NullAuthPlugin with Yosemite

Privacy & Security General
TheDarkKnight OP
Created Aug ’15
Replies 2
Boosts 0
Views 786
Participants 2

Having, in the past, used the NullAuthPlugin to assist with viewing context and hints when working with a security plugin, it appears that it no longer works.

I add it the entry to my list of mechanisms in the authorisation database and can confirm its there with the command 


sudo security authorizationdb read com.mycompany.myproduct.action


It shows correctly in the list of of mechanisms, but no longer prints messages to the system log, following the execution of my or any other mechanism.


Has anyone had success with using the NullAuthPlugin on Yosemite, or is it broken?

Replies  2
Boosts  0
Views  786
Participants  2
DTS Engineer OP
Apple
Aug ’15
Accepted Answer

There’s nothing fundamentally wrong with the code itself, but various environmental factors make it harder to use. You’ve figure one out already (the fact that you have to use the 

security
tool to modify the authorisation database) and now you’re stuck on another (seeing your logging).

This is actually easier than the current NullAuthPlugin docs would have you believe, it’s just that I didn’t understand ASL properly back when I wrote NullAuthPlugin )-: The trick is:

  • continue to log your output at debug level (preferably with ASL rather than 

    syslog
    , and thus using 
    ASL_LEVEL_DEBUG
    )

  • change the ASL master filter mask to show debug messages

    $ sudo syslog -c 0 -d

    IMPORTANT Don’t forget the 

    sudo
    . If you do, ASL doesn't print an error, it simply fails to adjust the mask (r. 18200871).

  • watch the log

    $ syslog -w



    • As always, it's a good idea to run this last command over an SSH connection so that you can see these log messages show up in real time.


    Finally, you can reset the master filter mask with the command shown below.


    $ sudo syslog -c 0 off

    Share and Enjoy

    Quinn "The Eskimo!"
    Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

    let myEmail = "eskimo" + "1" + "@apple.com"
    0
    TheDarkKnight OP
    Aug ’15

    Thanks Quinn,


    Your knowledge is, as always, invaluable. The only thing I needed was the syslog command:


    $ sudo syslog -c 0 -d


    I'm sure you're aware that it's also possible to view the log in the Console app, but I thought I'd mention it, in-case anyone else comes across this.


    Thanks again ;O)

    0
    NullAuthPlugin with Yosemite
    First post date Last post date
     
     
    Q