Bypass admin password when changing network configuration

Hi


I'm writing an MAC OS application, in which trying to modify DNS settings of network interfaces. Using SCPreferences refrence for accessing and modifying configuration preferences.


Using SCPreferencesLock API to lock preferences object after getting SCPreferencesRef object created by SCPreferencesCreateWithAuthorization API.

After SCNetworkProtocolSetConfiguration API, calling SCPreferencesUnlock, SCPreferencesCommitChanges & SCPreferencesApplyChanges.


Using above APIs in sequence results in modification of DNS settings as expected, but promting user to enter admin password.


Queries:

1. Is there a way to bypass prompting admin password.

2. Any other APIs to acheive similar functionality without prompt for admin password.


Thanks in advance.

Replies

You can’t change network settings without some sort of authorisation. Imagine the chaos that would cause in managed environments.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

If that is the case, then how to authorize priviliged operations such as changing dns settings of network cards or creating folders or files in admin restricted areas.

Ultimately you’ll want to do this work from a privileged daemon, where your non-privileged code makes a request to the the daemon via IP and the daemon authorises these changes via Authorization Services. You can install that daemon via an installer, if you have one already, or via

SMJobBless
, if you don’t. EvenBetterAuthorizationSample shows the latter.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"