trampolineServer.cpp   [plain text]

/*
 * Copyright (c) 2000-2001,2011,2013-2014 Apple Inc. All Rights Reserved.
 * 
 * @APPLE_LICENSE_HEADER_START@
 * 
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this
 * file.
 * 
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 * 
 * @APPLE_LICENSE_HEADER_END@
 */


//
// trampolineServer.cpp - tool-side trampoline support functions
//
#include <cstdlib>
#include <unistd.h>
#include <Security/Authorization.h>
#include <Security/SecBase.h>
#include <dispatch/dispatch.h>

//
// In a tool launched via AuthorizationCopyPrivilegedReference, retrieve a copy
// of the AuthorizationRef that started it all.
//
OSStatus AuthorizationCopyPrivilegedReference(AuthorizationRef *authorization,
	AuthorizationFlags flags)
{
	// flags are currently reserved
	if (flags != 0)
		return errAuthorizationInvalidFlags;

	// retrieve hex form of external form from environment
	const char *mboxFdText = getenv("__AUTHORIZATION");
	if (!mboxFdText) {
		return errAuthorizationInvalidRef;
	}

	static AuthorizationExternalForm extForm;
	static OSStatus result = errAuthorizationInvalidRef;
	static dispatch_once_t onceToken;
	dispatch_once(&onceToken, ^{
		// retrieve the pipe and read external form
		int fd;
		if (sscanf(mboxFdText, "auth %d", &fd) != 1) {
			return;
		}
		ssize_t numOfBytes = read(fd, &extForm, sizeof(extForm));
		close(fd);
		if (numOfBytes == sizeof(extForm)) {
			result = errAuthorizationSuccess;
		}
	});

	if (result) {
		// we had some trouble with reading the extform
		return result;
	}

	// internalize the authorization
	AuthorizationRef auth;
	if (OSStatus error = AuthorizationCreateFromExternalForm(&extForm, &auth))
		return error;

	if (authorization) {
		*authorization = auth;
	}

	return errAuthorizationSuccess;
}