Authorization to copy a file -- is it really that complex?

  • I've managed to never have to deal with Authorization Services so far in my Cocoa career; until today. Basically I have an app that needs to install some helper tools that the user can run from a shell. (This is a lot like the way TextMate installs the 'mate' tool.) I'm giving a choice of install locations, but the typical one is going to be /usr/bin, so the app will need to authorize to do that.

    Reading through the Authorization Services Programming Guide and BetterAuthorizationSample, this all looks really, really complicated. All I need to do is the GUI equivalent of "sudo ditto my_tool /usr/bin" — does this really take pages and pages of code involving AuthorizationRefs and IPC, and either setuid or invoking launchctl?!

    —Jens
  • Jens,

    I understand your pain. I didn't want to go through it either and I finally found BLAuthentication which is a Objective-C wrapper class around the Authorization Services. It's a bit outdated but still works fine for me. It's hard to find a copy somewhere but here is a link:

    http://blog.laurent.etiemble.com/index.php?post/2005/12/05/36

    -Laurent.
    --
    Laurent Daudelin
    AIM/iChat/Skype:LaurentDaudelin                 http://www.nemesys-soft.com/
    Logiciels Nemesys Software                    <laurent...>

    On Jun 14, 2012, at 13:39, Jens Alfke wrote:

    > I've managed to never have to deal with Authorization Services so far in my Cocoa career; until today. Basically I have an app that needs to install some helper tools that the user can run from a shell. (This is a lot like the way TextMate installs the 'mate' tool.) I'm giving a choice of install locations, but the typical one is going to be /usr/bin, so the app will need to authorize to do that.
    >
    > Reading through the Authorization Services Programming Guide and BetterAuthorizationSample, this all looks really, really complicated. All I need to do is the GUI equivalent of "sudo ditto my_tool /usr/bin" — does this really take pages and pages of code involving AuthorizationRefs and IPC, and either setuid or invoking launchctl?!
    >
    > —Jens
  • Actually I just discovered the listing "Calling A Privileged Installer", which looks like exactly what I want — a page or so of code to run an already-existing system command with root privileges. I think all I need to do is change the command from "id -un" to "ln -s ...".

    Let me know if I'm barking up the wrong tree…

    —Jens
  • Le 14 juin 2012 à 22:39, Jens Alfke a écrit :

    > I've managed to never have to deal with Authorization Services so far in my Cocoa career; until today. Basically I have an app that needs to install some helper tools that the user can run from a shell. (This is a lot like the way TextMate installs the 'mate' tool.) I'm giving a choice of install locations, but the typical one is going to be /usr/bin, so the app will need to authorize to do that.
    >
    > Reading through the Authorization Services Programming Guide and BetterAuthorizationSample, this all looks really, really complicated. All I need to do is the GUI equivalent of "sudo ditto my_tool /usr/bin" — does this really take pages and pages of code involving AuthorizationRefs and IPC, and either setuid or invoking launchctl?!
    >
    > —Jens

    You can ask the Finder to do it using Apple Events. I find it convenient as it takes care of the authorization for you.

    Alternatively, you can use the authopen tool with NSTask to open the file, and then perform the copy yourself (see man authopen). It will also take care of the authorization for you, and will provide a pipe to write in the file.

    -- Jean-Daniel
  • Laurent,

    Thanks so much for the links! For me wrapper packages are by far the best tool for understanding Apple's APIs. I used SSCrypto to learn how to use openSSL.

    On Jun 14, 2012, at 4:56 PM, Laurent Daudelin wrote:

    > Jens,
    >
    > I understand your pain. I didn't want to go through it either and I finally found BLAuthentication which is a Objective-C wrapper class around the Authorization Services. It's a bit outdated but still works fine for me. It's hard to find a copy somewhere but here is a link:
    >
    > http://blog.laurent.etiemble.com/index.php?post/2005/12/05/36
    >
    > -Laurent.
    > --
    > Laurent Daudelin
    > AIM/iChat/Skype:LaurentDaudelin                 http://www.nemesys-soft.com/
    > Logiciels Nemesys Software                    <laurent...>
    >
    > On Jun 14, 2012, at 13:39, Jens Alfke wrote:
    >
    >> I've managed to never have to deal with Authorization Services so far in my Cocoa career; until today. Basically I have an app that needs to install some helper tools that the user can run from a shell. (This is a lot like the way TextMate installs the 'mate' tool.) I'm giving a choice of install locations, but the typical one is going to be /usr/bin, so the app will need to authorize to do that.
    >>
    >> Reading through the Authorization Services Programming Guide and BetterAuthorizationSample, this all looks really, really complicated. All I need to do is the GUI equivalent of "sudo ditto my_tool /usr/bin" — does this really take pages and pages of code involving AuthorizationRefs and IPC, and either setuid or invoking launchctl?!
    >>
    >> —Jens


    Charlie Dickman
    <3tothe4th...>
previous month june 2012 next month
MTWTFSS
        1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28 29 30  
Go to today