user_trust_enable.cpp [plain text]
#include "user_trust_enable.h"
#include <errno.h>
#include <unistd.h>
#include <security_utilities/simpleprefs.h>
#include <Security/TrustSettingsSchema.h>
#include <CoreFoundation/CFNumber.h>
typedef enum {
utoSet = 0,
utoShow
} UserTrustOp;
int
user_trust_enable(int argc, char * const *argv)
{
extern int optind;
int arg;
UserTrustOp op = utoShow;
CFBooleanRef disabledBool = kCFBooleanFalse;
optind = 1;
int ourRtn = 0;
while ((arg = getopt(argc, argv, "deh")) != -1) {
switch (arg) {
case 'd':
op = utoSet;
disabledBool = kCFBooleanTrue;
break;
case 'e':
op = utoSet;
disabledBool = kCFBooleanFalse;
break;
default:
case 'h':
return 2;
}
}
if(optind != argc) {
return 2;
}
if(op == utoShow) {
bool utDisable = false;
#if !defined MAC_OS_X_VERSION_10_6 || MAC_OS_X_VERSION_MAX_ALLOWED < MAC_OS_X_VERSION_10_6
Dictionary* prefsDict = new Dictionary(kSecTrustSettingsPrefsDomain, Dictionary::US_System);
#else
Dictionary* prefsDict = Dictionary::CreateDictionary(kSecTrustSettingsPrefsDomain, Dictionary::US_System);
#endif
if (prefsDict != NULL)
{
utDisable = prefsDict->getBoolValue(kSecTrustSettingsDisableUserTrustSettings);
delete prefsDict;
}
fprintf(stdout, "User-level Trust Settings are %s\n",
utDisable ? "Disabled" : "Enabled");
return 0;
}
if(geteuid() != 0) {
fprintf(stderr, "You must be root to set this preference.\n");
return 1;
}
#if !defined MAC_OS_X_VERSION_10_6 || MAC_OS_X_VERSION_MAX_ALLOWED < MAC_OS_X_VERSION_10_6
MutableDictionary *prefsDict = new MutableDictionary(kSecTrustSettingsPrefsDomain, Dictionary::US_System);
#else
MutableDictionary *prefsDict = MutableDictionary::CreateMutableDictionary(kSecTrustSettingsPrefsDomain, Dictionary::US_System);
#endif
if (prefsDict == NULL)
{
prefsDict = new MutableDictionary();
}
prefsDict->setValue(kSecTrustSettingsDisableUserTrustSettings, disabledBool);
if(prefsDict->writePlistToPrefs(kSecTrustSettingsPrefsDomain, Dictionary::US_System)) {
fprintf(stdout, "...User-level Trust Settings are %s\n",
(disabledBool == kCFBooleanTrue) ? "Disabled" : "Enabled");
}
else {
fprintf(stderr, "Could not write system preferences.\n");
ourRtn = 1;
}
delete prefsDict;
return ourRtn;
}