Changeset 342 for trunk/Cocoa/F-Script Anywhere/Source/FSAApp.mm

Timestamp:

10/12/07 21:53:46 (17 years ago)

Author:

rchin

Message:

Leopard compatibility changes:

• Removed some icon caching code that was causing crashes (not sure we really needed those optimizations anyway -- doesn't appear to affect performance)
• Added code to automatically try to add certificate to keychain, for new code signing behavior (replaces previous procmod nonesense).
• Note that the enclosed public certificate is mine, and so it will need to be signed by me. In the case that someone else wants to distribute this binary, please replace Certficiate.cer with your own public certificate, and then make sure o code sign the binary after it is built.

File:

• trunk/Cocoa/F-Script Anywhere/Source/FSAApp.mm (modified) (3 diffs)

trunk/Cocoa/F-Script Anywhere/Source/FSAApp.mm

@@ -27 +27 @@
 #import "FSAApp.h"
 #import "FSAnywhere.h"
-#import <DSCL/PathManager.h>
 #import <CoreFoundation/CoreFoundation.h>
 #import <ApplicationServices/ApplicationServices.h>
@@ -45 +44 @@
     { 5, @"F-Script Anywhere must be installed in a Cocoa application running as the current user.\n\nYou may be attempting to install in a setuid application, which is not supported" },
     { 11, @"F-Script Anywhere cannot be installed in itself.\n\nIf you wish to install F-Script Anywhere in itself, make a copy of the F-Script Anywhere application and install one copy into the other" },
-    { smUnExBusErr, @"a bus error occurred.\n\nTry switching to the application first then using F-Script AnywhereÕs dock menu to install" },
+    { smUnExBusErr, @"a bus error occurred.\n\nTry switching to the application first then using F-Script Anywhere's dock menu to install" },
     { fnfErr, @"F-Script Anywhere was unable to locate its component to install in the application.  Please try reinstalling F-Script Anywhere" },
     { cfragDupRegistrationErr, @"another running copy of F-Script Anywhere is already installed in the application"},
@@ -222 +221 @@
 }
 
