SOSTransportMessageRef SOSTransportMessageCreateForSubclass(size_t size,
SOSAccountRef account, CFStringRef circleName,
CFErrorRef *error)
{
SOSTransportMessageRef tpt = CFTypeAllocateWithSpace(SOSTransportMessage, size, kCFAllocatorDefault);
SOSEngineRef engine = SOSDataSourceFactoryGetEngineForDataSourceName(account->factory, circleName, error);
tpt->engine = CFRetainSafe(engine);
tpt->account = CFRetainSafe(account);
return tpt;
}
/*
* Set the hash agility attribute for a CMSEncoder.
* This is only used if the kCMSAttrAppleCodesigningHashAgility attribute
* is included.
*/
OSStatus CMSEncoderSetAppleCodesigningHashAgility(
CMSEncoderRef cmsEncoder,
CFDataRef hashAgilityAttrValue)
{
if (cmsEncoder == NULL || cmsEncoder->encState != ES_Init) {
return errSecParam;
}
cmsEncoder->hashAgilityAttrValue = CFRetainSafe(hashAgilityAttrValue);
return errSecSuccess;
}
static void
security_auth_peer_event_handler(xpc_connection_t connection, xpc_object_t event)
{
__block OSStatus status = errAuthorizationDenied;
connection_t conn = (connection_t)xpc_connection_get_context(connection);
require_action(conn != NULL, done, LOGE("xpc[%i]: process context not found", xpc_connection_get_pid(connection)));
CFRetainSafe(conn);
xpc_type_t type = xpc_get_type(event);
if (type == XPC_TYPE_ERROR) {
if (event == XPC_ERROR_CONNECTION_INVALID) {
// The client process on the other end of the connection has either
// crashed or cancelled the connection. After receiving this error,
// the connection is in an invalid state, and you do not need to
// call xpc_connection_cancel(). Just tear down any associated state
// here.
LOGV("xpc[%i]: client disconnected", xpc_connection_get_pid(connection));
connection_destory_agents(conn);
} else if (event == XPC_ERROR_TERMINATION_IMMINENT) {
// Handle per-connection termination cleanup.
LOGD("xpc[%i]: per-connection termination", xpc_connection_get_pid(connection));
}
} else {
assert(type == XPC_TYPE_DICTIONARY);
xpc_object_t reply = xpc_dictionary_create_reply(event);
require(reply != NULL, done);
uint64_t auth_type = xpc_dictionary_get_uint64(event, AUTH_XPC_TYPE);
LOGV("xpc[%i]: received message type=%llu", connection_get_pid(conn), auth_type);
switch (auth_type) {
case AUTHORIZATION_CREATE:
status = authorization_create(conn,event,reply);
break;
case AUTHORIZATION_CREATE_WITH_AUDIT_TOKEN:
status = authorization_create_with_audit_token(conn,event,reply);
break;
case AUTHORIZATION_FREE:
status = authorization_free(conn,event,reply);
break;
case AUTHORIZATION_COPY_RIGHTS:
status = authorization_copy_rights(conn,event,reply);
break;
case AUTHORIZATION_COPY_INFO:
status = authorization_copy_info(conn,event,reply);
break;
case AUTHORIZATION_MAKE_EXTERNAL_FORM:
status = authorization_make_external_form(conn,event,reply);
break;
case AUTHORIZATION_CREATE_FROM_EXTERNAL_FORM:
status = authorization_create_from_external_form(conn,event,reply);
break;
case AUTHORIZATION_RIGHT_GET:
status = authorization_right_get(conn,event,reply);
break;
case AUTHORIZATION_RIGHT_SET:
status = authorization_right_set(conn,event,reply);
break;
case AUTHORIZATION_RIGHT_REMOVE:
status = authorization_right_remove(conn,event,reply);
break;
case SESSION_SET_USER_PREFERENCES:
