mirror of
https://github.com/zerotier/ZeroTierOne.git
synced 2025-06-06 20:43:44 +02:00
Add support for local user account caching of authtoken.secret as in old UI -- this is now pretty much working.
This commit is contained in:
parent
d56e9fce41
commit
4426899e8c
5 changed files with 97 additions and 172 deletions
2
.gitignore
vendored
2
.gitignore
vendored
|
@ -39,4 +39,4 @@
|
||||||
/root-topology/*.secret
|
/root-topology/*.secret
|
||||||
/root-topology/test/supernodes
|
/root-topology/test/supernodes
|
||||||
/root-topology/test/test-root-topology
|
/root-topology/test/test-root-topology
|
||||||
xcuserdata
|
/ext/mac-ui-macgap1-wrapper/MacGap.xcodeproj/project.xcworkspace/xcuserdata/*
|
||||||
|
|
Binary file not shown.
|
@ -1,88 +0,0 @@
|
||||||
<?xml version="1.0" encoding="UTF-8"?>
|
|
||||||
<Scheme
|
|
||||||
LastUpgradeVersion = "0630"
|
|
||||||
version = "1.3">
|
|
||||||
<BuildAction
|
|
||||||
parallelizeBuildables = "YES"
|
|
||||||
buildImplicitDependencies = "YES">
|
|
||||||
<BuildActionEntries>
|
|
||||||
<BuildActionEntry
|
|
||||||
buildForTesting = "YES"
|
|
||||||
buildForRunning = "YES"
|
|
||||||
buildForProfiling = "YES"
|
|
||||||
buildForArchiving = "YES"
|
|
||||||
buildForAnalyzing = "YES">
|
|
||||||
<BuildableReference
|
|
||||||
BuildableIdentifier = "primary"
|
|
||||||
BlueprintIdentifier = "FAE451B914BA79C600190544"
|
|
||||||
BuildableName = "ZeroTier One.app"
|
|
||||||
BlueprintName = "MacGap"
|
|
||||||
ReferencedContainer = "container:MacGap.xcodeproj">
|
|
||||||
</BuildableReference>
|
|
||||||
</BuildActionEntry>
|
|
||||||
</BuildActionEntries>
|
|
||||||
</BuildAction>
|
|
||||||
<TestAction
|
|
||||||
selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
|
|
||||||
selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
|
|
||||||
shouldUseLaunchSchemeArgsEnv = "YES"
|
|
||||||
buildConfiguration = "Debug">
|
|
||||||
<Testables>
|
|
||||||
</Testables>
|
|
||||||
<MacroExpansion>
|
|
||||||
<BuildableReference
|
|
||||||
BuildableIdentifier = "primary"
|
|
||||||
BlueprintIdentifier = "FAE451B914BA79C600190544"
|
|
||||||
BuildableName = "ZeroTier One.app"
|
|
||||||
BlueprintName = "MacGap"
|
|
||||||
ReferencedContainer = "container:MacGap.xcodeproj">
|
|
||||||
</BuildableReference>
|
|
||||||
</MacroExpansion>
|
|
||||||
</TestAction>
|
|
||||||
<LaunchAction
|
|
||||||
selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
|
|
||||||
selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
|
|
||||||
launchStyle = "0"
|
|
||||||
useCustomWorkingDirectory = "NO"
|
|
||||||
buildConfiguration = "Debug"
|
|
||||||
ignoresPersistentStateOnLaunch = "NO"
|
|
||||||
debugDocumentVersioning = "YES"
|
|
||||||
allowLocationSimulation = "YES">
|
|
||||||
<BuildableProductRunnable
|
|
||||||
runnableDebuggingMode = "0">
|
|
||||||
<BuildableReference
|
|
||||||
BuildableIdentifier = "primary"
|
|
||||||
BlueprintIdentifier = "FAE451B914BA79C600190544"
|
|
||||||
BuildableName = "ZeroTier One.app"
|
|
||||||
BlueprintName = "MacGap"
|
|
||||||
ReferencedContainer = "container:MacGap.xcodeproj">
|
|
||||||
</BuildableReference>
|
|
||||||
</BuildableProductRunnable>
|
|
||||||
<AdditionalOptions>
|
|
||||||
</AdditionalOptions>
|
|
||||||
</LaunchAction>
|
|
||||||
<ProfileAction
|
|
||||||
shouldUseLaunchSchemeArgsEnv = "YES"
