/*
* Function: copy_configured_interface_names
*
* Purpose:
* Return the BSD interface name of all configured interfaces. If
* 'entity' is non-NULL, also check that the interface has the specified
* extended configuration.
*/
STATIC CFArrayRef /* of CFStringRef */
copy_configured_interface_names(SCPreferencesRef prefs, CFStringRef entity_name)
{
SCNetworkSetRef current_set = NULL;
int count;
int i;
CFMutableArrayRef ret_names = NULL;
CFRange ret_names_range = { 0 , 0 };
CFArrayRef services = NULL;
if (prefs == NULL) {
goto done;
}
current_set = SCNetworkSetCopyCurrent(prefs);
if (current_set == NULL) {
goto done;
}
services = SCNetworkSetCopyServices(current_set);
if (services == NULL) {
goto done;
}
count = CFArrayGetCount(services);
for (i = 0; i < count; i++) {
CFStringRef this_if_name;
SCNetworkInterfaceRef this_if;
SCNetworkServiceRef s;
s = (SCNetworkServiceRef)CFArrayGetValueAtIndex(services, i);
this_if = SCNetworkServiceGetInterface(s);
if (this_if == NULL) {
continue;
}
if (entity_name != NULL
&& (SCNetworkInterfaceGetExtendedConfiguration(this_if, entity_name)
== NULL)) {
/* interface doesn't have specified entity */
continue;
}
this_if_name = SCNetworkInterfaceGetBSDName(this_if);
if (this_if_name == NULL) {
continue;
}
if (ret_names == NULL
|| CFArrayContainsValue(ret_names, ret_names_range,
this_if_name) == FALSE) {
if (ret_names == NULL) {
ret_names = CFArrayCreateMutable(NULL, count,
&kCFTypeArrayCallBacks);
}
CFArrayAppendValue(ret_names, this_if_name);
ret_names_range.length++;
}
}
done:
my_CFRelease(¤t_set);
my_CFRelease(&services);
return (ret_names);
}
static void
nc_print_VPN_app_info(CFStringRef appInfo, CFDictionaryRef appInfoDict)
{
CFStringRef appName = NULL;
Boolean isEnabled = FALSE;
CFStringRef paddedAppInfo = NULL;
CFStringRef paddedAppName = NULL;
if (appInfo == NULL) {
return;
}
isEnabled = VPNConfigurationIsVPNTypeEnabled(appInfo);
CFDictionaryGetValueIfPresent(appInfoDict, CFSTR("CFBundleDisplayName"), (const void **)&appName);
paddedAppName = copy_padded_string((appName == NULL) ? CFSTR("") : appName, 12, NULL, NULL);
paddedAppInfo = copy_padded_string(appInfo, 30, NULL, NULL);
SCPrint(TRUE, stdout, CFSTR("%@ %@ [%@]\n"),
isEnabled ? CFSTR("(Enabled) ") : CFSTR("(Disabled)"),
paddedAppName,
appInfo);
my_CFRelease(&paddedAppName);
my_CFRelease(&paddedAppInfo);
}
Boolean
AFPUserList_init(AFPUserListRef users)
{
CFErrorRef error;
int i;
int n;
CFArrayRef results;
ODQueryRef query;
bzero(users, sizeof(*users));
users->node = ODNodeCreateWithNodeType(NULL, kODSessionDefault,
kODNodeTypeLocalNodes, &error);
if (users->node == NULL) {
my_log(LOG_NOTICE,
"AFPUserList_init: ODNodeCreateWithNodeType() failed");
goto failed;
}
query = ODQueryCreateWithNode(NULL,
users->node, // inNode
CFSTR(kDSStdRecordTypeUsers), // inRecordTypeOrList
CFSTR(NIPROP__CREATOR), // inAttribute
kODMatchEqualTo, // inMatchType
CFSTR(BSDPD_CREATOR), // inQueryValueOrList
CFSTR(kDSAttributesAll), // inReturnAttributeOrList
0, // inMaxResults
&error);
if (query == NULL) {
my_log(LOG_NOTICE, "AFPUserList_init: ODQueryCreateWithNode() failed");
my_CFRelease(&error);
goto failed;
}
results = ODQueryCopyResults(query, FALSE, &error);
CFRelease(query);
if (results == NULL) {
my_log(LOG_NOTICE, "AFPUserList_init: ODQueryCopyResults() failed");
my_CFRelease(&error);
goto failed;
}
users->list = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks);
n = CFArrayGetCount(results);
for (i = 0; i < n; i++) {
ODRecordRef record;
AFPUserRef user;
record = (ODRecordRef)CFArrayGetValueAtIndex(results, i);
