I want to create application that use admin password to run some scripts in bash. For example:
echo **pass** | sudo -S reboot
What is the best way to get it.
I looked this tutorial, and all of what I understood - it is how to run authorization window.
AuthorizationRef authRef= NULL;
AuthorizationItem right = { "com.my.app", 0, NULL, 0 };
AuthorizationRights rightSet = { 1, &right };
OSStatus status;
if (AuthorizationCreate(
NULL,
kAuthorizationEmptyEnvironment,
kAuthorizationFlagDefaults,
&authRef) != errAuthorizationSuccess)
{
NSLog(#"Could not create authorization reference object.");
}
status = AuthorizationCopyRights(authRef, &rightSet, kAuthorizationEmptyEnvironment,
kAuthorizationFlagDefaults |
kAuthorizationFlagPreAuthorize |
kAuthorizationFlagInteractionAllowed |
kAuthorizationFlagExtendRights,
NULL);
Is there a way to get password after this steps?
Or all of this wrong - and exist another way?
Thanks!
You cannot (and should not) get the actual password. The OS doesn't even know what it is. This is on purpose. As you note, you should create a small helper program whose privileges you can escalate.
If at all possible, you should avoid the shell entirely. It is very fragile. It is much better to write a pure C/ObjC program that does just what you want and elevate its privileges.
Related
I want to encrypt a file/folder using EncryptFile function while Impersonating another user, I gave the other user Full Control over the file, but I still get Access Denied.
HANDLE hUser;
if (LogonUser(L"test", L".", L"123", LOGON32_LOGON_NETWORK, LOGON32_PROVIDER_DEFAULT, &hUser) == TRUE) {
ImpersonateLoggedOnUser(hUser);
if (EncryptFile(dir_to_enc) == FALSE) {
printf("%d\n", GetLastError()); // I get 5 - Access Denied
}
RevertToSelf();
CloseHandle(hUser);
}
edit:
when I change the fourth parameter of LogonUser from LOGON32_LOGON_NETWORK to LOGON32_LOGON_INTERACTIVE, the error code changes to 87, ERROR_INVALID_PARAMETER.
I don't know why but when I change the dwLogonType to LOGON32_LOGON_BATCH everything works correctly!
It seems that it is used when we need to do something on behalf of the user.
but other types are not directly intended for that.
I'm trying to implement rebooting of a remote computer with InitiateShutdown API using the following code, but it fails with RPC_S_SERVER_UNAVAILABLE or 1722 error code:
//Process is running as administrator
//Select a remote machine to reboot:
//INFO: Tried it with and w/o two opening slashes.
LPCTSTR pServerName = L"192.168.42.105";
//Or use 127.0.0.1 if you don't have access to another machine on your network.
//This will attempt to reboot your local machine.
//In that case make sure to call shutdown /a /m \\127.0.0.1 to cancel it.
if(AdjustPrivilege(NULL, L"SeShutdownPrivilege", TRUE) &&
AdjustPrivilege(pServerName, L"SeRemoteShutdownPrivilege", TRUE))
{
int nErrorCode = ::InitiateShutdown(pServerName, NULL, 30,
SHUTDOWN_INSTALL_UPDATES | SHUTDOWN_RESTART, 0);
//Receive nErrorCode == 1722, or RPC_S_SERVER_UNAVAILABLE
}
BOOL AdjustPrivilege(LPCTSTR pStrMachine, LPCTSTR pPrivilegeName, BOOL bEnable)
{
HANDLE hToken;
TOKEN_PRIVILEGES tkp;
BOOL bRes = FALSE;
if(!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken))
return FALSE;
if(LookupPrivilegeValue(pStrMachine, pPrivilegeName, &tkp.Privileges[0].Luid))
{
tkp.PrivilegeCount = 1;
tkp.Privileges[0].Attributes = bEnable ? SE_PRIVILEGE_ENABLED : SE_PRIVILEGE_REMOVED;
bRes = AdjustTokenPrivileges(hToken, FALSE, &tkp, 0, (PTOKEN_PRIVILEGES)NULL, 0);
int nOSError = GetLastError();
if(bRes)
{
if(nOSError != ERROR_SUCCESS)
bRes = FALSE;
}
}
CloseHandle(hToken);
return bRes;
}
So to prepare for this code to run I do the following on this computer, which is Windows 7 Pro (as I would do for the Microsoft's shutdown tool):
Run the following "as administrator" to allow SMB access to the logged in user D1 on the 192.168.42.105 computer (per this answer):
NET USE \\192.168.42.105\IPC$ 1234 /USER:D1
Run the process with my code above "as administrator".
