static int S_bsdp_get_packet(mach_port_t server, int argc, char * argv[]) { CFDictionaryRef chosen = NULL; struct dhcp * dhcp; int length; CFDataRef response = NULL; int ret = 1; if (getuid() != 0) { return (EX_NOPERM); } chosen = myIORegistryEntryCopyValue("IODeviceTree:/chosen"); if (chosen == NULL) { goto done; } response = CFDictionaryGetValue(chosen, CFSTR("bsdp-response")); if (isA_CFData(response) == NULL) { response = CFDictionaryGetValue(chosen, CFSTR("bootp-response")); if (isA_CFData(response) == NULL) { goto done; } } /* ALIGN: CFDataGetBytePtr is aligned to at least sizeof(uint64) */ dhcp = (struct dhcp *)(void *)CFDataGetBytePtr(response); length = (int)CFDataGetLength(response); bsdp_print_packet(dhcp, length, 0); ret = 0; done: if (chosen != NULL) { CFRelease(chosen); } return (ret); }
STATIC bool load_DUID_info(void) { CFDataRef duid; CFDictionaryRef duid_ia; CFDataRef host_uuid; CFArrayRef ia_list; duid_ia = my_CFPropertyListCreateFromFile(DUID_IA_FILE); if (isA_CFDictionary(duid_ia) == NULL) { goto done; } duid = CFDictionaryGetValue(duid_ia, kDUIDKey); if (isA_CFData(duid) == NULL) { goto done; } ia_list = CFDictionaryGetValue(duid_ia, kIAIDListKey); ia_list = isA_CFArray(ia_list); if (ia_list != NULL) { int count; int i; count = CFArrayGetCount(ia_list); for (i = 0; i < count; i++) { CFStringRef name = CFArrayGetValueAtIndex(ia_list, i); if (isA_CFString(name) == NULL) { /* invalid property */ ia_list = NULL; break; } } } host_uuid = CFDictionaryGetValue(duid_ia, kHostUUIDKey); if (isA_CFData(host_uuid) != NULL && CFDataGetLength(host_uuid) == sizeof(uuid_t)) { CFDataRef our_UUID; our_UUID = HostUUIDGet(); if (our_UUID != NULL && CFEqual(host_uuid, our_UUID) == FALSE) { syslog(LOG_NOTICE, "DHCPDUID: ignoring DUID - host UUID doesn't match"); goto done; } } S_DUID = CFRetain(duid); if (ia_list != NULL) { S_IAIDList = CFArrayCreateMutableCopy(NULL, 0, ia_list); } done: my_CFRelease(&duid_ia); return (S_DUID != NULL); }
STATIC CFDataRef CGAModifierDictGetModifier(CFDictionaryRef dict, uint8_t * security_level) { CFDataRef modifier = NULL; *security_level = 0; if (isA_CFDictionary(dict) != NULL) { modifier = CFDictionaryGetValue(dict, kModifier); modifier = isA_CFData(modifier); if (modifier != NULL) { if (CFDataGetLength(modifier) != IN6_CGA_MODIFIER_LENGTH) { modifier = NULL; } else { CFNumberRef level; level = CFDictionaryGetValue(dict, kSecurityLevel); if (isA_CFNumber(level) != NULL) { CFNumberGetValue(level, kCFNumberSInt8Type, security_level); } } } } return (modifier); }
EAPOLClientItemIDRef EAPOLClientItemIDCreateWithDictionary(EAPOLClientConfigurationRef cfg, CFDictionaryRef dict) { CFStringRef domain; EAPOLClientProfileRef profile; CFStringRef profileID; CFDataRef ssid; if (isA_CFDictionary(dict) == NULL) { return (NULL); } profileID = CFDictionaryGetValue(dict, kItemProfileID); if (isA_CFString(profileID) != NULL) { if (cfg != NULL) { profile = EAPOLClientConfigurationGetProfileWithID(cfg, profileID); if (profile != NULL) { return (EAPOLClientItemIDCreateWithProfile(profile)); } } return (EAPOLClientItemIDCreateWithProfileID(profileID)); } ssid = CFDictionaryGetValue(dict, kItemSSID); if (isA_CFData(ssid) != NULL) { if (cfg != NULL) { profile = EAPOLClientConfigurationGetProfileWithWLANSSID(cfg, ssid); if (profile != NULL) { return (EAPOLClientItemIDCreateWithProfile(profile)); } } return (EAPOLClientItemIDCreateWithWLANSSID(ssid)); } domain = CFDictionaryGetValue(dict, kItemDomain); if (isA_CFString(domain) != NULL) { if (cfg != NULL) { profile = EAPOLClientConfigurationGetProfileWithWLANDomain(cfg, domain); if (profile != NULL) { return (EAPOLClientItemIDCreateWithProfile(profile)); } } return (EAPOLClientItemIDCreateWithWLANDomain(domain)); } if (CFDictionaryGetValue(dict, kItemDefault) != NULL) { return (EAPOLClientItemIDCreateDefault()); } return (NULL); }
