• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
How to create an auth model similar to the networking prefs?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

How to create an auth model similar to the networking prefs?

  • Subject: How to create an auth model similar to the networking prefs?
  • From: Dave Camp <email@hidden>
  • Date: Tue, 22 Jan 2008 15:18:29 -0800
I'm not sure if this is the best list to ask my question, but I thought I'd start here since I've seen some auth items discussed here before. If there is a better list, please point me at it (the description of the CDSA list sounded like it was for something different).

I'm working on an internet backup solution for 10.4+ that has a daemon running as root and a System Preferences pane that controls it via a unix domain socket. I want to restrict changing the backup settings in the pref pane in an almost identical manner to what I've observed in the Network and other pref panes:

1) If the user is an admin, no further action is needed to change settings
2) If the user is not an admin, the UI is locked and the user must authenticate as an admin. If the right is granted the UI unlocks.
3) A lock button can be clicked to lock the UI and an authentication is needed to get back in.

I've read TN2095 and QA1277 and reviewed the AuthForAll code, since my pane is essentially self-restricted. I'm pretty much using the straight code from the example for acquiring and setting up my rights.

What I can't seem to figure out is how to construct/test a single right that gives me all of the above. Is it possible to do this with a single right?

For example, creating a right of com.company.backup.prefs.change with rule =
kAuthorizationRuleIsAdmin solves problem #1. I get the right running as myself and I don't get the right when running as a non-admin and no prompts are displayed. However, this appears to be a test-only rule and it will never prompt the user to authenticate so it doesn't solve problem #2.

Conversely, changing the rule to kAuthorizationRuleAuthenticateAsAdmin solves #2 but breaks #1.

Should I use two rights? Something like com.company.backup.isAdmin where rule = kAuthorizationRuleIsAdmin and com.company.backup.prefs.change where rule = kAuthorizationRuleAuthenticateAsAdmin to accomplish this?

Can someone tell me how the Network prefs accomplishes this, or suggest other solutions to this problem?

Thanks,
Dave


_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden




  • Follow-Ups:

      

    • Re: How to create an auth model similar to the networking prefs?

      • From: Quinn <email@hidden>
      • 



    

  • Prev by Date:
Re: Connect to Server smb path containing :139 resets / kills Finder

    • 

  • Next by Date:
How does server decide what text encoding for response?

    • 

  • Previous by thread:
Re: Connect to Server smb path containing :139 resets / kills  Finder

    • 

  • Next by thread:
Re: How to create an auth model similar to the networking prefs?

    • 

  • Index(es):

      

    • Date
      • 

    • Thread
      • 

    

    •