Mailing Lists: Apple Mailing Lists
Image of Mac OS face in stamp
Re: problem with Authorization Plugin
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: problem with Authorization Plugin

On 24 Nov 2009, at 1:13 AM, Alan James Caruana wrote:

> I am trying to write a daemon that will log in to OS X automatically when a user connects remotely to this daemon.  The user credentials are sent to the daemon by the user's client program.  I knew that I could perform the automatic login by means of an AppleScript, but this is sometimes not working properly and I wanted to find something more robust.  It was suggested to me that I should write an Authorization Plugin, and consider this task like wanting to login using a smart card.
> I managed to write an Authorization Plugin, which is being called before the loginwindow plugin.  I am using the SetContextValue() function to set the username and password, but this is not working.
> In /etc/authorization I added the bold line:
> <key>system.login.console</key>
>                 <dict>
>                         <key>class</key>
>                         <string>evaluate-mechanisms</string>
>                         <key>mechanisms</key>
>                         <array>
>                                 <string>builtin:smartcard-sniffer,privileged</string>
>                                 <string>MyAuthPlugin:my_mechanism</string>
>                                 <string>loginwindow:login</string>
>                                 <string>builtin:reset-password,privileged</string>
>                                 <string>builtin:auto-login,privileged</string>
>                                 <string>builtin:authenticate,privileged</string>
>                                 <string>loginwindow:success</string>
>                                 <string>HomeDirMechanism:login,privileged</string>
>                                 <string>HomeDirMechanism:status</string>
>                                 <string>MCXMechanism:login</string>
>                                 <string>loginwindow:done</string>
>                         </array>
>                 </dict>
> I am using the SetContextValue() function as follows:
>     char *uname = strdup("MyUserName");
>     char *pwd = strdup("MyPassword");
>     AuthorizationValue av_uname = { strlen(uname), uname };
>     AuthorizationValue av_pwd = {strlen(pwd), pwd };
>     SetContextValue(EngineRef, kAuthorizationEnvironmentUsername, 0, &av_uname);
>     SetContextValue(EngineRef, kAuthorizationEnvironmentPassword, 0, &av_pwd);
>     SetResult(EngineRef, kAuthorizationResultAllow);
> The plugin is being called.  I know this because the login screen does not show up before SetResutl() is being called.  However the login screen is not being skipped.  Do I need to set another Context Value for this? Am I doing anything wrong ? What should I do to make this work?

Remove loginwindow:login from the list of mechanisms to run.  loginwindow:login doesn't support being bypassed as you are attempting.  Continue to set the context values, though, since builtin:authenticate,privileged requires them.


Do not post admin requests to the list. They will be ignored.
Apple-cdsa mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden

 >problem with Authorization Plugin (From: Alan James Caruana <email@hidden>)

Visit the Apple Store online or at retail locations.

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2011 Apple Inc. All rights reserved.