SFAuthorizationPluginView example NameAndPassword hangs after button is pressed

Question

I'm using the patched version of NameAndPassword as is here: https://github.com/skycocker/NameAndPassword

When using this outside of the login window (e.g. system.login.screensaver or my own test right), with only the NameAndPassword plug-in, the window hangs for about 10 seconds after pressing Ok or cancel.

Adding some logs, I see that MechanismDestroy is getting called on the plugin and NameAndPassword is released but it never gets to dealloc in NameAndPassword. I also don't see PluginDestroy getting called. The SecurityAgent hangs around for an additional 10 seconds after MechanismDestroy is called.

I saw this related post: SecurityAgentPlugin not working anymore on Yosemite (SFAuthorizationPluginView)

But following the accepted answer doesn't work and according to the Authorization Plug-in Reference didDeactivate shouldn't need to be called (there are no calls to RequestInterrupt and MechanismDeactivate is never called). Calling SetResult should be sufficient.

I can hack it by getting the window from the view and closing it forcibly but there must be a way to get it to work as intended.

Answer 1

I found different hack - I got the reference count of the auth-mechanism instance and release all but the last one. Do this after the setResult call. This solves the issue. It shouldn't be like that - but Apple doesn't give us much of a choice.

Answer 2

If my reply cant help someone, i have had the same problem and find a different way (not clean, it's even rather dirty) because i could not make the proposed solutions work. I destroy the window if the identifiers are valid (I test them). Like that if the identifiers are not valid the window is still there.

- (void)buttonPressed:(SFButtonType)inButtonType
{
    NSString *userNameString;
    NSString *passwordString;

    userNameString = mUserName;
    passwordString = [mPPasswordSecureTextField stringValue];

    // if the OK button was pressed, write the identity and credentials and allow authorization,
    // otherwise, if the cancel button was pressed, cancel the authorization
    if (inButtonType == SFButtonTypeOK)
    {
        const char *puserName = [userNameString UTF8String];
        const char *ppassword = [passwordString UTF8String];

        AuthorizationValue userNameValue = { strlen(puserName) + 1, (char*)puserName };
        AuthorizationValue userPasswordValue = { strlen(ppassword) + 1, (char*)ppassword };

        // add the username and password to the context values
        [self callbacks]->SetContextValue([self engineRef], kAuthorizationEnvironmentUsername, 1, &userNameValue);
        [self callbacks]->SetContextValue([self engineRef], kAuthorizationEnvironmentPassword, 1, &userPasswordValue);

        // allow authorization
        [self callbacks]->SetResult([self engineRef], kAuthorizationResultAllow);

        // to know if we must close the window
        // try to auth with the provided user and pswd
        BOOL status = [self macosTestLogin: puserName with: ppassword];
        if(status == YES)
        {
            // the user and pwd are good, we can close the window
            NSView* v;
            // if we are in sleep, screensaver and lock mode (don't work in loggin mode,
            // but don't be sad loggin mode have a workaround in config authdb,
            // the setting is shared true)
            if (mUseIPView)  {
                v = mPasswordView;
                NSWindow* w = [v window];
                [w close];
            }
        }

        // suggested workaround (don't work)
        [self didDeactivate];

    }
    else if (inButtonType == SFButtonTypeCancel)
    {
        // cancel authorization
        [self callbacks]->SetResult([self engineRef], kAuthorizationResultUserCanceled); 
    }
}

And the test function :

- (BOOL) macosTestLogin: (const char *)userName with: (const char *)password
{
    // hack to know if we must close the window
    // try to auth with the provided user and pswd
    AuthorizationRef authorization = NULL;
    AuthorizationItem items[2];
    items[0].name = kAuthorizationEnvironmentPassword;
    items[0].value = (char*) password;
    items[0].valueLength = strlen(password);
    items[0].flags = 0;
    items[1].name = kAuthorizationEnvironmentUsername;
    items[1].value = (char*) userName;
    items[1].valueLength = strlen(userName);
    items[1].flags = 0;

    AuthorizationRights rights = {2, items};
    AuthorizationEnvironment enviroment = {2, items};
    // creates a new authorization reference and provides an option to authorize or preauthorize rights.
    AuthorizationCreate(NULL, &enviroment, kAuthorizationFlagDefaults, &authorization);
    AuthorizationFlags flag = kAuthorizationFlagDefaults| kAuthorizationFlagExtendRights;

    OSStatus status = AuthorizationCopyRights(authorization, &rights, &enviroment, flag, NULL);

    if(status == errAuthorizationSuccess)
    {
        return YES;
    }

    return NO;
}

This work for me, i do this only in 'screensaver' mode, on login the option shared = true is sufficient.