/* returns -1 on error. */
int
msg_setauthorization (sip_t * sip, char *hvalue)
{
  authorization_t *authorization;
  int i;

  if (sip == NULL || sip->authorizations == NULL)
    return -1;
  i = authorization_init (&authorization);
  if (i != 0)
    return -1;
  i = authorization_parse (authorization, hvalue);
  if (i != 0)
    {
      authorization_free (authorization);
      sfree (authorization);
      return -1;
    }
#ifdef USE_TMP_BUFFER
  sip->message_property = 2;
#endif
  list_add (sip->authorizations, authorization, -1);
  return 0;
}
int
authorization_clone (authorization_t * auth, authorization_t ** dest)
{
  int i;
  authorization_t *au;

  *dest = NULL;
  if (auth == NULL)
    return -1;
  /* to be removed?
     if (auth->auth_type==NULL) return -1;
     if (auth->username==NULL) return -1;
     if (auth->realm==NULL) return -1;
     if (auth->nonce==NULL) return -1;
     if (auth->uri==NULL) return -1;
     if (auth->response==NULL) return -1;
     if (auth->opaque==NULL) return -1;
   */

  i = authorization_init (&au);
  if (i == -1)			/* allocation failed */
    return -1;
  if (auth->auth_type != NULL)
    {
      au->auth_type = sgetcopy (auth->auth_type);
      if (au->auth_type == NULL)
	goto ac_error;
    }
  if (auth->username != NULL)
    {
      au->username = sgetcopy (auth->username);
      if (au->username == NULL)
	goto ac_error;
    }
  if (auth->realm != NULL)
    {
      au->realm = sgetcopy (auth->realm);
      if (auth->realm == NULL)
	goto ac_error;
    }
  if (auth->nonce != NULL)
    {
      au->nonce = sgetcopy (auth->nonce);
      if (auth->nonce == NULL)
	goto ac_error;
    }
  if (auth->uri != NULL)
    {
      au->uri = sgetcopy (auth->uri);
      if (au->uri == NULL)
	goto ac_error;
    }
  if (auth->response != NULL)
    {
      au->response = sgetcopy (auth->response);
      if (auth->response == NULL)
	goto ac_error;
    }
  if (auth->digest != NULL)
    {
      au->digest = sgetcopy (auth->digest);
      if (au->digest == NULL)
	goto ac_error;
    }
  if (auth->algorithm != NULL)
    {
      au->algorithm = sgetcopy (auth->algorithm);
      if (auth->algorithm == NULL)
	goto ac_error;
    }
  if (auth->cnonce != NULL)
    {
      au->cnonce = sgetcopy (auth->cnonce);
      if (au->cnonce == NULL)
	goto ac_error;
    }
  if (auth->opaque != NULL)
    {
      au->opaque = sgetcopy (auth->opaque);
      if (auth->opaque == NULL)
	goto ac_error;
    }
  if (auth->message_qop != NULL)
    {
      au->message_qop = sgetcopy (auth->message_qop);
      if (auth->message_qop == NULL)
	goto ac_error;
    }
  if (auth->nonce_count != NULL)
    {
      au->nonce_count = sgetcopy (auth->nonce_count);
      if (auth->nonce_count == NULL)
	goto ac_error;
    }

  *dest = au;
  return 0;

ac_error:
  authorization_free (au);
  sfree (au);
  return -1;
}
Ejemplo n.º 3
0
static void
security_auth_peer_event_handler(xpc_connection_t connection, xpc_object_t event)
{
    __block OSStatus status = errAuthorizationDenied;
    
    connection_t conn = (connection_t)xpc_connection_get_context(connection);
    require_action(conn != NULL, done, LOGE("xpc[%i]: process context not found", xpc_connection_get_pid(connection)));

    CFRetainSafe(conn);

    xpc_type_t type = xpc_get_type(event);

	if (type == XPC_TYPE_ERROR) {
		if (event == XPC_ERROR_CONNECTION_INVALID) {
			// The client process on the other end of the connection has either
			// crashed or cancelled the connection. After receiving this error,
			// the connection is in an invalid state, and you do not need to
			// call xpc_connection_cancel(). Just tear down any associated state
			// here.
            LOGV("xpc[%i]: client disconnected", xpc_connection_get_pid(connection));
            connection_destory_agents(conn);
		} else if (event == XPC_ERROR_TERMINATION_IMMINENT) {
			// Handle per-connection termination cleanup.
            LOGD("xpc[%i]: per-connection termination", xpc_connection_get_pid(connection));
		}
	} else {
		assert(type == XPC_TYPE_DICTIONARY);
        
        xpc_object_t reply = xpc_dictionary_create_reply(event);
        require(reply != NULL, done);
        
        uint64_t auth_type = xpc_dictionary_get_uint64(event, AUTH_XPC_TYPE);
        LOGV("xpc[%i]: received message type=%llu", connection_get_pid(conn), auth_type);
        
        switch (auth_type) {
            case AUTHORIZATION_CREATE:
                status = authorization_create(conn,event,reply);
                break;
            case AUTHORIZATION_CREATE_WITH_AUDIT_TOKEN:
                status = authorization_create_with_audit_token(conn,event,reply);
                break;
            case AUTHORIZATION_FREE:
                status = authorization_free(conn,event,reply);
                break;
            case AUTHORIZATION_COPY_RIGHTS:
                status = authorization_copy_rights(conn,event,reply);
                break;
            case AUTHORIZATION_COPY_INFO:
                status = authorization_copy_info(conn,event,reply);
                break;
            case AUTHORIZATION_MAKE_EXTERNAL_FORM:
                status = authorization_make_external_form(conn,event,reply);
                break;
            case AUTHORIZATION_CREATE_FROM_EXTERNAL_FORM:
                status = authorization_create_from_external_form(conn,event,reply);
                break;
            case AUTHORIZATION_RIGHT_GET:
                status = authorization_right_get(conn,event,reply);
                break;
            case AUTHORIZATION_RIGHT_SET:
                status = authorization_right_set(conn,event,reply);
                break;
            case AUTHORIZATION_RIGHT_REMOVE:
                status = authorization_right_remove(conn,event,reply);
                break;
            case SESSION_SET_USER_PREFERENCES:
                status = session_set_user_preferences(conn,event,reply);
                break;
            case AUTHORIZATION_DISMISS:
                connection_destory_agents(conn);
                status = errAuthorizationSuccess;
                break;
            case AUTHORIZATION_ENABLE_SMARTCARD:
                status = authorization_enable_smartcard(conn,event,reply);
                break;
            case AUTHORIZATION_SETUP:
                {
                    mach_port_t bootstrap = xpc_dictionary_copy_mach_send(event, AUTH_XPC_BOOTSTRAP);
                    if (!process_set_bootstrap(connection_get_process(conn), bootstrap)) {
                        if (bootstrap != MACH_PORT_NULL) {
                            mach_port_deallocate(mach_task_self(), bootstrap);
                        }
                    }
                }
                status = errAuthorizationSuccess;
                break;
#if DEBUG
            case AUTHORIZATION_DEV:
                server_dev();
                break;
#endif
            default:
                break;
        }

        xpc_dictionary_set_int64(reply, AUTH_XPC_STATUS, status);
        xpc_connection_send_message(connection, reply);
        xpc_release(reply);
	}

done:
    CFReleaseSafe(conn);
}