user = AFPUser_create(record);
CFArrayAppendValue(users->list, user);
CFRelease(user);
}
CFRelease(results);
return (TRUE);
failed:
AFPUserList_free(users);
return (FALSE);
}
/* -----------------------------------------------------------------------------
----------------------------------------------------------------------------- */
static void
nc_enablevpn(int argc, char **argv)
{
CFStringRef argument = NULL;
CFStringRef vendorType = NULL;
int exit_code = 1;
if (argc == 0) {
SCPrint(TRUE, stderr, CFSTR("No service type or ID\n"));
} else {
argument = CFStringCreateWithCString(NULL, argv[0], kCFStringEncodingUTF8);
vendorType = nc_copy_vendor_type(argument);
my_CFRelease(&argument);
if (!nc_enable_vpntype(vendorType)) {
goto done;
}
#if !TARGET_OS_IPHONE
if (argc >= 2) {
argument = CFStringCreateWithCString(NULL, argv[1], kCFStringEncodingUTF8);
nc_set_application_url(vendorType, argument);
my_CFRelease(&argument);
}
#endif
}
exit_code = 0;
done:
my_CFRelease(&vendorType);
exit(exit_code);
}
void
AFPUserList_free(AFPUserListRef users)
{
my_CFRelease(&users->node);
my_CFRelease(&users->list);
bzero(users, sizeof(*users));
}
static void
nc_trigger(int argc, char **argv)
{
Boolean background = FALSE;
int i;
CFStringRef hostName = NULL;
int port = 80;
for (i = 0; i < 3 && i < argc; i++) {
/* Parse host name. Must be first arg. */
if (i == 0) {
hostName = CFStringCreateWithCString(NULL, argv[i], kCFStringEncodingUTF8);
continue;
}
/* Check for optional background flag */
if (strcmp(argv[i], "background") == 0) {
background = TRUE;
continue;
}
/* Parse optional port number */
CFStringRef str = CFStringCreateWithCString(NULL, argv[i], kCFStringEncodingUTF8);
if (str) {
int num = CFStringGetIntValue(str);
if (num) {
port = num;
}
my_CFRelease(&str);
}
}
if (hostName) {
CFReadStreamRef readStream = NULL;
CFWriteStreamRef writeStream = NULL;
CFStreamCreatePairWithSocketToHost(kCFAllocatorDefault, hostName, port, &readStream, &writeStream);
if (background) {
CFReadStreamSetProperty(readStream, CFSTR("kCFStreamNetworkServiceType"), CFSTR("kCFStreamNetworkServiceTypeBackground"));
CFWriteStreamSetProperty(writeStream, CFSTR("kCFStreamNetworkServiceType"), CFSTR("kCFStreamNetworkServiceTypeBackground"));
}
if (readStream && writeStream) {
CFReadStreamOpen(readStream);
CFWriteStreamOpen(writeStream);
SCPrint(TRUE, stdout, CFSTR("Opened stream to %@, port %d%s\n"), hostName, port, background ? ", background traffic class" : "");
sleep(1);
}
my_CFRelease(&readStream);
my_CFRelease(&writeStream);
} else {
SCPrint(TRUE, stderr, CFSTR("Invalid or missing host name\n"));
}
my_CFRelease(&hostName);
exit(0);
}
PRIVATE_EXTERN kern_return_t
eapolclientitemid_remove_password(mach_port_t server,
OOBData_t auth_data,
mach_msg_type_number_t auth_data_length,
xmlData_t itemID_data,
mach_msg_type_number_t itemID_data_length,
int * result)
{
EAPOLClientConfigurationRef cfg = NULL;
EAPOLClientItemIDRef itemID = NULL;
int ret = 0;
if (authorization_is_valid(auth_data, auth_data_length) == FALSE) {
ret = EPERM;
goto done;
}
ret = init_itemID_and_cfg(itemID_data, itemID_data_length, &itemID, &cfg);
if (ret != 0) {
goto done;
}
if (EAPOLClientItemIDRemovePasswordItem(itemID, kEAPOLClientDomainSystem)
== FALSE) {
ret = ENXIO;
}
done:
my_vm_deallocate((vm_address_t)auth_data, auth_data_length);
my_vm_deallocate((vm_address_t)itemID_data, itemID_data_length);
my_CFRelease(&cfg);
my_CFRelease(&itemID);
*result = ret;
return (KERN_SUCCESS);
}
/*
* Function: set_eapol_configuration
* Purpose:
* Set the EAPOL configuration in the prefs.
