1/* 2 * Copyright (c) 2003-2004 Apple Computer, Inc. All Rights Reserved. 3 * 4 * @APPLE_LICENSE_HEADER_START@ 5 * 6 * This file contains Original Code and/or Modifications of Original Code 7 * as defined in and that are subject to the Apple Public Source License 8 * Version 2.0 (the 'License'). You may not use this file except in 9 * compliance with the License. Please obtain a copy of the License at 10 * http://www.opensource.apple.com/apsl/ and read it before using this 11 * file. 12 * 13 * The Original Code and all software distributed under the License are 14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 18 * Please see the License for the specific language governing rights and 19 * limitations under the License. 20 * 21 * @APPLE_LICENSE_HEADER_END@ 22 * 23 * user_trust_enable.cpp 24 */ 25 26#include "user_trust_enable.h" 27#include <errno.h> 28#include <unistd.h> 29#include <security_utilities/simpleprefs.h> 30#include <Security/TrustSettingsSchema.h> /* private SPI */ 31#include <CoreFoundation/CFNumber.h> 32 33typedef enum { 34 utoSet = 0, 35 utoShow 36} UserTrustOp; 37 38int 39user_trust_enable(int argc, char * const *argv) 40{ 41 extern int optind; 42 int arg; 43 UserTrustOp op = utoShow; 44 CFBooleanRef disabledBool = kCFBooleanFalse; /* what we write to prefs */ 45 optind = 1; 46 int ourRtn = 0; 47 48 while ((arg = getopt(argc, argv, "deh")) != -1) { 49 switch (arg) { 50 case 'd': 51 op = utoSet; 52 disabledBool = kCFBooleanTrue; 53 break; 54 case 'e': 55 op = utoSet; 56 disabledBool = kCFBooleanFalse; 57 break; 58 default: 59 case 'h': 60 return 2; /* @@@ Return 2 triggers usage message. */ 61 } 62 } 63 if(optind != argc) { 64 return 2; /* @@@ Return 2 triggers usage message. */ 65 } 66 67 if(op == utoShow) { 68 bool utDisable = false; 69 70#if !defined MAC_OS_X_VERSION_10_6 || MAC_OS_X_VERSION_MAX_ALLOWED < MAC_OS_X_VERSION_10_6 71 Dictionary* prefsDict = new Dictionary(kSecTrustSettingsPrefsDomain, Dictionary::US_System); 72#else 73 Dictionary* prefsDict = Dictionary::CreateDictionary(kSecTrustSettingsPrefsDomain, Dictionary::US_System); 74#endif 75 if (prefsDict != NULL) 76 { 77 utDisable = prefsDict->getBoolValue(kSecTrustSettingsDisableUserTrustSettings); 78 delete prefsDict; 79 } 80 81 fprintf(stdout, "User-level Trust Settings are %s\n", 82 utDisable ? "Disabled" : "Enabled"); 83 return 0; 84 } 85 86 /* set the pref... */ 87 if(geteuid() != 0) { 88 fprintf(stderr, "You must be root to set this preference.\n"); 89 return 1; 90 } 91 92 /* get a mutable copy of the existing prefs, or a fresh empty one */ 93#if !defined MAC_OS_X_VERSION_10_6 || MAC_OS_X_VERSION_MAX_ALLOWED < MAC_OS_X_VERSION_10_6 94 MutableDictionary *prefsDict = new MutableDictionary(kSecTrustSettingsPrefsDomain, Dictionary::US_System); 95#else 96 MutableDictionary *prefsDict = MutableDictionary::CreateMutableDictionary(kSecTrustSettingsPrefsDomain, Dictionary::US_System); 97#endif 98 if (prefsDict == NULL) 99 { 100 prefsDict = new MutableDictionary(); 101 } 102 103 prefsDict->setValue(kSecTrustSettingsDisableUserTrustSettings, disabledBool); 104 if(prefsDict->writePlistToPrefs(kSecTrustSettingsPrefsDomain, Dictionary::US_System)) { 105 fprintf(stdout, "...User-level Trust Settings are %s\n", 106 (disabledBool == kCFBooleanTrue) ? "Disabled" : "Enabled"); 107 } 108 else { 109 fprintf(stderr, "Could not write system preferences.\n"); 110 ourRtn = 1; 111 } 112 delete prefsDict; 113 return ourRtn; 114} 115