ansaurus

Question

Is it possible to replace the Mac login screen?

Answer 1

+6 A:

The login window application is defined as part of the launchd configuration in /System/Library/LaunchDaemons/com.apple.loginwindow.plist.

In theory you can replace the login window with your own but I don't know what you have to do in the new app - I think the login window does a bit more then authentication and setting up the user session -> amongst others, it looks like its doing some launchd related chores.

I've compiled an application that calls CGSCreateLoginSession and once you run it it transitions to the login window via the rotating cube. I imagine this is why it requires CoreGraphics - it's just a graphics function that calls logout at the end.

You could try an InputManager and see it the login window loads the code -> if it does, you could then alter the loginwindow NIB (LoginWindowUI.nib) and add some buttons to display a new window with the user browser. Once the student chooses a picture of him/herself you could autofill the username and password fields in the loginwindow.

Node this is all theory, and it looks very fragile and unsafe.

Good luck.

Later edit

Please note this is very unsafe so use with care - I did hose my system a couple of times when trying out this stuff

Here's a proof-of-concept implementation that injects code in the loginwindow.

#include <stdio.h>
#include <unistd.h>
#include <sys/time.h>
#include <strings.h>
#include <syslog.h>

#import <Cocoa/Cocoa.h>

#include <execinfo.h>

@interface LLApp:NSApplication
@end
@implementation LLApp
- (void)run
{
    syslog(LOG_ERR, "LLApp being run");
    [super run];
}
@end

void my_openlog(const char *ident, int logopt, int facility);

typedef struct interpose_s 
{
        void * new_func;
        void * orig_func;
} interpose_t;

int MyNSApplicationMain(int argc,  const char ** argv);


static const interpose_t interposers[] __attribute__ ((section("__DATA, __interpose")))     = {
{ (void *) my_openlog, (void *) openlog },
};

void my_openlog(const char *ident, int logopt, int facility)
{
        openlog(ident, logopt, facility);

    if(!strcmp(ident, "/System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow"))
    {

     [LLApp poseAsClass:[NSApplication class]];
    }
    else
    {
     syslog(LOG_ERR, "Ignoring unknown indent: >%s<", ident);
    }
    return;
}

The code compiles with:

gcc -Wall -dynamiclib -undefined dynamic_lookup -o ~/Desktop/libinterposers.dylib testin.m -framework Cocoa

Code loading is based on interposing so the launchd definition of loginwindow has to contain an additional entry (to enable interposing in the dynamic linker), i.e.:

<key>EnvironmentVariables</key>
<dict>    
    <key>DYLD_INSERT_LIBRARIES</key>
    <string>path_to/Desktop/libinterposers.dylib</string>
</dict>

diciu 2009-07-01 11:56:33

Wow. I'd gladly upvote you a second time. That's incredible and crazy at the same time. As it is fairly advanced, let me be sure I understand correctly what this sample does: it replaces the call to "openlog" with a "my_openlog" which makes your class LLApp pretend to be the NSApplication class, so that any calls to its functions can be modified, and it proves this by modifying the run function to output something to the system log.

Clinton Blackmore 2009-07-03 16:01:40

Function replacement is made possible by interposing - google for "interposing mac os x" and you'll find a chapter of Amit Singh's book on OS X that describes how it works. Class posing is used to replace all instances of class X with class Y - note it's not supported on 64 bit.As for replacing -[NSApplication run] you probably don't want that - you need to replace something inside the loginwindow app such as some method from the custom view class (you can find the name of the custom view class by opening the bundle in Interface builder).

diciu 2009-07-03 17:04:17

It looks like I wont be able to allocate time to this in the near future, but I'm definitely giving you the correct answer rep for all the hard work you put in; I really think that the task can be accomplished with this guidance. Thanks.

Clinton Blackmore 2009-07-21 21:57:25

Answer 2

+2 A:

yes, you can use the SFAuthorizationPluginView

here the reference link at ADC

kent 2009-07-01 15:17:31

Thanks for the info. Looks like it is Leopard only (I would like to support Tiger, too). Apple has a "NameAndPassword" sample, and there are a couple related questions on SO, which are using a tag or "SFAuthorizationPluginView" (http://stackoverflow.com/questions/tagged/sfauthorizationpluginview)

Clinton Blackmore 2009-07-01 21:42:55

I'm not sure you can easily use SFAuthorizationPluginView to change anything in the login window. I've compiled and installed the NameAndPassword code sample that illustrates SFAuthorizationPluginView and it looks to me like it allows you to build a custom right (see /etc/authorization for definitions of existing rights -> login is not in there).The plugin comes into play when an application then asks the OS to authorize the user for that newly created right.

diciu 2009-07-02 06:16:23

Thank you, diciu. It wasn't clear to me how you would (or if you could) make this appear on the login screen. [I'd compiled it, but didn't want to test (and break!) authorization on my own computer.]

Clinton Blackmore 2009-07-02 13:30:16

I thought perhaps I could add something to /etc/authorization under the system.login.console to trigger the plugin at login time, but I have no clear idea what to add there.

Clinton Blackmore 2009-07-02 14:50:48

For what it's worth, I've completely broken my login window by messing up com.apple.loginwindow.plist referred in my answer but I was able to login via SSH. And I have a bootable external drive (I use SuperDuper!) that allows me to mess up my system knowing I can always boot via Firewire and undo destructive system changes.

diciu 2009-07-03 04:40:06

ansaurus

tags:

views:

answers:

Is it possible to replace the Mac login screen?

related questions