149     session_credentials_iterate(auth_token_get_session(engine->auth), ^bool(credential_t cred) {
150         CFSetAddValue(engine->effectiveCredentials, cred);
154     auth_token_credentials_iterate(engine->auth, ^bool(credential_t cred) {
156         if (!credential_get_shared(cred)) {
157             CFSetAddValue(engine->credentials, cred);
264 _evaluate_credential_for_rule(engine_t engine, credential_t cred, rule_t rule, bool ignoreShared, bool sessionOwner, enum Reason * reason)
267         if (credential_is_right(cred) && credential_get_valid(cred) && _compare_string(engine->currentRightName, credential_get_name(cred))) {
269                 if (!rule_get_shared(rule) && credential_get_shared(cred)) {
270                     LOGV("engine[%i]: - shared right %s (does NOT satisfy rule)", connection_get_pid(engine->conn), credential_get_name(cred));
282         return _evaluate_user_credential_for_rule(engine,cred,rule,ignoreShared,sessionOwner, reason);
287 _evaluate_user_credential_for_rule(engine_t engine, credential_t cred, rule_t rule, bool ignoreShared, bool sessionOwner, enum Reason * reason)
291          credential_get_shared(cred) ? "shared " : "",
293          credential_get_name(cred),
294          credential_get_uid(cred),
302     if (credential_get_valid(cred) != true) {
303         LOGV("engine[%i]: - %s %i invalid (does NOT satisfy rule)", connection_get_pid(engine->conn), cred_label, credential_get_uid(cred));
308     if (engine->now - credential_get_creation_time(cred) > rule_get_timeout(rule)) {
309         LOGV("engine[%i]: - %s %i expired '%f > %lli' (does NOT satisfy rule)", connection_get_pid(engine->conn), cred_label, credential_get_uid(cred),
310              (engine->now - credential_get_creation_time(cred)), rule_get_timeout(rule));
317         if (!rule_get_shared(rule) && credential_get_shared(cred)) {
318             LOGV("engine[%i]: - shared %s %i (does NOT satisfy rule)", connection_get_pid(engine->conn), cred_label, credential_get_uid(cred));
324     if (credential_get_uid(cred) == 0) {
325         LOGV("engine[%i]: - %s %i has uid 0 (does satisfy rule)", connection_get_pid(engine->conn), cred_label, credential_get_uid(cred));
330         if (credential_get_uid(cred) == session_get_uid(auth_token_get_session(engine->auth))) {
331             LOGV("engine[%i]: - %s %i is session owner (does satisfy rule)", connection_get_pid(engine->conn), cred_label, credential_get_uid(cred));
350             if (credential_check_membership(cred, rule_get_group(rule))) {
351                 LOGV("engine[%i]: - %s %i is member of group %s (does satisfy rule)", connection_get_pid(engine->conn), cred_label, credential_get_uid(cred), rule_get_group(rule));
361     LOGV("engine[%i]: - %s %i (does NOT satisfy rule)", connection_get_pid(engine->conn), cred_label, credential_get_uid(cred));
685         credential_t cred = (credential_t)value;
687         if (auth_token_least_privileged(engine->auth) && !credential_is_right(cred) && credential_get_valid(cred)) {
688             status = _evaluate_user_credential_for_rule(engine, cred, rule, false, false, NULL);
697         status = _evaluate_credential_for_rule(engine, cred, rule, false, false, NULL);
710         credential_t cred = (credential_t)value;
711         status = _evaluate_credential_for_rule(engine, cred, rule, false, false, NULL);
714             _engine_set_credential(engine, cred, false);
975         credential_t cred = credential_create(pw->pw_uid);
976         if (credential_get_valid(cred)) {
978             _engine_set_credential(engine, cred, shared);
983         CFReleaseSafe(cred);
1135             credential_t cred = (credential_t)value;
1137             if (auth_token_least_privileged(engine->auth) && !credential_is_right(cred))
1141             auth_token_set_credential(engine->auth, cred);
1142             if (credential_get_shared(cred)) {
1143                 session_set_credential(session, cred);
1145             if (credential_is_right(cred)) {
1146                 LOGV("engine[%i]: adding least privileged %scredential %s to authorization", connection_get_pid(engine->conn), credential_get_shared(cred) ? "shared " : "", credential_get_name(cred));
1148                 LOGV("engine[%i]: adding %scredential %s (%i) to authorization", connection_get_pid(engine->conn), credential_get_shared(cred) ? "shared " : "", credential_get_name(cred), credential_get_uid(cred));
1168     auth_token_credentials_iterate(engine->auth, ^bool(credential_t cred) {
1169         _show_cf(cred);
1173     session_credentials_iterate(auth_token_get_session(engine->auth), ^bool(credential_t cred) {
1174         _show_cf(cred);
1287 _engine_set_credential(engine_t engine, credential_t cred, bool shared)
1289     LOGV("engine[%i]: adding %scredential %s (%i) to engine shared: %i", connection_get_pid(engine->conn), credential_get_shared(cred) ? "shared " : "", credential_get_name(cred), credential_get_uid(cred), shared);
1290     CFSetSetValue(engine->credentials, cred);
1292         credential_t sharedCred = credential_create_with_credential(cred, true);

Indexes created Tue Jun 11 21:59:41 MDT 2024