key>
                 <dict>
                         <key>class</key>
@@ -1982,6 +2058,139 @@
                         <key>shared</key>
                         <false/>
                 </dict>
                         <key>shared</key>
                         <false/>
                 </dict>
+               <key>com.apple.library-repair</key>
+               <dict>
+                       <key>class</key>
+                       <string>user</string>
+                       <key>default-button</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>تصليح</string>
+                               <key>ca</key>
+                               <string>Reparar</string>
+                               <key>cs</key>
+                               <string>Opravit</string>
+                               <key>da</key>
+                               <string>Reparer</string>
+                               <key>de</key>
+                               <string>Reparieren</string>
+                               <key>el</key>
+                               <string>Επισκευή</string>
+                               <key>en</key>
+                               <string>Repair</string>
+                               <key>es</key>
+                               <string>Reparar</string>
+                               <key>fi</key>
+                               <string>Korjaa</string>
+                               <key>fr</key>
+                               <string>Réparer</string>
+                               <key>he</key>
+                               <string>תקן</string>
+                               <key>hr</key>
+                               <string>Popravi</string>
+                               <key>hu</key>
+                               <string>Javítás</string>
+                               <key>it</key>
+                               <string>Ripara</string>
+                               <key>ja</key>
+                               <string>修復</string>
+                               <key>ko</key>
+                               <string>복구</string>
+                               <key>nb</key>
+                               <string>Reparer</string>
+                               <key>nl</key>
+                               <string>Herstel</string>
+                               <key>pl</key>
+                               <string>Napraw</string>
+                               <key>pt</key>
+                               <string>Reparar</string>
+                               <key>pt-PT</key>
+                               <string>Reparar</string>
+                               <key>ro</key>
+                               <string>Repară</string>
+                               <key>ru</key>
+                               <string>Исправить</string>
+                               <key>sk</key>
+                               <string>Opraviť</string>
+                               <key>sv</key>
+                               <string>Reparera</string>
+                               <key>th</key>
+                               <string>ซ่อมแซม</string>
+                               <key>tr</key>
+                               <string>Onar</string>
+                               <key>uk</key>
+                               <string>Полагодити</string>
+                               <key>zh-Hans</key>
+                               <string>修复</string>
+                               <key>zh-Hant</key>
+                               <string>修復</string>
+                       </dict>
+                       <key>default-prompt</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>يحاول __APPNAME__ تصليح مكتبة الصور الخاصة بك.</string>
+                               <key>ca</key>
+                               <string>__APPNAME__ està provant de reparar la vostra fototeca.</string>
+                               <key>cs</key>
+                               <string>__APPNAME__ se pokouší opravit vaši knihovnu fotografií.</string>
+                               <key>da</key>
+                               <string>__APPNAME__ prøver at reparere dit fotobibliotek.</string>
+                               <key>de</key>
+                               <string>__APPNAME__ versucht, Ihre Fotomediathek zu reparieren.</string>
+                               <key>el</key>
+                               <string>Η εφαρμογή __APPNAME__ προσπαθεί να επισκευάσει τη βιβλιοθήκη φωτογραφιών σας.</string>
+                               <key>en</key>
+                               <string>__APPNAME__ is trying to repair your photo library.</string>
+                               <key>es</key>
+                               <string>__APPNAME__ está intentando reparar su fototeca.</string>
+                               <key>fi</key>
+                               <string>__APPNAME__ yrittää korjata kuvakirjastoasi.</string>
+                               <key>fr</key>
+                               <string>__APPNAME__ essaie de réparer votre bibliothèque de photos.</string>
+                               <key>he</key>
+                               <string>__APPNAME__ מנסה לתקן את ספריית התמונות שלך.</string>
+                               <key>hr</key>
+                               <string>__APPNAME__ pokušava popraviti vašu medijateku fotografija.</string>
+                               <key>hu</key>
+                               <string>A(z) __APPNAME__ megpróbálja kijavítani a fotókönyvtárat.</string>
+                               <key>it</key>
+                               <string>__APPNAME__ tenta di riparare la libreria foto.</string>
+                               <key>ja</key>
+                               <string>__APPNAME__ は、フォトライブラリを修復しようとしています。</string>
+                               <key>ko</key>
+                               <string>__APPNAME__이(가) 사용자의 사진 보관함을 복구하려고 합니다.</string>
+                               <key>nb</key>
+                               <string>_APPNAME_ forsøker å reparere bildebiblioteket.</string>
+                               <key>nl</key>
+                               <string>__APPNAME__ probeert uw fotobibliotheek te herstellen.</string>
+                               <key>pl</key>
+                               <string>__APPNAME__ próbuje naprawić Twoją bibliotekę zdjęć.</string>
+                               <key>pt</key>
+                               <string>__APPNAME__ está tentando reparar a sua fototeca.</string>
+                               <key>pt-PT</key>
+                               <string>__APPNAME__ está a tentar reparar a sua fototeca.</string>
+                               <key>ro</key>
+                               <string>__APPNAME__ încearcă să repare biblioteca dvs. foto.</string>
+                               <key>ru</key>
+                               <string>Программа «__APPNAME__» пытается исправить Вашу медиатеку.</string>
+                               <key>sk</key>
+                               <string>Aplikácia __APPNAME__ sa pokúša opraviť vašu knižnicu fotografií.</string>
+                               <key>sv</key>
+                               <string>__APPNAME__ försöker reparera ditt bildbibliotek.</string>
+                               <key>th</key>
+                               <string>__APPNAME__ กำลังพยายามซ่อมแซมคลังรูปภาพของคุณ</string>
+                               <key>tr</key>
+                               <string>__APPNAME__ fotoğraf arşivinizi onarmaya çalışıyor.</string>
+                               <key>uk</key>
+                               <string>__APPNAME__ намагається полагодити вашу фототеку.</string>
+                               <key>zh-Hans</key>
+                               <string>__APPNAME__ 正在尝试修复您的照片图库。</string>
+                               <key>zh-Hant</key>
+                               <string>__APPNAME__ 正在嘗試修復您的照片圖庫。</string>
+                       </dict>
+                       <key>group</key>
+                       <string>admin</string>
+               </dict>
                 <key>com.apple.pcastagentconfigd.</key>
                 <dict>
                         <key>allow-root</key>
                 <key>com.apple.pcastagentconfigd.</key>
                 <dict>
                         <key>allow-root</key>
@@ -2121,6 +2330,139 @@
                         <key>shared</key>
                         <false/>
                 </dict>
                         <key>shared</key>
                         <false/>
                 </dict>
+               <key>com.apple.security.assessment.update</key>
+               <dict>
+                       <key>class</key>
+                       <string>rule</string>
+                       <key>default-button</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>تعديل الإعدادات</string>
+                               <key>ca</key>
+                               <string>Modificar la configuració</string>
+                               <key>cs</key>
+                               <string>Změnit nastavení</string>
+                               <key>da</key>
+                               <string>Juster indstillinger</string>
+                               <key>de</key>
+                               <string>Einstellungen ändern</string>
+                               <key>el</key>
+                               <string>Τροποποίηση ρυθμίσεων</string>
+                               <key>en</key>
+                               <string>Modify Settings</string>
+                               <key>es</key>
+                               <string>Modificar ajustes</string>
+                               <key>fi</key>
+                               <string>Muokkaa asetuksia</string>
+                               <key>fr</key>
+                               <string>Modifer les réglages</string>
+                               <key>he</key>
+                               <string>ערוך/י הגדרות</string>
+                               <key>hr</key>
+                               <string>Preinači postavke</string>
+                               <key>hu</key>
+                               <string>Beállítások módosítása</string>
+                               <key>it</key>
+                               <string>Modifica impostazioni</string>
+                               <key>ja</key>
+                               <string>設定を変更</string>
+                               <key>ko</key>
+                               <string>설정 수정</string>
+                               <key>nb</key>
+                               <string>Endre innstillinger</string>
+                               <key>nl</key>
+                               <string>Wijzig instellingen</string>
+                               <key>pl</key>
+                               <string>Zmień ustawienia</string>
+                               <key>pt</key>
+                               <string>Modificar Ajustes</string>
+                               <key>pt-PT</key>
+                               <string>Modificar definições</string>
+                               <key>ro</key>
+                               <string>Schimbă configurările</string>
+                               <key>ru</key>
+                               <string>Модифицировать настройки</string>
+                               <key>sk</key>
+                               <string>Upraviť nastavenia</string>
+                               <key>sv</key>
+                               <string>Ändra inställningar</string>
+                               <key>th</key>
+                               <string>แก้ไขค่าติดตั้ง</string>
+                               <key>tr</key>
+                               <string>Ayarları Değiştir</string>
+                               <key>uk</key>
+                               <string>Змінити параметри</string>
+                               <key>zh-Hans</key>
+                               <string>修改设置</string>
+                               <key>zh-Hant</key>
+                               <string>修改設定</string>
+                       </dict>
+                       <key>default-prompt</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>يحاول __APPNAME__ السماح لعنصر بأن يكون قيد التشغيل دائمًا.</string>
+                               <key>ca</key>
+                               <string>__APPNAME__ està provant d’autoritzar un ítem perquè s’executi sempre.</string>
+                               <key>cs</key>
+                               <string>__APPNAME__ se pokouší nějaké položce povolit, aby byla vždy spuštěna.</string>
+                               <key>da</key>
+                               <string>__APPNAME__ prøver at give et emne lov til at være aktivt hele tiden.</string>
+                               <key>de</key>
+                               <string>__APPNAME__ versucht, einem Objekt die Ausführung immer zu erlauben.</string>
+                               <key>el</key>
+                               <string>Η εφαρμογή «__APPNAME__» προσπαθεί να επιτρέψει σε ένα στοιχείο να εκτελείται πάντα.</string>
+                               <key>en</key>
+                               <string>__APPNAME__ is trying to allow an item to always run.</string>
+                               <key>es</key>
+                               <string>__APPNAME__ está intentando permitir que un ítem se ejecute siempre.</string>
+                               <key>fi</key>
+                               <string>__APPNAME__ yrittää sallia, että kohde on aina käytössä.</string>
+                               <key>fr</key>
+                               <string>__APPNAME__ essaye d’autoriser un élément à s’exécuter en continu.</string>
+                               <key>he</key>
+                               <string>__APPNAME__ מנסה לאפשר לפריט לפעול באופן קבוע.</string>
+                               <key>hr</key>
+                               <string>__APPNAME__ pokušava dozvoliti stavci da uvijek bude pokrenuta.</string>
+                               <key>hu</key>
+                               <string>A(z) __APPNAME__ megpróbál beállítani egy elemet, hogy az mindig fusson.</string>
+                               <key>it</key>
+                               <string>__APPNAME__ tenta di consentire che un elemento venga sempre eseguito.</string>
+                               <key>ja</key>
+                               <string>__APPNAME__ は、項目が常時動作することを許可しようとしています。</string>
+                               <key>ko</key>
+                               <string>__APPNAME__이(가) 항목이 항상 실행되는 것을 허용하려고 합니다.</string>
+                               <key>nb</key>
+                               <string>__APPNAME__ prøver å tillate at et program alltid kjører.</string>
+                               <key>nl</key>
+                               <string>__APPNAME__ probeert een onderdeel toe te staan dat het altijd wordt uitgevoerd.</string>
+                               <key>pl</key>
+                               <string>__APPNAME__ próbuje zezwolić, aby rzecz była zawsze uruchamiana.</string>
+                               <key>pt</key>
+                               <string>O __APPNAME__ está tentando autorizar um item a ser executado permanentemente.</string>
+                               <key>pt-PT</key>
+                               <string>O __APPNAME__ está a tentar dar autorização a um elemento para permanecer constantemente aberto.</string>
+                               <key>ro</key>
+                               <string>__APPNAME__ încearcă să-i permită unui articol să ruleze întotdeauna.</string>
+                               <key>ru</key>
+                               <string>Программа «__APPNAME__» пытается разрешить объекту постоянно выполнять работу.</string>
+                               <key>sk</key>
+                               <string>Aplikácia __APPNAME__ sa pokúša povoliť spúšťanie položky. </string>
+                               <key>sv</key>
+                               <string>__APPNAME__ försöker tillåta ett objekt att alltid köras.</string>
+                               <key>th</key>
+                               <string>__APPNAME__กำลังพยายามอนุญาตรายการให้ทำงานเสมอ</string>
+                               <key>tr</key>
+                               <string>__APPNAME__, bir öğenin her zaman çalışmasına izin vermeye çalışıyor.</string>
+                               <key>uk</key>
+                               <string>__APPNAME__ намагається дозволити елементу завжди запускатися.</string>
+                               <key>zh-Hans</key>
+                               <string>“__APPNAME__”正在尝试允许一个项目始终运行。</string>
+                               <key>zh-Hant</key>
+                               <string>“__APPNAME__”正在嘗試允許某個項目持續執行。</string>
+                       </dict>
+                       <key>rule</key>
+                       <string>root-or-entitled-admin-or-authenticate-admin</string>
+               </dict>
                 <key>com.apple.server.admin.streaming</key>
                 <dict>
                         <key>allow-root</key>
                 <key>com.apple.server.admin.streaming</key>
                 <dict>
                         <key>allow-root</key>
@@ -4267,7 +4609,7 @@
                                 <key>fr</key>
                                 <string>__APPNAME__ essaye d’installer un nouveau logiciel.</string>
                                 <key>he</key>
                                 <key>fr</key>
                                 <string>__APPNAME__ essaye d’installer un nouveau logiciel.</string>
                                 <key>he</key>
-                               <string>״ __APPNAME__״ מבקש להתקין תוכנות חדשות.</string>
+                               <string>״__APPNAME__״ מבקש להתקין תוכנות חדשות.</string>
                                 <key>hr</key>
                                 <string>__APPNAME__ pokušava instalirati novi softver.</string>
                                 <key>hu</key>
                                 <key>hr</key>
                                 <string>__APPNAME__ pokušava instalirati novi softver.</string>
                                 <key>hu</key>
@@ -7635,5 +7977,20 @@
                         <true/>
                 </dict>
         </dict>
                         <true/>
                 </dict>
         </dict>
+       <key>rules</key>
+       <dict>
+               <key>root-or-entitled-admin-or-authenticate-admin</key>
+               <dict>
+                       <key>class</key>
+                       <string>rule</string>
+                       <key>k-of-n</key>
+                       <integer>1</integer>
+                       <key>rule</key>
+                       <array>
+                               <string>is-root</string>
+                               <string>entitled-admin-or-authenticate-admin</string>
+                       </array>
+               </dict>
+       </dict>
  </dict>
  </plist>
  </dict>
  </plist>
diff --git a/etc/authorization.plist b/etc/authorization.plist

