Preference Pane for chromoting on Mac

remoting/host/plugin/daemon_controller_mac.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "remoting/host/plugin/daemon_controller.h"
 
 #include <launch.h>
 #include <sys/types.h>
 
 #include "base/basictypes.h"
 #include "base/bind.h"
 #include "base/compiler_specific.h"
-#include "base/eintr_wrapper.h"
 #include "base/file_path.h"
 #include "base/file_util.h"
 #include "base/json/json_writer.h"
 #include "base/logging.h"
-#include "base/mac/authorization_util.h"
+#include "base/mac/foundation_util.h"
 #include "base/mac/launchd.h"
 #include "base/mac/mac_logging.h"
-#include "base/mac/scoped_authorizationref.h"
+#include "base/mac/mac_util.h"
 #include "base/mac/scoped_launch_data.h"
 #include "base/threading/thread.h"
 #include "base/time.h"
 #include "base/values.h"
 #include "remoting/host/json_host_config.h"
 
 namespace remoting {
 
 namespace {
 
+// The NSSystemDirectories.h header has a conflicting definition of
+// NSSearchPathDirectory with the one in base/mac/foundation_util.h.
+// Foundation.h would work, but it can only be included from Objective-C files.
+// Therefore, we define the needed constants here.
+const int NSLibraryDirectory = 5;
+
 // The name of the Remoting Host service that is registered with launchd.
 #define kServiceName "org.chromium.chromoting"
 #define kConfigDir "/Library/PrivilegedHelperTools/"
 
 // This helper script is executed as root.  It is passed a command-line option
 // (--enable or --disable), which causes it to create or remove a trigger file.
 // The trigger file (defined in the service's plist file) informs launchd
 // whether the Host service should be running.  Creating the trigger file causes
 // launchd to immediately start the service.  Deleting the trigger file has no
 // immediate effect, but it prevents the service from being restarted if it
@@ skipping 27 matching lines @@
  private:
   void DoGetConfig(const GetConfigCallback& callback);
   void DoSetConfigAndStart(scoped_ptr<base::DictionaryValue> config,
                            const CompletionCallback& done_callback);
   void DoUpdateConfig(scoped_ptr<base::DictionaryValue> config,
                       const CompletionCallback& done_callback);
   void DoStop(const CompletionCallback& done_callback);
   void NotifyWhenStopped(const CompletionCallback& done_callback,
                          int tries_remaining,
                          const base::TimeDelta& sleep);
+  bool ShowPreferencePane(const std::string& config_data);
 
-  bool RunToolScriptAsRoot(const char* command, const std::string& input_data);
-  bool StopService();
-
-  // The API for gaining root privileges is blocking (it prompts the user for
-  // a password). Since Start() and Stop() must not block the main thread, they
-  // need to post their tasks to a separate thread.
   base::Thread auth_thread_;
 
   DISALLOW_COPY_AND_ASSIGN(DaemonControllerMac);
 };
 
 DaemonControllerMac::DaemonControllerMac()
     : auth_thread_("Auth thread") {
   auth_thread_.Start();
 }
 
 DaemonControllerMac::~DaemonControllerMac() {
-  // This will block if the thread is waiting on a root password prompt.  There
-  // doesn't seem to be an easy solution for this, other than to spawn a
-  // separate process to do the root elevation.
-
-  // TODO(lambroslambrou): Improve this, either by finding a way to terminate
-  // the thread, or by moving to a separate process.
   auth_thread_.Stop();
 }
 
 DaemonController::State DaemonControllerMac::GetState() {
   pid_t job_pid = base::mac::PIDForJob(kServiceName);
   if (job_pid < 0) {
     return DaemonController::STATE_NOT_INSTALLED;
   } else if (job_pid == 0) {
     // Service is stopped, or a start attempt failed.
     return DaemonController::STATE_STOPPED;
@@ skipping 51 matching lines @@
     if (host_config.GetString(kXmppLoginConfigPath, &value))
       config.get()->SetString(kXmppLoginConfigPath, value);
   }
 
   callback.Run(config.Pass());
 }
 
 void DaemonControllerMac::DoSetConfigAndStart(
     scoped_ptr<base::DictionaryValue> config,
     const CompletionCallback& done_callback) {
-  std::string file_content;
-  base::JSONWriter::Write(config.get(), &file_content);
+  std::string config_data;
+  base::JSONWriter::Write(config.get(), &config_data);
 
