backends/mac/kauth-policy-gen-mac.cpp

0001 /*
0002     SPDX-FileCopyrightText: 2008 Nicola Gigante <nicola.gigante@gmail.com>
0003
0004     SPDX-License-Identifier: LGPL-2.1-or-later
0005 */
0006
0007 #include "../../policy-gen/policy-gen.h"
0008
0009 #include <Security/Security.h>
0010 #include <iostream>
0011
0012 #include <QDebug>
0013
0014 using namespace std;
0015
0016 void output(const QList<Action> &actions, const QMap<QString, QString> &domain)
0017 {
0018     AuthorizationRef auth;
0019     AuthorizationCreate(NULL, kAuthorizationEmptyEnvironment, kAuthorizationFlagDefaults, &auth);
0020
0021     OSStatus err;
0022
0023     for (const Action &action : std::as_const(actions)) {
0024         err = AuthorizationRightGet(action.name.toLatin1().constData(), NULL);
0025
0026         if (err != errAuthorizationSuccess) {
0027             QString rule;
0028
0029             if (action.policy == QLatin1String("yes")) {
0030                 rule = QString::fromLatin1(kAuthorizationRuleClassAllow);
0031             } else if (action.policy == QLatin1String("no")) {
0032                 rule = QString::fromLatin1(kAuthorizationRuleClassDeny);
0033             } else if (action.policy == QLatin1String("auth_self")) {
0034                 rule = QString::fromLatin1(kAuthorizationRuleAuthenticateAsSessionUser);
0035             } else if (action.policy == QLatin1String("auth_admin")) {
0036                 rule = QString::fromLatin1(kAuthorizationRuleAuthenticateAsAdmin);
0037             }
0038
0039             CFStringRef cfRule = CFStringCreateWithCString(NULL, rule.toLatin1().constData(), kCFStringEncodingASCII);
0040             CFStringRef cfPrompt =
0041                 CFStringCreateWithCString(NULL, action.descriptions.value(QLatin1String("en")).toLatin1().constData(), kCFStringEncodingASCII);
0042
0043             err = AuthorizationRightSet(auth, action.name.toLatin1().constData(), cfRule, cfPrompt, NULL, NULL);
0044             if (err != noErr) {
0045                 cerr << "You don't have the right to edit the security database (try to run cmake with sudo): " << err << endl;
0046                 exit(1);
0047             } else {
0048                 qInfo() << "Created or updated rule" << rule << "for right entry" << action.name << "policy" << action.policy << "; domain=" << domain;
0049             }
0050         }
0051     }
0052 }