chrome/browser/password_manager/password_manager_util_mac.mm - chromium/src - Git at Google

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #include "chrome/browser/password_manager/password_manager_util_mac.h"

 #include <CoreFoundation/CoreFoundation.h>
 #import <Foundation/Foundation.h>
 #include <Security/Authorization.h>

 #include "base/mac/authorization_util.h"
 #include "base/mac/foundation_util.h"
 #include "base/mac/scoped_authorizationref.h"
 #include "base/macros.h"
 #include "chrome/grit/chromium_strings.h"
 #include "ui/base/l10n/l10n_util.h"

 namespace password_manager_util_mac {

 bool AuthenticateUser(password_manager::ReauthPurpose purpose) {
   // Use the system-defined "system.login.screensaver" access right rather than
   // creating our own. The screensaver does exactly the same check we need --
   // verifying whether the legitimate session user is present. If we needed to
   // create a separate access right, we would have to define it with the
   // AuthorizationDB, using the flag
   // kAuthorizationRuleAuthenticateAsSessionUser, to ensure that the session
   // user password, as opposed to an admin's password, is required.
   AuthorizationItem right_items[] = {{"system.login.screensaver", 0, NULL, 0}};
   AuthorizationRights rights = {arraysize(right_items), right_items};

   NSString* prompt;
   switch (purpose) {
     case password_manager::ReauthPurpose::VIEW_PASSWORD:
       prompt = l10n_util::GetNSString(IDS_PASSWORDS_PAGE_AUTHENTICATION_PROMPT);
       break;
     case password_manager::ReauthPurpose::EXPORT:
       prompt = l10n_util::GetNSString(
           IDS_PASSWORDS_PAGE_EXPORT_AUTHENTICATION_PROMPT);
       break;
   }

   // Pass kAuthorizationFlagDestroyRights to prevent the OS from saving the
   // authorization and not prompting the user when future requests are made.
   base::mac::ScopedAuthorizationRef authorization(
       base::mac::GetAuthorizationRightsWithPrompt(
           &rights, base::mac::NSToCFCast(prompt),
           kAuthorizationFlagDestroyRights));
   return authorization.get() != NULL;
 }

 }  // namespace password_manager_util_mac
	// Copyright 2013 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#include "chrome/browser/password_manager/password_manager_util_mac.h"

	#include <CoreFoundation/CoreFoundation.h>
	#import <Foundation/Foundation.h>
	#include <Security/Authorization.h>

	#include "base/mac/authorization_util.h"
	#include "base/mac/foundation_util.h"
	#include "base/mac/scoped_authorizationref.h"
	#include "base/macros.h"
	#include "chrome/grit/chromium_strings.h"
	#include "ui/base/l10n/l10n_util.h"

	namespace password_manager_util_mac {

	bool AuthenticateUser(password_manager::ReauthPurpose purpose) {
	// Use the system-defined "system.login.screensaver" access right rather than
	// creating our own. The screensaver does exactly the same check we need --
	// verifying whether the legitimate session user is present. If we needed to
	// create a separate access right, we would have to define it with the
	// AuthorizationDB, using the flag
	// kAuthorizationRuleAuthenticateAsSessionUser, to ensure that the session
	// user password, as opposed to an admin's password, is required.
	AuthorizationItem right_items[] = {{"system.login.screensaver", 0, NULL, 0}};
	AuthorizationRights rights = {arraysize(right_items), right_items};

	NSString* prompt;
	switch (purpose) {
	case password_manager::ReauthPurpose::VIEW_PASSWORD:
	prompt = l10n_util::GetNSString(IDS_PASSWORDS_PAGE_AUTHENTICATION_PROMPT);
	break;
	case password_manager::ReauthPurpose::EXPORT:
	prompt = l10n_util::GetNSString(
	IDS_PASSWORDS_PAGE_EXPORT_AUTHENTICATION_PROMPT);
	break;
	}

	// Pass kAuthorizationFlagDestroyRights to prevent the OS from saving the
	// authorization and not prompting the user when future requests are made.
	base::mac::ScopedAuthorizationRef authorization(
	base::mac::GetAuthorizationRightsWithPrompt(
	&rights, base::mac::NSToCFCast(prompt),
	kAuthorizationFlagDestroyRights));
	return authorization.get() != NULL;
	}

	} // namespace password_manager_util_mac