logo标签列表

如何将Root权限添加到我的OSX应用程序?

objective-cmacosrootprivileges
5

我作为根用户制作了一个应用程序,它在根用户下完美运行。当我尝试以标准用户身份运行相同的应用程序时,它无法正常工作。然后我知道我需要root权限来运行该应用程序。我谷歌了几天,但没有找到答案。我阅读了一些问题和苹果文档,它们是-

https://developer.apple.com/library/mac/documentation/Security/Conceptual/authorization_concepts/01introduction/introduction.html

如何将我的应用程序设置为始终在OSX上作为root运行

如何以编程方式获得root权限?

如何在root权限下运行应用程序?

但我仍然没有得到任何东西。还有一件事是我需要创建一个新项目来获得root权限,我是对的吗?如果您有任何可以帮助我的建议,请告诉我。非常欢迎每一个建议。

目前我正在尝试这个-

- (BOOL) runProcessAsAdministrator:(NSString*)scriptPath
                     withArguments:(NSArray *)arguments
                            output:(NSString **)output
                   errorDescription:(NSString **)errorDescription {

    NSString * allArgs = [arguments componentsJoinedByString:@" "];
    NSString * fullScript = [NSString stringWithFormat:@"'%@' %@",  scriptPath, allArgs];

    NSDictionary *errorInfo = [NSDictionary new];
    NSString *script =  [NSString stringWithFormat:@"do shell script \"%@\" with administrator privileges", fullScript];

    NSAppleScript *appleScript = [[NSAppleScript new] initWithSource:script];
    NSAppleEventDescriptor * eventResult = [appleScript executeAndReturnError:&errorInfo];

// Check errorInfo
    if (! eventResult)
    {
    // Describe common errors
        *errorDescription = nil;
        if ([errorInfo valueForKey:NSAppleScriptErrorNumber])
        {
            NSNumber * errorNumber = (NSNumber *)[errorInfo  valueForKey:NSAppleScriptErrorNumber];
            if ([errorNumber intValue] == -128)
            *errorDescription = @"The administrator password is required to     do this.";
        }

    // Set error message from provided message
    if (*errorDescription == nil)
    {
        if ([errorInfo valueForKey:NSAppleScriptErrorMessage])
            *errorDescription =  (NSString *)[errorInfo valueForKey:NSAppleScriptErrorMessage];
    }

    return NO;
}
else
{
    // Set output to the AppleScript's output
    *output = [eventResult stringValue];

    return YES;
}

}

     NSString * output = nil;
NSString * processErrorDescription = nil;
BOOL success = [self runProcessAsAdministrator:@"/usr/bin/id"
                                 withArguments:[NSArray arrayWithObjects:@"-un", nil]
                                        output:&output
                              errorDescription:&processErrorDescription];


if (!success) // Process failed to run
{
    // ...look at errorDescription
}
else
{
[objDisk setFileDescriptor:open(cDriveMountedPath, O_RDONLY)];
//[objDisk setDiskPath:cDriveMountedPath];
}

提前非常感谢。

那些其他的SO答案似乎非常清楚 - 你不想这样做,而且无论如何它都不会正常工作。 - Adam B
我已经编辑了我的问题,请查看。我需要知道如何使用这些特权,我是否需要创建另一个项目来添加根权限?我需要编写脚本吗? - Sahil_Saini
@Sahil_Saini,你有解决方案了吗? - Sawan Cool
@SawanCool 是的,我的朋友,但是使用不同的代码集。 - Sahil_Saini
1个回答
3
我使用这段代码为我的应用程序获取root权限。我创建了一个新项目来使用这段代码。
// Create authorization reference
    OSStatus status;
    AuthorizationRef authorizationRef;

    // AuthorizationCreate and pass NULL as the initial
    // AuthorizationRights set so that the AuthorizationRef gets created
    // successfully, and then later call AuthorizationCopyRights to
    // determine or extend the allowable rights.
    // http://developer.apple.com/qa/qa2001/qa1172.html
    status = AuthorizationCreate(NULL, kAuthorizationEmptyEnvironment,
                                 kAuthorizationFlagDefaults, &authorizationRef);
    if (status != errAuthorizationSuccess)
        NSLog(@"Error Creating Initial Authorization: %d", status);

    // kAuthorizationRightExecute == "system.privilege.admin"
    AuthorizationItem right = {kAuthorizationRightExecute, 0, NULL, 0};
    AuthorizationRights rights = {1, &right};
    AuthorizationFlags flags = kAuthorizationFlagDefaults |
    kAuthorizationFlagInteractionAllowed |
    kAuthorizationFlagPreAuthorize |
    kAuthorizationFlagExtendRights;

    // Call AuthorizationCopyRights to determine or extend the allowable rights.
    status = AuthorizationCopyRights(authorizationRef, &rights, NULL, flags, NULL);
    if (status != errAuthorizationSuccess)
        NSLog(@"Copy Rights Unsuccessful: %d", status);

    NSLog(@"\n\n** %@ **\n\n", @"This command should work.");
    char *tool = "/sbin/dmesg";
    char *args[] = {NULL};
    FILE *pipe = NULL;

    status = AuthorizationExecuteWithPrivileges(authorizationRef, tool,
                                                flags, args, &pipe);
    if (status != errAuthorizationSuccess)
        NSLog(@"Error: %d", status);

    // The only way to guarantee that a credential acquired when you
    // request a right is not shared with other authorization instances is
    // to destroy the credential.  To do so, call the AuthorizationFree
    // function with the flag kAuthorizationFlagDestroyRights.
    // http://developer.apple.com/documentation/Security/Conceptual/authorization_concepts/02authconcepts/chapter_2_section_7.html
    status = AuthorizationFree(authorizationRef, kAuthorizationFlagDestroyRights);
这段代码使用了已弃用的函数,例如 https://developer.apple.com/documentation/security/1540038-authorizationexecutewithprivileg。 - Alex Placet
网页内容由stack overflow 提供, 点击上面的
可以查看英文原文,
原文链接