Torsten Curdt’s weblog

When a file change requires root permissons you can use ‘/usr/libexec/authopen’ which elevates permissions and reads or writes that file for you. But what about executing programs with elevated permissions? On the command line you can of course use ’sudo’ …but what if you don’t want to drag the user to the command line? I thought an ‘authexec’ was missing. So after a little research I’ve modified an example from the Apple documentation that explains how to use

 AuthorizationCreate(..)
 AuthorizationCopyRights(..)
 AuthorizationExecuteWithPrivileges(..)

to elevate permssions. ‘authexec yourapp’ will (just like sudo) ask you to confirm the authentication and then start your application with elevated permissions.

For convenience I’ve put the source and the universal binary online.

While I was trying to build a fat binary for Tiger I had to realize that just adding the “-arch” option is not good enough. If you need to link against a framework it might result in missing symbols and lots of linker errors.

/usr/bin/ld: warning /System/Library/Frameworks/Security.framework/Security cputype (18, architecture ppc) does not match cputype (7) for specified -arch flag: i386 (file not loaded)
/usr/bin/ld: warning fat file: /usr/lib/gcc/i686-apple-darwin8/4.0.1/../../../libSystem.dylib does not contain an architecture that matches the specified -arch flag: i386 (file ignored)
...

Turns out the problem was that I had to point gcc to the right SDK.

gcc authexec.c -arch i386 -o authexec.i386 -framework Security -isysroot /Developer/SDKs/MacOSX10.4u.sdk

Another concert is coming up. On April 30th Xavier Rudd is playing at the Forum. This show was originally scheduled for the 4th of Feb. But he is still recoverying from a bad throat infection. I am glad he is feeling better now and the show in Melbourne did not get canceled but just postponed.

There are a few tools available to log HTTP conversations. Usually they act as a server that forwards the request and logs what is getting transfered. Nice! But naturally it’s not that easy for HTTPS – of course the conversation is encrypted. But you can still have a peek! I came across a tool called ‘Charles‘. It acts as a reverse proxy that sits in the middle and will automatically generate the right certificates. All you have to do is to trust the Charles certificate. You have to use the java ‘keytool’ to make the certificate available to the jvm.

$ keytool -import -trustcacerts -keystore keystore -file charles.cer
Enter keystore password:  password
Owner: C=NZ, ST=Unknown, L=Auckland, O=XK72 Ltd, OU=Charles, CN=Charles CA Certificate
Issuer: C=NZ, ST=Unknown, L=Auckland, O=XK72 Ltd, OU=Charles, CN=Charles CA Certificate
Serial number: 1
Valid from: Sat Aug 23 09:53:59 EST 2003 until: Fri Dec 09 10:54:00 EST 2011
Certificate fingerprints:
         MD5:  D4:6B:04:E7:F3:14:AF:EB:46:95:47:5E:9A:AE:38:54
         SHA1: DB:90:61:F8:E6:CC:13:07:1F:DF:47:6E:DF:D8:B9:6F:CC:73:E1:5C
Trust this certificate? [no]:  yes
Certificate was added to keystore

Then you only point the jvm to the proxy and to the keystore you’ve generated.

-Dhttps.proxyHost=localhost
-Dhttps.proxyPort=8888
-Djavax.net.ssl.trustStore=/your/path/to/the/keystore

Unfortunately ‘Charles’ is quite expensive. If someone knows of a free tools that does the same job …please let me know.

Last weekend I’ve attended my first festival down here. Yeah! The ‘Big Day Out‘ in the north of the city. I’ve the seen performances of

• Cut Copy
• Mudvayne
• Soulwax
• Henry Rolins (spoken word)
• Franz Ferdinand
• The Mars Volta
• The White Stripes

But it felt really different than the festivals in Europe. Of course I missed my usual festival buddies but this also was the first festival that I have been to (ever!) where all guys actually went to the slasher! Which of course has the nice side effect that not every corner stinks like a toilet. One thing that was really annoying though: you were only allowed to drink alcohol in dedicated areas. I WANT MY BEER! No matter where! Sorry, I will never understand this “it’s in a paper bag! …no one knows!” thing that is happening here as well as in the US.