CFArrayRef SecACLCopyAuthorizations(SecACLRef acl) { CFArrayRef result = NULL; if (NULL == acl) { return result; } AclAuthorizationSet auths = ACL::required(acl)->authorizations(); uint32 numAuths = (uint32)auths.size(); CSSM_ACL_AUTHORIZATION_TAG* tags = new CSSM_ACL_AUTHORIZATION_TAG[numAuths]; int i; for (i = 0; i < numAuths; ++i) { tags[i] = NULL; } OSStatus err = SecACLGetAuthorizations(acl, tags, &numAuths); if (errSecSuccess != err) { return result; } CFTypeRef* strings = new CFTypeRef[numAuths]; for (i = 0; i < numAuths; ++i) { strings[i] = NULL; } for (size_t iCnt = 0; iCnt < numAuths; iCnt++) { strings[iCnt] = (CFTypeRef)GetAuthStringFromACLAuthorizationTag(tags[iCnt]); } result = CFArrayCreate(kCFAllocatorDefault, (const void **)strings, numAuths, &kCFTypeArrayCallBacks); delete[] strings; delete[] tags; return result; }
OSStatus SecAccessCopyOwnerAndACL(SecAccessRef accessRef, uid_t* userId, gid_t* groupId, SecAccessOwnerType* ownerType, CFArrayRef* aclList) { CSSM_ACL_OWNER_PROTOTYPE_PTR owner = NULL; CSSM_ACL_ENTRY_INFO_PTR acls = NULL; uint32 aclCount = 0; OSStatus result = SecAccessGetOwnerAndACL(accessRef, &owner, &aclCount, &acls); if (errSecSuccess != result ) { return result; } if (NULL != owner) { CSSM_LIST_ELEMENT_PTR listHead = owner->TypedSubject.Head; if (listHead != NULL && listHead->ElementType == CSSM_LIST_ELEMENT_WORDID) { CSSM_LIST_ELEMENT_PTR nextElement = listHead->NextElement; if (listHead->WordID == CSSM_ACL_SUBJECT_TYPE_PROCESS && listHead->ElementType == CSSM_LIST_ELEMENT_WORDID) { // nextElement contains the required data CSSM_ACL_PROCESS_SUBJECT_SELECTOR* selectorPtr = (CSSM_ACL_PROCESS_SUBJECT_SELECTOR*)nextElement->Element.Word.Data; if (NULL != selectorPtr) { if (NULL != userId) { *userId = (uid_t)selectorPtr->uid; } if (NULL != groupId) { *groupId = (gid_t)selectorPtr->gid; } if (NULL != ownerType) { *ownerType = (SecAccessOwnerType)selectorPtr->mask; } } } } } if (NULL != aclList) { #ifndef NDEBUG CFShow(CFSTR("SecAccessCopyOwnerAndACL: processing the ACL list")); #endif CFMutableArrayRef stringArray = CFArrayCreateMutable(kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks); CSSM_ACL_OWNER_PROTOTYPE_PTR protoPtr = NULL; uint32 numAcls = 0L; CSSM_ACL_ENTRY_INFO_PTR aclEntry = NULL; result = SecAccessGetOwnerAndACL(accessRef, &protoPtr, &numAcls, &aclEntry); if (errSecSuccess == result) { #ifndef NDEBUG CFStringRef tempStr = CFStringCreateWithFormat(kCFAllocatorDefault, NULL, CFSTR("SecAccessCopyOwnerAndACL: numAcls = %d"), numAcls); CFShow(tempStr); CFRelease(tempStr); #endif for (uint32 iCnt = 0; iCnt < numAcls; iCnt++) { CSSM_ACL_ENTRY_PROTOTYPE prototype = aclEntry[iCnt].EntryPublicInfo; CSSM_AUTHORIZATIONGROUP authGroup = prototype.Authorization; int numAuthTags = (int)authGroup.NumberOfAuthTags; for (int jCnt = 0; jCnt < numAuthTags; jCnt++) { sint32 aTag = authGroup.AuthTags[jCnt]; CFStringRef aString = GetAuthStringFromACLAuthorizationTag(aTag); CFArrayAppendValue(stringArray, aString); } } } if (NULL != stringArray) { if (0 < CFArrayGetCount(stringArray)) { *aclList = CFArrayCreateCopy(kCFAllocatorDefault, stringArray); } CFRelease(stringArray); } } return result; }