static int
S_bsdp_get_packet(mach_port_t server, int argc, char * argv[])
{
CFDictionaryRef chosen = NULL;
struct dhcp * dhcp;
int length;
CFDataRef response = NULL;
int ret = 1;
if (getuid() != 0) {
return (EX_NOPERM);
}
chosen = myIORegistryEntryCopyValue("IODeviceTree:/chosen");
if (chosen == NULL) {
goto done;
}
response = CFDictionaryGetValue(chosen, CFSTR("bsdp-response"));
if (isA_CFData(response) == NULL) {
response = CFDictionaryGetValue(chosen, CFSTR("bootp-response"));
if (isA_CFData(response) == NULL) {
goto done;
}
}
/* ALIGN: CFDataGetBytePtr is aligned to at least sizeof(uint64) */
dhcp = (struct dhcp *)(void *)CFDataGetBytePtr(response);
length = (int)CFDataGetLength(response);
bsdp_print_packet(dhcp, length, 0);
ret = 0;
done:
if (chosen != NULL) {
CFRelease(chosen);
}
return (ret);
}
STATIC bool
load_DUID_info(void)
{
CFDataRef duid;
CFDictionaryRef duid_ia;
CFDataRef host_uuid;
CFArrayRef ia_list;
duid_ia = my_CFPropertyListCreateFromFile(DUID_IA_FILE);
if (isA_CFDictionary(duid_ia) == NULL) {
goto done;
}
duid = CFDictionaryGetValue(duid_ia, kDUIDKey);
if (isA_CFData(duid) == NULL) {
goto done;
}
ia_list = CFDictionaryGetValue(duid_ia, kIAIDListKey);
ia_list = isA_CFArray(ia_list);
if (ia_list != NULL) {
int count;
int i;
count = CFArrayGetCount(ia_list);
for (i = 0; i < count; i++) {
CFStringRef name = CFArrayGetValueAtIndex(ia_list, i);
if (isA_CFString(name) == NULL) {
/* invalid property */
ia_list = NULL;
break;
}
}
}
host_uuid = CFDictionaryGetValue(duid_ia, kHostUUIDKey);
if (isA_CFData(host_uuid) != NULL
&& CFDataGetLength(host_uuid) == sizeof(uuid_t)) {
CFDataRef our_UUID;
our_UUID = HostUUIDGet();
if (our_UUID != NULL && CFEqual(host_uuid, our_UUID) == FALSE) {
syslog(LOG_NOTICE,
"DHCPDUID: ignoring DUID - host UUID doesn't match");
goto done;
}
}
S_DUID = CFRetain(duid);
if (ia_list != NULL) {
S_IAIDList = CFArrayCreateMutableCopy(NULL, 0, ia_list);
}
done:
my_CFRelease(&duid_ia);
return (S_DUID != NULL);
}
STATIC CFDataRef
CGAModifierDictGetModifier(CFDictionaryRef dict, uint8_t * security_level)
{
CFDataRef modifier = NULL;
*security_level = 0;
if (isA_CFDictionary(dict) != NULL) {
modifier = CFDictionaryGetValue(dict, kModifier);
modifier = isA_CFData(modifier);
if (modifier != NULL) {
if (CFDataGetLength(modifier) != IN6_CGA_MODIFIER_LENGTH) {
modifier = NULL;
}
else {
CFNumberRef level;
level = CFDictionaryGetValue(dict, kSecurityLevel);
if (isA_CFNumber(level) != NULL) {
CFNumberGetValue(level, kCFNumberSInt8Type, security_level);
}
}
}
}
return (modifier);
}
EAPOLClientItemIDRef
EAPOLClientItemIDCreateWithDictionary(EAPOLClientConfigurationRef cfg,
CFDictionaryRef dict)
{
CFStringRef domain;
EAPOLClientProfileRef profile;
CFStringRef profileID;
CFDataRef ssid;
if (isA_CFDictionary(dict) == NULL) {
return (NULL);
}
profileID = CFDictionaryGetValue(dict, kItemProfileID);
if (isA_CFString(profileID) != NULL) {
if (cfg != NULL) {
profile = EAPOLClientConfigurationGetProfileWithID(cfg, profileID);
