On 24 Nov 2009, at 1:13 AM, Alan James Caruana wrote:
> I am trying to write a daemon that will log in to OS X automatically when a user connects remotely to this daemon. The user credentials are sent to the daemon by the user's client program. I knew that I could perform the automatic login by means of an AppleScript, but this is sometimes not working properly and I wanted to find something more robust. It was suggested to me that I should write an Authorization Plugin, and consider this task like wanting to login using a smart card.
>
> I managed to write an Authorization Plugin, which is being called before the loginwindow plugin. I am using the SetContextValue() function to set the username and password, but this is not working.
>
> In /etc/authorization I added the bold line:
>
> <key>system.login.console</key>
> <dict>
> <key>class</key>
> <string>evaluate-mechanisms</string>
> <key>mechanisms</key>
> <array>
> <string>builtin:smartcard-sniffer,privileged</string>
> <string>MyAuthPlugin:my_mechanism</string>
> <string>loginwindow:login</string>
> <string>builtin:reset-password,privileged</string>
> <string>builtin:auto-login,privileged</string>
> <string>builtin:authenticate,privileged</string>
> <string>loginwindow:success</string>
> <string>HomeDirMechanism:login,privileged</string>
> <string>HomeDirMechanism:status</string>
> <string>MCXMechanism:login</string>
> <string>loginwindow:done</string>
> </array>
> </dict>
>
> I am using the SetContextValue() function as follows:
>
>
> char *uname = strdup("MyUserName");
> char *pwd = strdup("MyPassword");
> AuthorizationValue av_uname = { strlen(uname), uname };
> AuthorizationValue av_pwd = {strlen(pwd), pwd };
>
> SetContextValue(EngineRef, kAuthorizationEnvironmentUsername, 0, &av_uname);
> SetContextValue(EngineRef, kAuthorizationEnvironmentPassword, 0, &av_pwd);
>
> SetResult(EngineRef, kAuthorizationResultAllow);
>
> The plugin is being called. I know this because the login screen does not show up before SetResutl() is being called. However the login screen is not being skipped. Do I need to set another Context Value for this? Am I doing anything wrong ? What should I do to make this work?
Remove loginwindow:login from the list of mechanisms to run. loginwindow:login doesn't support being bypassed as you are attempting. Continue to set the context values, though, since builtin:authenticate,privileged requires them.
/gh
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Apple-cdsa mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
