From d56e9fce415e5b764091921dd5cedde175fbcf7d Mon Sep 17 00:00:00 2001 From: Adam Ierymenko Date: Wed, 6 May 2015 20:45:02 -0700 Subject: Get user data out of repo. --- .gitignore | 1 + 1 file changed, 1 insertion(+) (limited to '.gitignore') diff --git a/.gitignore b/.gitignore index db660e14..f789b3b7 100755 --- a/.gitignore +++ b/.gitignore @@ -39,3 +39,4 @@ /root-topology/*.secret /root-topology/test/supernodes /root-topology/test/test-root-topology +xcuserdata -- cgit v1.2.3 From 4426899e8c9469518325f39f173151b3535ac20e Mon Sep 17 00:00:00 2001 From: Adam Ierymenko Date: Wed, 6 May 2015 21:02:59 -0700 Subject: Add support for local user account caching of authtoken.secret as in old UI -- this is now pretty much working. --- .gitignore | 2 +- .../api.xcuserdatad/UserInterfaceState.xcuserstate | Bin 19568 -> 0 bytes .../api.xcuserdatad/xcschemes/MacGap.xcscheme | 88 ------------ .../xcschemes/xcschememanagement.plist | 22 --- ext/mac-ui-macgap1-wrapper/MacGap/AppDelegate.m | 153 +++++++++++++-------- 5 files changed, 95 insertions(+), 170 deletions(-) delete mode 100644 ext/mac-ui-macgap1-wrapper/MacGap.xcodeproj/project.xcworkspace/xcuserdata/api.xcuserdatad/UserInterfaceState.xcuserstate delete mode 100644 ext/mac-ui-macgap1-wrapper/MacGap.xcodeproj/xcuserdata/api.xcuserdatad/xcschemes/MacGap.xcscheme delete mode 100644 ext/mac-ui-macgap1-wrapper/MacGap.xcodeproj/xcuserdata/api.xcuserdatad/xcschemes/xcschememanagement.plist (limited to '.gitignore') diff --git a/.gitignore b/.gitignore index f789b3b7..4a24c4db 100755 --- a/.gitignore +++ b/.gitignore @@ -39,4 +39,4 @@ /root-topology/*.secret /root-topology/test/supernodes /root-topology/test/test-root-topology -xcuserdata +/ext/mac-ui-macgap1-wrapper/MacGap.xcodeproj/project.xcworkspace/xcuserdata/* diff --git a/ext/mac-ui-macgap1-wrapper/MacGap.xcodeproj/project.xcworkspace/xcuserdata/api.xcuserdatad/UserInterfaceState.xcuserstate b/ext/mac-ui-macgap1-wrapper/MacGap.xcodeproj/project.xcworkspace/xcuserdata/api.xcuserdatad/UserInterfaceState.xcuserstate deleted file mode 100644 index 6dfcf6d0..00000000 Binary files a/ext/mac-ui-macgap1-wrapper/MacGap.xcodeproj/project.xcworkspace/xcuserdata/api.xcuserdatad/UserInterfaceState.xcuserstate and /dev/null differ diff --git a/ext/mac-ui-macgap1-wrapper/MacGap.xcodeproj/xcuserdata/api.xcuserdatad/xcschemes/MacGap.xcscheme b/ext/mac-ui-macgap1-wrapper/MacGap.xcodeproj/xcuserdata/api.xcuserdatad/xcschemes/MacGap.xcscheme deleted file mode 100644 index 2555dc89..00000000 --- a/ext/mac-ui-macgap1-wrapper/MacGap.xcodeproj/xcuserdata/api.xcuserdatad/xcschemes/MacGap.xcscheme +++ /dev/null @@ -1,88 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/ext/mac-ui-macgap1-wrapper/MacGap.xcodeproj/xcuserdata/api.xcuserdatad/xcschemes/xcschememanagement.plist b/ext/mac-ui-macgap1-wrapper/MacGap.xcodeproj/xcuserdata/api.xcuserdatad/xcschemes/xcschememanagement.plist deleted file mode 100644 index 921f1a6f..00000000 --- a/ext/mac-ui-macgap1-wrapper/MacGap.xcodeproj/xcuserdata/api.xcuserdatad/xcschemes/xcschememanagement.plist +++ /dev/null @@ -1,22 +0,0 @@ - - - - - SchemeUserState - - MacGap.xcscheme - - orderHint - 0 - - - SuppressBuildableAutocreation - - FAE451B914BA79C600190544 - - primary - - - - - diff --git a/ext/mac-ui-macgap1-wrapper/MacGap/AppDelegate.m b/ext/mac-ui-macgap1-wrapper/MacGap/AppDelegate.m index 96a3e820..3e25ca13 100644 --- a/ext/mac-ui-macgap1-wrapper/MacGap/AppDelegate.m +++ b/ext/mac-ui-macgap1-wrapper/MacGap/AppDelegate.m @@ -7,6 +7,8 @@ // #import "AppDelegate.h" +#include +#include @implementation AppDelegate @@ -29,75 +31,108 @@ } - (void) applicationDidFinishLaunching:(NSNotification *)aNotification { - // Create authorization reference - OSStatus status; - AuthorizationRef authorizationRef; - - // AuthorizationCreate and pass NULL as the initial - // AuthorizationRights set so that the AuthorizationRef gets created - // successfully, and then later call AuthorizationCopyRights to - // determine or extend the allowable rights. - // http://developer.apple.com/qa/qa2001/qa1172.html - status = AuthorizationCreate(NULL, kAuthorizationEmptyEnvironment, kAuthorizationFlagDefaults, &authorizationRef); - if (status != errAuthorizationSuccess) - { - NSLog(@"Error Creating Initial Authorization: %d", status); - return; - } - - // kAuthorizationRightExecute == "system.privilege.admin" - AuthorizationItem right = {kAuthorizationRightExecute, 0, NULL, 0}; - AuthorizationRights rights = {1, &right}; - AuthorizationFlags flags = kAuthorizationFlagDefaults | kAuthorizationFlagInteractionAllowed | - kAuthorizationFlagPreAuthorize | kAuthorizationFlagExtendRights; - - // Call AuthorizationCopyRights to determine or extend the allowable rights. - status = AuthorizationCopyRights(authorizationRef, &rights, NULL, flags, NULL); - if (status != errAuthorizationSuccess) - { - NSLog(@"Copy Rights Unsuccessful: %d", status); - return; - } - - // use rm tool with -rf - char *tool = "/bin/cat"; - char *args[] = {"/Library/Application Support/ZeroTier/One/authtoken.secret", NULL}; - FILE *pipe = NULL; - - status = AuthorizationExecuteWithPrivileges(authorizationRef, tool, kAuthorizationFlagDefaults, args, &pipe); - if (status != errAuthorizationSuccess) - { - NSLog(@"Error: %d", status); - } - - char url[16384]; - memset(url,0,sizeof(url)); - if (pipe) { - char buf[16384]; + char buf[16384],userAuthTokenPath[4096]; - FILE *pf = fopen("/Library/Application Support/ZeroTier/One/zerotier-one.port","r"); + FILE *pf = fopen("/Library/Application Support/ZeroTier/One/zerotier-one.port","r"); + long port = 9993; // default + if (pf) { long n = fread(buf,1,sizeof(buf)-1,pf); - long port = 9993; // default if (n > 0) { buf[n] = (char)0; port = strtol(buf,(char **)0,10); } fclose(pf); + } - n = (long)fread(buf,1,sizeof(buf)-1,pipe); - if (n > 0) { - buf[n] = (char)0; - snprintf(url,sizeof(url),"http://127.0.0.1:%ld/index.html?authToken=%s",port,buf); + char url[16384]; + memset(url,0,sizeof(url)); + + const char *homeDir = getenv("HOME"); + if (homeDir) { + snprintf(userAuthTokenPath,sizeof(userAuthTokenPath),"%s/Library/Application Support/ZeroTier/One/authtoken.secret",homeDir); + pf = fopen(userAuthTokenPath,"r"); + if (pf) { + long n = fread(buf,1,sizeof(buf)-1,pf); + if (n > 0) { + buf[n] = (char)0; + snprintf(url,sizeof(url),"http://127.0.0.1:%ld/index.html?authToken=%s",port,buf); + } + fclose(pf); + } + } + + if (!url[0]) { + // Create authorization reference + OSStatus status; + AuthorizationRef authorizationRef; + + // AuthorizationCreate and pass NULL as the initial + // AuthorizationRights set so that