Structure* Structure::flattenDictionaryStructure(JSGlobalData& globalData, JSObject* object)
{
ASSERT(isDictionary());
if (isUncacheableDictionary()) {
ASSERT(m_propertyTable);
size_t propertyCount = m_propertyTable->size();
// Holds our values compacted by insertion order.
Vector<JSValue> values(propertyCount);
// Copies out our values from their hashed locations, compacting property table offsets as we go.
unsigned i = 0;
PropertyTable::iterator end = m_propertyTable->end();
for (PropertyTable::iterator iter = m_propertyTable->begin(); iter != end; ++iter, ++i) {
values[i] = object->getDirectOffset(iter->offset);
iter->offset = propertyOffsetFor(i, m_inlineCapacity);
}
// Copies in our values to their compacted locations.
for (unsigned i = 0; i < propertyCount; i++)
object->putDirectOffset(globalData, propertyOffsetFor(i, m_inlineCapacity), values[i]);
m_propertyTable->clearDeletedOffsets();
}
m_dictionaryKind = NoneDictionaryKind;
return this;
}
Structure* Structure::flattenDictionaryStructure(JSGlobalData& globalData, JSObject* object)
{
ASSERT(isDictionary());
if (isUncacheableDictionary()) {
ASSERT(m_propertyTable);
size_t propertyCount = m_propertyTable->size();
Vector<JSValue> values(propertyCount);
unsigned i = 0;
PropertyOffset firstOffset = firstPropertyOffsetFor(m_typeInfo.type());
PropertyTable::iterator end = m_propertyTable->end();
for (PropertyTable::iterator iter = m_propertyTable->begin(); iter != end; ++iter, ++i) {
values[i] = object->getDirectOffset(iter->offset);
// Update property table to have the new property offsets
iter->offset = i + firstOffset;
}
// Copy the original property values into their final locations
for (unsigned i = 0; i < propertyCount; i++)
object->putDirectOffset(globalData, firstOffset + i, values[i]);
m_propertyTable->clearDeletedOffsets();
}
m_dictionaryKind = NoneDictionaryKind;
return this;
}
//-----------------------------------------------------------------------------
// process_interface_prefs
//-----------------------------------------------------------------------------
static int process_interface_prefs(struct vpn_params *params)
{
CFStringRef str = 0;
CFDictionaryRef dict;
// get type/subtype of server
dict = CFDictionaryGetValue(params->serverRef, kRASEntInterface);
if (!isDictionary(dict)) {
vpnlog(LOG_ERR, "No Interface dictionary found\n");
return -1;
}
str = CFDictionaryGetValue(dict, kRASPropInterfaceType);
if (!isString(str)) {
vpnlog(LOG_ERR, "No Interface type found\n");
return -1;
}
if (CFStringCompare(str, kRASValInterfaceTypePPP, 0) == kCFCompareEqualTo)
params->server_type = SERVER_TYPE_PPP;
else if (CFStringCompare(str, kRASValInterfaceTypeIPSec, 0) == kCFCompareEqualTo)
params->server_type = SERVER_TYPE_IPSEC;
else {
vpnlog(LOG_ERR, "Incorrect server type found\n");
return -1;
}
return 0;
}
void Structure::despecifyDictionaryFunction(JSGlobalData& globalData, PropertyName propertyName)
{
StringImpl* rep = propertyName.uid();
materializePropertyMapIfNecessary(globalData);
ASSERT(isDictionary());
ASSERT(m_propertyTable);
PropertyMapEntry* entry = m_propertyTable->find(rep).first;
ASSERT(entry);
entry->specificValue.clear();
}
void MessagePackAdaptorTests::testDictionary() {
// Empty
{
pack(Datum(Datum::dict_value_type()));
auto o = unpack();
CPPUNIT_ASSERT_EQUAL( msgpack::type::MAP, o.type );
auto d = o.as<Datum>();
CPPUNIT_ASSERT( d.isDictionary() );
CPPUNIT_ASSERT( d.getDict().empty() );
}
// Non-empty
{
