Changeset 229 for trunk/Cocoa/F-Script Anywhere/Source/FSAApp.mm

Timestamp:

05/19/06 08:12:38 (18 years ago)

Author:

rchin

Message:

Created DSCL framework from DSCL open source code (distributed as a part of Darwin from Apple). This is for programmatically testing and adding entries to directory services, so that I can add the user to the procmod group. The modified DSCL code is in a zip file available for people to use (had to add some methods to provide better read functionality). Also has a binary that does the adding to procmod group with escalated privileges when the user authenticates via the authorization services security framework. Updated the readme to reflect this additional step for building.

File:

• trunk/Cocoa/F-Script Anywhere/Source/FSAApp.mm (modified) (2 diffs)

trunk/Cocoa/F-Script Anywhere/Source/FSAApp.mm

@@ -27 +27 @@
 #import "FSAApp.h"
 #import "FSAnywhere.h"
+#import <DSCL/PathManager.h>
+#import <CoreFoundation/CoreFoundation.h>
+#import <ApplicationServices/ApplicationServices.h>
+#import <Security/Authorization.h>
+#import <Security/AuthorizationTags.h>
 
 NSString * const PatchBundleIdentifier = @"net.sabi.FScriptAnywhere";
@@ -130 +135 @@
 }
 
+-(tDirStatus)authorizeAndAddToProcMod:(NSString *)username
+{
+    OSStatus myStatus;
+    AuthorizationFlags myFlags = kAuthorizationFlagDefaults;
+    AuthorizationRef myAuthorizationRef;
+    
+    myStatus = AuthorizationCreate(NULL, kAuthorizationEmptyEnvironment,
+                                   myFlags, &myAuthorizationRef);
+    if(myStatus != errAuthorizationSuccess)
+        return eDSAuthFailed;
+    
+    AuthorizationItem myItems = {kAuthorizationRightExecute, 0, NULL, 0};
+    AuthorizationRights myRights = {1, &myItems};
+    
+    myFlags = kAuthorizationFlagDefaults
+        | kAuthorizationFlagInteractionAllowed
+        | kAuthorizationFlagPreAuthorize
+        | kAuthorizationFlagExtendRights;
+    myStatus = AuthorizationCopyRights(myAuthorizationRef, &myRights,
+                                       NULL, myFlags, NULL);
+    
+    if(myStatus != errAuthorizationSuccess) 
+        return eDSAuthFailed;
+    
+    myFlags = kAuthorizationFlagDefaults;
+    
+    NSString *myToolPath = [[NSBundle mainBundle] pathForResource:@"AddToProcMod" ofType:@""];
+    char *myArguments[] = { (char *)[username UTF8String], NULL };
+    FILE *myCommunicationsPipe = NULL;
+    char myReadBuffer[128];
+    myStatus = AuthorizationExecuteWithPrivileges(myAuthorizationRef, [myToolPath UTF8String],
+                                                  myFlags, myArguments,
+                                                  &myCommunicationsPipe);
+    
+    int didRead = 0;
+    int lastRead;
+    while((lastRead = read(fileno(myCommunicationsPipe), myReadBuffer, sizeof(myReadBuffer) - didRead - 1)) && (lastRead > 0))
+        didRead += lastRead;
+    
+    myReadBuffer[didRead - 1] = 0;
+    
+    AuthorizationFree(myAuthorizationRef, kAuthorizationFlagDefaults);
+
+    return (tDirStatus)strtol(myReadBuffer, NULL, 10);
+}
+
 - (void)finishLaunching
 {
+#ifdef __i386__
+    if(![[NSUserDefaults standardUserDefaults] objectForKey:@"doPathCheck"])
+        [[NSUserDefaults standardUserDefaults] setBool:YES forKey:@"doPathCheck"];
+    
+    if([[NSUserDefaults standardUserDefaults] boolForKey:@"doPathCheck"]){
+top:
+        PathManager *pm = [[PathManager alloc] initWithLocalNode];
+        [pm backupStack];
+        [pm cd:@"/Groups/procmod"];
+        CFDictionaryRef sessionInfoDict = CGSessionCopyCurrentDictionary();
+        if(sessionInfoDict){
+            CFStringRef shortUserName = (CFStringRef)CFDictionaryGetValue(sessionInfoDict, kCGSessionUserNameKey);
+            if(![[[pm lastObject] readArray:@"GroupMembership"] containsObject:(NSString *)shortUserName]){
+                switch([[NSAlert alertWithMessageText:[NSString stringWithFormat:@"User %@ not in the procmod group", shortUserName]
+                                        defaultButton:@"Add me"
+                                      alternateButton:@"Disable checking"
+                                          otherButton:@"Ignore message"
+                            informativeTextWithFormat:@"F-Script Anywhere requires that you add yourself to the procmod "
+                    "group in order for it to function properly. If you like, F-Script Anywhere can automatically add you "
+                    "to the procmod group."] runModal]){
+                    case NSAlertDefaultReturn:
+                    {
+                        tDirStatus status = [self authorizeAndAddToProcMod:(NSString *)shortUserName];
+                        if(status != eDSNoErr){
+                            [[NSAlert alertWithMessageText:@"Error adding to procmod group"
+                                             defaultButton:nil
+                                           alternateButton:nil
+                                               otherButton:nil
+                                 informativeTextWithFormat:@"There was an error (%@) adding you to the procmod group. ", [[NSClassFromString(@"DSoStatus") sharedInstance] stringForStatus:status]] runModal];
+                        }
+                    }
+                        [pm restoreStack];
+                        [pm release];
+                        goto top;
+                    case NSAlertAlternateReturn:
+                        [[NSUserDefaults standardUserDefaults] setBool:NO forKey:@"doPathCheck"];
+                        break;
+                    default:
+                        break;
+                }            
+            }
+        }
+        [pm restoreStack];
+        [pm release];
+    }
+#endif
     patchController = new FSAPatchController(self);
     patchController->AddPatch((CFStringRef)PatchBundleIdentifier, CFSTR("Contents/Resources/"),