| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright (c) 2009 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #ifndef CHROME_BROWSER_COCOA_AUTHORIZATION_UTIL_H_ |
| 6 #define CHROME_BROWSER_COCOA_AUTHORIZATION_UTIL_H_ |
| 7 |
| 8 // AuthorizationExecuteWithPrivileges fork()s and exec()s the tool, but it |
| 9 // does not wait() for it. It also doesn't provide the caller with access to |
| 10 // the forked pid. If used irresponsibly, zombie processes will accumulate. |
| 11 // |
| 12 // Apple's really gotten us between a rock and a hard place, here. |
| 13 // |
| 14 // Fortunately, AuthorizationExecuteWithPrivileges does give access to the |
| 15 // tool's stdout (and stdin) via a FILE* pipe. The tool can output its pid |
| 16 // to this pipe, and the main program can read it, and then have something |
| 17 // that it can wait() for. |
| 18 // |
| 19 // The contract is that any tool executed by the wrappers declared in this |
| 20 // file must print its pid to stdout on a line by itself before doing anything |
| 21 // else. |
| 22 // |
| 23 // http://developer.apple.com/mac/library/samplecode/BetterAuthorizationSample/l
isting1.html |
| 24 // (Look for "What's This About Zombies?") |
| 25 |
| 26 #include <Security/Authorization.h> |
| 27 #include <stdio.h> |
| 28 #include <sys/types.h> |
| 29 |
| 30 namespace authorization_util { |
| 31 |
| 32 // Calls straight through to AuthorizationExecuteWithPrivileges. If that |
| 33 // call succeeds, |pid| will be set to the pid of the executed tool. If the |
| 34 // pid can't be determined, |pid| will be set to -1. |pid| must not be NULL. |
| 35 // |pipe| may be NULL, but the tool will always be executed with a pipe in |
| 36 // order to read the pid from its stdout. |
| 37 OSStatus ExecuteWithPrivilegesAndGetPID(AuthorizationRef authorization, |
| 38 const char* tool_path, |
| 39 AuthorizationFlags options, |
| 40 const char** arguments, |
| 41 FILE** pipe, |
| 42 pid_t* pid); |
| 43 |
| 44 // Calls ExecuteWithPrivilegesAndGetPID, and if that call succeeds, calls |
| 45 // waitpid() to wait for the process to exit. If waitpid() succeeds, the |
| 46 // exit status is placed in |exit_status|, otherwise, -1 is stored. |
| 47 // |exit_status| may be NULL and this function will still wait for the process |
| 48 // to exit. |
| 49 OSStatus ExecuteWithPrivilegesAndWait(AuthorizationRef authorization, |
| 50 const char* tool_path, |
| 51 AuthorizationFlags options, |
| 52 const char** arguments, |
| 53 FILE** pipe, |
| 54 int* exit_status); |
| 55 |
| 56 } // namespace authorization_util |
| 57 |
| 58 #endif // CHROME_BROWSER_COCOA_AUTHORIZATION_UTIL_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 437053:
In-application Keystone ticket promotion (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/