diff --git a/Installer/Configure.h b/Installer/Configure.h index 44fb103..4599bdf 100644 --- a/Installer/Configure.h +++ b/Installer/Configure.h @@ -31,6 +31,9 @@ //uninstall -(BOOL)uninstall:(NSUInteger)type; +//build path to logged in user's app support directory + '/Objective-See' +-(NSString*)appSupportPath:(NSString*)user; + @end #endif diff --git a/Installer/Configure.m b/Installer/Configure.m index b21032f..d6edd84 100644 --- a/Installer/Configure.m +++ b/Installer/Configure.m @@ -157,6 +157,9 @@ bail: //logged in user NSString* user = nil; + //white list + NSString* whiteList = nil; + //set src path // ->orginally stored in installer app's /Resource bundle appPathSrc = [[[NSBundle mainBundle] resourcePath] stringByAppendingPathComponent:APP_NAME]; @@ -217,6 +220,16 @@ bail: logMsg(LOG_DEBUG, @"created app support directory"); #endif + //init path to whitelist + whiteList = [[NSString pathWithComponents:@[@"/Users/", user, APP_SUPPORT_DIRECTORY]] stringByAppendingPathComponent:FILE_WHITELIST]; + + //if whitelist exists + // ->make sure it's owned by root + if(YES == [[NSFileManager defaultManager] fileExistsAtPath:whiteList]) + { + //set owner, root + setFileOwner(whiteList, @0, @0, NO); + } //call into login item to install itself // ->runs as logged in user, so can access user's login items, etc @@ -355,26 +368,23 @@ bail: //set flag bAnyErrors = YES; - //keep uninstalling... + //bail since lots else depends on this + goto bail; } - //unistall login item - else - { - //dbg msg - #ifdef DEBUG - logMsg(LOG_DEBUG, [NSString stringWithFormat:@"telling login item %@, to uninstall itself", loginItem]); - #endif + //dbg msg + #ifdef DEBUG + logMsg(LOG_DEBUG, [NSString stringWithFormat:@"telling login item %@, to uninstall itself", loginItem]); + #endif - //call into login item to uninstall itself - // ->runs as logged in user, so can access user's login items, etc - execTask(SUDO, @[@"-u", user, loginItem, [NSString stringWithUTF8String:CMD_UNINSTALL]], YES); - - //dbg msg - #ifdef DEBUG - logMsg(LOG_DEBUG, [NSString stringWithFormat:@"unpersisted %@", loginItem]); - #endif - } + //call into login item to uninstall itself + // ->runs as logged in user, so can access user's login items, etc + execTask(SUDO, @[@"-u", user, loginItem, [NSString stringWithUTF8String:CMD_UNINSTALL]], YES); + + //dbg msg + #ifdef DEBUG + logMsg(LOG_DEBUG, [NSString stringWithFormat:@"unpersisted %@", loginItem]); + #endif //dbg msg #ifdef DEBUG @@ -402,20 +412,30 @@ bail: logMsg(LOG_DEBUG, @"full uninstall, so also deleting app support directory"); #endif - //delete app support folder - if(YES == [[NSFileManager defaultManager] fileExistsAtPath:[APP_SUPPORT_DIRECTORY stringByExpandingTildeInPath]]) + //delete app's app support folder + if(YES == [[NSFileManager defaultManager] fileExistsAtPath:[self appSupportPath:user]]) { //delete if(YES != [self removeAppSupport:user]) { //err msg - logMsg(LOG_ERR, [NSString stringWithFormat:@"failed to delete app support directory %@", APP_SUPPORT_DIRECTORY]); + logMsg(LOG_ERR, [NSString stringWithFormat:@"failed to delete app support directory %@", [self appSupportPath:user]]); //set flag bAnyErrors = YES; //keep uninstalling... } + + //dbg msg + #ifdef DEBUG + else + { + //dbg msg + logMsg(LOG_DEBUG, [NSString stringWithFormat:@"removed app support directory %@", [self appSupportPath:user]]); + } + #endif + } } @@ -425,10 +445,21 @@ bail: //happy wasUninstalled = YES; } + +//bail +bail: return wasUninstalled; } +//build path to logged in user's app support directory + '/Objective-See/OverSight' +// ->do this manually, since installer might be run via sudo, etc, so can just expand '~' +-(NSString*)appSupportPath:(NSString*)user +{ + //build path + return [NSString