1  /*
  2   * Copyright (c) 2000-2004,2011-2014 Apple Inc. All Rights Reserved.
  3   * 
  4   * @APPLE_LICENSE_HEADER_START@
  5   * 
  6   * This file contains Original Code and/or Modifications of Original Code
  7   * as defined in and that are subject to the Apple Public Source License
  8   * Version 2.0 (the 'License'). You may not use this file except in
  9   * compliance with the License. Please obtain a copy of the License at
 10   * http://www.opensource.apple.com/apsl/ and read it before using this
 11   * file.
 12   * 
 13   * The Original Code and all software distributed under the License are
 14   * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 15   * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 16   * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 17   * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 18   * Please see the License for the specific language governing rights and
 19   * limitations under the License.
 20   * 
 21   * @APPLE_LICENSE_HEADER_END@
 22   */
 23  
 24  
 25  //
 26  // Authorization.cpp
 27  //
 28  // This file is the unified implementation of the Authorization and AuthSession APIs.
 29  //
 30  #include <stdint.h>
 31  #include <Security/AuthSession.h>
 32  #include <Security/AuthorizationPriv.h>
 33  #include <security_utilities/ccaudit.h>
 34  #include <security_cdsa_utilities/cssmbridge.h>
 35  #include <Security/SecBase.h>
 36  #include <security_utilities/logging.h>
 37  #include "LegacyAPICounts.h"
 38  
 39  //
 40  // This no longer talks to securityd; it is a kernel function.
 41  //
 42  OSStatus SessionGetInfo(SecuritySessionId requestedSession,
 43      SecuritySessionId *sessionId,
 44      SessionAttributeBits *attributes)
 45  {
 46      BEGIN_API_NO_METRICS
 47      if (requestedSession != noSecuritySession && requestedSession != callerSecuritySession) {
 48          static dispatch_once_t countToken;
 49          countLegacyAPI(&countToken, __FUNCTION__);
 50      }
 51  	CommonCriteria::AuditInfo session;
 52  	if (requestedSession == callerSecuritySession)
 53  		session.get();
 54  	else
 55  		session.get(requestedSession);
 56  	if (sessionId)
 57  		*sessionId = session.sessionId();
 58  	if (attributes)
 59          *attributes = (SessionAttributeBits)session.flags();
 60      END_API(CSSM)
 61  }
 62  
 63  
 64  //
 65  // Create a new session.
 66  // This no longer talks to securityd; it is a kernel function.
 67  // Securityd will pick up the new session when we next talk to it.
 68  //
 69  OSStatus SessionCreate(SessionCreationFlags flags,
 70      SessionAttributeBits attributes)
 71  {
 72      BEGIN_API
 73  
 74  	// we don't support the session creation flags anymore
 75  	if (flags)
 76  		Syslog::warning("SessionCreate flags=0x%lx unsupported (ignored)", (unsigned long)flags);
 77  	CommonCriteria::AuditInfo session;
 78  	session.create(attributes);
 79          
 80  	// retrieve the (new) session id and set it into the process environment
 81  	session.get();
 82  	char idString[80];
 83  	snprintf(idString, sizeof(idString), "%x", session.sessionId());
 84  	setenv("SECURITYSESSIONID", idString, 1);
 85  
 86      END_API(CSSM)
 87  }
 88  
 89  
 90  //
 91  // Get and set the distinguished uid (optionally) associated with the session.
 92  //
 93  OSStatus SessionSetDistinguishedUser(SecuritySessionId session, uid_t user)
 94  {
 95  	BEGIN_API
 96  	CommonCriteria::AuditInfo session;
 97  	session.get();
 98  	session.ai_auid = user;
 99  	session.set();
100  	END_API(CSSM)
101  }
102  
103  
104  OSStatus SessionGetDistinguishedUser(SecuritySessionId session, uid_t *user)
105  {
106      BEGIN_API
107  	CommonCriteria::AuditInfo session;
108  	session.get();
109  	Required(user) = session.uid();
110      END_API(CSSM)
111  }
112  
113  OSStatus SessionSetUserPreferences(SecuritySessionId session)
114  {
115      return errSecSuccess;
116  }