And then do the following on remote computer, or 192.168.42.105, that has Windows 7 Pro (per answer here with most upvotes):
Control Panel, Network and Sharing Center, Change Advanced Sharing settings
"Private" enable "Turn on File and Printer sharing"
Set the following key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
LocalAccountTokenFilterPolicy=dword:1
RUN secpol.msc, then go to Local Security Policy, Security Settings, Local Policies, User Rights Assignment. Add "Everyone" to "Force shutdown from a remote system". (Just remember to remove it after you're done testing!)
Note that the following shutdown command seems to work just fine to reboot the remote computer:
shutdown /r /m \\192.168.42.105 /t 30
What am I missing with my code?
EDIT:
OK. I will admit that I was merely interested in why InitiateShutdown doesn't seem to "want" to work with a remote server connection, while InitiateSystemShutdownEx or InitiateSystemShutdown had no issues at all. (Unfortunately the latter two did not have the dwShutdownFlags parameter, which I needed to pass the SHUTDOWN_INSTALL_UPDATES flag to, which caused my persistence...)
At this point I had no other way of finding out than dusting out a copy of WinDbg... I'm still trying to dig into it, but so far this is what I found...
(A) It turns out that InitiateSystemShutdownEx internally uses a totally different RPC call. W/o too many details, it initiates RPC binding with RpcStringBindingComposeW using the following parameters:
ObjUuid = NULL
ProtSeq = ncacn_np
NetworkAddr = \\192.168.42.105
EndPoint = \\PIPE\\InitShutdown
Options = NULL
or the following binding string:
ncacn_np:\\\\192.168.42.105[\\PIPE\\InitShutdown]
(B) While InitiateShutdown on the other hand uses the following binding parameters:
ObjUuid = 765294ba-60bc-48b8-92e9-89fd77769d91
ProtSeq = ncacn_ip_tcp
NetworkAddr = 192.168.42.105
EndPoint = NULL
Options = NULL
which it later translates into the following binding string:
ncacn_np:\\\\192.168.42.105[\\PIPE\\lsarpc]
that it uses to obtain the RPC handle that it passes to WsdrInitiateShutdown (that seems to have its own specification):
So as you see, the InitiateShutdown call is technically treated as Unknown RPC service (for the UUID {765294ba-60bc-48b8-92e9-89fd77769d91}), which later causes a whole bunch of credential checks between the server and the client:
which, honestly, I'm not sure I want to step into with a low-level debugger :)
At this stage I will say that I am not very well versed on "Local Security Authority" interface (or the \PIPE\lsarpc named pipe configuration.) So if anyone knows what configuration is missing on the server side to allow this RPC call to go through, I would appreciate if you could post your take on it?
I need to know if a specified directory (local or shared path with login credentials) has write permissions or not.
I am using GetFileAttributes but it always returns FILE_ATTRIBUTE_DIRECTORY and nothing else.
My code is something like below
if(storageLocation != "")
{
//! check if local storage - user name password would be empty
if(storageUsername == "" && storagePassword == "")
{
//! local storage
//! lets check whether the local path is a valid path or not
boost::filesystem::path fpath(storageUsername.c_str());
if(boost::filesystem::exists(fpath))
{
DWORD attrib = ::GetFileAttributes(storageLocation.c_str());
if((attrib != INVALID_FILE_ATTRIBUTES) &&
((attrib & FILE_ATTRIBUTE_READONLY) != FILE_ATTRIBUTE_READONLY))
{
string strWritePermission = "TRUE";
}
}
}
else
{
uncLocation_t uncLocation;
uncLocation.m_location = storageLocation;
uncLocation.m_username = storageUsername;
uncLocation.m_password = storagePassword;
if(0 == connectToUNCLocation(uncLocation)) // My function to connect to UNC location
{
//! successful connection
DWORD attrib = ::GetFileAttributes(storageLocation.c_str());
if((attrib != INVALID_FILE_ATTRIBUTES) &&
((attrib & FILE_ATTRIBUTE_READONLY) != FILE_ATTRIBUTE_READONLY))
{
string strWritePermission = "TRUE";
}
}
}
}
I don't understand why but GetFileAttributes always return 0x16.