index 2343d22a297699558da65baec03f1d5b42eeb955..545dd1b6a1f8f04fd190a125a3730ebefb2769b5 100644 (file)
--- a/etc/authorization.plist
+++ b/etc/authorization.plist
@@ -616,6 +616,82 @@ See remaining rules for examples.
                         <key>timeout</key>
                         <integer>60</integer>
                 </dict>
                         <key>timeout</key>
                         <integer>60</integer>
                 </dict>
+               <key>com.apple.Safari.show-passwords</key>
+               <dict>
+                       <key>class</key>
+                       <string>user</string>
+                       <key>comment</key>
+                       <string>This right is used by Safari to show passwords </string>
+                       <key>default-prompt</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>يحاول __APPNAME__ إظهار كلمات السر.</string>
+                               <key>ca</key>
+                               <string>__APPNAME__ està intentant mostrar les contrasenyes.</string>
+                               <key>cs</key>
+                               <string>__APPNAME__ se pokouší zobrazit hesla.</string>
+                               <key>da</key>
+                               <string>__APPNAME__ prøver at vise adgangskoder.</string>
+                               <key>de</key>
+                               <string>__APPNAME__ versucht, Kennwörter einzublenden.</string>
+                               <key>el</key>
+                               <string>Η εφαρμογή «__APPNAME__» προσπαθεί να εμφανίσει συνθηματικά.</string>
+                               <key>en</key>
+                               <string>__APPNAME__ is trying to show passwords.</string>
+                               <key>es</key>
+                               <string>__APPNAME__ está intentando mostrar las contraseñas.</string>
+                               <key>fi</key>
+                               <string>__APPNAME__ yrittää näyttää salasanat.</string>
+                               <key>fr</key>
+                               <string>__APPNAME__ essaye d’afficher les mots de passe.</string>
+                               <key>he</key>
+                               <string>__APPNAME__ מנסה להציג סיסמאות.</string>
+                               <key>hr</key>
+                               <string>__APPNAME__ pokušava prikazati lozinke.</string>
+                               <key>hu</key>
+                               <string>A(z) __APPNAME__ megpróbálja megjeleníteni a jelszavakat.</string>
+                               <key>it</key>
+                               <string>__APPNAME__ tenta di mostrare le password.</string>
+                               <key>ja</key>
+                               <string>__APPNAME__ は、パスワードを表示しようとしています。</string>
+                               <key>ko</key>
+                               <string>__APPNAME__이(가) 암호를 보려고 합니다.</string>
+                               <key>nb</key>
+                               <string>__APPNAME__ prøver å vise passord.</string>
+                               <key>nl</key>
+                               <string>__APPNAME__ probeert wachtwoorden te tonen.</string>
+                               <key>pl</key>
+                               <string>__APPNAME__ próbuje pokazać hasła.</string>
+                               <key>pt</key>
+                               <string>__APPNAME__ está tentando mostrar senhas.</string>
+                               <key>pt-PT</key>
+                               <string>O __APPNAME__ está a tentar mostrar palavras‑passe.</string>
+                               <key>ro</key>
+                               <string>__APPNAME__ încearcă să afișeze parole.</string>
+                               <key>ru</key>
+                               <string>Программа «__APPNAME__» пытается показать пароли.</string>
+                               <key>sk</key>
+                               <string>Aplikácia __APPNAME__ sa pokúša zobraziť heslá.</string>
+                               <key>sv</key>
+                               <string>__APPNAME__ försöker visa lösenord.</string>
+                               <key>th</key>
+                               <string>__APPNAME__ กำลังพยายามแสดงรหัสผ่าน</string>
+                               <key>tr</key>
+                               <string>__APPNAME__ parolaları göstermeye çalışıyor.</string>
+                               <key>uk</key>
+                               <string>__APPNAME__ намагається показати паролі.</string>
+                               <key>zh-Hans</key>
+                               <string>“__APPNAME__” 正在尝试显示密码。</string>
+                               <key>zh-Hant</key>
+                               <string>“__APPNAME__” 正在嘗試顯示密碼。</string>
+                       </dict>
+                       <key>session-owner</key>
+                       <true/>
+                       <key>shared</key>
+                       <false/>
+                       <key>timeout</key>
+                       <integer>10</integer>
+               </dict>
                 <key>com.apple.ServiceManagement.blesshelper</key>
                 <dict>
                         <key>class</key>
                 <key>com.apple.ServiceManagement.blesshelper</key>
                 <dict>
                         <key>class</key>
@@ -2121,6 +2197,139 @@ See remaining rules for examples.
                         <key>shared</key>
                         <false/>
                 </dict>
                         <key>shared</key>
                         <false/>
                 </dict>
+               <key>com.apple.library-repair</key>
+               <dict>
+                       <key>class</key>
+                       <string>user</string>
+                       <key>default-button</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>تصليح</string>
+                               <key>ca</key>
+                               <string>Reparar</string>
+                               <key>cs</key>
+                               <string>Opravit</string>
+                               <key>da</key>
+                               <string>Reparer</string>
+                               <key>de</key>
+                               <string>Reparieren</string>
+                               <key>el</key>
+                               <string>Επισκευή</string>
+                               <key>en</key>
+                               <string>Repair</string>
+                               <key>es</key>
+                               <string>Reparar</string>
+                               <key>fi</key>
+                               <string>Korjaa</string>
+                               <key>fr</key>
+                               <string>Réparer</string>
+                               <key>he</key>
+                               <string>תקן</string>
+                               <key>hr</key>
+                               <string>Popravi</string>
+                               <key>hu</key>
+                               <string>Javítás</string>
+                               <key>it</key>
+                               <string>Ripara</string>
+                               <key>ja</key>
+                               <string>修復</string>
+                               <key>ko</key>
+                               <string>복구</string>
+                               <key>nb</key>
+                               <string>Reparer</string>
+                               <key>nl</key>
+                               <string>Herstel</string>
+                               <key>pl</key>
+                               <string>Napraw</string>
+                               <key>pt</key>
+                               <string>Reparar</string>
+                               <key>pt-PT</key>
+                               <string>Reparar</string>
+                               <key>ro</key>
+                               <string>Repară</string>
+                               <key>ru</key>
+                               <string>Исправить</string>
+                               <key>sk</key>
+                               <string>Opraviť</string>
+                               <key>sv</key>
+                               <string>Reparera</string>
+                               <key>th</key>
+                               <string>ซ่อมแซม</string>
+                               <key>tr</key>
+                               <string>Onar</string>
+                               <key>uk</key>
+                               <string>Полагодити</string>
+                               <key>zh-Hans</key>
+                               <string>修复</string>
+                               <key>zh-Hant</key>
+                               <string>修復</string>
+                       </dict>
+                       <key>default-prompt</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>يحاول __APPNAME__ تصليح مكتبة الصور الخاصة بك.</string>
+                               <key>ca</key>
+                               <string>__APPNAME__ està provant de reparar la vostra fototeca.</string>
+                               <key>cs</key>
+                               <string>__APPNAME__ se pokouší opravit vaši knihovnu fotografií.</string>
+                               <key>da</key>
+                               <string>__APPNAME__ prøver at reparere dit fotobibliotek.</string>
+                               <key>de</key>
+                               <string>__APPNAME__ versucht, Ihre Fotomediathek zu reparieren.</string>
+                               <key>el</key>
+                               <string>Η εφαρμογή __APPNAME__ προσπαθεί να επισκευάσει τη βιβλιοθήκη φωτογραφιών σας.</string>
+                               <key>en</key>
+                               <string>__APPNAME__ is trying to repair your photo library.</string>
+                               <key>es</key>
+                               <string>__APPNAME__ está intentando reparar su fototeca.</string>
+                               <key>fi</key>
+                               <string>__APPNAME__ yrittää korjata kuvakirjastoasi.</string>
+                               <key>fr</key>
+                               <string>__APPNAME__ essaie de réparer votre bibliothèque de photos.</string>
+                               <key>he</key>
+                               <string>__APPNAME__ מנסה לתקן את ספריית התמונות שלך.</string>
+                               <key>hr</key>
+                               <string>__APPNAME__ pokušava popraviti vašu medijateku fotografija.</string>
+                               <key>hu</key>
+                               <string>A(z) __APPNAME__ megpróbálja kijavítani a fotókönyvtárat.</string>
+                               <key>it</key>
+                               <string>__APPNAME__ tenta di riparare la libreria foto.</string>
+                               <key>ja</key>
+                               <string>__APPNAME__ は、フォトライブラリを修復しようとしています。</string>
+                               <key>ko</key>
+                               <string>__APPNAME__이(가) 사용자의 사진 보관함을 복구하려고 합니다.</string>
+                               <key>nb</key>
+                               <string>_APPNAME_ forsøker å reparere bildebiblioteket.</string>
+                               <key>nl</key>
+                               <string>__APPNAME__ probeert uw fotobibliotheek te herstellen.</string>
+                               <key>pl</key>
+                               <string>__APPNAME__ próbuje naprawić Twoją bibliotekę zdjęć.</string>
+                               <key>pt</key>
+                               <string>__APPNAME__ está tentando reparar a sua fototeca.</string>
+                               <key>pt-PT</key>
