user_trust_enable.cpp
1 /* 2 * Copyright (c) 2003-2004,2006,2008-2009,2012,2014 Apple Inc. All Rights Reserved. 3 * 4 * @APPLE_LICENSE_HEADER_START@ 5 * 6 * This file contains Original Code and/or Modifications of Original Code 7 * as defined in and that are subject to the Apple Public Source License 8 * Version 2.0 (the 'License'). You may not use this file except in 9 * compliance with the License. Please obtain a copy of the License at 10 * http://www.opensource.apple.com/apsl/ and read it before using this 11 * file. 12 * 13 * The Original Code and all software distributed under the License are 14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 18 * Please see the License for the specific language governing rights and 19 * limitations under the License. 20 * 21 * @APPLE_LICENSE_HEADER_END@ 22 * 23 * user_trust_enable.cpp 24 */ 25 26 #include "security_tool.h" 27 #include "user_trust_enable.h" 28 #include <errno.h> 29 #include <unistd.h> 30 #include <security_utilities/simpleprefs.h> 31 #include <Security/TrustSettingsSchema.h> /* private SPI */ 32 #include <CoreFoundation/CFNumber.h> 33 34 typedef enum { 35 utoSet = 0, 36 utoShow 37 } UserTrustOp; 38 39 int 40 user_trust_enable(int argc, char * const *argv) 41 { 42 extern int optind; 43 int arg; 44 UserTrustOp op = utoShow; 45 CFBooleanRef disabledBool = kCFBooleanFalse; /* what we write to prefs */ 46 optind = 1; 47 int ourRtn = 0; 48 49 while ((arg = getopt(argc, argv, "deh")) != -1) { 50 switch (arg) { 51 case 'd': 52 op = utoSet; 53 disabledBool = kCFBooleanTrue; 54 break; 55 case 'e': 56 op = utoSet; 57 disabledBool = kCFBooleanFalse; 58 break; 59 default: 60 case 'h': 61 return SHOW_USAGE_MESSAGE; 62 } 63 } 64 if(optind != argc) { 65 return SHOW_USAGE_MESSAGE; 66 } 67 68 if(op == utoShow) { 69 bool utDisable = false; 70 71 #if !defined MAC_OS_X_VERSION_10_6 || MAC_OS_X_VERSION_MAX_ALLOWED < MAC_OS_X_VERSION_10_6 72 Dictionary* prefsDict = new Dictionary(kSecTrustSettingsPrefsDomain, Dictionary::US_System); 73 #else 74 Dictionary* prefsDict = Dictionary::CreateDictionary(kSecTrustSettingsPrefsDomain, Dictionary::US_System); 75 #endif 76 if (prefsDict != NULL) 77 { 78 utDisable = prefsDict->getBoolValue(kSecTrustSettingsDisableUserTrustSettings); 79 delete prefsDict; 80 } 81 82 fprintf(stdout, "User-level Trust Settings are %s\n", 83 utDisable ? "Disabled" : "Enabled"); 84 return 0; 85 } 86 87 /* set the pref... */ 88 if(geteuid() != 0) { 89 fprintf(stderr, "You must be root to set this preference.\n"); 90 return 1; 91 } 92 93 /* get a mutable copy of the existing prefs, or a fresh empty one */ 94 #if !defined MAC_OS_X_VERSION_10_6 || MAC_OS_X_VERSION_MAX_ALLOWED < MAC_OS_X_VERSION_10_6 95 MutableDictionary *prefsDict = new MutableDictionary(kSecTrustSettingsPrefsDomain, Dictionary::US_System); 96 #else 97 MutableDictionary *prefsDict = MutableDictionary::CreateMutableDictionary(kSecTrustSettingsPrefsDomain, Dictionary::US_System); 98 #endif 99 if (prefsDict == NULL) 100 { 101 prefsDict = new MutableDictionary(); 102 } 103 104 prefsDict->setValue(kSecTrustSettingsDisableUserTrustSettings, disabledBool); 105 if(prefsDict->writePlistToPrefs(kSecTrustSettingsPrefsDomain, Dictionary::US_System)) { 106 fprintf(stdout, "...User-level Trust Settings are %s\n", 107 (disabledBool == kCFBooleanTrue) ? "Disabled" : "Enabled"); 108 } 109 else { 110 fprintf(stderr, "Could not write system preferences.\n"); 111 ourRtn = 1; 112 } 113 delete prefsDict; 114 return ourRtn; 115 }