const Datum::dict_value_type value = { { Datum("foo"), Datum(1.5) }, { Datum(2), Datum(false) } };
pack(Datum(value));
auto o = unpack();
CPPUNIT_ASSERT_EQUAL( msgpack::type::MAP, o.type );
auto d = o.as<Datum>();
CPPUNIT_ASSERT( d.isDictionary() );
CPPUNIT_ASSERT( value == d.getDict() );
}
}
void Bencode::appendMapItem(Bencode *item)
{
Q_ASSERT(!item->_key.isEmpty());
Q_ASSERT(isDictionary());
Q_ASSERT(!item->parent());
if (item->parent())
item->parent()->removeChild(item);
for (int i = 0; i < childCount(); i++) {
if (item->_key < child(i)->_key) {
insertChild(i, item);
break;
}
}
if (!item->parent()) {
appendChild(item);
}
}
const Dictionary& GenericType::toDictionary() const{
casadi_assert_message(isDictionary(),"type mismatch");
return static_cast<const DictionaryType*>(get())->d_;
}
// ----------------------------------------------------------------------------
// process_prefs
// ----------------------------------------------------------------------------
int process_prefs(struct vpn_params *params)
{
char pathStr[MAXPATHLEN];
SCPreferencesRef prefs = 0;
CFPropertyListRef servers_list;
char text[512] = "";
// open the prefs file
prefs = SCPreferencesCreate(0, CFSTR("vpnd"), kRASServerPrefsFileName);
if (prefs == NULL) {
CFStringGetCString(kRASServerPrefsFileName, pathStr, MAXPATHLEN, kCFStringEncodingMacRoman);
snprintf(text, sizeof(text), "Unable to read vpnd prefs file '%s'\n", pathStr);
goto fail;
}
// get servers list from the plist
servers_list = SCPreferencesGetValue(prefs, kRASServers);
if (servers_list == NULL) {
snprintf(text, sizeof(text), "Could not get servers dictionary\n");
goto fail;
}
// retrieve the information for the given Server ID
params->serverIDRef = CFStringCreateWithCString(0, params->server_id, kCFStringEncodingMacRoman);
if (params->serverIDRef == NULL) {
snprintf(text, sizeof(text), "Could not create CFString for server ID\n");
goto fail;
}
params->serverRef = CFDictionaryGetValue(servers_list, params->serverIDRef);
if (params->serverRef == NULL || isDictionary(params->serverRef) == 0) {
snprintf(text, sizeof(text), "Server ID '%.64s' invalid\n", params->server_id);
params->serverRef = 0;
goto fail;
}
CFRetain(params->serverRef);
CFRelease(prefs);
prefs = 0;
// process the dictionaries
if (process_server_prefs(params))
goto fail;
if (process_interface_prefs(params))
goto fail;
switch (params->server_type) {
case SERVER_TYPE_PPP:
if (ppp_process_prefs(params)) {
snprintf(text, sizeof(text), "Error while reading PPP preferences\n");
goto fail;
}
break;
case SERVER_TYPE_IPSEC:
if (ipsec_process_prefs(params)) {
snprintf(text, sizeof(text), "Error while reading IPSec preferences\n");
goto fail;
}
break;
}
return 0;
fail:
vpnlog(LOG_ERR, text[0] ? text : "Error while reading preferences\n");
if (params->serverIDRef) {
CFRelease(params->serverIDRef);
params->serverIDRef = 0;
}
if (params->serverRef) {
CFRelease(params->serverRef);
params->serverRef = 0;
}
if (prefs)
CFRelease(prefs);
return -1;
}
Dictionary ArrayBufferOrArrayBufferViewOrDictionary::getAsDictionary() const
{
ASSERT(isDictionary());
return m_dictionary;
}
/* AUDIT[securityd](done):
receiver (unused) is a mach_port owned by this process.
reply (checked by mig) is a caller provided mach_port.
auditToken (ok) is a kernel provided audit token.
request_id (checked by mig) is caller provided value, that matches the
mig entry for this function.
msg_id (ok) is caller provided value.
msg_data (ok) is a caller provided data of length:
msg_length (ok).
