Re: MoreAuthSample Behaviour
Re: MoreAuthSample Behaviour
- Subject: Re: MoreAuthSample Behaviour
- From: Quinn <email@hidden>
- Date: Tue, 2 Sep 2003 17:40:27 +0100
At 8:28 -0700 2/9/03, Duane Murphy wrote:
However, I am wondering about the behaviour of MoreAuthSample. It seems
that the code always requires authentication even when the application is
already available in the Application Support directory with root privilege.
I mostly copied the examples. Did I copy something incorrectly? Is there
a different way of dealing with this behaviour so that authentication is
not required for every run?
MoreAuthSample specifically requests an authorization right, even
when it's run setuid. This is inline with general Authorization
Services policy. In only does this for the
kMoreSecurityTestGetUIDsCommand. You can see the call to
AuthorizationCopyRights in TestToolCommandProc in
"MoreSecurityTool.c". OTOH, for the low-numbered ports command
(kMoreSecurityTestLowNumberPortCommand), it doesn't request an
authorization right, so you don't get the dialog the second time
around.
Future system software will allow you to add custom rights to the
authorization database. That way you can add an "always allow" right
to the database on first run, and request that right in your tool.
Thus you get no second dialog but a sys admin can edit the database
to restrict access to your tool.
S+E
--
Quinn "The Eskimo!" <
http://www.apple.com/developer/>
Apple Developer Technical Support * Networking, Communications, Hardware
_______________________________________________
macnetworkprog mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/macnetworkprog
Do not post admin requests to the list. They will be ignored.