This is a shot in the dark but has anyone attempted to add authorization, as in BAS (BetterAuthorizationSample) which is the preferred method suggested by apple? I use “with admin privileges” now of course but have got BAS working in my OBJ-c app and wondered if it were possible in ASOC?
Hmmm, I think I just answered my own question since I realized the calls to Auth API are c functions which I guess I could wrap in OBC-c easy enough. The thing is, I have gone so far with this ASOC version which works great and don’t want to rewrite it all over to the OBJ-c one.
But if anyone has tried this sort of thing I would be interested. BAS is not easy to implement.
I hadn’t seen the sample code Authorization of USBProber before. Nice simple wrapper though. It does seem to use AuthorizationExecuteWithPrivileges which is now deprecated (or strongly urged against. I don’t think “do shell script . with administrator privileges” is deprecated but it does the same thing, bringing up a one time system password prompt. The more approved form is to use the BAS example from apple which goes through setting up helper tools and launchd plist to initiate the root session. Way more complicated.
I do have this working in my OBJ-c app already so I realized I could just use that as the wrapper, passing the shell stuff to it from ASOC side. The trickier part comes in retrieving data back to ASOC, notifications, and the dreaded distributed objects, which I haven’t been able to get working yet.
The simpler approach would be to use suid helper tool to launch rsync (my intended) but that is frowned upon now. though I think that is what SuperDuper still uses.
This all brings up another question: If Apple has deprecated AuthorizationExecuteWithPrivileges as a big security risk, then what about do the “do shell script . with administrator privileges”? Will they scrap that too eventually?
I think there is no worry about AuthorizationExecuteWithPrivileges at the moment,
it’s deprecated in 10.7 but there are a lot of apps with 10.6 or even 10.5 compatibility
Consider that info for of Standard Additions is deprecated since Leopard
but still works in Lion. There are a few other examples of CoreFoundation functions which are
deprecated even since 10.4 and they still work.
BetterAuthorizationSample seams to be outdated because it also uses AuthorizationExecuteWithPrivileges
to install the helper tool.
Apple’s new recommended way with the ServiceManagement.framework (introduced in 10.6) can also use a distributed object via NSConnection and a Mach Service
Yes I just read about this but there seems to be a dearth of information or examples. It seems to be a much easier setup from the description. I am going to try and get Authorization going in my ASOC APP since I can just move the OBJ-c part over from the other app and see what happens. If that works, then I’ll try the new approach too and report back.