#include <Security/AuthSession.h>
#include <CoreFoundation/CoreFoundation.h>
#include <Kerberos/KerberosDebug.h>
#include <Kerberos/LoginSessions.h>
#include <Kerberos/mach_client_utilities.h>
#include <unistd.h>
#include <errno.h>
#include <stdlib.h>
#include <string.h>
#include <sys/stat.h>
#include <pwd.h>
const char *LoginSessionGetSecuritySessionName (void)
{
SecuritySessionId sessionID;
SessionAttributeBits attributes;
int needed = 0;
static char sessionName[kSecuritySessionStringMaxLength + 32];
if (SessionGetInfo (callerSecuritySession, &sessionID, &attributes) == noErr) {
needed = snprintf (sessionName, sizeof (sessionName), "%ld (%s%s%s%s%s)",
sessionID,
(attributes & sessionWasInitialized) ? "inited," : "",
(attributes & sessionIsRoot) ? "root," : "",
(attributes & sessionHasGraphicAccess) ? "gui," : "",
(attributes & sessionHasTTY) ? "tty," : "",
(attributes & sessionIsRemote) ? "remote" : "local");
} else {
needed = snprintf (sessionName, sizeof (sessionName), "No Session");
}
if (needed > (int) sizeof (sessionName)) {
sessionName [sizeof (sessionName) - 1] = '\0';
dprintf ("LoginSessionGetSecuritySessionName overflowed static buffer (%d > %lu)\n",
needed, sizeof (sessionName));
}
return sessionName;
}
boolean_t LoginSessionIsRootSession (void)
{
boolean_t isRootSession = FALSE;
SessionAttributeBits sattrs = 0L;
if ((SessionGetInfo (callerSecuritySession, NULL, &sattrs) == noErr) && (sattrs & sessionIsRoot)) {
isRootSession = TRUE;
}
dprintf ("LoginSessionIsRootSession(): caller is%s running in the root session", isRootSession ? "" : " not");
return isRootSession;
}
LoginSessionAttributes LoginSessionGetSessionAttributes (void)
{
LoginSessionAttributes attributes = 0L;
SessionAttributeBits sattrs = 0L;
int fdIn = fileno (stdin);
int fdOut = fileno (stdout);
char *fdInName = ttyname (fdIn);
if ((SessionGetInfo (callerSecuritySession, NULL, &sattrs) == noErr) && (sattrs & sessionHasGraphicAccess)) {
dprintf ("LoginSessionGetSessionAttributes(): Session has graphic access.");
attributes |= loginSessionHasGraphicsAccess;
CFBundleRef hiToolBoxBundle = CFBundleGetBundleWithIdentifier (CFSTR ("com.apple.HIToolbox"));
if (hiToolBoxBundle != NULL && CFBundleIsExecutableLoaded (hiToolBoxBundle)) {
dprintf ("LoginSessionGetSessionAttributes(): Carbon Toolbox is loaded.");
attributes |= loginSessionCallerUsesGUI;
}
CFBundleRef appKitBundle = CFBundleGetBundleWithIdentifier (CFSTR ("com.apple.AppKit"));
if (appKitBundle != NULL && CFBundleIsExecutableLoaded (appKitBundle)) {
dprintf ("LoginSessionGetSessionAttributes(): AppKit is loaded.");
attributes |= loginSessionCallerUsesGUI;
}
}
if (isatty (fdIn) && isatty (fdOut) && (fdInName != NULL)) {
dprintf ("LoginSessionGetSessionAttributes(): Terminal '%s' of type '%s' exists.", fdInName, getenv ("TERM"));
attributes |= loginSessionHasTerminalAccess;
}
dprintf ("LoginSessionGetSessionAttributes(): Attributes are %x", attributes);
return attributes;
}
uid_t LoginSessionGetSessionUID (void)
{
uid_t uid = geteuid ();
if (uid == 0 ) {
dprintf ("LoginSessionGetSessionUID: geteuid returned UID %d, trying getuid...\n", uid);
uid = getuid ();
}
return uid;
}
uid_t LoginSessionGetSecurityAgentUID (void)
{
uid_t securityAgentUID = 92;
struct passwd *pw = getpwnam ("securityagent");
if (pw != NULL) {
securityAgentUID = pw->pw_uid;
} else {
dprintf ("%s: getpwnam(securityagent) failed, using hardcoded value.", __FUNCTION__);
}
return securityAgentUID;
}