Home | History | Annotate | Download | only in cocoa 
      1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #ifndef CHROME_BROWSER_COCOA_AUTHORIZATION_UTIL_H_
      6 #define CHROME_BROWSER_COCOA_AUTHORIZATION_UTIL_H_
      7 #pragma once
      8 
      9 // AuthorizationExecuteWithPrivileges fork()s and exec()s the tool, but it
     10 // does not wait() for it.  It also doesn't provide the caller with access to
     11 // the forked pid.  If used irresponsibly, zombie processes will accumulate.
     12 //
     13 // Apple's really gotten us between a rock and a hard place, here.
     14 //
     15 // Fortunately, AuthorizationExecuteWithPrivileges does give access to the
     16 // tool's stdout (and stdin) via a FILE* pipe.  The tool can output its pid
     17 // to this pipe, and the main program can read it, and then have something
     18 // that it can wait() for.
     19 //
     20 // The contract is that any tool executed by the wrappers declared in this
     21 // file must print its pid to stdout on a line by itself before doing anything
     22 // else.
     23 //
     24 // http://developer.apple.com/library/mac/#samplecode/BetterAuthorizationSample/Listings/BetterAuthorizationSampleLib_c.html
     25 // (Look for "What's This About Zombies?")
     26 
     27 #include <CoreFoundation/CoreFoundation.h>
     28 #include <Security/Authorization.h>
     29 #include <stdio.h>
     30 #include <sys/types.h>
     31 
     32 namespace authorization_util {
     33 
     34 // Obtains an AuthorizationRef that can be used to run commands as root.  If
     35 // necessary, prompts the user for authentication.  If the user is prompted,
     36 // |prompt| will be used as the prompt string and an icon appropriate for the
     37 // application will be displayed in a prompt dialog.  Note that the system
     38 // appends its own text to the prompt string.  Returns NULL on failure.
     39 AuthorizationRef AuthorizationCreateToRunAsRoot(CFStringRef prompt);
     40 
     41 // Calls straight through to AuthorizationExecuteWithPrivileges.  If that
     42 // call succeeds, |pid| will be set to the pid of the executed tool.  If the
     43 // pid can't be determined, |pid| will be set to -1.  |pid| must not be NULL.
     44 // |pipe| may be NULL, but the tool will always be executed with a pipe in
     45 // order to read the pid from its stdout.
     46 OSStatus ExecuteWithPrivilegesAndGetPID(AuthorizationRef authorization,
     47                                         const char* tool_path,
     48                                         AuthorizationFlags options,
     49                                         const char** arguments,
     50                                         FILE** pipe,
     51                                         pid_t* pid);
     52 
     53 // Calls ExecuteWithPrivilegesAndGetPID, and if that call succeeds, calls
     54 // waitpid() to wait for the process to exit.  If waitpid() succeeds, the
     55 // exit status is placed in |exit_status|, otherwise, -1 is stored.
     56 // |exit_status| may be NULL and this function will still wait for the process
     57 // to exit.
     58 OSStatus ExecuteWithPrivilegesAndWait(AuthorizationRef authorization,
     59                                       const char* tool_path,
     60                                       AuthorizationFlags options,
     61                                       const char** arguments,
     62                                       FILE** pipe,
     63                                       int* exit_status);
     64 
     65 }  // namespace authorization_util
     66 
     67 #endif  // CHROME_BROWSER_COCOA_AUTHORIZATION_UTIL_H_
     68