Cocoa mail archive
execute binary with root privileges
FROM : Lukas Meyer
DATE : Fri Apr 01 20:37:53 2005
Hi List,
I want to start a binary that needs root privileges with objective C
using the Apple Security Framework. I tried out the example from the
apple reference starting the binary /usr/bin/id which successfuly shows
id 0 for root. Now i changed the binary Path to /sbin/route with some
arguments, that adds a specific route. But there the Output of this
command sais: route: must be root to alter routing table. So my
question is, why it executes the id binary as root and why the other
one not?
Attached is my code, that I'm using.
int read (long,StringPtr,int);
int write (long,StringPtr,int);
char* args[12];
unsigned int i = 0;
OSStatus myStatus;
AuthorizationFlags myFlags = kAuthorizationFlagDefaults;
AuthorizationRef myAuthorizationRef;
myStatus = AuthorizationCreate(NULL, kAuthorizationEmptyEnvironment,
myFlags, &myAuthorizationRef);
if (myStatus != errAuthorizationSuccess)
return myStatus;
do
{
{
AuthorizationItem myItems = {kAuthorizationRightExecute, 0,
NULL, 0};
AuthorizationRights myRights = {1, &myItems};
myFlags = kAuthorizationFlagDefaults |
kAuthorizationFlagInteractionAllowed |
kAuthorizationFlagPreAuthorize |
kAuthorizationFlagExtendRights;
myStatus = AuthorizationCopyRights (myAuthorizationRef, &myRights,
NULL, myFlags, NULL );
}
if (myStatus != errAuthorizationSuccess) break;
{
NSArray *arguments = [NSArray arrayWithObjects: @"add", @"-net",
@"0.0.0.0", @"10.8.0.41", @"0.0.0.0", nil];
while( i < [arguments count] && i < 50) {
args[i] = (char*)[[arguments objectAtIndex:i] cString];
i++;
}
args[i] = NULL;
char myToolPath[] = "/sbin/route";
char *myArguments[] = { "add", "-net", "0.0.0.0", "10.8.0.41",
"0.0.0.0", NULL };
FILE *myCommunicationsPipe = NULL;
char myReadBuffer[128];
myFlags = kAuthorizationFlagDefaults;
myStatus = AuthorizationExecuteWithPrivileges
(myAuthorizationRef, myToolPath, myFlags, 0,
&myCommunicationsPipe);
if (myStatus == errAuthorizationSuccess)
for(;;)
{
int bytesRead = read (fileno (myCommunicationsPipe),
myReadBuffer, sizeof (myReadBuffer));
if (bytesRead < 1) break;
write (fileno (stdout), myReadBuffer, bytesRead);
}
}
} while (0);
AuthorizationFree (myAuthorizationRef, kAuthorizationFlagDefaults);
if (myStatus) printf("Status: %ld\n", myStatus);
return myStatus;
best regards,
Lukas
DATE : Fri Apr 01 20:37:53 2005
Hi List,
I want to start a binary that needs root privileges with objective C
using the Apple Security Framework. I tried out the example from the
apple reference starting the binary /usr/bin/id which successfuly shows
id 0 for root. Now i changed the binary Path to /sbin/route with some
arguments, that adds a specific route. But there the Output of this
command sais: route: must be root to alter routing table. So my
question is, why it executes the id binary as root and why the other
one not?
Attached is my code, that I'm using.
int read (long,StringPtr,int);
int write (long,StringPtr,int);
char* args[12];
unsigned int i = 0;
OSStatus myStatus;
AuthorizationFlags myFlags = kAuthorizationFlagDefaults;
AuthorizationRef myAuthorizationRef;
myStatus = AuthorizationCreate(NULL, kAuthorizationEmptyEnvironment,
myFlags, &myAuthorizationRef);
if (myStatus != errAuthorizationSuccess)
return myStatus;
do
{
{
AuthorizationItem myItems = {kAuthorizationRightExecute, 0,
NULL, 0};
AuthorizationRights myRights = {1, &myItems};
myFlags = kAuthorizationFlagDefaults |
kAuthorizationFlagInteractionAllowed |
kAuthorizationFlagPreAuthorize |
kAuthorizationFlagExtendRights;
myStatus = AuthorizationCopyRights (myAuthorizationRef, &myRights,
NULL, myFlags, NULL );
}
if (myStatus != errAuthorizationSuccess) break;
{
NSArray *arguments = [NSArray arrayWithObjects: @"add", @"-net",
@"0.0.0.0", @"10.8.0.41", @"0.0.0.0", nil];
while( i < [arguments count] && i < 50) {
args[i] = (char*)[[arguments objectAtIndex:i] cString];
i++;
}
args[i] = NULL;
char myToolPath[] = "/sbin/route";
char *myArguments[] = { "add", "-net", "0.0.0.0", "10.8.0.41",
"0.0.0.0", NULL };
FILE *myCommunicationsPipe = NULL;
char myReadBuffer[128];
myFlags = kAuthorizationFlagDefaults;
myStatus = AuthorizationExecuteWithPrivileges
(myAuthorizationRef, myToolPath, myFlags, 0,
&myCommunicationsPipe);
if (myStatus == errAuthorizationSuccess)
for(;;)
{
int bytesRead = read (fileno (myCommunicationsPipe),
myReadBuffer, sizeof (myReadBuffer));
if (bytesRead < 1) break;
write (fileno (stdout), myReadBuffer, bytesRead);
}
}
} while (0);
AuthorizationFree (myAuthorizationRef, kAuthorizationFlagDefaults);
if (myStatus) printf("Status: %ld\n", myStatus);
return myStatus;
best regards,
Lukas
| Related mails | Author | Date |
|---|---|---|
| No related mails found. | ||