|
|
||||||
savedToolIdentifier = ""
|
|
||||||
useCustomWorkingDirectory = "NO"
|
|
||||||
buildConfiguration = "Release"
|
|
||||||
debugDocumentVersioning = "YES">
|
|
||||||
<BuildableProductRunnable
|
|
||||||
runnableDebuggingMode = "0">
|
|
||||||
<BuildableReference
|
|
||||||
BuildableIdentifier = "primary"
|
|
||||||
BlueprintIdentifier = "FAE451B914BA79C600190544"
|
|
||||||
BuildableName = "ZeroTier One.app"
|
|
||||||
BlueprintName = "MacGap"
|
|
||||||
ReferencedContainer = "container:MacGap.xcodeproj">
|
|
||||||
</BuildableReference>
|
|
||||||
</BuildableProductRunnable>
|
|
||||||
</ProfileAction>
|
|
||||||
<AnalyzeAction
|
|
||||||
buildConfiguration = "Debug">
|
|
||||||
</AnalyzeAction>
|
|
||||||
<ArchiveAction
|
|
||||||
buildConfiguration = "Release"
|
|
||||||
revealArchiveInOrganizer = "YES">
|
|
||||||
</ArchiveAction>
|
|
||||||
</Scheme>
|
|
|
@ -1,22 +0,0 @@
|
||||||
<?xml version="1.0" encoding="UTF-8"?>
|
|
||||||
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
|
|
||||||
<plist version="1.0">
|
|
||||||
<dict>
|
|
||||||
<key>SchemeUserState</key>
|
|
||||||
<dict>
|
|
||||||
<key>MacGap.xcscheme</key>
|
|
||||||
<dict>
|
|
||||||
<key>orderHint</key>
|
|
||||||
<integer>0</integer>
|
|
||||||
</dict>
|
|
||||||
</dict>
|
|
||||||
<key>SuppressBuildableAutocreation</key>
|
|
||||||
<dict>
|
|
||||||
<key>FAE451B914BA79C600190544</key>
|
|
||||||
<dict>
|
|
||||||
<key>primary</key>
|
|
||||||
<true/>
|
|
||||||
</dict>
|
|
||||||
</dict>
|
|
||||||
</dict>
|
|
||||||
</plist>
|
|
|
@ -7,6 +7,8 @@
|
||||||
//
|
//
|
||||||
|
|
||||||
#import "AppDelegate.h"
|
#import "AppDelegate.h"
|
||||||
|
#include <sys/stat.h>
|
||||||
|
#include <sys/types.h>
|
||||||
|
|
||||||
@implementation AppDelegate
|
@implementation AppDelegate
|
||||||
|
|
||||||
|
@ -29,75 +31,108 @@
|
||||||
}
|
}
|
||||||
|
|
||||||
- (void) applicationDidFinishLaunching:(NSNotification *)aNotification {
|
- (void) applicationDidFinishLaunching:(NSNotification *)aNotification {
|
||||||
// Create authorization reference
|
char buf[16384],userAuthTokenPath[4096];
|
||||||
OSStatus status;
|
|
||||||
AuthorizationRef authorizationRef;
|
|
||||||
|
|
||||||
// AuthorizationCreate and pass NULL as the initial
|
|
||||||
// AuthorizationRights set so that the AuthorizationRef gets created
|
|
||||||
// successfully, and then later call AuthorizationCopyRights to
|
|
||||||
// determine or extend the allowable rights.
|
|
||||||
// http://developer.apple.com/qa/qa2001/qa1172.html
|
|
||||||
status = AuthorizationCreate(NULL, kAuthorizationEmptyEnvironment, kAuthorizationFlagDefaults, &authorizationRef);
|
|
||||||
if (status != errAuthorizationSuccess)
|
|
||||||
{
|
|
||||||
NSLog(@"Error Creating Initial Authorization: %d", status);
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
// kAuthorizationRightExecute == "system.privilege.admin"
|
|
||||||
AuthorizationItem right = {kAuthorizationRightExecute, 0, NULL, 0};
|
|
||||||
AuthorizationRights rights = {1, &right};
|
|
||||||
AuthorizationFlags flags = kAuthorizationFlagDefaults | kAuthorizationFlagInteractionAllowed |
|
|
||||||
kAuthorizationFlagPreAuthorize | kAuthorizationFlagExtendRights;
|
|
||||||
|
|
||||||
// Call AuthorizationCopyRights to determine or extend the allowable rights.
