neoarz/SideStore
1
0
Fork 0
mirror of https://github.com/SideStore/SideStore.git synced 2026-02-09 06:43:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

[AltServer] Refactors Mail plug-in installation to fix notarization errors

Browse Source 
AltServer must now download the Mail plug-in at runtime, because notarization will fail if AltServer contains an unsigned binary (and as of Catalina, Mail plug-ins only work if they’re unsigned)
This commit is contained in:
Riley Testut
2020-02-13 21:41:31 -08:00
parent 891da58cfd
commit 07efd681c1
19 changed files with 870 additions and 690 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
Pods/STPrivilegedTask/LICENSE generated Normal file
View File

@@ -0,0 +1,29 @@
BSD 3-Clause License
Copyright (c) 2009, Sveinbjorn Thordarson
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
* Redistributions of source code must retain the above copyright notice, this
list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer in the documentation
and/or other materials provided with the distribution.
* Neither the name of the copyright holder nor the names of its
contributors may be used to endorse or promote products derived from
this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

22
Pods/STPrivilegedTask/LICENSE.txt generated
View File

@@ -1,22 +0,0 @@
# BSD License
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in the
# documentation and/or other materials provided with the distribution.
# * Neither the name of Sveinbjorn Thordarson nor that of any other
# contributors may be used to endorse or promote products
# derived from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
# DISCLAIMED. IN NO EVENT SHALL BE LIABLE FOR ANY
# DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

211
Pods/STPrivilegedTask/README.md generated
View File

@@ -1,58 +1,193 @@
# STPrivilegedTask - Objective C class
An NSTask-like wrapper around AuthorizationExecuteWithPrivileges() in the Security API to run shell commands with root privileges in Mac OS X.
An NSTask-like wrapper around [AuthorizationExecuteWithPrivileges()](https://developer.apple.com/library/mac/documentation/Security/Reference/authorization_ref/#//apple_ref/c/func/AuthorizationExecuteWithPrivileges) in the Security API to run shell commands with root privileges in Mac OS X.
Example of usage:
STPrivilegedTask was created a long time ago. It has now been updated to support ARC and is available via <a href="https://cocoapods.org">CocoaPods</a>.
## Examples
### Create and launch task
```objective-c
// Create task
STPrivilegedTask *privilegedTask = [[STPrivilegedTask alloc] init];
[privilegedTask setLaunchPath:@"/usr/bin/touch"];
NSArray *args = [NSArray arrayWithObject:@"/etc/my_test_file"];
[privilegedTask setArguments:args];
[privilegedTask setCurrentDirectoryPath:[[NSBundle mainBundle] resourcePath]];
[privilegedTask setArguments:@[@"/etc/my_test_file"]];
//set it off
// Setting working directory is optional, defaults to /
// NSString *path = [[NSBundle mainBundle] resourcePath];
// [privilegedTask setCurrentDirectoryPath:path];
// Launch it, user is prompted for password
OSStatus err = [privilegedTask launch];
if (err != errAuthorizationSuccess) {
if (err == errAuthorizationCanceled) {
NSLog(@"User cancelled");
} else {
NSLog(@"Something went wrong");
}
if (err == errAuthorizationSuccess) {
NSLog(@"Task successfully launched");
}
else if (err == errAuthorizationCanceled) {
NSLog(@"User cancelled");
}
else {
NSLog(@"Something went wrong");
}
```
See [Authorization.h](http://www.opensource.apple.com/source/libsecurity_authorization/libsecurity_authorization-36329/lib/Authorization.h) for a list of possible error codes.
### Launch task one-liner
```objective-c
OSStatus err = [STPrivilegedTask launchedPrivilegedTaskWithLaunchPath:@"/bin/sh"
arguments:@[@"/path/to/script.sh"]];
```
### Getting task output
```objective-c
// ... launch task
[privilegedTask waitUntilExit];
// Read output file handle for data
NSFileHandle *readHandle = [privilegedTask outputFileHandle];
NSData *outputData = [readHandle readDataToEndOfFile];
NSData *outputData = [[privilegedTask outputFileHandle] readDataToEndOfFile];
NSString *outputString = [[NSString alloc] initWithData:outputData encoding:NSUTF8StringEncoding];
```
# BSD License
### Getting output while task runs in background
```objective-c
// ... launch task
NSFileHandle *readHandle = [privilegedTask outputFileHandle];
[[NSNotificationCenter defaultCenter] addObserver:self selector:@selector(getOutputData:) name:NSFileHandleReadCompletionNotification object:readHandle];
[readHandle readInBackgroundAndNotify];
// ...
