Below is the sample code from Apple at the end of "authorizationconcepts.pdf". It should be absolutely identical, except for whitespace.
It works fine, no surprise. However, I'd like it to work for my own tool, which is, at the moment, a toy bash script which attempts nothing other than to 'cp' a file into a protected area. It currently takes the full path of the Info.plist in /App..s/Util..s/Terminal/Contents/ and tries to cp that into the same path but named "Back.plist".
So I change the one line which points to "/usr/bin/id" to point to my bash script instead. But it doesn't work-- the cp command returns "permission denied". One single change, and the thing doesn't work. Nuts!
Obvious and/or silly errors can be ruled out: If I "sudo myBashScript" on the command line, it performs exactly as it should, so there's nothing wrong with the bash script per se. Also, when executed from the compiled SampleCode app, myBashScript executes fine... it is just the cp command which fails...
What am I missing?
It works fine, no surprise. However, I'd like it to work for my own tool, which is, at the moment, a toy bash script which attempts nothing other than to 'cp' a file into a protected area. It currently takes the full path of the Info.plist in /App..s/Util..s/Terminal/Contents/ and tries to cp that into the same path but named "Back.plist".
So I change the one line which points to "/usr/bin/id" to point to my bash script instead. But it doesn't work-- the cp command returns "permission denied". One single change, and the thing doesn't work. Nuts!
Obvious and/or silly errors can be ruled out: If I "sudo myBashScript" on the command line, it performs exactly as it should, so there's nothing wrong with the bash script per se. Also, when executed from the compiled SampleCode app, myBashScript executes fine... it is just the cp command which fails...
What am I missing?
Code:
#include <Security/Authorization.h>
#include <Security/AuthorizationTags.h>
//int read(long,StringPtr,int);
//int write(long,StringPtr,int);
#import <Foundation/Foundation.h>
int main( int argc , const char* argv[] ) {
OSStatus myStatus;
AuthorizationFlags myFlags = kAuthorizationFlagDefaults; //1
AuthorizationRef myAuthorizationRef; //2
myStatus = AuthorizationCreate(NULL, kAuthorizationEmptyEnvironment, myFlags, &myAuthorizationRef); //3
if (myStatus != errAuthorizationSuccess)
return myStatus;
myStatus = AuthorizationCopyPrivilegedReference(&myAuthorizationRef, kAuthorizationFlagDefaults);
{
AuthorizationItem myItems = {kAuthorizationRightExecute, 0, NULL, 0}; //4
AuthorizationRights myRights = {1, &myItems}; //5
myFlags = kAuthorizationFlagDefaults | kAuthorizationFlagInteractionAllowed | kAuthorizationFlagPreAuthorize | kAuthorizationFlagExtendRights; //6
myStatus = AuthorizationCopyRights(myAuthorizationRef, &myRights, NULL, myFlags, NULL ); //7
}
if (myStatus != errAuthorizationSuccess)
goto DoneWorking;
{
char myToolPath[] = "/usr/bin/id";
char *myArguments[] = { "-un", NULL };
FILE *myCommunicationsPipe = NULL;
char myReadBuffer[128];
myFlags = kAuthorizationFlagDefaults; //8
myStatus = AuthorizationExecuteWithPrivileges(myAuthorizationRef, myToolPath, myFlags, myArguments, &myCommunicationsPipe); //9
if (myStatus == errAuthorizationSuccess)
for(;;) {
int bytesRead = read(fileno (myCommunicationsPipe), myReadBuffer, sizeof(myReadBuffer));
if (bytesRead < 1)
goto DoneWorking;
write( fileno(stdout), myReadBuffer, bytesRead);
}
}
DoneWorking:
AuthorizationFree(myAuthorizationRef, kAuthorizationFlagDefaults); //10
return 0;
}
Last edited: