Re: Security framework question
Re: Security framework question
- Subject: Re: Security framework question
- From: Eric Peyton <email@hidden>
- Date: Tue, 10 Jul 2001 08:21:48 -0500
On Tuesday, July 10, 2001, at 04:22 AM, Stiphane Sudre wrote:
On mardi, juillet 10, 2001, at 04:28 AM, Brian Hill wrote:
On Monday, July 9, 2001, at 08:03 PM, Ed Silva wrote:
I have been thinking that I could make a tool to do the real work
(creating the dir, writing files, etc) and use the security
framework to call that, but that seems like such a hack that I
really want to find a better way to do this.
Any ideas? Am I missing something here?
Nope. That's what you have to do -- put it in a tool and use the
functions in the Security framework to run it.
That's the big problem with the security framework.
You can't check the privilege without specifying a tool.
What are you talking about? You sure as heck can check privileges
without specifying a tool. Here's some sample code ... (from the
darwin repository)
int authorizationAllowedForEvent(AuthorizationRef ref, char *event)
{
OSStatus err = 0;
int authorized = 0;
AuthorizationRights rights;
AuthorizationItem items[1];
items[0].name = event; // something like
com.apple.canUserDeleteHardDrive
items[0].value = NULL;
items[0].valueLength = 0;
items[0].flags = 0;
rights.count = 1;
rights.items = items;
err = AuthorizationCopyRights(ref, &rights,
kAuthorizationEmptyEnvironment, kAuthorizationFlagExtendRights |
kAuthorizationFlagInteractionAllowed, NULL);
authorized = (errAuthorizationSuccess == err);
return authorized;
}
And to call it ...
create an authorization ref for your applications and call it with
whatever parameter you want.
It will return the ability to do this "thing" without any tool
being involved anywhere.
It's bad.
Not even.
Eric
_______________________________________________
cocoa-dev mailing list
email@hidden
http://www.lists.apple.com/mailman/listinfo/cocoa-dev