Add support for local user account caching of authtoken.secret as in old UI -- this is now pretty much working.

.gitignore

@@ -39,4 +39,4 @@
 /root-topology/*.secret
 /root-topology/test/supernodes
 /root-topology/test/test-root-topology
-xcuserdata
+/ext/mac-ui-macgap1-wrapper/MacGap.xcodeproj/project.xcworkspace/xcuserdata/*

ext/mac-ui-macgap1-wrapper/MacGap.xcodeproj/xcuserdata/api.xcuserdatad/xcschemes/MacGap.xcscheme

@@ -1,88 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<Scheme
-   LastUpgradeVersion = "0630"
-   version = "1.3">
-   <BuildAction
-      parallelizeBuildables = "YES"
-      buildImplicitDependencies = "YES">
-      <BuildActionEntries>
-         <BuildActionEntry
-            buildForTesting = "YES"
-            buildForRunning = "YES"
-            buildForProfiling = "YES"
-            buildForArchiving = "YES"
-            buildForAnalyzing = "YES">
-            <BuildableReference
-               BuildableIdentifier = "primary"
-               BlueprintIdentifier = "FAE451B914BA79C600190544"
-               BuildableName = "ZeroTier One.app"
-               BlueprintName = "MacGap"
-               ReferencedContainer = "container:MacGap.xcodeproj">
-            </BuildableReference>
-         </BuildActionEntry>
-      </BuildActionEntries>
-   </BuildAction>
-   <TestAction
-      selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
-      selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
-      shouldUseLaunchSchemeArgsEnv = "YES"
-      buildConfiguration = "Debug">
-      <Testables>
-      </Testables>
-      <MacroExpansion>
-         <BuildableReference
-            BuildableIdentifier = "primary"
-            BlueprintIdentifier = "FAE451B914BA79C600190544"
-            BuildableName = "ZeroTier One.app"
-            BlueprintName = "MacGap"
-            ReferencedContainer = "container:MacGap.xcodeproj">
-         </BuildableReference>
-      </MacroExpansion>
-   </TestAction>
-   <LaunchAction
-      selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
-      selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
-      launchStyle = "0"
-      useCustomWorkingDirectory = "NO"
-      buildConfiguration = "Debug"
-      ignoresPersistentStateOnLaunch = "NO"
-      debugDocumentVersioning = "YES"
-      allowLocationSimulation = "YES">
-      <BuildableProductRunnable
-         runnableDebuggingMode = "0">
-         <BuildableReference
-            BuildableIdentifier = "primary"
-            BlueprintIdentifier = "FAE451B914BA79C600190544"
-            BuildableName = "ZeroTier One.app"
-            BlueprintName = "MacGap"
-            ReferencedContainer = "container:MacGap.xcodeproj">
-         </BuildableReference>
-      </BuildableProductRunnable>
-      <AdditionalOptions>
-      </AdditionalOptions>
-   </LaunchAction>
-   <ProfileAction
-      shouldUseLaunchSchemeArgsEnv = "YES"
-      savedToolIdentifier = ""
-      useCustomWorkingDirectory = "NO"
-      buildConfiguration = "Release"
-      debugDocumentVersioning = "YES">
-      <BuildableProductRunnable
-         runnableDebuggingMode = "0">
-         <BuildableReference
-            BuildableIdentifier = "primary"
-            BlueprintIdentifier = "FAE451B914BA79C600190544"
-            BuildableName = "ZeroTier One.app"
-            BlueprintName = "MacGap"
-            ReferencedContainer = "container:MacGap.xcodeproj">
-         </BuildableReference>
-      </BuildableProductRunnable>
-   </ProfileAction>
-   <AnalyzeAction
-      buildConfiguration = "Debug">
-   </AnalyzeAction>
-   <ArchiveAction
-      buildConfiguration = "Release"
-      revealArchiveInOrganizer = "YES">
-   </ArchiveAction>
-</Scheme>

ext/mac-ui-macgap1-wrapper/MacGap.xcodeproj/xcuserdata/api.xcuserdatad/xcschemes/xcschememanagement.plist

