int
main(int argc, char **argv)
{
kern_return_t kr;
mach_port_t service_port = MACH_PORT_NULL;
openlog("eapolcfg_auth", LOG_CONS | LOG_PID, LOG_DAEMON);
if (geteuid() != 0) {
syslog(LOG_ERR, "not running as root - exiting");
exit(EX_CONFIG);
}
kr = bootstrap_check_in(bootstrap_port, EAPOLCFG_AUTH_SERVER,
&service_port);
if (kr != BOOTSTRAP_SUCCESS) {
syslog(LOG_ERR, "bootstrap_check_in() failed: %s",
bootstrap_strerror(kr));
exit(EX_UNAVAILABLE);
}
start_service(service_port);
while (1) {
SInt32 rlStatus;
rlStatus = CFRunLoopRunInMode(kCFRunLoopDefaultMode, 15.0, TRUE);
if (rlStatus == kCFRunLoopRunTimedOut) {
if (S_handled_request == FALSE) {
/* we didn't handle a request in the last time interval */
break;
}
S_handled_request = FALSE;
}
}
exit(EX_OK);
return (0);
}
__private_extern__
void
server_init()
{
serverSessionRef mySession;
CFRunLoopSourceRef rls;
char *service_name;
mach_port_t service_port = MACH_PORT_NULL;
kern_return_t status;
service_name = getenv("SCD_SERVER");
if (!service_name) {
service_name = SCD_SERVER;
}
/* Check "configd" server status */
status = bootstrap_check_in(bootstrap_port, service_name, &service_port);
switch (status) {
case BOOTSTRAP_SUCCESS :
/* if we are being [re-]started by launchd */
break;
case BOOTSTRAP_NOT_PRIVILEGED :
/* if another instance of the server is starting */
SCLog(TRUE, LOG_ERR, CFSTR("'%s' server already starting"), service_name);
exit (EX_UNAVAILABLE);
case BOOTSTRAP_SERVICE_ACTIVE :
/* if another instance of the server is active */
SCLog(TRUE, LOG_ERR, CFSTR("'%s' server already active"), service_name);
exit (EX_UNAVAILABLE);
default :
SCLog(TRUE, LOG_ERR,
CFSTR("server_init bootstrap_check_in(..., '%s', ...) failed: %s"),
service_name,
bootstrap_strerror(status));
exit (EX_UNAVAILABLE);
}
/* Create the primary / new connection port and backing session */
mySession = addSession(service_port, serverMPCopyDescription);
configd_port = mySession->serverPort;
/*
* Create and add a run loop source for the port and add this source
* to the default run loop mode.
*/
rls = CFMachPortCreateRunLoopSource(NULL, configd_port, 0);
CFRunLoopAddSource(CFRunLoopGetCurrent(), rls, kCFRunLoopDefaultMode);
CFRelease(rls);
return;
}
static mach_port_t
__SCDynamicStoreServerPort(SCDynamicStorePrivateRef storePrivate, kern_return_t *status)
{
mach_port_t server = MACH_PORT_NULL;
char *server_name;
server_name = getenv("SCD_SERVER");
if (server_name == NULL) {
server_name = SCD_SERVER;
}
#if defined(BOOTSTRAP_PRIVILEGED_SERVER) && !TARGET_IPHONE_SIMULATOR
*status = bootstrap_look_up2(bootstrap_port,
server_name,
&server,
0,
BOOTSTRAP_PRIVILEGED_SERVER);
#else // defined(BOOTSTRAP_PRIVILEGED_SERVER) && !TARGET_IPHONE_SIMULATOR
*status = bootstrap_look_up(bootstrap_port, server_name, &server);
#endif // defined(BOOTSTRAP_PRIVILEGED_SERVER) && !TARGET_IPHONE_SIMULATOR
switch (*status) {
case BOOTSTRAP_SUCCESS :
/* service currently registered, "a good thing" (tm) */
return server;
case BOOTSTRAP_NOT_PRIVILEGED :
/* the service is not privileged */
break;
case BOOTSTRAP_UNKNOWN_SERVICE :
/* service not currently registered, try again later */
break;
default :
#ifdef DEBUG
SCLog(_sc_verbose, LOG_DEBUG,
CFSTR("SCDynamicStoreCreate[WithOptions] bootstrap_look_up() failed: status=%s"),
bootstrap_strerror(*status));
