How to use RunProgrm() with sudo privileg

Mac OSX specific forum
Wolfram
Enthusiast
Enthusiast
Posts: 567
Joined: Thu May 30, 2013 4:39 pm

How to use RunProgrm() with sudo privileg

Post by Wolfram »

How can I use RunProgrm() with sudo privilege?
macOS Catalina 10.15.7
User avatar
mk-soft
Always Here
Always Here
Posts: 5335
Joined: Fri May 12, 2006 6:51 pm
Location: Germany

Re: How to use RunProgrm() with sudo privileg

Post by mk-soft »

A have a same question.

I wont to use run program with #PB_Program_Read 'tcpdump' and 'Nettop' for network diagnostics.
My Projects ThreadToGUI / OOP-BaseClass / EventDesigner V3
PB v3.30 / v5.75 - OS Mac Mini OSX 10.xx - VM Window Pro / Linux Ubuntu
Downloads on my Webspace / OneDrive
Wolfram
Enthusiast
Enthusiast
Posts: 567
Joined: Thu May 30, 2013 4:39 pm

Re: How to use RunProgrm() with sudo privileg

Post by Wolfram »

I found a way, but now I'm nat able to read the program output, because the return of RunProgram() is the the sudo process and not the program itself.

Code: Select all

RunProgram("/usr/bin/sudo",  "prgName " +"parameter", "", #PB_Program_Open | #PB_Program_Read | #PB_Program_Write | #PB_Program_Error)
macOS Catalina 10.15.7
Wolfram
Enthusiast
Enthusiast
Posts: 567
Joined: Thu May 30, 2013 4:39 pm

Re: How to use RunProgrm() with sudo privileg

Post by Wolfram »

But I think the right direction is this.
http://www.purebasic.fr/english/viewtop ... Privileges

I test it on OS X 10.11.

But cautious! This is deprecated in OS X v10.7.
macOS Catalina 10.15.7
wilbert
PureBasic Expert
PureBasic Expert
Posts: 3870
Joined: Sun Aug 08, 2004 5:21 am
Location: Netherlands

Re: How to use RunProgrm() with sudo privileg

Post by wilbert »

When I google the problem, I see mainly suggestions to use AppleScript "with administrator privileges" .
Windows (x64)
Raspberry Pi OS (Arm64)
Wolfram
Enthusiast
Enthusiast
Posts: 567
Joined: Thu May 30, 2013 4:39 pm

Re: How to use RunProgrm() with sudo privileg

Post by Wolfram »

I fixed it by calling the program itself as admin.

Code: Select all


EnableExplicit

; Error codes returned by Authorization API.
Enumeration AuthorizationResult
  #errAuthorizationSuccess                 = 0      ;/* The authorization was successful. */
   #errAuthorizationInvalidSet              = -60001 ;/* The authorization rights are invalid. */
   #errAuthorizationInvalidRef              = -60002 ;/* The authorization reference is invalid. */
   #errAuthorizationInvalidTag              = -60003 ;/* The authorization tag is invalid. */
   #errAuthorizationInvalidPointer          = -60004 ;/* The returned authorization is invalid. */
   #errAuthorizationDenied                  = -60005 ;/* The authorization was denied. */
   #errAuthorizationCanceled                = -60006 ;/* The authorization was cancelled by the user. */
   #errAuthorizationInteractionNotAllowed   = -60007 ;/* The authorization was denied since no user interaction was possible. */
   #errAuthorizationInternal                = -60008 ;/* Unable To obtain authorization For this operation. */
   #errAuthorizationExternalizeNotAllowed    = -60009 ;/* The authorization is Not allowed To be converted To an external format. */
   #errAuthorizationInternalizeNotAllowed    = -60010 ;/* The authorization is Not allowed To be created from an external format. */
   #errAuthorizationInvalidFlags            = -60011 ;/* The provided option flag(s) are invalid For this authorization operation. */
   #errAuthorizationToolExecuteFailure      = -60031 ;/* The specified program could Not be executed. */
   #errAuthorizationToolEnvironmenterror    = -60032 ;/* An invalid status was returned during execution of a privileged tool. */
   #errAuthorizationBadAddress              = -60033 ;/* The requested socket address is invalid (must be 0-1023 inclusive). */
 EndEnumeration
 
