| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "base/mac/authorization_util.h" | 5 #include "base/mac/authorization_util.h" |
| 6 | 6 |
| 7 #import <Foundation/Foundation.h> | 7 #import <Foundation/Foundation.h> |
| 8 #include <sys/wait.h> | 8 #include <sys/wait.h> |
| 9 | 9 |
| 10 #include <string> | 10 #include <string> |
| 11 | 11 |
| 12 #include "base/basictypes.h" | 12 #include "base/basictypes.h" |
| 13 #include "base/logging.h" | 13 #include "base/logging.h" |
| 14 #include "base/mac/bundle_locations.h" | 14 #include "base/mac/bundle_locations.h" |
| 15 #include "base/mac/mac_logging.h" | 15 #include "base/mac/mac_logging.h" |
| 16 #import "base/mac/mac_util.h" | 16 #import "base/mac/mac_util.h" |
| 17 #include "base/mac/scoped_authorizationref.h" | 17 #include "base/mac/scoped_authorizationref.h" |
| 18 #include "base/posix/eintr_wrapper.h" | 18 #include "base/posix/eintr_wrapper.h" |
| 19 #include "base/strings/string_number_conversions.h" | 19 #include "base/strings/string_number_conversions.h" |
| 20 #include "base/strings/string_util.h" | 20 #include "base/strings/string_util.h" |
| 21 | 21 |
| 22 namespace base { | 22 namespace base { |
| 23 namespace mac { | 23 namespace mac { |
| 24 | 24 |
| 25 AuthorizationRef AuthorizationCreateToRunAsRoot(CFStringRef prompt) { | 25 AuthorizationRef GetAuthorizationRightsWithPrompt( |
| 26 AuthorizationRights* rights, |
| 27 CFStringRef prompt, |
| 28 AuthorizationFlags extraFlags) { |
| 26 // Create an empty AuthorizationRef. | 29 // Create an empty AuthorizationRef. |
| 27 ScopedAuthorizationRef authorization; | 30 ScopedAuthorizationRef authorization; |
| 28 OSStatus status = AuthorizationCreate(NULL, | 31 OSStatus status = AuthorizationCreate(NULL, |
| 29 kAuthorizationEmptyEnvironment, | 32 kAuthorizationEmptyEnvironment, |
| 30 kAuthorizationFlagDefaults, | 33 kAuthorizationFlagDefaults, |
| 31 &authorization); | 34 &authorization); |
| 32 if (status != errAuthorizationSuccess) { | 35 if (status != errAuthorizationSuccess) { |
| 33 OSSTATUS_LOG(ERROR, status) << "AuthorizationCreate"; | 36 OSSTATUS_LOG(ERROR, status) << "AuthorizationCreate"; |
| 34 return NULL; | 37 return NULL; |
| 35 } | 38 } |
| 36 | 39 |
| 37 // Specify the "system.privilege.admin" right, which allows | 40 AuthorizationFlags flags = kAuthorizationFlagDefaults | |
| 38 // AuthorizationExecuteWithPrivileges to run commands as root. | 41 kAuthorizationFlagInteractionAllowed | |
| 39 AuthorizationItem right_items[] = { | 42 kAuthorizationFlagExtendRights | |
| 40 {kAuthorizationRightExecute, 0, NULL, 0} | 43 kAuthorizationFlagPreAuthorize | |
| 41 }; | 44 extraFlags; |
| 42 AuthorizationRights rights = {arraysize(right_items), right_items}; | |
| 43 | 45 |
| 44 // product_logo_32.png is used instead of app.icns because Authorization | 46 // product_logo_32.png is used instead of app.icns because Authorization |
| 45 // Services can't deal with .icns files. | 47 // Services can't deal with .icns files. |
| 46 NSString* icon_path = | 48 NSString* icon_path = |
| 47 [base::mac::FrameworkBundle() pathForResource:@"product_logo_32" | 49 [base::mac::FrameworkBundle() pathForResource:@"product_logo_32" |
| 48 ofType:@"png"]; | 50 ofType:@"png"]; |
| 49 const char* icon_path_c = [icon_path fileSystemRepresentation]; | 51 const char* icon_path_c = [icon_path fileSystemRepresentation]; |
| 50 size_t icon_path_length = icon_path_c ? strlen(icon_path_c) : 0; | 52 size_t icon_path_length = icon_path_c ? strlen(icon_path_c) : 0; |
| 51 | 53 |
| 52 // The OS will append " Type an administrator's name and password to allow | 54 // The OS will append " Type an administrator's name and password to allow |
| 53 // <CFBundleDisplayName> to make changes." | 55 // <CFBundleDisplayName> to make changes." |