#endif /* DEBUG */
break;
}
return MACH_PORT_NULL;
}
int
ppp_mach_start_server()
{
kern_return_t status;
CFRunLoopSourceRef rls;
mach_port_t our_port = MACH_PORT_NULL;
CFMachPortContext context = { 0, (void *)1, NULL, NULL, serverMPCopyDescription };
status = bootstrap_check_in(bootstrap_port, PPPCONTROLLER_SERVER, &our_port);
if (status != BOOTSTRAP_SUCCESS) {
SCLog(TRUE, LOG_ERR, CFSTR("PPPController: bootstrap_check_in \"%s\" error = %s"),
PPPCONTROLLER_SERVER, bootstrap_strerror(status));
return -1;
}
gServer_cfport = _SC_CFMachPortCreateWithPort("PPPController", our_port, server_handle_request, &context);
if (!gServer_cfport) {
SCLog(TRUE, LOG_ERR, CFSTR("PPPController: cannot create mach port"));
return -1;
}
rls = CFMachPortCreateRunLoopSource(0, gServer_cfport, 0);
if (!rls) {
SCLog(TRUE, LOG_ERR, CFSTR("PPPController: cannot create rls"));
CFRelease(gServer_cfport);
gServer_cfport = NULL;
return -1;
}
gControllerRunloop = CFRunLoopGetCurrent();
CFRunLoopAddSource(gControllerRunloop, rls, kCFRunLoopDefaultMode);
CFRunLoopAddSource(gControllerRunloop, gTerminalrls, kCFRunLoopDefaultMode);
CFRelease(rls);
return 0;
}
int client_main(void) {
kern_return_t kr;
mach_port_t mp;
kr = bootstrap_look_up(bootstrap_port, BOOTSTRAP_NAME, &mp);
if (kr != KERN_SUCCESS) {
#if MAC_OS_X_VERSION_MIN_REQUIRED >= 1050
fprintf(stderr, "privileged_startx: bootstrap_look_up(%s): %s\n", BOOTSTRAP_NAME, bootstrap_strerror(kr));
#else
fprintf(stderr, "privileged_startx: bootstrap_look_up(%s): %ul\n", BOOTSTRAP_NAME, (unsigned long)kr);
#endif
exit(EXIT_FAILURE);
}
kr = privileged_startx(mp);
if (kr != KERN_SUCCESS) {
fprintf(stderr, "privileged_startx client: %s\n", mach_error_string(kr));
exit(EXIT_FAILURE);
}
exit(EXIT_SUCCESS);
}
int main(int argc, char *argv[])
{
char *bname_server = NULL, *bname_client = NULL;
int i, j, ch;
int error;
int num = 1;
int Servers = 1;
int use_kerberos = 0;
int refcnt = 0;
pthread_t thread;
pthread_attr_t attr[1];
char hostbuf[MAXHOSTNAME];
char *host = hostbuf;
char *realm = NULL;
char *ServicePrincipal = NULL;
struct passwd *pent = NULL;
kern_return_t kr;
uid = getuid();
if (seteuid(uid)) {
Log("Could not drop privilege");
exit(EXIT_FAILURE);
}
setprogname(argv[0]);
/* Set up mech table */
mechtab[GSSD_KRB5_MECH] = GSS_KRB5_MECHANISM;
mechtab[GSSD_SPNEGO_MECH] = GSS_SPNEGO_MECHANISM;
mechtab[GSSD_NTLM_MECH] = GSS_NTLM_MECHANISM;
while ((ch = getopt(argc, argv, "b:B:CdDef:hHikN:n:M:m:p:r:Rs:S:t:u:v:V")) != -1) {
switch (ch) {
case 'b':
bname_client = optarg;
break;
case 'B':
bname_server = optarg;
break;
case 'C':
gssd_flags |= GSSD_NO_CANON;
break;
case 'd':
debug++;
break;
case 'D':
gssd_flags |= GSSD_NO_DEFAULT;
break;
case 'e':
exitonerror = 1;
break;
case 'f':
flags |= atoi(optarg);
break;
case 'H':
gssd_flags &= ~GSSD_HOME_ACCESS_OK;
break;
case 'i':
interactive = 1;
break;
case 'k':
use_kerberos = 1;
break;
case 'M':
max_retries = atoi(optarg);
break;
case 'm':
if (strcmp(optarg, "krb5") == 0)
mech = GSSD_KRB5_MECH;
else if (strcmp(optarg, "spnego") == 0)
mech = GSSD_SPNEGO_MECH;
else if (strcmp(optarg, "ntlm") == 0)
mech = GSSD_NTLM_MECH;
else {
Log("Unavailable gss mechanism %s\n", optarg);
exit(EXIT_FAILURE);
}
break;
case 'n':
num = atoi(optarg);
break;
case 'N':
if (strcmp(optarg, "uid") == 0)
