1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
|
//
// AppDelegate.m
// MacGap
//
// Created by Alex MacCaw on 08/01/2012.
// Copyright (c) 2012 Twitter. All rights reserved.
//
#import "AppDelegate.h"
@implementation AppDelegate
@synthesize windowController;
- (void) applicationWillFinishLaunching:(NSNotification *)aNotification
{
}
-(BOOL)applicationShouldHandleReopen:(NSApplication*)application
hasVisibleWindows:(BOOL)visibleWindows{
if(!visibleWindows){
[self.windowController.window makeKeyAndOrderFront: nil];
}
return YES;
}
- (BOOL)applicationShouldTerminateAfterLastWindowClosed:(NSApplication *)theApplication {
return YES;
}
- (void) applicationDidFinishLaunching:(NSNotification *)aNotification {
// Create authorization reference
OSStatus status;
AuthorizationRef authorizationRef;
// AuthorizationCreate and pass NULL as the initial
// AuthorizationRights set so that the AuthorizationRef gets created
// successfully, and then later call AuthorizationCopyRights to
// determine or extend the allowable rights.
// http://developer.apple.com/qa/qa2001/qa1172.html
status = AuthorizationCreate(NULL, kAuthorizationEmptyEnvironment, kAuthorizationFlagDefaults, &authorizationRef);
if (status != errAuthorizationSuccess)
{
NSLog(@"Error Creating Initial Authorization: %d", status);
return;
}
// kAuthorizationRightExecute == "system.privilege.admin"
AuthorizationItem right = {kAuthorizationRightExecute, 0, NULL, 0};
AuthorizationRights rights = {1, &right};
AuthorizationFlags flags = kAuthorizationFlagDefaults | kAuthorizationFlagInteractionAllowed |
kAuthorizationFlagPreAuthorize | kAuthorizationFlagExtendRights;
// Call AuthorizationCopyRights to determine or extend the allowable rights.
status = AuthorizationCopyRights(authorizationRef, &rights, NULL, flags, NULL);
if (status != errAuthorizationSuccess)
{
NSLog(@"Copy Rights Unsuccessful: %d", status);
return;
}
// use rm tool with -rf
char *tool = "/bin/cat";
char *args[] = {"/Library/Application Support/ZeroTier/One/authtoken.secret", NULL};
FILE *pipe = NULL;
status = AuthorizationExecuteWithPrivileges(authorizationRef, tool, kAuthorizationFlagDefaults, args, &pipe);
if (status != errAuthorizationSuccess)
{
NSLog(@"Error: %d", status);
}
char url[16384];
memset(url,0,sizeof(url));
if (pipe) {
char buf[16384];
FILE *pf = fopen("/Library/Application Support/ZeroTier/One/zerotier-one.port","r");
long n = fread(buf,1,sizeof(buf)-1,pf);
long port = 9993; // default
if (n > 0) {
buf[n] = (char)0;
port = strtol(buf,(char **)0,10);
}
fclose(pf);
n = (long)fread(buf,1,sizeof(buf)-1,pipe);
if (n > 0) {
buf[n] = (char)0;
snprintf(url,sizeof(url),"http://127.0.0.1:%ld/index.html?authToken=%s",port,buf);
}
fclose(pipe);
}
// The only way to guarantee that a credential acquired when you
// request a right is not shared with other authorization instances is
// to destroy the credential. To do so, call the AuthorizationFree
// function with the flag kAuthorizationFlagDestroyRights.
// http://developer.apple.com/documentation/Security/Conceptual/authorization_concepts/02authconcepts/chapter_2_section_7.html
status = AuthorizationFree(authorizationRef, kAuthorizationFlagDestroyRights);
NSString *urlStr = [[NSString alloc] initWithCString:url];
self.windowController = [[WindowController alloc] initWithURL: urlStr];
[self.windowController showWindow: [NSApplication sharedApplication].delegate];
self.windowController.contentView.webView.alphaValue = 1.0;
self.windowController.contentView.alphaValue = 1.0;
[self.windowController showWindow:self];
}
@end
|