static CFDataRef __copy_legacy_password(CFTypeRef password) { if (password == NULL) { return NULL; } if (isA_CFData(password)) { CFIndex n; n = CFDataGetLength(password); if ((n % sizeof(UniChar)) == 0) { CFStringEncoding encoding; CFStringRef str; #if __BIG_ENDIAN__ encoding = (*(CFDataGetBytePtr(password) + 1) == 0x00) ? kCFStringEncodingUTF16LE : kCFStringEncodingUTF16BE; #else // __LITTLE_ENDIAN__ encoding = (*(CFDataGetBytePtr(password) ) == 0x00) ? kCFStringEncodingUTF16BE : kCFStringEncodingUTF16LE; #endif str = CFStringCreateWithBytes(NULL, (const UInt8 *)CFDataGetBytePtr(password), n, encoding, FALSE); password = CFStringCreateExternalRepresentation(NULL, str, kCFStringEncodingUTF8, 0); CFRelease(str); } else { password = NULL; } } else if (isA_CFString(password) && (CFStringGetLength(password) > 0)) { // convert password to CFData password = CFStringCreateExternalRepresentation(NULL, password, kCFStringEncodingUTF8, 0); } else { password = NULL; } return password; }
static Boolean __SCPreferencesAccess_helper(SCPreferencesRef prefs) { Boolean ok; SCPreferencesPrivateRef prefsPrivate = (SCPreferencesPrivateRef)prefs; CFDictionaryRef serverDict = NULL; CFDictionaryRef serverPrefs = NULL; CFDictionaryRef serverSignature = NULL; uint32_t status = kSCStatusOK; CFDataRef reply = NULL; if (prefsPrivate->helper_port == MACH_PORT_NULL) { ok = __SCPreferencesCreate_helper(prefs); if (!ok) { return FALSE; } } // have the helper "access" the prefs ok = _SCHelperExec(prefsPrivate->helper_port, SCHELPER_MSG_PREFS_ACCESS, NULL, &status, &reply); if (!ok) { goto fail; } if (status != kSCStatusOK) { goto error; } if (reply == NULL) { goto fail; } ok = _SCUnserialize((CFPropertyListRef *)&serverDict, reply, NULL, 0); CFRelease(reply); if (!ok) { goto fail; } if (isA_CFDictionary(serverDict)) { serverPrefs = CFDictionaryGetValue(serverDict, CFSTR("preferences")); serverPrefs = isA_CFDictionary(serverPrefs); serverSignature = CFDictionaryGetValue(serverDict, CFSTR("signature")); serverSignature = isA_CFData(serverSignature); } if ((serverPrefs == NULL) || (serverSignature == NULL)) { if (serverDict != NULL) CFRelease(serverDict); goto fail; } prefsPrivate->prefs = CFDictionaryCreateMutableCopy(NULL, 0, serverPrefs); prefsPrivate->signature = CFRetain(serverSignature); prefsPrivate->accessed = TRUE; CFRelease(serverDict); return TRUE; fail : // close helper if (prefsPrivate->helper_port != MACH_PORT_NULL) { _SCHelperClose(&prefsPrivate->helper_port); } status = kSCStatusAccessError; error : // return error _SCErrorSet(status); return FALSE; }