+                               <string>__APPNAME__ está a tentar reparar a sua fototeca.</string>
+                               <key>ro</key>
+                               <string>__APPNAME__ încearcă să repare biblioteca dvs. foto.</string>
+                               <key>ru</key>
+                               <string>Программа «__APPNAME__» пытается исправить Вашу медиатеку.</string>
+                               <key>sk</key>
+                               <string>Aplikácia __APPNAME__ sa pokúša opraviť vašu knižnicu fotografií.</string>
+                               <key>sv</key>
+                               <string>__APPNAME__ försöker reparera ditt bildbibliotek.</string>
+                               <key>th</key>
+                               <string>__APPNAME__ กำลังพยายามซ่อมแซมคลังรูปภาพของคุณ</string>
+                               <key>tr</key>
+                               <string>__APPNAME__ fotoğraf arşivinizi onarmaya çalışıyor.</string>
+                               <key>uk</key>
+                               <string>__APPNAME__ намагається полагодити вашу фототеку.</string>
+                               <key>zh-Hans</key>
+                               <string>__APPNAME__ 正在尝试修复您的照片图库。</string>
+                               <key>zh-Hant</key>
+                               <string>__APPNAME__ 正在嘗試修復您的照片圖庫。</string>
+                       </dict>
+                       <key>group</key>
+                       <string>admin</string>
+               </dict>
                 <key>com.apple.pcastagentconfigd.</key>
                 <dict>
                         <key>allow-root</key>
                 <key>com.apple.pcastagentconfigd.</key>
                 <dict>
                         <key>allow-root</key>
@@ -2260,6 +2469,139 @@ See remaining rules for examples.
                         <key>shared</key>
                         <false/>
                 </dict>
                         <key>shared</key>
                         <false/>
                 </dict>
+               <key>com.apple.security.assessment.update</key>
+               <dict>
+                       <key>class</key>
+                       <string>rule</string>
+                       <key>default-button</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>تعديل الإعدادات</string>
+                               <key>ca</key>
+                               <string>Modificar la configuració</string>
+                               <key>cs</key>
+                               <string>Změnit nastavení</string>
+                               <key>da</key>
+                               <string>Juster indstillinger</string>
+                               <key>de</key>
+                               <string>Einstellungen ändern</string>
+                               <key>el</key>
+                               <string>Τροποποίηση ρυθμίσεων</string>
+                               <key>en</key>
+                               <string>Modify Settings</string>
+                               <key>es</key>
+                               <string>Modificar ajustes</string>
+                               <key>fi</key>
+                               <string>Muokkaa asetuksia</string>
+                               <key>fr</key>
+                               <string>Modifer les réglages</string>
+                               <key>he</key>
+                               <string>ערוך/י הגדרות</string>
+                               <key>hr</key>
+                               <string>Preinači postavke</string>
+                               <key>hu</key>
+                               <string>Beállítások módosítása</string>
+                               <key>it</key>
+                               <string>Modifica impostazioni</string>
+                               <key>ja</key>
+                               <string>設定を変更</string>
+                               <key>ko</key>
+                               <string>설정 수정</string>
+                               <key>nb</key>
+                               <string>Endre innstillinger</string>
+                               <key>nl</key>
+                               <string>Wijzig instellingen</string>
+                               <key>pl</key>
+                               <string>Zmień ustawienia</string>
+                               <key>pt</key>
+                               <string>Modificar Ajustes</string>
+                               <key>pt-PT</key>
+                               <string>Modificar definições</string>
+                               <key>ro</key>
+                               <string>Schimbă configurările</string>
+                               <key>ru</key>
+                               <string>Модифицировать настройки</string>
+                               <key>sk</key>
+                               <string>Upraviť nastavenia</string>
+                               <key>sv</key>
+                               <string>Ändra inställningar</string>
+                               <key>th</key>
+                               <string>แก้ไขค่าติดตั้ง</string>
+                               <key>tr</key>
+                               <string>Ayarları Değiştir</string>
+                               <key>uk</key>
+                               <string>Змінити параметри</string>
+                               <key>zh-Hans</key>
+                               <string>修改设置</string>
+                               <key>zh-Hant</key>
+                               <string>修改設定</string>
+                       </dict>
+                       <key>default-prompt</key>
+                       <dict>
+                               <key>ar</key>
+                               <string>يحاول __APPNAME__ السماح لعنصر بأن يكون قيد التشغيل دائمًا.</string>
+                               <key>ca</key>
+                               <string>__APPNAME__ està provant d’autoritzar un ítem perquè s’executi sempre.</string>
+                               <key>cs</key>
+                               <string>__APPNAME__ se pokouší nějaké položce povolit, aby byla vždy spuštěna.</string>
+                               <key>da</key>
+                               <string>__APPNAME__ prøver at give et emne lov til at være aktivt hele tiden.</string>
+                               <key>de</key>
+                               <string>__APPNAME__ versucht, einem Objekt die Ausführung immer zu erlauben.</string>
+                               <key>el</key>
+                               <string>Η εφαρμογή «__APPNAME__» προσπαθεί να επιτρέψει σε ένα στοιχείο να εκτελείται πάντα.</string>
+                               <key>en</key>
+                               <string>__APPNAME__ is trying to allow an item to always run.</string>
+                               <key>es</key>
+                               <string>__APPNAME__ está intentando permitir que un ítem se ejecute siempre.</string>
+                               <key>fi</key>
+                               <string>__APPNAME__ yrittää sallia, että kohde on aina käytössä.</string>
+                               <key>fr</key>
+                               <string>__APPNAME__ essaye d’autoriser un élément à s’exécuter en continu.</string>
+                               <key>he</key>
+                               <string>__APPNAME__ מנסה לאפשר לפריט לפעול באופן קבוע.</string>
+                               <key>hr</key>
+                               <string>__APPNAME__ pokušava dozvoliti stavci da uvijek bude pokrenuta.</string>
+                               <key>hu</key>
+                               <string>A(z) __APPNAME__ megpróbál beállítani egy elemet, hogy az mindig fusson.</string>
+                               <key>it</key>
+                               <string>__APPNAME__ tenta di consentire che un elemento venga sempre eseguito.</string>
+                               <key>ja</key>
+                               <string>__APPNAME__ は、項目が常時動作することを許可しようとしています。</string>
+                               <key>ko</key>
+                               <string>__APPNAME__이(가) 항목이 항상 실행되는 것을 허용하려고 합니다.</string>
+                               <key>nb</key>
+                               <string>__APPNAME__ prøver å tillate at et program alltid kjører.</string>
+                               <key>nl</key>
+                               <string>__APPNAME__ probeert een onderdeel toe te staan dat het altijd wordt uitgevoerd.</string>
+                               <key>pl</key>
+                               <string>__APPNAME__ próbuje zezwolić, aby rzecz była zawsze uruchamiana.</string>
+                               <key>pt-PT</key>
+                               <string>O __APPNAME__ está a tentar dar autorização a um elemento para permanecer constantemente aberto.</string>
+                               <key>pt</key>
+                               <string>O __APPNAME__ está tentando autorizar um item a ser executado permanentemente.</string>
+                               <key>ro</key>
+                               <string>__APPNAME__ încearcă să-i permită unui articol să ruleze întotdeauna.</string>
+                               <key>ru</key>
+                               <string>Программа «__APPNAME__» пытается разрешить объекту постоянно выполнять работу.</string>
+                               <key>sk</key>
+                               <string>Aplikácia __APPNAME__ sa pokúša povoliť spúšťanie položky. </string>
+                               <key>sv</key>
+                               <string>__APPNAME__ försöker tillåta ett objekt att alltid köras.</string>
+                               <key>th</key>
+                               <string>__APPNAME__กำลังพยายามอนุญาตรายการให้ทำงานเสมอ</string>
+                               <key>tr</key>
+                               <string>__APPNAME__, bir öğenin her zaman çalışmasına izin vermeye çalışıyor.</string>
+                               <key>uk</key>
+                               <string>__APPNAME__ намагається дозволити елементу завжди запускатися.</string>
+                               <key>zh-Hans</key>
+                               <string>“__APPNAME__”正在尝试允许一个项目始终运行。</string>
+                               <key>zh-Hant</key>
+                               <string>“__APPNAME__”正在嘗試允許某個項目持續執行。</string>
+                       </dict>
+                       <key>rule</key>
+                       <string>root-or-entitled-admin-or-authenticate-admin</string>
+               </dict>
                 <key>com.apple.server.admin.streaming</key>
                 <dict>
                         <key>allow-root</key>
                 <key>com.apple.server.admin.streaming</key>
                 <dict>
                         <key>allow-root</key>
@@ -4472,7 +4814,7 @@ See remaining rules for examples.
                                 <key>fr</key>
                                 <string>__APPNAME__ essaye d’installer un nouveau logiciel.</string>
                                 <key>he</key>
                                 <key>fr</key>
                                 <string>__APPNAME__ essaye d’installer un nouveau logiciel.</string>
                                 <key>he</key>
-                               <string>״ __APPNAME__״ מבקש להתקין תוכנות חדשות.</string>
+                               <string>״__APPNAME__״ מבקש להתקין תוכנות חדשות.</string>
                                 <key>hr</key>
                                 <string>__APPNAME__ pokušava instalirati novi softver.</string>
                                 <key>hu</key>
                                 <key>hr</key>
                                 <string>__APPNAME__ pokušava instalirati novi softver.</string>
                                 <key>hu</key>
diff --git a/securityd.xcodeproj/project.pbxproj b/securityd.xcodeproj/project.pbxproj