status = session_set_user_preferences(conn,event,reply);
break;
case AUTHORIZATION_DISMISS:
connection_destory_agents(conn);
status = errAuthorizationSuccess;
break;
case AUTHORIZATION_ENABLE_SMARTCARD:
status = authorization_enable_smartcard(conn,event,reply);
break;
case AUTHORIZATION_SETUP:
{
mach_port_t bootstrap = xpc_dictionary_copy_mach_send(event, AUTH_XPC_BOOTSTRAP);
if (!process_set_bootstrap(connection_get_process(conn), bootstrap)) {
if (bootstrap != MACH_PORT_NULL) {
mach_port_deallocate(mach_task_self(), bootstrap);
}
}
}
status = errAuthorizationSuccess;
break;
#if DEBUG
case AUTHORIZATION_DEV:
server_dev();
break;
#endif
default:
break;
}
xpc_dictionary_set_int64(reply, AUTH_XPC_STATUS, status);
xpc_connection_send_message(connection, reply);
xpc_release(reply);
}
done:
CFReleaseSafe(conn);
}
CFDataRef SecOTRSessionCreateRemote_internal(CFDataRef publicAccountData, CFDataRef publicPeerId, CFDataRef privateAccountData, CFErrorRef *error) {
SOSDataSourceFactoryRef ds = SecItemDataSourceFactoryGetDefault();
SOSAccountRef privateAccount = NULL;
SOSAccountRef publicAccount = NULL;
CFStringRef publicKeyString = NULL;
SecKeyRef privateKeyRef = NULL;
SecKeyRef publicKeyRef = NULL;
SecOTRFullIdentityRef privateIdentity = NULL;
SecOTRPublicIdentityRef publicIdentity = NULL;
CFDataRef result = NULL;
SecOTRSessionRef ourSession = NULL;
require_quiet(ds, fail);
require_quiet(publicPeerId, fail);
privateAccount = (privateAccountData == NULL) ? CFRetainSafe(SOSKeychainAccountGetSharedAccount()) : SOSAccountCreateFromData(kCFAllocatorDefault, privateAccountData, ds, error);
require_quiet(privateAccount, fail);
privateKeyRef = SOSAccountCopyDeviceKey(privateAccount, error);
require_quiet(privateKeyRef, fail);
CFReleaseNull(privateAccount);
privateIdentity = SecOTRFullIdentityCreateFromSecKeyRef(kCFAllocatorDefault, privateKeyRef, error);
require_quiet(privateIdentity, fail);
CFReleaseNull(privateKeyRef);
publicKeyString = CFStringCreateFromExternalRepresentation(kCFAllocatorDefault, publicPeerId, kCFStringEncodingUTF8);
require_quiet(publicKeyString, fail);
publicAccount = (publicAccountData == NULL) ? CFRetainSafe(SOSKeychainAccountGetSharedAccount()) : SOSAccountCreateFromData(kCFAllocatorDefault, publicAccountData, ds, error);
require_quiet(publicAccount, fail);
publicKeyRef = SOSAccountCopyPublicKeyForPeer(publicAccount, publicKeyString, error);
require_quiet(publicKeyRef, fail);
CFReleaseNull(publicAccount);
publicIdentity = SecOTRPublicIdentityCreateFromSecKeyRef(kCFAllocatorDefault, publicKeyRef, error);
require_quiet(publicIdentity, fail);
CFReleaseNull(publicKeyRef);
ourSession = SecOTRSessionCreateFromID(kCFAllocatorDefault, privateIdentity, publicIdentity);
CFMutableDataRef exportSession = CFDataCreateMutable(kCFAllocatorDefault, 0);
SecOTRSAppendSerialization(ourSession, exportSession);
result = exportSession;
exportSession = NULL;
fail:
CFReleaseNull(ourSession);
CFReleaseNull(publicKeyString);
CFReleaseNull(privateAccount);
CFReleaseNull(publicAccount);
CFReleaseNull(privateKeyRef);
CFReleaseNull(publicKeyRef);
CFReleaseNull(publicIdentity);
CFReleaseNull(privateIdentity);
return result;
}
CFDataRef SOSCoderCopyPendingResponse(SOSCoderRef coder)
{
return CFRetainSafe(coder->pendingResponse);
}
