Eliminate use of private macOS security headers/APIs (Issue #5516)

Eliminate use of deprecated cssmErrorString function. Switch to using SecCertificateCreateWithData. Clean out unused private header availability checks.
apple · Feb 14, 2019 · fa26ab9 · fa26ab9
1 parent ec7e5bd
commit fa26ab9
Show file tree

Hide file tree

Showing 15 changed files with 30 additions and 505 deletions.
diff --git a/Makedefs.in b/Makedefs.in
@@ -99,7 +99,6 @@ LIBGSSAPI = @LIBGSSAPI@
 LIBHEADERS = @LIBHEADERS@
 LIBHEADERSPRIV = @LIBHEADERSPRIV@
 LIBMALLOC = @LIBMALLOC@
-LIBMXML = @LIBMXML@
 LIBPAPER = @LIBPAPER@
 LIBUSB = @LIBUSB@
 LIBWRAP = @LIBWRAP@

diff --git a/backend/ipp.c b/backend/ipp.c
@@ -1,7 +1,7 @@
 /*
  * IPP backend for CUPS.
  *
- * Copyright © 2007-2018 by Apple Inc.
+ * Copyright © 2007-2019 by Apple Inc.
  * Copyright © 1997-2007 by Easy Software Products, all rights reserved.
  *
  * Licensed under Apache License v2.0. See the file "LICENSE" for more
@@ -23,12 +23,8 @@
 # define kPMPrintUIToolAgent "com.apple.printuitool.agent"
 # define kPMStartJob 100
 # define kPMWaitForJob 101
-# ifdef HAVE_XPC_PRIVATE_H
-# include <xpc/private.h>
-# else
 extern void xpc_connection_set_target_uid(xpc_connection_t connection,
  uid_t uid);
-# endif /* HAVE_XPC_PRIVATE_H */
 #endif /* HAVE_GSSAPI && HAVE_XPC */
 
 

diff --git a/config-scripts/cups-common.m4 b/config-scripts/cups-common.m4
@@ -140,16 +140,6 @@ AC_CHECK_HEADER(iconv.h,
  SAVELIBS="$SAVELIBS $LIBS")
  LIBS="$SAVELIBS")
 
-dnl Checks for Mini-XML (www.minixml.org)...
-LIBMXML=""
-AC_CHECK_HEADER(mxml.h,
- SAVELIBS="$LIBS"
- AC_SEARCH_LIBS(mmxlNewElement,mxml,
- AC_DEFINE(HAVE_MXML_H)
- LIBMXML="-lmxml")
- LIBS="$SAVELIBS")
-AC_SUBST(LIBMXML)
-
 dnl Checks for statfs and its many headers...
 AC_CHECK_HEADER(sys/mount.h,AC_DEFINE(HAVE_SYS_MOUNT_H))
 AC_CHECK_HEADER(sys/statfs.h,AC_DEFINE(HAVE_SYS_STATFS_H))
@@ -354,15 +344,12 @@ case $host_os_name in
  dnl Check for framework headers...
  AC_CHECK_HEADER(ApplicationServices/ApplicationServices.h,AC_DEFINE(HAVE_APPLICATIONSERVICES_H))
  AC_CHECK_HEADER(CoreFoundation/CoreFoundation.h,AC_DEFINE(HAVE_COREFOUNDATION_H))
- AC_CHECK_HEADER(CoreFoundation/CFPriv.h,AC_DEFINE(HAVE_CFPRIV_H))
- AC_CHECK_HEADER(CoreFoundation/CFBundlePriv.h,AC_DEFINE(HAVE_CFBUNDLEPRIV_H))
 
  dnl Check for dynamic store function...
  AC_CHECK_FUNCS(SCDynamicStoreCopyComputerName)
 
  dnl Check for the new membership functions in MacOSX 10.4...
  AC_CHECK_HEADER(membership.h,AC_DEFINE(HAVE_MEMBERSHIP_H))
- AC_CHECK_HEADER(membershipPriv.h,AC_DEFINE(HAVE_MEMBERSHIPPRIV_H))
  AC_CHECK_FUNCS(mbr_uid_to_uuid)
 
  dnl Need <dlfcn.h> header...
@@ -396,7 +383,6 @@ case $host_os_name in
  else
  CUPS_DEFAULT_PRINTOPERATOR_AUTH="@AUTHKEY(system.print.operator) @admin @lpadmin"
  fi])
- AC_CHECK_HEADER(Security/SecBasePriv.h,AC_DEFINE(HAVE_SECBASEPRIV_H))
 