*/
STATIC Boolean
set_eapol_configuration(SCPreferencesRef prefs, CFStringRef if_name,
CFDictionaryRef dict)
{
SCNetworkSetRef current_set = NULL;
SCNetworkInterfaceRef net_if_save;
Boolean ret = FALSE;
SCNetworkServiceRef service = NULL;
net_if_save = copy_interface(prefs, if_name, ¤t_set, &service);
if (net_if_save != NULL) {
ret = SCNetworkInterfaceSetExtendedConfiguration(net_if_save, kEAPOL,
dict);
if (ret == FALSE) {
EAPLOG(LOG_ERR,
"EAPOLClientConfiguration: SetExtendedConfiguration failed");
}
}
if (current_set != NULL) {
SCNetworkSetRemoveService(current_set, service);
CFRelease(current_set);
}
my_CFRelease(&service);
my_CFRelease(&net_if_save);
return (ret);
}
OSStatus
EAPOLClientSetACLForIdentity(SecIdentityRef identity)
{
SecKeyRef private_key = NULL;
CFArrayRef trusted_apps = NULL;
OSStatus status;
status = SecIdentityCopyPrivateKey(identity, &private_key);
if (status != noErr) {
goto done;
}
trusted_apps = copy_trusted_applications(TRUE);
if (trusted_apps == NULL) {
status = errSecParam;
goto done;
}
status
= EAPSecKeychainItemSetAccessForTrustedApplications((SecKeychainItemRef)
private_key,
trusted_apps);
done:
my_CFRelease(&private_key);
my_CFRelease(&trusted_apps);
return (status);
}
static int
S_find_service(mach_port_t server, int argc, char * argv[])
{
CFDataRef data = NULL;
CFDictionaryRef dict;
boolean_t exact = FALSE;
char * method_name;
if_name_t if_name;
kern_return_t kret;
inline_data_t service_id;
unsigned int service_id_len = sizeof(service_id);
ipconfig_status_t status = ipconfig_status_success_e;
void * xml_data_ptr = NULL;
int xml_data_len = 0;
strlcpy(if_name, argv[0], sizeof(if_name));
argv++;
argc--;
if (argc > 1 && strcasecmp(argv[0], "exact") == 0) {
exact = TRUE;
argc--;
argv++;
}
method_name = argv[0];
argc--;
argv++;
dict = ConfigDictCreate(if_name, argc, argv, command_name, method_name,
FALSE);
if (dict == NULL) {
return (1);
}
data = CFPropertyListCreateData(NULL,
dict,
kCFPropertyListBinaryFormat_v1_0,
0,
NULL);
if (data == NULL) {
CFRelease(dict);
fprintf(stderr, "failed to allocate memory\n");
return (1);
}
xml_data_ptr = (void *)CFDataGetBytePtr(data);
xml_data_len = (int)CFDataGetLength(data);
kret = ipconfig_find_service(server, if_name, exact,
xml_data_ptr, xml_data_len,
service_id, &service_id_len, &status);
my_CFRelease(&dict);
my_CFRelease(&data);
if (kret != KERN_SUCCESS) {
mach_error("ipconfig_find_service failed", kret);
return (1);
}
if (status != ipconfig_status_success_e) {
fprintf(stderr, "ipconfig_find_service %s %s failed: %s\n",
if_name, method_name, ipconfig_status_string(status));
return (1);
}
printf("%.*s\n", service_id_len, service_id);
return (0);
}
kern_return_t
eapolclientitemid_set_password(mach_port_t server,
OOBData_t auth_data,
mach_msg_type_number_t auth_data_length,
xmlData_t itemID_data,
mach_msg_type_number_t itemID_data_length,
uint32_t flags,
OOBData_t name,
mach_msg_type_number_t name_length,
OOBData_t password,
mach_msg_type_number_t password_length,
int * result)
{
EAPOLClientConfigurationRef cfg = NULL;
EAPOLClientItemIDRef itemID = NULL;
CFDataRef name_data = NULL;
CFDataRef password_data = NULL;
int ret = 0;
if (authorization_is_valid(auth_data, auth_data_length) == FALSE) {
ret = EPERM;
goto done;
}
ret = init_itemID_and_cfg(itemID_data, itemID_data_length, &itemID, &cfg);
if (ret != 0) {
goto done;
}
if ((flags & keapolcfg_auth_set_name) != 0) {
name_data = CFDataCreate(NULL, (const UInt8 *)name,
name_length);
}
else {
syslog(LOG_NOTICE, "not setting name");
}
if ((flags & keapolcfg_auth_set_password) != 0) {
password_data = CFDataCreate(NULL, (const UInt8 *)password,
password_length);
}
else {
syslog(LOG_NOTICE, "not setting password");
}
if (EAPOLClientItemIDSetPasswordItem(itemID,
kEAPOLClientDomainSystem,
name_data, password_data) == FALSE) {
ret = ENXIO;
}
