OLD | NEW |
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef CHROME_BROWSER_MAC_AUTHORIZATION_UTIL_H_ | 5 #ifndef BASE_MAC_AUTHORIZATION_UTIL_H_ |
6 #define CHROME_BROWSER_MAC_AUTHORIZATION_UTIL_H_ | 6 #define BASE_MAC_AUTHORIZATION_UTIL_H_ |
7 #pragma once | 7 #pragma once |
8 | 8 |
9 // AuthorizationExecuteWithPrivileges fork()s and exec()s the tool, but it | 9 // AuthorizationExecuteWithPrivileges fork()s and exec()s the tool, but it |
10 // does not wait() for it. It also doesn't provide the caller with access to | 10 // does not wait() for it. It also doesn't provide the caller with access to |
11 // the forked pid. If used irresponsibly, zombie processes will accumulate. | 11 // the forked pid. If used irresponsibly, zombie processes will accumulate. |
12 // | 12 // |
13 // Apple's really gotten us between a rock and a hard place, here. | 13 // Apple's really gotten us between a rock and a hard place, here. |
14 // | 14 // |
15 // Fortunately, AuthorizationExecuteWithPrivileges does give access to the | 15 // Fortunately, AuthorizationExecuteWithPrivileges does give access to the |
16 // tool's stdout (and stdin) via a FILE* pipe. The tool can output its pid | 16 // tool's stdout (and stdin) via a FILE* pipe. The tool can output its pid |
17 // to this pipe, and the main program can read it, and then have something | 17 // to this pipe, and the main program can read it, and then have something |
18 // that it can wait() for. | 18 // that it can wait() for. |
19 // | 19 // |
20 // The contract is that any tool executed by the wrappers declared in this | 20 // The contract is that any tool executed by the wrappers declared in this |
21 // file must print its pid to stdout on a line by itself before doing anything | 21 // file must print its pid to stdout on a line by itself before doing anything |
22 // else. | 22 // else. |
23 // | 23 // |
24 // http://developer.apple.com/library/mac/#samplecode/BetterAuthorizationSample/
Listings/BetterAuthorizationSampleLib_c.html | 24 // http://developer.apple.com/library/mac/#samplecode/BetterAuthorizationSample/
Listings/BetterAuthorizationSampleLib_c.html |
25 // (Look for "What's This About Zombies?") | 25 // (Look for "What's This About Zombies?") |
26 | 26 |
27 #include <CoreFoundation/CoreFoundation.h> | 27 #include <CoreFoundation/CoreFoundation.h> |
28 #include <Security/Authorization.h> | 28 #include <Security/Authorization.h> |
29 #include <stdio.h> | 29 #include <stdio.h> |
30 #include <sys/types.h> | 30 #include <sys/types.h> |
31 | 31 |
32 namespace authorization_util { | 32 namespace base { |
| 33 namespace mac { |
33 | 34 |
34 // Obtains an AuthorizationRef that can be used to run commands as root. If | 35 // Obtains an AuthorizationRef that can be used to run commands as root. If |
35 // necessary, prompts the user for authentication. If the user is prompted, | 36 // necessary, prompts the user for authentication. If the user is prompted, |
36 // |prompt| will be used as the prompt string and an icon appropriate for the | 37 // |prompt| will be used as the prompt string and an icon appropriate for the |
37 // application will be displayed in a prompt dialog. Note that the system | 38 // application will be displayed in a prompt dialog. Note that the system |
38 // appends its own text to the prompt string. Returns NULL on failure. | 39 // appends its own text to the prompt string. Returns NULL on failure. |
39 AuthorizationRef AuthorizationCreateToRunAsRoot(CFStringRef prompt); | 40 AuthorizationRef AuthorizationCreateToRunAsRoot(CFStringRef prompt); |
40 | 41 |
41 // Calls straight through to AuthorizationExecuteWithPrivileges. If that | 42 // Calls straight through to AuthorizationExecuteWithPrivileges. If that |
42 // call succeeds, |pid| will be set to the pid of the executed tool. If the | 43 // call succeeds, |pid| will be set to the pid of the executed tool. If the |
(...skipping 12 matching lines...) Expand all Loading... |
55 // exit status is placed in |exit_status|, otherwise, -1 is stored. | 56 // exit status is placed in |exit_status|, otherwise, -1 is stored. |
56 // |exit_status| may be NULL and this function will still wait for the process | 57 // |exit_status| may be NULL and this function will still wait for the process |
57 // to exit. | 58 // to exit. |
58 OSStatus ExecuteWithPrivilegesAndWait(AuthorizationRef authorization, | 59 OSStatus ExecuteWithPrivilegesAndWait(AuthorizationRef authorization, |
59 const char* tool_path, | 60 const char* tool_path, |
60 AuthorizationFlags options, | 61 AuthorizationFlags options, |
61 const char** arguments, | 62 const char** arguments, |
62 FILE** pipe, | 63 FILE** pipe, |
63 int* exit_status); | 64 int* exit_status); |
64 | 65 |
65 } // namespace authorization_util | 66 } // namespace mac |
| 67 } // namespace base |
66 | 68 |
67 #endif // CHROME_BROWSER_MAC_AUTHORIZATION_UTIL_H_ | 69 #endif // BASE_MAC_AUTHORIZATION_UTIL_H_ |
OLD | NEW |