• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Using Security framework to write self-limiting app without modifying /etc/authorization?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Using Security framework to write self-limiting app without modifying /etc/authorization?

  • Subject: Using Security framework to write self-limiting app without modifying /etc/authorization?
  • From: Piers Uso Walter <email@hidden>
  • Date: Wed, 7 Oct 2009 23:06:46 +0200
I am trying to write a self-limiting application (i.e. an application that asks for authorization before performing certain functions). I have reviewed the Security framework which seems to be intended for requirements like this, but fail to understand how this would work in my specific case.

As far as I understand the self-limiting application defines a right, which it then tries to acquire before performing the limited function.

If the administrator has defined this right in /etc/authorization (or if the application has done so after having aquired administrator authorization), that definition is used as the criteria for granting/ denying the right.

If, however /etc/authorization does not contain a definition for the application-specific right, the security framework defaults to using the default rule, which is to require explicit authorization as an administrator.

My situation seems to be a little bit different. I would like the application to specify the rule for aquiring the right (e.g. authorization as a member of a certain group). I want this to work out of the box, however, without requiring the administrator to modify /etc/authorization beforehand, and without requiring the user to enter an admin password in order to have the application "install" the right definition into /etc/authorization.

(Of course, it would be nice if the site administrator would continue to have the option to modify the requirements using /etc/ authorization, I just don't want to make this a requirement for using the application.)

So I guess the question comes down to: is there a way to use the Security framework (or any other system-supplied mechanism) to perform authorization according to application-defined rules that have not been added to /etc/authorization?

Is that even possible?

_______________________________________________

Cocoa-dev mailing list (email@hidden)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden




    

  • Prev by Date:
Re: feeble anti-aliasing

    • 

  • Next by Date:
Re: feeble anti-aliasing

    • 

  • Previous by thread:
Re: feeble anti-aliasing

    • 

  • Next by thread:
Autorelease pool

    • 

  • Index(es):

      

    • Date
      • 

    • Thread
      • 

    

    •