• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: AuthorizationRef, AuthorizationCopyRights, with less user interaction
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: AuthorizationRef, AuthorizationCopyRights, with less user interaction

  • Subject: Re: AuthorizationRef, AuthorizationCopyRights, with less user interaction
  • From: Jesse Grosjean <email@hidden>
  • Date: Sun, 13 Mar 2005 12:16:50 -0500
My goal is to allow my application to call the IOPMSchedulePowerEvent()
and IOPMCancelScheduledPowerEvent() functions without requiring the
user to authorize (enter admin password) each time my application is
launched. I'm not sure if I'm going about this the right way, here is
my reasoning so far: 

Look at MoreAuthSample and the auth services conceptual/reference
documentation. Study in detail. You're missing the key point about
making your helper tool setuid root. If it's setuid root, then every
time you execute it it will run as root without authentication. BE
CAREFUL, though, as this can be a massive security hole.


Thanks, I'm new to security issues and was on the wrong track.

I think I've got things working correctly now. I'm now using the generic code from the MoreAuthSample. So I now include a template of my tool with my app and that gets copied to the application support folder. So AuthorizationExecuteWithPrivileges() only gets run once and the user only needs to type in their password once.

The one problem that I did run into was that after making all of these changes IOPMSchedulePowerEvent() was failing and returning kIOReturnNotPrivileged. This was fixed looking at the ThemeChangerTool.m code and adding setuid(0); to my tool as is done by the ThemeChanger, I didn't see this mentioned in the MoreAuthSample code. I don't quite understand why that's needed (maybe the IOKit power management functions don't know about effective users?), in any-case it all seem to be working now.

Thanks for your help.

Jesse


_______________________________________________
Do not post admin requests to the list. They will be ignored.
Cocoa-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden






References: 


 >AuthorizationRef, AuthorizationCopyRights,	with less user interaction (From: Jesse Grosjean <email@hidden>)


 >Re: AuthorizationRef, AuthorizationCopyRights,	with less user interaction (From: Finlay Dobbie <email@hidden>)






    

  • Prev by Date:
Re: NSImage Size Discrepancies

    • 

  • Next by Date:
controller class for NSPanel

    • 

  • Previous by thread:
Re: AuthorizationRef, AuthorizationCopyRights,	with less user interaction

    • 

  • Next by thread:
NSPopUpButtons and removing items

    • 

  • Index(es):

      

    • Date
      • 

    • Thread
      • 

    

    •