2012-07-16 76 views
0

我试图创建一个使用SMJobBless复制文件的授权,但我无法让它工作。助手应用程序已成功授权,Job is available!消息出现在[self copyFile]方法之前,但copyFile始终失败。如果有人能够阐明我做错了什么,或者提供了如何使这项工作非常好的例子。Objective-C,授权无法执行功能

appDelegate.h

#import <Cocoa/Cocoa.h> 

@interface SMJobBlessAppController : NSObject { 
    IBOutlet NSTextField *_textField; 
} 

- (BOOL)blessHelperWithLabel:(NSString *)label error:(NSError **)error; 
- (void)copyFile; 

@end 

appDelegate.m

#import <ServiceManagement/ServiceManagement.h> 
#import <Security/Authorization.h> 
#import "appDelegate.h" 

@implementation SMJobBlessAppController 
- (void)applicationDidFinishLaunching:(NSNotification *)notification 
{ 
    NSError *error = nil; 
    if (![self blessHelperWithLabel:@"com.apple.bsd.SMJobBlessHelper" error:&error]) { 
     NSLog(@"Something went wrong!"); 
    } else { 
     /* At this point, the job is available. However, this is a very 
     * simple sample, and there is no IPC infrastructure set up to 
     * make it launch-on-demand. You would normally achieve this by 
     * using a Sockets or MachServices dictionary in your launchd.plist. 
     */ 
     NSLog(@"Job is available!"); 

     [self->_textField setHidden:false]; 

     [self copyFile]; 

    } 
} 

- (void)copyFile { 

    NSError *error = nil; 

    NSFileManager *fileManager = [[NSFileManager alloc] init]; 
    NSString *sourceFile = @"~/path/to/file.txt"; 
    NSString *destFile = @"~/Library/Application Support/myApp/file.txt"; 

    if ([fileManager copyItemAtPath:sourceFile toPath:destFile error:&error] == YES) { 
     NSLog (@"[FILE] Copied."); 
     // NSLog (@"Copy successful"); 
    } else { 
     NSLog (@"[FILE] Copy failed."); 
     NSLog (@" %@ %@",sourceFile, destFile); 
     // NSLog (@"Copy failed"); 
    } 

    [fileManager release]; 

    return; 
} 

- (BOOL)blessHelperWithLabel:(NSString *)label error:(NSError **)error; 
{ 
    BOOL result = NO; 

    AuthorizationItem authItem  = { kSMRightBlessPrivilegedHelper, 0, NULL, 0 }; 
    AuthorizationRights authRights = { 1, &authItem }; 
    AuthorizationFlags flags  = kAuthorizationFlagDefaults    | 
             kAuthorizationFlagInteractionAllowed | 
             kAuthorizationFlagPreAuthorize   | 
             kAuthorizationFlagExtendRights; 

    AuthorizationRef authRef = NULL; 

    /* Obtain the right to install privileged helper tools (kSMRightBlessPrivilegedHelper). */ 
    OSStatus status = AuthorizationCreate(&authRights, kAuthorizationEmptyEnvironment, flags, &authRef); 
    if (status != errAuthorizationSuccess) { 
     NSLog(@"Failed to create AuthorizationRef, return code %i", status); 
    } else { 
     /* This does all the work of verifying the helper tool against the application 
     * and vice-versa. Once verification has passed, the embedded launchd.plist 
     * is extracted and placed in /Library/LaunchDaemons and then loaded. The 
     * executable is placed in /Library/PrivilegedHelperTools. 
     */ 
     result = SMJobBless(kSMDomainSystemLaunchd, (CFStringRef)label, authRef, (CFErrorRef *)error); 
    } 

    return result; 
} 
@end 

回答

1

你完全缺失的SMJobBless点。它不会神奇地让你的当前应用程序能够做特权的事情。相反,它会安装并运行一个单独的帮助工具,该工具允许执行特权事件,但不应该做任何其他事情(尽可能少)。

您需要将copyFile中的代码移动到the main function in SMJobBlessHelper.c。 (因为这是一个C文件,你必须用C重写它 - 也许使用CoreFoundation - 或者你必须改变工具来使用Objective-C。没有人说这很容易。)

+0

我认为这更多的是一个不完全知道如何或为什么如此困难的例子。我在任何地方都找不到答案,这些答案能够让我们知道如何使用提升的权限复制文件。我创建了很多(.pkg)安装程序包,显然需要授权,而且非常简单 - 为什么这应该与以前有所不同? – 2012-07-17 01:24:29

+0

您如何看待安装程序系统实际上复制文件?这不是魔术 - 它内部的代码与你想要做的事很相似。这不是一项根本简单的操作,只是您习惯于为您完成所有工作的系统。 – 2012-07-17 01:35:40

+0

我发布了这个问题,所以也许有人可以帮我弄清楚它是如何完成的,或者至少指导我一些有用的东西。显然你比评判我更看重帮助。 – 2012-07-17 03:28:35