I need my app to have its own rule in /etc/authorization - it needs to
retain any authorisation given by the user without it timing out (any
authorisation will be destroyed on quit, or on restart if it is left
over
because of a crash) and the system default is to time out after 5 mins.
I've manually modded /etc/authorization to add in a new rule and it
all (now) works great but really this process needs to be automated.
This doesn't appear to be covered in the documentation - there is the
AuthorizationRightSet() function but I haven't managed to succeed in
getting it to add in my right, and anyway it is for 10.3 only and my
app needs to run on 10.2 as well.
AuthorizationRightSet as you may have figured takes a dictionary which
could be the exact definition you want to add. The format was extended
so you could use pre-defined rules. There are examples in the header
file - if these are unclear speak up.
So my current plan is this: extend my authorised tool which runs SUID
to root to support reading the XML file contents into a CFDictionary,
insertint the extra dictionary entry for my app, and writing the XML
back out again.
Is this a bad idea and/or is there a better way?
Modifications to the file directly are okay on all versions, but I
would use the API on 10.3 onward: be aware that the format is different
between the two (extra indirection of rights and rules sections,
comments). If you use the propertylist calls to modify the file on
10.2 you will lose the <!-- --> comments, which is why they're now
separate keys.
For your own safety I recommend that you make a backup of the file for
the user if you're going to modify it yourself.
Conrad.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Apple-cdsa mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
