What SIGXXX signal is best for killing keychain-related daemons?

SerjEpatoff · 2017 年11 月 3 日 13:03

For example, I want to
(a) SIGSTOP all keychain-related daemons
(b) modify /private/var/Keychains/keychain-2.db directly by using sqlite3 calls
(c) then kill all processes from (a) by sending either SIGTERM, SIGKILL, SIGINT etc etc.

What signal is best for killing daemons so they won’t flush their state back to keychain?

snakeninny · 2017 年11 月 3 日 13:46

What’re you trying to do?

SerjEpatoff · 2017 年11 月 3 日 14:36

I’m trying to improve iOSProxyManager : https://github.com/x4snowman/iOSProxyManager
What I want is to write proxy credentials to the keychain.

SerjEpatoff · 2017 年11 月 3 日 14:37

… to be able to change proxies with login/password authentication programmatically

SerjEpatoff · 2017 年11 月 3 日 14:45

NSString *host = @"1.2.3.4";
uint16_t port = 8888;
NSString *login = @"login";
NSString *password = @"password";

NSMutableDictionary *qry = [NSMutableDictionary new];
[qry setObject:(id)kSecAttrProtocolHTTPProxy forKey:(id)kSecAttrProtocol];
[qry setObject:(id)kSecClassInternetPassword forKey:(id)kSecClass];
[qry setObject:host forKey:(id)kSecAttrServer];
[qry setObject:@(port) forKey:(id)kSecAttrPort];
[qry setObject:@(0) forKey:(id)kSecAttrSynchronizable];
[qry setObject:@"ak" forKey:@"pdmn"];
[qry setObject:@"" forKey:@"sdmn"];
[qry setObject:@"dflt" forKey:@"atyp"];
[qry setObject:@"apple" forKey:@"agrp"];
[qry setObject:[NSString stringWithFormat:@"%@ (%@)", host, login] forKey:(id)kSecAttrLabel];
[qry setObject:login forKey:(id)kSecAttrAccount];
[qry setObject:[password dataUsingEncoding:NSUTF8StringEncoding] forKey:(id)kSecValueData];

OSStatus status = SecItemAdd((__bridge CFDictionaryRef)qry, NULL);
if (status != noErr) {
    NSLog(@"setHost:port:login:password: status/1: %@", @(status));
}

[qry setObject:(id)kSecAttrProtocolHTTPSProxy forKey:(id)kSecAttrProtocol];

status = SecItemAdd((__bridge CFDictionaryRef)qry, NULL);
if (status != noErr) {
    NSLog(@"setHost:port:login:password: status/2: %@", @(status));
}

SerjEpatoff · 2017 年11 月 3 日 14:47

Sometimes it works, sometimes fails. I think that caching is the root of all evil, and I must find all processes posessing keychain, SIGSTOP them, then write to the keychain, then restart them.

Or maybe you know more straight way?

SerjEpatoff · 2017 年11 月 3 日 14:49

PS. Step (b) from initial message changed: I don’t want to use direct sqlite as far as I can use SecItemXxx calls