if (profile != NULL) {
return (EAPOLClientItemIDCreateWithProfile(profile));
}
}
return (EAPOLClientItemIDCreateWithProfileID(profileID));
}
ssid = CFDictionaryGetValue(dict, kItemSSID);
if (isA_CFData(ssid) != NULL) {
if (cfg != NULL) {
profile = EAPOLClientConfigurationGetProfileWithWLANSSID(cfg, ssid);
if (profile != NULL) {
return (EAPOLClientItemIDCreateWithProfile(profile));
}
}
return (EAPOLClientItemIDCreateWithWLANSSID(ssid));
}
domain = CFDictionaryGetValue(dict, kItemDomain);
if (isA_CFString(domain) != NULL) {
if (cfg != NULL) {
profile
= EAPOLClientConfigurationGetProfileWithWLANDomain(cfg,
domain);
if (profile != NULL) {
return (EAPOLClientItemIDCreateWithProfile(profile));
}
}
return (EAPOLClientItemIDCreateWithWLANDomain(domain));
}
if (CFDictionaryGetValue(dict, kItemDefault) != NULL) {
return (EAPOLClientItemIDCreateDefault());
}
return (NULL);
}
static CFDataRef
__copy_legacy_password(CFTypeRef password)
{
if (password == NULL) {
return NULL;
}
if (isA_CFData(password)) {
CFIndex n;
n = CFDataGetLength(password);
if ((n % sizeof(UniChar)) == 0) {
CFStringEncoding encoding;
CFStringRef str;
#if __BIG_ENDIAN__
encoding = (*(CFDataGetBytePtr(password) + 1) == 0x00) ? kCFStringEncodingUTF16LE : kCFStringEncodingUTF16BE;
#else // __LITTLE_ENDIAN__
encoding = (*(CFDataGetBytePtr(password) ) == 0x00) ? kCFStringEncodingUTF16BE : kCFStringEncodingUTF16LE;
#endif
str = CFStringCreateWithBytes(NULL,
(const UInt8 *)CFDataGetBytePtr(password),
n,
encoding,
FALSE);
password = CFStringCreateExternalRepresentation(NULL,
str,
kCFStringEncodingUTF8,
0);
CFRelease(str);
} else {
password = NULL;
}
} else if (isA_CFString(password) && (CFStringGetLength(password) > 0)) {
// convert password to CFData
password = CFStringCreateExternalRepresentation(NULL,
password,
kCFStringEncodingUTF8,
0);
} else {
password = NULL;
}
return password;
}
static Boolean
__SCPreferencesAccess_helper(SCPreferencesRef prefs)
{
Boolean ok;
SCPreferencesPrivateRef prefsPrivate = (SCPreferencesPrivateRef)prefs;
CFDictionaryRef serverDict = NULL;
CFDictionaryRef serverPrefs = NULL;
CFDictionaryRef serverSignature = NULL;
uint32_t status = kSCStatusOK;
CFDataRef reply = NULL;
if (prefsPrivate->helper_port == MACH_PORT_NULL) {
ok = __SCPreferencesCreate_helper(prefs);
if (!ok) {
return FALSE;
}
}
// have the helper "access" the prefs
ok = _SCHelperExec(prefsPrivate->helper_port,
SCHELPER_MSG_PREFS_ACCESS,
NULL,
&status,
&reply);
if (!ok) {
goto fail;
}
if (status != kSCStatusOK) {
goto error;
}
if (reply == NULL) {
goto fail;
}
ok = _SCUnserialize((CFPropertyListRef *)&serverDict, reply, NULL, 0);
CFRelease(reply);
if (!ok) {
goto fail;
}
if (isA_CFDictionary(serverDict)) {
serverPrefs = CFDictionaryGetValue(serverDict, CFSTR("preferences"));
serverPrefs = isA_CFDictionary(serverPrefs);
serverSignature = CFDictionaryGetValue(serverDict, CFSTR("signature"));
serverSignature = isA_CFData(serverSignature);