--(tDirStatus)authorizeAndAddToProcMod:(NSString *)username
-{
-    OSStatus myStatus;
-    
-    if(![self createAuthorization])
-        return eDSAuthFailed;
-    
-    NSString *myToolPath = [[NSBundle mainBundle] pathForResource:@"AddToProcMod" ofType:@""];
-    char *myArguments[] = { (char *)[username UTF8String], NULL };
-    FILE *myCommunicationsPipe = NULL;
-    char myReadBuffer[128];
-    myStatus = AuthorizationExecuteWithPrivileges(myAuthorizationRef, [myToolPath UTF8String],
-                                                  myFlags, myArguments,
-                                                  &myCommunicationsPipe);
-    
-    int didRead = 0;
-    int lastRead;
-    while((lastRead = read(fileno(myCommunicationsPipe), myReadBuffer, sizeof(myReadBuffer) - didRead - 1)) && (lastRead > 0))
-        didRead += lastRead;
-    
-    myReadBuffer[didRead - 1] = 0;
-    
-    return (tDirStatus)strtol(myReadBuffer, NULL, 10);
-}
-
 - (void)finishLaunching
 {
     mach_port_t     taskOfOurProcess = mach_task_self();
     mach_port_t     machPortForProcess;
-    
-    if(task_for_pid(taskOfOurProcess, 1, &machPortForProcess) != KERN_SUCCESS){ // launchd should always be pid 1
-        if(![[NSUserDefaults standardUserDefaults] objectForKey:@"doPathCheck"])
-            [[NSUserDefaults standardUserDefaults] setBool:YES forKey:@"doPathCheck"];
-        
-        if([[NSUserDefaults standardUserDefaults] boolForKey:@"doPathCheck"]){
-top:
-            PathManager *pm = [[PathManager alloc] initWithLocalNode];
-            [pm backupStack];
-            @try {
-                [pm cd:@"/Groups/procmod"];
-            } @catch ( NSException *exception ) {
-                goto next;  // this means we must be on ppc 10.4 or less.
-            }
-            CFDictionaryRef sessionInfoDict = CGSessionCopyCurrentDictionary();
-            if(sessionInfoDict){
-                CFStringRef shortUserName = (CFStringRef)CFDictionaryGetValue(sessionInfoDict, kCGSessionUserNameKey);
-                if(![[[pm lastObject] readArray:@"GroupMembership"] containsObject:(NSString *)shortUserName]){
-                    switch([[NSAlert alertWithMessageText:[NSString stringWithFormat:@"User %@ not in the procmod group", shortUserName]
-                                            defaultButton:@"Add me"
-                                          alternateButton:@"Disable checking"
-                                              otherButton:@"Ignore message"
-                                informativeTextWithFormat:@"F-Script Anywhere requires that you add yourself to the procmod "
-                        "group in order for it to function properly. If you like, F-Script Anywhere can automatically add you "
-                        "to the procmod group."] runModal]){
-                        case NSAlertDefaultReturn:
-                        {
-                            tDirStatus status = [self authorizeAndAddToProcMod:(NSString *)shortUserName];
-                            if(status != eDSNoErr){
-                                [[NSAlert alertWithMessageText:@"Error adding to procmod group"
-                                                 defaultButton:nil
-                                               alternateButton:nil
-                                                   otherButton:nil
-                                     informativeTextWithFormat:@"There was an error (%@) adding you to the procmod group. ", [[NSClassFromString(@"DSoStatus") sharedInstance] stringForStatus:status]] runModal];
-                            } else {
-                                [[NSAlert alertWithMessageText:@"Adding user procmod group succeeded"
-                                                 defaultButton:nil
-                                               alternateButton:nil
-                                                   otherButton:nil
-                                     informativeTextWithFormat:@"You may have to wait a few minutes until the system updates its caches (or alternatively, reboot your machine) before things will work properly."] runModal];
-                            }
-                        }
-                            [pm restoreStack];
-                            [pm release];
-                            goto top;
-                        case NSAlertAlternateReturn:
-                            [[NSUserDefaults standardUserDefaults] setBool:NO forKey:@"doPathCheck"];
-                            break;
-                        default:
-                            break;
-                    }            
-                }
-            }
-            [pm restoreStack];
-            [pm release];
-        }
+    /* under new rules for task_for_pid, only processes with proper permissions can call task_for_pid successfullly */
+    int ourPid = [[NSProcessInfo processInfo] processIdentifier];
+    NSLog(@"our pid %d", ourPid);
+    if(task_for_pid(taskOfOurProcess, ourPid, &machPortForProcess) == KERN_SUCCESS){ // launchd should always be pid 1
+        mach_port_deallocate(taskOfOurProcess, machPortForProcess);
     } else {
-        mach_port_deallocate(taskOfOurProcess, machPortForProcess);
-    }
-next:
+        int result = NSRunInformationalAlertPanel(
+                                                  NSLocalizedString(@"Certificate not trusted", "Framework not found alert title"),
+                                                  NSLocalizedString(@"Due to new security features in Leopard, F-Script Anywhere requires you to to trust the signature on the current application. "
+                                                                    "You have several options:\n"
+                                                                    "1. You can add the signing certificate automatically to your keychain, in which case you should click \"OK\" in the next dialog box to add the certificate to your keychain, and then \"Always Trust.\"\n"
+                                                                    "2. You can quit F-Script Anywhere, create a signing authority on your local machine, trust it, and then sign the application binary yourself.\n"
+                                                                    @"Note that if you add the certificate properly and you still get an F-Script Anywhere error when injecting, you may need to restart your computer to clear the proper keychain caches.", @"no certificate warning message"),
+                                                  NSLocalizedString(@"Add certificate", "'add certificate button title"),
+                                                  NSLocalizedString(@"Quit", "Quit button title"),
+                                                  NULL);
+        switch (result) {
+            case NSAlertDefaultReturn:
+                NSString *certPath = [[NSBundle mainBundle] pathForResource:@"Certificate" ofType:@"cer"];
+                [[NSWorkspace sharedWorkspace] openURL:[NSURL fileURLWithPath:certPath]];
+                break;
+            case NSAlertAlternateReturn:
+                [self terminate: self];
+                break;
+            default:
+                break;
+        }        
+    }
     patchController = new FSAPatchController(self);
     patchController->AddPatch((CFStringRef)PatchBundleIdentifier, CFSTR("Contents/Resources/"),