fill the void - bdunagan

18 Apr 2010
Communicating with a Privileged Tool

In writing Multicast Ping for the Mac, I needed a two-way communication pipe between the interface (parent process) and the privileged tool (child process) and a clean method for terminating the tool through that pipe. NSTask provides setStandardInput and setStandardOutput for just this reason. However, I cannot launch a privileged tool with NSTask; instead, I have to use AuthorizationExecuteWithPrivileges with its lower-level file handle mechanism.

With a bit of help, I implemented a two-way pipe at a high-level and utilize that pipe to cleanly terminate the child process with a simple EOF signal. Apple’s BetterAuthorizationSample sample project touches on this communication pipe but does so at a low-level and only one-way. Matt Gallagher from Cocoa With Love also uses a pipe in invoking other processes when he creates an Open File Killer app, but the pipe is still only used one direction. Thanks to both those tutorials as well as a post from Caius Theory for helping me along. See my GitHub multicast_ping repo for the code in context.

Interface: setup the pipe to the tool

// Execute the command with privileges from SFAuthorizationView.
FILE *handle;
OSErr processError = AuthorizationExecuteWithPrivileges([[authView authorization] authorizationRef], [helperPath UTF8String], 
														kAuthorizationFlagDefaults, (char *const *)argv, &handle);
if (processError != 0) {
	NSLog(@"helper tool failed (%d)", processError);
	return NO;

// Setup the two-way pipe.
helperHandle = [[NSFileHandle alloc] initWithFileDescriptor:fileno(handle)];
[helperHandle waitForDataInBackgroundAndNotify];
[[NSNotificationCenter defaultCenter] addObserver:self selector:@selector(handleTaskOutput:) name:NSFileHandleDataAvailableNotification object:helperHandle];

Interface: wait for data from the tool

- (void)handleTaskOutput:(NSNotification *)notification {
	// Get the new data.
	NSFileHandle *handle = (NSFileHandle *)[notification object];
	NSData *data = [handle availableData];
	if ([data length] > 0) {
		// Convert the data into a string.
		NSString *dataString = [[NSString alloc] initWithBytes:[data bytes] length:[data length] encoding:NSUTF8StringEncoding];
		if ([dataString isEqual:@"port in use"]) {
			// Tool failed.
			[self handleToolFailure];
			[dataString release];

		// Process the string, expecting "address,port,message".
		NSArray *array = [dataString componentsSeparatedByString:@","];
		[dataString release];
		if ([array count] == 3) {
			// Get attributes.
			NSString *address = [array objectAtIndex:0];
			int port = [[array objectAtIndex:1] intValue];
			NSString *message = [array objectAtIndex:2];

			// Create new message.
			Message *newMessage = [[Message alloc] initWithAddress:address andPort:port andMessage:message];
			[messages addObject:newMessage];
			[newMessage release];
			// Update view.
			[listView reloadData];
		// Prepare for more data.
		[handle waitForDataInBackgroundAndNotify];
	else {
		// No data means tool failed.
		[self handleToolFailure];

Interface: terminate the tool

// Close pipe to terminate the helper tool.
[helperHandle closeFile];
helperHandle = nil;

Tool: send data to the interface

// Write out the new message to the pipe.
NSString *line = [NSString stringWithFormat:@"%@,%d,%@", sentHost, sentPort, receivedMessage];
[(NSFileHandle *)[NSFileHandle fileHandleWithStandardOutput] writeData:[line dataUsingEncoding:NSUTF8StringEncoding]];

Tool: listen for terminate from the interface

// Wait for parent process to close the pipe. That will send the EOF signal.
[[NSFileHandle fileHandleWithStandardInput] readDataToEndOfFile];
Previous LinkedIn Twitter GitHub Email Next