}
if ((serverPrefs == NULL) || (serverSignature == NULL)) {
if (serverDict != NULL) CFRelease(serverDict);
goto fail;
}
prefsPrivate->prefs = CFDictionaryCreateMutableCopy(NULL, 0, serverPrefs);
prefsPrivate->signature = CFRetain(serverSignature);
prefsPrivate->accessed = TRUE;
CFRelease(serverDict);
return TRUE;
fail :
// close helper
if (prefsPrivate->helper_port != MACH_PORT_NULL) {
_SCHelperClose(&prefsPrivate->helper_port);
}
status = kSCStatusAccessError;
error :
// return error
_SCErrorSet(status);
return FALSE;
}
static int
S_bsdp_option(mach_port_t server, int argc, char * argv[])
{
CFDictionaryRef chosen = NULL;
void * data = NULL;
int data_len;
struct dhcp * dhcp;
int length;
dhcpol_t options;
CFDataRef response = NULL;
int ret = 1;
int tag = 0;
dhcpol_t vendor_options;
int vendor_tag = 0;
if (getuid() != 0) {
return (EX_NOPERM);
}
chosen = myIORegistryEntryCopyValue("IODeviceTree:/chosen");
if (chosen == NULL) {
goto done;
}
response = CFDictionaryGetValue(chosen, CFSTR("bsdp-response"));
if (isA_CFData(response) == NULL) {
response = CFDictionaryGetValue(chosen, CFSTR("bootp-response"));
if (isA_CFData(response) == NULL) {
goto done;
}
}
/* ALIGN: CFDataGetBytePtr is aligned to at least sizeof(uint64) */
dhcp = (struct dhcp *)(void *)CFDataGetBytePtr(response);
length = (int)CFDataGetLength(response);
if (dhcpol_parse_packet(&options, dhcp, length, NULL) == FALSE) {
goto done;
}
if (strcmp(argv[0], SHADOW_MOUNT_PATH_COMMAND) == 0) {
tag = dhcptag_vendor_specific_e;
vendor_tag = bsdptag_shadow_mount_path_e;
}
else if (strcmp(argv[0], SHADOW_FILE_PATH_COMMAND) == 0) {
tag = dhcptag_vendor_specific_e;
vendor_tag = bsdptag_shadow_file_path_e;
}
else if (strcmp(argv[0], MACHINE_NAME_COMMAND) == 0) {
tag = dhcptag_vendor_specific_e;
vendor_tag = bsdptag_machine_name_e;
}
else {
tag = atoi(argv[0]);
if (argc == 2) {
vendor_tag = atoi(argv[1]);
}
}
if (tag == dhcptag_vendor_specific_e && vendor_tag != 0) {
if (dhcpol_parse_vendor(&vendor_options, &options, NULL) == FALSE) {
goto done;
}
data = dhcpol_option_copy(&vendor_options, vendor_tag, &data_len);
if (data != NULL) {
dhcptype_print(bsdptag_type(vendor_tag), data, data_len);
ret = 0;
}
dhcpol_free(&vendor_options);
}
else {
const dhcptag_info_t * entry;
entry = dhcptag_info(tag);
if (entry == NULL) {
goto done;
}
data = dhcpol_option_copy(&options, tag, &data_len);
if (data != NULL) {
dhcptype_print(entry->type, data, data_len);
ret = 0;
}
}
done:
if (data != NULL) {
free(data);
}
if (chosen != NULL) {
CFRelease(chosen);
}
return (ret);
}
STATIC bool
CGAParametersLoad(CFDataRef host_uuid)
{
CFDictionaryRef keys_info = NULL;
CFDictionaryRef global_modifier = NULL;
CFDictionaryRef linklocal_modifiers = NULL;
CFDictionaryRef parameters = NULL;
CFDataRef modifier = NULL;
CFDataRef plist_host_uuid;
CFDataRef priv;
CFDataRef pub;
uint8_t security_level;
/* load CGA persistent information */
parameters = my_CFPropertyListCreateFromFile(CGA_FILE);
