Creating an OS X authentication plugin

2019-03-30 00:47发布

I need to create a plugin for OS X login mechanism so that I can unlock the screen other way than by typing a password. I know things like this already exist - Knock to unlock or Rohos USB key logon are examples.

I found the sample code on ADC called "NameAndPassword" (https://developer.apple.com/library/mac/samplecode/NameAndPassword/Introduction/Intro.html), and after some struggle (Custom login/lock screen in OS X Mavericks) I managed to build and install it on Mavericks. The problem is that the whole plugin is apparently a little outdated and does not log me in after I type the password (I need to reboot the machine through SSH). I'm an xcode/objective-c beginner and cannot fix the problem by myself.

Basically, my question is: how to modify the sample NameAndPassword code so that I could log in with input other than keyboard? I want to create an app that will provide the password, but not through keyboard - that's pretty much how I believe Knock to unlock works.

2条回答
一纸荒年 Trace。
2楼-- · 2019-03-30 01:30

I am working on the same problem, I'm also Obj-C beginner. I've done some analyzing on the Knock to unlock app and it doesn't authorize the system.login.console right, it is defining its own rule AND on locking the computer it calls the Screen Saver with locking right to it's self. It is not an authorization plugin like the NameAndPassword sample. It is not installed to the SecurityAuthorizationPlugins system folder, it is registered as loginAgent to the user.

And I am also stuck on the problem with the NameAndPassword plugin. Did you succeeded in logging in using (even with keyboard) NameAndPassword plugin?

查看更多
萌系小妹纸
3楼-- · 2019-03-30 01:32

There are some bugs in Apple's official code. I patched them and put on my Github: https://github.com/skycocker/NameAndPassword

This version of the plugin should work fine, as long as you replace

<string>loginwindow:login</string>

line in authorization policy database with

<string>NameAndPassword:invoke</string> 

Otherwise it won't log you in.

查看更多
登录 后发表回答