Nathan Duran <mailto:launchd@khiltd.com> wrote (Wednesday, December 5, 2007 10:31 AM -0800):
I'm afraid I don't understand what is meant by the term "external form" here. Are you suggesting that the authorization API be used to prevent rogue applications from utilizing the IPC services vended by the daemon?
Hey, a question I can answer. :) When you authenticate a user, you get an authorization reference which can then be passed to various Authorization API functions to do stuff. However, authorization references cannot be passed between processes. To obtain an authorization (like in a GUI app) and pass that to another process for it to use (like a deamon or faceless helper) you must convert the authorization ref into an "external form", which is just an opaque data blob that encapsulates the authorization. You then pass that data blob to the other process, which then turns the "external" form of the authorization back into a usable authorization ref. -- James Bucanek