- (void)getOutputData:(NSNotification *)aNotification {
//get data from notification
NSData *data = [[aNotification userInfo] objectForKey:NSFileHandleNotificationDataItem];
//make sure there's actual data
if ([data length]) {
// do something with the data
NSString *outputString = [[NSString alloc] initWithData:data encoding:NSUTF8StringEncoding];
NSLog(outputString);
// go read more data in the background
[[aNotification object] readInBackgroundAndNotify];
} else {
// do something else
}
}
```
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in the
# documentation and/or other materials provided with the distribution.
# * Neither the name of Sveinbjorn Thordarson nor that of any other
# contributors may be used to endorse or promote products
# derived from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
# DISCLAIMED. IN NO EVENT SHALL BE LIABLE FOR ANY
# DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
### Task termination
```
You can observe STPrivilegedTaskDidTerminateNotification:
```objective-c
[[NSNotificationCenter defaultCenter] addObserver:self selector:@selector(privilegedTaskFinished:) name:STPrivilegedTaskDidTerminateNotification object:nil];
- (void)privilegedTaskFinished:(NSNotification *)aNotification {
// do something
}
```
Or alternately, set a termination handler:
```objective-c
privilegedTask.terminationHandler = ^(STPrivilegedTask *privilegedTask) {
NSLog(@"Terminating task: %@", [privilegedTask description]);
};
```
### Launch using external AuthorizationRef
```objective-c
// ... Create your own AuthorizationRef
[STPriviledTask launchedPrivilegedTaskWithLaunchPath:@"/bin/sh"
arguments:@"/path/to/script"
currentDirectory:@"/"
authorization:authRef]
```
### AuthorizationExecuteWithPrivileges() is deprecated
[AuthorizationExecuteWithPrivileges()](https://developer.apple.com/library/mac/documentation/Security/Reference/authorization_ref/#//apple_ref/c/func/AuthorizationExecuteWithPrivileges) is deprecated as of macOS 10.7 but remains available
in 10.14 Mojave. If you want to be future-proof, here's how you check if STPrivilegedTask
works in the running version of macOS:
```objective-c
OSStatus err = [privilegedTask launch];
if (err == errAuthorizationFnNoLongerExists) {
NSLog(@"AuthorizationExecuteWithPrivileges not available");
}
```
If you need to check whether STPrivilegedTask works before you launch the task:
```objective-c
BOOL works = [STPrivilegedTask authorizationFunctionAvailable];
```
## Sample app
A sample app which makes use of STPrivilegedTask is included in the project. This app runs the following script:
```
#!/bin/sh
echo "/usr/bin/whoami:"
whoami
echo ""
echo "Real User ID:"
echo $UID \($USER\)
echo ""
echo "Effective User ID:"
/usr/bin/id -u
echo ""
echo "Current working directory:"
echo "$PWD"
exit 5
```
It then presents the output of the script in a window, along with the exit code.
<img src="screenshot.png">
## BSD License
Copyright (c) Sveinbjorn Thordarson &lt;sveinbjorn@sveinbjorn.org&gt;
All rights reserved.
Redistribution and use in source and binary forms, with or without modification,
are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice, this
list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this
list of conditions and the following disclaimer in the documentation and/or other
materials provided with the distribution.
3. Neither the name of the copyright holder nor the names of its contributors may
be used to endorse or promote products derived from this software without specific
prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.

