Re: AuthorizationExecuteWithPrivileges flag error
Re: AuthorizationExecuteWithPrivileges flag error
- Subject: Re: AuthorizationExecuteWithPrivileges flag error
- From: Kevin Elliott <email@hidden>
- Date: Mon, 4 Aug 2008 09:41:11 -0700
Glancing at your code, this:
AuthorizationItem right = { RIGHT, 0, NULL, 0 };
Looks completely wrong. What is RIGHT?
Your flags also look wrong. Your not allowing interaction, so the
system won't be allowed to authorize to create your right.
Not to mention that I have no idea why your messing around with
AuthorizationCreateFromExternalForm- the entire point of
AuthorizationCreateFromExternalForm is to work with authorizations
that came from other processes, which makes calling it with a stack
allocated empty form very odd. Honestly, I'm a little surprised it
didn't just crash.
All of which leads to this- what are you trying to do?
AuthorizationExecuteWithPrivileges is NOT an API you should be using
to call something like sysctl. It's intended to be used by
installers, not as a general purpose API for running random things as
root.
You need to take a very close look at the following doc:
http://developer.apple.com/documentation/Security/Conceptual/authorization_concepts/01introduction/chapter_1_section_1.html
In addition take a look at the following sample:
http://developer.apple.com/samplecode/BetterAuthorizationSample/index.html
On Jul 30, 2008, at 6:16 AM, sheen mac wrote:
Hi All,
In my project , I added an executable and created AuthorizationRef
successfully.The AuthorizationCopyRights also worked without
error.But when AuthorizationExecuteWithPrivileges , it shows
the invalid flags error.
Kindly help me.
Thanks In Advance,
Sheen
OSStatus status;AuthorizationRef auth;
AuthorizationExternalForm extAuth;
if (geteuid() != 0) {
setuid(0);
}
if (fread(&extAuth, sizeof(extAuth), 1, stdin) != 1)
exit(-1);
if (AuthorizationCreateFromExternalForm(&extAuth, &auth))
exit(-1);
AuthorizationItem right = { RIGHT, 0, NULL, 0 };
AuthorizationRights rights = { 1, &right };
AuthorizationFlags flags = kAuthorizationFlagDefaults |
kAuthorizationFlagExtendRights;
if (status = AuthorizationCopyRights(auth, &rights,
kAuthorizationEmptyEnvironment, flags, NULL)) {
exit(-1);
}
char* args[3];
OSStatus err = 0;
FILE* iopipe;
args[0] = "-w";
args[1]="net.inet.ip.forwarding=1";
args[2]=NULL;
err = AuthorizationExecuteWithPrivileges(auth,
"/usr/sbin/sysctl",
flags, args, &iopipe);
if(err!=errAuthorizationSuccess)
fprintf(stderr,"failed\n");
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden