remoting/host/user_authenticator_mac.cc - chromium/src - Git at Google

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #include "remoting/host/user_authenticator.h"

 #include <Security/Security.h>

 #include <string>

 #include "base/basictypes.h"
 #include "base/mac/mac_logging.h"

 namespace remoting {

 namespace {

 class UserAuthenticatorMac : public UserAuthenticator {
  public:
   UserAuthenticatorMac() {}
   virtual ~UserAuthenticatorMac() {}
   virtual bool Authenticate(const std::string& username,
                             const std::string& password);

  private:
   DISALLOW_COPY_AND_ASSIGN(UserAuthenticatorMac);
 };

 const char kAuthorizationRightName[] = "system.login.tty";

 bool UserAuthenticatorMac::Authenticate(const std::string& username,
                                         const std::string& password) {
   // The authorization right being requested.  This particular right allows
   // testing of a username/password, as if the user were logging on to the
   // system locally.
   AuthorizationItem right;
   right.name = kAuthorizationRightName;
   right.valueLength = 0;
   right.value = NULL;
   right.flags = 0;
   AuthorizationRights rights;
   rights.count = 1;
   rights.items = &right;

   // Passing the username/password as an "environment" parameter causes these
   // to be submitted to the Security Framework, instead of the interactive
   // password prompt appearing on the host system.  Valid on OS X 10.4 and
   // later versions.
   AuthorizationItem environment_items[2];
   environment_items[0].name = kAuthorizationEnvironmentUsername;
   environment_items[0].valueLength = username.size();
   environment_items[0].value = const_cast<char*>(username.data());
   environment_items[0].flags = 0;
   environment_items[1].name = kAuthorizationEnvironmentPassword;
   environment_items[1].valueLength = password.size();
   environment_items[1].value = const_cast<char*>(password.data());
   environment_items[1].flags = 0;
   AuthorizationEnvironment environment;
   environment.count = 2;
   environment.items = environment_items;

   OSStatus status = AuthorizationCreate(&rights, &environment,
                                         kAuthorizationFlagExtendRights,
                                         NULL);
   switch (status) {
     case errAuthorizationSuccess:
       return true;

     case errAuthorizationDenied:
       return false;

     default:
       OSSTATUS_LOG(ERROR, status) << "AuthorizationCreate";
       return false;
   }
 }

 }  // namespace

 // static
 UserAuthenticator* UserAuthenticator::Create() {
   return new UserAuthenticatorMac();
 }

 }  // namespace remoting
	// Copyright (c) 2012 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#include "remoting/host/user_authenticator.h"

	#include <Security/Security.h>

	#include <string>

	#include "base/basictypes.h"
	#include "base/mac/mac_logging.h"

	namespace remoting {

	namespace {

	class UserAuthenticatorMac : public UserAuthenticator {
	public:
	UserAuthenticatorMac() {}
	virtual ~UserAuthenticatorMac() {}
	virtual bool Authenticate(const std::string& username,
	const std::string& password);

	private:
	DISALLOW_COPY_AND_ASSIGN(UserAuthenticatorMac);
	};

	const char kAuthorizationRightName[] = "system.login.tty";

	bool UserAuthenticatorMac::Authenticate(const std::string& username,
	const std::string& password) {
	// The authorization right being requested. This particular right allows
	// testing of a username/password, as if the user were logging on to the
	// system locally.
	AuthorizationItem right;
	right.name = kAuthorizationRightName;
	right.valueLength = 0;
	right.value = NULL;
	right.flags = 0;
	AuthorizationRights rights;
	rights.count = 1;
	rights.items = &right;

	// Passing the username/password as an "environment" parameter causes these
	// to be submitted to the Security Framework, instead of the interactive
	// password prompt appearing on the host system. Valid on OS X 10.4 and
	// later versions.
	AuthorizationItem environment_items[2];
	environment_items[0].name = kAuthorizationEnvironmentUsername;
	environment_items[0].valueLength = username.size();
	environment_items[0].value = const_cast<char*>(username.data());
	environment_items[0].flags = 0;
	environment_items[1].name = kAuthorizationEnvironmentPassword;
	environment_items[1].valueLength = password.size();
	environment_items[1].value = const_cast<char*>(password.data());
	environment_items[1].flags = 0;
	AuthorizationEnvironment environment;
	environment.count = 2;
	environment.items = environment_items;

	OSStatus status = AuthorizationCreate(&rights, &environment,
	kAuthorizationFlagExtendRights,
	NULL);
	switch (status) {
	case errAuthorizationSuccess:
	return true;

	case errAuthorizationDenied:
	return false;

	default:
	OSSTATUS_LOG(ERROR, status) << "AuthorizationCreate";
	return false;
	}
	}

	} // namespace

	// static
	UserAuthenticator* UserAuthenticator::Create() {
	return new UserAuthenticatorMac();
	}

	} // namespace remoting