84
Pods/STPrivilegedTask/STPrivilegedTask.h generated Normal file → Executable file
View File

@@ -1,7 +1,6 @@
/*
#
# STPrivilegedTask - NSTask-like wrapper around AuthorizationExecuteWithPrivileges
# Copyright (C) 2009-2015 Sveinbjorn Thordarson <sveinbjornt@gmail.com>
# Copyright (C) 2009-2017 Sveinbjorn Thordarson <sveinbjorn@sveinbjorn.org>
#
# BSD License
# Redistribution and use in source and binary forms, with or without
@@ -11,7 +10,7 @@
# * Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in the
# documentation and/or other materials provided with the distribution.
# * Neither the name of Sveinbjorn Thordarson nor that of any other
# * Neither the name of the copyright holder nor that of any other
# contributors may be used to endorse or promote products
# derived from this software without specific prior written permission.
#
@@ -28,54 +27,43 @@
*/
#import <Cocoa/Cocoa.h>
#import <Carbon/Carbon.h>
#import <Security/Authorization.h>
#import <Security/AuthorizationTags.h>
#define STPrivilegedTaskDidTerminateNotification @"STPrivilegedTaskDidTerminateNotification"
//#define TMP_STDERR_TEMPLATE @".authStderr.XXXXXX"
// Defines error value for when AuthorizationExecuteWithPrivilleges no longer
// exists anyplace. Rather than defining a new enum, we just create a global
// constant
// Defines error value for when AuthorizationExecuteWithPrivileges no longer exists
// Rather than defining a new enum, we just create a global constant
extern const OSStatus errAuthorizationFnNoLongerExists;
@interface STPrivilegedTask : NSObject
{
NSArray *arguments;
NSString *cwd;
NSString *launchPath;
BOOL isRunning;
pid_t pid;
int terminationStatus;
NSFileHandle *outputFileHandle;
NSTimer *checkStatusTimer;
}
-(id)initWithLaunchPath:(NSString *)path;
-(id)initWithLaunchPath:(NSString *)path arguments: (NSArray *)args;
+(STPrivilegedTask *)launchedPrivilegedTaskWithLaunchPath:(NSString *)path;
+(STPrivilegedTask *)launchedPrivilegedTaskWithLaunchPath:(NSString *)path arguments:(NSArray *)arguments;
-(NSArray *)arguments;
-(NSString *)currentDirectoryPath;
-(BOOL)isRunning;
-(int)launch;
-(NSString *)launchPath;
-(int)processIdentifier;
-(void)setArguments:(NSArray *)arguments;
-(void)setCurrentDirectoryPath:(NSString *)path;
-(void)setLaunchPath:(NSString *)path;
-(NSFileHandle *)outputFileHandle;
-(void)terminate; // doesn't work
-(int)terminationStatus;
-(void)_checkTaskStatus;
-(void)waitUntilExit;
@interface STPrivilegedTask : NSObject
@property (copy) NSArray *arguments;
@property (copy) NSString *currentDirectoryPath;
@property (copy) NSString *launchPath;
@property (assign) BOOL freeAuthorizationWhenDone;
@property (readonly) NSFileHandle *outputFileHandle;
@property (readonly) BOOL isRunning;
@property (readonly) pid_t processIdentifier;
@property (readonly) int terminationStatus;
@property (readonly) AuthorizationRef authorization;
@property (copy) void (^terminationHandler)(STPrivilegedTask *);
+ (BOOL)authorizationFunctionAvailable;
- (instancetype)initWithLaunchPath:(NSString *)path;
- (instancetype)initWithLaunchPath:(NSString *)path arguments:(NSArray *)args;
- (instancetype)initWithLaunchPath:(NSString *)path arguments:(NSArray *)args currentDirectory:(NSString *)cwd;
+ (STPrivilegedTask *)launchedPrivilegedTaskWithLaunchPath:(NSString *)path;
+ (STPrivilegedTask *)launchedPrivilegedTaskWithLaunchPath:(NSString *)path arguments:(NSArray *)args;
+ (STPrivilegedTask *)launchedPrivilegedTaskWithLaunchPath:(NSString *)path arguments:(NSArray *)args currentDirectory:(NSString *)cwd;
+ (STPrivilegedTask *)launchedPrivilegedTaskWithLaunchPath:(NSString *)path arguments:(NSArray *)args currentDirectory:(NSString *)cwd authorization:(AuthorizationRef)authorization;
- (OSStatus)launch;
- (OSStatus)launchWithAuthorization:(AuthorizationRef)authorization;
- (void)terminate; // doesn't work
- (void)waitUntilExit;
@end
/*static OSStatus AuthorizationExecuteWithPrivilegesStdErrAndPid (
AuthorizationRef authorization,
const char *pathToTool,
AuthorizationFlags options,
char * const *arguments,
FILE **communicationsPipe,
FILE **errPipe,
pid_t* processid
);*/

496
Pods/STPrivilegedTask/STPrivilegedTask.m generated Normal file → Executable file
View File

