|
/* |
|
|
|
authorize - Use Mac OS X Authorization Services to request authorization for a |
|
specified right. |
|
|
|
Copyright (c) 2002-2003 Occam's Razor. All rights reserved. |
|
|
|
See the LICENSE file distributed with this code for restrictions on its use |
|
and further distribution. |
|
Original distribution available at <http://www.occam.com/tools/>. |
|
|
|
$Id$ |
|
|
|
Compile with "cc -framework Security -o authorize authorize.c". |
|
|
|
-- README: |
|
|
|
README FOR authorize |
|
-------------------- |
|
authorize is a tool that demonstrates the use of Mac OS X Authorization |
|
Services. It requests access to a specified right for the user. |
|
|
|
It could be used within a privileged program to confirm access to some |
|
functionality, but there are safer ways to use the Authorization Services API. |
|
And you could use sudo instead. So this is mainly a demonstration program to |
|
illustrate how entries in /etc/authorization work. |
|
|
|
|
|
INSTALLATION |
|
------------ |
|
In the Makefile, set INST_ROOT to wherever you want the software installed. You |
|
may also need to change the INSTALL command, depending on the location and |
|
version of "install" on your system. |
|
|
|
You'll need the Developer Tools installed on your system. |
|
|
|
Then run "make install". |
|
|
|
|
|
USE |
|
--- |
|
Rights are configured in /etc/authorization. You request access to a right by |
|
running "authorize right_name". The result of the request is printed to standard |
|
output as "success" or "failure", and the exit status is set appropriately. |
|
|
|
|
|
PLATFORMS |
|
--------- |
|
authorize has been tested on the following platforms: |
|
|
|
- Mac OS X |
|
- versions 10.2.x |
|
|
|
|
|
CHANGES |
|
------- |
|
You're not required by the license to submit changes back to the source, but I'd |
|
appreciate enhancements of general applicability. You can email new versions or |
|
contextual diffs ("diff -c old_file new_file") to <[email protected]>. Some things |
|
to keep in mind if you do this: |
|
|
|
- Formatting |
|
- I use tabs for indentation, and sometimes to align code |
|
segments for readability. Please do the same. |
|
- Please don't use NotePad or some other Windows editor to make |
|
changes. Or if you do, get rid of the DOS linefeeds |
|
before submitting changes. |
|
- Please try to follow the formatting conventions established |
|
in the existing code. |
|
|
|
- Readability |
|
- Usually, I will trade off efficiency (of running time or of |
|
development time) in favor of readability. |
|
- Insert meaningful comments where appropriate. |
|
|
|
|
|
CONTRIBUTORS |
|
------------ |
|
Leon Towns-von Stauber |
|
|
|
|
|
Enjoy! |
|
|
|
|
|
Copyright (c) 2002-2003. All rights reserved. |
|
|
|
See the LICENSE file distributed with this code for restrictions on its use |
|
and further distribution. |
|
Original distribution available at <http://www.occam.com/tools/>. |
|
|
|
|
|
*/ |
|
|
|
#include <stdlib.h> |
|
#include <Security/Authorization.h> |
|
|
|
int main(int argc, char *argv[]) { |
|
char *commandName = argv[0]; |
|
char *rightName; |
|
|
|
if (argc == 2) |
|
rightName = argv[1]; |
|
else { |
|
fprintf(stderr, "usage: %s authorization_right_name\n", commandName); |
|
exit(EXIT_FAILURE); |
|
} |
|
|
|
OSStatus status; |
|
AuthorizationItem right = { rightName, 0, NULL, 0 }; |
|
AuthorizationRights rightSet = { 1, &right }; |
|
AuthorizationFlags flags = kAuthorizationFlagDefaults | |
|
kAuthorizationFlagExtendRights | |
|
kAuthorizationFlagInteractionAllowed; |
|
|
|
status = AuthorizationCreate(&rightSet, |
|
kAuthorizationEmptyEnvironment, flags, NULL); |
|
|
|
if (status == errAuthorizationSuccess) { |
|
fprintf(stdout, "success\n"); |
|
exit(EXIT_SUCCESS); |
|
} else { |
|
fprintf(stdout, "failure\n"); |
|
exit(EXIT_FAILURE); |
|
} |
|
} |