*/
kern_return_t securityd_server_request(mach_port_t receiver, mach_port_t reply,
audit_token_t auditToken,
uint32_t request_id, uint32_t msg_id, uint8_t *msg_data,
mach_msg_type_number_t msg_length)
{
CFTypeRef args_in = NULL;
CFTypeRef args_out = NULL;
bool sendResponse = true;
const char *op_name;
request_begin();
if (msg_length) {
CFDataRef data_in = CFDataCreateWithBytesNoCopy(kCFAllocatorDefault,
msg_data, msg_length, kCFAllocatorNull);
if (data_in) {
args_in = CFPropertyListCreateFromXMLData(kCFAllocatorDefault,
data_in, kCFPropertyListImmutable, NULL);
CFRelease(data_in);
}
}
#if 0
static int crash_counter = 0;
if (crash_counter++) {
secdebug("server", "crash test");
exit(1);
}
#endif
SecTaskRef clientTask =
#if CHECK_ENTITLEMENTS
SecTaskCreateWithAuditToken(kCFAllocatorDefault, auditToken);
#else
NULL;
#endif
CFArrayRef groups = SecTaskCopyAccessGroups(clientTask);
SecAccessGroupsSetCurrent(groups);
OSStatus status = errSecParam;
switch(msg_id) {
case sec_item_add_id:
op_name = "SecItemAdd";
if (isDictionary(args_in))
status = _SecItemAdd(args_in, &args_out, groups);
break;
case sec_item_copy_matching_id:
op_name = "SecItemCopyMatching";
if (isDictionary(args_in))
status = _SecItemCopyMatching(args_in, &args_out, groups);
break;
case sec_item_delete_id:
op_name = "SecItemDelete";
if (isDictionary(args_in))
status = _SecItemDelete(args_in, groups);
break;
case sec_item_update_id:
op_name = "SecItemUpdate";
if (isArrayOfLength(args_in, 2)) {
CFDictionaryRef
in0 = (CFDictionaryRef)CFArrayGetValueAtIndex(args_in, 0),
in1 = (CFDictionaryRef)CFArrayGetValueAtIndex(args_in, 1);
if (isDictionary(in0) && isDictionary(in1))
status = _SecItemUpdate(in0, in1, groups);
}
break;
case sec_trust_store_contains_id:
{
op_name = "SecTrustStoreContains";
if (!isArray(args_in))
break;
CFIndex argc_in = CFArrayGetCount(args_in);
if (argc_in != 2)
break;
CFStringRef domainName = CFArrayGetValueAtIndex(args_in, 0);
CFDataRef digest = CFArrayGetValueAtIndex(args_in, 1);
if (!isString(domainName) || !isData(digest))
break;
SecTrustStoreRef ts = SecTrustStoreForDomainName(domainName);
status = !SecTrustStoreContainsCertificateWithDigest(ts, digest);
break;
}
case sec_trust_store_set_trust_settings_id:
{
op_name = "SecTrustStoreSetTrustSettings";
/* Open the trust store unconditially so we can abuse this method
even in clients that just want to read from the truststore,
and this call will force it to be created. */
SecTrustStoreRef ts = SecTrustStoreForDomain(kSecTrustStoreDomainUser);
if (!isArray(args_in))
break;
CFIndex argc_in = CFArrayGetCount(args_in);
if (argc_in != 1 && argc_in != 2)
break;
if (!SecTaskGetBooleanValueForEntitlement(clientTask,
kSecEntitlementModifyAnchorCertificates)) {
status = errSecMissingEntitlement;
break;
}
CFDataRef certificateData = (CFDataRef)CFArrayGetValueAtIndex(args_in, 0);
if (!isData(certificateData))
break;
SecCertificateRef certificate = SecCertificateCreateWithData(NULL, certificateData);
if (certificate) {
CFTypeRef trustSettingsDictOrArray;