| 54 NSString* prompt_ns = base::mac::CFToNSCast(prompt); | 56 NSString* prompt_ns = base::mac::CFToNSCast(prompt); |
| 55 const char* prompt_c = [prompt_ns UTF8String]; | 57 const char* prompt_c = [prompt_ns UTF8String]; |
| 56 size_t prompt_length = prompt_c ? strlen(prompt_c) : 0; | 58 size_t prompt_length = prompt_c ? strlen(prompt_c) : 0; |
| 57 | 59 |
| 58 AuthorizationItem environment_items[] = { | 60 AuthorizationItem environment_items[] = { |
| 59 {kAuthorizationEnvironmentIcon, icon_path_length, (void*)icon_path_c, 0}, | 61 {kAuthorizationEnvironmentIcon, icon_path_length, (void*)icon_path_c, 0}, |
| 60 {kAuthorizationEnvironmentPrompt, prompt_length, (void*)prompt_c, 0} | 62 {kAuthorizationEnvironmentPrompt, prompt_length, (void*)prompt_c, 0} |
| 61 }; | 63 }; |
| 62 | 64 |
| 63 AuthorizationEnvironment environment = {arraysize(environment_items), | 65 AuthorizationEnvironment environment = {arraysize(environment_items), |
| 64 environment_items}; | 66 environment_items}; |
| 65 | 67 |
| 66 AuthorizationFlags flags = kAuthorizationFlagDefaults | | |
| 67 kAuthorizationFlagInteractionAllowed | | |
| 68 kAuthorizationFlagExtendRights | | |
| 69 kAuthorizationFlagPreAuthorize; | |
| 70 | |
| 71 status = AuthorizationCopyRights(authorization, | 68 status = AuthorizationCopyRights(authorization, |
| 72 &rights, | 69 rights, |
| 73 &environment, | 70 &environment, |
| 74 flags, | 71 flags, |
| 75 NULL); | 72 NULL); |
| 73 |
| 76 if (status != errAuthorizationSuccess) { | 74 if (status != errAuthorizationSuccess) { |
| 77 if (status != errAuthorizationCanceled) { | 75 if (status != errAuthorizationCanceled) { |
| 78 OSSTATUS_LOG(ERROR, status) << "AuthorizationCopyRights"; | 76 OSSTATUS_LOG(ERROR, status) << "AuthorizationCopyRights"; |
| 79 } | 77 } |
| 80 return NULL; | 78 return NULL; |
| 81 } | 79 } |
| 82 | 80 |
| 83 return authorization.release(); | 81 return authorization.release(); |
| 84 } | 82 } |
| 85 | 83 |
| 84 AuthorizationRef AuthorizationCreateToRunAsRoot(CFStringRef prompt) { |
| 85 // Specify the "system.privilege.admin" right, which allows |
| 86 // AuthorizationExecuteWithPrivileges to run commands as root. |
| 87 AuthorizationItem right_items[] = { |
| 88 {kAuthorizationRightExecute, 0, NULL, 0} |
| 89 }; |
| 90 AuthorizationRights rights = {arraysize(right_items), right_items}; |
| 91 |
| 92 return GetAuthorizationRightsWithPrompt(&rights, prompt, 0); |
| 93 } |
| 94 |
| 86 OSStatus ExecuteWithPrivilegesAndGetPID(AuthorizationRef authorization, | 95 OSStatus ExecuteWithPrivilegesAndGetPID(AuthorizationRef authorization, |
| 87 const char* tool_path, | 96 const char* tool_path, |
| 88 AuthorizationFlags options, | 97 AuthorizationFlags options, |
| 89 const char** arguments, | 98 const char** arguments, |
| 90 FILE** pipe, | 99 FILE** pipe, |
| 91 pid_t* pid) { | 100 pid_t* pid) { |
| 92 // pipe may be NULL, but this function needs one. In that case, use a local | 101 // pipe may be NULL, but this function needs one. In that case, use a local |
| 93 // pipe. | 102 // pipe. |
| 94 FILE* local_pipe; | 103 FILE* local_pipe; |
| 95 FILE** pipe_pointer; | 104 FILE** pipe_pointer; |
| (...skipping 82 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 178 } | 187 } |
| 179 } else { | 188 } else { |
| 180 *exit_status_pointer = -1; | 189 *exit_status_pointer = -1; |
| 181 } | 190 } |
| 182 | 191 |
| 183 return status; | 192 return status; |
| 184 } | 193 } |
| 185 | 194 |
| 186 } // namespace mac | 195 } // namespace mac |
| 187 } // namespace base | 196 } // namespace base |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 28713002:
[Mac] Add option to reauthenticate the OS user before revealing passwords. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src