done:
my_vm_deallocate((vm_address_t)auth_data, auth_data_length);
my_vm_deallocate((vm_address_t)itemID_data, itemID_data_length);
my_vm_deallocate((vm_address_t)name, name_length);
my_vm_deallocate((vm_address_t)password, password_length);
my_CFRelease(&name_data);
my_CFRelease(&password_data);
my_CFRelease(&cfg);
my_CFRelease(&itemID);
*result = ret;
return (KERN_SUCCESS);
}
/**
** MiG server routines
**/
PRIVATE_EXTERN kern_return_t
eapolclientitemid_set_identity(mach_port_t server,
OOBData_t auth_data,
mach_msg_type_number_t auth_data_length,
xmlData_t itemID_data,
mach_msg_type_number_t itemID_data_length,
OOBData_t id_handle,
mach_msg_type_number_t id_handle_length,
int * result)
{
EAPOLClientConfigurationRef cfg = NULL;
SecIdentityRef identity = NULL;
EAPOLClientItemIDRef itemID = NULL;
int ret = 0;
if (authorization_is_valid(auth_data, auth_data_length) == FALSE) {
ret = EPERM;
goto done;
}
ret = init_itemID_and_cfg(itemID_data, itemID_data_length, &itemID, &cfg);
if (ret != 0) {
goto done;
}
if (id_handle != NULL) {
CFDataRef data;
OSStatus status;
data = CFDataCreateWithBytesNoCopy(NULL,
(const UInt8 *)id_handle,
id_handle_length,
kCFAllocatorNull);
if (data == NULL) {
ret = EINVAL;
goto done;
}
status = EAPSecIdentityHandleCreateSecIdentity(data, &identity);
CFRelease(data);
if (status != noErr) {
ret = ENOENT;
goto done;
}
}
if (EAPOLClientItemIDSetIdentity(itemID,
kEAPOLClientDomainSystem,
identity) == FALSE) {
ret = ENXIO;
}
done:
my_vm_deallocate((vm_address_t)auth_data, auth_data_length);
my_vm_deallocate((vm_address_t)itemID_data, itemID_data_length);
my_vm_deallocate((vm_address_t)id_handle, id_handle_length);
my_CFRelease(&cfg);
my_CFRelease(&itemID);
my_CFRelease(&identity);
*result = ret;
return (KERN_SUCCESS);
}
/*
* Function: copy_interface
* Purpose:
* Get a reference to an SCNetworkInterfaceRef for the specified
* interface name. First try to get an interface configured in the
* current set. If that fails, copy a service configured over the
* specified interface, and add it to the current set.
*
* Return the interface, service, and set for the caller to release.
*/
STATIC SCNetworkInterfaceRef
copy_interface(SCPreferencesRef prefs, CFStringRef if_name,
SCNetworkSetRef * ret_set_p,
SCNetworkServiceRef * ret_service_p)
{
SCNetworkSetRef current_set = NULL;
SCNetworkServiceRef service = NULL;
SCNetworkInterfaceRef net_if;
SCNetworkInterfaceRef ret = NULL;
/* if the interface is part of a service/set, we're done */
net_if = copy_configured_interface(prefs, if_name);
if (net_if != NULL) {
ret = net_if;
CFRetain(ret);
goto done;
}
/* interface isn't part of a service/set, make it so */
net_if = copy_present_interface(if_name);
if (net_if == NULL) {
goto done;
}
/* find the service in any set */
service = copy_service(prefs, net_if);
if (service == NULL) {
EAPLOG(LOG_ERR,
"EAPOLClientConfiguration: can't get service");
goto done;
}
/* add the service to the current set */
current_set = SCNetworkSetCopyCurrent(prefs);
if (current_set == NULL) {
EAPLOG(LOG_ERR,
"EAPOLClientConfiguration: can't get current set");
goto done;
}
if (SCNetworkSetAddService(current_set, service) == FALSE) {
EAPLOG(LOG_ERR,
"EAPOLClientConfiguration: failed to add dummy service");
goto done;
}
/* return this SCNetworkInterfaceRef since it's bound to the prefs */
ret = SCNetworkServiceGetInterface(service);
CFRetain(ret);
done:
my_CFRelease(&net_if);
if (ret == NULL) {
my_CFRelease(&service);
my_CFRelease(¤t_set);
}
*ret_service_p = service;
*ret_set_p = current_set;
return (ret);
}
static void
nc_listvpn(int argc, char **argv)
{
CFDictionaryRef appDict = NULL;
CFArrayRef appinfo = NULL;
int i, j, count, subtypecount;
const void * * keys = NULL;
CFMutableDictionaryRef optionsDict = NULL;
const void * * values = NULL;
CFStringRef vpntype = NULL;