 
#kAuthorizationEmptyEnvironment = #Null
#kAuthorizationRightExecute = "system.privilege.admin"
#kAuthorizationFlagDefaults = 0
#kAuthorizationFlagInteractionAllowed	= (1 << 0)
#kAuthorizationFlagPreAuthorize = (1 << 4)
#kAuthorizationFlagExtendRights = (1 << 1)


Structure AuthorizationItem
  name.s ;A zero-terminated string in UTF-8 encoding.
  valueLength.l
  *value       
  flags.l      
EndStructure

Structure AuthorizationRights
  AuthorizationItemSet.l
  *AuthorizationRights
EndStructure

Structure CMD
  parameter1.s
  parameter2.s
  parameter3.s
  parameter4.s
  parameter5.s
  parameter6.s
  parameter7.s
  parameter8.s
  cmd_terminator.i
EndStructure


 
ImportC "/System/Library/Frameworks/Security.framework/Security"
  AuthorizationCreate(rights, environment, flags, *AuthorizationRef)
  AuthorizationExecuteWithPrivileges(AuthorizationRef, cmd, flags, *arguments, file_ptr)
  AuthorizationFree(authRef, flags)
  AuthorizationCopyRights (authorization, *rights, *environment, flags.l, *authorizedRights)
EndImport

Procedure.s UTF8 (in$)
   Protected s.s = Space(Len(in$) / 2)
   PokeS(@s, in$, -1, #PB_UTF8)
   ProcedureReturn s
EndProcedure

If CountProgramParameters() = 0
Define authorizationRef.i, status

status = AuthorizationCreate(#Null, #kAuthorizationEmptyEnvironment,
                             #kAuthorizationFlagDefaults, @authorizationRef);

If (status <> #errAuthorizationSuccess)
  Debug "Error Creating Initial Authorization: " +Str(status)
  
Else
  Debug "OK"
  
  Define right.AuthorizationItem
right\name =#kAuthorizationRightExecute

Define rights.AuthorizationRights
rights\AuthorizationItemSet = 1
rights\AuthorizationRights = @right

Define flags.l
flags = #kAuthorizationFlagDefaults | #kAuthorizationFlagInteractionAllowed | #kAuthorizationFlagPreAuthorize | #kAuthorizationFlagExtendRights

    status = AuthorizationCopyRights(authorizationRef, @rights, #Null, flags, #Null);
    If (status <> #errAuthorizationSuccess)
      Debug "Copy Rights Unsuccessful: " +Str(status);
    EndIf
    
  EndIf
  
  Define tool.string, result

  tool\s = UTF8(ProgramFilename())
  
  Debug tool\s
  Define ArgList.CMD

  ArgList\parameter1 = "1"

  status = AuthorizationExecuteWithPrivileges(authorizationRef, @tool\s,  #kAuthorizationFlagDefaults, @ArgList, #Null);
    

If status <> #errAuthorizationSuccess
  MessageRequester("Error", Str(PeekL(@status)))
EndIf


Else
  
  MessageRequester("Hui", "lets go!")
  ;// here is your main code
  
EndIf

  
macOS Catalina 10.15.7
Wolfram
Enthusiast
Enthusiast
Posts: 567
Joined: Thu May 30, 2013 4:39 pm

Re: How to use RunProgrm() with sudo privileg

Post by Wolfram »

Here is an example to run your app as root with sudo.
The only problem I have is if you use it once you stay logged in for a while, but the PW requester opens every time.

Code: Select all

If CountProgramParameters()= 0
  
  ProgramID = RunProgram("/usr/bin/sudo",  " -S -b " +ProgramFilename() +" 1", "",
                         #PB_Program_Open | #PB_Program_Read | #PB_Program_Write | #PB_Program_Error)
  
           
  While ProgramRunning(ProgramID)
    
     Delay(200)
    If AvailableProgramOutput(ProgramID)
      Debug "x" +ReadProgramString(ProgramID)
    EndIf
    

    ReadErr$ = ReadProgramError(ProgramID)
    
    If ReadErr$ ="Password:Sorry, try again."
      MessageRequester("", "Wrong Password")
      exit =0
    Else
      If exit=1
        Break
      EndIf
      