if (argc_in < 2) {
trustSettingsDictOrArray = NULL;
} else {
trustSettingsDictOrArray = CFArrayGetValueAtIndex(args_in, 1);
if (trustSettingsDictOrArray) {
CFTypeID tst = CFGetTypeID(trustSettingsDictOrArray);
if (tst != CFArrayGetTypeID() && tst != CFDictionaryGetTypeID()) {
CFRelease(certificate);
break;
}
}
}
status = _SecTrustStoreSetTrustSettings(ts, certificate, trustSettingsDictOrArray);
CFRelease(certificate);
}
break;
}
case sec_trust_store_remove_certificate_id:
op_name = "SecTrustStoreRemoveCertificate";
if (SecTaskGetBooleanValueForEntitlement(clientTask,
kSecEntitlementModifyAnchorCertificates)) {
SecTrustStoreRef ts = SecTrustStoreForDomain(kSecTrustStoreDomainUser);
if (isData(args_in)) {
status = SecTrustStoreRemoveCertificateWithDigest(ts, args_in);
}
} else {
status = errSecMissingEntitlement;
}
break;
case sec_delete_all_id:
op_name = "SecDeleteAll";
if (SecTaskGetBooleanValueForEntitlement(clientTask,
kSecEntitlementWipeDevice)) {
status = SecItemDeleteAll();
} else {
status = errSecMissingEntitlement;
}
break;
case sec_trust_evaluate_id:
op_name = "SecTrustEvaluate";
if (isDictionary(args_in)) {
struct securityd_server_trust_evaluation_context *tec = malloc(sizeof(*tec));
tec->reply = reply;
tec->request_id = request_id;
status = SecTrustServerEvaluateAsync(args_in,
securityd_server_trust_evaluate_done, tec);
if (status == noErr || status == errSecWaitForCallback) {
sendResponse = false;
} else {
free(tec);
}
}
break;
case sec_restore_keychain_id:
op_name = "SecRestoreKeychain";
if (SecTaskGetBooleanValueForEntitlement(clientTask,
kSecEntitlementRestoreKeychain)) {
status = _SecServerRestoreKeychain();
} else {
status = errSecMissingEntitlement;
}
break;
case sec_migrate_keychain_id:
op_name = "SecMigrateKeychain";
if (isArray(args_in)) {
if (SecTaskGetBooleanValueForEntitlement(clientTask,
kSecEntitlementMigrateKeychain)) {
status = _SecServerMigrateKeychain(args_in, &args_out);
} else {
status = errSecMissingEntitlement;
}
}
break;
case sec_keychain_backup_id:
op_name = "SecKeychainBackup";
if (!args_in || isArray(args_in)) {
if (SecTaskGetBooleanValueForEntitlement(clientTask,
kSecEntitlementRestoreKeychain)) {
status = _SecServerKeychainBackup(args_in, &args_out);
} else {
status = errSecMissingEntitlement;
}
}
break;
case sec_keychain_restore_id:
op_name = "SecKeychainRestore";
if (isArray(args_in)) {
if (SecTaskGetBooleanValueForEntitlement(clientTask,
kSecEntitlementRestoreKeychain)) {
status = _SecServerKeychainRestore(args_in, &args_out);
} else {
status = errSecMissingEntitlement;
}
}
break;
default:
op_name = "invalid_operation";
status = errSecParam;
break;
}
const char *proc_name;
#ifdef NDEBUG
if (status == errSecMissingEntitlement) {
#endif
pid_t pid;
audit_token_to_au32(auditToken, NULL, NULL, NULL, NULL, NULL, &pid, NULL, NULL);
int mib[] = {CTL_KERN, KERN_PROC, KERN_PROC_PID, pid};
struct kinfo_proc kp;
size_t len = sizeof(kp);
if (sysctl(mib, 4, &kp, &len, NULL, 0) == -1 || len == 0)
proc_name = strerror(errno);
else