|
|
||||||
status = AuthorizationCopyRights(authorizationRef, &rights, NULL, flags, NULL);
|
|
||||||
if (status != errAuthorizationSuccess)
|
|
||||||
{
|
|
||||||
NSLog(@"Copy Rights Unsuccessful: %d", status);
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
// use rm tool with -rf
|
|
||||||
char *tool = "/bin/cat";
|
|
||||||
char *args[] = {"/Library/Application Support/ZeroTier/One/authtoken.secret", NULL};
|
|
||||||
FILE *pipe = NULL;
|
|
||||||
|
|
||||||
status = AuthorizationExecuteWithPrivileges(authorizationRef, tool, kAuthorizationFlagDefaults, args, &pipe);
|
|
||||||
if (status != errAuthorizationSuccess)
|
|
||||||
{
|
|
||||||
NSLog(@"Error: %d", status);
|
|
||||||
}
|
|
||||||
|
|
||||||
char url[16384];
|
|
||||||
memset(url,0,sizeof(url));
|
|
||||||
if (pipe) {
|
|
||||||
char buf[16384];
|
|
||||||
|
|
||||||
FILE *pf = fopen("/Library/Application Support/ZeroTier/One/zerotier-one.port","r");
|
FILE *pf = fopen("/Library/Application Support/ZeroTier/One/zerotier-one.port","r");
|
||||||
|
long port = 9993; // default
|
||||||
|
if (pf) {
|
||||||
long n = fread(buf,1,sizeof(buf)-1,pf);
|
long n = fread(buf,1,sizeof(buf)-1,pf);
|
||||||
long port = 9993; // default
|
|
||||||
if (n > 0) {
|
if (n > 0) {
|
||||||
buf[n] = (char)0;
|
buf[n] = (char)0;
|
||||||
port = strtol(buf,(char **)0,10);
|
port = strtol(buf,(char **)0,10);
|
||||||
}
|
}
|
||||||
fclose(pf);
|
fclose(pf);
|
||||||
|
|
||||||
n = (long)fread(buf,1,sizeof(buf)-1,pipe);
|
|
||||||
if (n > 0) {
|
|
||||||
buf[n] = (char)0;
|
|
||||||
snprintf(url,sizeof(url),"http://127.0.0.1:%ld/index.html?authToken=%s",port,buf);
|
|
||||||
}
|
|
||||||
fclose(pipe);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// The only way to guarantee that a credential acquired when you
|
char url[16384];
|
||||||
// request a right is not shared with other authorization instances is
|
memset(url,0,sizeof(url));
|
||||||
// to destroy the credential. To do so, call the AuthorizationFree
|
|
||||||
// function with the flag kAuthorizationFlagDestroyRights.
|
const char *homeDir = getenv("HOME");
|
||||||
// http://developer.apple.com/documentation/Security/Conceptual/authorization_concepts/02authconcepts/chapter_2_section_7.html
|
if (homeDir) {
|
||||||
status = AuthorizationFree(authorizationRef, kAuthorizationFlagDestroyRights);
|
snprintf(userAuthTokenPath,sizeof(userAuthTokenPath),"%s/Library/Application Support/ZeroTier/One/authtoken.secret",homeDir);
|
||||||
|
pf = fopen(userAuthTokenPath,"r");
|
||||||
|
if (pf) {
|
||||||
|
long n = fread(buf,1,sizeof(buf)-1,pf);
|
||||||
|
if (n > 0) {
|
||||||
|
buf[n] = (char)0;
|
||||||
|
snprintf(url,sizeof(url),"http://127.0.0.1:%ld/index.html?authToken=%s",port,buf);
|
||||||
|
}
|
||||||
|
fclose(pf);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!url[0]) {
|
||||||
|
// Create authorization reference
|
||||||
|
OSStatus status;
|
||||||
|
AuthorizationRef authorizationRef;
|
||||||
|
|
||||||
|
// AuthorizationCreate and pass NULL as the initial
|
||||||
|
// AuthorizationRights set so that the AuthorizationRef gets created
|
||||||
|
// successfully, and then later call AuthorizationCopyRights to
|
||||||
|
// determine or extend the allowable rights.