    EndIf
      
    pw.s =InputRequester("Password Request", "Please enter you Password", "")
    If ProgramRunning(ProgramID)
      WriteProgramStringN(ProgramID, pw)
      exit=1
    EndIf

  Wend

  End
  
Else

  MessageRequester( "Hui", "you got it")
  
EndIf
macOS Catalina 10.15.7
User avatar
mk-soft
Always Here
Always Here
Posts: 5335
Joined: Fri May 12, 2006 6:51 pm
Location: Germany

Re: How to use RunProgrm() with sudo privileg

Post by mk-soft »

So works with X64

Code: Select all

EnableExplicit

; Error codes returned by Authorization API.
Enumeration AuthorizationResult
  #errAuthorizationSuccess                 = 0      ;/* The authorization was successful. */
  #errAuthorizationInvalidSet              = -60001 ;/* The authorization rights are invalid. */
  #errAuthorizationInvalidRef              = -60002 ;/* The authorization reference is invalid. */
  #errAuthorizationInvalidTag              = -60003 ;/* The authorization tag is invalid. */
  #errAuthorizationInvalidPointer          = -60004 ;/* The returned authorization is invalid. */
  #errAuthorizationDenied                  = -60005 ;/* The authorization was denied. */
  #errAuthorizationCanceled                = -60006 ;/* The authorization was cancelled by the user. */
  #errAuthorizationInteractionNotAllowed   = -60007 ;/* The authorization was denied since no user interaction was possible. */
  #errAuthorizationInternal                = -60008 ;/* Unable To obtain authorization For this operation. */
  #errAuthorizationExternalizeNotAllowed   = -60009;/* The authorization is Not allowed To be converted To an external format. */
  #errAuthorizationInternalizeNotAllowed   = -60010;/* The authorization is Not allowed To be created from an external format. */
  #errAuthorizationInvalidFlags            = -60011 ;/* The provided option flag(s) are invalid For this authorization operation. */
  #errAuthorizationToolExecuteFailure      = -60031 ;/* The specified program could Not be executed. */
  #errAuthorizationToolEnvironmenterror    = -60032 ;/* An invalid status was returned during execution of a privileged tool. */
  #errAuthorizationBadAddress              = -60033 ;/* The requested socket address is invalid (must be 0-1023 inclusive). */
EndEnumeration


#kAuthorizationEmptyEnvironment = #Null
#kAuthorizationRightExecute = 0 ; UTF8("system.privilege.admin")
#kAuthorizationFlagDefaults = 0
#kAuthorizationFlagInteractionAllowed   = (1 << 0)
#kAuthorizationFlagPreAuthorize = (1 << 4)
#kAuthorizationFlagExtendRights = (1 << 1)


Structure AuthorizationItem
  *name ;A zero-terminated string in UTF-8 encoding.
  valueLength.i
  *value       
  flags.i      
EndStructure

Structure AuthorizationRights
  AuthorizationItemSet.i
  *AuthorizationRights
EndStructure

Structure CMD
  *parameter1
  *parameter2
  *parameter3
  *parameter4
  *parameter5
  *parameter6
  *parameter7
  *parameter8
  cmd_terminator.i
EndStructure



ImportC "/System/Library/Frameworks/Security.framework/Security"
  AuthorizationCreate(rights, environment, flags, *AuthorizationRef)
  AuthorizationExecuteWithPrivileges(AuthorizationRef, cmd, flags, *arguments, file_ptr)
  AuthorizationFree(authRef, flags)
  AuthorizationCopyRights (authorization, *rights, *environment, flags.l, *authorizedRights)
EndImport

If CountProgramParameters() = 0
  Define authorizationRef.i, status.l
  
  status = AuthorizationCreate(#Null, #kAuthorizationEmptyEnvironment,
                               #kAuthorizationFlagDefaults, @authorizationRef);
  
  If (status <> #errAuthorizationSuccess)
    Debug "Error Creating Initial Authorization: " +Str(status)
  Else
    Debug "OK"
    
    Define right.AuthorizationItem
    right\name = UTF8("system.privilege.admin")
    
    Define rights.AuthorizationRights
    rights\AuthorizationItemSet = 1
    rights\AuthorizationRights = @right
    