  dnl Check for sandbox/Seatbelt support
  if test $host_os_version -ge 100; then
@@ -417,8 +403,6 @@ case $host_os_name in
  AC_CHECK_HEADER(xpc/xpc.h,
  AC_DEFINE(HAVE_XPC)
  INSTALLXPC="install-xpc")
- AC_CHECK_HEADER(xpc/private.h,
- AC_DEFINE(HAVE_XPC_PRIVATE_H))
  ;;
 esac
 

diff --git a/config-scripts/cups-ssl.m4 b/config-scripts/cups-ssl.m4
@@ -1,7 +1,7 @@
 dnl
 dnl TLS stuff for CUPS.
 dnl
-dnl Copyright 2007-2017 by Apple Inc.
+dnl Copyright 2007-2019 by Apple Inc.
 dnl Copyright 1997-2007 by Easy Software Products, all rights reserved.
 dnl
 dnl Licensed under Apache License v2.0. See the file "LICENSE" for more information.
@@ -27,23 +27,12 @@ if test x$enable_ssl != xno; then
  CUPS_SERVERKEYCHAIN="/Library/Keychains/System.keychain"
 
  dnl Check for the various security headers...
- AC_CHECK_HEADER(Security/SecureTransportPriv.h,
- AC_DEFINE(HAVE_SECURETRANSPORTPRIV_H))
  AC_CHECK_HEADER(Security/SecCertificate.h,
  AC_DEFINE(HAVE_SECCERTIFICATE_H))
  AC_CHECK_HEADER(Security/SecItem.h,
  AC_DEFINE(HAVE_SECITEM_H))
- AC_CHECK_HEADER(Security/SecItemPriv.h,
- AC_DEFINE(HAVE_SECITEMPRIV_H),,
- [#include <Security/SecItem.h>])
  AC_CHECK_HEADER(Security/SecPolicy.h,
- AC_DEFINE(HAVE_SECPOLICY_H))
- AC_CHECK_HEADER(Security/SecPolicyPriv.h,
- AC_DEFINE(HAVE_SECPOLICYPRIV_H))
- AC_CHECK_HEADER(Security/SecBasePriv.h,
- AC_DEFINE(HAVE_SECBASEPRIV_H))
- AC_CHECK_HEADER(Security/SecIdentitySearchPriv.h,
- AC_DEFINE(HAVE_SECIDENTITYSEARCHPRIV_H))])
+ AC_DEFINE(HAVE_SECPOLICY_H))])
  fi
  fi
 

diff --git a/config.h.in b/config.h.in
@@ -1,10 +1,11 @@
 /*
  * Configuration file for CUPS.
  *
- * Copyright 2007-2017 by Apple Inc.
+ * Copyright 2007-2019 by Apple Inc.
  * Copyright 1997-2007 by Easy Software Products.
  *
- * Licensed under Apache License v2.0. See the file "LICENSE" for more information.
+ * Licensed under Apache License v2.0. See the file "LICENSE" for more
+ * information.
  */
 
 #ifndef _CUPS_CONFIG_H_
@@ -318,14 +319,9 @@
  */
 
 #undef HAVE_AUTHORIZATION_H
-#undef HAVE_SECBASEPRIV_H
 #undef HAVE_SECCERTIFICATE_H
-#undef HAVE_SECIDENTITYSEARCHPRIV_H
 #undef HAVE_SECITEM_H
-#undef HAVE_SECITEMPRIV_H
 #undef HAVE_SECPOLICY_H
-#undef HAVE_SECPOLICYPRIV_H
-#undef HAVE_SECURETRANSPORTPRIV_H
 
 
 /*
@@ -477,12 +473,10 @@
 
 
 /*
- * Do we have CoreFoundation public and private headers?
+ * Do we have CoreFoundation public headers?
  */
 
 #undef HAVE_COREFOUNDATION_H
-#undef HAVE_CFPRIV_H
-#undef HAVE_CFBUNDLEPRIV_H
 
 
 /*
@@ -511,7 +505,6 @@
  */
 
 #undef HAVE_MEMBERSHIP_H
-#undef HAVE_MEMBERSHIPPRIV_H
 #undef HAVE_MBR_UID_TO_UUID
 
 
@@ -664,14 +657,6 @@
  */
 
 #undef HAVE_XPC
-#undef HAVE_XPC_PRIVATE_H
-
-
-/*
- * Do we have Mini-XML?
- */
-
-#undef HAVE_MXML_H
 