the AuthorizationRef gets created + // successfully, and then later call AuthorizationCopyRights to + // determine or extend the allowable rights. + // http://developer.apple.com/qa/qa2001/qa1172.html + status = AuthorizationCreate(NULL, kAuthorizationEmptyEnvironment, kAuthorizationFlagDefaults, &authorizationRef); + if (status != errAuthorizationSuccess) + { + NSLog(@"Error Creating Initial Authorization: %d", status); + return; + } + + // kAuthorizationRightExecute == "system.privilege.admin" + AuthorizationItem right = {kAuthorizationRightExecute, 0, NULL, 0}; + AuthorizationRights rights = {1, &right}; + AuthorizationFlags flags = kAuthorizationFlagDefaults | kAuthorizationFlagInteractionAllowed | + kAuthorizationFlagPreAuthorize | kAuthorizationFlagExtendRights; + + // Call AuthorizationCopyRights to determine or extend the allowable rights. + status = AuthorizationCopyRights(authorizationRef, &rights, NULL, flags, NULL); + if (status != errAuthorizationSuccess) + { + NSLog(@"Copy Rights Unsuccessful: %d", status); + return; } - fclose(pipe); + + // use rm tool with -rf + char *tool = "/bin/cat"; + char *args[] = {"/Library/Application Support/ZeroTier/One/authtoken.secret", NULL}; + FILE *pipe = NULL; + + status = AuthorizationExecuteWithPrivileges(authorizationRef, tool, kAuthorizationFlagDefaults, args, &pipe); + if (status != errAuthorizationSuccess) + { + NSLog(@"Error: %d", status); + } + + if (pipe) { + long n = (long)fread(buf,1,sizeof(buf)-1,pipe); + if (n > 0) { + buf[n] = (char)0; + snprintf(url,sizeof(url),"http://127.0.0.1:%ld/index.html?authToken=%s",port,buf); + + if (homeDir) { + snprintf(userAuthTokenPath,sizeof(userAuthTokenPath),"%s/Library/Application Support/ZeroTier",homeDir); + mkdir(userAuthTokenPath,0755); + snprintf(userAuthTokenPath,sizeof(userAuthTokenPath),"%s/Library/Application Support/ZeroTier/One",homeDir); + mkdir(userAuthTokenPath,0755); + snprintf(userAuthTokenPath,sizeof(userAuthTokenPath),"%s/Library/Application Support/ZeroTier/One/authtoken.secret",homeDir); + pf = fopen(userAuthTokenPath,"w"); + if (pf) { + fwrite(buf,1,strlen(buf),pf); + fclose(pf); + chmod(userAuthTokenPath,0600); + } + } + } + fclose(pipe); + } + + // The only way to guarantee that a credential acquired when you + // request a right is not shared with other authorization instances is + // to destroy the credential. To do so, call the AuthorizationFree + // function with the flag kAuthorizationFlagDestroyRights. + // http://developer.apple.com/documentation/Security/Conceptual/authorization_concepts/02authconcepts/chapter_2_section_7.html + status = AuthorizationFree(authorizationRef, kAuthorizationFlagDestroyRights); } - - // The only way to guarantee that a credential acquired when you - // request a right is not shared with other authorization instances is - // to destroy the credential. To do so, call the AuthorizationFree - // function with the flag kAuthorizationFlagDestroyRights. - // http://developer.apple.com/documentation/Security/Conceptual/authorization_concepts/02authconcepts/chapter_2_section_7.html - status = AuthorizationFree(authorizationRef, kAuthorizationFlagDestroyRights); NSString *urlStr = [[NSString alloc] initWithCString:url]; self.windowController = [[WindowController alloc] initWithURL: urlStr]; -- cgit v1.2.3