From 0b5df65bea3e9379f152b1efe2e00c4db22e0af6 Mon Sep 17 00:00:00 2001 From: Stefan Arentz Date: Fri, 8 Nov 2013 16:59:27 -0500 Subject: [PATCH] Added libsecurity_agent-55000 --- .../Info-security_agent_client.plist | 5 + .../Info-security_agent_server.plist | 5 + libsecurity_agent-55000/lib/agentclient.cpp | 565 ++++++++++ libsecurity_agent-55000/lib/agentclient.h | 211 ++++ libsecurity_agent-55000/lib/sa_types.h | 70 ++ libsecurity_agent-55000/lib/secagent_types.h | 53 + libsecurity_agent-55000/lib/utils.c | 26 + libsecurity_agent-55000/lib/utils.h | 26 + .../project.pbxproj | 996 ++++++++++++++++++ libsecurity_agent-55000/mig/mig.mk | 33 + libsecurity_agent-55000/mig/sa_reply.defs | 54 + libsecurity_agent-55000/mig/sa_request.defs | 70 ++ 12 files changed, 2114 insertions(+) create mode 100644 libsecurity_agent-55000/Info-security_agent_client.plist create mode 100644 libsecurity_agent-55000/Info-security_agent_server.plist create mode 100644 libsecurity_agent-55000/lib/agentclient.cpp create mode 100644 libsecurity_agent-55000/lib/agentclient.h create mode 100644 libsecurity_agent-55000/lib/sa_types.h create mode 100644 libsecurity_agent-55000/lib/secagent_types.h create mode 100644 libsecurity_agent-55000/lib/utils.c create mode 100644 libsecurity_agent-55000/lib/utils.h create mode 100644 libsecurity_agent-55000/libsecurity_agent.xcodeproj/project.pbxproj create mode 100644 libsecurity_agent-55000/mig/mig.mk create mode 100644 libsecurity_agent-55000/mig/sa_reply.defs create mode 100644 libsecurity_agent-55000/mig/sa_request.defs diff --git a/libsecurity_agent-55000/Info-security_agent_client.plist b/libsecurity_agent-55000/Info-security_agent_client.plist new file mode 100644 index 000000000..0c67376eb --- /dev/null +++ b/libsecurity_agent-55000/Info-security_agent_client.plist @@ -0,0 +1,5 @@ + + + + + diff --git a/libsecurity_agent-55000/Info-security_agent_server.plist b/libsecurity_agent-55000/Info-security_agent_server.plist new file mode 100644 index 000000000..0c67376eb --- /dev/null +++ b/libsecurity_agent-55000/Info-security_agent_server.plist @@ -0,0 +1,5 @@ + + + + + diff --git a/libsecurity_agent-55000/lib/agentclient.cpp b/libsecurity_agent-55000/lib/agentclient.cpp new file mode 100644 index 000000000..e4c10a812 --- /dev/null +++ b/libsecurity_agent-55000/lib/agentclient.cpp @@ -0,0 +1,565 @@ +/* + * agentclient.cpp + * SecurityAgent + * + * Copyright (c) 2002,2008 Apple Inc.. All rights reserved. + * + */ + + +#include + +/* +For now all the calls into agentclient will be synchronous, with timeouts + +On a timeout, we will return control to the client, but we really need to send the appropriate abort right there and then, otherwise they'll need to call the same method again to check that the reply still isn't there. + +If we receive a reply that is not confirming attempts to abort, we'll process these and return them to the caller. + +Alternatively, there can be an answer that isn't the answer we expected: setError, where the server aborts the transaction. + +We can't support interrupt() with a synchronous interface unless we add some notification that let's the client know that the "server" is dead +*/ + +#include +#include +#include + +#include // for size of replies +#include + +#include +#include +#include +#include +#include + +#include + +using LowLevelMemoryUtilities::increment; +using LowLevelMemoryUtilities::difference; +using Security::DataWalkers::walk; + +using Authorization::AuthItemSet; +using Authorization::AuthItemRef; +using Authorization::AuthValueOverlay; + +#include "agentclient.h" + +namespace SecurityAgent { + +class CheckingReconstituteWalker { +public: + CheckingReconstituteWalker(void *ptr, void *base, size_t size) + : mBase(base), mLimit(increment(base, size)), mOffset(difference(ptr, base)) { } + + template + void operator () (T &obj, size_t size = sizeof(T)) +{ } + + template + void operator () (T * &addr, size_t size = sizeof(T)) +{ + blob(addr, size); +} + +template +void blob(T * &addr, size_t size) +{ + DEBUGWALK("checkreconst:*"); + if (addr) { + if (addr < mBase || increment(addr, size) > mLimit) + MacOSError::throwMe(errAuthorizationInternal); + addr = increment(addr, mOffset); + } +} + +static const bool needsRelinking = true; +static const bool needsSize = false; + +private: +void *mBase; // old base address +void *mLimit; // old last byte address + 1 +off_t mOffset; // relocation offset +}; + +template +void relocate(T *obj, T *base, size_t size) +{ + if (obj) { + CheckingReconstituteWalker w(obj, base, size); + walk(w, base); + } +} + +void Client::check(mach_msg_return_t returnCode) +{ + // first check the Mach IPC return code + switch (returnCode) { + case MACH_MSG_SUCCESS: // peachy + break; + case MIG_SERVER_DIED: // explicit can't-send-it's-dead + CssmError::throwMe(CSSM_ERRCODE_NO_USER_INTERACTION); + default: // some random Mach error + MachPlusPlus::Error::throwMe(returnCode); + } +} + +void Client::checkResult() +{ + // now check the OSStatus return from the server side + switch (result()) { + case kAuthorizationResultAllow: return; + case kAuthorizationResultDeny: + case kAuthorizationResultUserCanceled: CssmError::throwMe(CSSM_ERRCODE_USER_CANCELED); + default: MacOSError::throwMe(errAuthorizationInternal); + } +} + + + +#pragma mark administrative operations + +Client::Client() : mState(init) +{ + // create reply port + mClientPort.allocate(); //implicit MACH_PORT_RIGHT_RECEIVE + + // register with agentclients + Clients::gClients().insert(this); +} + +void +Client::activate(Port serverPort) +{ + if (!serverPort) + MacOSError::throwMe(errAuthorizationInternal); + + secdebug("agentclient", "using server at port %d", serverPort.port()); + mServerPort = serverPort; +} + + +Client::~Client() +{ + teardown(); +} + + +// start/endTransaction calls stand outside the usual client protocol: they +// don't participate in the state-management or multiplexing-by-port tangoes. +// (These calls could take advantage of activate(), but callers would be +// instantiating an entire Client object for the sake of mServerPort.) +// Conversely, SecurityAgent::Client does not cache transaction state. +OSStatus +Client::startTransaction(Port serverPort) +{ + if (!serverPort) + return errAuthorizationInternal; + kern_return_t ret = sa_request_client_txStart(serverPort); + secdebug("agentclient", "Transaction started (port %u)", serverPort.port()); + return ret; +} + +OSStatus +Client::endTransaction(Port serverPort) +{ + if (!serverPort) + return errAuthorizationInternal; + secdebug("agentclient", "Requesting end of transaction (port %u)", serverPort.port()); + return sa_request_client_txEnd(serverPort); +} + +void +Client::setState(PluginState inState) +{ + // validate state transition: might be more useful where change is requested if that implies anything to interpreting what to do. + // Mutex + mState = inState; +} + +void Client::teardown() throw() +{ + Clients::gClients().remove(this); + + try { + if (mStagePort) + mStagePort.destroy(); + if (mClientPort) + mClientPort.destroy(); + } catch (...) { secdebug("agentclient", "ignoring problems tearing down ports for client %p", this); } +} + + +AuthItemSet +Client::clientHints(SecurityAgent::RequestorType type, std::string &path, pid_t clientPid, uid_t clientUid) +{ + AuthItemSet clientHints; + + clientHints.insert(AuthItemRef(AGENT_HINT_CLIENT_TYPE, AuthValueOverlay(sizeof(type), &type))); + clientHints.insert(AuthItemRef(AGENT_HINT_CLIENT_PATH, AuthValueOverlay(path))); + clientHints.insert(AuthItemRef(AGENT_HINT_CLIENT_PID, AuthValueOverlay(sizeof(clientPid), &clientPid))); + clientHints.insert(AuthItemRef(AGENT_HINT_CLIENT_UID, AuthValueOverlay(sizeof(clientUid), &clientUid))); + + return clientHints; +} + + +#pragma mark request operations + +OSStatus Client::contact(mach_port_t jobId, Bootstrap processBootstrap, mach_port_t userPrefs) +{ + kern_return_t ret = sa_request_client_contact(mServerPort, mClientPort, jobId, processBootstrap, userPrefs); + if (ret) + { + Syslog::error("SecurityAgent::Client::contact(): kern_return error %s", + mach_error_string(ret)); + } + return ret; +} + +OSStatus Client::create(const char *inPluginId, const char *inMechanismId, const SessionId inSessionId) +{ + // securityd is already notified when the agent/authhost dies through SIGCHILD, and we only really care about the stage port, but we will track if dying happens during create with a DPN. If two threads are both in the time between the create message and the didcreate answer and the host dies, one will be stuck - too risky and I will win the lottery before that: Chablis. + { + kern_return_t ret; + mach_port_t old_port = MACH_PORT_NULL; + ret = mach_port_request_notification(mach_task_self(), mServerPort, MACH_NOTIFY_DEAD_NAME, 0, mClientPort, MACH_MSG_TYPE_MAKE_SEND_ONCE, &old_port); + if (!ret && (MACH_PORT_NULL != old_port)) + mach_port_deallocate(mach_task_self(), old_port); + } + + secdebug("agentclient", "asking server at port %d to create %s:%s; replies to %d", mServerPort.port(), inPluginId, inMechanismId, mClientPort.port()); // XXX/cs + kern_return_t ret = sa_request_client_create(mServerPort, mClientPort, inSessionId, inPluginId, inMechanismId); + + if (ret) + return ret; + + // wait for message (either didCreate, reportError) + do + { + // one scenario that could happen here (and only here) is: + // host died before create finished - in which case we'll get a DPN + try { receive(); } catch (...) { setState(dead); } + } + while ((state() != created) && + (state() != dead)); + + // verify that we got didCreate + if (state() == created) + return noErr; + + // and not reportError + if (state() == dead) + return Client::getError(); + + // something we don't deal with + secdebug("agentclient", "we got an error on create"); // XXX/cs + return errAuthorizationInternal; +} + +// client maintains their own copy of the current data +OSStatus Client::invoke() +{ + if ((state() != created) && + (state() != active) && + (state() != interrupting)) + return errAuthorizationInternal; + + AuthorizationValueVector *arguments; + AuthorizationItemSet *hints, *context; + size_t argumentSize, hintSize, contextSize; + + mInHints.copy(hints, hintSize); + mInContext.copy(context, contextSize); + mArguments.copy(&arguments, &argumentSize); + + setState(current); + + check(sa_request_client_invoke(mStagePort.port(), + arguments, argumentSize, arguments, // data, size, offset + hints, hintSize, hints, + context, contextSize, context)); + + receive(); + + free (arguments); + free (hints); + free (context); + + switch(state()) + { + case active: + switch(result()) + { + case kAuthorizationResultUndefined: + MacOSError::throwMe(errAuthorizationInternal); + default: + return noErr; + } + case dead: + return mErrorState; + case current: + return noErr; + default: + break; + } + return errAuthorizationInternal; +} + +OSStatus +Client::deactivate() +{ + // check state is current + if (state() != current) + return errAuthorizationInternal; + + secdebug("agentclient", "deactivating mechanism at request port %d", mStagePort.port()); + + // tell mechanism to deactivate + check(sa_request_client_deactivate(mStagePort.port())); + + setState(deactivating); + + receive(); + + // if failed destroy it + return noErr; +} + +OSStatus +Client::destroy() +{ + if (state() == active || state() == created || state() == current) + { + secdebug("agentclient", "destroying mechanism at request port %d", mStagePort.port()); + // tell mechanism to destroy + if (mStagePort) + sa_request_client_destroy(mStagePort.port()); + + setState(dead); + + return noErr; + } + + return errAuthorizationInternal; +} + +// kill host: do not pass go, do not collect $200 +OSStatus +Client::terminate() +{ + check(sa_request_client_terminate(mServerPort.port())); + + return noErr; +} + +void +Client::receive() +{ + bool gotReply = false; + while (!gotReply) + gotReply = Clients::gClients().receive(); +} + +#pragma mark result operations + +void Client::setResult(const AuthorizationResult inResult, const AuthorizationItemSet *inHints, const AuthorizationItemSet *inContext) +{ + if (state() != current) + return; + // construct AuthItemSet for hints and context (deep copy - previous contents are released) + mOutHints = (*inHints); + mOutContext = (*inContext); + mResult = inResult; + setState(active); +} + +void Client::setError(const OSStatus inMechanismError) +{ + setState(dead); + + mErrorState = inMechanismError; +} + +OSStatus Client::getError() +{ + return mErrorState; +} + +void Client::requestInterrupt() +{ + if (state() != active) + return; + + setState(interrupting); +} + +void Client::didDeactivate() +{ + if (state() != deactivating) + return; + + // check state for deactivating + // change state + setState(active); +} + +void Client::setStagePort(const mach_port_t inStagePort) +{ + mStagePort = Port(inStagePort); + mStagePort.requestNotify(mClientPort, MACH_NOTIFY_DEAD_NAME, 0); +} + + +void Client::didCreate(const mach_port_t inStagePort) +{ + // it can be dead, because the host died, we'll always try to revive it once + if ((state() != init) && (state() != dead)) + return; + + setStagePort(inStagePort); + setState(created); +} + +#pragma mark client instances + +ThreadNexus Clients::gClients; + +bool +Clients::compare(const Client * client, mach_port_t instance) +{ + if (client->instance() == instance) return true; + return false; +} + +// throw so the agent client operation is aborted +Client& +Clients::find(mach_port_t instanceReplyPort) const +{ + StLock _(mLock); + for (set::const_iterator foundClient = mClients.begin(); + foundClient != mClients.end(); + foundClient++) + { + Client *client = *foundClient; + if (client->instance() == instanceReplyPort) + return *client; + } + + // can't be receiving for a client we didn't create + MacOSError::throwMe(errAuthorizationInternal); +} + +bool +Clients::receive() +{ + try + { + // maximum known message size (variable sized elements are already forced OOL) + Message in(sizeof(union __ReplyUnion__sa_reply_client_secagentreply_subsystem)); + Message out(sizeof(union __ReplyUnion__sa_reply_client_secagentreply_subsystem)); + + in.receive(mClientPortSet, 0, 0); + + // got the message, now demux it; call secagentreply_server to handle any call + // this is asynchronous, so no reply message, although not apparent + if (!::secagentreply_server(in, out)) + { + // port death notification + if (MACH_NOTIFY_DEAD_NAME == in.msgId()) + { + find(in.remotePort()).setError(errAuthorizationInternal); + return true; + } + return false; + + } + else + return true; + } + catch (Security::MachPlusPlus::Error &e) + { + secdebug("agentclient", "interpret error %ul", e.error); + switch (e.error) { + case MACH_MSG_SUCCESS: // peachy + break; + case MIG_SERVER_DIED: // explicit can't-send-it's-dead + CssmError::throwMe(CSSM_ERRCODE_NO_USER_INTERACTION); + default: // some random Mach error + MachPlusPlus::Error::throwMe(e.error); + } + } + catch (...) + { + MacOSError::throwMe(errAuthorizationInternal); + } + return false; +} + +} /* end namesapce SecurityAgent */ + +#pragma mark demux requests replies +// external C symbols for the mig message handling code to call into + +#define COPY_IN(type,name) type *name, mach_msg_type_number_t name##Length, type *name##Base + +// callbacks that key off instanceReplyPort to find the right agentclient instance +// to deliver the message to. + +// they make the data readable to the receiver (relocate internal references) + +kern_return_t sa_reply_server_didCreate(mach_port_t instanceReplyPort, mach_port_t instanceRequestPort) +{ + secdebug("agentclient", "got didCreate at port %u; requests go to port %u", instanceReplyPort, instanceRequestPort); + SecurityAgent::Clients::gClients().find(instanceReplyPort).didCreate(instanceRequestPort); + return KERN_SUCCESS; +} + +kern_return_t sa_reply_server_setResult(mach_port_t instanceReplyPort, AuthorizationResult result, + COPY_IN(AuthorizationItemSet,inHints) , + COPY_IN(AuthorizationItemSet,inContext) ) +{ + secdebug("agentclient", "got setResult at port %u; result %u", instanceReplyPort, (unsigned int)result); + + // relink internal references according to current place in memory + try { SecurityAgent::relocate(inHints, inHintsBase, inHintsLength); } + catch (MacOSError &e) { return e.osStatus(); } + catch (...) { return errAuthorizationInternal; } + + try { SecurityAgent::relocate(inContext, inContextBase, inContextLength); } + catch (MacOSError &e) { return e.osStatus(); } + catch (...) { return errAuthorizationInternal; } + + SecurityAgent::Clients::gClients().find(instanceReplyPort).setResult(result, inHints, inContext); + + return KERN_SUCCESS; +} + +kern_return_t sa_reply_server_requestInterrupt(mach_port_t instanceReplyPort) +{ + secdebug("agentclient", "got requestInterrupt at port %u", instanceReplyPort); + SecurityAgent::Clients::gClients().find(instanceReplyPort).requestInterrupt(); + return KERN_SUCCESS; +} + +kern_return_t sa_reply_server_didDeactivate(mach_port_t instanceReplyPort) +{ + secdebug("agentclient", "got didDeactivate at port %u", instanceReplyPort); + SecurityAgent::Clients::gClients().find(instanceReplyPort).didDeactivate(); + return KERN_SUCCESS; +} + +kern_return_t sa_reply_server_reportError(mach_port_t instanceReplyPort, OSStatus status) +{ + secdebug("agentclient", "got reportError at port %u; error is %u", instanceReplyPort, (unsigned int)status); + SecurityAgent::Clients::gClients().find(instanceReplyPort).setError(status); + return KERN_SUCCESS; +} + +kern_return_t sa_reply_server_didStartTx(mach_port_t replyPort, kern_return_t retval) +{ + // no instance ports here: this goes straight to server + secdebug("agentclient", "got didStartTx"); + return retval; +} diff --git a/libsecurity_agent-55000/lib/agentclient.h b/libsecurity_agent-55000/lib/agentclient.h new file mode 100644 index 000000000..55faf2678 --- /dev/null +++ b/libsecurity_agent-55000/lib/agentclient.h @@ -0,0 +1,211 @@ +/* + * agentclient.h + * SecurityAgent + * + * Copyright (c) 2002,2008 Apple Inc.. All rights reserved. + * + */ + +#ifndef _H_AGENTCLIENT +#define _H_AGENTCLIENT + +#include +#include +#include +#include + +#include + +#if defined(__cplusplus) + +#include +#include +#include + +namespace SecurityAgent { +#endif /* __cplusplus__ */ + +// Manimum number of failed authentications before +// SecurityAgent dialog is killed. +#define kMaximumAuthorizationTries 10000 + +// Number of failed authentications before a password +// hint is displayed. +#define kAuthorizationTriesBeforeHint 3 + +#define maxPassphraseLength 1024 + +// +// Unified reason codes transmitted to SecurityAgent (and internationalized there) +// +enum Reason { + noReason = 0, // no reason (not used, used as a NULL) + unknownReason, // something else (catch-all internal error) + + // reasons for asking for a new passphrase + newDatabase = 11, // need passphrase for a new database + changePassphrase, // changing passphrase for existing database + + // reasons for retrying an unlock query + invalidPassphrase = 21, // passphrase was wrong + + // reasons for retrying a new passphrase query + passphraseIsNull = 31, // empty passphrase + passphraseTooSimple, // passphrase is not complex enough + passphraseRepeated, // passphrase was used before (must use new one) + passphraseUnacceptable, // passphrase unacceptable for some other reason + oldPassphraseWrong, // the old passphrase given is wrong + + // reasons for retrying an authorization query + userNotInGroup = 41, // authenticated user not in needed group + unacceptableUser, // authenticated user unacceptable for some other reason + + // reasons for canceling a staged query + tooManyTries = 61, // too many failed attempts to get it right + noLongerNeeded, // the queried item is no longer needed + keychainAddFailed, // the requested itemed couldn't be added to the keychain + generalErrorCancel, // something went wrong so we have to give up now + + worldChanged = 101 +}; + +typedef enum { + tool = 'TOOL', + bundle = 'BNDL', + unknown = 'UNKN' +} RequestorType; + +#if defined(__cplusplus) + +using MachPlusPlus::Port; +using MachPlusPlus::PortSet; +using MachPlusPlus::Bootstrap; +using MachPlusPlus::ReceivePort; +using MachPlusPlus::Message; +using Authorization::AuthItemSet; +using Authorization::AuthValueVector; + +class Clients; + +class Client +{ +friend class Clients; + +enum MessageType { requestInterruptMessage, didDeactivateMessage, reportErrorMessage }; + +public: + Client(); + virtual ~Client(); + + static AuthItemSet clientHints(SecurityAgent::RequestorType type, std::string &path, pid_t clientPid, uid_t clientUid); + + static OSStatus startTransaction(Port serverPort); + static OSStatus endTransaction(Port serverPort); + +protected: + void establishServer(); + +public: + void activate(Port serverPort); + + OSStatus contact(mach_port_t jobId, Bootstrap processBootstrap, mach_port_t userPrefs); + OSStatus create(const char *pluginId, const char *mechanismId, const SessionId inSessionId); + void setArguments(const Authorization::AuthValueVector& inArguments) { mArguments = inArguments; } + void setInput(const Authorization::AuthItemSet& inHints, const Authorization::AuthItemSet& inContext) { mInHints = inHints; mInContext = inContext; } + OSStatus invoke(); + OSStatus deactivate(); + OSStatus destroy(); + OSStatus terminate(); + void receive(); + + void didCreate(const mach_port_t inStagePort); + void setResult(const AuthorizationResult inResult, const AuthorizationItemSet *inHints, const AuthorizationItemSet *inContext); + void requestInterrupt(); // setMessageType(requestInterrupt); + void didDeactivate(); // setMessageType(didDeactivate); + + void setError(const OSStatus inMechanismError); // setMessageType(reportError); setError(mechanismError); + OSStatus getError(); + AuthorizationResult result() { return mResult; } + + typedef enum _PluginState { + init, + created, + current, + deactivating, + active, + interrupting, + dead + } PluginState; + PluginState state() { return mState; } + +protected: + void setMessageType(const MessageType inMessageType); + // allow didCreate to set stagePort + void setStagePort(const mach_port_t inStagePort); + // allow server routines to use request port to find instance + + // @@@ implement lessThan operator for set in terms of instance + +protected: + void setup(); + void teardown() throw(); + + Port mServerPort; + Port mStagePort; + Port mClientPort; + + MessageType mMessageType; + + OSStatus mErrorState; + + AuthorizationResult mResult; + AuthValueVector mArguments; + AuthItemSet mInHints; + AuthItemSet mInContext; + AuthItemSet mOutHints; + AuthItemSet mOutContext; + + PluginState mState; + void setState(PluginState mState); + +public: + mach_port_t instance() const { return mClientPort; } +// bool operator == (const Client &other) const { return this->instance() == other.instance(); } + bool operator < (const Client &other) const { return this->instance() < other.instance(); } + + AuthItemSet &inHints() { return mInHints; } + AuthItemSet &inContext() { return mInContext; } + AuthItemSet &outHints() { return mOutHints; } + AuthItemSet &outContext() { return mOutContext; } + +public: + void check(mach_msg_return_t returnCode); + void checkResult(); +}; + +class Clients +{ +friend class Client; + +protected: + set mClients; + PortSet mClientPortSet; +public: + Clients() {} + void create(); // create an agentclient + void insert(Client *agent) { StLock _(mLock); mClients.insert(agent); mClientPortSet += agent->instance(); } + void remove(Client *agent) { StLock _(mLock); mClientPortSet -= agent->instance(); mClients.erase(agent); } + Client &find(const mach_port_t instance) const; + bool receive(); + bool compare(const Client * client, mach_port_t instance); + + mutable Mutex mLock; + static ThreadNexus gClients; +}; + +} // end namespace Authorization + +#endif /* __cplusplus__ */ + +#endif /* _H_AGENTCLIENT */ + diff --git a/libsecurity_agent-55000/lib/sa_types.h b/libsecurity_agent-55000/lib/sa_types.h new file mode 100644 index 000000000..4b7212a9f --- /dev/null +++ b/libsecurity_agent-55000/lib/sa_types.h @@ -0,0 +1,70 @@ +/* + * Copyright (c) 2002,2008 Apple Inc. All Rights Reserved. + * + * The contents of this file constitute Original Code as defined in and are + * subject to the Apple Public Source License Version 1.2 (the 'License'). + * You may not use this file except in compliance with the License. Please obtain + * a copy of the License at http://www.apple.com/publicsource and read it before + * using this file. + * + * This Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS + * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT + * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR + * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the + * specific language governing rights and limitations under the License. + */ + +#ifndef _H_SA_TYPES +#define _H_SA_TYPES + +#define __MigTypeCheck 1 + +#include +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif // C++ + +#include + +// force unmangled name +boolean_t secagentreply_server(mach_msg_header_t *, mach_msg_header_t *); + +typedef u_int32_t SessionId; +typedef uint32_t MigBoolean; +typedef uint32_t SATransactionId; + +typedef AuthorizationItemSet AuthorizationItemSetBlob; +typedef AuthorizationItemSet *AuthorizationItemSetPtr; +typedef AuthorizationValueVector AuthorizationValueVectorBlob; +typedef AuthorizationValueVector *AuthorizationValueVectorPtr; + +typedef AuthorizationMechanismId PluginId; +typedef AuthorizationMechanismId MechanismId; + +// pass structured arguments in/out of IPC calls. See "data walkers" for details +#define BLOB(copy) copy, copy.length(), copy +#define BLOB_OUT(copy) ©, ©##Length, ©##Base +#define BLOB_DECL(type,name) type *name, *name##Base; mach_msg_type_number_t name##Length +#define BLOB_FUNC_DECL(type,name) type *name, type *name##Base, mach_msg_type_number_t name##Length + +// +// Customization macros for MIG code +// +/* +#define __AfterSendRpc(id, name) \ + if (msg_result == MACH_MSG_SUCCESS && Out0P->Head.msgh_id == MACH_NOTIFY_DEAD_NAME) \ + return MIG_SERVER_DIED; + +#define UseStaticTemplates 0 +*/ + +#ifdef __cplusplus +} +#endif + +#endif /* _H_SA_TYPES */ + diff --git a/libsecurity_agent-55000/lib/secagent_types.h b/libsecurity_agent-55000/lib/secagent_types.h new file mode 100644 index 000000000..b31e777d5 --- /dev/null +++ b/libsecurity_agent-55000/lib/secagent_types.h @@ -0,0 +1,53 @@ +/* + * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. + * + * The contents of this file constitute Original Code as defined in and are + * subject to the Apple Public Source License Version 1.2 (the 'License'). + * You may not use this file except in compliance with the License. Please obtain + * a copy of the License at http://www.apple.com/publicsource and read it before + * using this file. + * + * This Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS + * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT + * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR + * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the + * specific language governing rights and limitations under the License. + */ + + +// +// secagent_types - type equivalence declarations for SecurityAgent MIG +// +#include +#include +#include + + +namespace Security +{ + +using namespace