proc_name = kp.kp_proc.p_comm;
#ifndef NDEBUG
if (status == errSecMissingEntitlement) {
#endif
asl_log(NULL, NULL, ASL_LEVEL_ERR,
"%s[%u] %s: missing entitlement", proc_name, pid, op_name);
/* Remap errSecMissingEntitlement -> errSecInteractionNotAllowed. */
status = errSecInteractionNotAllowed;
}
secdebug("ipc", "%s[%u] %s: returning: %d", proc_name, pid, op_name,
status);
CFReleaseSafe(groups);
CFReleaseSafe(clientTask);
SecAccessGroupsSetCurrent(NULL);
kern_return_t err = 0;
if (sendResponse)
err = securityd_server_send_reply(reply, request_id, status, args_out);
CFReleaseSafe(args_in);
return err;
}
extern boolean_t securityd_request_server(mach_msg_header_t *InHeadP, mach_msg_header_t *OutHeadP);
union max_msg_size_union {
union __RequestUnion__securityd_client_securityd_reply_subsystem reply;
};
static uint8_t reply_buffer[sizeof(union max_msg_size_union) + MAX_TRAILER_SIZE];
static void *handle_message(void *msg, CFIndex size,
CFAllocatorRef allocator, void *info)
{
mach_msg_header_t *message = (mach_msg_header_t *)msg;
mach_msg_header_t *reply = (mach_msg_header_t *)reply_buffer;
securityd_request_server(message, reply);
return NULL;
}
/* -----------------------------------------------------------------------------
l2tpvpn_get_pppd_args
----------------------------------------------------------------------------- */
int l2tpvpn_get_pppd_args(struct vpn_params *params, int reload)
{
CFStringRef string;
int noipsec = 0;
CFMutableDictionaryRef dict = NULL;
if (reload) {
noipsec = opt_noipsec;
}
if (params->serverRef) {
/* arguments from the preferences file */
addstrparam(params->exec_args, ¶ms->next_arg_index, "l2tpmode", "answer");
string = get_cfstr_option(params->serverRef, kRASEntL2TP, kRASPropL2TPTransport);
if (string && CFEqual(string, kRASValL2TPTransportIP)) {
addparam(params->exec_args, ¶ms->next_arg_index, "l2tpnoipsec");
opt_noipsec = 1;
}
dict = (CFMutableDictionaryRef)CFDictionaryGetValue(params->serverRef, kRASEntIPSec);
if (isDictionary(dict)) {
/* get the parameters from the IPSec dictionary */
dict = CFDictionaryCreateMutableCopy(0, 0, dict);
}
else {
/* get the parameters from the L2TP dictionary */
dict = CFDictionaryCreateMutable(0, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);
string = get_cfstr_option(params->serverRef, kRASEntL2TP, kRASPropL2TPIPSecSharedSecretEncryption);
if (isString(string))
CFDictionarySetValue(dict, kRASPropIPSecSharedSecretEncryption, string);
string = get_cfstr_option(params->serverRef, kRASEntL2TP, kRASPropL2TPIPSecSharedSecret);
if (isString(string))
CFDictionarySetValue(dict, kRASPropIPSecSharedSecret, string);
}
} else {
/* arguments from command line */
if (opt_noipsec)
addparam(params->exec_args, ¶ms->next_arg_index, "l2tpnoipsec");
}
if (reload) {
if (noipsec != opt_noipsec ||
!CFEqual(dict, ipsec_settings)) {
vpnlog(LOG_ERR, "reload prefs - IPSec shared secret cannot be changed\n");
if (dict)
CFRelease(dict);
return -1;
}
}
if (ipsec_settings)
CFRelease(ipsec_settings);
ipsec_settings = dict;
return 0;
}
