0

我正在尝试创建一个使用 SMJobBless 复制文件的授权,尽管我无法让它工作。帮助应用程序授权成功并且Job is available!消息出现在[self copyFile]方法之前,但是 copyFile 总是失败。如果有人可以阐明我做错了什么或提供如何使这项工作做得很好的例子。

appDelegate.h

#import <Cocoa/Cocoa.h>

@interface SMJobBlessAppController : NSObject {
    IBOutlet NSTextField *_textField;
}

- (BOOL)blessHelperWithLabel:(NSString *)label error:(NSError **)error;
- (void)copyFile;

@end

appDelegate.m

#import <ServiceManagement/ServiceManagement.h>
#import <Security/Authorization.h>
#import "appDelegate.h"

@implementation SMJobBlessAppController
- (void)applicationDidFinishLaunching:(NSNotification *)notification
{
    NSError *error = nil;
    if (![self blessHelperWithLabel:@"com.apple.bsd.SMJobBlessHelper" error:&error]) {
        NSLog(@"Something went wrong!");
    } else {
        /* At this point, the job is available. However, this is a very
         * simple sample, and there is no IPC infrastructure set up to
         * make it launch-on-demand. You would normally achieve this by
         * using a Sockets or MachServices dictionary in your launchd.plist.
         */
        NSLog(@"Job is available!");

        [self->_textField setHidden:false];

        [self copyFile];

    }
}

- (void)copyFile {

    NSError *error = nil;

    NSFileManager *fileManager = [[NSFileManager alloc] init];
    NSString *sourceFile = @"~/path/to/file.txt";
    NSString *destFile = @"~/Library/Application Support/myApp/file.txt";

    if ([fileManager copyItemAtPath:sourceFile toPath:destFile error:&error] == YES) {
        NSLog (@"[FILE] Copied.");
        // NSLog (@"Copy successful");
    } else {
        NSLog (@"[FILE] Copy failed.");
        NSLog (@" %@ %@",sourceFile, destFile);
        // NSLog (@"Copy failed");
    }

    [fileManager release];

    return;
}

- (BOOL)blessHelperWithLabel:(NSString *)label error:(NSError **)error;
{
    BOOL result = NO;

    AuthorizationItem authItem      = { kSMRightBlessPrivilegedHelper, 0, NULL, 0 };
    AuthorizationRights authRights  = { 1, &authItem };
    AuthorizationFlags flags        =   kAuthorizationFlagDefaults              | 
                                        kAuthorizationFlagInteractionAllowed    |
                                        kAuthorizationFlagPreAuthorize          |
                                        kAuthorizationFlagExtendRights;

    AuthorizationRef authRef = NULL;

    /* Obtain the right to install privileged helper tools (kSMRightBlessPrivilegedHelper). */
    OSStatus status = AuthorizationCreate(&authRights, kAuthorizationEmptyEnvironment, flags, &authRef);
    if (status != errAuthorizationSuccess) {
        NSLog(@"Failed to create AuthorizationRef, return code %i", status);
    } else {
        /* This does all the work of verifying the helper tool against the application
         * and vice-versa. Once verification has passed, the embedded launchd.plist
         * is extracted and placed in /Library/LaunchDaemons and then loaded. The
         * executable is placed in /Library/PrivilegedHelperTools.
         */
        result = SMJobBless(kSMDomainSystemLaunchd, (CFStringRef)label, authRef, (CFErrorRef *)error);
    }

    return result;
}
@end
4

1 回答 1

1

你完全错过了SMJobBless. 它不会神奇地使您当前的应用程序能够执行特权操作。相反,它安装并运行一个单独的帮助工具,该工具被允许做特权的事情,但不应该做其他事情(尽可能少)。

您需要copyFile代码main移入SMJobBlessHelper.c. (因为那是一个 C 文件,你必须要么用 C 重写它——也许使用 CoreFoundation——或者你必须改变工具来使用 Objective-C。没人说这很容易。)

于 2012-07-17T00:52:52.780 回答