static int S_bsdp_option(mach_port_t server, int argc, char * argv[]) { CFDictionaryRef chosen = NULL; void * data = NULL; int data_len; struct dhcp * dhcp; int length; dhcpol_t options; CFDataRef response = NULL; int ret = 1; int tag = 0; dhcpol_t vendor_options; int vendor_tag = 0; if (getuid() != 0) { return (EX_NOPERM); } chosen = myIORegistryEntryCopyValue("IODeviceTree:/chosen"); if (chosen == NULL) { goto done; } response = CFDictionaryGetValue(chosen, CFSTR("bsdp-response")); if (isA_CFData(response) == NULL) { response = CFDictionaryGetValue(chosen, CFSTR("bootp-response")); if (isA_CFData(response) == NULL) { goto done; } } /* ALIGN: CFDataGetBytePtr is aligned to at least sizeof(uint64) */ dhcp = (struct dhcp *)(void *)CFDataGetBytePtr(response); length = (int)CFDataGetLength(response); if (dhcpol_parse_packet(&options, dhcp, length, NULL) == FALSE) { goto done; } if (strcmp(argv[0], SHADOW_MOUNT_PATH_COMMAND) == 0) { tag = dhcptag_vendor_specific_e; vendor_tag = bsdptag_shadow_mount_path_e; } else if (strcmp(argv[0], SHADOW_FILE_PATH_COMMAND) == 0) { tag = dhcptag_vendor_specific_e; vendor_tag = bsdptag_shadow_file_path_e; } else if (strcmp(argv[0], MACHINE_NAME_COMMAND) == 0) { tag = dhcptag_vendor_specific_e; vendor_tag = bsdptag_machine_name_e; } else { tag = atoi(argv[0]); if (argc == 2) { vendor_tag = atoi(argv[1]); } } if (tag == dhcptag_vendor_specific_e && vendor_tag != 0) { if (dhcpol_parse_vendor(&vendor_options, &options, NULL) == FALSE) { goto done; } data = dhcpol_option_copy(&vendor_options, vendor_tag, &data_len); if (data != NULL) { dhcptype_print(bsdptag_type(vendor_tag), data, data_len); ret = 0; } dhcpol_free(&vendor_options); } else { const dhcptag_info_t * entry; entry = dhcptag_info(tag); if (entry == NULL) { goto done; } data = dhcpol_option_copy(&options, tag, &data_len); if (data != NULL) { dhcptype_print(entry->type, data, data_len); ret = 0; } } done: if (data != NULL) { free(data); } if (chosen != NULL) { CFRelease(chosen); } return (ret); }
STATIC bool CGAParametersLoad(CFDataRef host_uuid) { CFDictionaryRef keys_info = NULL; CFDictionaryRef global_modifier = NULL; CFDictionaryRef linklocal_modifiers = NULL; CFDictionaryRef parameters = NULL; CFDataRef modifier = NULL; CFDataRef plist_host_uuid; CFDataRef priv; CFDataRef pub; uint8_t security_level; /* load CGA persistent information */ parameters = my_CFPropertyListCreateFromFile(CGA_FILE); if (isA_CFDictionary(parameters) == NULL) { if (parameters != NULL) { my_log_fl(LOG_NOTICE, "%s is not a dictionary", CGA_FILE); } goto done; } /* make sure that HostUUID matches */ plist_host_uuid = CFDictionaryGetValue(parameters, kHostUUID); if (isA_CFData(plist_host_uuid) == NULL || !CFEqual(plist_host_uuid, host_uuid)) { my_log_fl(LOG_NOTICE, "%@ missing/invalid", kHostUUID); goto done; } /* global modifier */ global_modifier = CFDictionaryGetValue(parameters, kGlobalModifier); if (global_modifier != NULL) { modifier = CGAModifierDictGetModifier(global_modifier, &security_level); } if (modifier == NULL) { global_modifier = NULL; my_log_fl(LOG_NOTICE, "%@ missing/invalid", kGlobalModifier); goto done; } /* load CGA keys */ keys_info = my_CFPropertyListCreateFromFile(CGA_KEYS_FILE); if (isA_CFDictionary(keys_info) == NULL) { if (keys_info != NULL) { my_log_fl(LOG_NOTICE, "%s is not a dictionary", CGA_KEYS_FILE); } goto done; } /* private key */ priv = CFDictionaryGetValue(keys_info, kPrivateKey); if (isA_CFData(priv) == NULL) { my_log_fl(LOG_NOTICE, "%@ missing/invalid", kPrivateKey); goto done; } /* public key */ pub = CFDictionaryGetValue(keys_info, kPublicKey); if (isA_CFData(pub) == NULL) { my_log_fl(LOG_NOTICE, "%@ missing/invalid", kPublicKey); goto done; } /* set CGA parameters in the kernel */ if (cga_parameters_set(priv, pub, modifier, security_level) == FALSE) { my_log_fl(LOG_NOTICE, "cga_parameters_set failed"); goto failed; } /* linklocal modifiers */ linklocal_modifiers = CFDictionaryGetValue(parameters, kLinkLocalModifiers); if (linklocal_modifiers != NULL && isA_CFDictionary(linklocal_modifiers) == NULL) { my_log_fl(LOG_NOTICE, "%s is not a dictionary", kLinkLocalModifiers); linklocal_modifiers = NULL; } done: if (global_modifier != NULL) { S_GlobalModifier = CFRetain(global_modifier); } else { global_modifier = CGAParametersCreate(host_uuid); if (global_modifier == NULL) { goto failed; } S_GlobalModifier = global_modifier; } if (linklocal_modifiers != NULL) { /* make a copy of the existing one */ S_LinkLocalModifiers = CFDictionaryCreateMutableCopy(NULL, 0, linklocal_modifiers); remove_old_linklocal_modifiers(S_LinkLocalModifiers); } else { /* create an empty modifiers dictionary */ S_LinkLocalModifiers = CFDictionaryCreateMutable(NULL, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks); } failed: my_CFRelease(&keys_info); my_CFRelease(¶meters); return (S_GlobalModifier != NULL); }
PRIVATE_EXTERN EAPOLClientProfileRef EAPOLClientProfileCreateWithDictAndProfileID(CFDictionaryRef dict, CFStringRef profileID) { CFAllocatorRef alloc = CFGetAllocator(dict); CFArrayRef accept_types; CFDictionaryRef information; CFStringRef domain = NULL; CFDictionaryRef eap_config; EAPOLClientProfileRef profile; CFStringRef security_type = NULL; CFStringRef user_defined_name; CFDataRef ssid = NULL; CFDictionaryRef wlan; eap_config = CFDictionaryGetValue(dict, kProfileKeyAuthenticationProperties); if (isA_CFDictionary(eap_config) == NULL || CFDictionaryGetCount(eap_config) == 0) { SCLog(TRUE, LOG_NOTICE, CFSTR("EAPOLClientConfiguration: profile %@" " missing/invalid %@ property"), profileID, kProfileKeyAuthenticationProperties); return (NULL); } accept_types = CFDictionaryGetValue(eap_config, kEAPClientPropAcceptEAPTypes); if (accept_types_valid(accept_types) == FALSE) { SCLog(TRUE, LOG_NOTICE, CFSTR("EAPOLClientConfiguration: profile %@" " missing/invalid %@ property in %@"), profileID, kEAPClientPropAcceptEAPTypes, kProfileKeyAuthenticationProperties); return (NULL); } wlan = CFDictionaryGetValue(dict, kProfileKeyWLAN); if (wlan != NULL) { if (isA_CFDictionary(wlan) == NULL) { SCLog(TRUE, LOG_NOTICE, CFSTR("EAPOLClientConfiguration: profile %@" " invalid %@ property"), profileID, kProfileKeyWLAN); return (NULL); } ssid = CFDictionaryGetValue(wlan, kProfileKeyWLANSSID); domain = CFDictionaryGetValue(wlan, kProfileKeyWLANDomain); if (isA_CFData(ssid) == NULL && isA_CFString(domain) == NULL) { SCLog(TRUE, LOG_NOTICE, CFSTR("EAPOLClientConfiguration: profile %@" " invalid/missing property (%@ or %@) in %@"), profileID, kProfileKeyWLANSSID, kProfileKeyWLANDomain, kProfileKeyWLAN); return (NULL); } if (ssid != NULL) { security_type = CFDictionaryGetValue(wlan, kProfileKeyWLANSecurityType); if (isA_CFString(security_type) == NULL) { SCLog(TRUE, LOG_NOTICE, CFSTR("EAPOLClientConfiguration: profile %@" " invalid/missing %@ property in %@"), profileID, kProfileKeyWLANSecurityType, kProfileKeyWLAN); return (NULL); } } } user_defined_name = CFDictionaryGetValue(dict, kProfileKeyUserDefinedName); if (user_defined_name != NULL && isA_CFString(user_defined_name) == NULL) { SCLog(TRUE, LOG_NOTICE, CFSTR("EAPOLClientConfiguration: profile %@" " invalid %@ property"), profileID, kProfileKeyUserDefinedName); return (NULL); } information = CFDictionaryGetValue(dict, kProfileKeyInformation); if (information != NULL && isA_CFDictionary(information) == NULL) { SCLog(TRUE, LOG_NOTICE, CFSTR("EAPOLClientConfiguration: profile %@" " invalid %@ property"), profileID, kProfileKeyInformation); return (NULL); } /* allocate/set an EAPOLClientProfileRef */ profile = __EAPOLClientProfileAllocate(alloc); if (profile == NULL) { return (NULL); } profile->uuid = CFRetain(profileID); EAPOLClientProfileSetUserDefinedName(profile, user_defined_name); EAPOLClientProfileSetAuthenticationProperties(profile, eap_config); if (ssid != NULL) { EAPOLClientProfileSetWLANSSIDAndSecurityType(profile, ssid, security_type); } else if (domain != NULL) { EAPOLClientProfileSetWLANDomain(profile, domain); } if (information != NULL) { profile->information = CFDictionaryCreateMutableCopy(NULL, 0, information); } return (profile); }
/* * Function: DHCPLeaseCreateWithDictionary * Purpose: * Instantiate a new DHCPLease structure corresponding to the given * dictionary. Validates that required properties are present, * returns NULL if those checks fail. */ static DHCPLeaseRef DHCPLeaseCreateWithDictionary(CFDictionaryRef dict, bool is_wifi) { CFDataRef hwaddr_data; dhcp_lease_time_t lease_time; DHCPLeaseRef lease_p; CFDataRef pkt_data; CFRange pkt_data_range; struct in_addr * router_p; CFStringRef ssid = NULL; CFDateRef start_date; dhcp_lease_time_t t1_time; dhcp_lease_time_t t2_time; /* get the lease start time */ start_date = CFDictionaryGetValue(dict, kLeaseStartDate); if (isA_CFDate(start_date) == NULL) { goto failed; } /* get the packet data */ pkt_data = CFDictionaryGetValue(dict, kPacketData); if (isA_CFData(pkt_data) == NULL) { goto failed; } /* if Wi-Fi, get the SSID */ if (is_wifi) { ssid = CFDictionaryGetValue(dict, kSSID); if (isA_CFString(ssid) == NULL) { goto failed; } } pkt_data_range.location = 0; pkt_data_range.length = CFDataGetLength(pkt_data); if (pkt_data_range.length < sizeof(struct dhcp)) { goto failed; } lease_p = (DHCPLeaseRef) malloc(offsetof(DHCPLease, pkt) + pkt_data_range.length); bzero(lease_p, offsetof(DHCPLease, pkt)); /* copy the packet data */ CFDataGetBytes(pkt_data, pkt_data_range, lease_p->pkt); lease_p->pkt_length = (int)pkt_data_range.length; /* get the lease information and router IP address */ lease_p->lease_start = (absolute_time_t)CFDateGetAbsoluteTime(start_date); { /* parse/retrieve options */ dhcpol_t options; (void)dhcpol_parse_packet(&options, (void *)lease_p->pkt, (int)pkt_data_range.length, NULL); dhcp_get_lease_from_options(&options, &lease_time, &t1_time, &t2_time); router_p = dhcp_get_router_from_options(&options, lease_p->our_ip); dhcpol_free(&options); } lease_p->lease_length = lease_time; /* get the IP address */ /* ALIGN: lease_p->pkt is aligned, cast ok. */ lease_p->our_ip = ((struct dhcp *)(void *)lease_p->pkt)->dp_yiaddr; /* get the router information */ if (router_p != NULL) { CFRange hwaddr_range; lease_p->router_ip = *router_p; /* get the router hardware address */ hwaddr_data = CFDictionaryGetValue(dict, kRouterHardwareAddress); hwaddr_range.length = 0; if (isA_CFData(hwaddr_data) != NULL) { hwaddr_range.length = CFDataGetLength(hwaddr_data); } if (hwaddr_range.length > 0) { hwaddr_range.location = 0; if (hwaddr_range.length > sizeof(lease_p->router_hwaddr)) { hwaddr_range.length = sizeof(lease_p->router_hwaddr); } lease_p->router_hwaddr_length = (int)hwaddr_range.length; CFDataGetBytes(hwaddr_data, hwaddr_range, lease_p->router_hwaddr); } } if (ssid != NULL) { CFRetain(ssid); lease_p->ssid = ssid; } return (lease_p); failed: return (NULL); }