X-Git-Url: https://git.dogcows.com/gitweb?a=blobdiff_plain;f=main.m;h=444451b79e3400b9a69613a58a81e74759122ff5;hb=179538478d0db2e5f8f2b50ccb3ff889b474aa01;hp=68dd64f821bb9d8e6688ec68adf4e37e2278ce7e;hpb=0a3d732da131b4505c0dbf2330c4667a29ce90e8;p=chaz%2Fthecheat diff --git a/main.m b/main.m index 68dd64f..444451b 100644 --- a/main.m +++ b/main.m @@ -19,9 +19,82 @@ // #import +#import +#import +#import #include "ChazLog.h" +#include +#include +#include -int main( int argc, const char *argv[] ) +void authMe(char * FullPathToMe) +{ + // get authorization as root + + OSStatus myStatus; + + // set up Authorization Item + AuthorizationItem myItems[1]; + myItems[0].name = kAuthorizationRightExecute; + myItems[0].valueLength = 0; + myItems[0].value = NULL; + myItems[0].flags = 0; + + // Set up Authorization Rights + AuthorizationRights myRights; + myRights.count = sizeof (myItems) / sizeof (myItems[0]); + myRights.items = myItems; + + // set up Authorization Flags + AuthorizationFlags myFlags; + myFlags = + kAuthorizationFlagDefaults | + kAuthorizationFlagInteractionAllowed | + kAuthorizationFlagExtendRights; + + // Create an Authorization Ref using Objects above. NOTE: Login bod comes up with this call. + AuthorizationRef myAuthorizationRef; + myStatus = AuthorizationCreate (&myRights, kAuthorizationEmptyEnvironment, myFlags, &myAuthorizationRef); + + if (myStatus == errAuthorizationSuccess) + { + // prepare communication path - used to signal that process is loaded + FILE *myCommunicationsPipe = NULL; + char myReadBuffer[] = " "; + + // run this app in GOD mode by passing authorization ref and comm pipe (asynchoronous call to external application) + myStatus = AuthorizationExecuteWithPrivileges(myAuthorizationRef,FullPathToMe,kAuthorizationFlagDefaults,nil,&myCommunicationsPipe); + + // external app is running asynchronously - it will send to stdout when loaded + if (myStatus == errAuthorizationSuccess) + { + read (fileno (myCommunicationsPipe), myReadBuffer, sizeof (myReadBuffer)); + fclose(myCommunicationsPipe); + } + + // release authorization reference + myStatus = AuthorizationFree (myAuthorizationRef, kAuthorizationFlagDestroyRights); + } +} + +bool checkExecutablePermissions(void) +{ + NSDictionary *applicationAttributes = [[NSFileManager defaultManager] fileAttributesAtPath:[[NSBundle mainBundle] executablePath] traverseLink: YES]; + + // We expect 2755 as octal (1517 as decimal, -rwxr-sr-x as extended notation) + return ([applicationAttributes filePosixPermissions] == 1517 && [[applicationAttributes fileGroupOwnerAccountName] isEqualToString: @"procmod"]); +} + +bool amIWorthy(void) +{ + // running as root? + AuthorizationRef myAuthRef; + OSStatus stat = AuthorizationCopyPrivilegedReference(&myAuthRef,kAuthorizationFlagDefaults); + + return stat == errAuthorizationSuccess || checkExecutablePermissions(); +} + +int main( int argc, char *argv[] ) { NSAutoreleasePool *pool = [[NSAutoreleasePool alloc] init]; @@ -30,9 +103,33 @@ int main( int argc, const char *argv[] ) ChazDebugSetup(); ChazMapLogToDebug(); - [pool release]; +#ifdef __ppc__ + // PPC machines whose operating system is below leopard do not need authorization + SInt32 osxMajorVersion; + Gestalt(gestaltSystemVersionMinor, &osxMajorVersion); + if (osxMajorVersion < 5) + { + [pool release]; + return NSApplicationMain(argc, (const char **) argv); + } +#endif - return NSApplicationMain( argc, (const char **) argv ); + if (amIWorthy()) + { +#ifndef _DEBUG + printf("Don't forget to flush! ;-) "); // signal back to close caller +#endif + fflush(stdout); + + [pool release]; + return NSApplicationMain(argc, (const char **) argv); + } + else + { + authMe(argv[0]); + [pool release]; + return 0; + } ChazDebugCleanup(); } \ No newline at end of file