@@ -1,7 +1,6 @@
/*
#
# STPrivilegedTask - NSTask-like wrapper around AuthorizationExecuteWithPrivileges
# Copyright (C) 2009-2015 Sveinbjorn Thordarson <sveinbjornt@gmail.com>
# Copyright (C) 2009-2017 Sveinbjorn Thordarson <sveinbjorn@sveinbjorn.org>
#
# BSD License
# Redistribution and use in source and binary forms, with or without
@@ -11,7 +10,7 @@
# * Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in the
# documentation and/or other materials provided with the distribution.
# * Neither the name of Sveinbjorn Thordarson nor that of any other
# * Neither the name of the copyright holder nor that of any other
# contributors may be used to endorse or promote products
# derived from this software without specific prior written permission.
#
@@ -25,192 +24,154 @@
# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
*/
#import "STPrivilegedTask.h"
#import <Security/Authorization.h>
#import <Security/AuthorizationTags.h>
#import <stdio.h>
#import <unistd.h>
#import <dlfcn.h>
/* New error code denoting that AuthorizationExecuteWithPrivileges no longer exists */
// New error code denoting that AuthorizationExecuteWithPrivileges no longer exists
OSStatus const errAuthorizationFnNoLongerExists = -70001;
// Create fn pointer to AuthorizationExecuteWithPrivileges in case
// it doesn't exist in this version of MacOS
static OSStatus (*_AuthExecuteWithPrivsFn)(AuthorizationRef authorization, const char *pathToTool, AuthorizationFlags options,
char * const *arguments, FILE **communicationsPipe) = NULL;
@implementation STPrivilegedTask
- (id)init
{
if ((self = [super init])) {
launchPath = @"";
cwd = [[NSString alloc] initWithString:[[NSFileManager defaultManager] currentDirectoryPath]];
arguments = [[NSArray alloc] init];
isRunning = NO;
outputFileHandle = nil;
NSTimer *_checkStatusTimer;
}
+ (void)initialize;
{
// On 10.7, AuthorizationExecuteWithPrivileges is deprecated. We want
// to still use it since there's no good alternative (without requiring
// code signing). We'll look up the function through dyld and fail if
// it is no longer accessible. If Apple removes the function entirely
// this will fail gracefully. If they keep the function and throw some
// sort of exception, this won't fail gracefully, but that's a risk
// we'll have to take for now.
// Pattern by Andy Kim from Potion Factory LLC
#pragma GCC diagnostic ignored "-Wpedantic" // stop the pedantry!
