Lists

Terms and Conditions
Lists hosted on this site
Email the Postmaster
Tips for posting to public mailing lists

Re: AuthorizationExecuteWithPrivileges flag error

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: AuthorizationExecuteWithPrivileges flag error

Subject: Re: AuthorizationExecuteWithPrivileges flag error
From: Kevin Elliott <email@hidden>
Date: Mon, 4 Aug 2008 09:41:11 -0700

Glancing at your code, this:

AuthorizationItem right = { RIGHT, 0, NULL, 0 };


Looks completely wrong.  What is RIGHT?

Your flags also look wrong. Your not allowing interaction, so the system won't be allowed to authorize to create your right.

Not to mention that I have no idea why your messing around with AuthorizationCreateFromExternalForm- the entire point of AuthorizationCreateFromExternalForm is to work with authorizations that came from other processes, which makes calling it with a stack allocated empty form very odd. Honestly, I'm a little surprised it didn't just crash.

All of which leads to this- what are you trying to do?

AuthorizationExecuteWithPrivileges is NOT an API you should be using to call something like sysctl. It's intended to be used by installers, not as a general purpose API for running random things as root.

You need to take a very close look at the following doc:
http://developer.apple.com/documentation/Security/Conceptual/authorization_concepts/01introduction/chapter_1_section_1.html

In addition take a look at the following sample:
http://developer.apple.com/samplecode/BetterAuthorizationSample/index.html

On Jul 30, 2008, at 6:16 AM, sheen mac wrote:

Hi All,

In my project , I added an executable and created AuthorizationRef
successfully.The AuthorizationCopyRights also worked without
error.But when AuthorizationExecuteWithPrivileges , it shows
the invalid flags error.

Kindly help me.

Thanks In Advance,
Sheen

OSStatus status;AuthorizationRef auth;
AuthorizationExternalForm extAuth;


	if (geteuid() != 0) {
		setuid(0);
	}

	if (fread(&extAuth, sizeof(extAuth), 1, stdin) != 1)
		exit(-1);
	if (AuthorizationCreateFromExternalForm(&extAuth, &auth))
		exit(-1);

AuthorizationItem right = { RIGHT, 0, NULL, 0 }; AuthorizationRights rights = { 1, &right }; AuthorizationFlags flags = kAuthorizationFlagDefaults | kAuthorizationFlagExtendRights;

if (status = AuthorizationCopyRights(auth, &rights, kAuthorizationEmptyEnvironment, flags, NULL)) { exit(-1); } char* args[3]; OSStatus err = 0; FILE* iopipe;

   args[0] = "-w";
   args[1]="net.inet.ip.forwarding=1";
   args[2]=NULL;

   err = AuthorizationExecuteWithPrivileges(auth,
                                            "/usr/sbin/sysctl",
                                            flags, args, &iopipe);


	if(err!=errAuthorizationSuccess)
		fprintf(stderr,"failed\n");


_______________________________________________

Cocoa-dev mailing list (email@hidden)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden



Prev by Date:
Re: Dependent NSOperations (and best practices)

Next by Date:
Re: How to get music list?

Previous by thread:
Re: Help no longer needed! (was: help linking sqlite3 wrapper)

Next by thread:
Bindings to display an NSArray of NSStrings as a single NSString?

Index(es):

Date
Thread