• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Security framework question
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security framework question

  • Subject: Re: Security framework question
  • From: Stéphane Sudre <email@hidden>
  • Date: Tue, 10 Jul 2001 12:19:52 +0200
On mardi, juillet 10, 2001, at 11:22 AM, Stiphane Sudre wrote:

On mardi, juillet 10, 2001, at 04:28 AM, Brian Hill wrote:

On Monday, July 9, 2001, at 08:03 PM, Ed Silva wrote:


I have been thinking that I could make a tool to do the real work (creating the dir, writing files, etc) and use the security framework to call that, but that seems like such a hack that I really want to find a better way to do this.

Any ideas? Am I missing something here?


Nope. That's what you have to do -- put it in a tool and use the functions in the Security framework to run it.

That's the big problem with the security framework.

You can't check the privilege without specifying a tool.

It's bad.

The addition is that I'm beginning to wonder whether the whole Security Framework is buggy or the documentation is very confusing:

I'm currently looking at both the documentation (i.e. the headers) and the AuthSample code (located in Networking, why not in the OpenGL section ?)

The documentation states:

/*!
@define kAuthorizationRightExecute
The name of the AuthorizationItem that should be passed into the rights when preauthorizing for a call to AuthorizationExecuteWithPrivileges().

You need to aquire this right to be able to perform a AuthorizationExecuteWithPrivileges() operation. In addtion to this right you should obtain whatever rights the tool you are executing with privileges need to perform it's operation on your behalf. Currently no options are supported but you should pass in the full path of the tool you wish to execute in the value and valueLength fields. In the future we will limit the right to only execute the requested path, and we will display this information to the user.
*/
#define kAuthorizationRightExecute "system.privilege.admin"

The fact is that I'm using an admin privileged account. So I guess that when the Authsample code performs the DetermineInitialRights() code, the result will be: success.

But in fact, I get: failure.

To insist a little more:

The documentation:

[...] kAuthorizationRightExecute

[...] You need to aquire this right to be able to perform a AuthorizationExecuteWithPrivileges() operation. [...]

I have admin privilege so I have this right, haven't I ?

[...] In addtion to this right you should obtain whatever rights the tool you are executing with privileges need to perform it's operation on your behalf. [...]

Well, the Authsample code doesn't ask for this in DetermineInitialRights(), yet the answer is: you do not have the privilege.

References: 
 >Re: Security framework question (From: Stéphane Sudre <email@hidden>)

  • Prev by Date: Bah, Networking Woes!
  • Next by Date: Re: NSThread question
  • Previous by thread: Re: Security framework question
  • Next by thread: Re: Security framework question
  • Index(es):
    • Date
    • Thread