|
||||||
|
// http://developer.apple.com/qa/qa2001/qa1172.html
|
||||||
|
status = AuthorizationCreate(NULL, kAuthorizationEmptyEnvironment, kAuthorizationFlagDefaults, &authorizationRef);
|
||||||
|
if (status != errAuthorizationSuccess)
|
||||||
|
{
|
||||||
|
NSLog(@"Error Creating Initial Authorization: %d", status);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
// kAuthorizationRightExecute == "system.privilege.admin"
|
||||||
|
AuthorizationItem right = {kAuthorizationRightExecute, 0, NULL, 0};
|
||||||
|
AuthorizationRights rights = {1, &right};
|
||||||
|
AuthorizationFlags flags = kAuthorizationFlagDefaults | kAuthorizationFlagInteractionAllowed |
|
||||||
|
kAuthorizationFlagPreAuthorize | kAuthorizationFlagExtendRights;
|
||||||
|
|
||||||
|
// Call AuthorizationCopyRights to determine or extend the allowable rights.
|
||||||
|
status = AuthorizationCopyRights(authorizationRef, &rights, NULL, flags, NULL);
|
||||||
|
if (status != errAuthorizationSuccess)
|
||||||
|
{
|
||||||
|
NSLog(@"Copy Rights Unsuccessful: %d", status);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
// use rm tool with -rf
|
||||||
|
char *tool = "/bin/cat";
|
||||||
|
char *args[] = {"/Library/Application Support/ZeroTier/One/authtoken.secret", NULL};
|
||||||
|
FILE *pipe = NULL;
|
||||||
|
|
||||||
|
status = AuthorizationExecuteWithPrivileges(authorizationRef, tool, kAuthorizationFlagDefaults, args, &pipe);
|
||||||
|
if (status != errAuthorizationSuccess)
|
||||||
|
{
|
||||||
|
NSLog(@"Error: %d", status);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (pipe) {
|
||||||
|
long n = (long)fread(buf,1,sizeof(buf)-1,pipe);
|
||||||
|
if (n > 0) {
|
||||||
|
buf[n] = (char)0;
|
||||||
|
snprintf(url,sizeof(url),"http://127.0.0.1:%ld/index.html?authToken=%s",port,buf);
|
||||||
|
|
||||||
|
if (homeDir) {
|
||||||
|
snprintf(userAuthTokenPath,sizeof(userAuthTokenPath),"%s/Library/Application Support/ZeroTier",homeDir);
|
||||||
|
mkdir(userAuthTokenPath,0755);
|
||||||
|
snprintf(userAuthTokenPath,sizeof(userAuthTokenPath),"%s/Library/Application Support/ZeroTier/One",homeDir);
|
||||||
|
mkdir(userAuthTokenPath,0755);
|
||||||
|
snprintf(userAuthTokenPath,sizeof(userAuthTokenPath),"%s/Library/Application Support/ZeroTier/One/authtoken.secret",homeDir);
|
||||||
|
pf = fopen(userAuthTokenPath,"w");
|
||||||
|
if (pf) {
|
||||||
|
fwrite(buf,1,strlen(buf),pf);
|
||||||
|
fclose(pf);
|
||||||
|
chmod(userAuthTokenPath,0600);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
fclose(pipe);
|
||||||
|
}
|
||||||
|
|
||||||
|
// The only way to guarantee that a credential acquired when you
|
||||||
|
// request a right is not shared with other authorization instances is
|
||||||
|
// to destroy the credential. To do so, call the AuthorizationFree
|
||||||
|
// function with the flag kAuthorizationFlagDestroyRights.
|
||||||
|
// http://developer.apple.com/documentation/Security/Conceptual/authorization_concepts/02authconcepts/chapter_2_section_7.html
|
||||||
|
status = AuthorizationFree(authorizationRef, kAuthorizationFlagDestroyRights);
|
||||||
|
}
|
||||||
|
|
||||||
NSString *urlStr = [[NSString alloc] initWithCString:url];
|
NSString *urlStr = [[NSString alloc] initWithCString:url];
|
||||||
self.windowController = [[WindowController alloc] initWithURL: urlStr];
|
self.windowController = [[WindowController alloc] initWithURL: urlStr];
|
||||||
|
|
Loading…
Add table
Reference in a new issue