mac admin auth check

2023-02-25 04:55:37 -08:00 · 2023-02-25 04:55:37 -08:00 · b9b4913ca0
commit b9b4913ca0
parent 17f1c18c92
3 changed files with 41 additions and 3 deletions
--- a/src/platform/macos.mm
+++ b/src/platform/macos.mm
@ -1,6 +1,9 @@
 #import <AVFoundation/AVFoundation.h>
 #import <AppKit/AppKit.h>
 #import <IOKit/hidsystem/IOHIDLib.h>
+#include <Security/Authorization.h>
+#include <Security/AuthorizationTags.h>
+

 // https://github.com/codebytere/node-mac-permissions/blob/main/permissions.mm

@ -35,6 +38,33 @@ extern "C" bool InputMonitoringAuthStatus(bool prompt) {
    return false;
 }

+extern "C" bool MacCheckAdminAuthorization() {
+  AuthorizationRef authRef;
+  OSStatus status;
+
+  status = AuthorizationCreate(NULL, kAuthorizationEmptyEnvironment,
+                               kAuthorizationFlagDefaults, &authRef);
+  if (status != errAuthorizationSuccess) {
+    printf("Failed to create AuthorizationRef\n");
+    return false;
+  }
+
+  AuthorizationItem authItem = {kAuthorizationRightExecute, 0, NULL, 0};
+  AuthorizationRights authRights = {1, &authItem};
+  AuthorizationFlags flags = kAuthorizationFlagDefaults |
+                             kAuthorizationFlagInteractionAllowed |
+                             kAuthorizationFlagPreAuthorize |
+                             kAuthorizationFlagExtendRights;
+  status = AuthorizationCopyRights(authRef, &authRights, kAuthorizationEmptyEnvironment, flags, NULL);
+  if (status != errAuthorizationSuccess) {
+    printf("Failed to authorize\n");
+    return false;
+  }
+
+  AuthorizationFree(authRef, kAuthorizationFlagDefaults);
+  return true;
+}
+
 extern "C" float BackingScaleFactor() {
    NSScreen* s = [NSScreen mainScreen];
    if (s) return [s backingScaleFactor];
--- a/src/platform/macos.rs
+++ b/src/platform/macos.rs
@ -34,6 +34,7 @@ extern "C" {
    static kAXTrustedCheckOptionPrompt: CFStringRef;
    fn AXIsProcessTrustedWithOptions(options: CFDictionaryRef) -> BOOL;
    fn InputMonitoringAuthStatus(_: BOOL) -> BOOL;
+    fn MacCheckAdminAuthorization() -> BOOL;
    fn MacGetModeNum(display: u32, numModes: *mut u32) -> BOOL;
    fn MacGetModes(
        display: u32,
@ -665,3 +666,10 @@ pub fn change_resolution(name: &str, width: usize, height: usize) -> ResultType<
    }
    Ok(())
 }
+
+
+pub fn check_super_user_permission() -> ResultType<bool> {
+    unsafe {
+        Ok(MacCheckAdminAuthorization() == YES)
+    }
+}
--- a/src/ui_interface.rs
+++ b/src/ui_interface.rs
@ -707,10 +707,10 @@ pub fn is_root() -> bool {
 pub fn check_super_user_permission() -> bool {
    #[cfg(feature = "flatpak")]
    return true;
-    #[cfg(any(windows, target_os = "linux"))]
+    #[cfg(any(windows, target_os = "linux", target_os = "macos"))]
    return crate::platform::check_super_user_permission().unwrap_or(false);
-    #[cfg(not(any(windows, target_os = "linux")))]
-    true
+    #[cfg(not(any(windows, target_os = "linux", target_os = "macos")))]
+    return true;
 }

 #[allow(dead_code)]