#pragma clang diagnostic push
_AuthExecuteWithPrivsFn = dlsym(RTLD_DEFAULT, "AuthorizationExecuteWithPrivileges");
#pragma clang diagnostic pop
}
- (instancetype)init
{
self = [super init];
if (self) {
_launchPath = nil;
_arguments = nil;
_freeAuthorizationWhenDone = YES;
_isRunning = NO;
_outputFileHandle = nil;
_terminationHandler = nil;
_authorization = nil;
_currentDirectoryPath = [[NSFileManager defaultManager] currentDirectoryPath];
}
return self;
}
-(void)dealloc
- (instancetype)initWithLaunchPath:(NSString *)path
{
#if !__has_feature(objc_arc)
[launchPath release];
[arguments release];
[cwd release];
if (outputFileHandle != nil) {
[outputFileHandle release];
}
[super dealloc];
#endif
}
-(id)initWithLaunchPath:(NSString *)path arguments:(NSArray *)args
{
if ((self = [self initWithLaunchPath:path])) {
[self setArguments:args];
self = [self init];
if (self) {
self.launchPath = path;
}
return self;
}
-(id)initWithLaunchPath:(NSString *)path
- (instancetype)initWithLaunchPath:(NSString *)path arguments:(NSArray *)args
{
if ((self = [self init])) {
[self setLaunchPath:path];
self = [self initWithLaunchPath:path];
if (self) {
self.arguments = args;
}
return self;
}
- (instancetype)initWithLaunchPath:(NSString *)path arguments:(NSArray *)args currentDirectory:(NSString *)cwd
{
self = [self initWithLaunchPath:path arguments:args];
if (self) {
self.currentDirectoryPath = cwd;
}
return self;
}
- (void)dealloc
{
if (_freeAuthorizationWhenDone && _authorization != nil) {
// free the auth ref
AuthorizationFree(_authorization, kAuthorizationFlagDefaults);
}
}
#pragma mark -
+(STPrivilegedTask *)launchedPrivilegedTaskWithLaunchPath:(NSString *)path arguments:(NSArray *)args
{
STPrivilegedTask *task = [[STPrivilegedTask alloc] initWithLaunchPath:path arguments:args];
#if !__has_feature(objc_arc)
[task autorelease];
#endif
[task launch];
[task waitUntilExit];
return task;
}
+(STPrivilegedTask *)launchedPrivilegedTaskWithLaunchPath:(NSString *)path
+ (STPrivilegedTask *)launchedPrivilegedTaskWithLaunchPath:(NSString *)path
{
STPrivilegedTask *task = [[STPrivilegedTask alloc] initWithLaunchPath:path];
#if !__has_feature(objc_arc)
[task autorelease];
#endif
[task launch];
[task waitUntilExit];
return task;
}
#pragma mark -
- (NSArray *)arguments
+ (STPrivilegedTask *)launchedPrivilegedTaskWithLaunchPath:(NSString *)path arguments:(NSArray *)args
{
return arguments;
STPrivilegedTask *task = [[STPrivilegedTask alloc] initWithLaunchPath:path arguments:args];
[task launch];
[task waitUntilExit];
return task;
}
- (NSString *)currentDirectoryPath;
+ (STPrivilegedTask *)launchedPrivilegedTaskWithLaunchPath:(NSString *)path arguments:(NSArray *)args currentDirectory:(NSString *)cwd
{
return cwd;
STPrivilegedTask *task = [[STPrivilegedTask alloc] initWithLaunchPath:path arguments:args currentDirectory:cwd];
[task launch];
[task waitUntilExit];
return task;
}
- (BOOL)isRunning
+ (STPrivilegedTask *)launchedPrivilegedTaskWithLaunchPath:(NSString *)path arguments:(NSArray *)args currentDirectory:(NSString *)cwd authorization:(AuthorizationRef)authorization
{
return isRunning;
}
- (NSString *)launchPath
{
return launchPath;
}
- (int)processIdentifier
{
return pid;
}
- (int)terminationStatus
{
return terminationStatus;
}
- (NSFileHandle *)outputFileHandle;
{
return outputFileHandle;
}
#pragma mark -
-(void)setArguments:(NSArray *)args
{
#if !__has_feature(objc_arc)
[arguments release];
[args retain];
#endif
arguments = args;
}
