Objective c 如何验证帐户'；密码

我在我的应用程序中询问帐户的密码（在mac中登录的密码）。如何验证用户输入的密码

我想是这样的，但不起作用：

-(BOOL)authenticatePassword:(char *)password adminName:(char *)userName
{

    BOOL retValue = NO;

    OSStatus status,status1;
    AuthorizationFlags flag;
    AuthorizationItem items[2];
    items[0].name = kAuthorizationEnvironmentPassword;
    items[0].value = password;
    items[0].valueLength = strlen(password);
    items[0].flags = 0;

    items[1].name = kAuthorizationEnvironmentUsername;
    items[1].value = userName;
    items[1].valueLength = strlen(userName);
    items[1].flags = 0;

    AuthorizationItemSet itemSet = {2,items};
    status = AuthorizationCreate(NULL, &itemSet, kAuthorizationFlagDefaults, &authorization_);
    if(status == errAuthorizationSuccess) {
        AuthorizationRights rights = {2,&items};
        //AuthorizationEnvironment kEnviroment = {2, items};
        AuthorizationFlags flag1 = kAuthorizationFlagDefaults;
        status1 = AuthorizationCopyRights(authorization_, &rights,NULL, flag1, NULL);

        if(status1 == errAuthorizationSuccess) {
            retValue = YES;
        }
    }

    return retValue;

}

---

authorization services API

将验证密码是否错误并再次提示。

在

authorization Copyrights

调用中，验证的用户凭据应位于环境参数中（注释掉的行）rights参数应该包含您希望使用此用户凭据获得的权限

权限可以包含内置权限或用户创建的权限，使用内置权限更简单，因为创建用户定义的权限需要管理员权限

下面的代码将为您实现这一目的，只需使用username/password参数调用

AuthenticateForRight

，它将尝试获得authorizationDB中内置的allow权限，该权限需要有效的用户凭据

要与自定义权限一起使用，您应该调用

SetupAuthorizationForRight

，并在authenticationDB中创建权限的管理员权限，之后，您可以随时通过

AuthenticateForRight

检查用户凭据，作为普通用户，只需传递rightName参数，您也可以第一次传递

SetupAuthorizationForRight

// original code: https://developer.apple.com/library/mac/#technotes/tn2095/_index.html
//                https://developer.apple.com/library/mac/documentation/Security/Conceptual/authorization_concepts/03authtasks/authtasks.html#//apple_ref/doc/uid/TP30000995-CH206-BCIGEHDI


bool SetupAuthorizationForRight(const char* rightName)
// Called as the application starts up. Creates a connection
// to Authorization Services and then makes sure that our
// right is defined.
{
    OSStatus err;

    // Connect to Authorization Services.

    AuthorizationRef authorization = NULL;
    err = AuthorizationCreate(NULL, NULL, 0, &authorization);

    // Set up our rights.

    if (err == noErr) {
        // Check whether our right is already defined.
        err = AuthorizationRightGet(rightName, NULL);
        if (err == noErr) {

            // A right already exists, either set up in advance by
            // the system administrator or because this is the second
            // time we've run. Either way, there's nothing more for
            // us to do.

        } else if (err == errAuthorizationDenied) {

            // The right is not already defined. Let's create a
            // right definition based on the custom (not canned) rule defined
            // in the dictionary below.
            // The system administrator can modify this right as they
            // see fit.
            CFStringRef keys[2] = {CFSTR("class"), CFSTR("group")};
            CFStringRef values[2] = {CFSTR("user"), CFSTR("everyone")};
            // Allow access for every user - all of local and remote users are in the
            // 'everyone' group, so this is a safe rule
            CFDictionaryRef aDict = CFDictionaryCreate(NULL, (const void **)keys, (const void **)values, 2,
                                                       &kCFCopyStringDictionaryKeyCallBacks,
                                                       &kCFTypeDictionaryValueCallBacks);

            err = AuthorizationRightSet(
                                        authorization,          // authRef
                                        rightName,              // rightName
                                        aDict,                  // rightDefinition
                                        CFSTR("Authenticate to log in via YourAppName."),          // descriptionKey
                                        NULL,                   // bundle, NULL indicates main
                                        NULL                    // localeTableName,
                                        ); // NULL indicates "Localizable.strings"

            if (aDict) {
                CFRelease(aDict);
            }

            if (err != noErr) {
                NSLog(@"Cannot set up authorization entry. Error: %d", err);
            }
        }
    } else {
        NSLog(@"Cannot open authorization database. Error: %d", err);
    }

    return (err == noErr);
}

bool AuthenticateForRight(const char* username, const char* password, const char* rightName)
{
    OSStatus status = noErr;

    if (rightName) {
        if ((status = SetupAuthorizationForRight(rightName)) != noErr)
            return false;
    }
    else
        rightName = "allow"; // Allow right rule always defined by default and only authenticated users has this right

    AuthorizationRef authRef = 0;

    AuthorizationItem   environment[2] = {{NULL, 0, NULL, 0}, {NULL, 0, NULL, 0}};
    int numItems = 0;
    if (username) {
        AuthorizationItem item = { kAuthorizationEnvironmentUsername, strlen(username), (char*)username, 0 };
        environment[numItems++] = item;
        if (password) {
            AuthorizationItem passItem = { kAuthorizationEnvironmentPassword, strlen(password), (char*)password, 0 };
            environment[numItems++] = passItem;
        }
    }

