OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "base/mac/authorization_util.h" | 5 #include "base/mac/authorization_util.h" |
6 | 6 |
7 #import <Foundation/Foundation.h> | 7 #import <Foundation/Foundation.h> |
8 #include <sys/wait.h> | 8 #include <sys/wait.h> |
9 | 9 |
10 #include <string> | 10 #include <string> |
11 | 11 |
12 #include "base/basictypes.h" | 12 #include "base/basictypes.h" |
13 #include "base/logging.h" | 13 #include "base/logging.h" |
14 #include "base/mac/bundle_locations.h" | 14 #include "base/mac/bundle_locations.h" |
15 #include "base/mac/mac_logging.h" | 15 #include "base/mac/mac_logging.h" |
16 #import "base/mac/mac_util.h" | 16 #import "base/mac/mac_util.h" |
17 #include "base/mac/scoped_authorizationref.h" | 17 #include "base/mac/scoped_authorizationref.h" |
18 #include "base/posix/eintr_wrapper.h" | 18 #include "base/posix/eintr_wrapper.h" |
19 #include "base/strings/string_number_conversions.h" | 19 #include "base/strings/string_number_conversions.h" |
20 #include "base/strings/string_util.h" | 20 #include "base/strings/string_util.h" |
21 | 21 |
22 namespace base { | 22 namespace base { |
23 namespace mac { | 23 namespace mac { |
24 | 24 |
25 AuthorizationRef AuthorizationCreateToRunAsRoot(CFStringRef prompt) { | 25 AuthorizationRef GetAuthorizationRightsWithPrompt( |
| 26 AuthorizationRights* rights, |
| 27 CFStringRef prompt, |
| 28 AuthorizationFlags extraFlags) { |
26 // Create an empty AuthorizationRef. | 29 // Create an empty AuthorizationRef. |
27 ScopedAuthorizationRef authorization; | 30 ScopedAuthorizationRef authorization; |
28 OSStatus status = AuthorizationCreate(NULL, | 31 OSStatus status = AuthorizationCreate(NULL, |
29 kAuthorizationEmptyEnvironment, | 32 kAuthorizationEmptyEnvironment, |
30 kAuthorizationFlagDefaults, | 33 kAuthorizationFlagDefaults, |
31 &authorization); | 34 &authorization); |
32 if (status != errAuthorizationSuccess) { | 35 if (status != errAuthorizationSuccess) { |
33 OSSTATUS_LOG(ERROR, status) << "AuthorizationCreate"; | 36 OSSTATUS_LOG(ERROR, status) << "AuthorizationCreate"; |
34 return NULL; | 37 return NULL; |
35 } | 38 } |
36 | 39 |
37 // Specify the "system.privilege.admin" right, which allows | 40 AuthorizationFlags flags = kAuthorizationFlagDefaults | |
38 // AuthorizationExecuteWithPrivileges to run commands as root. | 41 kAuthorizationFlagInteractionAllowed | |
39 AuthorizationItem right_items[] = { | 42 kAuthorizationFlagExtendRights | |
40 {kAuthorizationRightExecute, 0, NULL, 0} | 43 kAuthorizationFlagPreAuthorize | |
41 }; | 44 extraFlags; |
42 AuthorizationRights rights = {arraysize(right_items), right_items}; | |
43 | 45 |
44 // product_logo_32.png is used instead of app.icns because Authorization | 46 // product_logo_32.png is used instead of app.icns because Authorization |
45 // Services can't deal with .icns files. | 47 // Services can't deal with .icns files. |
46 NSString* icon_path = | 48 NSString* icon_path = |
47 [base::mac::FrameworkBundle() pathForResource:@"product_logo_32" | 49 [base::mac::FrameworkBundle() pathForResource:@"product_logo_32" |
48 ofType:@"png"]; | 50 ofType:@"png"]; |
49 const char* icon_path_c = [icon_path fileSystemRepresentation]; | 51 const char* icon_path_c = [icon_path fileSystemRepresentation]; |
50 size_t icon_path_length = icon_path_c ? strlen(icon_path_c) : 0; | 52 size_t icon_path_length = icon_path_c ? strlen(icon_path_c) : 0; |
51 | 53 |
52 // The OS will append " Type an administrator's name and password to allow | 54 // The OS will append " Type an administrator's name and password to allow |
