How to add Root privileges to my OSX application?

2020-02-29 06:08发布

问题:

I made an application as root user, it worked perfectly(in root user). When I try same application with a standard user it didn't work out. Then I get to know that I need root privileges to run the application. I Google for few day but didn't get it. I have read some questions and apple doc. which are-

https://developer.apple.com/library/mac/documentation/Security/Conceptual/authorization_concepts/01introduction/introduction.html

How to set my application to always run as root OSX

How to programmatically gain root privileges?

How to running application under root privilege?

but still I didn't get anything. One more thing I get to know is I need to make a new project to get the root privileges, Am I right? Anything that you can tell me that will help me please do it. Every suggestion is most welcome.

for now I am trying this-

- (BOOL) runProcessAsAdministrator:(NSString*)scriptPath
                     withArguments:(NSArray *)arguments
                            output:(NSString **)output
                   errorDescription:(NSString **)errorDescription {

    NSString * allArgs = [arguments componentsJoinedByString:@" "];
    NSString * fullScript = [NSString stringWithFormat:@"'%@' %@",  scriptPath, allArgs];

    NSDictionary *errorInfo = [NSDictionary new];
    NSString *script =  [NSString stringWithFormat:@"do shell script \"%@\" with administrator privileges", fullScript];

    NSAppleScript *appleScript = [[NSAppleScript new] initWithSource:script];
    NSAppleEventDescriptor * eventResult = [appleScript executeAndReturnError:&errorInfo];

// Check errorInfo
    if (! eventResult)
    {
    // Describe common errors
        *errorDescription = nil;
        if ([errorInfo valueForKey:NSAppleScriptErrorNumber])
        {
            NSNumber * errorNumber = (NSNumber *)[errorInfo  valueForKey:NSAppleScriptErrorNumber];
            if ([errorNumber intValue] == -128)
            *errorDescription = @"The administrator password is required to     do this.";
        }

    // Set error message from provided message
    if (*errorDescription == nil)
    {
        if ([errorInfo valueForKey:NSAppleScriptErrorMessage])
            *errorDescription =  (NSString *)[errorInfo valueForKey:NSAppleScriptErrorMessage];
    }

    return NO;
}
else
{
    // Set output to the AppleScript's output
    *output = [eventResult stringValue];

    return YES;
}

}

     NSString * output = nil;
NSString * processErrorDescription = nil;
BOOL success = [self runProcessAsAdministrator:@"/usr/bin/id"
                                 withArguments:[NSArray arrayWithObjects:@"-un", nil]
                                        output:&output
                              errorDescription:&processErrorDescription];


if (!success) // Process failed to run
{
    // ...look at errorDescription
}
else
{
[objDisk setFileDescriptor:open(cDriveMountedPath, O_RDONLY)];
//[objDisk setDiskPath:cDriveMountedPath];
}

Thanks a lot in advance.

回答1:

I use this code to get the root privilege for my application. I made a new project to use this code.

// Create authorization reference
    OSStatus status;
    AuthorizationRef authorizationRef;

    // AuthorizationCreate and pass NULL as the initial
    // AuthorizationRights set so that the AuthorizationRef gets created
    // successfully, and then later call AuthorizationCopyRights to
    // determine or extend the allowable rights.
    // http://developer.apple.com/qa/qa2001/qa1172.html
    status = AuthorizationCreate(NULL, kAuthorizationEmptyEnvironment,
                                 kAuthorizationFlagDefaults, &authorizationRef);
    if (status != errAuthorizationSuccess)
        NSLog(@"Error Creating Initial Authorization: %d", status);

    // kAuthorizationRightExecute == "system.privilege.admin"
    AuthorizationItem right = {kAuthorizationRightExecute, 0, NULL, 0};
    AuthorizationRights rights = {1, &right};
    AuthorizationFlags flags = kAuthorizationFlagDefaults |
    kAuthorizationFlagInteractionAllowed |
    kAuthorizationFlagPreAuthorize |
    kAuthorizationFlagExtendRights;

    // Call AuthorizationCopyRights to determine or extend the allowable rights.
    status = AuthorizationCopyRights(authorizationRef, &rights, NULL, flags, NULL);
    if (status != errAuthorizationSuccess)
        NSLog(@"Copy Rights Unsuccessful: %d", status);

    NSLog(@"\n\n** %@ **\n\n", @"This command should work.");
    char *tool = "/sbin/dmesg";
    char *args[] = {NULL};
    FILE *pipe = NULL;

    status = AuthorizationExecuteWithPrivileges(authorizationRef, tool,
                                                flags, args, &pipe);
    if (status != errAuthorizationSuccess)
        NSLog(@"Error: %d", status);

    // The only way to guarantee that a credential acquired when you
    // request a right is not shared with other authorization instances is
    // to destroy the credential.  To do so, call the AuthorizationFree
    // function with the flag kAuthorizationFlagDestroyRights.
    // http://developer.apple.com/documentation/Security/Conceptual/authorization_concepts/02authconcepts/chapter_2_section_7.html
    status = AuthorizationFree(authorizationRef, kAuthorizationFlagDestroyRights);