SecurityAgent; + +typedef void *Data; + +typedef char *String; +typedef const char *ConstString; +typedef Client::KeychainChoice Choice; +typedef char *Username; +typedef uint32 MigBoolean; + +typedef uint32 AuthorizationResultInt; + + +// +// Customization macros for MIG code +// +#define __AfterSendRpc(id, name) \ + if (msg_result == MACH_MSG_SUCCESS && Out0P->Head.msgh_id == MACH_NOTIFY_DEAD_NAME) \ + return MIG_SERVER_DIED; + +#define UseStaticTemplates 0 + + +} // end namespace Security diff --git a/libsecurity_agent-55000/lib/utils.c b/libsecurity_agent-55000/lib/utils.c new file mode 100644 index 000000000..926a69e0d --- /dev/null +++ b/libsecurity_agent-55000/lib/utils.c @@ -0,0 +1,26 @@ +/* + * utils.h + * libsecurity_agent + * + * Copyright (c) 2010 Apple Inc. All rights reserved. + * + */ + + +#include "utils.h" + +unsigned char * +uuid_init_with_sessionid(uuid_t uuid, uint32_t sessionid) +{ + uuid_t tmp = UUID_INITIALIZER_FROM_SESSIONID(sessionid); + + uuid_copy(uuid, tmp); + return &uuid[0]; +} + +const char * +uuid_to_string(const uuid_t uuid, char *buf) +{ + uuid_unparse_lower(uuid, buf); + return buf; +} diff --git a/libsecurity_agent-55000/lib/utils.h b/libsecurity_agent-55000/lib/utils.h new file mode 100644 index 000000000..e1a8f3b66 --- /dev/null +++ b/libsecurity_agent-55000/lib/utils.h @@ -0,0 +1,26 @@ +/* + * utils.h + * libsecurity_agent + * + * Copyright (c) 2010 Apple Inc. All rights reserved. + * + */ + +#include +#include + +#if defined(__cplusplus) +extern "C" { +#endif + +#define UUID_INITIALIZER_FROM_SESSIONID(sessionid) \ + { 0,0,0,0, 0,0,0,0, 0,0,0,0, \ + (0xff000000 & (sessionid))>>24, (0x00ff0000 & (sessionid))>>16, \ + (0x0000ff00 & (sessionid))>>8, (0x000000ff & (sessionid)) } + +unsigned char *uuid_init_with_sessionid(uuid_t uuid, uint32_t sessionid); +const char *uuid_to_string(const uuid_t uuid, char *buf); + +#if defined(__cplusplus) +} +#endif diff --git a/libsecurity_agent-55000/libsecurity_agent.xcodeproj/project.pbxproj b/libsecurity_agent-55000/libsecurity_agent.xcodeproj/project.pbxproj new file mode 100644 index 000000000..abfc74390 --- /dev/null +++ b/libsecurity_agent-55000/libsecurity_agent.xcodeproj/project.pbxproj @@ -0,0 +1,996 @@ +// !$*UTF8*$! +{ + archiveVersion = 1; + classes = { + }; + objectVersion = 42; + objects = { + +/* Begin PBXAggregateTarget section */ + 40635B69052E4CBD0009891B /* world */ = { + isa = PBXAggregateTarget; + buildConfigurationList = C27AD23D0987FCDC001272E0 /* Build configuration list for PBXAggregateTarget "world" */; + buildPhases = ( + ); + dependencies = ( + 40635B6F052E4CD00009891B /* PBXTargetDependency */, + 40635B6E052E4CCD0009891B /* PBXTargetDependency */, + ); + name = world; + productName = world; + }; +/* End PBXAggregateTarget section */ + +/* Begin PBXBuildFile section */ + 409513EC05E6A5780003976E /* agentclient.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 409513EA05E6A5780003976E /* agentclient.cpp */; }; + 409513ED05E6A5780003976E /* agentclient.h in Headers */ = {isa = PBXBuildFile; fileRef = 409513EB05E6A5780003976E /* agentclient.h */; settings = {ATTRIBUTES = (Public, ); }; }; + 4095143205E6DD6C0003976E /* agentclient.h in Headers */ = {isa = PBXBuildFile; fileRef = 409513EB05E6A5780003976E /* agentclient.h */; settings = {ATTRIBUTES = (Public, ); }; }; + 40ACCCCE05DC567700E9F642 /* sa_request.h in Headers */ = {isa = PBXBuildFile; fileRef = 40ACCCCD05DC565700E9F642 /* sa_request.h */; settings = {ATTRIBUTES = (Public, ); }; }; + 40ACCCCF05DC568600E9F642 /* sa_types.h in Headers */ = {isa = PBXBuildFile; fileRef = 40ACCCBD05DC556000E9F642 /* sa_types.h */; settings = {ATTRIBUTES = (Public, ); }; }; + 40ACCCD705DC580800E9F642 /* sa_request_user.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 40ACCCD505DC57E200E9F642 /* sa_request_user.cpp */; }; + 40ACCCD805DC583700E9F642 /* sa_reply_server.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 40ACCCD005DC578C00E9F642 /* sa_reply_server.cpp */; }; + 40ACCCD905DC585A00E9F642 /* sa_reply.h in Headers */ = {isa = PBXBuildFile; fileRef = 40ACCCCC05DC565700E9F642 /* sa_reply.h */; settings = {ATTRIBUTES = (Public, ); }; }; + 40ACCCDA05DC587C00E9F642 /* sa_request_server.c in Sources */ = {isa = PBXBuildFile; fileRef = 40ACCCD405DC57E200E9F642 /* sa_request_server.c */; }; + 40ACCCDB05DC587C00E9F642 /* sa_reply_user.c in Sources */ = {isa = PBXBuildFile; fileRef = 40ACCCD105DC578C00E9F642 /* sa_reply_user.c */; }; + 72B3720C1104E343000D2A39 /* utils.h in Headers */ = {isa = PBXBuildFile; fileRef = 72B3720A1104E343000D2A39 /* utils.h */; settings = {ATTRIBUTES = (Public, ); }; }; + 72B3720D1104E343000D2A39 /* utils.c in Sources */ = {isa = PBXBuildFile; fileRef = 72B3720B1104E343000D2A39 /* utils.c */; }; + 72B3720F1104E343000D2A39 /* utils.c in Sources */ = {isa = PBXBuildFile; fileRef = 72B3720B1104E343000D2A39 /* utils.c */; }; + 72B372191104E841000D2A39 /* utils.h in Headers */ = {isa = PBXBuildFile; fileRef = 72B3720A1104E343000D2A39 /* utils.h */; settings = {ATTRIBUTES = (Public, ); }; }; + 72B3721A1104E849000D2A39 /* utils.h in Headers */ = {isa = PBXBuildFile; fileRef = 72B3720A1104E343000D2A39 /* utils.h */; settings = {ATTRIBUTES = (Public, ); }; }; + 72B372321104EB8D000D2A39 /* utils.h in Sources */ = {isa = PBXBuildFile; fileRef = 72B3720A1104E343000D2A39 /* utils.h */; }; +/* End PBXBuildFile section */ + +/* Begin PBXContainerItemProxy section */ + 4C25921805448C1E007AEE03 /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4CA1FEAB052A3C3800F22E42 /* Project object */; + proxyType = 1; + remoteGlobalIDString = 4C5634D70540A47B00DCF0C8; + remoteInfo = security_agent_client; + }; + 4C25921905448C1E007AEE03 /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4CA1FEAB052A3C3800F22E42 /* Project object */; + proxyType = 1; + remoteGlobalIDString = 4CA1FECF052A450F00F22E42; + remoteInfo = libsecurity_agent_server; + }; + 4C25921A05448C1E007AEE03 /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4CA1FEAB052A3C3800F22E42 /* Project object */; + proxyType = 1; + remoteGlobalIDString = 40E8FACC052E45D000A3D8D1; + remoteInfo = mig; + }; + 4C25921B05448C1E007AEE03 /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4CA1FEAB052A3C3800F22E42 /* Project object */; + proxyType = 1; + remoteGlobalIDString = 4C19B48B05448BF800B31040; + remoteInfo = security_agent_server; + }; + 4C25921C05448C1E007AEE03 /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4CA1FEAB052A3C3800F22E42 /* Project object */; + proxyType = 1; + remoteGlobalIDString = 4CA1FEBD052A3C8100F22E42; + remoteInfo = libsecurity_agent_client; + }; + 4C25921D05448C1E007AEE03 /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4CA1FEAB052A3C3800F22E42 /* Project object */; + proxyType = 1; + remoteGlobalIDString = 40E8FACC052E45D000A3D8D1; + remoteInfo = mig; + }; + 4CC35E1D0544A93C00A9CF4B /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 4CA1FEAB052A3C3800F22E42 /* Project object */; + proxyType = 1; + remoteGlobalIDString = 4C5634D70540A47B00DCF0C8; + remoteInfo = security_agent_client; + }; +/* End PBXContainerItemProxy section */ + +/* Begin PBXFileReference section */ + 409513EA05E6A5780003976E /* agentclient.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = agentclient.cpp; sourceTree = ""; }; + 409513EB05E6A5780003976E /* agentclient.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = agentclient.h; sourceTree = ""; }; + 40ACCCBD05DC556000E9F642 /* sa_types.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = sa_types.h; sourceTree = ""; }; + 40ACCCC505DC559800E9F642 /* sa_reply.defs */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.mig; path = sa_reply.defs; sourceTree = ""; }; + 40ACCCC605DC559800E9F642 /* sa_request.defs */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.mig; path = sa_request.defs; sourceTree = ""; }; + 40ACCCCC05DC565700E9F642 /* sa_reply.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = sa_reply.h; sourceTree = ""; }; + 40ACCCCD05DC565700E9F642 /* sa_request.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = sa_request.h; sourceTree = ""; }; + 40ACCCD005DC578C00E9F642 /* sa_reply_server.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = sa_reply_server.cpp; sourceTree = ""; }; + 40ACCCD105DC578C00E9F642 /* sa_reply_user.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = sa_reply_user.c; sourceTree = ""; }; + 40ACCCD405DC57E200E9F642 /* sa_request_server.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = sa_request_server.c; sourceTree = ""; }; + 40ACCCD505DC57E200E9F642 /* sa_request_user.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = sa_request_user.cpp; sourceTree = ""; }; + 4C19B48C05448BF800B31040 /* security_agent_server.framework */ = {isa = PBXFileReference; explicitFileType = wrapper.framework; path = security_agent_server.framework; sourceTree = BUILT_PRODUCTS_DIR; }; + 4C24BF380557273B00C95CD3 /* mig.mk */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = text; path = mig.mk; sourceTree = ""; }; + 4C5634D80540A47B00DCF0C8 /* security_agent_client.framework */ = {isa = PBXFileReference; explicitFileType = wrapper.framework; path = security_agent_client.framework; sourceTree = BUILT_PRODUCTS_DIR; }; + 4CA1FEBE052A3C8100F22E42 /* security_agent_client */ = {isa = PBXFileReference; explicitFileType = archive.ar; path = security_agent_client; sourceTree = BUILT_PRODUCTS_DIR; }; + 4CA1FED4052A450F00F22E42 /* security_agent_server */ = {isa = PBXFileReference; explicitFileType = archive.ar; path = security_agent_server; sourceTree = BUILT_PRODUCTS_DIR; }; + 72B3720A1104E343000D2A39 /* utils.