name_type = GSSD_MACHINE_UID;
else if (strcmp(optarg, "suid") == 0)
name_type = GSSD_STRING_UID;
else if (strcmp(optarg, "user") == 0)
name_type = GSSD_USER;
else if (strcmp(optarg, "krb5") == 0)
name_type = GSSD_KRB5_PRINCIPAL;
else if (strcmp(optarg, "ntlm") == 0)
name_type = GSSD_NTLM_PRINCIPAL;
else {
Log("Unsupported name type %s\n", optarg);
exit(EXIT_FAILURE);
}
break;
case 'p':
principal = optarg;
break;
case 'r':
realm = optarg;
break;
case 'R':
refcnt = 1;
break;
case 's':
Servers = atoi(optarg);
break;
case 'S':
ServicePrincipal = optarg;
break;
case 't':
timeout = atoi(optarg);
break;
case 'u':
pent = getpwnam(optarg);
if (pent)
uid = pent->pw_uid;
else
Log("Could no find user %s\n", optarg);
break;
case 'V':
verbose++;
break;
case 'v':
version = atoi(optarg);
break;
default:
Usage();
break;
}
}
argc -= optind;
argv += optind;
if (argc == 0) {
gethostname(hostbuf, MAXHOSTNAME);
} else if (argc == 1) {
host = argv[0];
} else {
Usage();
}
if (principal == NULL || *principal == '\0') {
if (pent == NULL)
pent = getpwuid(uid);
principal = pent->pw_name;
name_type = GSSD_USER;
}
clientp.nt = name_type;
switch (name_type) {
case GSSD_USER:
case GSSD_STRING_UID:
case GSSD_KRB5_PRINCIPAL:
case GSSD_NTLM_PRINCIPAL:
clientp.name = (gssd_byte_buffer) principal;
clientp.len = (uint32_t) strlen(principal);
break;
default:
Log("Unsupported name type for principal %s\n", principal);
exit(EXIT_FAILURE);
break;
}
printf("Using creds for %s host=%s\n", principal, host);
if (bname_client) {
kr = bootstrap_look_up(bootstrap_port, bname_client, &client_mp);
if (kr != KERN_SUCCESS) {
Log("bootstrap_look_up(): %s\n", bootstrap_strerror(kr));
exit(EXIT_FAILURE);
}
} else {
client_mp = get_gssd_port();
}
if (!MACH_PORT_VALID(client_mp)) {
Log("Could not get a valid client port (%d)\n", client_mp);
exit(EXIT_FAILURE);
}
if (refcnt)
return do_refcount(mech, name_type, principal);
if (ServicePrincipal)
strlcpy(svcname, ServicePrincipal, sizeof(svcname));
else if (use_kerberos) {
strlcpy(svcname, "nfs/", sizeof(svcname));
strlcat(svcname, host, sizeof(svcname));
if (realm) {
strlcat(svcname, "@", sizeof(svcname));
strlcat(svcname, realm, sizeof(svcname));
}
} else {
strlcpy(svcname, "nfs@", sizeof(svcname));
strlcat(svcname, host, sizeof(svcname));
}
if (!use_kerberos) {
targetp.nt = GSSD_HOSTBASED;
targetp.name = (gssd_byte_buffer)svcname;
targetp.len = (uint32_t) strlen(svcname);
}
printf("Service name = %s\n", svcname);
if (bname_server) {
kr = bootstrap_look_up(bootstrap_port, bname_server, &server_mp);
if (kr != KERN_SUCCESS) {
Log("bootstrap_look_up(): %s\n", bootstrap_strerror(kr));
exit(EXIT_FAILURE);
}
} else {
server_mp = get_gssd_port();
}
if (!MACH_PORT_VALID(server_mp)) {
Log("Could not get a valid server port (%d)\n", server_mp);
exit(EXIT_FAILURE);
}
if (interactive) {
printf("Hit enter to start ");
(void) getchar();
}
pthread_attr_init(attr);
pthread_attr_setdetachstate(attr, PTHREAD_CREATE_DETACHED);
pthread_mutex_init(num_servers_lock, NULL);
pthread_cond_init(num_servers_cv, NULL);
for (i = 0; i < num; i++) {
num_servers = Servers;
for (j = 0; j < num_servers; j++) {
error = pthread_create(&thread, attr, server, NULL);
if (error)
Log("Could not start server: %s\n",
strerror(error));
}
waitall();
}
report_errors();