optionsDict = CFDictionaryCreateMutable(NULL, 0,
&kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);
CFDictionarySetValue(optionsDict, kLookupApplicationTypeKey, kApplicationTypeUser);
CFDictionarySetValue(optionsDict, kLookupAttributeKey, CFSTR("UIVPNPlugin"));
appDict = MobileInstallationLookup(optionsDict);
if (!isA_CFDictionary(appDict))
goto done;
count = CFDictionaryGetCount(appDict);
if (count > 0) {
keys = (const void * *)malloc(sizeof(CFTypeRef) * count);
values = (const void * *)malloc(sizeof(CFTypeRef) * count);
CFDictionaryGetKeysAndValues(appDict, keys, values);
for (i=0; i<count; i++) {
appinfo = CFDictionaryGetValue(values[i], CFSTR("UIVPNPlugin"));
if (appinfo) {
if (isA_CFString(appinfo)) {
nc_print_VPN_app_info((CFStringRef)appinfo, (CFDictionaryRef)values[i]);
}
else if (isA_CFArray(appinfo)) {
subtypecount = CFArrayGetCount((CFArrayRef)appinfo);
for(j=0; j<subtypecount; j++) {
vpntype = (CFStringRef)CFArrayGetValueAtIndex((CFArrayRef)appinfo, j);
nc_print_VPN_app_info(vpntype, (CFDictionaryRef)values[i]);
}
}
}
}
}
done:
if (keys) free(keys);
if (values) free(values);
my_CFRelease(&optionsDict);
my_CFRelease(&appDict);
exit(0);
}
/**
** interface to eapolcfg_auth MiG routines
**/
STATIC Boolean
authEAPOLClientItemIDSetIdentity(EAPOLClientItemIDRef itemID,
SecIdentityRef identity)
{
AuthorizationExternalForm * auth_ext_p;
CFDataRef id_data = NULL;
OOBData_t id_handle;
mach_msg_type_number_t id_handle_length;
CFDataRef itemID_data = NULL;
kern_return_t kret;
int result = ENXIO;
mach_port_t server;
server = eapolcfg_auth_server_port();
if (server == MACH_PORT_NULL) {
return (FALSE);
}
auth_ext_p = EAPOLClientItemIDGetAuthorizationExternalForm(itemID);
if (identity != NULL) {
id_data = EAPSecIdentityHandleCreate(identity);
if (id_data == NULL) {
goto done;
}
id_handle = (OOBData_t)CFDataGetBytePtr(id_data);
id_handle_length = CFDataGetLength(id_data);
}
else {
id_handle = NULL;
id_handle_length = 0;
}
itemID_data = itemID_copy_data(itemID);
kret = eapolclientitemid_set_identity(server,
auth_ext_p->bytes,
sizeof(auth_ext_p->bytes),
(xmlData_t)
CFDataGetBytePtr(itemID_data),
CFDataGetLength(itemID_data),
id_handle,
id_handle_length,
&result);
if (kret != KERN_SUCCESS) {
EAPLOG(LOG_ERR, "eapolclientitemid_set_identity failed %d",
kret);
}
if (result != 0) {
EAPLOG(LOG_NOTICE, "eapolclientitemid_set_identity() returned %d",
result);
}
done:
my_CFRelease(&itemID_data);
my_CFRelease(&id_data);
return (result == 0);
}
static int
S_stress_start(int argc, char * argv[])
{
CFDictionaryRef dict = NULL;
int i;
char * ifname = argv[0];
int result;
SCDynamicStoreRef store;
if (access(argv[1], R_OK) != 0) {
fprintf(stderr, "%s: %s\n", argv[1], strerror(errno));
return (errno);
}
dict = (CFDictionaryRef)my_CFPropertyListCreateFromFile(argv[1]);
if (isA_CFDictionary(dict) == NULL) {
fprintf(stderr, "contents of file %s invalid\n", argv[1]);
my_CFRelease(&dict);
return (EINVAL);
}
store = config_session_start(NULL, NULL, ifname);
if (store == NULL) {
CFRelease(dict);
return (EINVAL);
}
for (i = 0; TRUE; i++) {
result = EAPOLControlStart(ifname, dict);
if (result != 0) {
fprintf(stderr, "EAPOLControlStart(%s) returned %d (%s)\n",
ifname, result, strerror(result));
break;
}
result = S_wait_for_state(ifname, store,
kEAPOLControlStateRunning,
kEAPOLControlStateStarting);
if (result != 0) {
fprintf(stderr, "Waiting for Running failed\n");
break;
}
result = EAPOLControlStop(ifname);
if (result != 0) {
fprintf(stderr, "EAPOLControlStop(%s) returned %d (%s)\n",
ifname, result, strerror(result));
break;
}
(void)S_wait_for_state(ifname, store,
kEAPOLControlStateIdle,
kEAPOLControlStateStopping);
}
fprintf(stderr, "Failed at iteration %d\n", i + 1);
my_CFRelease(&dict);
return (result);
}
void
clearVPNLocation (struct service *serv)
{
if (serv->connection_nap_monitor) {
