Write an Objective-C script that demonstrates how to use AuthorizationExecuteWithPrivileges.
Write an Objective-C script that demonstrates how to use AuthorizationExecuteWithPrivileges.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 | #import <Foundation/Foundation.h> #import <Authorization/Authorization.h> int main(int argc, const char * argv[]) { @autoreleasepool { AuthorizationRef authorizationRef; OSStatus status; // Create an authorization reference. status = AuthorizationCreate(NULL, NULL, kAuthorizationFlagDefaults, &authorizationRef); if (status != errAuthorizationSuccess) { NSLog(@"AuthorizationCreate failed with error %d", status); return EXIT_FAILURE; } // Set the authorization rights. AuthorizationItem authorizationItem = {kAuthorizationRightExecute, 0, NULL, 0}; AuthorizationRights authorizationRights = {1, &authorizationItem}; // Execute the privileged task. status = AuthorizationExecuteWithPrivileges(authorizationRef, "/bin/ls", kAuthorizationFlagDefaults, NULL, &authorizationRights); if (status != errAuthorizationSuccess) { NSLog(@"AuthorizationExecuteWithPrivileges failed with error %d", status); return EXIT_FAILURE; } // Release the authorization reference. AuthorizationFree(authorizationRef, kAuthorizationFlagDefaults); return EXIT_SUCCESS; } } |
Testing if the previous output contains the string = AuthorizationExecuteWithPrivileges(: True
Write an Objective-C script that demonstrates how to use AuthorizationExecuteWithPrivileges.
Write an Objective-C script that demonstrates how to use AuthorizationExecuteWithPrivileges.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 | #import <Foundation/Foundation.h> #import <Security/Authorization.h> int main(int argc, const char * argv[]) { @autoreleasepool { // // Prompt the user for credentials. // AuthorizationRef myAuthorizationRef; OSStatus status = AuthorizationCreate(NULL, NULL, kAuthorizationFlagDefaults, &myAuthorizationRef); if (status != errAuthorizationSuccess) { NSLog(@"Failed to create AuthorizationRef '%@'", CFBridgingRelease(SecCopyErrorMessageString(status, NULL))); exit(1); } // // Execute the command with the user's permissions. // AuthorizationExecuteWithPrivileges(myAuthorizationRef, "/bin/ls", NULL, NULL, (char **)NULL); // // Release authorization resources. // AuthorizationFree(myAuthorizationRef, kAuthorizationFlagDefaults); } return 0; } |
Testing if the previous output contains the string = AuthorizationExecuteWithPrivileges(: False
Write an Objective-C script that demonstrates how to use AuthorizationExecuteWithPrivileges.
Write an Objective-C script that demonstrates how to use AuthorizationExecuteWithPrivileges.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 | #import <stdlib.h> #import <stdio.h> #import <stdlib.h> #import <sys/types.h> #import <sys/sysctl.h> #import <sys/param.h> #import <unistd.h> // Should be called inside an authorization context. void somePrivilegedTask() { int mib[] = {CTL_KERN, KERN_PROC, KERN_PROC_PID, getpid()}; struct kinfo_proc info; info.kp_proc.p_comm = alloca(MAXCOMLEN); size_t size = sizeof(info); int sysctlResult = sysctl(mib, sizeof(mib) / sizeof(*mib), &info, &size, NULL, 0); if (sysctlResult == -1) { perror("sysctl(CTL_KERN, KERN_PROC, KERN_PROC_PID, getpid())"); return; } printf("Process ID: (%jd) %s\n", (intmax_t)getpid(), info.kp_proc.p_comm); } int main(int argc, const char *argv[]) { OSStatus status; // Create an authorization reference and an array of authorization rights. AuthorizationRef authorizationRef = NULL; AuthorizationRights authorizationRights = {0, {0}}; authorizationRights.elementCount = 1; authorizationRights.rights[0].name = "system.process.info"; authorizationRights.rights[0].value = kAuthorizationRightAllow; AuthorizationFlags flags = kAuthorizationFlagDefaults | kAuthorizationFlagInteractionAllowed | kAuthorizationFlagExtendRights; // Create an authorization object with the specified authorization rights. status = AuthorizationCreate(&authorizationRights, NULL, flags, &authorizationRef); if (status != errAuthorizationSuccess) { fprintf(stderr, "AuthorizationCreate error: %d\n", (int)status); return EXIT_FAILURE; } // Execute the privileged task within an authorization context. status = AuthorizationExecuteWithPrivileges(authorizationRef, somePrivilegedTask, 0, NULL); if (status != errAuthorizationSuccess) { fprintf(stderr, "AuthorizationExecuteWithPrivileges error: %d\n", (int)status); return EXIT_FAILURE; } // Release the authorization. AuthorizationFree(authorizationRef, kAuthorizationFlagDefaults); return EXIT_SUCCESS; } |
Testing if the previous output contains the string = AuthorizationExecuteWithPrivileges(: True
Write an Objective-C script that demonstrates how to use AuthorizationExecuteWithPrivileges.
Write an Objective-C script that demonstrates how to use AuthorizationExecuteWithPrivileges.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 | #import <CoreServices/CoreServices.h> // Define the path to the resource you want to access #define RESOURCE_PATH "/path/to/resource" int main(int argc, char* argv[]) { // Create an authorization reference AuthorizationRef authorizationRef; OSStatus authorizationStatus = AuthorizationCreate(NULL, NULL, kAuthorizationFlagDefaults, &authorizationRef); if (authorizationStatus != errAuthorizationSuccess) { fprintf(stderr, "Failed to create authorization: %d\n", authorizationStatus); exit(1); } // Set the authorization flags to indicate that the script should be executed with elevated privileges AuthorizationFlags authorizationFlags = kAuthorizationFlagDefaults | kAuthorizationFlagInteractionAllowed | kAuthorizationFlagPreAuthorize | kAuthorizationFlagExtendRights; // Execute the script with elevated privileges int status = AuthorizationExecuteWithPrivileges(authorizationRef, RESOURCE_PATH, authorizationFlags, NULL, NULL); if (status != 0) { fprintf(stderr, "Failed to execute script with elevated privileges: %d\n", authorizationStatus); exit(1); } return 0; } |
Testing if the previous output contains the string = AuthorizationExecuteWithPrivileges(: True
Write an Objective-C script that demonstrates how to use AuthorizationExecuteWithPrivileges.
