Prompt user for admin password in OSX app sandbox

I am writing an application in which I would like the user preferences window to request the administrator password (but never save it) before allowing any changes. Up unitl now I used this piece of code:

OSStatus status; AuthorizationRef authorizationRef; // AuthorizationCreate and pass NULL as the initial // AuthorizationRights set so that the AuthorizationRef gets created // successfully, and then later call AuthorizationCopyRights to // determine or extend the allowable rights. // http://developer.apple.com/qa/qa2001/qa1172.html status = AuthorizationCreate(NULL, kAuthorizationEmptyEnvironment, kAuthorizationFlagDefaults, &authorizationRef); if (status != errAuthorizationSuccess) { NSLog(@"Error Creating Initial Authorization: %d", status); return status; } // kAuthorizationRightExecute == "system.privilege.admin" AuthorizationItem right = {kAuthorizationRightExecute, 0, NULL, 0}; AuthorizationRights rights = {1, &right}; AuthorizationFlags flags = kAuthorizationFlagDefaults | kAuthorizationFlagInteractionAllowed | kAuthorizationFlagPreAuthorize | kAuthorizationFlagExtendRights; // Call AuthorizationCopyRights to determine or extend the allowable rights. status = AuthorizationCopyRights(authorizationRef, &rights, NULL, flags, NULL); if (status != errAuthorizationSuccess) { NSLog(@"Copy Rights Unsuccessful: %d", status); } return status; 

Which worked fine, presenting a standard os password dialog asking for an administrator password. The various controls in the preference item are enabled / disabled according to the returned status . However, now I'm trying to use Sandbox for an application, and this code always returns errAuthorizationDenied . I looked at the document for AuthorizationCopyRights and AuthorizationCreate , but I do not see links to their use in Sandboxed.

I tried variations of AuthorizationFlags flags , but always had the same result. Is there a way to change the above code to work in Sandbox or is it asking for an admin password just no-no these days?

+6
source share
1 answer

I looked at the documents for the sandbox, and a section called Determine if your application is suitable for the sandbox immediately answers your question.

From the documents

The following applications are not compatible with the Sandbox App:

  • Using Authorization Services

Game over.

In fact, I'm not sure what you hope to achieve. Why don't you let the user define their own user preferences for the application?

+10
source

Source: https://habr.com/ru/post/916986/


All Articles