Apple80211Close((Apple80211Ref)serv->connection_nap_monitor);
serv->connection_nap_monitor = NULL;
}
if (serv->type == TYPE_PPP) {
serv->u.ppp.lower_interface[0] = 0;
}
my_CFRelease(&serv->connection_nid);
my_CFRelease(&serv->connection_nap);
}
static void
eaptls_free_context(EAPTLSPluginDataRef context)
{
if (context->ssl_context != NULL) {
CFRelease(context->ssl_context);
context->ssl_context = NULL;
}
my_CFRelease(&context->certs);
my_CFRelease(&context->server_certs);
memoryIOClearBuffers(&context->mem_io);
free(context);
return;
}
/* -----------------------------------------------------------------------------
----------------------------------------------------------------------------- */
__private_extern__
kern_return_t
_pppcontroller_start(mach_port_t session,
xmlData_t dataRef, /* raw XML bytes */
mach_msg_type_number_t dataLen,
int linger,
int * result)
{
struct client *client;
struct service *serv = 0;
CFDictionaryRef optRef = 0;
int err;
client = client_findbymachport(session);
if (!client ) {
*result = kSCStatusInvalidArgument;
goto failed;
}
if ((serv = findbyserviceID(client->serviceID)) == 0) {
*result = kSCStatusConnectionNoService;
goto failed;
}
/* un-serialize the user options */
if (dataLen) {
if (!_SCUnserialize((CFPropertyListRef *)&optRef, NULL, (void *)dataRef, dataLen)) {
*result = kSCStatusFailed;
goto failed;
}
if (!isA_CFDictionary(optRef)) {
*result = kSCStatusInvalidArgument;
goto failed;
}
}
err = scnc_start(serv, optRef, client, linger ? 0 : 1, client->uid, client->gid, client->pid, client->bootstrap_port);
if (err) {
*result = kSCStatusFailed;
goto failed;
}
my_CFRelease(&optRef);
*result = kSCStatusOK;
return (KERN_SUCCESS);
failed:
my_CFRelease(&optRef);
return (KERN_SUCCESS);
}
static CFDictionaryRef
make_alert_dict(char * title, char * message)
{
CFMutableDictionaryRef dict = NULL;
CFStringRef str = NULL;
dict = CFDictionaryCreateMutable(NULL, 0,
&kCFTypeDictionaryKeyCallBacks,
&kCFTypeDictionaryValueCallBacks);
if (dict == NULL) {
goto failed;
}
/* bug: the default button title must be set to get the correct flags */
CFDictionaryAddValue(dict, kCFUserNotificationDefaultButtonTitleKey,
CFSTR("OK"));
/* title */
if (title) {
str = CFStringCreateWithCString(NULL, title, kCFStringEncodingUTF8);
if (str == NULL) {
goto failed;
}
CFDictionaryAddValue(dict, kCFUserNotificationAlertHeaderKey,
str);
my_CFRelease(&str);
}
else {
CFDictionaryAddValue(dict, kCFUserNotificationAlertHeaderKey,
CFSTR("<default title>"));
}
/* message */
if (message) {
str = CFStringCreateWithCString(NULL, message, kCFStringEncodingUTF8);
if (str == NULL) {
goto failed;
}
CFDictionaryAddValue(dict, kCFUserNotificationAlertMessageKey, str);
my_CFRelease(&str);
}
else {
CFDictionaryAddValue(dict, kCFUserNotificationAlertMessageKey,
CFSTR("<default message>"));
}
return (dict);
failed:
my_CFRelease(&dict);
return (NULL);
}
Alert *
Alert_create(AlertCallback * func,
void * arg1, void * arg2, char * title, char * message)
{
Alert * alert_p;
CFUserNotificationRef alert = NULL;
CFDictionaryRef dict = NULL;
SInt32 error = 0;
CFRunLoopSourceRef rls = NULL;
alert_p = malloc(sizeof(*alert_p));
if (alert_p == NULL) {
EAPLOG_FL(LOG_NOTICE, "malloc failed");
return (NULL);
}
bzero(alert_p, sizeof(*alert_p));
dict = make_alert_dict(title, message);
if (dict == NULL) {
EAPLOG_FL(LOG_NOTICE, "make_alert_dict failed");
goto failed;
}
alert = CFUserNotificationCreate(NULL, 0, 0, &error, dict);
if (alert == NULL) {
EAPLOG_FL(LOG_NOTICE, "CFUserNotificationCreate failed, %d", error);
goto failed;
}
rls = CFUserNotificationCreateRunLoopSource(NULL, alert,
Alert_response, 0);
if (rls == NULL) {
EAPLOG_FL(LOG_NOTICE, "CFUserNotificationCreateRunLoopSource failed");
goto failed;
}
CFRunLoopAddSource(CFRunLoopGetCurrent(), rls, kCFRunLoopDefaultMode);
alert_p->notif = alert;