if (isA_CFDictionary(parameters) == NULL) {
if (parameters != NULL) {
my_log_fl(LOG_NOTICE, "%s is not a dictionary", CGA_FILE);
}
goto done;
}
/* make sure that HostUUID matches */
plist_host_uuid = CFDictionaryGetValue(parameters, kHostUUID);
if (isA_CFData(plist_host_uuid) == NULL
|| !CFEqual(plist_host_uuid, host_uuid)) {
my_log_fl(LOG_NOTICE, "%@ missing/invalid", kHostUUID);
goto done;
}
/* global modifier */
global_modifier = CFDictionaryGetValue(parameters, kGlobalModifier);
if (global_modifier != NULL) {
modifier = CGAModifierDictGetModifier(global_modifier,
&security_level);
}
if (modifier == NULL) {
global_modifier = NULL;
my_log_fl(LOG_NOTICE, "%@ missing/invalid", kGlobalModifier);
goto done;
}
/* load CGA keys */
keys_info = my_CFPropertyListCreateFromFile(CGA_KEYS_FILE);
if (isA_CFDictionary(keys_info) == NULL) {
if (keys_info != NULL) {
my_log_fl(LOG_NOTICE, "%s is not a dictionary", CGA_KEYS_FILE);
}
goto done;
}
/* private key */
priv = CFDictionaryGetValue(keys_info, kPrivateKey);
if (isA_CFData(priv) == NULL) {
my_log_fl(LOG_NOTICE, "%@ missing/invalid", kPrivateKey);
goto done;
}
/* public key */
pub = CFDictionaryGetValue(keys_info, kPublicKey);
if (isA_CFData(pub) == NULL) {
my_log_fl(LOG_NOTICE, "%@ missing/invalid", kPublicKey);
goto done;
}
/* set CGA parameters in the kernel */
if (cga_parameters_set(priv, pub, modifier, security_level) == FALSE) {
my_log_fl(LOG_NOTICE, "cga_parameters_set failed");
goto failed;
}
/* linklocal modifiers */
linklocal_modifiers
= CFDictionaryGetValue(parameters, kLinkLocalModifiers);
if (linklocal_modifiers != NULL
&& isA_CFDictionary(linklocal_modifiers) == NULL) {
my_log_fl(LOG_NOTICE, "%s is not a dictionary", kLinkLocalModifiers);
linklocal_modifiers = NULL;
}
done:
if (global_modifier != NULL) {
S_GlobalModifier = CFRetain(global_modifier);
}
else {
global_modifier = CGAParametersCreate(host_uuid);
if (global_modifier == NULL) {
goto failed;
}
S_GlobalModifier = global_modifier;
}
if (linklocal_modifiers != NULL) {
/* make a copy of the existing one */
S_LinkLocalModifiers
= CFDictionaryCreateMutableCopy(NULL, 0, linklocal_modifiers);
remove_old_linklocal_modifiers(S_LinkLocalModifiers);
}
else {
/* create an empty modifiers dictionary */
S_LinkLocalModifiers
= CFDictionaryCreateMutable(NULL, 0,
&kCFTypeDictionaryKeyCallBacks,
&kCFTypeDictionaryValueCallBacks);
}
failed:
my_CFRelease(&keys_info);
my_CFRelease(¶meters);
return (S_GlobalModifier != NULL);
}
PRIVATE_EXTERN EAPOLClientProfileRef
EAPOLClientProfileCreateWithDictAndProfileID(CFDictionaryRef dict,
CFStringRef profileID)
{
CFAllocatorRef alloc = CFGetAllocator(dict);
CFArrayRef accept_types;
CFDictionaryRef information;
CFStringRef domain = NULL;
CFDictionaryRef eap_config;
EAPOLClientProfileRef profile;
CFStringRef security_type = NULL;
CFStringRef user_defined_name;
CFDataRef ssid = NULL;
CFDictionaryRef wlan;
eap_config = CFDictionaryGetValue(dict,
kProfileKeyAuthenticationProperties);
if (isA_CFDictionary(eap_config) == NULL
|| CFDictionaryGetCount(eap_config) == 0) {
SCLog(TRUE, LOG_NOTICE,
CFSTR("EAPOLClientConfiguration: profile %@"
" missing/invalid %@ property"),
profileID, kProfileKeyAuthenticationProperties);
return (NULL);
}
accept_types = CFDictionaryGetValue(eap_config,
kEAPClientPropAcceptEAPTypes);
if (accept_types_valid(accept_types) == FALSE) {
SCLog(TRUE, LOG_NOTICE,
CFSTR("EAPOLClientConfiguration: profile %@"
" missing/invalid %@ property in %@"),
profileID, kEAPClientPropAcceptEAPTypes,
kProfileKeyAuthenticationProperties);
return (NULL);
}
wlan = CFDictionaryGetValue(dict, kProfileKeyWLAN);
if (wlan != NULL) {
if (isA_CFDictionary(wlan) == NULL) {
SCLog(TRUE, LOG_NOTICE,
CFSTR("EAPOLClientConfiguration: profile %@"
" invalid %@ property"),
profileID, kProfileKeyWLAN);
return (NULL);
}
ssid = CFDictionaryGetValue(wlan, kProfileKeyWLANSSID);
domain = CFDictionaryGetValue(wlan, kProfileKeyWLANDomain);
if (isA_CFData(ssid) == NULL && isA_CFString(domain) == NULL) {
SCLog(TRUE, LOG_NOTICE,
CFSTR("EAPOLClientConfiguration: profile %@"
" invalid/missing property (%@ or %@) in %@"),
profileID, kProfileKeyWLANSSID, kProfileKeyWLANDomain,
kProfileKeyWLAN);
return (NULL);
}
if (ssid != NULL) {
security_type = CFDictionaryGetValue(wlan,
kProfileKeyWLANSecurityType);
if (isA_CFString(security_type) == NULL) {
SCLog(TRUE, LOG_NOTICE,
CFSTR("EAPOLClientConfiguration: profile %@"
" invalid/missing %@ property in %@"),
profileID, kProfileKeyWLANSecurityType, kProfileKeyWLAN);
return (NULL);
}
}
}
user_defined_name = CFDictionaryGetValue(dict, kProfileKeyUserDefinedName);
if (user_defined_name != NULL && isA_CFString(user_defined_name) == NULL) {
SCLog(TRUE, LOG_NOTICE,
CFSTR("EAPOLClientConfiguration: profile %@"
" invalid %@ property"),
profileID, kProfileKeyUserDefinedName);
return (NULL);
}
information = CFDictionaryGetValue(dict, kProfileKeyInformation);
if (information != NULL && isA_CFDictionary(information) == NULL) {
SCLog(TRUE, LOG_NOTICE,
CFSTR("EAPOLClientConfiguration: profile %@"
" invalid %@ property"),
profileID, kProfileKeyInformation);
return (NULL);
}
/* allocate/set an EAPOLClientProfileRef */
profile = __EAPOLClientProfileAllocate(alloc);
if (profile == NULL) {
return (NULL);
}
profile->uuid = CFRetain(profileID);
EAPOLClientProfileSetUserDefinedName(profile, user_defined_name);
EAPOLClientProfileSetAuthenticationProperties(profile, eap_config);
if (ssid != NULL) {
EAPOLClientProfileSetWLANSSIDAndSecurityType(profile, ssid,
security_type);
}
else if (domain != NULL) {
EAPOLClientProfileSetWLANDomain(profile, domain);
}
if (information != NULL) {
profile->information
= CFDictionaryCreateMutableCopy(NULL, 0, information);
}
return (profile);
}
/*
* Function: DHCPLeaseCreateWithDictionary
* Purpose:
* Instantiate a new DHCPLease structure corresponding to the given
* dictionary. Validates that required properties are present,
* returns NULL if those checks fail.
