What SIGXXX signal is best for killing keychain-related daemons?


#1

For example, I want to
(a) SIGSTOP all keychain-related daemons
(b) modify /private/var/Keychains/keychain-2.db directly by using sqlite3 calls
© then kill all processes from (a) by sending either SIGTERM, SIGKILL, SIGINT etc etc.

What signal is best for killing daemons so they won’t flush their state back to keychain?


#2

What’re you trying to do?


#3

I’m trying to improve iOSProxyManager : https://github.com/x4snowman/iOSProxyManager
What I want is to write proxy credentials to the keychain.


#4

… to be able to change proxies with login/password authentication programmatically


#5
NSString *host = @"1.2.3.4";
uint16_t port = 8888;
NSString *login = @"login";
NSString *password = @"password";

NSMutableDictionary *qry = [NSMutableDictionary new];
[qry setObject:(id)kSecAttrProtocolHTTPProxy forKey:(id)kSecAttrProtocol];
[qry setObject:(id)kSecClassInternetPassword forKey:(id)kSecClass];
[qry setObject:host forKey:(id)kSecAttrServer];
[qry setObject:@(port) forKey:(id)kSecAttrPort];
[qry setObject:@(0) forKey:(id)kSecAttrSynchronizable];
[qry setObject:@"ak" forKey:@"pdmn"];
[qry setObject:@"" forKey:@"sdmn"];
[qry setObject:@"dflt" forKey:@"atyp"];
[qry setObject:@"apple" forKey:@"agrp"];
[qry setObject:[NSString stringWithFormat:@"%@ (%@)", host, login] forKey:(id)kSecAttrLabel];
[qry setObject:login forKey:(id)kSecAttrAccount];
[qry setObject:[password dataUsingEncoding:NSUTF8StringEncoding] forKey:(id)kSecValueData];

OSStatus status = SecItemAdd((__bridge CFDictionaryRef)qry, NULL);
if (status != noErr) {
    NSLog(@"setHost:port:login:password: status/1: %@", @(status));
}

[qry setObject:(id)kSecAttrProtocolHTTPSProxy forKey:(id)kSecAttrProtocol];

status = SecItemAdd((__bridge CFDictionaryRef)qry, NULL);
if (status != noErr) {
    NSLog(@"setHost:port:login:password: status/2: %@", @(status));
}

#6

Sometimes it works, sometimes fails. I think that caching is the root of all evil, and I must find all processes posessing keychain, SIGSTOP them, then write to the keychain, then restart them.

Or maybe you know more straight way?


#7

PS. Step (b) from initial message changed: I don’t want to use direct sqlite as far as I can use SecItemXxx calls