使用高级助手和SMJobBless获得根访问权限
[英]Gaining Root Access w/ Elevated Helper & SMJobBless
问题描述
I'm working on something that needs to install files periodically into a folder in /Library. 
我正在做一些需要定期将文件安装到/ Library中的文件夹中的工作。
I understand that in the past I could have used one of the Authenticate methods but those have since been deprecated in 10.7. 我知道过去我可以使用Authenticate方法中的一种,但自10.7起已弃用。
What I've understood from my reading so far: 从到目前为止的阅读中我了解到的是:
I should create a helper that somehow gets authenticated and have that helper do all of the moving tasks. 我应该创建一个以某种方式通过身份验证的助手,并让该助手执行所有正在执行的任务。 I've taken a look at some of the sample code, including some involving XPC and one called Elevator but I'm a bit confused. 我看了一些示例代码,包括一些涉及XPC和一个称为Elevator的代码,但是我有些困惑。
A lot of it seems to deal with setting up some sort of client / server model but I'm not sure how this would translate into me actually installing my files into the correct directories. 似乎很多事情都与设置某种客户端/服务器模型有关,但是我不确定这将如何将我的文件实际安装到正确的目录中。 Most of the examples are just passing strings. 大多数示例只是传递字符串。
My question simply: How can I create my folder in /Library programmatically and periodically write files to it while only prompting the user for a password ONCE and never again? 我的问题很简单:如何在/ Library中以编程方式创建我的文件夹并定期向其中写入文件,而仅提示用户一次输入密码,而不再提示? I'm really not sure how to approach this and there doesn't seem to be much documentation. 我真的不确定如何解决这个问题,而且似乎没有太多的文档。
1 个解决方案
解决方案1
5 2013-02-25 18:41:13
You are correct that there isn't much documentation for this. 您是正确的,没有太多的文档。 You'll basically write another app, the helper app, which will get installed with SMJobBless(). 您基本上将编写另一个应用程序,即助手应用程序,该应用程序将与SMJobBless()一起安装。 Not surprisingly, the tricky part here is the code signing. 毫不奇怪,这里最棘手的部分是代码签名。 The least obvious part for me was that the SMAuthorizedClients and SMPrivilegedExecutables entries in the info plist files of each app are dependent on the identity/certificate that you used to sign the app with. 对我来说,最不明显的部分是每个应用程序的信息plist文件中的SMAuthorizedClients和SMPrivilegedExecutables条目取决于您用来签署该应用程序的身份/证书。 There is also a trick with the compiler/linker to getting the info plist file compiled into the helper tool, which will be a single executable file, rather than a bundle. 编译器/链接器还有一个技巧,可以将info plist文件编译到帮助器工具中,该文件将是单个可执行文件,而不是捆绑包。
Once you get the helper app up and running then you have to devise a way to communicate with it since these are two different processes. 一旦启动并运行了助手应用程序,则必须设计一种与之通信的方法,因为这是两个不同的过程。 XPC is one option, perhaps the easiest. XPC是一种选择,也许是最简单的选择。 XPC is typically used with server processes, but what you are using here is the communication side of XPC only. XPC通常与服务器进程一起使用,但是您在这里使用的只是XPC的通信端。 Basically it passes dictionaries back and forth between the two apps. 基本上,它在两个应用程序之间来回传递字典。 Create a standard format for the dictionary. 为字典创建标准格式。 I used @"action", @"source", and @"destination" with 3 different action values, @"filemove", @"filecopy", and @"makedirectory". 我将@“ action”,@“ source”和@“ destination”与3个不同的动作值一起使用,分别是@“ filemove”,@“ filecopy”和@“ makedirectory”。 Those are the 3 things that my helper app can do and I can easily add more if necessary. 这些是我的助手应用程序可以做的三件事,如有必要,我可以轻松添加更多内容。
The helper app will basically setup the XPC connection and event handler stuff and wait for a connection and commands. 助手应用程序将基本上设置XPC连接和事件处理程序的内容,并等待连接和命令。 The commands will just be a dictionary so you check for the appropriate keys/values and do whatever. 这些命令将只是一个字典,因此您可以检查适当的键/值并执行任何操作。
I can provide more details and code if you need more help, but this question is 9 months old so I don't want to waste time giving you details you've already figured out. 如果您需要更多帮助,我可以提供更多详细信息和代码,但是这个问题已经9个月了,所以我不想浪费时间为您提供已经确定的详细信息。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.