| Index: chrome/installer/mac/keychain_reauthorize_main.cc
|
| ===================================================================
|
| --- chrome/installer/mac/keychain_reauthorize_main.cc (revision 0)
|
| +++ chrome/installer/mac/keychain_reauthorize_main.cc (revision 0)
|
| @@ -0,0 +1,81 @@
|
| +// Copyright (c) 2012 The Chromium Authors. All rights reserved.
|
| +// Use of this source code is governed by a BSD-style license that can be
|
| +// found in the LICENSE file.
|
| +
|
| +// The entry point for the Mac Chrome Keychain Reauthorization process,
|
| +// which runs at update time. It needs to be signed by the old certificate
|
| +// in order to have access to the existing Keychain items, so it takes the
|
| +// form of this little stub that uses dlopen and dlsym to find a current
|
| +// Chrome framework, which can be signed by any certificate including the new
|
| +// one. This architecture allows the updater to peform keychain
|
| +// reauthorization by using an old copy of this executable signed with the old
|
| +// certificate even after the rest of Chrome has switched to being signed with
|
| +// the new certificate. The reauthorization code remains in the framework to
|
| +// avoid duplication and to allow it to change over time without having to
|
| +// re-sign this executable with the old certificate. This uses dlopen and
|
| +// dlsym to avoid problems linking with a library whose path is not fixed and
|
| +// whose version changes with each release.
|
| +//
|
| +// In order to satisfy the requirements of items stored in the Keychain, this
|
| +// executable needs to be named "com.google.Chrome" or
|
| +// "com.google.Chrome.canary", because the original applications were signed
|
| +// with deignated requirements requiring the identifier to be one of those
|
| +// names.
|
| +
|
| +#include <dlfcn.h>
|
| +#include <stdio.h>
|
| +#include <stdlib.h>
|
| +#include <string.h>
|
| +
|
| +__attribute__((visibility("default")))
|
| +int main(int argc, char* argv[]) {
|
| + const char* me = argv[0];
|
| +
|
| + // Since |me| will be something like "com.google.Chrome", also use an
|
| + // alternate name to avoid confusion.
|
| + const char alt_me[] = "keychain_reauthorize";
|
| +
|
| + if (argc != 2) {
|
| + fprintf(stderr, "usage: %s (%s) <framework_code_path>\n", me, alt_me);
|
| + return 1;
|
| + }
|
| +
|
| + const char* framework_code_path = argv[1];
|
| + void* framework_code = dlopen(framework_code_path, RTLD_LAZY | RTLD_GLOBAL);
|
| + if (!framework_code) {
|
| + fprintf(stderr, "%s (%s): dlopen: %s\n", me, alt_me, dlerror());
|
| + return 1;
|
| + }
|
| +
|
| + typedef int(*ChromeMainType)(int, char**);
|
| + ChromeMainType chrome_main =
|
| + reinterpret_cast<ChromeMainType>(dlsym(framework_code, "ChromeMain"));
|
| + if (!chrome_main) {
|
| + fprintf(stderr, "%s (%s): dlsym: %s\n", me, alt_me, dlerror());
|
| + return 1;
|
| + }
|
| +
|
| + // Use strdup to get char* copies of the original const char* strings.
|
| + // ChromeMain doesn't promise that it won't touch its argv.
|
| + char* me_copy = strdup(me);
|
| + char* keychain_reauthorize_argument = strdup("--keychain-reauthorize");
|
| + char* chrome_main_argv[] = {
|
| + me_copy,
|
| + keychain_reauthorize_argument
|
| + };
|
| +
|
| + int chrome_main_argc = sizeof(chrome_main_argv) / sizeof(chrome_main_argv[0]);
|
| +
|
| + // Not expected to return.
|
| + int rv = chrome_main(chrome_main_argc, chrome_main_argv);
|
| +
|
| + fprintf(stderr, "%s (%s): NOTREACHED!\n", me, alt_me);
|
| +
|
| + free(keychain_reauthorize_argument);
|
| + free(me_copy);
|
| +
|
| + // As in chrome_exe_main_mac.cc: exit, don't return from main, to avoid the
|
| + // apparent removal of main from stack backtraces under tail call
|
| + // optimization.
|
| + exit(rv);
|
| +}
|
|
|
| Property changes on: chrome/installer/mac/keychain_reauthorize_main.cc
|
| ___________________________________________________________________
|
| Added: svn:eol-style
|
| + LF
|
|
|
|
|