mirror/smcFanControl
1
0
Fork 1
mirror of https://github.com/hholtmann/smcFanControl.git synced 2025-11-04 19:49:16 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #22 from AnakinMac/master

Browse Source 
Use a function to do right check
This commit is contained in:
Hendrik Holtmann
2014-10-20 16:38:23 +02:00
parent 65fef1adc3 93c7f15214
commit 47c1d38d4c
4 changed files with 111 additions and 131 deletions
Download Patch File Download Diff File Expand all files Collapse all files

58
Classes/FanControl.m
View File

@ -31,9 +31,10 @@
#import "SystemVersion.h"
@interface FanControl ()
+(void)copyMachinesIfNecessary;
+ (void)copyMachinesIfNecessary;
- (BOOL)isInAutoStart;
- (void) setStartAtLogin:(BOOL)enabled;
- (void)setStartAtLogin:(BOOL)enabled;
+ (void)checkRightStatus:(OSStatus)status;
@end
@implementation FanControl
@ -730,6 +731,20 @@ NSUserDefaults *defaults;
LSSharedFileListItemRemove(loginItems, existingItem);
}
+(void) checkRightStatus:(OSStatus) status
{
if (status != errAuthorizationSuccess) {
NSAlert *alert = [NSAlert alertWithMessageText:@"Authorization failed" defaultButton:@"Quit" alternateButton:nil otherButton:nil informativeTextWithFormat:[NSString stringWithFormat:@"Authorization failed with code %d",status]];
[alert setAlertStyle:2];
NSInteger result = [alert runModal];
if (result == NSAlertDefaultReturn) {
[[NSApplication sharedApplication] terminate:self];
}
}
}
#pragma mark **SMC-Binary Owner/Right Check**
//TODO: It looks like this function is called inefficiently.
//call smc binary with sudo rights and apply
@ -748,16 +763,10 @@ NSUserDefaults *defaults;
AuthorizationRights gencright = { 1, &gencitem };
int flags = kAuthorizationFlagExtendRights | kAuthorizationFlagInteractionAllowed;
OSStatus status = AuthorizationCreate(&gencright, kAuthorizationEmptyEnvironment, flags, &authorizationRef);
if (status != errAuthorizationSuccess) {
NSAlert *alert = [NSAlert alertWithMessageText:@"Authorization failed" defaultButton:@"Quit" alternateButton:nil otherButton:nil informativeTextWithFormat:[NSString stringWithFormat:@"Authorization failed with code %d",status]];
[alert setAlertStyle:2];
NSInteger result = [alert runModal];
if (result == NSAlertDefaultReturn) {
[[NSApplication sharedApplication] terminate:self];
}
}
NSString *tool=@"/usr/sbin/chown";
[self checkRightStatus:status];
NSString *tool=@"/usr/sbin/chown";
NSArray *argsArray = [NSArray arrayWithObjects: @"root:admin",smcpath,nil];
int i;
char *args[255];
@ -766,16 +775,10 @@ NSUserDefaults *defaults;
}
args[i] = NULL;
status=AuthorizationExecuteWithPrivileges(authorizationRef,[tool UTF8String],0,args,&commPipe);
if (status != errAuthorizationSuccess) {
NSAlert *alert = [NSAlert alertWithMessageText:@"Authorization failed" defaultButton:@"Quit" alternateButton:nil otherButton:nil informativeTextWithFormat:[NSString stringWithFormat:@"Authorization failed with code %d",status]];
[alert setAlertStyle:2];
NSInteger result = [alert runModal];
if (result == NSAlertDefaultReturn) {
[[NSApplication sharedApplication] terminate:self];
}
}
//second call for suid-bit
[self checkRightStatus:status];
//second call for suid-bit
tool=@"/bin/chmod";
argsArray = [NSArray arrayWithObjects: @"6555",smcpath,nil];
for(i = 0;i < [argsArray count];i++){
@ -783,15 +786,8 @@ NSUserDefaults *defaults;
}
args[i] = NULL;
status=AuthorizationExecuteWithPrivileges(authorizationRef,[tool UTF8String],0,args,&commPipe);
if (status != errAuthorizationSuccess) {
NSAlert *alert = [NSAlert alertWithMessageText:@"Authorization failed" defaultButton:@"Quit" alternateButton:nil otherButton:nil informativeTextWithFormat:[NSString stringWithFormat:@"Authorization failed with code %d",status]];
[alert setAlertStyle:2];
NSInteger result = [alert runModal];
if (result == NSAlertDefaultReturn) {
[[NSApplication sharedApplication] terminate:self];
}
}
[self checkRightStatus:status];
}