-(void)setCurrentDirectoryPath:(NSString *)path
{
#if !__has_feature(objc_arc)
[cwd release];
[path retain];
#endif
cwd = path;
}
-(void)setLaunchPath:(NSString *)path
{
#if !__has_feature(objc_arc)
[launchPath release];
[path retain];
#endif
launchPath = path;
STPrivilegedTask *task = [[STPrivilegedTask alloc] initWithLaunchPath:path arguments:args currentDirectory:cwd];
[task launchWithAuthorization:authorization];
[task waitUntilExit];
return task;
}
# pragma mark -
// return 0 for success
-(int)launch
- (OSStatus)launch
{
if (_isRunning) {
NSLog(@"Task already running: %@", [self description]);
return 0;
}
if ([STPrivilegedTask authorizationFunctionAvailable] == NO) {
NSLog(@"AuthorizationExecuteWithPrivileges() function not available on this system");
return errAuthorizationFnNoLongerExists;
}
OSStatus err = noErr;
const char *toolPath = [launchPath fileSystemRepresentation];
const char *toolPath = [self.launchPath fileSystemRepresentation];
AuthorizationRef authorizationRef;
AuthorizationItem myItems = {kAuthorizationRightExecute, strlen(toolPath), &toolPath, 0};
AuthorizationRights myRights = {1, &myItems};
AuthorizationItem myItems = { kAuthorizationRightExecute, strlen(toolPath), &toolPath, 0 };
AuthorizationRights myRights = { 1, &myItems };
AuthorizationFlags flags = kAuthorizationFlagDefaults | kAuthorizationFlagInteractionAllowed | kAuthorizationFlagPreAuthorize | kAuthorizationFlagExtendRights;
NSUInteger numberOfArguments = [arguments count];
char *args[numberOfArguments + 1];
FILE *outputFile;
// Create fn pointer to AuthorizationExecuteWithPrivileges in case it doesn't exist
// in this version of MacOS
static OSStatus (*_AuthExecuteWithPrivsFn)(
AuthorizationRef authorization, const char *pathToTool, AuthorizationFlags options,
char * const *arguments, FILE **communicationsPipe) = NULL;
// Check to see if we have the correct function in our loaded libraries
if (!_AuthExecuteWithPrivsFn) {
// On 10.7, AuthorizationExecuteWithPrivileges is deprecated. We want
// to still use it since there's no good alternative (without requiring
// code signing). We'll look up the function through dyld and fail if
// it is no longer accessible. If Apple removes the function entirely
// this will fail gracefully. If they keep the function and throw some
// sort of exception, this won't fail gracefully, but that's a risk
// we'll have to take for now.
// Pattern by Andy Kim from Potion Factory LLC
_AuthExecuteWithPrivsFn = dlsym(RTLD_DEFAULT, "AuthorizationExecuteWithPrivileges");
if (!_AuthExecuteWithPrivsFn) {
// This version of OS X has finally removed this function. Exit with an error.
err = errAuthorizationFnNoLongerExists;
return err;
}
}
// Use Apple's Authentication Manager APIs to get an Authorization Reference
// These Apple APIs are quite possibly the most horrible of the Mac OS X APIs
@@ -227,24 +188,51 @@ OSStatus const errAuthorizationFnNoLongerExists = -70001;
}
// OK, at this point we have received authorization for the task.
err = [self launchWithAuthorization:authorizationRef];
return err;
}
- (OSStatus)launchWithAuthorization:(AuthorizationRef)authorization
{
_authorization = authorization;
if (_isRunning) {
NSLog(@"Task already running: %@", [self description]);
return 0;
}
if ([STPrivilegedTask authorizationFunctionAvailable] == NO) {
NSLog(@"AuthorizationExecuteWithPrivileges() function not available on this system");
return errAuthorizationFnNoLongerExists;
}
// Assuming the authorization is valid for the task.
