Run AppleScript with Elevated Privileges from Objective C
Posted
by cygnl7
on Stack Overflow
See other posts from Stack Overflow
or by cygnl7
Published on 2010-04-19T22:00:12Z
Indexed on
2010/04/19
23:03 UTC
Read the original article
Hit count: 354
I'm attempting to execute an uninstaller (written in AppleScript) through AuthorizationExecuteWithPrivileges. I'm setting up my rights after creating an empty auth ref like so:
char *tool = "/usr/bin/osascript";
AuthorizationItem items = {kAuthorizationRightExecute, strlen(tool), tool, 0};
AuthorizationRights rights = {sizeof(items)/sizeof(AuthorizationItem), &items};
AuthorizationFlags flags = kAuthorizationFlagDefaults |
kAuthorizationFlagExtendRights |
kAuthorizationFlagPreAuthorize |
kAuthorizationFlagInteractionAllowed;
status = AuthorizationCopyRights(authorizationRef, &rights, NULL, flags, NULL);
Later I call:
status = AuthorizationExecuteWithPrivileges(authorizationRef, tool, kAuthorizationFlagDefaults, (char *const *)args, NULL);
On Snow Leopard this works fine, but on Leopard I get the following in syslog.log:
Apr 19 15:30:09 hostname /usr/bin/osascript[39226]: OpenScripting.framework - 'gdut' event blocked in process with mixed credentials (issetugid=0 uid=501 euid=0 gid=20 egid=20)
Apr 19 15:30:12: --- last message repeated 1 time ---
...
Apr 19 15:30:12 hostname [0x0-0x2e92e9].com.example.uninstaller[39219]: /var/folders/vm/vmkIi0nYG8mHMrllaXaTgk+++TI/-Tmp-/TestApp_tmpfiles/Uninstall.scpt:
Apr 19 15:30:12 hostname [0x0-0x2e92e9].com.example.uninstaller[39219]: execution error: «constant afdmasup» doesn’t understand the «event earsffdr» message. (-1708)
After researching this for a few hours my first guess is that Leopard somehow doesn't want to do what I'm doing because it knows it's in a setuid situation and blocks calls that ask about user-specific things in the applescript.
Am I going about this all wrong? I just want to run the equivalent of "sudo /usr/bin/osascript ..."
Edit: FWIW, the first line that causes the "execution error" is:
set userAppSupportPath to (POSIX path of (path to application support folder from user domain))
However, even with an empty script (on run argv, end run and that's it) I still get the 'gdut' message.
© Stack Overflow or respective owner