Objective-C,授权无法执行功能
问题描述:
我试图创建一个使用SMJobBless复制文件的授权,但我无法让它工作。助手应用程序已成功授权,Job is available!
消息出现在[self copyFile]
方法之前,但copyFile始终失败。如果有人能够阐明我做错了什么,或者提供了如何使这项工作非常好的例子。Objective-C,授权无法执行功能
appDelegate.h
#import <Cocoa/Cocoa.h>
@interface SMJobBlessAppController : NSObject {
IBOutlet NSTextField *_textField;
}
- (BOOL)blessHelperWithLabel:(NSString *)label error:(NSError **)error;
- (void)copyFile;
@end
appDelegate.m
#import <ServiceManagement/ServiceManagement.h>
#import <Security/Authorization.h>
#import "appDelegate.h"
@implementation SMJobBlessAppController
- (void)applicationDidFinishLaunching:(NSNotification *)notification
{
NSError *error = nil;
if (![self blessHelperWithLabel:@"com.apple.bsd.SMJobBlessHelper" error:&error]) {
NSLog(@"Something went wrong!");
} else {
/* At this point, the job is available. However, this is a very
* simple sample, and there is no IPC infrastructure set up to
* make it launch-on-demand. You would normally achieve this by
* using a Sockets or MachServices dictionary in your launchd.plist.
*/
NSLog(@"Job is available!");
[self->_textField setHidden:false];
[self copyFile];
}
}
- (void)copyFile {
NSError *error = nil;
NSFileManager *fileManager = [[NSFileManager alloc] init];
NSString *sourceFile = @"~/path/to/file.txt";
NSString *destFile = @"~/Library/Application Support/myApp/file.txt";
if ([fileManager copyItemAtPath:sourceFile toPath:destFile error:&error] == YES) {
NSLog (@"[FILE] Copied.");
// NSLog (@"Copy successful");
} else {
NSLog (@"[FILE] Copy failed.");
NSLog (@" %@ %@",sourceFile, destFile);
// NSLog (@"Copy failed");
}
[fileManager release];
return;
}
- (BOOL)blessHelperWithLabel:(NSString *)label error:(NSError **)error;
{
BOOL result = NO;
AuthorizationItem authItem = { kSMRightBlessPrivilegedHelper, 0, NULL, 0 };
AuthorizationRights authRights = { 1, &authItem };
AuthorizationFlags flags = kAuthorizationFlagDefaults |
kAuthorizationFlagInteractionAllowed |
kAuthorizationFlagPreAuthorize |
kAuthorizationFlagExtendRights;
AuthorizationRef authRef = NULL;
/* Obtain the right to install privileged helper tools (kSMRightBlessPrivilegedHelper). */
OSStatus status = AuthorizationCreate(&authRights, kAuthorizationEmptyEnvironment, flags, &authRef);
if (status != errAuthorizationSuccess) {
NSLog(@"Failed to create AuthorizationRef, return code %i", status);
} else {
/* This does all the work of verifying the helper tool against the application
* and vice-versa. Once verification has passed, the embedded launchd.plist
* is extracted and placed in /Library/LaunchDaemons and then loaded. The
* executable is placed in /Library/PrivilegedHelperTools.
*/
result = SMJobBless(kSMDomainSystemLaunchd, (CFStringRef)label, authRef, (CFErrorRef *)error);
}
return result;
}
@end
答
你完全缺失的SMJobBless
点。它不会神奇地让你的当前应用程序能够做特权的事情。相反,它会安装并运行一个单独的帮助工具,该工具允许执行特权事件,但不应该做任何其他事情(尽可能少)。
您需要将copyFile
中的代码移动到the main
function in SMJobBlessHelper.c
。 (因为这是一个C文件,你必须用C重写它 - 也许使用CoreFoundation - 或者你必须改变工具来使用Objective-C。没有人说这很容易。)
我认为这更多的是一个不完全知道如何或为什么如此困难的例子。我在任何地方都找不到答案,这些答案能够让我们知道如何使用提升的权限复制文件。我创建了很多(.pkg)安装程序包,显然需要授权,而且非常简单 - 为什么这应该与以前有所不同? – 2012-07-17 01:24:29
您如何看待安装程序系统实际上复制文件?这不是魔术 - 它内部的代码与你想要做的事很相似。这不是一项根本简单的操作,只是您习惯于为您完成所有工作的系统。 – 2012-07-17 01:35:40
我发布了这个问题,所以也许有人可以帮我弄清楚它是如何完成的,或者至少指导我一些有用的东西。显然你比评判我更看重帮助。 – 2012-07-17 03:28:35