    Define flags.i
    flags = #kAuthorizationFlagDefaults | #kAuthorizationFlagInteractionAllowed | #kAuthorizationFlagPreAuthorize | #kAuthorizationFlagExtendRights
    
    status = AuthorizationCopyRights(authorizationRef, @rights, #Null, flags, #Null);
    If (status <> #errAuthorizationSuccess)
      MessageRequester("Error", Str(status))
      End
    EndIf
    
  EndIf
  
  Define *tool, result
  
  *tool = UTF8(ProgramFilename())
  
  Define ArgList.CMD
  
  ArgList\parameter1 = UTF8("supervisor")
  ArgList\parameter2 = UTF8("2017")
  
  status = AuthorizationExecuteWithPrivileges(authorizationRef, *tool,  #kAuthorizationFlagDefaults, @ArgList, #Null);
  
  
  If status <> #errAuthorizationSuccess
    MessageRequester("Error", Str(status))
  EndIf
  
  End
Else
  
  MessageRequester("Hui", "lets go! " + ProgramParameter(0) + #LF$ + ProgramParameter(1))
  ;// here is your main code
  
EndIf
My Projects ThreadToGUI / OOP-BaseClass / EventDesigner V3
PB v3.30 / v5.75 - OS Mac Mini OSX 10.xx - VM Window Pro / Linux Ubuntu
Downloads on my Webspace / OneDrive
Wolfram
Enthusiast
Enthusiast
Posts: 567
Joined: Thu May 30, 2013 4:39 pm

Re: How to use RunProgrm() with sudo privileg

Post by Wolfram »

Hi mk-soft,
my version works also on x64. ..here.

How does you UTF8() Procedure look?
macOS Catalina 10.15.7
User avatar
mk-soft
Always Here
Always Here
Posts: 5335
Joined: Fri May 12, 2006 6:51 pm
Location: Germany

Re: How to use RunProgrm() with sudo privileg

Post by mk-soft »

It´s new on PB v5.60

*Mem = UTF8(String)
*Mem = Ascii(String)
My Projects ThreadToGUI / OOP-BaseClass / EventDesigner V3
PB v3.30 / v5.75 - OS Mac Mini OSX 10.xx - VM Window Pro / Linux Ubuntu
Downloads on my Webspace / OneDrive
Wolfram
Enthusiast
Enthusiast
Posts: 567
Joined: Thu May 30, 2013 4:39 pm

Re: How to use RunProgrm() with sudo privileg

Post by Wolfram »

So it looks like this

Code: Select all

Procedure.i UTF8(in$)
  Protected *buffer =AllocateMemory(Len(in$))
  PokeS(*buffer, in$, -1, #PB_UTF8)
  
   ProcedureReturn *buffer
 EndProcedure
macOS Catalina 10.15.7
User avatar
mk-soft
Always Here
Always Here
Posts: 5335
Joined: Fri May 12, 2006 6:51 pm
Location: Germany

Re: How to use RunProgrm() with sudo privileg

Post by mk-soft »

You have a small bug with size of memory

Update

Code: Select all

CompilerIf #PB_Compiler_Version < 550
  Procedure.i UTF8(in$)
    Protected *buffer = AllocateMemory(StringByteLength(in$, #PB_UTF8)+1)
    PokeS(*buffer, in$, -1, #PB_UTF8)
    ProcedureReturn *buffer
  EndProcedure
  
  Procedure.i Ascii(in$)
    Protected *buffer = AllocateMemory(StringByteLength(in$, #PB_Ascii)+1)
    PokeS(*buffer, in$, -1, #PB_Ascii)
    ProcedureReturn *buffer
  EndProcedure
CompilerEndIf

*mem1 = UTF8("Hello")
*mem2 = Ascii("World")
Debug PeekS(*mem1, -1, #PB_UTF8)
Debug MemorySize(*mem1)
Debug PeekS(*mem2, -1, #PB_Ascii)
Debug MemorySize(*mem2)
FreeMemory(*mem1)
FreeMemory(*mem2)
My Projects ThreadToGUI / OOP-BaseClass / EventDesigner V3
PB v3.30 / v5.75 - OS Mac Mini OSX 10.xx - VM Window Pro / Linux Ubuntu
Downloads on my Webspace / OneDrive
Post Reply