// Let's prepare to launch it
NSArray *arguments = self.arguments;
NSUInteger numberOfArguments = [arguments count];
char *args[numberOfArguments + 1];
FILE *outputFile;
const char *toolPath = [self.launchPath fileSystemRepresentation];
// first, construct an array of c strings from NSArray w. arguments
for (int i = 0; i < numberOfArguments; i++) {
NSString *argString = arguments[i];
NSUInteger stringLength = [argString length];
const char *fsrep = [argString fileSystemRepresentation];
NSUInteger stringLength = strlen(fsrep);
args[i] = malloc((stringLength + 1) * sizeof(char));
snprintf(args[i], stringLength + 1, "%s", [argString fileSystemRepresentation]);
snprintf(args[i], stringLength + 1, "%s", fsrep);
}
args[numberOfArguments] = NULL;
// change to the current dir specified
char *prevCwd = (char *)getcwd(nil, 0);
chdir([cwd fileSystemRepresentation]);
chdir([self.currentDirectoryPath fileSystemRepresentation]);
//use Authorization Reference to execute script with privileges
err = _AuthExecuteWithPrivsFn(authorizationRef, [launchPath fileSystemRepresentation], kAuthorizationFlagDefaults, args, &outputFile);
OSStatus err = _AuthExecuteWithPrivsFn(authorization, toolPath, kAuthorizationFlagDefaults, args, &outputFile);
// OK, now we're done executing, let's change back to old dir
chdir(prevCwd);
@@ -254,208 +242,92 @@ OSStatus const errAuthorizationFnNoLongerExists = -70001;
free(args[i]);
}
// free the auth ref
AuthorizationFree(authorizationRef, kAuthorizationFlagDefaults);
// we return err if execution failed
if (err != errAuthorizationSuccess) {
return err;
} else {
isRunning = YES;
_isRunning = YES;
}
// get file handle for the command output
outputFileHandle = [[NSFileHandle alloc] initWithFileDescriptor:fileno(outputFile) closeOnDealloc:YES];
pid = fcntl(fileno(outputFile), F_GETOWN, 0);
_outputFileHandle = [[NSFileHandle alloc] initWithFileDescriptor:fileno(outputFile) closeOnDealloc:YES];
_processIdentifier = fcntl(fileno(outputFile), F_GETOWN, 0);
// start monitoring task
checkStatusTimer = [NSTimer scheduledTimerWithTimeInterval:0.10 target:self selector:@selector(_checkTaskStatus) userInfo:nil repeats:YES];
_checkStatusTimer = [NSTimer scheduledTimerWithTimeInterval:0.05 target:self selector:@selector(checkTaskStatus) userInfo:nil repeats:YES];
return err;
}
- (void)terminate
{
// This doesn't work without a PID, and we can't get one. Stupid Security API
/* int ret = kill(pid, SIGKILL);
if (ret != 0)
NSLog(@"Error %d", errno);*/
// This doesn't work without a PID, and we can't get one. Stupid Security API.
// int ret = kill(pid, SIGKILL);
//
// if (ret != 0) {
// NSLog(@"Error %d", errno);
// }
}
// hang until task is done
- (void)waitUntilExit
{
waitpid([self processIdentifier], &terminationStatus, 0);
isRunning = NO;
if (!_isRunning) {
NSLog(@"Task %@ is not running", [super description]);
return;
}
[_checkStatusTimer invalidate];
int status;
pid_t pid = 0;
while ((pid = waitpid(_processIdentifier, &status, WNOHANG)) == 0) {
// do nothing
}
_terminationStatus = WEXITSTATUS(status);
_isRunning = NO;
}
#pragma mark -
// check if privileged task is still running
- (void)_checkTaskStatus
{
// see if task has terminated
int mypid = waitpid([self processIdentifier], &terminationStatus, WNOHANG);
if (mypid != 0) {
isRunning = NO;
// check if task has terminated
- (void)checkTaskStatus
{
int status;
pid_t pid = waitpid(_processIdentifier, &status, WNOHANG);
if (pid != 0) {
_isRunning = NO;
_terminationStatus = WEXITSTATUS(status);
[_checkStatusTimer invalidate];
[[NSNotificationCenter defaultCenter] postNotificationName:STPrivilegedTaskDidTerminateNotification object:self];
[checkStatusTimer invalidate];
if (_terminationHandler) {
_terminationHandler(self);
}
}
}
#pragma mark -
+ (BOOL)authorizationFunctionAvailable
{
if (!_AuthExecuteWithPrivsFn) {
// This version of OS X has finally removed this function. Return with an error.
