OLD | NEW |
| (Empty) |
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #ifndef CHROME_BROWSER_MAC_AUTHORIZATION_UTIL_H_ | |
6 #define CHROME_BROWSER_MAC_AUTHORIZATION_UTIL_H_ | |
7 #pragma once | |
8 | |
9 // AuthorizationExecuteWithPrivileges fork()s and exec()s the tool, but it | |
10 // does not wait() for it. It also doesn't provide the caller with access to | |
11 // the forked pid. If used irresponsibly, zombie processes will accumulate. | |
12 // | |
13 // Apple's really gotten us between a rock and a hard place, here. | |
14 // | |
15 // Fortunately, AuthorizationExecuteWithPrivileges does give access to the | |
16 // tool's stdout (and stdin) via a FILE* pipe. The tool can output its pid | |
17 // to this pipe, and the main program can read it, and then have something | |
18 // that it can wait() for. | |
19 // | |
20 // The contract is that any tool executed by the wrappers declared in this | |
21 // file must print its pid to stdout on a line by itself before doing anything | |
22 // else. | |
23 // | |
24 // http://developer.apple.com/library/mac/#samplecode/BetterAuthorizationSample/
Listings/BetterAuthorizationSampleLib_c.html | |
25 // (Look for "What's This About Zombies?") | |
26 | |
27 #include <CoreFoundation/CoreFoundation.h> | |
28 #include <Security/Authorization.h> | |
29 #include <stdio.h> | |
30 #include <sys/types.h> | |
31 | |
32 namespace authorization_util { | |
33 | |
34 // Obtains an AuthorizationRef that can be used to run commands as root. If | |
35 // necessary, prompts the user for authentication. If the user is prompted, | |
36 // |prompt| will be used as the prompt string and an icon appropriate for the | |
37 // application will be displayed in a prompt dialog. Note that the system | |
38 // appends its own text to the prompt string. Returns NULL on failure. | |
39 AuthorizationRef AuthorizationCreateToRunAsRoot(CFStringRef prompt); | |
40 | |
41 // Calls straight through to AuthorizationExecuteWithPrivileges. If that | |
42 // call succeeds, |pid| will be set to the pid of the executed tool. If the | |
43 // pid can't be determined, |pid| will be set to -1. |pid| must not be NULL. | |
44 // |pipe| may be NULL, but the tool will always be executed with a pipe in | |
45 // order to read the pid from its stdout. | |
46 OSStatus ExecuteWithPrivilegesAndGetPID(AuthorizationRef authorization, | |
47 const char* tool_path, | |
48 AuthorizationFlags options, | |
49 const char** arguments, | |
50 FILE** pipe, | |
51 pid_t* pid); | |
52 | |
53 // Calls ExecuteWithPrivilegesAndGetPID, and if that call succeeds, calls | |
54 // waitpid() to wait for the process to exit. If waitpid() succeeds, the | |
55 // exit status is placed in |exit_status|, otherwise, -1 is stored. | |
56 // |exit_status| may be NULL and this function will still wait for the process | |
57 // to exit. | |
58 OSStatus ExecuteWithPrivilegesAndWait(AuthorizationRef authorization, | |
59 const char* tool_path, | |
60 AuthorizationFlags options, | |
61 const char** arguments, | |
62 FILE** pipe, | |
63 int* exit_status); | |
64 | |
65 } // namespace authorization_util | |
66 | |
67 #endif // CHROME_BROWSER_MAC_AUTHORIZATION_UTIL_H_ | |
OLD | NEW |