1 // Copyright 2012 The Chromium Authors 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef BASE_MAC_AUTHORIZATION_UTIL_H_ 6 #define BASE_MAC_AUTHORIZATION_UTIL_H_ 7 8 // AuthorizationExecuteWithPrivileges fork()s and exec()s the tool, but it 9 // does not wait() for it. It also doesn't provide the caller with access to 10 // the forked pid. If used irresponsibly, zombie processes will accumulate. 11 // 12 // Apple's really gotten us between a rock and a hard place, here. 13 // 14 // Fortunately, AuthorizationExecuteWithPrivileges does give access to the 15 // tool's stdout (and stdin) via a FILE* pipe. The tool can output its pid 16 // to this pipe, and the main program can read it, and then have something 17 // that it can wait() for. 18 // 19 // The contract is that any tool executed by the wrappers declared in this 20 // file must print its pid to stdout on a line by itself before doing anything 21 // else. 22 // 23 // http://developer.apple.com/library/mac/#samplecode/BetterAuthorizationSample/Listings/BetterAuthorizationSampleLib_c.html 24 // (Look for "What's This About Zombies?") 25 26 #include <CoreFoundation/CoreFoundation.h> 27 #include <Security/Authorization.h> 28 #include <stdio.h> 29 #include <sys/types.h> 30 31 #include "base/base_export.h" 32 #include "base/mac/scoped_authorizationref.h" 33 34 namespace base::mac { 35 36 // Creates an authorization with empty environment and default flags. Returns 37 // null on failure. 38 BASE_EXPORT ScopedAuthorizationRef CreateAuthorization(); 39 40 // Obtains an AuthorizationRef for the rights indicated by |rights|. If 41 // necessary, prompts the user for authentication. If the user is prompted, 42 // |prompt| will be used as the prompt string and an icon appropriate for the 43 // application will be displayed in a prompt dialog. Note that the system 44 // appends its own text to the prompt string. |extra_flags| will be ORed 45 // together with the default flags. Returns null on failure. 46 BASE_EXPORT ScopedAuthorizationRef 47 GetAuthorizationRightsWithPrompt(AuthorizationRights* rights, 48 CFStringRef prompt, 49 AuthorizationFlags extra_flags); 50 51 // Obtains an AuthorizationRef (using |GetAuthorizationRightsWithPrompt|) that 52 // can be used to run commands as root. 53 BASE_EXPORT ScopedAuthorizationRef 54 AuthorizationCreateToRunAsRoot(CFStringRef prompt); 55 56 // Calls straight through to AuthorizationExecuteWithPrivileges. If that 57 // call succeeds, |pid| will be set to the pid of the executed tool. If the 58 // pid can't be determined, |pid| will be set to -1. |pid| must not be NULL. 59 // |pipe| may be NULL, but the tool will always be executed with a pipe in 60 // order to read the pid from its stdout. 61 BASE_EXPORT OSStatus 62 ExecuteWithPrivilegesAndGetPID(AuthorizationRef authorization, 63 const char* tool_path, 64 AuthorizationFlags options, 65 const char** arguments, 66 FILE** pipe, 67 pid_t* pid); 68 69 // Calls ExecuteWithPrivilegesAndGetPID, and if that call succeeds, calls 70 // waitpid() to wait for the process to exit. If waitpid() succeeds, the 71 // exit status is placed in |exit_status|, otherwise, -1 is stored. 72 // |exit_status| may be NULL and this function will still wait for the process 73 // to exit. 74 BASE_EXPORT OSStatus 75 ExecuteWithPrivilegesAndWait(AuthorizationRef authorization, 76 const char* tool_path, 77 AuthorizationFlags options, 78 const char** arguments, 79 FILE** pipe, 80 int* exit_status); 81 82 } // namespace base::mac 83 84 #endif // BASE_MAC_AUTHORIZATION_UTIL_H_ 85