return NO;
}
return YES;
}
#pragma mark -
// Nice description for debugging
- (NSString *)description
{
NSArray *args = [self arguments];
NSString *cmd = [[self launchPath] copy];
NSString *commandDescription = [NSString stringWithString:self.launchPath];
for (int i = 0; i < [args count]; i++) {
cmd = [cmd stringByAppendingFormat:@" %@", args[i]];
for (NSString *arg in self.arguments) {
commandDescription = [commandDescription stringByAppendingFormat:@" '%@'", arg];
}
[commandDescription stringByAppendingFormat:@" (CWD:%@)", self.currentDirectoryPath];
return [[super description] stringByAppendingFormat:@" %@", cmd];
return [[super description] stringByAppendingFormat:@" %@", commandDescription];
}
@end
/*
*
* Add the Standard err Pipe and Pid support to AuthorizationExecuteWithPrivileges()
* method
*
* @Author: Miklós Fazekas
* Modified Aug 10 2010 by Sveinbjorn Thordarson
*
*/
/*static OSStatus AuthorizationExecuteWithPrivilegesStdErrAndPid (
AuthorizationRef authorization,
const char *pathToTool,
AuthorizationFlags options,
char * const *arguments,
FILE **communicationsPipe,
FILE **errPipe,
pid_t* processid
)
{
// get the Apple-approved secure temp directory
NSString *tempFileTemplate = [NSTemporaryDirectory() stringByAppendingPathComponent: TMP_STDERR_TEMPLATE];
// copy it into a C string
const char *tempFileTemplateCString = [tempFileTemplate fileSystemRepresentation];
char *stderrpath = (char *)malloc(strlen(tempFileTemplateCString) + 1);
strcpy(stderrpath, tempFileTemplateCString);
printf("%s\n", stderrpath);
// this is the command, it echoes pid and directs stderr output to pipe before running the tool w. args
const char *commandtemplate = "echo $$; \"$@\" 2>%s";
if (communicationsPipe == errPipe)
commandtemplate = "echo $$; \"$@\" 2>1";
else if (errPipe == 0)
commandtemplate = "echo $$; \"$@\"";
char command[1024];
char **args;
OSStatus result;
int argcount = 0;
int i;
int stderrfd = 0;
FILE *commPipe = 0;
// First, create temporary file for stderr
if (errPipe)
{
// create temp file
stderrfd = mkstemp(stderrpath);
// close and remove it
close(stderrfd);
unlink(stderrpath);
// create a pipe on the path of the temp file
if (mkfifo(stderrpath,S_IRWXU | S_IRWXG) != 0)
{
fprintf(stderr,"Error mkfifo:%d\n", errno);
return errAuthorizationInternal;
}
if (stderrfd < 0)
return errAuthorizationInternal;
}
// Create command to be executed
for (argcount = 0; arguments[argcount] != 0; ++argcount) {}
args = (char**)malloc (sizeof(char*)*(argcount + 5));
args[0] = "-c";
snprintf (command, sizeof (command), commandtemplate, stderrpath);
args[1] = command;
args[2] = "";
args[3] = (char*)pathToTool;
for (i = 0; i < argcount; ++i) {
args[i+4] = arguments[i];
}
args[argcount+4] = 0;
// for debugging: log the executed command
printf ("Exec:\n%s", "/bin/sh"); for (i = 0; args[i] != 0; ++i) { printf (" \"%s\"", args[i]); } printf ("\n");
// Execute command
result = AuthorizationExecuteWithPrivileges(authorization, "/bin/sh", options, args, &commPipe );
if (result != noErr)
{
unlink (stderrpath);
return result;
}
// Read the first line of stdout => it's the pid
{
int stdoutfd = fileno (commPipe);
char pidnum[1024];
pid_t pid = 0;
int i = 0;
char ch = 0;
while ((read(stdoutfd, &ch, sizeof(ch)) == 1) && (ch != '\n') && (i < sizeof(pidnum)))
{
pidnum[i++] = ch;
}
pidnum[i] = 0;
if (ch != '\n')
{
// we shouldn't get there
unlink (stderrpath);
return errAuthorizationInternal;
}
sscanf(pidnum, "%d", &pid);
if (processid)
{
*processid = pid;
}
NSLog(@"Have PID %d", pid);
}
//
if (errPipe) {
stderrfd = open(stderrpath, O_RDONLY, 0);
// *errPipe = fdopen(stderrfd, "r");
//Now it's safe to unlink the stderr file, as the opened handle will be still valid
unlink (stderrpath);
} else {
unlink(stderrpath);
}
if (communicationsPipe)
*communicationsPipe = commPipe;
else
fclose (commPipe);
NSLog(@"AuthExecNew function over");
return noErr;
}*/