I have tested it by creating a shared folder and creating 2 folders in it. One with read only permissions and other with default permissions. But in all 3 cases (shared folder, read only folder and default permission folder) I am getting same return value.
There is on way to find write permission, to create a temporary file (usinf CreateFile in GENERIC_WRITE mode) and if successfully created, delete it. But I don't want to use this method as I don't want my application to create a temporary file each time user specifies a location.
Please suggest what should be done.
You would need to replicate the security checking that Windows performs. The AccessCheck function will help that. You are currently well wide of the mark in looking at the file attributes. Windows security is so much more complicated than that.
Although you said you did not want to do it, the right solution is not to try to check. Simply do whatever it is you are attempting to do. If the system decides that the user does not have sufficient rights, then CreateFile will fail, and the last error will be set to ERROR_ACCESS_DENIED. There's no need for temporary files. You just try to do whatever it is you are doing, and let it fail. You have to handle failure anyway since there are many ways for a file operation to fail, not just security.
As the saying goes, it is better to ask forgiveness than permission.
I think you are looking for AccessCheck. FYI, this is not a C++ question, but a Windows API question.
I recall there being a Cocoa framework or AppleScript dictionary to check if an Application bundle with a specific name is installed at all, anywhere on the computer.
How do I do this? Either Cocoa, AppleScript, or command line are useful to me.
You should use Launch Services to do this, specifically the function LSFindApplicationForInfo().
You use it like so:
#import <ApplicationServices/ApplicationServices.h>
CFURLRef appURL = NULL;
OSStatus result = LSFindApplicationForInfo (
kLSUnknownCreator, //creator codes are dead, so we don't care about it
CFSTR("com.apple.Safari"), //you can use the bundle ID here
NULL, //or the name of the app here (CFSTR("Safari.app"))
NULL, //this is used if you want an FSRef rather than a CFURLRef
&appURL
);
switch(result)
{
case noErr:
NSLog(#"the app's URL is: %#",appURL);
break;
case kLSApplicationNotFoundErr:
NSLog(#"app not found");
break;
default:
NSLog(#"an error occurred: %d",result);
break;
}
//the CFURLRef returned from the function is retained as per the docs so we must release it
if(appURL)
CFRelease(appURL);
From the command line this seems to do it:
> mdfind 'kMDItemContentType == "com.apple.application-bundle" && kMDItemFSName = "Google Chrome.app"'
You can also use lsregister.
on doesAppExist(appName)
if (do shell script "/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/LaunchServices.framework/Versions/A/Support/lsregister -dump | grep com.apple.Safari") ¬
contains "com.apple.Safari" then return true
end appExists
That's pretty fast and you can do it from other languages like Python quite easily. You would want to play around with what you grep to make it most efficient.
I need to be able to change a user's password from a cron task or from an ssh session. Is there an easy way to do that with a bash script? If not, what's the easiest way to do it in Cocoa?
Apple introduced CSIdentitySetPassword API in Mac OS 10.5 that allows to change password as follows:
#import <Collaboration/Collaboration.h>
AuthorizationRef authRef = NULL; // You have to initialize authRef
CBIdentityAuthority *authority = [CBIdentityAuthority defaultIdentityAuthority];
CSIdentityRef identity = [CBIdentity identityWithName:user authority:authority].CSIdentity;
if (CSIdentityGetClass(identity) == kCSIdentityClassUser) {
CSIdentitySetPassword(identity, (__bridge CFStringRef)newPassword);
CSIdentityCommit(identity, authRef, NULL);
}
AuthenticationRef can be initialized like int this response.
Use the passwd shell command.