//
#import <Cocoa/Cocoa.h>
+#import <Foundation/foundation.h>
+#import <SecurityFoundation/SFAuthorization.h>
+#import <Security/AuthorizationTags.h>
#include "ChazLog.h"
+#include <sys/types.h>
+#include <sys/uio.h>
+#include <unistd.h>
+void authMe(char * FullPathToMe)
+{
+ // get authorization as root
+
+ OSStatus myStatus;
+
+ // set up Authorization Item
+ AuthorizationItem myItems[1];
+ myItems[0].name = kAuthorizationRightExecute;
+ myItems[0].valueLength = 0;
+ myItems[0].value = NULL;
+ myItems[0].flags = 0;
+
+ // Set up Authorization Rights
+ AuthorizationRights myRights;
+ myRights.count = sizeof (myItems) / sizeof (myItems[0]);
+ myRights.items = myItems;
+
+ // set up Authorization Flags
+ AuthorizationFlags myFlags;
+ myFlags =
+ kAuthorizationFlagDefaults |
+ kAuthorizationFlagInteractionAllowed |
+ kAuthorizationFlagExtendRights;
+
+ // Create an Authorization Ref using Objects above. NOTE: Login bod comes up with this call.
+ AuthorizationRef myAuthorizationRef;
+ myStatus = AuthorizationCreate (&myRights, kAuthorizationEmptyEnvironment, myFlags, &myAuthorizationRef);
+
+ if (myStatus == errAuthorizationSuccess)
+ {
+ // prepare communication path - used to signal that process is loaded
+ FILE *myCommunicationsPipe = NULL;
+ char myReadBuffer[] = " ";
+
+ // run this app in GOD mode by passing authorization ref and comm pipe (asynchoronous call to external application)
+ myStatus = AuthorizationExecuteWithPrivileges(myAuthorizationRef,FullPathToMe,kAuthorizationFlagDefaults,nil,&myCommunicationsPipe);
+
+ // external app is running asynchronously - it will send to stdout when loaded
+ if (myStatus == errAuthorizationSuccess)
+ {
+ read (fileno (myCommunicationsPipe), myReadBuffer, sizeof (myReadBuffer));
+ fclose(myCommunicationsPipe);
+ }
+
+ // release authorization reference
+ myStatus = AuthorizationFree (myAuthorizationRef, kAuthorizationFlagDestroyRights);
+ }
+}
+
+bool checkExecutablePermissions(void)
+{
+ NSDictionary *applicationAttributes = [[NSFileManager defaultManager] fileAttributesAtPath:[[NSBundle mainBundle] executablePath] traverseLink: YES];
+
+ // We expect 2755 as octal (1517 as decimal, -rwxr-sr-x as extended notation)
+ return ([applicationAttributes filePosixPermissions] == 1517 && [[applicationAttributes fileGroupOwnerAccountName] isEqualToString: @"procmod"]);
+}
+
+bool amIWorthy(void)
+{
+ // running as root?
+ AuthorizationRef myAuthRef;
+ OSStatus stat = AuthorizationCopyPrivilegedReference(&myAuthRef,kAuthorizationFlagDefaults);
+
+ return stat == errAuthorizationSuccess || checkExecutablePermissions();
+}
-int main( int argc, const char *argv[] )
+int main( int argc, char *argv[] )
{
NSAutoreleasePool *pool = [[NSAutoreleasePool alloc] init];
ChazDebugSetup();
ChazMapLogToDebug();
- [pool release];
+#ifdef __ppc__
+ // PPC machines whose operating system is below leopard do not need authorization
+ SInt32 osxMajorVersion;
+ Gestalt(gestaltSystemVersionMinor, &osxMajorVersion);
+ if (osxMajorVersion < 5)
+ {
+ [pool release];
+ return NSApplicationMain(argc, (const char **) argv);
+ }
+#endif
- return NSApplicationMain( argc, (const char **) argv );
+ if (amIWorthy())
+ {
+#ifndef _DEBUG
+ printf("Don't forget to flush! ;-) "); // signal back to close caller
+#endif
+ fflush(stdout);
+
+ [pool release];
+ return NSApplicationMain(argc, (const char **) argv);
+ }
+ else
+ {
+ authMe(argv[0]);
+ [pool release];
+ return 0;
+ }
ChazDebugCleanup();
}
\ No newline at end of file
projects / chaz / thecheat / blobdiff