    AuthorizationItem right = {NULL, 0, NULL, 0};
    right.name = rightName;
    right.valueLength = 0;
    right.value = 0;
    AuthorizationRights rightSet = { 1, &right };
    AuthorizationRights environmentSet = { static_cast<unsigned int>(numItems), environment };

    status = AuthorizationCreate(NULL, &environmentSet, kAuthorizationFlagDefaults, &authRef);
    if (status != noErr) {
        NSLog(@"Cannot create authorization reference. Error: %d", status);
        return false;
    }

    AuthorizationFlags flags = kAuthorizationFlagExtendRights | kAuthorizationFlagPreAuthorize;     // | kAuthorizationFlagInteractionAllowed; <- Just for debugging, will display the OS auth dialog if needed!!! 
    status = AuthorizationCopyRights(authRef, &rightSet, &environmentSet, flags, NULL );
    AuthorizationFree(authRef,kAuthorizationFlagDestroyRights);

    return (status == noErr);
}

//原始代码：https://developer.apple.com/library/mac/#technotes/tn2095/_index.html
//                https://developer.apple.com/library/mac/documentation/Security/Conceptual/authorization_concepts/03authtasks/authtasks.html#//apple_ref/doc/uid/TP30000995-CH206-BCIGEHDI
bool SetupAuthorizationForRight（常量字符*rightName）
//在应用程序启动时调用。创建一个连接
//到授权服务，然后确保
//权利是有定义的。
{
骨性关节炎；
//连接到授权服务。
AuthorizationRef authorization=NULL；
err=AuthorizationCreate（NULL、NULL、0和authorization）；
//确立我们的权利。
如果（err==noErr）{
//检查我们的权利是否已经定义。
err=AuthorizationRightGet（rightName，NULL）；
如果（err==noErr）{
//已存在一项权利，或者由
//系统管理员或因为这是第二个
//我们已经跑了。不管怎样，我们都没有更多的时间了
//让我们去做。
}else if（err==errAuthorizationDenied）{
//右侧尚未定义。让我们创建一个
//基于定义的自定义（非固定）规则的权限定义
//在下面的字典里。
//系统管理员可以根据需要修改此权限
//见好就收。
CFStringRef键[2]={CFSTR（“类”），CFSTR（“组”）}；
CFStringRef值[2]={CFSTR（“用户”），CFSTR（“每个人”）}；
//允许每个用户访问-所有本地和远程用户都在
//“每个人”组，所以这是一个安全的规则
CFDictionaryRef aDict=CFDictionaryCreate（NULL，（const void**）键，（const void**）值，2，
&kCFCopyStringDictionaryKeyCallBacks，
&kCFTypeDictionaryValueCallBacks）；
err=AuthorizationRightSet(
授权，//authRef
rightName，//rightName
aDict，//rightDefinition
CFSTR（“通过您的AppName进行身份验证登录）”，//descriptionKey
NULL，//bundle，NULL表示主
NULL//localeTableName，
)；//NULL表示“Localizable.strings”
国际单项体育联合会（aDict）{
CFD发布（aDict）；
}
如果（错误！=noErr）{
NSLog（@“无法设置授权项。错误：%d”，错误）；
}
}
}否则{
NSLog（@“无法打开授权数据库。错误：%d”，错误）；
}
返回（err==noErr）；
}
bool AuthenticateForRight（常量字符*用户名，常量字符*密码，常量字符*右名称）
{
骨状态=noErr；
if（rightName）{
如果（（状态=SetupAuthorizationForRight（rightName））！=noErr）
返回false；
}
其他的
rightName=“allow”；//默认情况下始终定义允许权限规则，并且只有经过身份验证的用户才具有此权限
AuthorizationRef authRef=0；
AuthorizationItem环境[2]={{NULL，0，NULL，0}，{NULL，0，NULL，0}；
int numItems=0；
如果（用户名）{
AuthorizationItem={kAuthorizationEnvironmentUsername，strlen（username），（char*）用户名，0}；
环境[numItems++]=项目；
如果（密码）{
AuthorizationItem passItem={KAAuthorizationEnvironmentPassword，strlen（password），（char*）password，0}；
环境[numItems++]=passItem；
}
}
AuthorizationItem right={NULL，0，NULL，0}；
right.name=rightName；
right.valueLength=0；
右值=0；
AuthorizationRights rightSet={1，&right}；
AuthorizationRights environmentSet={static_cast（numItems），environment}；
状态=AuthorizationCreate（NULL，&environmentSet，KAAuthorizationFlagDefaults，&authRef）；
如果（状态！=noErr）{
NSLog（@“无法创建授权引用。错误：%d”，状态）；
返回false；
}
AuthorizationFlags flags=KauthorizationFlagExtenderRights | kAuthorizationFlagPreAuthorize；//| kAuthorizationFlagInteractionAllowed；以下是我的代码供您参考

char *password = "password";
char *userName = "account";

AuthorizationRef authorization = NULL; 
AuthorizationItem items[2];
items[0].name = kAuthorizationEnvironmentPassword;
items[0].value = password;
items[0].valueLength = strlen(password);
items[0].flags = 0;
items[1].name = kAuthorizationEnvironmentUsername;
items[1].value = userName;
items[1].valueLength = strlen(userName);
items[1].flags = 0;

AuthorizationRights rights = {2, items};
AuthorizationEnvironment enviroment = {2, items};
// Creates a new authorization reference and provides an option to authorize or preauthorize rights.
AuthorizationCreate(NULL, &enviroment, kAuthorizationFlagDefaults, &authorization);
AuthorizationFlags flag = kAuthorizationFlagDefaults| kAuthorizationFlagExtendRights;

OSStatus status = AuthorizationCopyRights(authorization, &rights, &enviroment, flag, NULL);
if(status == errAuthorizationSuccess)
{
    NSLog(@"Pass");
}
else 
{
    NSLog(@"Fail");
}