Re: Authorization question
Re: Authorization question
- Subject: Re: Authorization question
- From: Lance Drake <email@hidden>
- Date: Sun, 1 Jun 2003 18:31:06 -0600
Hi Darkshadow (aka Mike).
If you are asking if, for the purposes of executing one
authorizated 'activity' via your helper tool, you are asked to enter an
admin password twice, perhaps it is possible for you to skip the first
of those two authorization dialogs.
BTW - If anyone would like to chime in with a better solution, I'd
love to hear it as I have not been able to successfully copy 'rights'
and have the helper tool not require me to satisfy a second dialog.
There is newer 'Authorization' sample code - from last week or so -
in the Sample Code section of the develop.apple.com site. It purports
to embody a new code strategy. Maybe that'd be of some help to you.
The sample code provided for Authorization has it setup so that you
'pre-authorize' and then, supposedly, you copy and pass this
pre-authorization right down to the tool. However, my experience has
been that the tool always thinks it has to authorize again - so I have
since just skipped the preauthorization part (which may or may not be a
problem, depending on what it is you plan to do... they suggest it may
be better to pre-authorize before you get to the point that you've
wasted some time and then realize you have to cancel... but that's not
the logic flow in my work, so I don't care).
What I have ended up doing is shown here... the 'performCommand' call
ends up generating the single Authorization dialog as a consequence of
code executed in the helper tool after it is launched.
Note that with MacOSX 10.1.5 you will likely end up with an
authorization dialog which does not display your application icon and
refers to your application by the name 'Authorization Trampoline'. If
you pre-authorize (with MacOSX 10.1.5) the initial dialog will probably
appear OK - but you'll get that secondary dialog with the
'Authorization Trampoline' reference. For me, MacOSX 10.2.X handles
the tool-generated dialog with no problems.
// ------------------------------------------------------------
OSStatus invokeAuthorizedHelperTool(void)
{
OSStatus status;
OSStatus dialogReplyStatus;
AuthorizationRef authorizationRef = NULL;
AuthorizationItem right = { "com.player.appl.command1", 0, NULL, 0 };
AuthorizationRights rights = { 1, &right };
AuthorizationFlags flags = ( kAuthorizationFlagDefaults |
kAuthorizationFlagInteractionAllowed |
kAuthorizationFlagPreAuthorize |
kAuthorizationFlagExtendRights);
// New authorization reference - later be passed to the tool.
status = AuthorizationCreate( NULL,
kAuthorizationEmptyEnvironment,
kAuthorizationFlagDefaults,
&authorizationRef);
// *** SKIP THE PART WHERE AUTHORIZATION RIGHTS ARE COPIED ***
if (status != errAuthorizationSuccess)
{
IFDEBUG(syslog(LOG_INFO, "Failed to create the authref: %ld.\n",
status);)
status = kPlayerAuthorizedCommandInternalError;
}
else
{
IFDEBUG(syslog(LOG_INFO, "Created 'authorizationRef'\n");)
sMyCommand.authorizedCommandId = kMyAuthorizedCommandOperation1;
// THIS CALL INVOKES THE HELPER TOOL ACTIVITIES
dialogReplyStatus = performCommand(authorizationRef, & sMyCommand);
IFDEBUG(syslog(LOG_INFO, "Performing command 1 returned %d.\n",
status);)
status = AuthorizationFree(authorizationRef,
kAuthorizationFlagDestroyRights);
IFDEBUG(syslog(LOG_INFO, "AuthorizationFree STATUS = %d.\n",
status);)
}
return (dialogReplyStatus);
// --------------------------------------------------------------
Here's hoping that helps.
Lance Drake
_______________________________________________
cocoa-dev mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/cocoa-dev
Do not post admin requests to the list. They will be ignored.