index 0f25621810576dd8b5e7a8a675812188c7660f52..0615462ab5b46b034390e9922ede31ae18f4ef74 100644 (file)
--- a/securityd.xcodeproj/project.pbxproj
+++ b/securityd.xcodeproj/project.pbxproj
@@ -991,7 +991,7 @@
                                 BUILD_VARIANTS = debug;
                                 COPY_PHASE_STRIP = NO;
                                 CSSM_HEADERS = "$(BUILT_PRODUCTS_DIR)/Security.framework/Headers:$(SYSTEM_LIBRARY_DIR)/Frameworks/Security.framework/Headers";
                                 BUILD_VARIANTS = debug;
                                 COPY_PHASE_STRIP = NO;
                                 CSSM_HEADERS = "$(BUILT_PRODUCTS_DIR)/Security.framework/Headers:$(SYSTEM_LIBRARY_DIR)/Frameworks/Security.framework/Headers";
-                               CURRENT_PROJECT_VERSION = 55111;
+                               CURRENT_PROJECT_VERSION = 55126.2;
                                 FRAMEWORK_SEARCH_PATHS = (
                                         /usr/local/SecurityPieces/Frameworks,
                                         /usr/local/SecurityPieces/Components/securityd,
                                 FRAMEWORK_SEARCH_PATHS = (
                                         /usr/local/SecurityPieces/Frameworks,
                                         /usr/local/SecurityPieces/Components/securityd,
@@ -1044,7 +1044,7 @@
                                 );
                                 COPY_PHASE_STRIP = "(null)";
                                 CSSM_HEADERS = "$(BUILT_PRODUCTS_DIR)/Security.framework/Headers:$(SYSTEM_LIBRARY_DIR)/Frameworks/Security.framework/Headers";
                                 );
                                 COPY_PHASE_STRIP = "(null)";
                                 CSSM_HEADERS = "$(BUILT_PRODUCTS_DIR)/Security.framework/Headers:$(SYSTEM_LIBRARY_DIR)/Frameworks/Security.framework/Headers";
-                               CURRENT_PROJECT_VERSION = 55111;
+                               CURRENT_PROJECT_VERSION = 55126.2;
                                 DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym";
                                 FRAMEWORK_SEARCH_PATHS = (
                                         /usr/local/SecurityPieces/Frameworks,
                                 DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym";
                                 FRAMEWORK_SEARCH_PATHS = (
                                         /usr/local/SecurityPieces/Frameworks,
@@ -1095,7 +1095,7 @@
                                 BUILD_VARIANTS = normal;
                                 COPY_PHASE_STRIP = NO;
                                 CSSM_HEADERS = "$(BUILT_PRODUCTS_DIR)/Security.framework/Headers:$(SYSTEM_LIBRARY_DIR)/Frameworks/Security.framework/Headers";
                                 BUILD_VARIANTS = normal;
                                 COPY_PHASE_STRIP = NO;
                                 CSSM_HEADERS = "$(BUILT_PRODUCTS_DIR)/Security.framework/Headers:$(SYSTEM_LIBRARY_DIR)/Frameworks/Security.framework/Headers";
-                               CURRENT_PROJECT_VERSION = 55111;
+                               CURRENT_PROJECT_VERSION = 55126.2;
                                 FRAMEWORK_SEARCH_PATHS = (
                                         /usr/local/SecurityPieces/Frameworks,
                                         /usr/local/SecurityPieces/Components/securityd,
                                 FRAMEWORK_SEARCH_PATHS = (
                                         /usr/local/SecurityPieces/Frameworks,
                                         /usr/local/SecurityPieces/Components/securityd,
@@ -1148,7 +1148,7 @@
                                 );
                                 COPY_PHASE_STRIP = "(null)";
                                 CSSM_HEADERS = "";
                                 );
                                 COPY_PHASE_STRIP = "(null)";
                                 CSSM_HEADERS = "";
-                               CURRENT_PROJECT_VERSION = 55111;
+                               CURRENT_PROJECT_VERSION = 55126.2;
                                 FRAMEWORK_SEARCH_PATHS = (
                                         /usr/local/SecurityPieces/Frameworks,
                                         /usr/local/SecurityPieces/Components/securityd,
                                 FRAMEWORK_SEARCH_PATHS = (
                                         /usr/local/SecurityPieces/Frameworks,
                                         /usr/local/SecurityPieces/Components/securityd,
diff --git a/src/AuthorizationEngine.cpp b/src/AuthorizationEngine.cpp