pthread_attr_destroy(attr);
kr = mach_port_deallocate(mach_task_self(), client_mp);
if (kr != KERN_SUCCESS) {
Log("Could not delete send right!\n");
}
kr = mach_port_deallocate(mach_task_self(), server_mp);
if (kr != KERN_SUCCESS) {
Log("Could not delete send right!\n");
}
if (interactive) {
printf("Hit enter to stop\n");
(void) getchar();
}
return (0);
}
static int startup_trigger(int argc, char **argv, char **envp) {
Display *display;
const char *s;
/* Take care of the case where we're called like a normal DDX */
if(argc > 1 && argv[1][0] == ':') {
size_t i;
kern_return_t kr;
mach_port_t mp;
string_array_t newenvp;
string_array_t newargv;
/* We need to count envp */
int envpc;
for(envpc=0; envp[envpc]; envpc++);
/* We have fixed-size string lengths due to limitations in IPC,
* so we need to copy our argv and envp.
*/
newargv = (string_array_t)alloca(argc * sizeof(string_t));
newenvp = (string_array_t)alloca(envpc * sizeof(string_t));
if(!newargv || !newenvp) {
fprintf(stderr, "Memory allocation failure\n");
exit(EXIT_FAILURE);
}
for(i=0; i < argc; i++) {
strlcpy(newargv[i], argv[i], STRING_T_SIZE);
}
for(i=0; i < envpc; i++) {
strlcpy(newenvp[i], envp[i], STRING_T_SIZE);
}
kr = bootstrap_look_up(bootstrap_port, server_bootstrap_name, &mp);
if (kr != KERN_SUCCESS) {
#if MAC_OS_X_VERSION_MIN_REQUIRED >= 1050
fprintf(stderr, "bootstrap_look_up(%s): %s\n", server_bootstrap_name, bootstrap_strerror(kr));
#else
fprintf(stderr, "bootstrap_look_up(%s): %ul\n", server_bootstrap_name, (unsigned long)kr);
#endif
exit(EXIT_FAILURE);
}
kr = start_x11_server(mp, newargv, argc, newenvp, envpc);
if (kr != KERN_SUCCESS) {
fprintf(stderr, "start_x11_server: %s\n", mach_error_string(kr));
exit(EXIT_FAILURE);
}
exit(EXIT_SUCCESS);
}
/* If we have a process serial number and it's our only arg, act as if
* the user double clicked the app bundle: launch app_to_run if possible
*/
if(argc == 1 || (argc == 2 && !strncmp(argv[1], "-psn_", 5))) {
/* Now, try to open a display, if so, run the launcher */
display = XOpenDisplay(NULL);
if(display) {
/* Could open the display, start the launcher */
XCloseDisplay(display);
return execute(command_from_prefs("app_to_run", DEFAULT_CLIENT));
}
}
/* Start the server */
if((s = getenv("DISPLAY"))) {
fprintf(stderr, "X11.app: Could not connect to server (DISPLAY=\"%s\", unsetting). Starting X server.\n", s);
unsetenv("DISPLAY");
} else {
fprintf(stderr, "X11.app: Could not connect to server (DISPLAY is not set). Starting X server.\n");
}
return execute(command_from_prefs("startx_script", DEFAULT_STARTX));
}
int main(int argc, char **argv, char **envp) {
int envpc;
kern_return_t kr;
mach_port_t mp;
string_array_t newenvp;
string_array_t newargv;
size_t i;
int launchd_fd;
string_t handoff_socket_filename;
sig_t handler;
if(argc == 2 && !strcmp(argv[1], "-version")) {
fprintf(stderr, "X.org Release 7.5\n");
fprintf(stderr, "X.Org X Server %s\n", XSERVER_VERSION);
fprintf(stderr, "Build Date: %s\n", BUILD_DATE);
return EXIT_SUCCESS;
}
if(getenv("X11_PREFS_DOMAIN"))
server_bootstrap_name = getenv("X11_PREFS_DOMAIN");
/* We don't have a mechanism in place to handle this interrupt driven
* server-start notification, so just send the signal now, so xinit doesn't
* time out waiting for it and will just poll for the server.
