/* returns -1 on error. */
int
msg_setauthorization (sip_t * sip, char *hvalue)
{
authorization_t *authorization;
int i;
if (sip == NULL || sip->authorizations == NULL)
return -1;
i = authorization_init (&authorization);
if (i != 0)
return -1;
i = authorization_parse (authorization, hvalue);
if (i != 0)
{
authorization_free (authorization);
sfree (authorization);
return -1;
}
#ifdef USE_TMP_BUFFER
sip->message_property = 2;
#endif
list_add (sip->authorizations, authorization, -1);
return 0;
}
int
authorization_clone (authorization_t * auth, authorization_t ** dest)
{
int i;
authorization_t *au;
*dest = NULL;
if (auth == NULL)
return -1;
/* to be removed?
if (auth->auth_type==NULL) return -1;
if (auth->username==NULL) return -1;
if (auth->realm==NULL) return -1;
if (auth->nonce==NULL) return -1;
if (auth->uri==NULL) return -1;
if (auth->response==NULL) return -1;
if (auth->opaque==NULL) return -1;
*/
i = authorization_init (&au);
if (i == -1) /* allocation failed */
return -1;
if (auth->auth_type != NULL)
{
au->auth_type = sgetcopy (auth->auth_type);
if (au->auth_type == NULL)
goto ac_error;
}
if (auth->username != NULL)
{
au->username = sgetcopy (auth->username);
if (au->username == NULL)
goto ac_error;
}
if (auth->realm != NULL)
{
au->realm = sgetcopy (auth->realm);
if (auth->realm == NULL)
goto ac_error;
}
if (auth->nonce != NULL)
{
au->nonce = sgetcopy (auth->nonce);
if (auth->nonce == NULL)
goto ac_error;
}
if (auth->uri != NULL)
{
au->uri = sgetcopy (auth->uri);
if (au->uri == NULL)
goto ac_error;
}
if (auth->response != NULL)
{
au->response = sgetcopy (auth->response);
if (auth->response == NULL)
goto ac_error;
}
if (auth->digest != NULL)
{
au->digest = sgetcopy (auth->digest);
if (au->digest == NULL)
goto ac_error;
}
if (auth->algorithm != NULL)
{
au->algorithm = sgetcopy (auth->algorithm);
if (auth->algorithm == NULL)
goto ac_error;
}
if (auth->cnonce != NULL)
{
au->cnonce = sgetcopy (auth->cnonce);
if (au->cnonce == NULL)
goto ac_error;
}
if (auth->opaque != NULL)
{
au->opaque = sgetcopy (auth->opaque);
if (auth->opaque == NULL)
goto ac_error;
}
if (auth->message_qop != NULL)
{
au->message_qop = sgetcopy (auth->message_qop);
if (auth->message_qop == NULL)
goto ac_error;
}
if (auth->nonce_count != NULL)
{
au->nonce_count = sgetcopy (auth->nonce_count);
if (auth->nonce_count == NULL)
goto ac_error;
}
*dest = au;
return 0;
ac_error:
authorization_free (au);
sfree (au);
return -1;
}
static void
security_auth_peer_event_handler(xpc_connection_t connection, xpc_object_t event)
{
__block OSStatus status = errAuthorizationDenied;
connection_t conn = (connection_t)xpc_connection_get_context(connection);
require_action(conn != NULL, done, LOGE("xpc[%i]: process context not found", xpc_connection_get_pid(connection)));
CFRetainSafe(conn);
xpc_type_t type = xpc_get_type(event);
if (type == XPC_TYPE_ERROR) {
if (event == XPC_ERROR_CONNECTION_INVALID) {
// The client process on the other end of the connection has either
// crashed or cancelled the connection. After receiving this error,
// the connection is in an invalid state, and you do not need to
// call xpc_connection_cancel(). Just tear down any associated state
// here.
LOGV("xpc[%i]: client disconnected", xpc_connection_get_pid(connection));
connection_destory_agents(conn);
} else if (event == XPC_ERROR_TERMINATION_IMMINENT) {
// Handle per-connection termination cleanup.
LOGD("xpc[%i]: per-connection termination", xpc_connection_get_pid(connection));
}
} else {
assert(type == XPC_TYPE_DICTIONARY);
xpc_object_t reply = xpc_dictionary_create_reply(event);
require(reply != NULL, done);
uint64_t auth_type = xpc_dictionary_get_uint64(event, AUTH_XPC_TYPE);
LOGV("xpc[%i]: received message type=%llu", connection_get_pid(conn), auth_type);
switch (auth_type) {
case AUTHORIZATION_CREATE:
status = authorization_create(conn,event,reply);
break;
case AUTHORIZATION_CREATE_WITH_AUDIT_TOKEN:
status = authorization_create_with_audit_token(conn,event,reply);
break;
case AUTHORIZATION_FREE:
status = authorization_free(conn,event,reply);
break;
case AUTHORIZATION_COPY_RIGHTS:
status = authorization_copy_rights(conn,event,reply);
break;
case AUTHORIZATION_COPY_INFO:
status = authorization_copy_info(conn,event,reply);
break;
case AUTHORIZATION_MAKE_EXTERNAL_FORM:
status = authorization_make_external_form(conn,event,reply);
break;
case AUTHORIZATION_CREATE_FROM_EXTERNAL_FORM:
status = authorization_create_from_external_form(conn,event,reply);
break;
case AUTHORIZATION_RIGHT_GET:
status = authorization_right_get(conn,event,reply);
break;
case AUTHORIZATION_RIGHT_SET:
status = authorization_right_set(conn,event,reply);
break;
case AUTHORIZATION_RIGHT_REMOVE:
status = authorization_right_remove(conn,event,reply);
break;
case SESSION_SET_USER_PREFERENCES:
status = session_set_user_preferences(conn,event,reply);
break;
case AUTHORIZATION_DISMISS:
connection_destory_agents(conn);
status = errAuthorizationSuccess;
break;
case AUTHORIZATION_ENABLE_SMARTCARD:
status = authorization_enable_smartcard(conn,event,reply);
break;
case AUTHORIZATION_SETUP:
{
mach_port_t bootstrap = xpc_dictionary_copy_mach_send(event, AUTH_XPC_BOOTSTRAP);
if (!process_set_bootstrap(connection_get_process(conn), bootstrap)) {
if (bootstrap != MACH_PORT_NULL) {
mach_port_deallocate(mach_task_self(), bootstrap);
}
}
}
status = errAuthorizationSuccess;
break;
#if DEBUG
case AUTHORIZATION_DEV:
server_dev();
break;
#endif
default:
break;
}
xpc_dictionary_set_int64(reply, AUTH_XPC_STATUS, status);
xpc_connection_send_message(connection, reply);
xpc_release(reply);
}
done:
CFReleaseSafe(conn);
}