-  // Creating the trigger file causes launchd to start the service, so the
-  // extra step performed in DoStop() is not necessary here.
-  bool result = RunToolScriptAsRoot("--enable", file_content);
+  bool result = ShowPreferencePane(config_data);
   done_callback.Run(result ? RESULT_OK : RESULT_FAILED);
 }
 
 void DaemonControllerMac::DoUpdateConfig(
     scoped_ptr<base::DictionaryValue> config,
     const CompletionCallback& done_callback) {
   FilePath config_file_path(kHostConfigFile);
   JsonHostConfig config_file(config_file_path);
   if (!config_file.Read()) {
     done_callback.Run(RESULT_FAILED);
   }
   for (DictionaryValue::key_iterator key(config->begin_keys());
        key != config->end_keys(); ++key) {
     std::string value;
     if (!config->GetString(*key, &value)) {
       LOG(ERROR) << *key << " is not a string.";
       done_callback.Run(RESULT_FAILED);
     }
     config_file.SetString(*key, value);
   }
 
-  std::string file_content = config_file.GetSerializedData();
-  bool success = RunToolScriptAsRoot("--save-config", file_content);
+  std::string config_data = config_file.GetSerializedData();
+  bool success = ShowPreferencePane(config_data);
 
   done_callback.Run(success ? RESULT_OK : RESULT_FAILED);
-  pid_t job_pid = base::mac::PIDForJob(kServiceName);
-  if (job_pid > 0) {
-    kill(job_pid, SIGHUP);
+}
+
+bool DaemonControllerMac::ShowPreferencePane(const std::string& config_data) {
+  if (!config_data.empty()) {
+    FilePath config_path;
+    if (!file_util::GetTempDir(&config_path)) {
+      LOG(ERROR) << "Failed to get filename for saving configuration data.";
+      return false;
+    }
+    config_path = config_path.Append(kServiceName ".json");
+
+    int written = file_util::WriteFile(config_path, config_data.data(),
+                                       config_data.size());
+    if (written != static_cast<int>(config_data.size())) {
+      LOG(ERROR) << "Failed to save configuration data to: "
+                 << config_path.value();
+      return false;
+    }
   }
+
+  FilePath pane_path;
+  // TODO(lambroslambrou): Use NSPreferencePanesDirectory once we start
+  // building against SDK 10.6.
+  if (!base::mac::GetLocalDirectory(NSLibraryDirectory, &pane_path)) {
+    LOG(ERROR) << "Failed to get directory for local preference panes.";
+    return false;
+  }
+  pane_path = pane_path.Append("PreferencePanes")
+      .Append(kServiceName ".prefPane");
+
+  FSRef pane_path_ref;
+  if (!base::mac::FSRefFromPath(pane_path.value(), &pane_path_ref)) {
+    LOG(ERROR) << "Failed to create FSRef";
+    return false;
+  }
+  OSStatus status = LSOpenFSRef(&pane_path_ref, NULL);
+  if (status != noErr) {
+    OSSTATUS_LOG(ERROR, status) << "LSOpenFSRef failed for path: "
+                                << pane_path.value();
+    return false;
+  }
+
+  CFNotificationCenterRef center =
+      CFNotificationCenterGetDistributedCenter();
+  CFNotificationCenterPostNotification(center, CFSTR(kServiceName), NULL, NULL,
+                                       TRUE);
+  return true;
 }
 
 void DaemonControllerMac::DoStop(const CompletionCallback& done_callback) {
-  if (!RunToolScriptAsRoot("--disable", "")) {
+  if (!ShowPreferencePane("")) {
     done_callback.Run(RESULT_FAILED);
     return;
   }
 