*/
static DHCPLeaseRef
DHCPLeaseCreateWithDictionary(CFDictionaryRef dict, bool is_wifi)
{
CFDataRef hwaddr_data;
dhcp_lease_time_t lease_time;
DHCPLeaseRef lease_p;
CFDataRef pkt_data;
CFRange pkt_data_range;
struct in_addr * router_p;
CFStringRef ssid = NULL;
CFDateRef start_date;
dhcp_lease_time_t t1_time;
dhcp_lease_time_t t2_time;
/* get the lease start time */
start_date = CFDictionaryGetValue(dict, kLeaseStartDate);
if (isA_CFDate(start_date) == NULL) {
goto failed;
}
/* get the packet data */
pkt_data = CFDictionaryGetValue(dict, kPacketData);
if (isA_CFData(pkt_data) == NULL) {
goto failed;
}
/* if Wi-Fi, get the SSID */
if (is_wifi) {
ssid = CFDictionaryGetValue(dict, kSSID);
if (isA_CFString(ssid) == NULL) {
goto failed;
}
}
pkt_data_range.location = 0;
pkt_data_range.length = CFDataGetLength(pkt_data);
if (pkt_data_range.length < sizeof(struct dhcp)) {
goto failed;
}
lease_p = (DHCPLeaseRef)
malloc(offsetof(DHCPLease, pkt) + pkt_data_range.length);
bzero(lease_p, offsetof(DHCPLease, pkt));
/* copy the packet data */
CFDataGetBytes(pkt_data, pkt_data_range, lease_p->pkt);
lease_p->pkt_length = (int)pkt_data_range.length;
/* get the lease information and router IP address */
lease_p->lease_start = (absolute_time_t)CFDateGetAbsoluteTime(start_date);
{ /* parse/retrieve options */
dhcpol_t options;
(void)dhcpol_parse_packet(&options, (void *)lease_p->pkt,
(int)pkt_data_range.length, NULL);
dhcp_get_lease_from_options(&options, &lease_time, &t1_time, &t2_time);
router_p = dhcp_get_router_from_options(&options, lease_p->our_ip);
dhcpol_free(&options);
}
lease_p->lease_length = lease_time;
/* get the IP address */
/* ALIGN: lease_p->pkt is aligned, cast ok. */
lease_p->our_ip = ((struct dhcp *)(void *)lease_p->pkt)->dp_yiaddr;
/* get the router information */
if (router_p != NULL) {
CFRange hwaddr_range;
lease_p->router_ip = *router_p;
/* get the router hardware address */
hwaddr_data = CFDictionaryGetValue(dict, kRouterHardwareAddress);
hwaddr_range.length = 0;
if (isA_CFData(hwaddr_data) != NULL) {
hwaddr_range.length = CFDataGetLength(hwaddr_data);
}
if (hwaddr_range.length > 0) {
hwaddr_range.location = 0;
if (hwaddr_range.length > sizeof(lease_p->router_hwaddr)) {
hwaddr_range.length = sizeof(lease_p->router_hwaddr);
}
lease_p->router_hwaddr_length = (int)hwaddr_range.length;
CFDataGetBytes(hwaddr_data, hwaddr_range, lease_p->router_hwaddr);
}
}
if (ssid != NULL) {
CFRetain(ssid);
lease_p->ssid = ssid;
}
return (lease_p);
failed:
return (NULL);
}
