/* returns -1 on error. */ int msg_setauthorization (sip_t * sip, char *hvalue) { authorization_t *authorization; int i; if (sip == NULL || sip->authorizations == NULL) return -1; i = authorization_init (&authorization); if (i != 0) return -1; i = authorization_parse (authorization, hvalue); if (i != 0) { authorization_free (authorization); sfree (authorization); return -1; } #ifdef USE_TMP_BUFFER sip->message_property = 2; #endif list_add (sip->authorizations, authorization, -1); return 0; }
int authorization_clone (authorization_t * auth, authorization_t ** dest) { int i; authorization_t *au; *dest = NULL; if (auth == NULL) return -1; /* to be removed? if (auth->auth_type==NULL) return -1; if (auth->username==NULL) return -1; if (auth->realm==NULL) return -1; if (auth->nonce==NULL) return -1; if (auth->uri==NULL) return -1; if (auth->response==NULL) return -1; if (auth->opaque==NULL) return -1; */ i = authorization_init (&au); if (i == -1) /* allocation failed */ return -1; if (auth->auth_type != NULL) { au->auth_type = sgetcopy (auth->auth_type); if (au->auth_type == NULL) goto ac_error; } if (auth->username != NULL) { au->username = sgetcopy (auth->username); if (au->username == NULL) goto ac_error; } if (auth->realm != NULL) { au->realm = sgetcopy (auth->realm); if (auth->realm == NULL) goto ac_error; } if (auth->nonce != NULL) { au->nonce = sgetcopy (auth->nonce); if (auth->nonce == NULL) goto ac_error; } if (auth->uri != NULL) { au->uri = sgetcopy (auth->uri); if (au->uri == NULL) goto ac_error; } if (auth->response != NULL) { au->response = sgetcopy (auth->response); if (auth->response == NULL) goto ac_error; } if (auth->digest != NULL) { au->digest = sgetcopy (auth->digest); if (au->digest == NULL) goto ac_error; } if (auth->algorithm != NULL) { au->algorithm = sgetcopy (auth->algorithm); if (auth->algorithm == NULL) goto ac_error; } if (auth->cnonce != NULL) { au->cnonce = sgetcopy (auth->cnonce); if (au->cnonce == NULL) goto ac_error; } if (auth->opaque != NULL) { au->opaque = sgetcopy (auth->opaque); if (auth->opaque == NULL) goto ac_error; } if (auth->message_qop != NULL) { au->message_qop = sgetcopy (auth->message_qop); if (auth->message_qop == NULL) goto ac_error; } if (auth->nonce_count != NULL) { au->nonce_count = sgetcopy (auth->nonce_count); if (auth->nonce_count == NULL) goto ac_error; } *dest = au; return 0; ac_error: authorization_free (au); sfree (au); return -1; }
static void security_auth_peer_event_handler(xpc_connection_t connection, xpc_object_t event) { __block OSStatus status = errAuthorizationDenied; connection_t conn = (connection_t)xpc_connection_get_context(connection); require_action(conn != NULL, done, LOGE("xpc[%i]: process context not found", xpc_connection_get_pid(connection))); CFRetainSafe(conn); xpc_type_t type = xpc_get_type(event); if (type == XPC_TYPE_ERROR) { if (event == XPC_ERROR_CONNECTION_INVALID) { // The client process on the other end of the connection has either // crashed or cancelled the connection. After receiving this error, // the connection is in an invalid state, and you do not need to // call xpc_connection_cancel(). Just tear down any associated state // here. LOGV("xpc[%i]: client disconnected", xpc_connection_get_pid(connection)); connection_destory_agents(conn); } else if (event == XPC_ERROR_TERMINATION_IMMINENT) { // Handle per-connection termination cleanup. LOGD("xpc[%i]: per-connection termination", xpc_connection_get_pid(connection)); } } else { assert(type == XPC_TYPE_DICTIONARY); xpc_object_t reply = xpc_dictionary_create_reply(event); require(reply != NULL, done); uint64_t auth_type = xpc_dictionary_get_uint64(event, AUTH_XPC_TYPE); LOGV("xpc[%i]: received message type=%llu", connection_get_pid(conn), auth_type); switch (auth_type) { case AUTHORIZATION_CREATE: status = authorization_create(conn,event,reply); break; case AUTHORIZATION_CREATE_WITH_AUDIT_TOKEN: status = authorization_create_with_audit_token(conn,event,reply); break; case AUTHORIZATION_FREE: status = authorization_free(conn,event,reply); break; case AUTHORIZATION_COPY_RIGHTS: status = authorization_copy_rights(conn,event,reply); break; case AUTHORIZATION_COPY_INFO: status = authorization_copy_info(conn,event,reply); break; case AUTHORIZATION_MAKE_EXTERNAL_FORM: status = authorization_make_external_form(conn,event,reply); break; case AUTHORIZATION_CREATE_FROM_EXTERNAL_FORM: status = authorization_create_from_external_form(conn,event,reply); break; case AUTHORIZATION_RIGHT_GET: status = authorization_right_get(conn,event,reply); break; case AUTHORIZATION_RIGHT_SET: status = authorization_right_set(conn,event,reply); break; case AUTHORIZATION_RIGHT_REMOVE: status = authorization_right_remove(conn,event,reply); break; case SESSION_SET_USER_PREFERENCES: status = session_set_user_preferences(conn,event,reply); break; case AUTHORIZATION_DISMISS: connection_destory_agents(conn); status = errAuthorizationSuccess; break; case AUTHORIZATION_ENABLE_SMARTCARD: status = authorization_enable_smartcard(conn,event,reply); break; case AUTHORIZATION_SETUP: { mach_port_t bootstrap = xpc_dictionary_copy_mach_send(event, AUTH_XPC_BOOTSTRAP); if (!process_set_bootstrap(connection_get_process(conn), bootstrap)) { if (bootstrap != MACH_PORT_NULL) { mach_port_deallocate(mach_task_self(), bootstrap); } } } status = errAuthorizationSuccess; break; #if DEBUG case AUTHORIZATION_DEV: server_dev(); break; #endif default: break; } xpc_dictionary_set_int64(reply, AUTH_XPC_STATUS, status); xpc_connection_send_message(connection, reply); xpc_release(reply); } done: CFReleaseSafe(conn); }