| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #ifndef BASE_MAC_AUTHORIZATION_UTIL_H_ | |
| 6 #define BASE_MAC_AUTHORIZATION_UTIL_H_ | |
| 7 | |
| 8 // AuthorizationExecuteWithPrivileges fork()s and exec()s the tool, but it | |
| 9 // does not wait() for it. It also doesn't provide the caller with access to | |
| 10 // the forked pid. If used irresponsibly, zombie processes will accumulate. | |
| 11 // | |
| 12 // Apple's really gotten us between a rock and a hard place, here. | |
| 13 // | |
| 14 // Fortunately, AuthorizationExecuteWithPrivileges does give access to the | |
| 15 // tool's stdout (and stdin) via a FILE* pipe. The tool can output its pid | |
| 16 // to this pipe, and the main program can read it, and then have something | |
| 17 // that it can wait() for. | |
| 18 // | |
| 19 // The contract is that any tool executed by the wrappers declared in this | |
| 20 // file must print its pid to stdout on a line by itself before doing anything | |
| 21 // else. | |
| 22 // | |
| 23 // http://developer.apple.com/library/mac/#samplecode/BetterAuthorizationSample/
Listings/BetterAuthorizationSampleLib_c.html | |
| 24 // (Look for "What's This About Zombies?") | |
| 25 | |
| 26 #include <CoreFoundation/CoreFoundation.h> | |
| 27 #include <Security/Authorization.h> | |
| 28 #include <stdio.h> | |
| 29 #include <sys/types.h> | |
| 30 | |
| 31 #include "base/base_export.h" | |
| 32 | |
| 33 namespace base { | |
| 34 namespace mac { | |
| 35 | |
| 36 // Obtains an AuthorizationRef for the rights indicated by |rights|. If | |
| 37 // necessary, prompts the user for authentication. If the user is prompted, | |
| 38 // |prompt| will be used as the prompt string and an icon appropriate for the | |
| 39 // application will be displayed in a prompt dialog. Note that the system | |
| 40 // appends its own text to the prompt string. |extraFlags| will be ORed | |
| 41 // together with the default flags. Returns NULL on failure. | |
| 42 BASE_EXPORT | |
| 43 AuthorizationRef GetAuthorizationRightsWithPrompt( | |
| 44 AuthorizationRights* rights, | |
| 45 CFStringRef prompt, | |
| 46 AuthorizationFlags extraFlags); | |
| 47 | |
| 48 // Obtains an AuthorizationRef (using |GetAuthorizationRightsWithPrompt|) that | |
| 49 // can be used to run commands as root. | |
| 50 BASE_EXPORT | |
| 51 AuthorizationRef AuthorizationCreateToRunAsRoot(CFStringRef prompt); | |
| 52 | |
| 53 // Calls straight through to AuthorizationExecuteWithPrivileges. If that | |
| 54 // call succeeds, |pid| will be set to the pid of the executed tool. If the | |
| 55 // pid can't be determined, |pid| will be set to -1. |pid| must not be NULL. | |
| 56 // |pipe| may be NULL, but the tool will always be executed with a pipe in | |
| 57 // order to read the pid from its stdout. | |
| 58 BASE_EXPORT | |
| 59 OSStatus ExecuteWithPrivilegesAndGetPID(AuthorizationRef authorization, | |
| 60 const char* tool_path, | |
| 61 AuthorizationFlags options, | |
| 62 const char** arguments, | |
| 63 FILE** pipe, | |
| 64 pid_t* pid); | |
| 65 | |
| 66 // Calls ExecuteWithPrivilegesAndGetPID, and if that call succeeds, calls | |
| 67 // waitpid() to wait for the process to exit. If waitpid() succeeds, the | |
| 68 // exit status is placed in |exit_status|, otherwise, -1 is stored. | |
| 69 // |exit_status| may be NULL and this function will still wait for the process | |
| 70 // to exit. | |
| 71 BASE_EXPORT | |
| 72 OSStatus ExecuteWithPrivilegesAndWait(AuthorizationRef authorization, | |
| 73 const char* tool_path, | |
| 74 AuthorizationFlags options, | |
| 75 const char** arguments, | |
| 76 FILE** pipe, | |
| 77 int* exit_status); | |
| 78 | |
| 79 } // namespace mac | |
| 80 } // namespace base | |
| 81 | |
| 82 #endif // BASE_MAC_AUTHORIZATION_UTIL_H_ | |
| OLD | NEW |
|---|
Chromium Code Reviews