139
Classes/NSFileManager+DirectoryLocations.m
View File

@ -31,120 +31,93 @@ NSString * const DirectoryLocationDomain = @"DirectoryLocationDomain";
@implementation NSFileManager (DirectoryLocations)
//
// findOrCreateDirectory:inDomain:appendPathComponent:error:
//
// Method to tie together the steps of:
// 1) Locate a standard directory by search path and domain mask
// 2) Select the first path in the results
// 3) Append a subdirectory to that path
// 4) Create the directory and intermediate directories if needed
// 5) Handle errors by emitting a proper NSError object
//
// Parameters:
// searchPathDirectory - the search path passed to NSSearchPathForDirectoriesInDomains
// domainMask - the domain mask passed to NSSearchPathForDirectoriesInDomains
// appendComponent - the subdirectory appended
// errorOut - any error from file operations
//
// returns the path to the directory (if path found and exists), nil otherwise
//
/*! Method to tie together the steps of:
1) Locate a standard directory by search path and domain mask
2) Select the first path in the results
3) Append a subdirectory to that path
4) Create the directory and intermediate directories if needed
5) Handle errors by emitting a proper NSError object
* \pararm searchPathDirectory - the search path passed to NSSearchPathForDirectoriesInDomains
* \pararm domainMask - the domain mask passed to NSSearchPathForDirectoriesInDomains
* \pararm appendComponent - the subdirectory appended
* \pararm errorOut - any error from file operations
* \returns returns the path to the directory (if path found and exists), nil otherwise
*/
- (NSString *)findOrCreateDirectory:(NSSearchPathDirectory)searchPathDirectory
inDomain:(NSSearchPathDomainMask)domainMask
appendPathComponent:(NSString *)appendComponent
error:(NSError **)errorOut
{
// Declare an NSError first, so we don't need to check errorOut again and again
NSError *error;
if (errorOut) {
error = *errorOut;
}
else {
error = nil;
}
//
// Search for the path
//
NSArray* paths = NSSearchPathForDirectoriesInDomains(
searchPathDirectory,
domainMask,
YES);
NSArray* paths = NSSearchPathForDirectoriesInDomains(searchPathDirectory,domainMask,YES);
if ([paths count] == 0)
{
if (errorOut)
{
NSDictionary *userInfo =
[NSDictionary dictionaryWithObjectsAndKeys:
NSLocalizedStringFromTable(
@"No path found for directory in domain.",
@"Errors",
nil),
NSLocalizedDescriptionKey,
[NSNumber numberWithInteger:searchPathDirectory],
@"NSSearchPathDirectory",
[NSNumber numberWithInteger:domainMask],
@"NSSearchPathDomainMask",
nil];
*errorOut =
[NSError
errorWithDomain:DirectoryLocationDomain
code:DirectoryLocationErrorNoPathFound
userInfo:userInfo];
}
NSDictionary *userInfo = @{NSLocalizedDescriptionKey: NSLocalizedStringFromTable(@"No path found for directory in domain.",@"Errors",nil),
@"NSSearchPathDirectory":@(searchPathDirectory),
@"NSSearchPathDomainMask":@(domainMask)};
error = [NSError errorWithDomain:DirectoryLocationDomain
code:DirectoryLocationErrorNoPathFound
userInfo:userInfo];
return nil;
}
//
// Normally only need the first path returned
//
NSString *resolvedPath = [paths objectAtIndex:0];
NSString *resolvedPath = paths[0];
//
// Append the extra path component
//
if (appendComponent)
{
resolvedPath = [resolvedPath
stringByAppendingPathComponent:appendComponent];
resolvedPath = [resolvedPath stringByAppendingPathComponent:appendComponent];
}
//
// Create the path if it doesn't exist
//
NSError *error = nil;
BOOL success = [self
createDirectoryAtPath:resolvedPath
withIntermediateDirectories:YES
attributes:nil
error:&error];
if (!success)
{
if (errorOut)
{
*errorOut = error;
}
return nil;
}
//
// If we've made it this far, we have a success
//
if (errorOut)
{
*errorOut = nil;
}
return resolvedPath;
if ([self createDirectoryAtPath:resolvedPath withIntermediateDirectories:YES
attributes:nil error:&error])
return resolvedPath;
else
return nil;
}
//
// applicationSupportDirectory
//
// Returns the path to the applicationSupportDirectory (creating it if it doesn't
// exist).
//
/*! applicationSupportDirectory
* \returns The path to the applicationSupportDirectory (creating it if it doesn't exist).
*/
- (NSString *)applicationSupportDirectory
{
NSString *executableName =
[[[NSBundle mainBundle] infoDictionary] objectForKey:@"CFBundleExecutable"];
NSError *error;
NSString *result =
[self
findOrCreateDirectory:NSApplicationSupportDirectory
inDomain:NSUserDomainMask
appendPathComponent:executableName
error:&error];
NSString *executableName = [[[NSBundle mainBundle] infoDictionary] objectForKey:@"CFBundleExecutable"];
NSError *error = nil;
NSString *result = [self findOrCreateDirectory:NSApplicationSupportDirectory
inDomain:NSUserDomainMask
appendPathComponent:executableName
error:&error];
if (!result)
{
NSLog(@"Unable to find or create application support directory:\n%@", error);