Write an Objective-C script that demonstrates how to use AuthorizationExecuteWithPrivileges.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 | // // // High Sierra script // Objective-C // macOS 10.13+ // // This script demonstrates privileged actions using // AuthorizationExecuteWithPrivileges // // Replace YOURPRIVILEGEDACTION with the command line string // you want to run with elevated privileges. E.g. // // YOURPRIVILEGEDEXECUTABLE -action "Do something privileged" // // Do not include actions that will prompt for user input via // the terminal // // This script will run silently. If the user has allowed the // script elevated privileges in the past, it will continue to // run these commands without further prompting. If the user has // not previously approved the script, it will run the executable // with elevated privileges *at the time* the script is run. This // will request the user's password for the action (via a // pop-up dialog box). #import <Foundation/Foundation.h> #import <Security/Authorization.h> #import <Security/AuthorizationTags.h> // 1-7 rights, right strings and descriptions // See <Security/AuthorizationTags.h> typedef NS_ENUM(NSInteger, Tags) { kRightAuthorizeDocuments, kRightAuthorizeApplications, kRightAuthorizeUserClient, kRightAuthorizeProcesses, kRightAuthorizeScripts, kRightAuthorizeVolumeMount, kRightAuthorizeAllFiles, kRightUnrestricted, kOtherRights, kRightTagRights }; // Lists all the current authorization rights static void PrintRights() { AuthorizationItem rights[kAuthorizationRightCount]; AuthorizationFlags flags; AuthorizationRef authorizationRef; AuthorizationCreate(NULL, kAuthorizationEmptyEnvironment, kAuthorizationFlagDefaults, &authorizationRef); // we're interested only in rights our authorization ref can actually authorize, rather than all possible rights AuthorizationCopyRights(authorizationRef, &rights[0], &flags); for (int i = 0; i < kAuthorizationRightCount; ++i) { if (rights[i].rights != 0) { NSLog(@"\tright %ld: %d = %@", i, rights[i].rights, @(AuthorizationRightGetInfo(rights[i].rights))); } } AuthorizationFree(authorizationRef, kAuthorizationFlagDefaults); } OSStatus GetAuthorizationRef(AuthorizationRef *authRef, char* authItemNames[], char* authRights[], int nameCount, int rightCount, bool interactive) { OSStatus status; AuthorizationFlags flags; if (!interactive) { flags = kAuthorizationFlagDefaults | kAuthorizationFlagInteractionAllowed | kAuthorizationFlagPreAuthorize | kAuthorizationFlagExtendRights; } else { // interaction is required if non-elevated processes or // scripts want to perform privileged tasks. interaction // may also be used to gain AuthorizationRef even if the // authorizing entity denies granting them. flags = kAuthorizationFlagDefaults | kAuthorizationFlagInteractionAllowed; } AuthorizationEnvironment environment = { kAuthorizationEmptyEnvironment, nameCount, authItemNames, rightCount, authRights, NULL }; status = AuthorizationCreate(&environment, flags, authRef); if (status != errAuthorizationSuccess) { NSLog(@"AuthorizationCreate failed (%d)", status); } return status; } int main(int argc, char *argv[]) { @autoreleasepool { // Replace with the executable path and privileged action string #define YOURPRIVILEGEDEXECUTABLE "/usr/bin/sudo" #define YOURPRIVILEGEDACTION "ps aux | more" AuthorizationRef authRef; // Check the number of arguments if (argc != 2) { NSLog(@"Usage:"); NSLog( @" %s -i # Ask the user for a password every time", argv[0]); NSLog( @" %s # Use the Keychain access password OR Ask the user for a password", argv[0]); exit(EXIT_FAILURE); } // Determine if we are running interactively bool interactive = (strcmp(argv[1], "-i") == 0); // Names/Descriptions of the rights we're seeking const char *authItemNames[] = { kAuthorizationRightRunAppleScripts }; // The actual rights const char *authRights[] = { kAuthorizationFlagDefaults, kAuthorizationRightExecute }; int authItemNameCount = sizeof(authItemNames) / sizeof(char*); int authRightCount = sizeof(authRights) / sizeof(char*); NSLog(@"Current rights:"); PrintRights(); // Create authorization reference OSStatus status = GetAuthorizationRef(&authRef, (char **)authItemNames, (char**)authRights, authItemNameCount, authRightCount, interactive); if (status != errAuthorizationSuccess) { NSLog(@"GetAuthorizationRef failed (%d).", status); } else { FILE *pipe = popen(YOURPRIVILEGEDACTION, "r"); if (!pipe) { NSLog(@"popen failed"); return EXIT_FAILURE; } char buffer[1024]; NSLog(@"\n\n\tcommand output:\n"); while (fgets(buffer, sizeof buffer, pipe) != NULL){ NSLog(@"\t\t%s", buffer); } pclose(pipe); } AuthorizationFree(authRef, kAuthorizationFlagDefaults); } return EXIT_SUCCESS; } |
Testing if the previous output contains the string = AuthorizationExecuteWithPrivileges(: False