 
 /*

diff --git a/configure b/configure
@@ -735,7 +735,6 @@ INSTALL_GZIP
 LIBWRAP
 USBQUIRKS
 LIBUSB
-LIBMXML
 EGREP
 GREP
 LIBPAPER
@@ -5241,74 +5240,6 @@ fi
 
 
 
-LIBMXML=""
-ac_fn_c_check_header_mongrel "$LINENO" "mxml.h" "ac_cv_header_mxml_h" "$ac_includes_default"
-if test "x$ac_cv_header_mxml_h" = xyes; then :
- SAVELIBS="$LIBS"
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing mmxlNewElement" >&5
-$as_echo_n "checking for library containing mmxlNewElement... " >&6; }
-if ${ac_cv_search_mmxlNewElement+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- ac_func_search_save_LIBS=$LIBS
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-/* Override any GCC internal prototype to avoid an error.
- Use char because int might match the return type of a GCC
- builtin and then its argument prototype would still apply. */
-#ifdef __cplusplus
-extern "C"
-#endif
-char mmxlNewElement ();
-int
-main ()
-{
-return mmxlNewElement ();
- ;
- return 0;
-}
-_ACEOF
-for ac_lib in '' mxml; do
- if test -z "$ac_lib"; then
- ac_res="none required"
- else
- ac_res=-l$ac_lib
- LIBS="-l$ac_lib $ac_func_search_save_LIBS"
- fi
- if ac_fn_c_try_link "$LINENO"; then :
- ac_cv_search_mmxlNewElement=$ac_res
-fi
-rm -f core conftest.err conftest.$ac_objext \
- conftest$ac_exeext
- if ${ac_cv_search_mmxlNewElement+:} false; then :
- break
-fi
-done
-if ${ac_cv_search_mmxlNewElement+:} false; then :
-
-else
- ac_cv_search_mmxlNewElement=no
-fi
-rm conftest.$ac_ext
-LIBS=$ac_func_search_save_LIBS
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_mmxlNewElement" >&5
-$as_echo "$ac_cv_search_mmxlNewElement" >&6; }
-ac_res=$ac_cv_search_mmxlNewElement
-if test "$ac_res" != no; then :
- test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
- $as_echo "#define HAVE_MXML_H 1" >>confdefs.h
-
- LIBMXML="-lmxml"
-fi
-
- LIBS="$SAVELIBS"
-fi
-
-
-
-
 ac_fn_c_check_header_mongrel "$LINENO" "sys/mount.h" "ac_cv_header_sys_mount_h" "$ac_includes_default"
 if test "x$ac_cv_header_sys_mount_h" = xyes; then :
  $as_echo "#define HAVE_SYS_MOUNT_H 1" >>confdefs.h
@@ -5917,20 +5848,6 @@ if test "x$ac_cv_header_CoreFoundation_CoreFoundation_h" = xyes; then :
 fi
 
 
- ac_fn_c_check_header_mongrel "$LINENO" "CoreFoundation/CFPriv.h" "ac_cv_header_CoreFoundation_CFPriv_h" "$ac_includes_default"
-if test "x$ac_cv_header_CoreFoundation_CFPriv_h" = xyes; then :
- $as_echo "#define HAVE_CFPRIV_H 1" >>confdefs.h
-
-fi
-
-
- ac_fn_c_check_header_mongrel "$LINENO" "CoreFoundation/CFBundlePriv.h" "ac_cv_header_CoreFoundation_CFBundlePriv_h" "$ac_includes_default"
-if test "x$ac_cv_header_CoreFoundation_CFBundlePriv_h" = xyes; then :
- $as_echo "#define HAVE_CFBUNDLEPRIV_H 1" >>confdefs.h
-
-fi
-
-
 
  for ac_func in SCDynamicStoreCopyComputerName
 do :
@@ -5951,13 +5868,6 @@ if test "x$ac_cv_header_membership_h" = xyes; then :
 fi
 
 
- ac_fn_c_check_header_mongrel "$LINENO" "membershipPriv.h" "ac_cv_header_membershipPriv_h" "$ac_includes_default"
-if test "x$ac_cv_header_membershipPriv_h" = xyes; then :
- $as_echo "#define HAVE_MEMBERSHIPPRIV_H 1" >>confdefs.h
-
-fi
-
-
  for ac_func in mbr_uid_to_uuid
 do :
  ac_fn_c_check_func "$LINENO" "mbr_uid_to_uuid" "ac_cv_func_mbr_uid_to_uuid"
@@ -6036,13 +5946,6 @@ if test "x$ac_cv_header_Security_Authorization_h" = xyes; then :
 fi
 