index c65ce84809cdb393e9b7df50cba5c0e4d9a8c29f..01560b0ff1a7bfeaad2ab43d957034f9819efe5e 100644 (file)
--- a/src/AuthorizationEngine.cpp
+++ b/src/AuthorizationEngine.cpp
@@ -222,6 +222,17 @@ Engine::authorize(const AuthItemSet &inRights, const AuthItemSet &environment,
              break;
                 }
         }
              break;
                 }
         }
+    
+    // purge all uid credentials from the outCredentials for least privileged mode
+    if (auth.operatesAsLeastPrivileged()) {
+        CredentialSet::const_iterator current, it = outCredentials->begin();
+        while(it != outCredentials->end()) {
+            current = it++;
+            if (!(*current)->isRight()) {
+                outCredentials->erase(current);
+            } 
+        }
+    }
  
         if (outCredentials)
                 outCredentials->swap(credentials);
  
         if (outCredentials)
                 outCredentials->swap(credentials);
diff --git a/src/AuthorizationRule.cpp b/src/AuthorizationRule.cpp

index c560076960de1e8eb4cf0714c89f22f93be24dbc..451618f51c13adbdcf880d429f9abf4a8c042dfb 100644 (file)
--- a/src/AuthorizationRule.cpp
+++ b/src/AuthorizationRule.cpp
@@ -459,8 +459,8 @@ RuleImpl::evaluateAuthentication(const AuthItemRef &inRight, const Rule &inRule,
  
         Credential hintCredential;
         if (errAuthorizationSuccess == evaluateSessionOwner(inRight, inRule, environmentToClient, now, auth, hintCredential, reason)) {
  
         Credential hintCredential;
         if (errAuthorizationSuccess == evaluateSessionOwner(inRight, inRule, environmentToClient, now, auth, hintCredential, reason)) {
-               if (hintCredential->username().length())
-                       environmentToClient.insert(AuthItemRef(AGENT_HINT_SUGGESTED_USER, AuthValueOverlay(hintCredential->username())));
+               if (hintCredential->name().length())
+                       environmentToClient.insert(AuthItemRef(AGENT_HINT_SUGGESTED_USER, AuthValueOverlay(hintCredential->name())));
                 if (hintCredential->realname().length())
                         environmentToClient.insert(AuthItemRef(AGENT_HINT_SUGGESTED_USER_LONG, AuthValueOverlay(hintCredential->realname())));
         }
                 if (hintCredential->realname().length())
                         environmentToClient.insert(AuthItemRef(AGENT_HINT_SUGGESTED_USER_LONG, AuthValueOverlay(hintCredential->realname())));
         }
@@ -548,12 +548,12 @@ RuleImpl::evaluateAuthentication(const AuthItemRef &inRight, const Rule &inRule,
  
                      // @@@ we log the uid a process was running under when it created the authref, which is misleading in the case of loginwindow
                      if (newCredential->isValid()) {
  
                      // @@@ we log the uid a process was running under when it created the authref, which is misleading in the case of loginwindow
                      if (newCredential->isValid()) {
-                        Syslog::info("UID %u authenticated as user %s (UID %u) for right '%s'", auth.creatorUid(), newCredential->username().c_str(), newCredential->uid(), rightName);
-                        rightAuthLogger.logSuccess(auth.creatorUid(), newCredential->uid(), newCredential->username().c_str());
+                        Syslog::info("UID %u authenticated as user %s (UID %u) for right '%s'", auth.creatorUid(), newCredential->name().c_str(), newCredential->uid(), rightName);
+                        rightAuthLogger.logSuccess(auth.creatorUid(), newCredential->uid(), newCredential->name().c_str());
                      } else {
                          // we can't be sure that the user actually exists so inhibit logging of uid
                      } else {
                          // we can't be sure that the user actually exists so inhibit logging of uid
-                        Syslog::error("UID %u failed to authenticate as user '%s' for right '%s'", auth.creatorUid(), newCredential->username().c_str(), rightName);
-                        rightAuthLogger.logFailure(auth.creatorUid(), newCredential->username().c_str());
+                        Syslog::error("UID %u failed to authenticate as user '%s' for right '%s'", auth.creatorUid(), newCredential->name().c_str(), rightName);
+                        rightAuthLogger.logFailure(auth.creatorUid(), newCredential->name().c_str());
                      }
                      
                      if (!newCredential->isValid())
                      }
                      
                      if (!newCredential->isValid())
@@ -568,22 +568,22 @@ RuleImpl::evaluateAuthentication(const AuthItemRef &inRight, const Rule &inRule,
                      if (status == errAuthorizationSuccess)
                      {
                          if (auth.operatesAsLeastPrivileged()) {
                      if (status == errAuthorizationSuccess)
                      {
                          if (auth.operatesAsLeastPrivileged()) {
-                            Credential rightCredential(rightName, newCredential->uid(), mShared);
+                            Credential rightCredential(rightName, mShared);
                              credentials.erase(rightCredential); credentials.insert(rightCredential);
                              if (mShared)
                              credentials.erase(rightCredential); credentials.insert(rightCredential);
                              if (mShared)
-                                credentials.insert(Credential(rightName, newCredential->uid(), false));
-                        } else {
-                            // whack an equivalent credential, so it gets updated to a later achieved credential which must have been more stringent
-                            credentials.erase(newCredential); credentials.insert(newCredential);
-                           // just got a new credential - if it's shared also add a non-shared one that to stick in the authorizationref local cache
-                           if (mShared)
-                               credentials.insert(Credential(newCredential->uid(), newCredential->username(), newCredential->realname(), newCredential->groupname(), false));
-                        }
+                                credentials.insert(Credential(rightName, false));
+                        } 
+
+                        // whack an equivalent credential, so it gets updated to a later achieved credential which must have been more stringent
+                        credentials.erase(newCredential); credentials.insert(newCredential);
+                        // just got a new credential - if it's shared also add a non-shared one that to stick in the authorizationref local cache
+                        if (mShared)
+                            credentials.insert(Credential(newCredential->uid(), newCredential->name(), newCredential->realname(), false));
                          
                          // use valid credential to set context info
                          // XXX/cs keeping this for now, such that the uid is passed back
                          auth.setCredentialInfo(newCredential, savePassword);
                          
                          // use valid credential to set context info
                          // XXX/cs keeping this for now, such that the uid is passed back
                          auth.setCredentialInfo(newCredential, savePassword);
-                        secdebug("SSevalMech", "added valid credential for user %s", newCredential->username().c_str());
+                        secdebug("SSevalMech", "added valid credential for user %s", newCredential->name().c_str());
                                                 // set the sessionHasAuthenticated
                                                 if (newCredential->uid() == auth.session().originatorUid()) {
                                                         secdebug("AuthEvalMech", "We authenticated as the session owner.\n");
                                                 // set the sessionHasAuthenticated
                                                 if (newCredential->uid() == auth.session().originatorUid()) {
                                                         secdebug("AuthEvalMech", "We authenticated as the session owner.\n");
@@ -656,7 +656,7 @@ RuleImpl::makeCredentials(const AuthorizationToken &auth) const
                 if (username.length() && uid)
                 {
                         // credential is valid because mechanism says so
                 if (username.length() && uid)
                 {
                         // credential is valid because mechanism says so
-                       newCredentials.insert(Credential(*uid, username, "", "", mShared));
+                       newCredentials.insert(Credential(*uid, username, "", mShared));
                 }
         } while(0);
  