37
Classes/smcWrapper.m
View File

@ -24,8 +24,6 @@
#import "smcWrapper.h"
#import <CommonCrypto/CommonDigest.h>
//TODO: This is the smcFanControl 2.5ß checksum, it needs to be updated for the next release.
NSString * const smc_checksum=@"03548c5634bd01315b19c46bf329cceb";
static NSArray *allSensors = nil;
@ -153,26 +151,39 @@ static NSArray *allSensors = nil;
}
+ (NSString*)createCheckSum:(NSString*)path {
NSData *d=[NSData dataWithContentsOfMappedFile:path];
unsigned char result[CC_MD5_DIGEST_LENGTH];
CC_MD5((void *)[d bytes], [d length], result);
NSMutableString *ret = [NSMutableString stringWithCapacity:CC_MD5_DIGEST_LENGTH*2];
int i;
for(i = 0; i<CC_MD5_DIGEST_LENGTH; i++) {
[ret appendFormat:@"%02x",result[i]];
+ (BOOL)validateSMC:(NSString*)path
{
SecStaticCodeRef ref = NULL;
NSURL * url = [NSURL URLWithString:path];
OSStatus status;
// obtain the cert info from the executable
status = SecStaticCodeCreateWithPath((CFURLRef)url, kSecCSDefaultFlags, &ref);
if (status != noErr) {
return false;
}
return ret;
status = SecStaticCodeCheckValidity(ref, kSecCSDefaultFlags, nil);
if (status != noErr) {
NSLog(@"Codesign verification failed: Error id = %d",status);
return false;
}
return true;
}
//call smc binary with setuid rights and apply
// The smc binary is given root permissions in FanControl.m with the setRights method.
+(void)setKey_external:(NSString *)key value:(NSString *)value{
NSString *launchPath = [[NSBundle mainBundle] pathForResource:@"smc" ofType:@""];
NSString *checksum=[smcWrapper createCheckSum:launchPath];
//first check if it's the right binary (security)
// MW: Disabled smc binary checksum. This should be re-enabled in an official release.
if (![checksum isEqualToString:smc_checksum]) {
if (![smcWrapper validateSMC:launchPath]) {
NSLog(@"smcFanControl: Security Error: smc-binary is not the distributed one");
return;
}

8
smcFanControl.xcodeproj/project.pbxproj
View File

@ -433,8 +433,8 @@
ALWAYS_SEARCH_USER_PATHS = NO;
CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x";
CLANG_WARN__DUPLICATE_METHOD_MATCH = YES;
CODE_SIGN_IDENTITY = "Mac Developer";
"CODE_SIGN_IDENTITY[sdk=macosx*]" = "Mac Developer";
CODE_SIGN_IDENTITY = "Mac Developer: Yancheng Zheng (5FNT3EVMK3)";
"CODE_SIGN_IDENTITY[sdk=macosx*]" = "Mac Developer: Yancheng Zheng (5FNT3EVMK3)";
COPY_PHASE_STRIP = NO;
GCC_C_LANGUAGE_STANDARD = gnu99;
GCC_DYNAMIC_NO_PIC = NO;
@ -460,8 +460,8 @@
ALWAYS_SEARCH_USER_PATHS = NO;
CLANG_CXX_LANGUAGE_STANDARD = "gnu++0x";
CLANG_WARN__DUPLICATE_METHOD_MATCH = YES;
CODE_SIGN_IDENTITY = "Mac Developer";
"CODE_SIGN_IDENTITY[sdk=macosx*]" = "Mac Developer";
CODE_SIGN_IDENTITY = "Mac Developer: Yancheng Zheng (5FNT3EVMK3)";
"CODE_SIGN_IDENTITY[sdk=macosx*]" = "Mac Developer: Yancheng Zheng (5FNT3EVMK3)";
COPY_PHASE_STRIP = YES;
DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym";
GCC_C_LANGUAGE_STANDARD = gnu99;