 
- ac_fn_c_check_header_mongrel "$LINENO" "Security/SecBasePriv.h" "ac_cv_header_Security_SecBasePriv_h" "$ac_includes_default"
-if test "x$ac_cv_header_Security_SecBasePriv_h" = xyes; then :
- $as_echo "#define HAVE_SECBASEPRIV_H 1" >>confdefs.h
-
-fi
-
-
 
  if test $host_os_version -ge 100; then
  ac_fn_c_check_header_mongrel "$LINENO" "sandbox.h" "ac_cv_header_sandbox_h" "$ac_includes_default"
@@ -6075,13 +5978,6 @@ if test "x$ac_cv_header_xpc_xpc_h" = xyes; then :
 fi
 
 
- ac_fn_c_check_header_mongrel "$LINENO" "xpc/private.h" "ac_cv_header_xpc_private_h" "$ac_includes_default"
-if test "x$ac_cv_header_xpc_private_h" = xyes; then :
- $as_echo "#define HAVE_XPC_PRIVATE_H 1" >>confdefs.h
-
-fi
-
-
  ;;
 esac
 
@@ -8305,14 +8201,7 @@ if test "x$ac_cv_header_Security_SecureTransport_h" = xyes; then :
 
  CUPS_SERVERKEYCHAIN="/Library/Keychains/System.keychain"
 
- ac_fn_c_check_header_mongrel "$LINENO" "Security/SecureTransportPriv.h" "ac_cv_header_Security_SecureTransportPriv_h" "$ac_includes_default"
-if test "x$ac_cv_header_Security_SecureTransportPriv_h" = xyes; then :
- $as_echo "#define HAVE_SECURETRANSPORTPRIV_H 1" >>confdefs.h
-
-fi
-
-
- ac_fn_c_check_header_mongrel "$LINENO" "Security/SecCertificate.h" "ac_cv_header_Security_SecCertificate_h" "$ac_includes_default"
+ ac_fn_c_check_header_mongrel "$LINENO" "Security/SecCertificate.h" "ac_cv_header_Security_SecCertificate_h" "$ac_includes_default"
 if test "x$ac_cv_header_Security_SecCertificate_h" = xyes; then :
  $as_echo "#define HAVE_SECCERTIFICATE_H 1" >>confdefs.h
 
@@ -8326,42 +8215,13 @@ if test "x$ac_cv_header_Security_SecItem_h" = xyes; then :
 fi
 
 
- ac_fn_c_check_header_compile "$LINENO" "Security/SecItemPriv.h" "ac_cv_header_Security_SecItemPriv_h" "#include <Security/SecItem.h>
-"
-if test "x$ac_cv_header_Security_SecItemPriv_h" = xyes; then :
- $as_echo "#define HAVE_SECITEMPRIV_H 1" >>confdefs.h
-
-fi
-
-
  ac_fn_c_check_header_mongrel "$LINENO" "Security/SecPolicy.h" "ac_cv_header_Security_SecPolicy_h" "$ac_includes_default"
 if test "x$ac_cv_header_Security_SecPolicy_h" = xyes; then :
  $as_echo "#define HAVE_SECPOLICY_H 1" >>confdefs.h
 
 fi
 
 
- ac_fn_c_check_header_mongrel "$LINENO" "Security/SecPolicyPriv.h" "ac_cv_header_Security_SecPolicyPriv_h" "$ac_includes_default"
-if test "x$ac_cv_header_Security_SecPolicyPriv_h" = xyes; then :
- $as_echo "#define HAVE_SECPOLICYPRIV_H 1" >>confdefs.h
-
-fi
-
-
- ac_fn_c_check_header_mongrel "$LINENO" "Security/SecBasePriv.h" "ac_cv_header_Security_SecBasePriv_h" "$ac_includes_default"
-if test "x$ac_cv_header_Security_SecBasePriv_h" = xyes; then :
- $as_echo "#define HAVE_SECBASEPRIV_H 1" >>confdefs.h
-
-fi
-
-
- ac_fn_c_check_header_mongrel "$LINENO" "Security/SecIdentitySearchPriv.h" "ac_cv_header_Security_SecIdentitySearchPriv_h" "$ac_includes_default"
-if test "x$ac_cv_header_Security_SecIdentitySearchPriv_h" = xyes; then :
- $as_echo "#define HAVE_SECIDENTITYSEARCHPRIV_H 1" >>confdefs.h
-
-fi
-
-
 fi