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = utils.h; sourceTree = ""; }; + 72B3720B1104E343000D2A39 /* utils.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = utils.c; sourceTree = ""; }; +/* End PBXFileReference section */ + +/* Begin PBXFrameworksBuildPhase section */ + 4CA1FEBB052A3C8100F22E42 /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; + 4CA1FED2052A450F00F22E42 /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; +/* End PBXFrameworksBuildPhase section */ + +/* Begin PBXGroup section */ + 4C24BF370557273B00C95CD3 /* mig */ = { + isa = PBXGroup; + children = ( + 4C24BF380557273B00C95CD3 /* mig.mk */, + 40ACCCC505DC559800E9F642 /* sa_reply.defs */, + 40ACCCC605DC559800E9F642 /* sa_request.defs */, + ); + path = mig; + sourceTree = ""; + }; + 4C7503520540CEAC00056564 /* lib */ = { + isa = PBXGroup; + children = ( + 409513EA05E6A5780003976E /* agentclient.cpp */, + 409513EB05E6A5780003976E /* agentclient.h */, + 40ACCCBD05DC556000E9F642 /* sa_types.h */, + 72B3720A1104E343000D2A39 /* utils.h */, + 72B3720B1104E343000D2A39 /* utils.c */, + ); + path = lib; + sourceTree = ""; + }; + 4C75036D0540CEDE00056564 /* derived_src */ = { + isa = PBXGroup; + children = ( + 40ACCCCD05DC565700E9F642 /* sa_request.h */, + 40ACCCD405DC57E200E9F642 /* sa_request_server.c */, + 40ACCCD505DC57E200E9F642 /* sa_request_user.cpp */, + 40ACCCCC05DC565700E9F642 /* sa_reply.h */, + 40ACCCD005DC578C00E9F642 /* sa_reply_server.cpp */, + 40ACCCD105DC578C00E9F642 /* sa_reply_user.c */, + ); + path = derived_src; + sourceTree = BUILT_PRODUCTS_DIR; + }; + 4CA1FEA7052A3C3800F22E42 = { + isa = PBXGroup; + children = ( + 4C7503520540CEAC00056564 /* lib */, + 4C24BF370557273B00C95CD3 /* mig */, + 4C75036D0540CEDE00056564 /* derived_src */, + 4CA1FEBF052A3C8100F22E42 /* Products */, + ); + sourceTree = ""; + }; + 4CA1FEBF052A3C8100F22E42 /* Products */ = { + isa = PBXGroup; + children = ( + 4CA1FEBE052A3C8100F22E42 /* security_agent_client */, + 4CA1FED4052A450F00F22E42 /* security_agent_server */, + 4C5634D80540A47B00DCF0C8 /* security_agent_client.framework */, + 4C19B48C05448BF800B31040 /* security_agent_server.framework */, + ); + name = Products; + sourceTree = ""; + }; +/* End PBXGroup section */ + +/* Begin PBXHeadersBuildPhase section */ + 4C19B48605448BF800B31040 /* Headers */ = { + isa = PBXHeadersBuildPhase; + buildActionMask = 2147483647; + files = ( + 72B3721A1104E849000D2A39 /* utils.h in Headers */, + 40ACCCD905DC585A00E9F642 /* sa_reply.h in Headers */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + 4C5634D20540A47B00DCF0C8 /* Headers */ = { + isa = PBXHeadersBuildPhase; + buildActionMask = 2147483647; + files = ( + 72B372191104E841000D2A39 /* utils.h in Headers */, + 4095143205E6DD6C0003976E /* agentclient.h in Headers */, + 40ACCCCF05DC568600E9F642 /* sa_types.h in Headers */, + 40ACCCCE05DC567700E9F642 /* sa_request.h in Headers */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + 4CA1FEB9052A3C8100F22E42 /* Headers */ = { + isa = PBXHeadersBuildPhase; + buildActionMask = 2147483647; + files = ( + 409513ED05E6A5780003976E /* agentclient.h in Headers */, + 72B3720C1104E343000D2A39 /* utils.h in Headers */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + 4CA1FED0052A450F00F22E42 /* Headers */ = { + isa = PBXHeadersBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; +/* End PBXHeadersBuildPhase section */ + +/* Begin PBXLegacyTarget section */ + 40E8FACC052E45D000A3D8D1 /* generate mig */ = { + isa = PBXLegacyTarget; + buildArgumentsString = "-f mig/mig.mk $ACTION"; + buildConfigurationList = C27AD2290987FCDC001272E0 /* Build configuration list for PBXLegacyTarget "generate mig" */; + buildPhases = ( + ); + buildToolPath = /usr/bin/gnumake; + dependencies = ( + ); + name = "generate mig"; + passBuildSettingsInEnvironment = 1; + productName = mig; + }; +/* End PBXLegacyTarget section */ + +/* Begin PBXNativeTarget section */ + 4C19B48B05448BF800B31040 /* security_agent_server */ = { + isa = PBXNativeTarget; + buildConfigurationList = C27AD2310987FCDC001272E0 /* Build configuration list for PBXNativeTarget "security_agent_server" */; + buildPhases = ( + 4C19B48605448BF800B31040 /* Headers */, + ); + buildRules = ( + ); + dependencies = ( + ); + name = security_agent_server; + productInstallPath = "$(LOCAL_LIBRARY_DIR)/Frameworks"; + productName = security_agent_server; + productReference = 4C19B48C05448BF800B31040 /* security_agent_server.framework */; + productType = "com.apple.product-type.framework"; + }; + 4C5634D70540A47B00DCF0C8 /* security_agent_client */ = { + isa = PBXNativeTarget; + buildConfigurationList = C27AD22D0987FCDC001272E0 /* Build configuration list for PBXNativeTarget "security_agent_client" */; + buildPhases = ( + 4C5634D20540A47B00DCF0C8 /* Headers */, + ); + buildRules = ( + ); + dependencies = ( + 4C7503300540CD3D00056564 /* PBXTargetDependency */, + ); + name = security_agent_client; + productInstallPath = "$(LOCAL_LIBRARY_DIR)/Frameworks"; + productName = security_agent; + productReference = 4C5634D80540A47B00DCF0C8 /* security_agent_client.framework */; + productType = "com.apple.product-type.framework"; + }; + 4CA1FEBD052A3C8100F22E42 /* libsecurity_agent_client */ = { + isa = PBXNativeTarget; + buildConfigurationList = C27AD2390987FCDC001272E0 /* Build configuration list for PBXNativeTarget "libsecurity_agent_client" */; + buildPhases = ( + 4CA1FEB9052A3C8100F22E42 /* Headers */, + 4CA1FEBA052A3C8100F22E42 /* Sources */, + 4CA1FEBB052A3C8100F22E42 /* Frameworks */, + 4C789CA2055AF94800B6FC95 /* ShellScript */, + 4CD0D4CD055B0FD5001715CB /* ShellScript */, + ); + buildRules = ( + ); + dependencies = ( + 4C75032E0540CD3400056564 /* PBXTargetDependency */, + ); + name = libsecurity_agent_client; + productInstallPath = /usr/local/lib; + productName = libsecurity_agent; + productReference = 4CA1FEBE052A3C8100F22E42 /* security_agent_client */; + productType = "com.apple.product-type.library.static"; + }; + 4CA1FECF052A450F00F22E42 /* libsecurity_agent_server */ = { + isa = PBXNativeTarget; + buildConfigurationList = C27AD2350987FCDC001272E0 /* Build configuration list for PBXNativeTarget "libsecurity_agent_server" */; + buildPhases = ( + 4CA1FED0052A450F00F22E42 /* Headers */, + 4CA1FED1052A450F00F22E42 /* Sources */, + 4CA1FED2052A450F00F22E42 /* Frameworks */, + 4C789CA5055AF95C00B6FC95 /* ShellScript */, + 4CD0D4D0055B0FF0001715CB /* ShellScript */, + ); + buildRules = ( + ); + dependencies = ( + 4CC35E1E0544A93C00A9CF4B /* PBXTargetDependency */, + 4C19B48D05448BFC00B31040 /* PBXTargetDependency */, + 40C765C3053485EE008AC043 /* PBXTargetDependency */, + ); + name = libsecurity_agent_server; + productName = libsecurity_agent; + productReference = 4CA1FED4052A450F00F22E42 /* security_agent_server */; + productType = "com.apple.product-type.library.static"; + }; +/* End PBXNativeTarget section */ + +/* Begin PBXProject section */ + 4CA1FEAB052A3C3800F22E42 /* Project object */ = { + isa = PBXProject; + buildConfigurationList = C27AD2450987FCDC001272E0 /* Build configuration list for PBXProject "libsecurity_agent" */; + compatibilityVersion = "Xcode 2.4"; + developmentRegion = English; + hasScannedForEncodings = 1; + knownRegions = ( + English, + Japanese, + French, + German, + ); + mainGroup = 4CA1FEA7052A3C3800F22E42; + productRefGroup = 4CA1FEBF052A3C8100F22E42 /* Products */; + projectDirPath = ""; + projectRoot = ""; + targets = ( + 40635B69052E4CBD0009891B /* world */, + 4CA1FEBD052A3C8100F22E42 /* libsecurity_agent_client */, + 4C5634D70540A47B00DCF0C8 /* security_agent_client */, + 4CA1FECF052A450F00F22E42 /* libsecurity_agent_server */, + 4C19B48B05448BF800B31040 /* security_agent_server */, + 40E8FACC052E45D000A3D8D1 /* generate mig */, + ); + }; +/* End PBXProject section */ + +/* Begin PBXShellScriptBuildPhase section */ + 4C789CA2055AF94800B6FC95 /* ShellScript */ = { + isa = PBXShellScriptBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + inputPaths = ( + ); + outputPaths = ( + ); + runOnlyForDeploymentPostprocessing = 0; + shellPath = /bin/sh; + shellScript = "for variant in ${BUILD_VARIANTS}\ndo\n\tpostfix=`echo _${variant} | sed 's/_normal//'`\n\tditto -V \"${BUILT_PRODUCTS_DIR}/${PRODUCT_NAME}${postfix}\" \"${SYMROOT}/${PRODUCT_NAME}${postfix}\"\n\tln -fs \"../../../${PRODUCT_NAME}${postfix}\" ${SYMROOT}/${PRODUCT_NAME}.framework/Versions/A\n\tln -fs \"Versions/Current/${PRODUCT_NAME}${postfix}\" ${SYMROOT}/${PRODUCT_NAME}.framework\n\tnmedit -p \"${SYMROOT}/${PRODUCT_NAME}${postfix}\"\n\tranlib \"${SYMROOT}/${PRODUCT_NAME}${postfix}\"\ndone"; + }; + 4C789CA5055AF95C00B6FC95 /* ShellScript */ = { + isa = PBXShellScriptBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + inputPaths = ( + ); + outputPaths = ( + ); + runOnlyForDeploymentPostprocessing = 0; + shellPath = /bin/sh; + shellScript = "for variant in ${BUILD_VARIANTS}\ndo\n\tpostfix=`echo _${variant} | sed 's/_normal//'`\n\tditto -V \"${BUILT_PRODUCTS_DIR}/${PRODUCT_NAME}${postfix}\" \"${SYMROOT}/${PRODUCT_NAME}${postfix}\"\n\tln -fs \"../../../${PRODUCT_NAME}${postfix}\" ${SYMROOT}/${PRODUCT_NAME}.framework/Versions/A\n\tln -fs \"Versions/Current/${PRODUCT_NAME}${postfix}\" ${SYMROOT}/${PRODUCT_NAME}.framework\n\tnmedit -p \"${SYMROOT}/${PRODUCT_NAME}${postfix}\"\n\tranlib \"${SYMROOT}/${PRODUCT_NAME}${postfix}\"\ndone"; + }; + 4CD0D4CD055B0FD5001715CB /* ShellScript */ = { + isa = PBXShellScriptBuildPhase; + buildActionMask = 8; + files = ( + ); + inputPaths = ( + ); + outputPaths = ( + ); + runOnlyForDeploymentPostprocessing = 1; + shellPath = /bin/sh; + shellScript = "for variant in ${BUILD_VARIANTS}\ndo\n\tpostfix=`echo _${variant} | sed 's/_normal//'`\n\tcp -p \"${SYMROOT}/${PRODUCT_NAME}${postfix}\" \"${DSTROOT}/usr/local/SecurityPieces/Frameworks/${PRODUCT_NAME}.framework/Versions/A\"\n\tranlib \"${DSTROOT}/usr/local/SecurityPieces/Frameworks/${PRODUCT_NAME}.framework/Versions/A/${PRODUCT_NAME}${postfix}\"\n\tln -fs \"Versions/Current/${PRODUCT_NAME}${postfix}\" \"${DSTROOT}/usr/local/SecurityPieces/Frameworks/${PRODUCT_NAME}.framework\"\ndone"; + }; + 4CD0D4D0055B0FF0001715CB /* ShellScript */ = { + isa = PBXShellScriptBuildPhase; + buildActionMask = 8; + files = ( + ); + inputPaths = ( + ); + outputPaths = ( + ); + runOnlyForDeploymentPostprocessing = 1; + shellPath = /bin/sh; + shellScript = "for variant in ${BUILD_VARIANTS}\ndo\n\tpostfix=`echo _${variant} | sed 's/_normal//'`\n\tcp -p \"${SYMROOT}/${PRODUCT_NAME}${postfix}\" \"${DSTROOT}/usr/local/SecurityPieces/Components/SecurityAgent/${PRODUCT_NAME}.framework/Versions/A\"\n\tranlib \"${DSTROOT}/usr/local/SecurityPieces/Components/SecurityAgent/${PRODUCT_NAME}.framework/Versions/A/${PRODUCT_NAME}${postfix}\"\n\tln -fs \"Versions/Current/${PRODUCT_NAME}${postfix}\" \"${DSTROOT}/usr/local/SecurityPieces/Components/SecurityAgent/${PRODUCT_NAME}.framework\"\ndone"; + }; +/* End PBXShellScriptBuildPhase section */ + +/* Begin PBXSourcesBuildPhase section */ + 4CA1FEBA052A3C8100F22E42 /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + 40ACCCD805DC583700E9F642 /* sa_reply_server.cpp in Sources */, + 40ACCCD705DC580800E9F642 /* sa_request_user.cpp in Sources */, + 409513EC05E6A5780003976E /* agentclient.cpp in Sources */, + 72B3720D1104E343000D2A39 /* utils.c in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; + 4CA1FED1052A450F00F22E42 /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + 72B372321104EB8D000D2A39 /* utils.h in Sources */, + 40ACCCDA05DC587C00E9F642 /* sa_request_server.c in Sources */, + 40ACCCDB05DC587C00E9F642 /* sa_reply_user.c in Sources */, + 72B3720F1104E343000D2A39 /* utils.c in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; +/* End PBXSourcesBuildPhase section */ + +/* Begin PBXTargetDependency section */ + 40635B6E052E4CCD0009891B /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = 4CA1FEBD052A3C8100F22E42 /* libsecurity_agent_client */; + targetProxy = 4C25921C05448C1E007AEE03 /* PBXContainerItemProxy */; + }; + 40635B6F052E4CD00009891B /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = 4CA1FECF052A450F00F22E42 /* libsecurity_agent_server */; + targetProxy = 4C25921905448C1E007AEE03 /* PBXContainerItemProxy */; + }; + 40C765C3053485EE008AC043 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = 40E8FACC052E45D000A3D8D1 /* generate mig */; + targetProxy = 4C25921D05448C1E007AEE03 /* PBXContainerItemProxy */; + }; + 4C19B48D05448BFC00B31040 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = 4C19B48B05448BF800B31040 /* security_agent_server */; + targetProxy = 4C25921B05448C1E007AEE03 /* PBXContainerItemProxy */; + }; + 4C75032E0540CD3400056564 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = 4C5634D70540A47B00DCF0C8 /* security_agent_client */; + targetProxy = 4C25921805448C1E007AEE03 /* PBXContainerItemProxy */; + }; + 4C7503300540CD3D00056564 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = 40E8FACC052E45D000A3D8D1 /* generate mig */; + targetProxy = 4C25921A05448C1E007AEE03 /* PBXContainerItemProxy */; + }; + 4CC35E1E0544A93C00A9CF4B /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + target = 4C5634D70540A47B00DCF0C8 /* security_agent_client */; + targetProxy = 4CC35E1D0544A93C00A9CF4B /* PBXContainerItemProxy */; + }; +/* End PBXTargetDependency section */ + +/* Begin XCBuildConfiguration section */ + C27AD22A0987FCDC001272E0 /* Development */ = { + isa = XCBuildConfiguration; + buildSettings = { + BUILD_VARIANTS = debug; + GCC_OPTIMIZATION_LEVEL = 0; + PRODUCT_NAME = "generate mig"; + }; + name = Development; + }; + C27AD22B0987FCDC001272E0 /* Deployment */ = { + isa = XCBuildConfiguration; + buildSettings = { + GCC_DYNAMIC_NO_PIC = NO; + GCC_GENERATE_DEBUGGING_SYMBOLS = NO; + PRODUCT_NAME = "generate mig"; + ZERO_LINK = NO; + }; + name = Deployment; + }; + C27AD22C0987FCDC001272E0 /* Default */ = { + isa = XCBuildConfiguration; + buildSettings = { + PRODUCT_NAME = "generate mig"; + }; + name = Default; + }; + C27AD22E0987FCDC001272E0 /* Development */ = { + isa = XCBuildConfiguration; + buildSettings = { + BUILD_VARIANTS = debug; + EXECUTABLE_PREFIX = ""; + EXECUTABLE_SUFFIX = ""; + FRAMEWORK_VERSION = A; + GCC_OPTIMIZATION_LEVEL = 0; + INFOPLIST_FILE = "Info-security_agent_client.plist"; + INSTALL_PATH = /usr/local/SecurityPieces/Frameworks; + PRODUCT_NAME = security_agent_client; + WRAPPER_EXTENSION = framework; + }; + name = Development; + }; + C27AD22F0987FCDC001272E0 /* Deployment */ = { + isa = XCBuildConfiguration; + buildSettings = { + EXECUTABLE_PREFIX = ""; + EXECUTABLE_SUFFIX = ""; + FRAMEWORK_VERSION = A; + GCC_DYNAMIC_NO_PIC = NO; + GCC_GENERATE_DEBUGGING_SYMBOLS = NO; + INFOPLIST_FILE = "Info-security_agent_client.plist"; + INSTALL_PATH = /usr/local/SecurityPieces/Frameworks; + PRODUCT_NAME = security_agent_client; + WRAPPER_EXTENSION = framework; + ZERO_LINK = NO; + }; + name = Deployment; + }; + C27AD2300987FCDC001272E0 /* Default */ = { + isa = XCBuildConfiguration; + buildSettings = { + EXECUTABLE_PREFIX = ""; + EXECUTABLE_SUFFIX = ""; + FRAMEWORK_VERSION = A; + INFOPLIST_FILE = "Info-security_agent_client.plist"; + INSTALL_PATH = /usr/local/SecurityPieces/Frameworks; + PRODUCT_NAME = security_agent_client; + WRAPPER_EXTENSION = framework; + }; + name = Default; + }; + C27AD2320987FCDC001272E0 /* Development */ = { + isa = XCBuildConfiguration; + buildSettings = { + BUILD_VARIANTS = debug; + EXECUTABLE_PREFIX = ""; + EXECUTABLE_SUFFIX = ""; + FRAMEWORK_VERSION = A; + GCC_OPTIMIZATION_LEVEL = 0; + INFOPLIST_FILE = "Info-security_agent_server.plist"; + INSTALL_PATH = /usr/local/SecurityPieces/Components/SecurityAgent; + PRODUCT_NAME = security_agent_server; + WRAPPER_EXTENSION = framework; + }; + name = Development; + }; + C27AD2330987FCDC001272E0 /* Deployment */ = { + isa = XCBuildConfiguration; + buildSettings = { + EXECUTABLE_PREFIX = ""; + EXECUTABLE_SUFFIX = ""; + FRAMEWORK_VERSION = A; + GCC_DYNAMIC_NO_PIC = NO; + GCC_GENERATE_DEBUGGING_SYMBOLS = NO; + INFOPLIST_FILE = "Info-security_agent_server.plist"; + INSTALL_PATH = /usr/local/SecurityPieces/Components/SecurityAgent; + PRODUCT_NAME = security_agent_server; + WRAPPER_EXTENSION = framework; + ZERO_LINK = NO; + }; + name = Deployment; + }; + C27AD2340987FCDC001272E0 /* Default */ = { + isa = XCBuildConfiguration; + buildSettings = { + EXECUTABLE_PREFIX = ""; + EXECUTABLE_SUFFIX = ""; + FRAMEWORK_VERSION = A; + INFOPLIST_FILE = "Info-security_agent_server.plist"; + INSTALL_PATH = /usr/local/SecurityPieces/Components/SecurityAgent; + PRODUCT_NAME = security_agent_server; + WRAPPER_EXTENSION = framework; + }; + name = Default; + }; + C27AD2360987FCDC001272E0 /* Development */ = { + isa = XCBuildConfiguration; + buildSettings = { + BUILD_VARIANTS = debug; + CURRENT_PROJECT_VERSION = 55000; + EXECUTABLE_PREFIX = ""; + EXECUTABLE_SUFFIX = ""; + FRAMEWORK_SEARCH_PATHS = /usr/local/SecurityPieces/Frameworks; + GCC_OPTIMIZATION_LEVEL = 0; + LIBRARY_STYLE = STATIC; + OPT_CFLAGS = "-DNDEBUG -Os $(OPT_INLINEFLAGS)"; + OPT_CPPFLAGS = "$(OPT_CFLAGS)"; + OPT_INLINEFLAGS = ""; + OPT_LDFLAGS = ""; + OTHER_ASFLAGS_debug = "$(OTHER_CFLAGS)"; + OTHER_ASFLAGS_normal = "-DNDEBUG $(OTHER_CFLAGS)"; + OTHER_ASFLAGS_profile = "-DNDEBUG $(OTHER_CFLAGS) -pg"; + OTHER_CFLAGS_debug = "$(OTHER_CFLAGS) -O0 -fno-inline"; + OTHER_CFLAGS_nopic = "-mdynamic-no-pic $(OPT_CFLAGS) $(OTHER_CFLAGS)"; + OTHER_CFLAGS_normal = "$(OPT_CFLAGS) $(OTHER_CFLAGS)"; + OTHER_CFLAGS_profile = "$(OPT_CFLAGS) $(OTHER_CFLAGS) -pg"; + OTHER_CPLUSPLUSFLAGS_debug = "$(OTHER_CFLAGS) -O0 -fno-inline"; + OTHER_CPLUSPLUSFLAGS_nopic = "-mdynamic-no-pic $(OPT_CPPFLAGS) $(OTHER_CFLAGS)"; + OTHER_CPLUSPLUSFLAGS_normal = "$(OPT_CPPFLAGS) $(OTHER_CFLAGS)"; + OTHER_CPLUSPLUSFLAGS_profile = "$(OPT_CPPFLAGS) $(OTHER_CFLAGS) -pg"; + OTHER_LDFLAGS_debug = ""; + OTHER_LDFLAGS_nopic = "-dead_strip $(OPT_LDFLAGS) $(OTHER_LDFLAGS)"; + OTHER_LDFLAGS_normal = "$(OPT_LDFLAGS) $(OTHER_LDFLAGS)"; + OTHER_LDFLAGS_profile = "$(OPT_LDFLAGS) $(OTHER_LDFLAGS) -pg"; + PRODUCT_NAME = security_agent_server; + VERSIONING_SYSTEM = "apple-generic"; + WARNING_CFLAGS = ( + "-Wmost", + "-Wno-four-char-constants", + "-Wno-unknown-pragmas", + ); + }; + name = Development; + }; + C27AD2370987FCDC001272E0 /* Deployment */ = { + isa = XCBuildConfiguration; + buildSettings = { + BUILD_VARIANTS = ( + normal, + debug, + nopic, + ); + CURRENT_PROJECT_VERSION = 55000; + EXECUTABLE_PREFIX = ""; + EXECUTABLE_SUFFIX = ""; + FRAMEWORK_SEARCH_PATHS = /usr/local/SecurityPieces/Frameworks; + GCC_DYNAMIC_NO_PIC = NO; + GCC_GENERATE_DEBUGGING_SYMBOLS = NO; + LIBRARY_STYLE = STATIC; + OPT_CFLAGS = "-DNDEBUG -Os $(OPT_INLINEFLAGS)"; + OPT_CPPFLAGS = "$(OPT_CFLAGS)"; + OPT_INLINEFLAGS = ""; + OPT_LDFLAGS = ""; + OTHER_ASFLAGS_debug = "$(OTHER_CFLAGS)"; + OTHER_ASFLAGS_normal = "-DNDEBUG $(OTHER_CFLAGS)"; + OTHER_ASFLAGS_profile = "-DNDEBUG $(OTHER_CFLAGS) -pg"; + OTHER_CFLAGS_debug = "$(OTHER_CFLAGS) -O0 -fno-inline"; + OTHER_CFLAGS_nopic = "-mdynamic-no-pic $(OPT_CFLAGS) $(OTHER_CFLAGS)"; + OTHER_CFLAGS_normal = "$(OPT_CFLAGS) $(OTHER_CFLAGS)"; + OTHER_CFLAGS_profile = "$(OPT_CFLAGS) $(OTHER_CFLAGS) -pg"; + OTHER_CPLUSPLUSFLAGS_debug = "$(OTHER_CFLAGS) -O0 -fno-inline"; + OTHER_CPLUSPLUSFLAGS_nopic = "-mdynamic-no-pic $(OPT_CPPFLAGS) $(OTHER_CFLAGS)"; + OTHER_CPLUSPLUSFLAGS_normal = "$(OPT_CPPFLAGS) $(OTHER_CFLAGS)"; + OTHER_CPLUSPLUSFLAGS_profile = "$(OPT_CPPFLAGS) $(OTHER_CFLAGS) -pg"; + OTHER_LDFLAGS_debug = ""; + OTHER_LDFLAGS_nopic = "-dead_strip $(OPT_LDFLAGS) $(OTHER_LDFLAGS)"; + OTHER_LDFLAGS_normal = "$(OPT_LDFLAGS) $(OTHER_LDFLAGS)"; + OTHER_LDFLAGS_profile = "$(OPT_LDFLAGS) $(OTHER_LDFLAGS) -pg"; + PRODUCT_NAME = security_agent_server; + VERSIONING_SYSTEM = "apple-generic"; + WARNING_CFLAGS = ( + "-Wmost", + "-Wno-four-char-constants", + "-Wno-unknown-pragmas", + ); + ZERO_LINK = NO; + }; + name = Deployment; + }; + C27AD2380987FCDC001272E0 /* Default */ = { + isa = XCBuildConfiguration; + buildSettings = { + BUILD_VARIANTS = ( + normal, + debug, + nopic, + ); + CURRENT_PROJECT_VERSION = 55000; + EXECUTABLE_PREFIX = ""; + EXECUTABLE_SUFFIX = ""; + FRAMEWORK_SEARCH_PATHS = /usr/local/SecurityPieces/Frameworks; + LIBRARY_STYLE = STATIC; + OPT_CFLAGS = "-DNDEBUG -Os $(OPT_INLINEFLAGS)"; + OPT_CPPFLAGS = "$(OPT_CFLAGS)"; + OPT_INLINEFLAGS = ""; + OPT_LDFLAGS = ""; + OTHER_ASFLAGS_debug = "$(OTHER_CFLAGS)"; + OTHER_ASFLAGS_normal = "-DNDEBUG $(OTHER_CFLAGS)"; + OTHER_ASFLAGS_profile = "-DNDEBUG $(OTHER_CFLAGS) -pg"; + OTHER_CFLAGS_debug = "$(OTHER_CFLAGS) -O0 -fno-inline"; + OTHER_CFLAGS_nopic = "-mdynamic-no-pic $(OPT_CFLAGS) $(OTHER_CFLAGS)"; + OTHER_CFLAGS_normal = "$(OPT_CFLAGS) $(OTHER_CFLAGS)"; + OTHER_CFLAGS_profile = "$(OPT_CFLAGS) $(OTHER_CFLAGS) -pg"; + OTHER_CPLUSPLUSFLAGS_debug = "$(OTHER_CFLAGS) -O0 -fno-inline"; + OTHER_CPLUSPLUSFLAGS_nopic = "-mdynamic-no-pic $(OPT_CPPFLAGS) $(OTHER_CFLAGS)"; + OTHER_CPLUSPLUSFLAGS_normal = "$(OPT_CPPFLAGS) $(OTHER_CFLAGS)"; + OTHER_CPLUSPLUSFLAGS_profile = "$(OPT_CPPFLAGS) $(OTHER_CFLAGS) -pg"; + OTHER_LDFLAGS_debug = ""; + OTHER_LDFLAGS_nopic = "-dead_strip $(OPT_LDFLAGS) $(OTHER_LDFLAGS)"; + OTHER_LDFLAGS_normal = "$(OPT_LDFLAGS) $(OTHER_LDFLAGS)"; + OTHER_LDFLAGS_profile = "$(OPT_LDFLAGS) $(OTHER_LDFLAGS) -pg"; + PRODUCT_NAME = security_agent_server; + VERSIONING_SYSTEM = "apple-generic"; + WARNING_CFLAGS = ( + "-Wmost", + "-Wno-four-char-constants", + "-Wno-unknown-pragmas", + ); + }; + name = Default; + }; + C27AD23A0987FCDC001272E0 /* Development */ = { + isa = XCBuildConfiguration; + buildSettings = { + BUILD_VARIANTS = debug; + CURRENT_PROJECT_VERSION = 55000; + EXECUTABLE_PREFIX = ""; + EXECUTABLE_SUFFIX = ""; + FRAMEWORK_SEARCH_PATHS = /usr/local/SecurityPieces/Frameworks; + GCC_OPTIMIZATION_LEVEL = 0; + LIBRARY_STYLE = STATIC; + OPT_CFLAGS = "-DNDEBUG -Os $(OPT_INLINEFLAGS)"; + OPT_CPPFLAGS = "$(OPT_CFLAGS)"; + OPT_INLINEFLAGS = ""; + OPT_LDFLAGS = ""; + OTHER_ASFLAGS_debug = "$(OTHER_CFLAGS)"; + OTHER_ASFLAGS_normal = "-DNDEBUG $(OTHER_CFLAGS)"; + OTHER_ASFLAGS_profile = "-DNDEBUG $(OTHER_CFLAGS) -pg"; + OTHER_CFLAGS = ""; + OTHER_CFLAGS_debug = "-DNOSA $(OTHER_CFLAGS) -O0 -fno-inline"; + OTHER_CFLAGS_nopic = "-mdynamic-no-pic $(OPT_CFLAGS) $(OTHER_CFLAGS)"; + OTHER_CFLAGS_normal = "$(OPT_CFLAGS) $(OTHER_CFLAGS)"; + OTHER_CFLAGS_profile = "$(OPT_CFLAGS) $(OTHER_CFLAGS) -pg"; + OTHER_CPLUSPLUSFLAGS_debug = "$(OTHER_CFLAGS) -O0 -fno-inline"; + OTHER_CPLUSPLUSFLAGS_nopic = "-mdynamic-no-pic $(OPT_CPPFLAGS) $(OTHER_CFLAGS)"; + OTHER_CPLUSPLUSFLAGS_normal = "$(OPT_CPPFLAGS) $(OTHER_CFLAGS)"; + OTHER_CPLUSPLUSFLAGS_profile = "$(OPT_CPPFLAGS) $(OTHER_CFLAGS) -pg"; + OTHER_LDFLAGS_debug = ""; + OTHER_LDFLAGS_nopic = "-dead_strip $(OPT_LDFLAGS) $(OTHER_LDFLAGS)"; + OTHER_LDFLAGS_normal = "$(OPT_LDFLAGS) $(OTHER_LDFLAGS)"; + OTHER_LDFLAGS_profile = "$(OPT_LDFLAGS) $(OTHER_LDFLAGS) -pg"; + PRODUCT_NAME = security_agent_client; + VERSIONING_SYSTEM = "apple-generic"; + WARNING_CFLAGS = ( + "-Wmost", + "-Wno-four-char-constants", + "-Wno-unknown-pragmas", + ); + }; + name = Development; + }; + C27AD23B0987FCDC001272E0 /* Deployment */ = { + isa = XCBuildConfiguration; + buildSettings = { + BUILD_VARIANTS = ( + normal, + debug, + nopic, + ); + CURRENT_PROJECT_VERSION = 55000; + EXECUTABLE_PREFIX = ""; + EXECUTABLE_SUFFIX = ""; + FRAMEWORK_SEARCH_PATHS = /usr/local/SecurityPieces/Frameworks; + GCC_DYNAMIC_NO_PIC = NO; + GCC_GENERATE_DEBUGGING_SYMBOLS = NO; + LIBRARY_STYLE = STATIC; + OPT_CFLAGS = "-DNDEBUG -Os $(OPT_INLINEFLAGS)"; + OPT_CPPFLAGS = "$(OPT_CFLAGS)"; + OPT_INLINEFLAGS = ""; + OPT_LDFLAGS = ""; + OTHER_ASFLAGS_debug = "$(OTHER_CFLAGS)"; + OTHER_ASFLAGS_normal = "-DNDEBUG $(OTHER_CFLAGS)"; + OTHER_ASFLAGS_profile = "-DNDEBUG $(OTHER_CFLAGS) -pg"; + OTHER_CFLAGS = ""; + OTHER_CFLAGS_debug = "-DNOSA $(OTHER_CFLAGS) -O0 -fno-inline"; + OTHER_CFLAGS_nopic = "-mdynamic-no-pic $(OPT_CFLAGS) $(OTHER_CFLAGS)"; + OTHER_CFLAGS_normal = "$(OPT_CFLAGS) $(OTHER_CFLAGS)"; + OTHER_CFLAGS_profile = "$(OPT_CFLAGS) $(OTHER_CFLAGS) -pg"; + OTHER_CPLUSPLUSFLAGS_debug = "$(OTHER_CFLAGS) -O0 -fno-inline"; + OTHER_CPLUSPLUSFLAGS_nopic = "-mdynamic-no-pic $(OPT_CPPFLAGS) $(OTHER_CFLAGS)"; + OTHER_CPLUSPLUSFLAGS_normal = "$(OPT_CPPFLAGS) $(OTHER_CFLAGS)"; + OTHER_CPLUSPLUSFLAGS_profile = "$(OPT_CPPFLAGS) $(OTHER_CFLAGS) -pg"; + OTHER_LDFLAGS_debug = ""; + OTHER_LDFLAGS_nopic = "-dead_strip $(OPT_LDFLAGS) $(OTHER_LDFLAGS)"; + OTHER_LDFLAGS_normal = "$(OPT_LDFLAGS) $(OTHER_LDFLAGS)"; + OTHER_LDFLAGS_profile = "$(OPT_LDFLAGS) $(OTHER_LDFLAGS) -pg"; + PRODUCT_NAME = security_agent_client; + VERSIONING_SYSTEM = "apple-generic"; + WARNING_CFLAGS = ( + "-Wmost", + "-Wno-four-char-constants", + "-Wno-unknown-pragmas", + ); + ZERO_LINK = NO; + }; + name = Deployment; + }; + C27AD23C0987FCDC001272E0 /* Default */ = { + isa = XCBuildConfiguration; + buildSettings = { + BUILD_VARIANTS = ( + normal, + debug, + nopic, + ); + CURRENT_PROJECT_VERSION = 55000; + EXECUTABLE_PREFIX = ""; + EXECUTABLE_SUFFIX = ""; + FRAMEWORK_SEARCH_PATHS = /usr/local/SecurityPieces/Frameworks; + LIBRARY_STYLE = STATIC; + OPT_CFLAGS = "-DNDEBUG -Os $(OPT_INLINEFLAGS)"; + OPT_CPPFLAGS = "$(OPT_CFLAGS)"; + OPT_INLINEFLAGS = ""; + OPT_LDFLAGS = ""; + OTHER_ASFLAGS_debug = "$(OTHER_CFLAGS)"; + OTHER_ASFLAGS_normal = "-DNDEBUG $(OTHER_CFLAGS)"; + OTHER_ASFLAGS_profile = "-DNDEBUG $(OTHER_CFLAGS) -pg"; + OTHER_CFLAGS = ""; + OTHER_CFLAGS_debug = "-DNOSA $(OTHER_CFLAGS) -O0 -fno-inline"; + OTHER_CFLAGS_nopic = "-mdynamic-no-pic $(OPT_CFLAGS) $(OTHER_CFLAGS)"; + OTHER_CFLAGS_normal = "$(OPT_CFLAGS) $(OTHER_CFLAGS)"; + OTHER_CFLAGS_profile = "$(OPT_CFLAGS) $(OTHER_CFLAGS) -pg"; + OTHER_CPLUSPLUSFLAGS_debug = "$(OTHER_CFLAGS) -O0 -fno-inline"; + OTHER_CPLUSPLUSFLAGS_nopic = "-mdynamic-no-pic $(OPT_CPPFLAGS) $(OTHER_CFLAGS)"; + OTHER_CPLUSPLUSFLAGS_normal = "$(OPT_CPPFLAGS) $(OTHER_CFLAGS)"; + OTHER_CPLUSPLUSFLAGS_profile = "$(OPT_CPPFLAGS) $(OTHER_CFLAGS) -pg"; + OTHER_LDFLAGS_debug = ""; + OTHER_LDFLAGS_nopic = "-dead_strip $(OPT_LDFLAGS) $(OTHER_LDFLAGS)"; + OTHER_LDFLAGS_normal = "$(OPT_LDFLAGS) $(OTHER_LDFLAGS)"; + OTHER_LDFLAGS_profile = "$(OPT_LDFLAGS) $(OTHER_LDFLAGS) -pg"; + PRODUCT_NAME = security_agent_client; + VERSIONING_SYSTEM = "apple-generic"; + WARNING_CFLAGS = ( + "-Wmost", + "-Wno-four-char-constants", + "-Wno-unknown-pragmas", + ); + }; + name = Default; + }; + C27AD23E0987FCDC001272E0 /* Development */ = { + isa = XCBuildConfiguration; + buildSettings = { + BUILD_VARIANTS = debug; + GCC_OPTIMIZATION_LEVEL = 0; + OTHER_CFLAGS = ""; + OTHER_LDFLAGS = ""; + OTHER_REZFLAGS = ""; + PRODUCT_NAME = world; + SECTORDER_FLAGS = ""; + WARNING_CFLAGS = ( + "-Wmost", + "-Wno-four-char-constants", + "-Wno-unknown-pragmas", + ); + }; + name = Development; + }; + C27AD23F0987FCDC001272E0 /* Deployment */ = { + isa = XCBuildConfiguration; + buildSettings = { + GCC_DYNAMIC_NO_PIC = NO; + GCC_GENERATE_DEBUGGING_SYMBOLS = NO; + OTHER_CFLAGS = ""; + OTHER_LDFLAGS = ""; + OTHER_REZFLAGS = ""; + PRODUCT_NAME = world; + SECTORDER_FLAGS = ""; + WARNING_CFLAGS = ( + "-Wmost", + "-Wno-four-char-constants", + "-Wno-unknown-pragmas", + ); + ZERO_LINK = NO; + }; + name = Deployment; + }; + C27AD2400987FCDC001272E0 /* Default */ = { + isa = XCBuildConfiguration; + buildSettings = { + OTHER_CFLAGS = ""; + OTHER_LDFLAGS = ""; + OTHER_REZFLAGS = ""; + PRODUCT_NAME = world; + SECTORDER_FLAGS = ""; + WARNING_CFLAGS = ( + "-Wmost", + "-Wno-four-char-constants", + "-Wno-unknown-pragmas", + ); + }; + name = Default; + }; + C27AD2460987FCDC001272E0 /* Development */ = { + isa = XCBuildConfiguration; + buildSettings = { + CONFIGURATION_BUILD_DIR = "$(BUILD_DIR)"; + CONFIGURATION_TEMP_DIR = "$(PROJECT_TEMP_DIR)"; + }; + name = Development; + }; + C27AD2470987FCDC001272E0 /* Deployment */ = { + isa = XCBuildConfiguration; + buildSettings = { + CONFIGURATION_BUILD_DIR = "$(BUILD_DIR)"; + CONFIGURATION_TEMP_DIR = "$(PROJECT_TEMP_DIR)"; + }; + name = Deployment; + }; + C27AD2480987FCDC001272E0 /* Default */ = { + isa = XCBuildConfiguration; + buildSettings = { + CONFIGURATION_BUILD_DIR = "$(BUILD_DIR)"; + CONFIGURATION_TEMP_DIR = "$(PROJECT_TEMP_DIR)"; + UNSTRIPPED_PRODUT = YES; + }; + name = Default; + }; +/* End XCBuildConfiguration section */ + +/* Begin XCConfigurationList section */ + C27AD2290987FCDC001272E0 /* Build configuration list for PBXLegacyTarget "generate mig" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + C27AD22A0987FCDC001272E0 /* Development */, + C27AD22B0987FCDC001272E0 /* Deployment */, + C27AD22C0987FCDC001272E0 /* Default */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Default; + }; + C27AD22D0987FCDC001272E0 /* Build configuration list for PBXNativeTarget "security_agent_client" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + C27AD22E0987FCDC001272E0 /* Development */, + C27AD22F0987FCDC001272E0 /* Deployment */, + C27AD2300987FCDC001272E0 /* Default */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Default; + }; + C27AD2310987FCDC001272E0 /* Build configuration list for PBXNativeTarget "security_agent_server" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + C27AD2320987FCDC001272E0 /* Development */, + C27AD2330987FCDC001272E0 /* Deployment */, + C27AD2340987FCDC001272E0 /* Default */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Default; + }; + C27AD2350987FCDC001272E0 /* Build configuration list for PBXNativeTarget "libsecurity_agent_server" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + C27AD2360987FCDC001272E0 /* Development */, + C27AD2370987FCDC001272E0 /* Deployment */, + C27AD2380987FCDC001272E0 /* Default */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Default; + }; + C27AD2390987FCDC001272E0 /* Build configuration list for PBXNativeTarget "libsecurity_agent_client" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + C27AD23A0987FCDC001272E0 /* Development */, + C27AD23B0987FCDC001272E0 /* Deployment */, + C27AD23C0987FCDC001272E0 /* Default */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Default; + }; + C27AD23D0987FCDC001272E0 /* Build configuration list for PBXAggregateTarget "world" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + C27AD23E0987FCDC001272E0 /* Development */, + C27AD23F0987FCDC001272E0 /* Deployment */, + C27AD2400987FCDC001272E0 /* Default */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Default; + }; + C27AD2450987FCDC001272E0 /* Build configuration list for PBXProject "libsecurity_agent" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + C27AD2460987FCDC001272E0 /* Development */, + C27AD2470987FCDC001272E0 /* Deployment */, + C27AD2480987FCDC001272E0 /* Default */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Default; + }; +/* End XCConfigurationList section */ + }; + rootObject = 4CA1FEAB052A3C3800F22E42 /* Project object */; +} diff --git a/libsecurity_agent-55000/mig/mig.mk b/libsecurity_agent-55000/mig/mig.mk new file mode 100644 index 000000000..019a7cd4e --- /dev/null +++ b/libsecurity_agent-55000/mig/mig.mk @@ -0,0 +1,33 @@ +# +# Makefile to build MIG-generated sources and headers +# +DERIVED_SRC = $(BUILT_PRODUCTS_DIR)/derived_src + +HDRS = $(DERIVED_SRC)/sa_reply.h \ + $(DERIVED_SRC)/sa_request.h + +SRCS = $(DERIVED_SRC)/sa_reply_server.cpp $(DERIVED_SRC)/sa_reply_user.c \ + $(DERIVED_SRC)/sa_request_server.c $(DERIVED_SRC)/sa_request_user.cpp + +build: $(HDRS) $(SRCS) + +install: build + +installhdrs: $(HDRS) + +installsrc: + +clean: + rm -f $(HDRS) $(SRCS) + +$(DERIVED_SRC)/sa_request_server.c $(DERIVED_SRC)/sa_request_user.cpp $(DERIVED_SRC)/sa_request.h: $(SRCROOT)/mig/sa_request.defs $(SRCROOT)/lib/sa_types.h + mkdir -p $(DERIVED_SRC) + mig -server $(DERIVED_SRC)/sa_request_server.c -user $(DERIVED_SRC)/sa_request_user.cpp \ + -header $(DERIVED_SRC)/sa_request.h $(SRCROOT)/mig/sa_request.defs + +$(DERIVED_SRC)/sa_reply_server.cpp $(DERIVED_SRC)/sa_reply_user.c $(DERIVED_SRC)/sa_reply.h: $(SRCROOT)/mig/sa_reply.defs $(SRCROOT)/lib/sa_types.h + mkdir -p $(DERIVED_SRC) + mig -server $(DERIVED_SRC)/sa_reply_server.cpp -user $(DERIVED_SRC)/sa_reply_user.c \ + -header $(DERIVED_SRC)/sa_reply.h $(SRCROOT)/mig/sa_reply.defs + + diff --git a/libsecurity_agent-55000/mig/sa_reply.defs b/libsecurity_agent-55000/mig/sa_reply.defs new file mode 100644 index 000000000..1c70c749c --- /dev/null +++ b/libsecurity_agent-55000/mig/sa_reply.defs @@ -0,0 +1,54 @@ +// +// sa_reply.defs - SecurityAgent-side Mach RPC interface to Server. +// +#include +#include + +subsystem secagentreply 1200; +serverprefix sa_reply_server_; +userprefix sa_reply_client_; + +import ; + +// +// Data types +// +type OSStatus = int32; +type AuthorizationResult = int32; + +type Data = array [] of char; + +type AuthorizationItemSetBlob = Data + ctype: AuthorizationItemSetPtr; +type AuthorizationItemSetPtr = unsigned32; +type AuthorizationValueVectorBlob = Data + ctype: AuthorizationValueVectorPtr; +type AuthorizationValueVectorPtr = unsigned32; + + +#define BLOB(name,type) name: type##Blob; name##Base: type##Ptr + +// +// Staged SecurityAgent reply protocol +// +simpleroutine didCreate(requestport instanceReplyPort: mach_port_t; + instanceRequestPort: mach_port_make_send_t); // give client send rights to mechanism request port + +simpleroutine setResult(requestport instanceReplyPort: mach_port_t; + status: AuthorizationResult; + BLOB(hintsIn,AuthorizationItemSet); + BLOB(contextIn,AuthorizationItemSet)); + +simpleroutine requestInterrupt(requestport instanceReplyPort: mach_port_t); + +simpleroutine didDeactivate(requestport instanceReplyPort: mach_port_t); + +simpleroutine reportError(requestport instanceReplyPort: mach_port_t; + status: OSStatus); + +simpleroutine didStartTx(clientReplyPort: mach_port_move_send_once_t; + result: kern_return_t); + +// in case we decide to support true synchronous agent client IPCs, this +// keeps sa_reply routine #s at parity with sa_request routine #s +skip; // client: txEnd diff --git a/libsecurity_agent-55000/mig/sa_request.defs b/libsecurity_agent-55000/mig/sa_request.defs new file mode 100644 index 000000000..4411b1c3c --- /dev/null +++ b/libsecurity_agent-55000/mig/sa_request.defs @@ -0,0 +1,70 @@ +// +// sa_request.defs - Client-side Mach RPC interface to SecurityAgent. +// +#include +#include + +subsystem secagentrequest 1100; +serverprefix sa_request_server_; +userprefix sa_request_client_; + +import ; + +// +// Data types +// +type Data = array [] of char; + +type AuthorizationString = c_string[*:1024]; +type AuthorizationItemSetBlob = Data + ctype: AuthorizationItemSetPtr; +type AuthorizationItemSetPtr = unsigned32; +type AuthorizationValueVectorBlob = Data + ctype: AuthorizationValueVectorPtr; +type AuthorizationValueVectorPtr = unsigned32; +type SessionId = unsigned32; +type Choice = struct[2] of unsigned32; + +#define BLOB(name,type) name: type##Blob; name##Base: type##Ptr + +// +// Staged SecurityAgent request protocol +// +simpleroutine create(requestport agentPort: mach_port_t; + instanceReplyPort: mach_port_make_send_t; // give agent send rights for replies + sessionId: SessionId; + pluginId: AuthorizationString; + mechanismId: AuthorizationString); + +simpleroutine invoke(requestport instanceRequestPort: mach_port_t; + BLOB(argumentsIn,AuthorizationValueVector); + BLOB(hintsIn,AuthorizationItemSet); + BLOB(contextIn,AuthorizationItemSet)); + +simpleroutine deactivate(requestport instanceRequestPort: mach_port_t); + +simpleroutine destroy(requestport instanceRequestPort: mach_port_t); + +// +// Tell the SecurityAgent to go away we no longer need you. +// +simpleroutine terminate(requestport agentPort: mach_port_t); + +// +// Support transaction semantics outside the usual client protocol +// (those semantics not defined here) +// +routine txStart(agentPort: mach_port_t; + sreplyport clientReplyPort: mach_port_make_send_once_t); + +simpleroutine txEnd(agentPort: mach_port_t); + +// +// client check-in +// +simpleroutine contact(requestport agentPort: mach_port_t; + clientPort: mach_port_make_send_t; + serveraudittoken sourceAudit: audit_token_t; + jobPort: mach_port_move_send_t; + processBootstrap: mach_port_t; + userPrefs: mach_port_t);