53 // <CFBundleDisplayName> to make changes." | 55 // <CFBundleDisplayName> to make changes." |
54 NSString* prompt_ns = base::mac::CFToNSCast(prompt); | 56 NSString* prompt_ns = base::mac::CFToNSCast(prompt); |
55 const char* prompt_c = [prompt_ns UTF8String]; | 57 const char* prompt_c = [prompt_ns UTF8String]; |
56 size_t prompt_length = prompt_c ? strlen(prompt_c) : 0; | 58 size_t prompt_length = prompt_c ? strlen(prompt_c) : 0; |
57 | 59 |
58 AuthorizationItem environment_items[] = { | 60 AuthorizationItem environment_items[] = { |
59 {kAuthorizationEnvironmentIcon, icon_path_length, (void*)icon_path_c, 0}, | 61 {kAuthorizationEnvironmentIcon, icon_path_length, (void*)icon_path_c, 0}, |
60 {kAuthorizationEnvironmentPrompt, prompt_length, (void*)prompt_c, 0} | 62 {kAuthorizationEnvironmentPrompt, prompt_length, (void*)prompt_c, 0} |
61 }; | 63 }; |
62 | 64 |
63 AuthorizationEnvironment environment = {arraysize(environment_items), | 65 AuthorizationEnvironment environment = {arraysize(environment_items), |
64 environment_items}; | 66 environment_items}; |
65 | 67 |
66 AuthorizationFlags flags = kAuthorizationFlagDefaults | | |
67 kAuthorizationFlagInteractionAllowed | | |
68 kAuthorizationFlagExtendRights | | |
69 kAuthorizationFlagPreAuthorize; | |
70 | |
71 status = AuthorizationCopyRights(authorization, | 68 status = AuthorizationCopyRights(authorization, |
72 &rights, | 69 rights, |
73 &environment, | 70 &environment, |
74 flags, | 71 flags, |
75 NULL); | 72 NULL); |
| 73 |
76 if (status != errAuthorizationSuccess) { | 74 if (status != errAuthorizationSuccess) { |
77 if (status != errAuthorizationCanceled) { | 75 if (status != errAuthorizationCanceled) { |
78 OSSTATUS_LOG(ERROR, status) << "AuthorizationCopyRights"; | 76 OSSTATUS_LOG(ERROR, status) << "AuthorizationCopyRights"; |
79 } | 77 } |
80 return NULL; | 78 return NULL; |
81 } | 79 } |
82 | 80 |
83 return authorization.release(); | 81 return authorization.release(); |
84 } | 82 } |
85 | 83 |
| 84 AuthorizationRef AuthorizationCreateToRunAsRoot(CFStringRef prompt) { |
| 85 // Specify the "system.privilege.admin" right, which allows |
| 86 // AuthorizationExecuteWithPrivileges to run commands as root. |
| 87 AuthorizationItem right_items[] = { |
| 88 {kAuthorizationRightExecute, 0, NULL, 0} |
| 89 }; |
| 90 AuthorizationRights rights = {arraysize(right_items), right_items}; |
| 91 |
| 92 return GetAuthorizationRightsWithPrompt(&rights, prompt, 0); |
| 93 } |
| 94 |
86 OSStatus ExecuteWithPrivilegesAndGetPID(AuthorizationRef authorization, | 95 OSStatus ExecuteWithPrivilegesAndGetPID(AuthorizationRef authorization, |
87 const char* tool_path, | 96 const char* tool_path, |
88 AuthorizationFlags options, | 97 AuthorizationFlags options, |
89 const char** arguments, | 98 const char** arguments, |
90 FILE** pipe, | 99 FILE** pipe, |
91 pid_t* pid) { | 100 pid_t* pid) { |
92 // pipe may be NULL, but this function needs one. In that case, use a local | 101 // pipe may be NULL, but this function needs one. In that case, use a local |
93 // pipe. | 102 // pipe. |
94 FILE* local_pipe; | 103 FILE* local_pipe; |
95 FILE** pipe_pointer; | 104 FILE** pipe_pointer; |
(...skipping 82 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
178 } | 187 } |
179 } else { | 188 } else { |
180 *exit_status_pointer = -1; | 189 *exit_status_pointer = -1; |
181 } | 190 } |
182 | 191 |
183 return status; | 192 return status; |
184 } | 193 } |
185 | 194 |
186 } // namespace mac | 195 } // namespace mac |
187 } // namespace base | 196 } // namespace base |
OLD | NEW |