pathWithComponents:@[@"/Users/", user, APP_SUPPORT_DIRECTORY]]; +} + //create directory app support // ->store whitelist file, log file, etc -(BOOL)createAppSupport:(NSString*)user @@ -444,7 +475,7 @@ bail: NSDictionary* userDirAttributes = nil; //build path - appSupportDirectory = [NSString pathWithComponents:@[@"/Users/", user, APP_SUPPORT_DIRECTORY]]; + appSupportDirectory = [self appSupportPath:user]; //create if not present if(YES != [[NSFileManager defaultManager] fileExistsAtPath:appSupportDirectory]) @@ -497,7 +528,7 @@ bail: NSError* error = nil; //build path - appSupportDirectory = [NSString pathWithComponents:@[@"/Users/", user, APP_SUPPORT_DIRECTORY]]; + appSupportDirectory = [self appSupportPath:user]; //delete OverSight's app support directory if(YES != [[NSFileManager defaultManager] removeItemAtPath:appSupportDirectory error:&error]) diff --git a/LoginItem/AVMonitor.m b/LoginItem/AVMonitor.m index abd2411..728b09d 100644 --- a/LoginItem/AVMonitor.m +++ b/LoginItem/AVMonitor.m @@ -54,9 +54,21 @@ //dbg msg #ifdef DEBUG - logMsg(LOG_DEBUG, [NSString stringWithFormat:@"loading whitelist %@", path]); + logMsg(LOG_DEBUG, [NSString stringWithFormat:@"whitelist path %@", path]); #endif - + + //check if it exists + if(YES != [[NSFileManager defaultManager] fileExistsAtPath:path]) + { + //dbg msg + #ifdef DEBUG + logMsg(LOG_DEBUG, @"nothing whitelisted yet, so won't load (file not found)"); + #endif + + //bail + goto bail; + } + //since file is created by priv'd XPC, it shouldn't be writeable // ...unless somebody maliciously creates it, so we check that here if(YES == [[NSFileManager defaultManager] isWritableFileAtPath:path]) @@ -67,7 +79,7 @@ //bail goto bail; } - + //load self.whiteList = [NSMutableArray arrayWithContentsOfFile:path]; diff --git a/LoginItem/main.m b/LoginItem/main.m index 236b032..f96ab6c 100644 --- a/LoginItem/main.m +++ b/LoginItem/main.m @@ -38,7 +38,17 @@ int main(int argc, const char * argv[]) setuid(getuid()); //install - toggleLoginItem([NSURL fileURLWithPath:[[NSBundle mainBundle] bundlePath]], ACTION_INSTALL_FLAG); + if(YES != toggleLoginItem([NSURL fileURLWithPath:[[NSBundle mainBundle] bundlePath]], ACTION_INSTALL_FLAG)) + { + //err msg + logMsg(LOG_ERR, @"failed to add login item"); + + //set error + iReturn = -1; + + //bail + goto bail; + } //dbg msg #ifdef DEBUG @@ -68,7 +78,7 @@ int main(int argc, const char * argv[]) setuid(getuid()); //uninstall - if(YES == toggleLoginItem([NSURL fileURLWithPath:[[NSBundle mainBundle] bundlePath]], ACTION_UNINSTALL_FLAG)) + if(YES != toggleLoginItem([NSURL fileURLWithPath:[[NSBundle mainBundle] bundlePath]], ACTION_UNINSTALL_FLAG)) { //err msg logMsg(LOG_ERR, @"failed to remove login item"); @@ -76,13 +86,17 @@ int main(int argc, const char * argv[]) //set error iReturn = -1; - //bail - goto bail; + //don't bail + // ->keep trying to uninstall } - + //dbg msg #ifdef DEBUG - logMsg(LOG_DEBUG, @"removed login item"); + else + { + //dbg msg + logMsg(LOG_DEBUG, @"removed login item"); + } #endif //delete prefs diff --git a/MainApp/AppDelegate.m b/MainApp/AppDelegate.m index 9627c80..0bc5190 100644 --- a/MainApp/AppDelegate.m +++ b/MainApp/AppDelegate.m @@ -277,7 +277,14 @@ bail: loginItem = [NSURL fileURLWithPath:[[[NSBundle mainBundle] bundlePath] stringByAppendingPathComponent:@"/Contents/Library/LoginItems/OverSight Helper.app"]]; //toggle - toggleLoginItem(loginItem, (int)[sender state]); + if(YES != toggleLoginItem(loginItem, (int)[sender state])) + { + //err msg + logMsg(LOG_ERR, [NSString stringWithFormat:@"failed to toggle login item: %@", loginItem]); + + //bail + goto bail; + } } //set 'run in headless mode' @@ -309,6 +316,9 @@ bail: //save em [preferences writeToFile:[APP_PREFERENCES stringByExpandingTildeInPath] atomically:YES]; +//bail +bail: + return; }