                 }
         } while(0);
  
@@ -682,7 +682,7 @@ RuleImpl::evaluateSessionOwner(const AuthItemRef &inRight, const Rule &inRule, c
                         // Check if username will authorize the request and set username to
                         // be used as a hint to the user if so
                         secdebug("AuthEvalMech", "preflight credential from current user, result follows:");
                         // Check if username will authorize the request and set username to
                         // be used as a hint to the user if so
                         secdebug("AuthEvalMech", "preflight credential from current user, result follows:");
-                       sessionCredential = Credential(pw->pw_uid, pw->pw_name, pw->pw_gecos, "", mShared/*ignored*/);
+                       sessionCredential = Credential(pw->pw_uid, pw->pw_name, pw->pw_gecos, mShared/*ignored*/);
                 } //fi
                 endpwent();
         }
                 } //fi
                 endpwent();
         }
@@ -698,13 +698,21 @@ OSStatus
  RuleImpl::evaluateCredentialForRight(const AuthorizationToken &auth, const AuthItemRef &inRight, const Rule &inRule, const AuthItemSet &environment, CFAbsoluteTime now, const Credential &credential, bool ignoreShared, SecurityAgent::Reason &reason) const
  {
         if (auth.operatesAsLeastPrivileged()) {
  RuleImpl::evaluateCredentialForRight(const AuthorizationToken &auth, const AuthItemRef &inRight, const Rule &inRule, const AuthItemSet &environment, CFAbsoluteTime now, const Credential &credential, bool ignoreShared, SecurityAgent::Reason &reason) const
  {
         if (auth.operatesAsLeastPrivileged()) {
-               if (credential->isRight() && credential->isValid() && (inRight->name() == credential->rightname()))
-                       return errAuthorizationSuccess;
-               else
+        if (credential->isRight() && credential->isValid() && (inRight->name() == credential->name())) 
          {
          {
+            if (!ignoreShared && !mShared && credential->isShared())
+            {
+                // @@@  no proper SA::Reason
+                reason = SecurityAgent::unknownReason;
+                secdebug("autheval", "shared credential cannot be used, denying right %s", inRight->name());
+                return errAuthorizationDenied;
+            } else {
+                return errAuthorizationSuccess;
+            }
+        } else {
              // @@@  no proper SA::Reason
              reason = SecurityAgent::unknownReason;
              // @@@  no proper SA::Reason
              reason = SecurityAgent::unknownReason;
-                       return errAuthorizationDenied;
+            return errAuthorizationDenied;
          }
         } else
                 return evaluateUserCredentialForRight(auth, inRight, inRule, environment, now, credential, false, reason);
          }
         } else
                 return evaluateUserCredentialForRight(auth, inRight, inRule, environment, now, credential, false, reason);
@@ -723,7 +731,7 @@ RuleImpl::evaluateUserCredentialForRight(const AuthorizationToken &auth, const A
      // everywhere, from RuleImpl::evaluate() on down.  
  
         // Get the username from the credential
      // everywhere, from RuleImpl::evaluate() on down.  
  
         // Get the username from the credential
-       const char *user = credential->username().c_str();
+       const char *user = credential->name().c_str();
  
         // If the credential is not valid or its age is more than the allowed maximum age
         // for a credential, deny.
  
         // If the credential is not valid or its age is more than the allowed maximum age
         // for a credential, deny.
@@ -810,7 +818,6 @@ RuleImpl::evaluateUserCredentialForRight(const AuthorizationToken &auth, const A
                                 
                         if (is_member)
                         {
                                 
                         if (is_member)
                         {
-                credential->setGroupname(mGroupName);
                                 secdebug("autheval", "user %s is a member of group %s, granting right %s",
                                         user, groupname, inRight->name());
                                 return errAuthorizationSuccess;
                                 secdebug("autheval", "user %s is a member of group %s, granting right %s",
                                         user, groupname, inRight->name());
                                 return errAuthorizationSuccess;
@@ -873,10 +880,10 @@ RuleImpl::evaluateUser(const AuthItemRef &inRight, const Rule &inRule, AuthItemS
                 {
                         OSStatus status = evaluateUserCredentialForRight(auth, inRight, inRule, environmentToClient, now, *it, false, reason);
                         if (errAuthorizationSuccess == status) {
                 {
                         OSStatus status = evaluateUserCredentialForRight(auth, inRight, inRule, environmentToClient, now, *it, false, reason);
                         if (errAuthorizationSuccess == status) {
-                               Credential rightCredential(inRight->name(), (*it)->uid(), mShared);
+                               Credential rightCredential(inRight->name(), mShared);
                                 credentials.erase(rightCredential); credentials.insert(rightCredential);
                                 if (mShared)
                                 credentials.erase(rightCredential); credentials.insert(rightCredential);
                                 if (mShared)
-                                       credentials.insert(Credential(inRight->name(), (*it)->uid(), false));
+                                       credentials.insert(Credential(inRight->name(), false));
                                 return status;
                         }
                 }
                                 return status;
                         }
                 }
@@ -973,6 +980,10 @@ RuleImpl::evaluateMechanismOnly(const AuthItemRef &inRight, const Rule &inRule,
                      // (try to) attach the authorizing UID to the least-priv cred
                                         if (auth.operatesAsLeastPrivileged())
                      {
                      // (try to) attach the authorizing UID to the least-priv cred
                                         if (auth.operatesAsLeastPrivileged())
                      {
+                        outCredentials.insert(Credential(rightName, mShared));
+                        if (mShared) 
+                            outCredentials.insert(Credential(rightName, false));
+                        
                          RightAuthenticationLogger logger(auth.creatorAuditToken(), AUE_ssauthint);
                          logger.setRight(rightName);
  
                          RightAuthenticationLogger logger(auth.creatorAuditToken(), AUE_ssauthint);
                          logger.setRight(rightName);
  
@@ -982,26 +993,23 @@ RuleImpl::evaluateMechanismOnly(const AuthItemRef &inRight, const Rule &inRule,
                              uid_t authorizedUid;
                              memcpy(&authorizedUid, uidItem->value().data, sizeof(authorizedUid));
                              secdebug("AuthEvalMech", "generating least-privilege cred for '%s' authorized by UID %u", inRight->name(), authorizedUid);
                              uid_t authorizedUid;
                              memcpy(&authorizedUid, uidItem->value().data, sizeof(authorizedUid));
                              secdebug("AuthEvalMech", "generating least-privilege cred for '%s' authorized by UID %u", inRight->name(), authorizedUid);
-                            outCredentials.insert(Credential(rightName, authorizedUid, mShared));
                              logger.logLeastPrivilege(authorizedUid, true);
                          }
                          else    // cltUid is better than nothing
                          {
                              secdebug("AuthEvalMech", "generating least-privilege cred for '%s' with process- or auth-UID %u", inRight->name(), cltUid);
                              logger.logLeastPrivilege(authorizedUid, true);
                          }
                          else    // cltUid is better than nothing
                          {
                              secdebug("AuthEvalMech", "generating least-privilege cred for '%s' with process- or auth-UID %u", inRight->name(), cltUid);
-                            outCredentials.insert(Credential(rightName, cltUid, mShared));
                              logger.logLeastPrivilege(cltUid, false);
                          }
                      }
                              logger.logLeastPrivilege(cltUid, false);
                          }
                      }
-                                       else {
-                                               if (0 == strcmp(rightName, "system.login.console") && NULL == eval.context().find(AGENT_CONTEXT_AUTO_LOGIN)) {
-                                                       secdebug("AuthEvalMech", "We logged in as the session owner.\n");
-                                                       SessionAttributeBits flags = auth.session().attributes();
-                                                       flags |= AU_SESSION_FLAG_HAS_AUTHENTICATED;
-                                                       auth.session().setAttributes(flags);                                                    
-                                               }
-                                               CredentialSet newCredentials = makeCredentials(auth);
-                                               outCredentials.insert(newCredentials.begin(), newCredentials.end());
-                                       }
+
+                    if (0 == strcmp(rightName, "system.login.console") && NULL == eval.context().find(AGENT_CONTEXT_AUTO_LOGIN)) {
+                        secdebug("AuthEvalMech", "We logged in as the session owner.\n");
+                        SessionAttributeBits flags = auth.session().attributes();
+                        flags |= AU_SESSION_FLAG_HAS_AUTHENTICATED;
+                        auth.session().setAttributes(flags);                                                   
+                    }
+                    CredentialSet newCredentials = makeCredentials(auth);
+                    outCredentials.insert(newCredentials.begin(), newCredentials.end());
                                 }
                         }
  
