In my Cocoa application, I need to write plist to a privileged place, so I was looking for a security structure. I have the code below, which seems to pop up a dialog box asking me to enter the administrator password correctly, and I see how I click the βsuccessβ block. However, I am missing two parts:
- How to execute writeToUrl: atomically: with these privileges elevated?
- How to return private users to what the user originally had?
Here's the method I'm using:
- (void)writePreferences:(NSDictionary *)prefs url:(NSURL *)url { AuthorizationRef auth = NULL; OSStatus authResult = AuthorizationCreate(NULL, kAuthorizationEmptyEnvironment, kAuthorizationFlagDefaults, &auth); if (errAuthorizationSuccess != authResult) { NSLog(@"couldn't create authorization object, error %d", authResult); exit(-1); } @try { AuthorizationItem item; item.name = "com.gargoylesoft.FolderWatch.writePrefs"; item.valueLength = 0; item.value = NULL; item.flags = 0; AuthorizationRights requestedRights; requestedRights.count = 1; requestedRights.items = &item; AuthorizationRights *grantedRights = NULL; authResult = AuthorizationCopyRights(auth, &requestedRights, kAuthorizationEmptyEnvironment, kAuthorizationFlagExtendRights | kAuthorizationFlagInteractionAllowed, &grantedRights); if (authResult == errAuthorizationSuccess) { [prefs writeToURL:url atomically:YES]; } AuthorizationFreeItemSet(grantedRights); } @finally { AuthorizationFree(auth, kAuthorizationFlagDefaults); } }
source share