I'm doing this:
@import Security;
int main(int argc, const char * argv[]) {
@autoreleasepool {
OSStatus result;
SecuritySessionId sessionId;
SessionAttributeBits attrs;
result = SessionGetInfo(callerSecuritySession, &sessionId, &attrs);
printf("Current session ID: %d\n", (int)sessionId);
result = SessionCreate(0, 0);
printf("This just happened: %d\n", (int)result);
result = SessionGetInfo(callerSecuritySession, &sessionId, &attrs);
printf("Later session ID: %d\n", (int)sessionId);
const char *sessionString = getenv("SECURITYSESSIONID");
printf("session from the env: %s\n", sessionString);
}
return 0;
}
My expectations are:
- SessionCreate() returns either errSessionSuccess, or one of the errors described in the header.
- The caller's security session identifier has changed between the two calls to SessionGetInfo().
- The security session identifier is written in hex to the environment (I'm looking at Authorization.cpp in Security-58286.220.15, which makes me believe this will happen).
Reality has served to disappoint me on all fronts. Here's what actually happens on 10.14.3:
Current session ID: 100008
This just happened: 100001
Later session ID: 100008
session from the env: (null)
Am I doing something incorrectly? My goal at the moment is simply to be able to create a new security session and enter it, leaving the session in which my process was launched.