Checking authentication and
running sudo commands on Mac OS X
during installations with InstallShield
Universal
Author:
This tutorial gives a method
for using the sudo command during installations (needed in cases like writing
to the /System directory).
When running the sudo
command for the first time, the user is asked for authentication. Once the
password was entered the user can continue running sudo commands for 5 minutes
hassle-free (without being asked for authentication again). I am using a custom
product bean that during the installation (preferably at the beginning),
executes a Shell-Script that triggers the first sudo command. A custom bean is
needed because working with AppleScript in a Shell environment is not
straight-forward.
About the attached files:
Take care to change the package path of the files: OsxAdminPassword.java
and OsxAdminPasswordBeanInfo.java before building
them. The classes files and the beanhelp
folder should reside in the same directory in the classes directory of the
IS-Universal. The sudoGenerator file should be in the
sources directory of your project.
The Shell-Script :
#!/bin/sh
# sudoGenerator
#
#
# Created by
#
# **********************************************************************
# * Check for administrator authentication on Mac OS X platform.
# * This AppleScript run the sudo command.
# * In case of error (wrong authentication or canceled pressed):
# * Pass to the standard output 2 string lines:
# * "error" and the error-number
# **********************************************************************
#
osascript -e 'do shell script "sudo -K"' -e 'try' -e 'do shell script "sudo -v" with administrator privileges' -e 'on error the error_message number the error_number' -e 'return "error\n" & error_number' -e 'end try';
exit 0;
This script is saved in a
separate folder in the project’s sources directory. At the beginning of the
installation it has to be installed into the temp directory (in case the
authentication was wrong it will be deleted with the temp directory). If the
authentication had succeeded it has to be installed (with the other program
files) for using it during uninstall. In order to install the Shell-Script you
have to use the CopyFile wizard action immediately
after the install action. That way it won’t be uninstalled during the
uninstallation before it had been used.
You have to delete it
explicitly with a custom wizard action at the end of the uninstallation.
The description of the
custom product bean that activates the sudoGenerator
Shell-Script:
OsxAdminPassword
/**
*
* <p>Title: Check administartor
authentication on Mac OS-X </p>
* <p>Description: Gets path of the
AppleScript file at install time and
* a different path to
the AppleScript at uninstall time.
* << Those input paths must not contain
spaces! >>
* OsxAdminPassword Activates an
AppleScript, in a Shell,
* that triggers the
first sudo command with prompt for authentication.
* If the right password was entered the
installation gets 5 minutes of
* enabling sudo
commands hassle-free (without asking for authentication again).
* This action enables three fail tries before
canceling the installation.
* In case of three mistakes or the cancel
button pressed,
* this action cancels
the installation.
* A hidden parameter - authentication holds
the result:
* Success: authentication = 0.
* Fail (wrong or error): authentication = 1.
* Canceled by the user: authentication = -1.
* This value can be checked for appropriate
‘Finish’ dialog.
* In case of fail OsxAdminPassword
sends message to the installation log.
* OsxAdminPassword
checks the input-stream for a return value by the
* AppleScript file,
and according to this return-value decides if to cancel
* the installation
and what value to set the authentication property to.
* Usually the SellScript
is installed to $D(temp) in installation before
* the OsxAdminPassword in
the sequence. This file needs to be installed to a
* permanent folder if
the installation continues, so it can be used during uninstall.
* At the end of the uninstall it has to be
deleted explicitly.</p>
* @author
* @version 1.0
*/
The
OsxAdminPassword properties:
The best would be to create
a special feature for the sudo commands. This feature will be the first in the
installation sequence. Add to this feature the platform condition that checks
if the platform is Mac OS X.
After extracting and copying
files to the temp directory, the installation sequence gets to the
OsxAdminPassword that activates the sudoGenerator which in turn triggers the
sudo command with asking for authentication:
The OsxAdminPassword
checks its input stream for the sudoGenerator outputs, and saves corresponding
information in a hidden property to enable other beans to check it.
If the authentication
passed, its ‘authentication’ property’s value is set to 0 and the installation
continues its sequence to the next feature (which is all the needed sudo
commands). The OsxAdminPassword enables 3 fail tries
before canceling the installation with the ‘authentication’ property’s value
set to 1. In case that the user pressed the cancel button (of the
‘authentication’ prompt), the installation is canceled with the
‘authentication’ property’s value set to -1.
At the ‘PostInstall’
part of the sequence the ‘authentication’ property’s value can be checked in
order to determine which post-install dialog to show.
You have to do this
procedure again during uninstall, and then have another dialog for fail during
uninstall.
The OsxAdminPassword
product action also generates messages to the log file in case of an error,
wrong authentication, or if the user pressed the cancel button:
(
Wrong sudo authentication
(
Cnceled by the user in sudo authentication
(
User
cancelled installation.
The
complete sequence:
