| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 // The entry point for the Mac Chrome Keychain Reauthorization process, |
| 6 // which runs at update time. It needs to be signed by the old certificate |
| 7 // in order to have access to the existing Keychain items, so it takes the |
| 8 // form of this little stub that uses dlopen and dlsym to find a current |
| 9 // Chrome framework, which can be signed by any certificate including the new |
| 10 // one. This architecture allows the updater to peform keychain |
| 11 // reauthorization by using an old copy of this executable signed with the old |
| 12 // certificate even after the rest of Chrome has switched to being signed with |
| 13 // the new certificate. The reauthorization code remains in the framework to |
| 14 // avoid duplication and to allow it to change over time without having to |
| 15 // re-sign this executable with the old certificate. This uses dlopen and |
| 16 // dlsym to avoid problems linking with a library whose path is not fixed and |
| 17 // whose version changes with each release. |
| 18 // |
| 19 // In order to satisfy the requirements of items stored in the Keychain, this |
| 20 // executable needs to be named "com.google.Chrome" or |
| 21 // "com.google.Chrome.canary", because the original applications were signed |
| 22 // with deignated requirements requiring the identifier to be one of those |
| 23 // names. |
| 24 |
| 25 #include <dlfcn.h> |
| 26 #include <stdio.h> |
| 27 #include <stdlib.h> |
| 28 #include <string.h> |
| 29 |
| 30 __attribute__((visibility("default"))) |
| 31 int main(int argc, char* argv[]) { |
| 32 const char* me = argv[0]; |
| 33 |
| 34 // Since |me| will be something like "com.google.Chrome", also use an |
| 35 // alternate name to avoid confusion. |
| 36 const char alt_me[] = "keychain_reauthorize"; |
| 37 |
| 38 if (argc != 2) { |
| 39 fprintf(stderr, "usage: %s (%s) <framework_code_path>\n", me, alt_me); |
| 40 return 1; |
| 41 } |
| 42 |
| 43 const char* framework_code_path = argv[1]; |
| 44 void* framework_code = dlopen(framework_code_path, RTLD_LAZY | RTLD_GLOBAL); |
| 45 if (!framework_code) { |
| 46 fprintf(stderr, "%s (%s): dlopen: %s\n", me, alt_me, dlerror()); |
| 47 return 1; |
| 48 } |
| 49 |
| 50 typedef int(*ChromeMainType)(int, char**); |
| 51 ChromeMainType chrome_main = |
| 52 reinterpret_cast<ChromeMainType>(dlsym(framework_code, "ChromeMain")); |
| 53 if (!chrome_main) { |
| 54 fprintf(stderr, "%s (%s): dlsym: %s\n", me, alt_me, dlerror()); |
| 55 return 1; |
| 56 } |
| 57 |
| 58 // Use strdup to get char* copies of the original const char* strings. |
| 59 // ChromeMain doesn't promise that it won't touch its argv. |
| 60 char* me_copy = strdup(me); |
| 61 char* keychain_reauthorize_argument = strdup("--keychain-reauthorize"); |
| 62 char* chrome_main_argv[] = { |
| 63 me_copy, |
| 64 keychain_reauthorize_argument |
| 65 }; |
| 66 |
| 67 int chrome_main_argc = sizeof(chrome_main_argv) / sizeof(chrome_main_argv[0]); |
| 68 |
| 69 // Not expected to return. |
| 70 int rv = chrome_main(chrome_main_argc, chrome_main_argv); |
| 71 |
| 72 fprintf(stderr, "%s (%s): NOTREACHED!\n", me, alt_me); |
| 73 |
| 74 free(keychain_reauthorize_argument); |
| 75 free(me_copy); |
| 76 |
| 77 // As in chrome_exe_main_mac.cc: exit, don't return from main, to avoid the |
| 78 // apparent removal of main from stack backtraces under tail call |
| 79 // optimization. |
| 80 exit(rv); |
| 81 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 10377173:
Do Keychain reauthorization at update time (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/