Problem with authorisation

Hi all, hoping you can help me here.

I am building an app that needs to send some root commands via a shell. I have tried two methods for this: the Authorisationshell from MacOSLib and by brute forcing a sudo command in a standard Shell.

Obviously the preferred method for my app would be with the AuthorisationShell as it presents the proper dialog.

However, both of these methods return the following in the console:

11/06/2015 16:31:13.742 sudo[60785]: markoxley : no tty present and no askpass program specified ; TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/usr/sbin/apachectl stop

Have I missed something?

Using the AuthorisationShell, I use code similar to:

if Authorization.AuthorizeAndExecute("/bin/sh", Array("-i")) then
Authorization.WriteLine("sudo apachectl stop")
End If

I get the authorisation dialog presented, but then the command fails and the message in the console appears.

Create a “look-alike” dialog with a password text field
Save the password in a hashed value (I use a memory block for further obfuscation - I leave this up to your ingenuity)
de-Hash the password when passing it to the opening sudo command
Use this mechanism in your code:

  theShell.Execute "echo " + UnhashPassword(mbPassword) + " | sudo -S /usr/bin/true" // That sets up the timed sudo
  theshell.Execute "sudo " + theCommand
  If theShell.ErrorCode <> 0 Then
    // handle Shell ErrorCode
  End If
  theShell.Execute "sudo -K" // clear the sudo timer

BTW - that’s the only way that I’ve successfully gotten a true UID root user command instead of an EUID root command result.

Thanks for the fast response, I’ll give that a try.

Just for completion:
Found, what I think is a better solution…

I create a standard, interactive, Shell and pass the sudo command with the parameters “-u root”, to force it to use root access (this was where I was going wrong). Then when it requests the password, I then use the WriteLine method to send authorise the command.

e.g.

in the DataAvailable event:

Dim s As String = Me.ReadAll() If s.Left(9) = "Password:" Then Me.WriteLine("password") //Obviously the real password is here End If

Can’t believe it took me so long to get to this result :confused:

The problem here is that the password is in the environment longer than with my method.

I seem to recall that the API used by the AuthorizationShell classes has been deprecated.

The other way to do it is via Apple Script… Ideally you don’t want to be responsible for handling the user name or password, this is a security risk, especially if your dialog doesn’t quite match the OS provided dialog; you’ll get some over zealous nuts going wild about your software stealing security information!

do shell script "apachectl stop" with administrator privileges