-  // Deleting the trigger file does not cause launchd to stop the service.
-  // Since the service is running for the local user's desktop (not as root),
-  // it has to be stopped for that user.  This cannot easily be done in the
-  // shell-script running as root, so it is done here instead.
-  if (!StopService()) {
-    done_callback.Run(RESULT_FAILED);
-    return;
-  }
-
-  // StopService does not wait for the stop to take effect, so we can't return
-  // immediately. Instead, we wait up to 10s.
   NotifyWhenStopped(done_callback,
                     kStopWaitRetryLimit,
                     base::TimeDelta::FromMilliseconds(kStopWaitTimeout));
 }
 
 void DaemonControllerMac::NotifyWhenStopped(
     const CompletionCallback& done_callback,
     int tries_remaining,
     const base::TimeDelta& sleep) {
   if (GetState() == DaemonController::STATE_STOPPED) {
     done_callback.Run(RESULT_OK);
   } else if (tries_remaining == 0) {
     done_callback.Run(RESULT_FAILED);
   } else {
     auth_thread_.message_loop_proxy()->PostDelayedTask(
         FROM_HERE,
         base::Bind(&DaemonControllerMac::NotifyWhenStopped,
                    base::Unretained(this),
                    done_callback,
                    tries_remaining - 1,
                    sleep),
         sleep);
   }
 }
 
-bool DaemonControllerMac::RunToolScriptAsRoot(const char* command,
-                                              const std::string& input_data) {
-  // TODO(lambroslambrou): Supply a localized prompt string here.
-  base::mac::ScopedAuthorizationRef authorization(
-      base::mac::AuthorizationCreateToRunAsRoot(CFSTR("")));
-  if (!authorization) {
-    LOG(ERROR) << "Failed to get root privileges.";
-    return false;
-  }
-
-  if (!file_util::VerifyPathControlledByAdmin(FilePath(kStartStopTool))) {
-    LOG(ERROR) << "Security check failed for: " << kStartStopTool;
-    return false;
-  }
-
-  // TODO(lambroslambrou): Use sandbox-exec to minimize exposure -
-  // http://crbug.com/120903
-  const char* arguments[] = { command, NULL };
-  FILE* pipe = NULL;
-  pid_t pid;
-  OSStatus status = base::mac::ExecuteWithPrivilegesAndGetPID(
-      authorization.get(),
-      kStartStopTool,
-      kAuthorizationFlagDefaults,
-      arguments,
-      &pipe,
-      &pid);
-  if (status != errAuthorizationSuccess) {
-    OSSTATUS_LOG(ERROR, status) << "AuthorizationExecuteWithPrivileges";
-    return false;
-  }
-  if (pid == -1) {
-    LOG(ERROR) << "Failed to get child PID";
-    return false;
-  }
-
-  DCHECK(pipe);
-  if (!input_data.empty()) {
-    size_t bytes_written = fwrite(input_data.data(), sizeof(char),
-                                  input_data.size(), pipe);
-    // According to the fwrite manpage, a partial count is returned only if a
-    // write error has occurred.
-    if (bytes_written != input_data.size()) {
-      LOG(ERROR) << "Failed to write data to child process";
-    }
-    // Need to close, since the child waits for EOF on its stdin.
-    if (fclose(pipe) != 0) {
-      PLOG(ERROR) << "fclose";
-    }
-  }
-
-  int exit_status;
-  pid_t wait_result = HANDLE_EINTR(waitpid(pid, &exit_status, 0));
-  if (wait_result != pid) {
-    PLOG(ERROR) << "waitpid";
-    return false;
-  }
-  if (WIFEXITED(exit_status) && WEXITSTATUS(exit_status) == 0) {
-    return true;
-  } else {
-    LOG(ERROR) << kStartStopTool << " failed with exit status " << exit_status;
-    return false;
-  }
-}
-
-bool DaemonControllerMac::StopService() {
-  base::mac::ScopedLaunchData response(
-      base::mac::MessageForJob(kServiceName, LAUNCH_KEY_STOPJOB));
-  if (!response) {
-    LOG(ERROR) << "Failed to send message to launchd";
-    return false;
-  }
-
-  // Got a response, so check if launchd sent a non-zero error code, otherwise
-  // assume the command was successful.
-  if (launch_data_get_type(response.get()) == LAUNCH_DATA_ERRNO) {
-    int error = launch_data_get_errno(response.get());
-    if (error) {
-      LOG(ERROR) << "launchd returned error " << error;
-      return false;
-    }
-  }
-  return true;
-}
-
 }  // namespace
 
 scoped_ptr<DaemonController> remoting::DaemonController::Create() {
   return scoped_ptr<DaemonController>(new DaemonControllerMac());
 }
 
 }  // namespace remoting