显然,截至10.7,AuthorizationExecuteWithPrivileges已被弃用.我收集的信息的一般要点似乎建议使用ServiceManagement.framework的SMJobBless()函数来部署一个助手应用程序.
我的理解是,这需要一个从苹果公司购买的开发人员证书来代码签署我的应用程序和帮助程序,否则这将无法正常工作.它是否正确?
我最初使用AuthorizationExecuteWithPrivileges来请求用户提升权限,因为它们需要访问另一个正在运行的进程.没有这个,我的应用程序不能像非官方的插件一样工作.代码签名方式真的是从这里走的唯一途径?我试图避免购买开发商证书,因为它的成本很高.
解决方法
@CarlosP’s answer与代码逃脱路径&参数:
- (BOOL)runProcessAsAdministrator:(NSString*)scriptPath
withArguments:(NSArray*)arguments
output:(NSString**)output
errorDescription:(NSString**)errorDescription {
//Check path.
if (![scriptPath hasPrefix:@"/"]) {
@throw [NSException exceptionWithName:
NSInvalidArgumentException reason:@"Absolute path required." userInfo:nil];
}
//Define script.
static NSAppleScript* appleScript = nil;
if (!appleScript) {
appleScript = [[NSAppleScript alloc] initWithSource:
@"on run commandWithArguments\n"
" activate\n"
" repeat with currentArgument in commandWithArguments\n"
" set contents of currentArgument to quoted form of currentArgument\n"
" end repeat\n"
" set AppleScript's text item delimiters to space\n"
" return do shell script (commandWithArguments as text) with administrator privileges\n"
"end run"];
}
//Set command.
NSAppleEventDescriptor* commandWithArguments = [NSAppleEventDescriptor listDescriptor];
[commandWithArguments insertDescriptor:
[NSAppleEventDescriptor descriptorWithString:scriptPath] atIndex:0];
//Set arguments.
for (NSString* currentArgument in arguments) {
[commandWithArguments insertDescriptor:
[NSAppleEventDescriptor descriptorWithString:currentArgument] atIndex:0];
}
//Create target & event.
ProcessSerialNumber processSerial = {0,kCurrentProcess};
NSAppleEventDescriptor* scriptTarget =
[NSAppleEventDescriptor descriptorWithDescriptorType:typeProcessSerialNumber bytes:&processSerial length:sizeof(ProcessSerialNumber)];
NSAppleEventDescriptor* scriptEvent =
[NSAppleEventDescriptor appleEventWithEventClass:kCoreEventClass
eventID:kAEOpenApplication
targetDescriptor:scriptTarget
returnID:kAutoGenerateReturnID
transactionID:kAnyTransactionID];
[scriptEvent setParamDescriptor:commandWithArguments forKeyword:keyDirectObject];
//Run script.
NSDictionary* errorInfo = [NSDictionary dictionary];
NSAppleEventDescriptor* eventResult = [appleScript executeAppleEvent:scriptEvent error:&errorInfo];
//Success?
if (!eventResult) {
if (errorDescription)
*errorDescription = [errorInfo objectForKey:NSAppleScriptErrorMessage];
return NO;
} else {
if (output)
*output = [eventResult stringValue];
return YES;
}
}
更新
在优胜美地,shell脚本只调用嵌入在StandardAdditions.osax中的AuthorizationExecuteWithPrivileges的version.
可以想象,当AuthorizationExecuteWithPrivileges做到时,shell脚本的管理员权限选项将消失.
就我个人而言,我会直接继续调用AuthorizationExecuteWithPrivileges.
做shell脚本自动具有reaping the process的优势.这需要一个小的extra work与AuthorizationExecuteWithPrivileges.
