• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: MoreAuthSample Behaviour
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: MoreAuthSample Behaviour


  • Subject: Re: MoreAuthSample Behaviour
  • From: Quinn <email@hidden>
  • Date: Tue, 2 Sep 2003 17:40:27 +0100

At 8:28 -0700 2/9/03, Duane Murphy wrote:
However, I am wondering about the behaviour of MoreAuthSample. It seems
that the code always requires authentication even when the application is
already available in the Application Support directory with root privilege.

I mostly copied the examples. Did I copy something incorrectly? Is there
a different way of dealing with this behaviour so that authentication is
not required for every run?

MoreAuthSample specifically requests an authorization right, even when it's run setuid. This is inline with general Authorization Services policy. In only does this for the kMoreSecurityTestGetUIDsCommand. You can see the call to AuthorizationCopyRights in TestToolCommandProc in "MoreSecurityTool.c". OTOH, for the low-numbered ports command (kMoreSecurityTestLowNumberPortCommand), it doesn't request an authorization right, so you don't get the dialog the second time around.

Future system software will allow you to add custom rights to the authorization database. That way you can add an "always allow" right to the database on first run, and request that right in your tool. Thus you get no second dialog but a sys admin can edit the database to restrict access to your tool.

S+E
--
Quinn "The Eskimo!" <http://www.apple.com/developer/>
Apple Developer Technical Support * Networking, Communications, Hardware
_______________________________________________
macnetworkprog mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/macnetworkprog
Do not post admin requests to the list. They will be ignored.

References: 
 >MoreAuthSample Behaviour (From: "Duane Murphy" <email@hidden>)

  • Prev by Date: Re: Panther and Firewall API?
  • Next by Date: Re: Panther and Firewall API?
  • Previous by thread: MoreAuthSample Behaviour
  • Next by thread: kOTOutStateErr return from OTGetEndpointState
  • Index(es):
    • Date
    • Thread