OLD | NEW |
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/password_manager/password_manager_util_mac.h" | 5 #include "chrome/browser/password_manager/password_manager_util_mac.h" |
6 | 6 |
7 #include <CoreFoundation/CoreFoundation.h> | 7 #include <CoreFoundation/CoreFoundation.h> |
8 #import <Foundation/Foundation.h> | 8 #import <Foundation/Foundation.h> |
9 #include <Security/Authorization.h> | 9 #include <Security/Authorization.h> |
10 | 10 |
11 #include "base/basictypes.h" | |
12 #include "base/mac/authorization_util.h" | 11 #include "base/mac/authorization_util.h" |
13 #include "base/mac/foundation_util.h" | 12 #include "base/mac/foundation_util.h" |
14 #include "base/mac/scoped_authorizationref.h" | 13 #include "base/mac/scoped_authorizationref.h" |
| 14 #include "base/macros.h" |
15 #include "chrome/grit/chromium_strings.h" | 15 #include "chrome/grit/chromium_strings.h" |
16 #include "ui/base/l10n/l10n_util.h" | 16 #include "ui/base/l10n/l10n_util.h" |
17 | 17 |
18 namespace password_manager_util_mac { | 18 namespace password_manager_util_mac { |
19 | 19 |
20 bool AuthenticateUser() { | 20 bool AuthenticateUser() { |
21 // Use the system-defined "system.login.screensaver" access right rather than | 21 // Use the system-defined "system.login.screensaver" access right rather than |
22 // creating our own. The screensaver does exactly the same check we need -- | 22 // creating our own. The screensaver does exactly the same check we need -- |
23 // verifying whether the legitimate session user is present. If we needed to | 23 // verifying whether the legitimate session user is present. If we needed to |
24 // create a separate access right, we would have to define it with the | 24 // create a separate access right, we would have to define it with the |
25 // AuthorizationDB, using the flag | 25 // AuthorizationDB, using the flag |
26 // kAuthorizationRuleAuthenticateAsSessionUser, to ensure that the session | 26 // kAuthorizationRuleAuthenticateAsSessionUser, to ensure that the session |
27 // user password, as opposed to an admin's password, is required. | 27 // user password, as opposed to an admin's password, is required. |
28 AuthorizationItem right_items[] = {{"system.login.screensaver", 0, NULL, 0}}; | 28 AuthorizationItem right_items[] = {{"system.login.screensaver", 0, NULL, 0}}; |
29 AuthorizationRights rights = {arraysize(right_items), right_items}; | 29 AuthorizationRights rights = {arraysize(right_items), right_items}; |
30 | 30 |
31 NSString* prompt = | 31 NSString* prompt = |
32 l10n_util::GetNSString(IDS_PASSWORDS_PAGE_AUTHENTICATION_PROMPT); | 32 l10n_util::GetNSString(IDS_PASSWORDS_PAGE_AUTHENTICATION_PROMPT); |
33 | 33 |
34 // Pass kAuthorizationFlagDestroyRights to prevent the OS from saving the | 34 // Pass kAuthorizationFlagDestroyRights to prevent the OS from saving the |
35 // authorization and not prompting the user when future requests are made. | 35 // authorization and not prompting the user when future requests are made. |
36 base::mac::ScopedAuthorizationRef authorization( | 36 base::mac::ScopedAuthorizationRef authorization( |
37 base::mac::GetAuthorizationRightsWithPrompt( | 37 base::mac::GetAuthorizationRightsWithPrompt( |
38 &rights, base::mac::NSToCFCast(prompt), | 38 &rights, base::mac::NSToCFCast(prompt), |
39 kAuthorizationFlagDestroyRights)); | 39 kAuthorizationFlagDestroyRights)); |
40 return authorization.get() != NULL; | 40 return authorization.get() != NULL; |
41 } | 41 } |
42 | 42 |
43 } // namespace password_manager_util_mac | 43 } // namespace password_manager_util_mac |
OLD | NEW |