alert_p->rls = rls;
alert_p->func = func;
alert_p->arg1 = arg1;
alert_p->arg2 = arg2;
LIST_INSERT_HEAD(S_AlertHead_p, alert_p, entries);
my_CFRelease(&dict);
return (alert_p);
failed:
free(alert_p);
my_CFRelease(&dict);
my_CFRelease(&alert);
my_CFRelease(&rls);
return (NULL);
}
static int
S_remove_service(mach_port_t server, int argc, char * argv[])
{
CFDataRef data = NULL;
CFDictionaryRef dict;
char * method_name;
if_name_t if_name;
kern_return_t kret;
ipconfig_status_t status = ipconfig_status_success_e;
void * xml_data_ptr = NULL;
int xml_data_len = 0;
strlcpy(if_name, argv[0], sizeof(if_name));
method_name = argv[1];
argv += 2;
argc -= 2;
dict = ConfigDictCreate(if_name, argc, argv, command_name, method_name,
FALSE);
if (dict == NULL) {
return (1);
}
data = CFPropertyListCreateData(NULL,
dict,
kCFPropertyListBinaryFormat_v1_0,
0,
NULL);
if (data == NULL) {
CFRelease(dict);
fprintf(stderr, "failed to allocate memory\n");
return (1);
}
xml_data_ptr = (void *)CFDataGetBytePtr(data);
xml_data_len = (int)CFDataGetLength(data);
kret = ipconfig_remove_service(server, if_name, xml_data_ptr, xml_data_len,
&status);
my_CFRelease(&dict);
my_CFRelease(&data);
if (kret != KERN_SUCCESS) {
mach_error("ipconfig_remove_service failed", kret);
return (1);
}
if (status != ipconfig_status_success_e) {
fprintf(stderr, "ipconfig_remove_service %s %s failed: %s\n",
if_name, method_name, ipconfig_status_string(status));
return (1);
}
return (0);
}
static uid_t
uid_from_odrecord(ODRecordRef record)
{
uid_t uid = -2;
CFArrayRef values = NULL;
values = ODRecordCopyValues(record, CFSTR(kDS1AttrUniqueID), NULL);
if ((values != NULL) && (CFArrayGetCount(values) > 0)) {
char buf[64];
char * end;
CFStringRef uidStr;
unsigned long val;
uidStr = CFArrayGetValueAtIndex(values, 0);
(void) _SC_cfstring_to_cstring(uidStr, buf, sizeof(buf),
kCFStringEncodingASCII);
errno = 0;
val = strtoul(buf, &end, 0);
if ((buf[0] != '\0') && (*end == '\0') && (errno == 0)) {
uid = (uid_t)val;
}
}
my_CFRelease(&values);
return (uid);
}
static CFArrayRef
wireless_scan_ssid(wireless_t wref, CFStringRef ssid)
{
CFArrayRef bssid_list = NULL;
Apple80211Err error;
CFDictionaryRef scan_args;
CFArrayRef scan_result = NULL;
EAPLOG(LOG_ERR, "######## DEBUG ####### - FAIL - wireless_scan_ssid");
scan_args = make_scan_args(ssid, 1);
error = Apple80211Scan((Apple80211Ref)wref, &scan_result, scan_args);
CFRelease(scan_args);
if (error != kA11NoErr) {
EAPLOG(LOG_ERR, "Apple80211Scan failed, %d\n", error);
goto failed;
}
bssid_list = copy_bssid_list_from_scan(scan_result, ssid);
if (bssid_list == NULL) {
EAPLOG(LOG_ERR, "No scan results\n");
}
else {
CFShow(bssid_list);
}
fflush(stdout);
fflush(stderr);
failed:
my_CFRelease(&scan_result);
return (bssid_list);
}
STATIC Boolean
authEAPOLClientItemIDRemovePasswordItem(EAPOLClientItemIDRef itemID)
{
AuthorizationExternalForm * auth_ext_p;
CFDataRef itemID_data;
kern_return_t kret;
int result = ENXIO;
mach_port_t server;
server = eapolcfg_auth_server_port();
if (server == MACH_PORT_NULL) {
return (FALSE);
}
auth_ext_p = EAPOLClientItemIDGetAuthorizationExternalForm(itemID);
itemID_data = itemID_copy_data(itemID);
kret = eapolclientitemid_remove_password(server,
auth_ext_p->bytes,
sizeof(auth_ext_p->bytes),
(xmlData_t)
CFDataGetBytePtr(itemID_data),
CFDataGetLength(itemID_data),
&result);
if (kret != KERN_SUCCESS) {
EAPLOG(LOG_ERR, "eapolclientitemid_remove_password failed %d",
kret);
}
if (result != 0) {
EAPLOG(LOG_DEBUG, "eapolclientitemid_remove_password() returned %d",
result);
}
my_CFRelease(&itemID_data);
return (result == 0);
}
/*
* Function: DHCPLeaseListWrite
*
* Purpose:
* Write the last DHCP lease in the list for the given interface/client_id.
* We only save the last (current) lease. See the comments for
* DHCPLeaseListRead above for more information.
