-
Notifications
You must be signed in to change notification settings - Fork 1.7k
/
server.cc
109 lines (94 loc) · 2.72 KB
/
server.cc
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
#include "server.h"
#include "constants.h"
#include <io/path.h>
#include <io/exec.h>
#include <regexp/regexp.h>
#include <OakSystem/application.h>
#include <oak/debug.h>
OAK_DEBUG_VAR(File_Auth);
static bool install_auth_tool (osx::authorization_t const& auth)
{
D(DBF_File_Auth, bug("\n"););
bool res = false;
std::string toolPath = oak::application_t::path("Contents/Resources/PrivilegedTool");
ASSERT(path::exists(toolPath));
if(auth.obtain_right("system.privilege.admin"))
{
char const* arguments[] = { "--install", NULL };
FILE* fp = NULL;
if(AuthorizationExecuteWithPrivileges(auth, toolPath.c_str(), kAuthorizationFlagDefaults, (char**)arguments, &fp) == errAuthorizationSuccess)
{
int status;
int pid = wait(&status);
if(pid != -1 && WIFEXITED(status) && WEXITSTATUS(status) == 0)
res = true;
else errno = WEXITSTATUS(status);
char buf[1024];
while(char* str = fgets(&buf[0], sizeof(buf), fp))
fprintf(stderr, "%s\n", str);
}
}
return res;
}
static double version_of_tool (std::string const& toolPath)
{
std::string res = io::exec(toolPath, "--version", NULL);
if(regexp::match_t const& m = regexp::search("\\A[^\\s]+ ([\\d.]+)", res.data(), res.data() + res.size()))
return strtod(res.c_str() + m.begin(1), NULL);
return 0;
}
static bool auth_server_too_old ()
{
if(path::exists(kAuthToolPath))
{
double oldVersion = version_of_tool(kAuthToolPath);
double newVersion = version_of_tool(oak::application_t::path("Contents/Resources/PrivilegedTool"));
return oldVersion < newVersion;
}
return true;
}
connection_t connect_to_auth_server (osx::authorization_t const& auth, bool retry)
{
if(!path::exists(kAuthToolPath) || !path::exists(kAuthPlistPath) || auth_server_too_old())
{
if(!install_auth_tool(auth))
return connection_t();
}
if(auth.obtain_right(kAuthRightName))
{
int fd = socket(AF_UNIX, SOCK_STREAM, 0);
if(fd != -1)
{
struct sockaddr_un addr = { 0, AF_UNIX, kAuthSocketPath };
addr.sun_len = SUN_LEN(&addr);
if(connect(fd, (sockaddr*)&addr, sizeof(addr)) != -1)
{
connection_t res(fd);
std::string server;
int major, minor;
res >> server >> major >> minor;
D(DBF_File_Auth, bug("connected: %s %d.%d\n", server.c_str(), major, minor););
if(major != kAuthServerMajor)
{
D(DBF_File_Auth, bug("wrong version, wants %d.%d\n", kAuthServerMajor, kAuthServerMinor););
res << "quit" << "legacy" << "legacy" << "legacy";
if(retry || !install_auth_tool(auth))
return connection_t();
return connect_to_auth_server(auth, true);
}
res << "auth" << (std::string)auth;
return res;
}
else
{
perror("connect()");
}
close(fd);
}
else
{
perror("socket()");
}
}
return connection_t();
}