The modern way is to use SMJobBless. ;-) Apple is discouraging people from using AuthorizationExecuteWithPrivileges directly. Your scenario sounds like the perfect use case for launchd.
--Kyle Sluder (Sent from the road) On Sep 18, 2011, at 2:27 PM, Tito Ciuro <tci...@mac.com> wrote: > Hi Kyle, > > This is exactly what I've done, except that I'm not using SMJobBless. > > -- Tito > > On Sep 18, 2011, at 2:08 PM, Kyle Sluder wrote: > >> The modern way to do this is to split the server portion into a separate >> process and use SMJobBless to submit it as a privileged launchd task. >> >> --Kyle Sluder >> (Sent from the road) >> >> On Sep 18, 2011, at 9:05 AM, Tito Ciuro <tci...@mac.com> wrote: >> >>> Hello, >>> >>> When my app launches, I'd like it to listen to port 80 or 443. To do that, >>> I believe I need to use Security Framework Authorization API to obtain >>> extended rights. A potential solution is to split the app's executable int >>> two parts: >>> >>> 1) one executable, the main one that first gets launched, obtains extended >>> rights. >>> 2) the app itself, which is the embedded web server. >>> >>> When the user double clicks the app, it would execute (1) with: >>> >>> SFAuthorization *authorization = [SFAuthorization authorization]; >>> BOOL result = [authorization obtainWithRights:NULL >>> >>> flags:kAuthorizationFlagExtendRights >>> environment:NULL >>> authorizedRights:NULL >>> error:&error]; >>> >>> and then use NSTask to launch (2) via: >>> >>> + (NSString *)stringByLaunchingPath:(NSString *)processPath >>> withArguments:(NSArray *)arguments >>> authorization:(SFAuthorization *)authorization >>> error:(NSError **)error; >>> >>> Is this approach the way to go, or is there an easier/better/safer way do >>> to that? >>> >>> Thank you, >>> >>> -- Tito >>> _______________________________________________ >>> >>> Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) >>> >>> Please do not post admin requests or moderator comments to the list. >>> Contact the moderators at cocoa-dev-admins(at)lists.apple.com >>> >>> Help/Unsubscribe/Update your Subscription: >>> http://lists.apple.com/mailman/options/cocoa-dev/kyle.sluder%40gmail.com >>> >>> This email sent to kyle.slu...@gmail.com > _______________________________________________ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
