diff options
Diffstat (limited to 'mDNSResponder/mDNSMacOSX/PreferencePane/ConfigurationAuthority.c')
-rw-r--r-- | mDNSResponder/mDNSMacOSX/PreferencePane/ConfigurationAuthority.c | 180 |
1 files changed, 0 insertions, 180 deletions
diff --git a/mDNSResponder/mDNSMacOSX/PreferencePane/ConfigurationAuthority.c b/mDNSResponder/mDNSMacOSX/PreferencePane/ConfigurationAuthority.c deleted file mode 100644 index 43da5025..00000000 --- a/mDNSResponder/mDNSMacOSX/PreferencePane/ConfigurationAuthority.c +++ /dev/null @@ -1,180 +0,0 @@ -/* - File: ConfigurationAuthority.c - - Abstract: Interface to system security framework that manages access - to protected resources like system configuration preferences. - - Copyright: (c) Copyright 2005 Apple Computer, Inc. All rights reserved. - - Disclaimer: IMPORTANT: This Apple software is supplied to you by Apple Computer, Inc. - ("Apple") in consideration of your agreement to the following terms, and your - use, installation, modification or redistribution of this Apple software - constitutes acceptance of these terms. If you do not agree with these terms, - please do not use, install, modify or redistribute this Apple software. - - In consideration of your agreement to abide by the following terms, and subject - to these terms, Apple grants you a personal, non-exclusive license, under Apple's - copyrights in this original Apple software (the "Apple Software"), to use, - reproduce, modify and redistribute the Apple Software, with or without - modifications, in source and/or binary forms; provided that if you redistribute - the Apple Software in its entirety and without modifications, you must retain - this notice and the following text and disclaimers in all such redistributions of - the Apple Software. Neither the name, trademarks, service marks or logos of - Apple Computer, Inc. may be used to endorse or promote products derived from the - Apple Software without specific prior written permission from Apple. Except as - expressly stated in this notice, no other rights or licenses, express or implied, - are granted by Apple herein, including but not limited to any patent rights that - may be infringed by your derivative works or by other works in which the Apple - Software may be incorporated. - - The Apple Software is provided by Apple on an "AS IS" basis. APPLE MAKES NO - WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION THE IMPLIED - WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY AND FITNESS FOR A PARTICULAR - PURPOSE, REGARDING THE APPLE SOFTWARE OR ITS USE AND OPERATION ALONE OR IN - COMBINATION WITH YOUR PRODUCTS. - - IN NO EVENT SHALL APPLE BE LIABLE FOR ANY SPECIAL, INDIRECT, INCIDENTAL OR - CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE - GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - ARISING IN ANY WAY OUT OF THE USE, REPRODUCTION, MODIFICATION AND/OR DISTRIBUTION - OF THE APPLE SOFTWARE, HOWEVER CAUSED AND WHETHER UNDER THEORY OF CONTRACT, TORT - (INCLUDING NEGLIGENCE), STRICT LIABILITY OR OTHERWISE, EVEN IF APPLE HAS BEEN - ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include "ConfigurationAuthority.h" -#include "ConfigurationRights.h" - -#include <AssertMacros.h> - - -static AuthorizationRef gAuthRef = 0; - -static AuthorizationItem gAuthorizations[] = { { UPDATE_SC_RIGHT, 0, NULL, 0 }, - { EDIT_SYS_KEYCHAIN_RIGHT, 0, NULL, 0 }}; -static AuthorizationRights gAuthSet = { sizeof gAuthorizations / sizeof gAuthorizations[0], gAuthorizations }; - -static CFDictionaryRef CreateRightsDict( CFStringRef prompt) -/* Create a CFDictionary decribing an auth right. See /etc/authorization for examples. */ -/* Specifies that the right requires admin authentication, which persists for 5 minutes. */ -{ - CFMutableDictionaryRef dict = NULL, tmpDict; - CFMutableArrayRef mechanisms; - CFNumberRef timeout; - int val; - - tmpDict = CFDictionaryCreateMutable( (CFAllocatorRef) NULL, 0, &kCFCopyStringDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks); - require( tmpDict != NULL, MakeDictFailed); - - CFDictionaryAddValue(tmpDict, CFSTR("class"), CFSTR("user")); - CFDictionaryAddValue(tmpDict, CFSTR("comment"), prompt); - CFDictionaryAddValue(tmpDict, CFSTR("group"), CFSTR("admin")); - - mechanisms = CFArrayCreateMutable((CFAllocatorRef) NULL, 1, &kCFTypeArrayCallBacks); - require( mechanisms != NULL, MakeArrayFailed); - CFArrayAppendValue( mechanisms, CFSTR("builtin:authenticate")); - CFDictionaryAddValue( tmpDict, CFSTR("mechanisms"), mechanisms); - - val = 300; // seconds - timeout = CFNumberCreate((CFAllocatorRef) NULL, kCFNumberIntType, &val); - require( timeout != NULL, MakeIntFailed); - CFDictionaryAddValue( tmpDict, CFSTR("timeout"), timeout); - CFDictionaryAddValue( tmpDict, CFSTR("shared"), kCFBooleanTrue); - - dict = tmpDict; - tmpDict = NULL; - - CFRelease( timeout); -MakeIntFailed: - CFRelease( mechanisms); -MakeArrayFailed: - if ( tmpDict) - CFRelease( tmpDict); -MakeDictFailed: - return dict; -} - -OSStatus InitConfigAuthority(void) -/* Initialize the authorization record-keeping */ -{ - OSStatus err; - CFDictionaryRef dict; - CFStringRef rightInfo; - - err = AuthorizationCreate((AuthorizationRights*) NULL, (AuthorizationEnvironment*) NULL, - (AuthorizationFlags) 0, &gAuthRef); - require_noerr( err, NewAuthFailed); - - err = AuthorizationRightGet( UPDATE_SC_RIGHT, (CFDictionaryRef*) NULL); - if (err == errAuthorizationDenied) - { - rightInfo = CFCopyLocalizedString(CFSTR("Authentication required to set Dynamic DNS preferences."), - CFSTR("Describes operation that requires user authorization")); - require_action( rightInfo != NULL, GetStrFailed, err=coreFoundationUnknownErr;); - dict = CreateRightsDict(rightInfo); - require_action( dict != NULL, GetStrFailed, err=coreFoundationUnknownErr; CFRelease(rightInfo)); - - err = AuthorizationRightSet(gAuthRef, UPDATE_SC_RIGHT, dict, (CFStringRef) NULL, - (CFBundleRef) NULL, (CFStringRef) NULL); - CFRelease(rightInfo); - CFRelease(dict); - } - require_noerr( err, AuthSetFailed); - - err = AuthorizationRightGet( EDIT_SYS_KEYCHAIN_RIGHT, (CFDictionaryRef*) NULL); - if (err == errAuthorizationDenied) - { - rightInfo = CFCopyLocalizedString( CFSTR("Authentication required to edit System Keychain."), - CFSTR("Describes operation that requires user authorization")); - require_action( rightInfo != NULL, GetStrFailed, err=coreFoundationUnknownErr;); - dict = CreateRightsDict( rightInfo); - require_action( dict != NULL, GetStrFailed, err=coreFoundationUnknownErr; CFRelease(rightInfo)); - - err = AuthorizationRightSet(gAuthRef, EDIT_SYS_KEYCHAIN_RIGHT, dict, (CFStringRef) NULL, - (CFBundleRef) NULL, (CFStringRef) NULL); - CFRelease( rightInfo); - CFRelease( dict); - } - require_noerr( err, AuthSetFailed); - -AuthSetFailed: -GetStrFailed: -NewAuthFailed: - return err; -} - -OSStatus AttemptAcquireAuthority( Boolean allowUI) -/* Try to get permission for privileged ops, either implicitly or by asking the user for */ -/* authority to perform operations (if necessary) */ -{ - AuthorizationFlags allowFlag = allowUI ? kAuthorizationFlagInteractionAllowed : 0; - OSStatus err; - - err = AuthorizationCopyRights( gAuthRef, &gAuthSet, (AuthorizationEnvironment*) NULL, - kAuthorizationFlagExtendRights | kAuthorizationFlagPreAuthorize | - allowFlag, - (AuthorizationRights**) NULL); - return err; -} - -OSStatus ReleaseAuthority(void) -/* Discard authority to perform operations */ -{ - (void) AuthorizationFree( gAuthRef, kAuthorizationFlagDefaults); - gAuthRef = 0; - return AuthorizationCreate( (AuthorizationRights*) NULL, (AuthorizationEnvironment*) NULL, - (AuthorizationFlags) 0, &gAuthRef); -} - -Boolean CurrentlyAuthorized(void) -{ - OSStatus err = AttemptAcquireAuthority(true); - return err == noErr; -} - - -OSStatus ExternalizeAuthority(AuthorizationExternalForm *pAuth) -/* Package up current authorizations for transfer to another process */ -{ - return AuthorizationMakeExternalForm(gAuthRef, pAuth); -} |