From f33e3e2db7c1acc8d9edb6b6848507a05be8736a Mon Sep 17 00:00:00 2001
From: dmitry <dmitry.puzyrkov@demlabs.net>
Date: Thu, 25 Jul 2024 00:25:42 +0700
Subject: [PATCH] [+] conftool use macos authorisation framework for service
control.
---
conftool/CMakeLists.txt | 8 +++++++-
conftool/service/macos_auth.h | 2 ++
conftool/service/macos_auth.m | 31 ++++++++++++++++++++++++++++++
conftool/service/service_linux.cpp | 12 ++++++------
conftool/service/service_macos.cpp | 11 ++++++-----
5 files changed, 52 insertions(+), 12 deletions(-)
create mode 100644 conftool/service/macos_auth.h
create mode 100644 conftool/service/macos_auth.m
diff --git a/conftool/CMakeLists.txt b/conftool/CMakeLists.txt
index e838095af..0bf4af2d7 100644
--- a/conftool/CMakeLists.txt
+++ b/conftool/CMakeLists.txt
@@ -15,7 +15,8 @@ add_executable(${PROJECT_NAME} ./main.cpp
./config/cellframeconfigfile.cpp
./service/service_win.cpp
./service/service_linux.cpp
- ./service/service_macos.cpp)
+ ./service/service_macos.cpp
+ ./service/macos_auth.m)
target_link_libraries(cellframe-node-config
)
@@ -24,6 +25,11 @@ if (LINUX OR WIN32)
target_link_libraries(cellframe-node-config PRIVATE stdc++fs )
endif()
+if (APPLE)
+target_link_libraries(cellframe-node-config PUBLIC "-framework Security -framework Foundation")
+endif()
+
+
target_compile_features(${PROJECT_NAME} PRIVATE cxx_std_20)
diff --git a/conftool/service/macos_auth.h b/conftool/service/macos_auth.h
new file mode 100644
index 000000000..d44d95dd3
--- /dev/null
+++ b/conftool/service/macos_auth.h
@@ -0,0 +1,2 @@
+extern "C" int callSec (char *tool, char* args[]);
+
diff --git a/conftool/service/macos_auth.m b/conftool/service/macos_auth.m
new file mode 100644
index 000000000..68ed2401f
--- /dev/null
+++ b/conftool/service/macos_auth.m
@@ -0,0 +1,31 @@
+#ifdef __APPLE__
+
+
+#import <Foundation/Foundation.h>
+
+
+int callSec (char *tool, char* args[]) {
+ NSAutoreleasePool * pool = [[NSAutoreleasePool alloc] init];
+
+ // Create authorization reference
+ AuthorizationRef authorizationRef;
+ OSStatus status;
+
+ status = AuthorizationCreate(NULL, kAuthorizationEmptyEnvironment, kAuthorizationFlagDefaults, &authorizationRef);
+
+ // Run the tool using the authorization reference
+ FILE *pipe = NULL;
+
+ status = AuthorizationExecuteWithPrivileges(authorizationRef, tool, kAuthorizationFlagDefaults, args, &pipe);
+
+ if (status == errAuthorizationSuccess) {
+ return 0;
+ } else {
+ NSLog(@"Authorization Result Code: %d", status);
+ }
+
+ [pool drain];
+ return -1;
+}
+
+#endif
\ No newline at end of file
diff --git a/conftool/service/service_linux.cpp b/conftool/service/service_linux.cpp
index fe2928f88..b8a620773 100644
--- a/conftool/service/service_linux.cpp
+++ b/conftool/service/service_linux.cpp
@@ -4,7 +4,7 @@
#include "../commands/abstractcommand.h"
bool CServiceControl::enable(){
- std::string cmd = "systemctl enable " + (std::filesystem::path{variable_storage["CONFIGS_PATH"]}/"share"/"cellframe-node.service > /dev/null").string();
+ std::string cmd = "systemctl enable " + variable_storage["SERVICE_FILE_PATH"] + " > /dev/null";
int res = std::system(cmd.c_str());
return res == 0 ? true : false;
@@ -12,7 +12,7 @@ bool CServiceControl::enable(){
bool CServiceControl::disable()
{
- std::string cmd = "systemctl disable cellframe-node.service > /dev/null";
+ std::string cmd = "systemctl disable " + variable_storage["SERVICE_NAME"] +" > /dev/null";
int res = std::system(cmd.c_str());
return res == 0 ? true : false;
}
@@ -21,7 +21,7 @@ unsigned int CServiceControl::serviceStatus()
{
unsigned int status = 0;
- std::string cmd = "systemctl is-enabled cellframe-node.service > /dev/null";
+ std::string cmd = "systemctl is-enabled " + variable_storage["SERVICE_NAME"] + " > /dev/null";
int res = std::system(cmd.c_str());
if (res == 0)
@@ -42,21 +42,21 @@ unsigned int CServiceControl::serviceStatus()
bool CServiceControl::start()
{
- std::string cmd = "systemctl start cellframe-node.service > /dev/null";
+ std::string cmd = "systemctl start " + variable_storage["SERVICE_NAME"] + " > /dev/null";
int res = std::system(cmd.c_str());
return res == 0 ? true : false;
}
bool CServiceControl::stop()
{
- std::string cmd = "systemctl stop cellframe-node.service > /dev/null";
+ std::string cmd = "systemctl stop " + variable_storage["SERVICE_NAME"] + " > /dev/null";
int res = std::system(cmd.c_str());
return res == 0 ? true : false;
}
bool CServiceControl::restart()
{
- std::string cmd = "systemctl restart cellframe-node.service > /dev/null";
+ std::string cmd = "systemctl restart " + variable_storage["SERVICE_NAME"] + " > /dev/null";
int res = std::system(cmd.c_str());
return res == 0 ? true : false;
}
diff --git a/conftool/service/service_macos.cpp b/conftool/service/service_macos.cpp
index fad759209..bf42bc2fc 100644
--- a/conftool/service/service_macos.cpp
+++ b/conftool/service/service_macos.cpp
@@ -2,18 +2,19 @@
#include "service.h"
#include "../commands/abstractcommand.h"
+#include "macos_auth.h"
bool CServiceControl::enable()
{
- //starts too
- int res = std::system("launchctl load -w /Library/LaunchDaemons/com.demlabs.cellframe-node.plist");
+ char *args[] = {"/bin/launchctl","load", "-w", "/Library/LaunchDaemons/com.demlabs.cellframe-node.plist", NULL};
+ int res = callSec("/usr/bin/sudo", args);
return res == 0 ? true : false;
}
bool CServiceControl::disable()
{
- //stops too
- int res = std::system("launchctl unload -w /Library/LaunchDaemons/com.demlabs.cellframe-node.plist");
+ char *args[] = {"/bin/launchctl", "unload", "-w", "/Library/LaunchDaemons/com.demlabs.cellframe-node.plist", NULL};
+ int res = callSec("/usr/bin/sudo", args);
return res == 0 ? true : false;
}
@@ -21,7 +22,7 @@ unsigned int CServiceControl::serviceStatus()
{
unsigned int status = 0;
std::string cmd = std::string();
- int res = std::system("launchctl list com.demlabs.cellframe-node > /dev/null");
+ int res = std::system("launchctl print system/com.demlabs.cellframe-node > /dev/null");
if (res == 0)
{
status |= SERVICE_ENABLED;
--
GitLab