*/
void
DHCPLeaseListWrite(DHCPLeaseListRef list_p,
const char * ifname,
uint8_t cid_type, const void * cid, int cid_length)
{
int count;
char filename[PATH_MAX];
CFDictionaryRef lease_dict;
DHCPLeaseRef lease_p;
if (DHCPLeaseListGetPath(ifname, cid_type, cid, cid_length,
filename, sizeof(filename)) == FALSE) {
return;
}
DHCPLeaseListRemoveStaleLeases(list_p);
count = dynarray_count(list_p);
if (count == 0) {
unlink(filename);
return;
}
lease_p = dynarray_element(list_p, count - 1);
lease_dict = DHCPLeaseCopyDictionary(lease_p);
if (my_CFPropertyListWriteFile(lease_dict, filename, 0644) < 0) {
/*
* An ENOENT error is expected on a read-only filesystem. All
* other errors should be reported.
*/
if (errno != ENOENT) {
my_log(LOG_ERR, "my_CFPropertyListWriteFile(%s) failed, %s",
filename, strerror(errno));
}
}
my_CFRelease(&lease_dict);
return;
}
/* Turns a service ID or name into a vendor type, or preserves type */
static CFStringRef
nc_copy_vendor_type (CFStringRef input)
{
SCNetworkInterfaceRef child;
SCNetworkInterfaceRef interface;
CFStringRef output_name = input;
SCNetworkServiceRef service = NULL;
CFStringRef type;
if (input == NULL) {
goto done;
}
service = nc_copy_service(NULL, input);
if (service != NULL) {
interface = SCNetworkServiceGetInterface(service);
child = SCNetworkInterfaceGetInterface(interface);
type = SCNetworkInterfaceGetInterfaceType(interface);
/* Must be of type VPN */
if (!CFEqual(type, kSCNetworkInterfaceTypeVPN)) {
output_name = NULL;
goto done;
}
output_name = SCNetworkInterfaceGetInterfaceType(child);
goto done;
}
done :
if (output_name != NULL) CFRetain(output_name);
my_CFRelease(&service);
return output_name;
}
/*
* Function: copy_service
* Purpose:
* Check the global list of SCNetworkServiceRefs for one that is configured
* over the specifed SCNetworkInterfaceRef. The assumption here is that
* a previous call has already checked for such a service in the current
* set.
*/
STATIC SCNetworkServiceRef
copy_service(SCPreferencesRef prefs, SCNetworkInterfaceRef net_if)
{
int count = 0;
int i;
SCNetworkServiceRef service = NULL;
CFArrayRef list;
list = SCNetworkServiceCopyAll(prefs);
if (list != NULL) {
count = CFArrayGetCount(list);
}
if (count == 0) {
goto done;
}
for (i = 0; i < count; i++) {
SCNetworkInterfaceRef this_if;
SCNetworkServiceRef this_service;
this_service = (SCNetworkServiceRef)CFArrayGetValueAtIndex(list, i);
this_if = SCNetworkServiceGetInterface(this_service);
if (this_if == NULL) {
continue;
}
if (CFEqual(this_if, net_if)) {
service = this_service;
CFRetain(service);
break;
}
}
done:
my_CFRelease(&list);
return (service);
}
static int
pollCurrentVPNLocation (struct service *serv,
CFStringRef *nidRef,
CFStringRef *napRef)
{
int rc = 0;
// poll current NID
*nidRef = pollCurrentNID(serv);
if (isVPNInterfaceWifi(serv)) {
Boolean wifiErr = false;
// poll current NAP
*napRef = pollCurrentNAP(serv, &wifiErr);
if (wifiErr) {
// special case disconnection: a bad/driver error while trying to detect nhood, disconnect b/c it worked before
SCLog(TRUE, LOG_INFO, CFSTR("%s: failed to detect nap %@ because of a scan/association error"), __FUNCTION__,
serv->connection_nap);
my_CFRelease(nidRef);
rc = -1;
}
} else {
SCLog(TRUE, LOG_INFO, CFSTR("%s: underlying interface isn't wifi. Skip NAP"), __FUNCTION__);
*napRef = NULL;
}
return rc;
}
/*
* Function: copy_present_interface
* Purpose:
* Check the list of interfaces on the system, and find the one corresponding
* to the specified BSD name.
*/
STATIC SCNetworkInterfaceRef
copy_present_interface(CFStringRef if_name)
{
int count = 0;
int i;
CFArrayRef list;
SCNetworkInterfaceRef ret = NULL;
list = SCNetworkInterfaceCopyAll();
if (list != NULL) {
count = CFArrayGetCount(list);
}
if (count == 0) {
goto done;
}
for (i = 0; i < count; i++) {
SCNetworkInterfaceRef this_if;
CFStringRef this_if_name;
this_if = (SCNetworkInterfaceRef)CFArrayGetValueAtIndex(list, i);
this_if_name = SCNetworkInterfaceGetBSDName(this_if);
if (this_if_name == NULL) {
continue;
}
if (CFEqual(if_name, this_if_name)) {
ret = this_if;
CFRetain(ret);
break;
}
}
done:
my_CFRelease(&list);
return (ret);
}
