blob: 82f57c285a6a483f92404a93696d418425c1b3fd (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
|
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "OSReauthenticator.h"
#include "mozilla/MacStringHelpers.h"
using namespace mozilla;
#include <CoreFoundation/CoreFoundation.h>
#include <LocalAuthentication/LocalAuthentication.h>
static const int32_t kPasswordNotSetErrorCode = -1000;
nsresult ReauthenticateUserMacOS(const nsAString& aPrompt,
/* out */ bool& aReauthenticated,
/* out */ bool& aIsBlankPassword) {
// The idea here is that we ask to be authorized to unlock the user's session.
// This should cause a prompt to come up for the user asking them for their
// password. If they correctly enter it, we'll set aReauthenticated to true.
LAContext* context = [[LAContext alloc] init];
NSString* prompt = mozilla::XPCOMStringToNSString(aPrompt);
dispatch_semaphore_t sema = dispatch_semaphore_create(0);
__block BOOL biometricSuccess = NO; // mark variable r/w across the block
__block BOOL errorPasswordNotSet = NO; // mark variable r/w across the block
// Note: This is an async callback in an already-async Promise chain.
[context evaluatePolicy:LAPolicyDeviceOwnerAuthentication
localizedReason:prompt
reply:^(BOOL success, NSError* error) {
dispatch_async(dispatch_get_main_queue(), ^{
// error is not particularly useful in this context, and
// we have no mechanism to really return it. We could
// use it to set the nsresult, but this is a best-effort
// mechanism and there's no particular case for
// propagating up XPCOM. The one exception being a user
// account that has no passcode set, which we handle
// below.
errorPasswordNotSet =
error && [error code] == kPasswordNotSetErrorCode;
biometricSuccess = success || errorPasswordNotSet;
dispatch_semaphore_signal(sema);
});
}];
// What we want to do here is convert this into a blocking call, since
// our calling methods expect us to block and set aReauthenticated on return.
dispatch_semaphore_wait(sema, DISPATCH_TIME_FOREVER);
dispatch_release(sema);
sema = NULL;
aReauthenticated = biometricSuccess;
aIsBlankPassword = errorPasswordNotSet;
[context release];
return NS_OK;
}
|