                                 }
                         }
  
diff --git a/src/authhost.cpp b/src/authhost.cpp

index 3ca8f54a0f5b83dda2f070e0da23be0867025ca2..2f9580d7a539a043f7f49850df82e046db2a4f48 100644 (file)
--- a/src/authhost.cpp
+++ b/src/authhost.cpp
@@ -74,6 +74,11 @@ Session &AuthHostInstance::session() const
         return referent<Session>();
  }
  
         return referent<Session>();
  }
  
+bool AuthHostInstance::inDarkWake()
+{
+       return this->session().server().inDarkWake();
+}
+
  void
  AuthHostInstance::childAction()
  {
  void
  AuthHostInstance::childAction()
  {
@@ -154,9 +159,12 @@ AuthHostInstance::lookup(SessionId jobId)
      /* PR-7483709 const */ uuid_t instanceId = UUID_INITIALIZER_FROM_SESSIONID(jobId);
      uuid_string_t s;
  
      /* PR-7483709 const */ uuid_t instanceId = UUID_INITIALIZER_FROM_SESSIONID(jobId);
      uuid_string_t s;
  
-    if ((mHostType == securityAgent) &&
-      !(session().attributes() & sessionHasGraphicAccess))
-        CssmError::throwMe(CSSM_ERRCODE_NO_USER_INTERACTION);
+    if ((mHostType == securityAgent)) {
+       if (!(session().attributes() & sessionHasGraphicAccess))
+           CssmError::throwMe(CSSM_ERRCODE_NO_USER_INTERACTION);
+       if (inDarkWake())
+           CssmError::throwMe(CSSM_ERRCODE_IN_DARK_WAKE);
+    }
      
      if (mHostType == securityAgent)
         serviceName = SECURITYAGENT_BOOTSTRAP_NAME_BASE;
      
      if (mHostType == securityAgent)
         serviceName = SECURITYAGENT_BOOTSTRAP_NAME_BASE;
@@ -181,9 +189,12 @@ Port AuthHostInstance::activate()
         StLock<Mutex> _(*this);
         if (state() != alive)
         {
         StLock<Mutex> _(*this);
         if (state() != alive)
         {
-               if ((mHostType == securityAgent) && 
-                   !(session().attributes() & sessionHasGraphicAccess))
+               if ((mHostType == securityAgent)) {
+                   if (!(session().attributes() & sessionHasGraphicAccess))
                         CssmError::throwMe(CSSM_ERRCODE_NO_USER_INTERACTION);
                         CssmError::throwMe(CSSM_ERRCODE_NO_USER_INTERACTION);
+                   if (inDarkWake())
+                       CssmError::throwMe(CSSM_ERRCODE_IN_DARK_WAKE);
+               }
  
                 fork();
                 switch (ServerChild::state()) {
  
                 fork();
                 switch (ServerChild::state()) {
diff --git a/src/authhost.h b/src/authhost.h

index 5e415339b0f88c82a080a86866b8aa158e78e378..b1fc2c2c826758cc209175ab7b12d270446226a7 100644 (file)
--- a/src/authhost.h
+++ b/src/authhost.h
@@ -50,6 +50,8 @@ protected:
  
  private:
         AuthHostType mHostType;
  
  private:
         AuthHostType mHostType;
+
+       bool inDarkWake();
  };
  
  #endif /* _H_AUTHHOST */
  };
  
  #endif /* _H_AUTHHOST */
diff --git a/src/authority.cpp b/src/authority.cpp

index 5577188bb46abb4d6ca250f6322e8b8e3499b5c0..e9685b24ce1a4314e377dbcf6b01ed057e705e3b 100644 (file)
--- a/src/authority.cpp
+++ b/src/authority.cpp
@@ -273,7 +273,7 @@ AuthorizationToken::setCredentialInfo(const Credential &inCred, bool savePasswor
      AuthItemRef uidHint("uid", AuthValueOverlay(sizeof(uid), &uid));
      dstInfoSet.insert(uidHint);
   
      AuthItemRef uidHint("uid", AuthValueOverlay(sizeof(uid), &uid));
      dstInfoSet.insert(uidHint);
   
-    AuthItemRef userHint("username", AuthValueOverlay(inCred->username()), 0);
+    AuthItemRef userHint("username", AuthValueOverlay(inCred->name()), 0);
      dstInfoSet.insert(userHint);
   
         setInfoSet(dstInfoSet, savePassword);
      dstInfoSet.insert(userHint);
   
         setInfoSet(dstInfoSet, savePassword);
diff --git a/src/credential.cpp b/src/credential.cpp

index 5eaa6a1f97822b2cba4b4c09435ea8abc8b51c03..dcb38c22479ee4da6c48cc5fa740d0d64e1ff052 100644 (file)
--- a/src/credential.cpp
+++ b/src/credential.cpp
@@ -32,16 +32,16 @@ extern "C" int checkpw_internal( const struct passwd *pw, const char* password )
  namespace Authorization {
  
  // default credential: invalid for everything, needed as a default session credential
  namespace Authorization {
  
  // default credential: invalid for everything, needed as a default session credential
-CredentialImpl::CredentialImpl() : mShared(false), mRight(false), mRightName(""), mGroupName(""), mUid(0), mUserName(""), mRealName(""), mCreationTime(CFAbsoluteTimeGetCurrent()), mValid(false)
+CredentialImpl::CredentialImpl() : mShared(false), mRight(false), mUid(0), mName(""), mCreationTime(CFAbsoluteTimeGetCurrent()), mValid(false)
  {
  }
  
  // only for testing whether this credential is usable
  {
  }
  
  // only for testing whether this credential is usable
-CredentialImpl::CredentialImpl(const uid_t uid, const string &username, const string &realname, const string &groupname, bool shared) : mShared(shared), mRight(false), mRightName(""), mGroupName(groupname), mUid(uid), mUserName(username), mRealName(realname), mCreationTime(CFAbsoluteTimeGetCurrent()), mValid(true)
+CredentialImpl::CredentialImpl(const uid_t uid, const string &username, const string &realname, bool shared) : mShared(shared), mRight(false), mUid(uid), mName(username), mRealName(realname), mCreationTime(CFAbsoluteTimeGetCurrent()), mValid(true)
  {
  }
  
  {
  }
  
-CredentialImpl::CredentialImpl(const string &username, const string &password, bool shared) : mShared(shared), mRight(false), mRightName(""), mGroupName(""), mUserName(username), mCreationTime(CFAbsoluteTimeGetCurrent()), mValid(false)
+CredentialImpl::CredentialImpl(const string &username, const string &password, bool shared) : mShared(shared), mRight(false), mName(username), mCreationTime(CFAbsoluteTimeGetCurrent()), mValid(false)
  {
      Server::active().longTermActivity();
      const char *user = username.c_str();
  {
      Server::active().longTermActivity();
      const char *user = username.c_str();
@@ -54,7 +54,7 @@ CredentialImpl::CredentialImpl(const string &username, const string &password, b
          }
  
          mUid = pw->pw_uid;
          }
  
          mUid = pw->pw_uid;
-        mUserName = pw->pw_name;
+        mName = pw->pw_name;
          mRealName = pw->pw_gecos;
  
          const char *passwd = password.c_str();
          mRealName = pw->pw_gecos;
  
          const char *passwd = password.c_str();
@@ -76,7 +76,7 @@ CredentialImpl::CredentialImpl(const string &username, const string &password, b
  // least-privilege
      // @@@  arguably we don't care about the UID any more and should not
      // require it in this ctor
  // least-privilege
      // @@@  arguably we don't care about the UID any more and should not
      // require it in this ctor
-CredentialImpl::CredentialImpl(const string &right, const uid_t uid, bool shared) : mShared(shared), mRight(true), mRightName(right), mGroupName(""), mUid(uid), mUserName(""), mRealName(""), mCreationTime(CFAbsoluteTimeGetCurrent()), mValid(true)
+CredentialImpl::CredentialImpl(const string &right, bool shared) : mShared(shared), mRight(true), mUid(-2), mName(right), mRealName(""), mCreationTime(CFAbsoluteTimeGetCurrent()), mValid(true)
  {
  }
  
  {
  }
  
@@ -87,32 +87,36 @@ CredentialImpl::~CredentialImpl()
  bool
  CredentialImpl::operator < (const CredentialImpl &other) const
  {
  bool
  CredentialImpl::operator < (const CredentialImpl &other) const
  {
-    // Desired ordering characteristics: 
+    // all shared creds are placed into mSessionCreds
+    // all non shared creds are placed into AuthorizationToken
      //
      //
-    // - unshared before shared
-    // - least privilege before non-least privilege
-    // - for least privilege credentials with the same sharing characteristics, 
-    //   order on the basis of right strings
-    // - orthographic order of group names
-    // 
-    // UID used to be the primary distinguishing element, but it can't be
-    // trusted--it's gathered as a side effect, potentially by an external
-    // process.  
-    //
-    // Nothing is sacred about this ordering; we just had to pick something.  
+    // There are 2 types of credentials UID and Right
+    // UID = Authenticated Identity
+    // Right = Rights which were previously authenticated by a uid credential
      
