user_trust_enable.cpp   [plain text]

/*
 * Copyright (c) 2003-2004,2006,2008-2009,2012,2014 Apple Inc. All Rights Reserved.
 *
 * @APPLE_LICENSE_HEADER_START@
 * 
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this
 * file.
 * 
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 * 
 * @APPLE_LICENSE_HEADER_END@
 *
 * user_trust_enable.cpp
 */

#include "security_tool.h"
#include "user_trust_enable.h"
#include <errno.h>
#include <unistd.h>
#include <security_utilities/simpleprefs.h>
#include <Security/TrustSettingsSchema.h>		/* private SPI */
#include <CoreFoundation/CFNumber.h>

typedef enum {
	utoSet = 0,
	utoShow
} UserTrustOp;

int
user_trust_enable(int argc, char * const *argv)
{
	extern int optind;
	int arg;
	UserTrustOp op = utoShow;
	CFBooleanRef disabledBool = kCFBooleanFalse;	/* what we write to prefs */
	optind = 1;
	int ourRtn = 0;

	while ((arg = getopt(argc, argv, "deh")) != -1) {
		switch (arg) {
			case 'd':
				op = utoSet;
				disabledBool = kCFBooleanTrue;
				break;
			case 'e':
				op = utoSet;
				disabledBool = kCFBooleanFalse;
				break;
			default:
			case 'h':
				return SHOW_USAGE_MESSAGE;
		}
	}
	if(optind != argc) {
		return SHOW_USAGE_MESSAGE;
	}

	if(op == utoShow) {
		bool utDisable = false;

#if !defined MAC_OS_X_VERSION_10_6 || MAC_OS_X_VERSION_MAX_ALLOWED < MAC_OS_X_VERSION_10_6
		Dictionary* prefsDict = new Dictionary(kSecTrustSettingsPrefsDomain, Dictionary::US_System);
#else
		Dictionary* prefsDict = Dictionary::CreateDictionary(kSecTrustSettingsPrefsDomain, Dictionary::US_System);
#endif
		if (prefsDict != NULL)
		{
			utDisable = prefsDict->getBoolValue(kSecTrustSettingsDisableUserTrustSettings);
			delete prefsDict;
		}

		fprintf(stdout, "User-level Trust Settings are %s\n",
			utDisable ? "Disabled" : "Enabled");
		return 0;
	}

	/*  set the pref... */
	if(geteuid() != 0) {
		fprintf(stderr, "You must be root to set this preference.\n");
		return 1;
	}

	/* get a mutable copy of the existing prefs, or a fresh empty one */
#if !defined MAC_OS_X_VERSION_10_6 || MAC_OS_X_VERSION_MAX_ALLOWED < MAC_OS_X_VERSION_10_6
	MutableDictionary *prefsDict = new MutableDictionary(kSecTrustSettingsPrefsDomain, Dictionary::US_System);
#else
	MutableDictionary *prefsDict = MutableDictionary::CreateMutableDictionary(kSecTrustSettingsPrefsDomain, Dictionary::US_System);
#endif
	if (prefsDict == NULL)
	{
		prefsDict = new MutableDictionary();
	}

	prefsDict->setValue(kSecTrustSettingsDisableUserTrustSettings, disabledBool);
	if(prefsDict->writePlistToPrefs(kSecTrustSettingsPrefsDomain, Dictionary::US_System)) {
		fprintf(stdout, "...User-level Trust Settings are %s\n",
			(disabledBool == kCFBooleanTrue) ? "Disabled" : "Enabled");
	}
	else {
		fprintf(stderr, "Could not write system preferences.\n");
		ourRtn = 1;
	}
	delete prefsDict;
	return ourRtn;
}