如何验证帐号密码 [英] How verify account's password

问题描述

我在我的应用程序中询问帐户的密码(在Mac中用于登录的密码).如何验证输入的用户密码?

I am asking account's password(password for login in mac) in my application. How can I verify password which is entered user?

我认为类似的方法，但这是行不通的:

I think something like it, but it doesn't work:

-(BOOL)authenticatePassword:(char *)password adminName:(char *)userName
{

    BOOL retValue = NO;

    OSStatus status,status1;
    AuthorizationFlags flag;
    AuthorizationItem items[2];
    items[0].name = kAuthorizationEnvironmentPassword;
    items[0].value = password;
    items[0].valueLength = strlen(password);
    items[0].flags = 0;

    items[1].name = kAuthorizationEnvironmentUsername;
    items[1].value = userName;
    items[1].valueLength = strlen(userName);
    items[1].flags = 0;

    AuthorizationItemSet itemSet = {2,items};
    status = AuthorizationCreate(NULL, &itemSet, kAuthorizationFlagDefaults, &authorization_);
    if(status == errAuthorizationSuccess) {
        AuthorizationRights rights = {2,&items};
        //AuthorizationEnvironment kEnviroment = {2, items};
        AuthorizationFlags flag1 = kAuthorizationFlagDefaults;
        status1 = AuthorizationCopyRights(authorization_, &rights,NULL, flag1, NULL);

        if(status1 == errAuthorizationSuccess) {
            retValue = YES;
        }
    }

    return retValue;

}

推荐答案

在AuthorizationCopyRights调用中，用于验证的用户凭据应位于环境参数(您的注释行)中，并且right参数确实应包含权限您希望使用此用户凭据来获得.

In the AuthorizationCopyRightscall the user credentials for the validation should be in the environment parameter (your commented out line) and the rights parameter really should contain the rights you would like to gain using this user credentials.

权限可以包含内置权限或用户创建的权限，使用内置权限更简单，因为创建用户定义的权限需要管理员权限.

The rights can contain built in rights or user created rights, it's simpler to use a built in one because creating a user defined right requires admin privilege.

下面的代码将为您解决问题，只需使用username/password参数调用AuthenticateForRight，它就会尝试获得在授权数据库中内置的 allow 权限.需要有效的用户凭证.

This code bellow will do the trick for you, just call AuthenticateForRight with the username/password parameter and it will try to gain the allow right that is a built in one in the authorizationDB and requires a valid user credential.

要与自定义权限一起使用，您应该一次在身份验证数据库中调用具有该权限的管理员权限的SetupAuthorizationForRight，之后您可以随时通过AuthenticateForRight来检查用户凭据，因为普通用户只需传递rightName参数即可您也是第一次通过SetupAuthorizationForRight.

To use with a custom right you should once call SetupAuthorizationForRight with admin rights for the right be created in the authenticationDB, after that you can check the user credentials anytime via AuthenticateForRight as a normal user just pass the rightName param also you passed for SetupAuthorizationForRight first time.

// original code: https://developer.apple.com/library/mac/#technotes/tn2095/_index.html
//                https://developer.apple.com/library/mac/documentation/Security/Conceptual/authorization_concepts/03authtasks/authtasks.html#//apple_ref/doc/uid/TP30000995-CH206-BCIGEHDI


bool SetupAuthorizationForRight(const char* rightName)
// Called as the application starts up. Creates a connection
// to Authorization Services and then makes sure that our
// right is defined.
{
    OSStatus err;

    // Connect to Authorization Services.

    AuthorizationRef authorization = NULL;
    err = AuthorizationCreate(NULL, NULL, 0, &authorization);

    // Set up our rights.

    if (err == noErr) {
        // Check whether our right is already defined.
        err = AuthorizationRightGet(rightName, NULL);
        if (err == noErr) {

            // A right already exists, either set up in advance by
            // the system administrator or because this is the second
            // time we've run. Either way, there's nothing more for
            // us to do.

        } else if (err == errAuthorizationDenied) {

            // The right is not already defined. Let's create a
            // right definition based on the custom (not canned) rule defined
            // in the dictionary below.
            // The system administrator can modify this right as they
            // see fit.
            CFStringRef keys[2] = {CFSTR("class"), CFSTR("group")};
            CFStringRef values[2] = {CFSTR("user"), CFSTR("everyone")};
            // Allow access for every user - all of local and remote users are in the
            // 'everyone' group, so this is a safe rule
            CFDictionaryRef aDict = CFDictionaryCreate(NULL, (const void **)keys, (const void **)values, 2,
                                                       &kCFCopyStringDictionaryKeyCallBacks,
                                                       &kCFTypeDictionaryValueCallBacks);

            err = AuthorizationRightSet(
                                        authorization,          // authRef
                                        rightName,              // rightName
                                        aDict,                  // rightDefinition
                                        CFSTR("Authenticate to log in via YourAppName."),          // descriptionKey
                                        NULL,                   // bundle, NULL indicates main
                                        NULL                    // localeTableName,
                                        ); // NULL indicates "Localizable.strings"

            if (aDict) {
                CFRelease(aDict);
            }

            if (err != noErr) {
                NSLog(@"Cannot set up authorization entry. Error: %d", err);
            }
        }
    } else {
        NSLog(@"Cannot open authorization database. Error: %d", err);
    }

    return (err == noErr);
}

bool AuthenticateForRight(const char* username, const char* password, const char* rightName)
{
    OSStatus status = noErr;

    if (rightName) {
        if ((status = SetupAuthorizationForRight(rightName)) != noErr)
            return false;
    }
    else
        rightName = "allow"; // Allow right rule always defined by default and only authenticated users has this right

    AuthorizationRef authRef = 0;

    AuthorizationItem   environment[2] = {{NULL, 0, NULL, 0}, {NULL, 0, NULL, 0}};
    int numItems = 0;
    if (username) {
        AuthorizationItem item = { kAuthorizationEnvironmentUsername, strlen(username), (char*)username, 0 };
        environment[numItems++] = item;
        if (password) {
            AuthorizationItem passItem = { kAuthorizationEnvironmentPassword, strlen(password), (char*)password, 0 };
            environment[numItems++] = passItem;
        }
    }

    AuthorizationItem right = {NULL, 0, NULL, 0};
    right.name = rightName;
    right.valueLength = 0;
    right.value = 0;
    AuthorizationRights rightSet = { 1, &right };
    AuthorizationRights environmentSet = { static_cast<unsigned int>(numItems), environment };

    status = AuthorizationCreate(NULL, &environmentSet, kAuthorizationFlagDefaults, &authRef);
    if (status != noErr) {
        NSLog(@"Cannot create authorization reference. Error: %d", status);
        return false;
    }

    AuthorizationFlags flags = kAuthorizationFlagExtendRights | kAuthorizationFlagPreAuthorize;     // | kAuthorizationFlagInteractionAllowed; <- Just for debugging, will display the OS auth dialog if needed!!! 
    status = AuthorizationCopyRights(authRef, &rightSet, &environmentSet, flags, NULL );
    AuthorizationFree(authRef,kAuthorizationFlagDestroyRights);

    return (status == noErr);
}

这篇关于如何验证帐号密码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！