*/
handler = signal(SIGUSR1, SIG_IGN);
if(handler == SIG_IGN)
kill(getppid(), SIGUSR1);
signal(SIGUSR1, handler);
/* Pass on SIGs to X11.app */
signal(SIGINT, signal_handler);
signal(SIGTERM, signal_handler);
/* Get the $DISPLAY FD */
launchd_fd = launchd_display_fd();
kr = bootstrap_look_up(bootstrap_port, server_bootstrap_name, &mp);
if(kr != KERN_SUCCESS) {
pid_t child;
fprintf(stderr, "Xquartz: Unable to locate waiting server: %s\n", server_bootstrap_name);
set_x11_path();
/* This forking is ugly and will be cleaned up later */
child = fork();
if(child == -1) {
fprintf(stderr, "Xquartz: Could not fork: %s\n", strerror(errno));
return EXIT_FAILURE;
}
if(child == 0) {
char *_argv[3];
_argv[0] = x11_path;
_argv[1] = "--listenonly";
_argv[2] = NULL;
fprintf(stderr, "Xquartz: Starting X server: %s --listenonly\n", x11_path);
return execvp(x11_path, _argv);
}
/* Try connecting for 10 seconds */
for(i=0; i < 80; i++) {
usleep(250000);
kr = bootstrap_look_up(bootstrap_port, server_bootstrap_name, &mp);
if(kr == KERN_SUCCESS)
break;
}
if(kr != KERN_SUCCESS) {
#if MAC_OS_X_VERSION_MIN_REQUIRED >= 1050
fprintf(stderr, "Xquartz: bootstrap_look_up(): %s\n", bootstrap_strerror(kr));
#else
fprintf(stderr, "Xquartz: bootstrap_look_up(): %ul\n", (unsigned long)kr);
#endif
return EXIT_FAILURE;
}
}
/* Get X11.app's pid */
request_pid(mp, &x11app_pid);
/* Handoff the $DISPLAY FD */
if(launchd_fd != -1) {
size_t try, try_max;
int handoff_fd = -1;
for(try=0, try_max=5; try < try_max; try++) {
if(request_fd_handoff_socket(mp, handoff_socket_filename) != KERN_SUCCESS) {
fprintf(stderr, "Xquartz: Failed to request a socket from the server to send the $DISPLAY fd over (try %d of %d)\n", (int)try+1, (int)try_max);
continue;
}
handoff_fd = connect_to_socket(handoff_socket_filename);
if(handoff_fd == -1) {
fprintf(stderr, "Xquartz: Failed to connect to socket (try %d of %d)\n", (int)try+1, (int)try_max);
continue;
}
#ifdef DEBUG
fprintf(stderr, "Xquartz: Handoff connection established (try %d of %d) on fd %d, \"%s\". Sending message.\n", (int)try+1, (int)try_max, handoff_fd, handoff_socket_filename);
#endif
send_fd_handoff(handoff_fd, launchd_fd);
close(handoff_fd);
break;
}
}
/* Count envp */
for(envpc=0; envp[envpc]; envpc++);
/* We have fixed-size string lengths due to limitations in IPC,
* so we need to copy our argv and envp.
*/
newargv = (string_array_t)malloc(argc * sizeof(string_t));
newenvp = (string_array_t)malloc(envpc * sizeof(string_t));
if(!newargv || !newenvp) {
fprintf(stderr, "Xquartz: Memory allocation failure\n");
return EXIT_FAILURE;
}
for(i=0; i < argc; i++) {
strlcpy(newargv[i], argv[i], STRING_T_SIZE);
}
for(i=0; i < envpc; i++) {
strlcpy(newenvp[i], envp[i], STRING_T_SIZE);
}
kr = start_x11_server(mp, newargv, argc, newenvp, envpc);
free(newargv);
free(newenvp);
if (kr != KERN_SUCCESS) {
fprintf(stderr, "Xquartz: start_x11_server: %s\n", mach_error_string(kr));
return EXIT_FAILURE;
}
return EXIT_SUCCESS;
}