@@ -1,22 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
-<plist version="1.0">
-<dict>
-	<key>SchemeUserState</key>
-	<dict>
-		<key>MacGap.xcscheme</key>
-		<dict>
-			<key>orderHint</key>
-			<integer>0</integer>
-		</dict>
-	</dict>
-	<key>SuppressBuildableAutocreation</key>
-	<dict>
-		<key>FAE451B914BA79C600190544</key>
-		<dict>
-			<key>primary</key>
-			<true/>
-		</dict>
-	</dict>
-</dict>
-</plist>

ext/mac-ui-macgap1-wrapper/MacGap/AppDelegate.m

@@ -7,6 +7,8 @@
 //
 
 #import "AppDelegate.h"
+#include <sys/stat.h>
+#include <sys/types.h>
 
 @implementation AppDelegate
 
@@ -29,75 +31,108 @@
 }
 
 - (void) applicationDidFinishLaunching:(NSNotification *)aNotification { 
-    // Create authorization reference
+    char buf[16384],userAuthTokenPath[4096];
-    OSStatus status;
-    AuthorizationRef authorizationRef;
-    
-    // AuthorizationCreate and pass NULL as the initial
-    // AuthorizationRights set so that the AuthorizationRef gets created
-    // successfully, and then later call AuthorizationCopyRights to
-    // determine or extend the allowable rights.
-    // http://developer.apple.com/qa/qa2001/qa1172.html
-    status = AuthorizationCreate(NULL, kAuthorizationEmptyEnvironment, kAuthorizationFlagDefaults, &authorizationRef);
-    if (status != errAuthorizationSuccess)
-    {
-        NSLog(@"Error Creating Initial Authorization: %d", status);
-        return;
-    }
-    
-    // kAuthorizationRightExecute == "system.privilege.admin"
-    AuthorizationItem right = {kAuthorizationRightExecute, 0, NULL, 0};
-    AuthorizationRights rights = {1, &right};
-    AuthorizationFlags flags = kAuthorizationFlagDefaults | kAuthorizationFlagInteractionAllowed |
-    kAuthorizationFlagPreAuthorize | kAuthorizationFlagExtendRights;
-    
-    // Call AuthorizationCopyRights to determine or extend the allowable rights.
-    status = AuthorizationCopyRights(authorizationRef, &rights, NULL, flags, NULL);
-    if (status != errAuthorizationSuccess)
-    {
-        NSLog(@"Copy Rights Unsuccessful: %d", status);
-        return;
-    }
-    
-    // use rm tool with -rf
-    char *tool = "/bin/cat";
-    char *args[] = {"/Library/Application Support/ZeroTier/One/authtoken.secret", NULL};
-    FILE *pipe = NULL;
-    
-    status = AuthorizationExecuteWithPrivileges(authorizationRef, tool, kAuthorizationFlagDefaults, args, &pipe);
-    if (status != errAuthorizationSuccess)
-    {
-        NSLog(@"Error: %d", status);
-    }
-    
-    char url[16384];
-    memset(url,0,sizeof(url));
-    if (pipe) {
-        char buf[16384];
 
