mirror of
https://github.com/MacPass/MacPass.git
synced 2025-12-23 09:09:28 +00:00
Extenden Plugin system
Plugin Settings now properly display plugins Plugins are loaded/unloaded based on security settings Signed-off-by: michael starke <michael.starke@hicknhack-software.com>
This commit is contained in:
michael starke
@@ -8,25 +8,12 @@
|
||||
|
||||
#import "MPPlugin.h"
|
||||
#import "MPPluginManager.h"
|
||||
#import "MPSettingsHelper.h"
|
||||
|
||||
NSString *const kMPPluginFileExtension = @"mpplugin";
|
||||
|
||||
@implementation MPPlugin
|
||||
|
||||
+ (instancetype)pluginWithBundleURL:(NSURL *)url pluginManager:(MPPluginManager *)manager {
|
||||
if(![self _validURL:url]) {
|
||||
return nil;
|
||||
}
|
||||
NSBundle *pluginBundle = [NSBundle bundleWithURL:url];
|
||||
if(!pluginBundle) {
|
||||
return nil;
|
||||
}
|
||||
if(![self _validateClass:pluginBundle.principalClass]) {
|
||||
return nil;
|
||||
}
|
||||
return [[pluginBundle.principalClass alloc] initWithPluginManager:manager];
|
||||
}
|
||||
|
||||
- (instancetype)initWithPluginManager:(MPPluginManager *)manager {
|
||||
self = [super init];
|
||||
return self;
|
||||
@@ -57,52 +44,5 @@ NSString *const kMPPluginFileExtension = @"mpplugin";
|
||||
return @"unknown.version";
|
||||
}
|
||||
|
||||
+ (BOOL)_validURL:(NSURL *)url {
|
||||
return (NSOrderedSame == [url.pathExtension compare:kMPPluginFileExtension options:NSCaseInsensitiveSearch]);
|
||||
}
|
||||
|
||||
+ (BOOL)_validateClass:(Class)class {
|
||||
return ([class isSubclassOfClass:[MPPlugin class]]);
|
||||
}
|
||||
|
||||
/* Code by Jedda Wignall<jedda@jedda.me> http://jedda.me/2012/03/verifying-plugin-bundles-using-code-signing/ */
|
||||
+ (BOOL)_validSignature:(NSURL *)url {
|
||||
if(!url.path) {
|
||||
return NO;
|
||||
}
|
||||
NSTask * task = [[NSTask alloc] init];
|
||||
NSPipe * pipe = [NSPipe pipe];
|
||||
NSArray* args = @[ @"--verify",
|
||||
/*[NSString stringWithFormat:@"-R=anchor = \"%@\"", [[NSBundle mainBundle] pathForResource:@"BlargsoftCodeCA" ofType:@"cer"]],*/
|
||||
url.path ];
|
||||
task.launchPath = @"/usr/bin/codesign";
|
||||
task.standardOutput = pipe;
|
||||
task.standardError = pipe;
|
||||
task.arguments = args;
|
||||
[task launch];
|
||||
[task waitUntilExit];
|
||||
|
||||
if(task.terminationStatus == 0) {
|
||||
return YES;
|
||||
}
|
||||
NSString * taskString = [[NSString alloc] initWithData:pipe.fileHandleForReading.readDataToEndOfFile encoding:NSASCIIStringEncoding];
|
||||
if ([taskString rangeOfString:@"modified"].length > 0 || [taskString rangeOfString:@"a sealed resource is missing or invalid"].length > 0) {
|
||||
// The plugin has been modified or resources removed since being signed. You probably don't want to load this.
|
||||
NSLog(@"Plugin modified - not loaded"); // log a real error here
|
||||
}
|
||||
else if ([taskString rangeOfString:@"failed to satisfy"].length > 0) {
|
||||
// The plugin is missing resources since being signed. Don't load.
|
||||
// throw an error
|
||||
NSLog(@"Plugin not signed by correct CA - not loaded"); // log a real error here
|
||||
}
|
||||
else if ([taskString rangeOfString:@"not signed at all"].length > 0) {
|
||||
// The plugin was not code signed at all. Don't load.
|
||||
NSLog(@"Plugin not signed at all - don't load."); // log a real error here
|
||||
}
|
||||
else {
|
||||
// Some other codesign error
|
||||
}
|
||||
return NO;
|
||||
}
|
||||
|
||||
@end
|
||||
|
||||
Reference in New Issue
Block a user