PDA

View Full Version : Prevent Authorization prompt




ruhi
Jul 28, 2009, 03:52 AM
I am trying to enable accessibility through my code.

Got an example source code Trust Me application.

before enabling the Accessiblity, the application prompt a dialog box for allowing access with username and password, i want to prevent this dialog box.

the code given in trust me application is as shown below :

- (void)makeProcessTrusted;
{
//authentication based on file:///Developer/Documentation/DocSets/com.apple.ADC_Reference_Library.CoreReference.docset/Contents/Resources/Documents/documentation/Security/Conceptual/authorization_concepts/03authtasks/chapter_3_section_4.html

OSStatus myStatus;
AuthorizationFlags myFlags = kAuthorizationFlagDefaults;
AuthorizationRef myAuthorizationRef;

myStatus = AuthorizationCreate(NULL, kAuthorizationEmptyEnvironment, myFlags, &myAuthorizationRef);

if (myStatus != errAuthorizationSuccess)
{
[self askUserToEnableAccessForAssistiveDevices];
return;
}

AuthorizationItem myItems = {kAuthorizationRightExecute, 0, NULL, 0};
AuthorizationRights myRights = {1, &myItems};

myFlags = kAuthorizationFlagDefaults |
kAuthorizationFlagInteractionAllowed |
kAuthorizationFlagPreAuthorize |
kAuthorizationFlagExtendRights;
myStatus = AuthorizationCopyRights (myAuthorizationRef, &myRights, NULL, myFlags, NULL );

if (myStatus != errAuthorizationSuccess)
{
AuthorizationFree (myAuthorizationRef, kAuthorizationFlagDefaults);
[self askUserToEnableAccessForAssistiveDevices];
return;
}

//we pass the path to our bundle to the agent so it can relaunch us when it makes us trusted
char *myArguments[] = { (char *)([[[NSBundle mainBundle]bundlePath]fileSystemRepresentation]), NULL };

const char *makeProcessTrustedAgentPath = [[[NSBundle bundleWithPath:[[NSBundle mainBundle]pathForAuxiliaryExecutable:@"MakeProcessTrustedAgent.app"]]executablePath]fileSystemRepresentation];

myFlags = kAuthorizationFlagDefaults;
myStatus = AuthorizationExecuteWithPrivileges(myAuthorizationRef,makeProcessTrustedAgentPath,myFlags,myArgument s, NULL);

AuthorizationFree (myAuthorizationRef, kAuthorizationFlagDefaults);

if (myStatus!= errAuthorizationSuccess)
{
[self askUserToEnableAccessForAssistiveDevices];
return;
}

//due to a bug with AXMakeProcessTrusted(), we need to be relaunched before we will actually have access to UI Scripting
[NSApp terminate:nil];
}

i want to enable accessibility for my application but i dnt want it to show any authorization dialog box.

Please help.

Thanks,
ruhi.



gnasher729
Jul 28, 2009, 06:59 AM
So how is that supposed to work? You want to make your application a "trusted" application without the user saying so? What if the user doesn't trust you?

Wouldn't that be a great OS feature if any key logger could run without the user having a say?

Sayer
Jul 28, 2009, 08:46 AM
You are doing two different things here.

One you are asking the user to turn on the Accessibility features of Mac OS X, if they are not turned on already. This requires an Admin access to do so, since you are modifying the system services.

This is separate from having UI Scripting features in your app, which cocoa provides largely "for free" since it is a very large application framework with lots of built-in functionality including UI Scripting.

You app simply provides some delegate methods to give UI Scripting the variable information such as a description for an object. This is separate from enabling the UI Scripting services of Mac OS X.

There is no way to get around asking for a username and password to turn on Accessibility (UI Scripting), but if you just want these features supported in your app, that is a separate matter entirely.

ruhi
Jul 30, 2009, 07:47 AM
ya i want this feature in my application only for not showing that prompt from password and user name. i just want to make my application trusted.

But it should not give any prompt..

Thanks,
Ruhi

lee1210
Jul 30, 2009, 08:11 AM
You either need to use Authorization Services (http://developer.apple.com/documentation/security/conceptual/authorization_concepts/01introduction/introduction.html), as mentioned in this thread:
http://forums.macrumors.com/showthread.php?t=755864

Otherwise you can't perform anything with escalated privileges, so you'll just need to request that the user enable the appropriate options. There is a security model for a reason, and you shouldn't try to break it. Your app is not special, it needs to behave like other OS X apps, and that means asking for permission and authorization to do privileged tasks. If any app can just run as root/with elevated privileges, it's a pretty short trip to an application ruining your system.

-Lee