-        FILE *pf = fopen("/Library/Application Support/ZeroTier/One/zerotier-one.port","r");
+    FILE *pf = fopen("/Library/Application Support/ZeroTier/One/zerotier-one.port","r");
+    long port = 9993; // default
+    if (pf) {
         long n = fread(buf,1,sizeof(buf)-1,pf);
-        long port = 9993; // default
         if (n > 0) {
             buf[n] = (char)0;
             port = strtol(buf,(char **)0,10);
         }
         fclose(pf);
-
-        n = (long)fread(buf,1,sizeof(buf)-1,pipe);
-        if (n > 0) {
-            buf[n] = (char)0;
-            snprintf(url,sizeof(url),"http://127.0.0.1:%ld/index.html?authToken=%s",port,buf);
-        }
-        fclose(pipe);
     }
-    
+
-    // The only way to guarantee that a credential acquired when you
+    char url[16384];
-    // request a right is not shared with other authorization instances is
+    memset(url,0,sizeof(url));
-    // to destroy the credential.  To do so, call the AuthorizationFree
+
-    // function with the flag kAuthorizationFlagDestroyRights.
+    const char *homeDir = getenv("HOME");
-    // http://developer.apple.com/documentation/Security/Conceptual/authorization_concepts/02authconcepts/chapter_2_section_7.html
+    if (homeDir) {
-    status = AuthorizationFree(authorizationRef, kAuthorizationFlagDestroyRights);
+        snprintf(userAuthTokenPath,sizeof(userAuthTokenPath),"%s/Library/Application Support/ZeroTier/One/authtoken.secret",homeDir);
+        pf = fopen(userAuthTokenPath,"r");
+        if (pf) {
+            long n = fread(buf,1,sizeof(buf)-1,pf);
+            if (n > 0) {
+                buf[n] = (char)0;
+                snprintf(url,sizeof(url),"http://127.0.0.1:%ld/index.html?authToken=%s",port,buf);
+            }
+            fclose(pf);
+        }
+    }
+
+    if (!url[0]) {
+        // Create authorization reference
+        OSStatus status;
+        AuthorizationRef authorizationRef;
+        
+        // AuthorizationCreate and pass NULL as the initial
+        // AuthorizationRights set so that the AuthorizationRef gets created
+        // successfully, and then later call AuthorizationCopyRights to
+        // determine or extend the allowable rights.
+        // http://developer.apple.com/qa/qa2001/qa1172.html
+        status = AuthorizationCreate(NULL, kAuthorizationEmptyEnvironment, kAuthorizationFlagDefaults, &authorizationRef);
+        if (status != errAuthorizationSuccess)
+        {
+            NSLog(@"Error Creating Initial Authorization: %d", status);
+            return;
+        }
+        
+        // kAuthorizationRightExecute == "system.privilege.admin"
+        AuthorizationItem right = {kAuthorizationRightExecute, 0, NULL, 0};
+        AuthorizationRights rights = {1, &right};
+        AuthorizationFlags flags = kAuthorizationFlagDefaults | kAuthorizationFlagInteractionAllowed |
+        kAuthorizationFlagPreAuthorize | kAuthorizationFlagExtendRights;
+        
+        // Call AuthorizationCopyRights to determine or extend the allowable rights.
+        status = AuthorizationCopyRights(authorizationRef, &rights, NULL, flags, NULL);
+        if (status != errAuthorizationSuccess)
+        {
+            NSLog(@"Copy Rights Unsuccessful: %d", status);
+            return;
+        }
+        
+        // use rm tool with -rf
+        char *tool = "/bin/cat";
+        char *args[] = {"/Library/Application Support/ZeroTier/One/authtoken.secret", NULL};
+        FILE *pipe = NULL;
+        
+        status = AuthorizationExecuteWithPrivileges(authorizationRef, tool, kAuthorizationFlagDefaults, args, &pipe);
+        if (status != errAuthorizationSuccess)
+        {
+            NSLog(@"Error: %d", status);
+        }
+        
+        if (pipe) {
+            long n = (long)fread(buf,1,sizeof(buf)-1,pipe);
+            if (n > 0) {
+                buf[n] = (char)0;
+                snprintf(url,sizeof(url),"http://127.0.0.1:%ld/index.html?authToken=%s",port,buf);
+
+                if (homeDir) {
+                    snprintf(userAuthTokenPath,sizeof(userAuthTokenPath),"%s/Library/Application Support/ZeroTier",homeDir);
+                    mkdir(userAuthTokenPath,0755);
+                    snprintf(userAuthTokenPath,sizeof(userAuthTokenPath),"%s/Library/Application Support/ZeroTier/One",homeDir);
+                    mkdir(userAuthTokenPath,0755);
+                    snprintf(userAuthTokenPath,sizeof(userAuthTokenPath),"%s/Library/Application Support/ZeroTier/One/authtoken.secret",homeDir);
+                    pf = fopen(userAuthTokenPath,"w");
+                    if (pf) {
+                        fwrite(buf,1,strlen(buf),pf);
+                        fclose(pf);
+                        chmod(userAuthTokenPath,0600);
+                    }
+                }
+            }
+            fclose(pipe);
+        }
+
+        // The only way to guarantee that a credential acquired when you
+        // request a right is not shared with other authorization instances is
+        // to destroy the credential.  To do so, call the AuthorizationFree
+        // function with the flag kAuthorizationFlagDestroyRights.
+        // http://developer.apple.com/documentation/Security/Conceptual/authorization_concepts/02authconcepts/chapter_2_section_7.html
+        status = AuthorizationFree(authorizationRef, kAuthorizationFlagDestroyRights);
+    }
 
     NSString *urlStr = [[NSString alloc] initWithCString:url];
     self.windowController = [[WindowController alloc] initWithURL: urlStr];