      
+    // Right Credentials are only used during kAuthorizationFlagLeastPrivileged 
+    // operations and should not have a valid uid set    
+
+    // this allows shared and none shared co-exist in the same container
+    // used when processing multiple rights shared vs non-shared during evaluation 
      if (!mShared && other.mShared)
          return true;
      if (!other.mShared && mShared)
          return false;
      if (!mShared && other.mShared)
          return true;
      if (!other.mShared && mShared)
          return false;
+    
+    // this allows uids and rights co-exist in the same container
+    // used when holding onto Rights inside of the AuthorizationToken
      if (mRight && !other.mRight)
          return true;
      if (!mRight && other.mRight)
          return false;
      if (mRight && !other.mRight)
          return true;
      if (!mRight && other.mRight)
          return false;
-    if (mRight && other.mRight)
-        return mRightName < other.mRightName;
-    else
-        return mGroupName < other.mGroupName;
+    
+    // this is the actual comparision
+    if (mRight) {
+        return mName < other.mName;
+    } else {
+        return mUid < other.mUid;
+    }
  }
  
  // Returns true if this CredentialImpl should be shared.
  }
  
  // Returns true if this CredentialImpl should be shared.
@@ -129,9 +133,9 @@ CredentialImpl::merge(const CredentialImpl &other)
      // try to ensure that the credentials are the same type
      assert(mRight == other.mRight);
      if (mRight)
      // try to ensure that the credentials are the same type
      assert(mRight == other.mRight);
      if (mRight)
-        assert(mRightName == other.mRightName);
-    else
-        assert(mGroupName == other.mGroupName);
+        assert(mName == other.mName);
+    else 
+        assert(mUid == other.mUid);
  
      if (other.mValid && (!mValid || mCreationTime < other.mCreationTime))
      {
  
      if (other.mValid && (!mValid || mCreationTime < other.mCreationTime))
      {
@@ -173,8 +177,8 @@ RefPointer<CredentialImpl>(impl)
  {
  }
  
  {
  }
  
-Credential::Credential(const uid_t uid, const string &username, const string &realname, const string &groupname, bool shared) :
-RefPointer<CredentialImpl>(new CredentialImpl(uid, username, realname, groupname, shared))
+Credential::Credential(const uid_t uid, const string &username, const string &realname, bool shared) :
+RefPointer<CredentialImpl>(new CredentialImpl(uid, username, realname, shared))
  {
  }
  
  {
  }
  
@@ -182,7 +186,7 @@ Credential::Credential(const string &username, const string &password, bool shar
  {
  }
  
  {
  }
  
-Credential::Credential(const string &right, const uid_t uid, bool shared) : RefPointer<CredentialImpl>(new CredentialImpl(right, uid, shared))
+Credential::Credential(const string &right, bool shared) : RefPointer<CredentialImpl>(new CredentialImpl(right, shared))
  {
  }
  
  {
  }
  
diff --git a/src/credential.h b/src/credential.h

index 7b5dba661da7ee132e9a68a092e15afdff9e2043..d96b511d98550b4dde25e042722f78902549ed46 100644 (file)
--- a/src/credential.h
+++ b/src/credential.h
@@ -39,9 +39,9 @@ class CredentialImpl : public RefCount
  {
  public:
                 CredentialImpl();
  {
  public:
                 CredentialImpl();
-        CredentialImpl(const uid_t uid, const string &username, const string &realname, const string &groupname, bool shared);
+        CredentialImpl(const uid_t uid, const string &username, const string &realname, bool shared);
          CredentialImpl(const string &username, const string &password, bool shared);
          CredentialImpl(const string &username, const string &password, bool shared);
-               CredentialImpl(const string &right, const uid_t uid, bool shared);
+               CredentialImpl(const string &right, bool shared);
          ~CredentialImpl();
  
          bool operator < (const CredentialImpl &other) const;
          ~CredentialImpl();
  
          bool operator < (const CredentialImpl &other) const;
@@ -63,28 +63,20 @@ public:
  
          // We could make Rule a friend but instead we just expose this for now
          inline const uid_t uid() const { return mUid; }
  
          // We could make Rule a friend but instead we just expose this for now
          inline const uid_t uid() const { return mUid; }
-        inline const string& username() const { return mUserName; }
+        inline const string& name() const { return mName; }
          inline const string& realname() const { return mRealName; }
          inline const string& realname() const { return mRealName; }
-               inline const bool isRight() const { return mRight; }
-    inline const string &rightname() const { return mRightName; }
-    inline const string &groupname() const { return mGroupName; }
-    
-    // sometimes the Credential exists before we've validated it, so we need
-    // a setter for group name
-    inline void setGroupname(const string &group)  { mGroupName = group; }
+        inline const bool isRight() const { return mRight; }
      
  private:
          bool mShared;       // credential is shared
      
  private:
          bool mShared;       // credential is shared
-    bool mRight;            // is least-privilege credential
-    string mRightName;      // least-privilege name
-    string mGroupName;      // if it's not least-priv, it boils down to 
-                            // user-in-group
+        bool mRight;            // is least-privilege credential
+
  
          // Fields below are not used by less-than operator
  
          // The user that provided his password.
          uid_t mUid;
  
          // Fields below are not used by less-than operator
  
          // The user that provided his password.
          uid_t mUid;
-        string mUserName;
+        string mName;
          string mRealName;
  
          CFAbsoluteTime mCreationTime;
          string mRealName;
  
          CFAbsoluteTime mCreationTime;
@@ -97,9 +89,9 @@ class Credential : public RefPointer<CredentialImpl>
  public:
          Credential();
          Credential(CredentialImpl *impl);
  public:
          Credential();
          Credential(CredentialImpl *impl);
-        Credential(const uid_t uid, const string &username, const string &realname, const string &groupname, bool shared);
+        Credential(const uid_t uid, const string &username, const string &realname, bool shared);
          Credential(const string &username, const string &password, bool shared);
          Credential(const string &username, const string &password, bool shared);
-               Credential(const string &right, const uid_t uid, bool shared);          
+               Credential(const string &right, bool shared);           
          ~Credential();
  
          bool operator < (const Credential &other) const;
          ~Credential();
  
          bool operator < (const Credential &other) const;
diff --git a/src/server.h b/src/server.h

index 2c534b0e9ccf70dfb2c171f8389568db98e66d17..c526bd3541707010d366bd746b5715a99611f70f 100644 (file)
--- a/src/server.h
+++ b/src/server.h
@@ -192,6 +192,7 @@ public:
         void beginShutdown();                                                   // start delayed shutdown if configured
         bool shuttingDown() const { return mShuttingDown; }
         void shutdownSnitch();                                                  // report lingering clients
         void beginShutdown();                                                   // start delayed shutdown if configured
         bool shuttingDown() const { return mShuttingDown; }
         void shutdownSnitch();                                                  // report lingering clients
+       bool inDarkWake() { return sleepWatcher.inDarkWake(); }
      
  private:
         // mach bootstrap registration name
      
  private:
         // mach bootstrap registration name
diff --git a/src/session.cpp b/src/session.cpp

index d7cecbf861bab5b8f4bbaff00677cbae2a28b89a..42d51c4aecf368342063558332e79be554ea724c 100644 (file)
--- a/src/session.cpp
+++ b/src/session.cpp
@@ -89,6 +89,12 @@ Session::~Session()
  }
  
  
  }
  
  
+Server &Session::server() const
+{
+       return parent<Server>();
+}
+
+
  //
  // Locate a session object by session identifier
  //
  //
  // Locate a session object by session identifier
  //
diff --git a/src/session.h b/src/session.h

index fd7111c776e59a26e5ea0c500958174e227bcea3..cccaf249ec640047a4b1db475ebede7aabf6d058 100644 (file)
--- a/src/session.h
+++ b/src/session.h
@@ -61,6 +61,8 @@ public:
      Session(const CommonCriteria::AuditInfo &audit, Server &server);
         virtual ~Session();
      
      Session(const CommonCriteria::AuditInfo &audit, Server &server);
         virtual ~Session();
      
+       Server &server() const;
+
         SessionId sessionId() const { return mAudit.sessionId(); }
         CommonCriteria::AuditInfo &auditInfo() { return mAudit; }
      
         SessionId sessionId() const { return mAudit.sessionId(); }
         CommonCriteria::AuditInfo &auditInfo() { return mAudit; }
author	Apple <opensource@apple.com>
	Wed, 7 Mar 2012 22:00:52 +0000 (22:00 +0000)
committer	Apple <opensource@apple.com>
	Wed, 7 Mar 2012 22:00:52 +0000 (22:00 +0000)
etc/authorization.merge		patch \| blob \| blame \| history
etc/authorization.plist		patch \| blob \| blame \| history
securityd.xcodeproj/project.pbxproj		patch \| blob \| blame \| history
src/AuthorizationEngine.cpp		patch \| blob \| blame \| history
src/AuthorizationRule.cpp		patch \| blob \| blame \| history
src/authhost.cpp		patch \| blob \| blame \| history
src/authhost.h		patch \| blob \| blame \| history
src/authority.cpp		patch \| blob \| blame \| history
src/credential.cpp		patch \| blob \| blame \| history
src/credential.h		patch \| blob \| blame \| history
src/server.h		patch \| blob \| blame \| history
src/session.cpp		patch \| blob \| blame \| history
src/session.h		patch \| blob \| blame \| history