Re: authorization services
Re: authorization services
- Subject: Re: authorization services
- From: Mark Thomas <email@hidden>
- Date: Tue, 15 Sep 2009 22:25:47 +0100
Hi
> wait() only works if there's a direct child process. Other
relationships (e.g. grandparentage) don't count.
Seems fair and matches the documentation
> I recommend that your privileged tool log its getppid() value and
you manually compare to the getpid() value of the > initiating
process. You should also log getpgid() of the privileged process.
This I cannot check the pid of the initiating process as it's
'AuthorizationExecuteWithPrivileges' which has launched this process
and given it extra privileges somehow, as the below path to the tool
is passed in via the 'cmd' argument, so it's the direct tool which
being launches not something else ?
Thanks
Mark.
> Or use the 'ps' command to examine the process and process-group
relationships.
>
> You should also read the man page for wait(2) and note the variants
waitpid, wait3, wait4.
>
> -- GG
On 15 Sep 2009, at 19:07, Mark Thomas wrote:
Hi All,
Thanks for the replies, however I'm noticing from the snippet below
FILE* commsPipe = NULL;
DEBUG_SHOW(CFStringCreateWithFormat(kCFAllocatorDefault, NULL,
CFSTR("Call external Tool (%s) withs Args(%s)."), cmd, pArguments) );
err = (WirelessError)AuthorizationExecuteWithPrivileges([auth
authorizationRef], &cmd[0], (unsigned
long)kAuthorizationFlagDefaults, argumentsChown, &commsPipe );
if ( err == noErr )
{
NSLog(@"Waiting for profile tool to finish.");
int child; wait(&child);
close(fileno(commsPipe));
NSLog(@"profile tool has finished.");
}
I notice from the NSLog's outputs that this code doesn't seem to
be waiting for that launched tool to finish, as I have also put some
NSLogs within the tool itself, as I do not see NSLog's timestamps
match up, as I would expect to see the timestamp of the above 'tool
has finished' to be the last in console log, however I see
timestamps after the 'wait' has returned.
Am I missing something here ?
Thanks
Mark.
On 14 Sep 2009, at 20:57, Mark Thomas wrote:
Hi ALL,
I was wondering if anybody could tell me if it's correct to use
authorizationExecuteWithPrivileges and wait() calls together, so
the parent process wait's until that new child process finishes.
Googling seems to imply this from the examples I've seen.
However reading the documentation (within XCode) the
authorizationExecuteWithPrivileges, doesn't mention that the
privileged process is actually a child of the process which
executed this ? As while I can understand this, I thought maybe
another process actually launched the requested executable as root.
Thanks for any clarifications, as I would like to be sure this is
correct way to wait for process to finish when I call
authorizationExecuteWithPrivileges, and not this how it works today.
Thanks
Mark.
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden