How to check whether the current user is Administrator or not on Mac using Cocoa.

There could be a  scenario in which a application would need to know whether the user is Admin or not, before or after startup to allow/block user from using it’s certain functionalities. To achieve this kind of “Authorization” we need to ask user about his account password and check it against his username.

To do the above described task we can proceed as follows:

1. Make a class derived from NSObject.

 #import 
 @interface UserAccountInfoAppDelegate : NSObject

{

   NSWindow *window;

 IBOutlet NSTextField* _userName;

IBOutlet NSSecureTextField* _password;

}

 @property (assign) IBOutlet NSWindow *window;

 // This function will authenticate the user on button click

-(IBAction)check:(id)sender;

 @end

2. Add AddressBook and Security Frameworks to the project.

3. In the implementation of the class import the header files and write code for authenticating user.

#import "UserAccountInfoAppDelegate.h"

#import

#include

@implementation UserAccountInfoAppDelegate

@synthesize window;

- (void)applicationDidFinishLaunching:(NSNotification *)aNotification

{

 // Insert code here to initialize your application

         // Set current user's full name in the userName field on the Window

           [_userName setStringValue:NSFullUserName()];

         // Make the userName field un-editable so that user can not use Admin's name in case he is not but knows the password of Admin

           [_userName setEditable:NO];

}

 

 

// This function will return YES only if the user is Admin and the Username and Password are correct.

//Correspondingly, the function will return NO if either

//1. user is not Admin or

//2. Password is not matching Username and vice-versa

 -(BOOL)authenticatePassword:(char *)password adminName:(char *)userName

{

 BOOL retValue = NO;

 AuthorizationRef authorization;

 OSStatus status,status1;

 AuthorizationFlags flag;

 AuthorizationItem items[2];

 items[0].name = kAuthorizationEnvironmentPassword;

 items[0].value = password;

items[0].valueLength = strlen(password);

items[0].flags = 0;

items[1].name = kAuthorizationEnvironmentUsername;

items[1].value = userName;

items[1].valueLength = strlen(userName);

items[1].flags = 0;

 

AuthorizationItemSet itemSet = {2,items};

status = AuthorizationCreate(NULL, &itemSet, kAuthorizationFlagDefaults, &authorization);

 if(status == errAuthorizationSuccess)

{

AuthorizationRights rights = {2,&items};

AuthorizationEnvironment kEnviroment = {2, items};

flag = kAuthorizationFlagDefaults| kAuthorizationFlagExtendRights;

status1 = AuthorizationCopyRights(authorization, &rights, &kEnviroment, flag, NULL);

 if(status1 == errAuthorizationSuccess)

retValue = YES;

}

 return retValue;

}

 -(IBAction)check:(id)sender

{

BOOL isAdmin = [self authenticatePassword:[[_password stringValue] cStringUsingEncoding:NSUTF8StringEncoding] adminName:[[_userName stringValue] cStringUsingEncoding:NSUTF8StringEncoding]];

 

if(isAdmin)

{

NSAlert* alert = [NSAlert alertWithMessageText:@"Current user is Admin" defaultButton:nil alternateButton:nil otherButton:nil informativeTextWithFormat:@""];

[alert runModal];

}

else

{

NSAlert* alert = [NSAlert alertWithMessageText:@"Current user is not Admin or credentials are not correct" defaultButton:nil alternateButton:nil otherButton:nil informativeTextWithFormat:@""];

[alert runModal];

}

 

}

@end