For example, I want to
(a) SIGSTOP all keychain-related daemons
(b) modify /private/var/Keychains/keychain-2.db directly by using sqlite3 calls
(c) then kill all processes from (a) by sending either SIGTERM, SIGKILL, SIGINT etc etc.
What signal is best for killing daemons so they won’t flush their state back to keychain?
What’re you trying to do?
I’m trying to improve iOSProxyManager : https://github.com/x4snowman/iOSProxyManager
What I want is to write proxy credentials to the keychain.
… to be able to change proxies with login/password authentication programmatically
NSString *host = @"1.2.3.4";
uint16_t port = 8888;
NSString *login = @"login";
NSString *password = @"password";
NSMutableDictionary *qry = [NSMutableDictionary new];
[qry setObject:(id)kSecAttrProtocolHTTPProxy forKey:(id)kSecAttrProtocol];
[qry setObject:(id)kSecClassInternetPassword forKey:(id)kSecClass];
[qry setObject:host forKey:(id)kSecAttrServer];
[qry setObject:@(port) forKey:(id)kSecAttrPort];
[qry setObject:@(0) forKey:(id)kSecAttrSynchronizable];
[qry setObject:@"ak" forKey:@"pdmn"];
[qry setObject:@"" forKey:@"sdmn"];
[qry setObject:@"dflt" forKey:@"atyp"];
[qry setObject:@"apple" forKey:@"agrp"];
[qry setObject:[NSString stringWithFormat:@"%@ (%@)", host, login] forKey:(id)kSecAttrLabel];
[qry setObject:login forKey:(id)kSecAttrAccount];
[qry setObject:[password dataUsingEncoding:NSUTF8StringEncoding] forKey:(id)kSecValueData];
OSStatus status = SecItemAdd((__bridge CFDictionaryRef)qry, NULL);
if (status != noErr) {
NSLog(@"setHost:port:login:password: status/1: %@", @(status));
}
[qry setObject:(id)kSecAttrProtocolHTTPSProxy forKey:(id)kSecAttrProtocol];
status = SecItemAdd((__bridge CFDictionaryRef)qry, NULL);
if (status != noErr) {
NSLog(@"setHost:port:login:password: status/2: %@", @(status));
}
Sometimes it works, sometimes fails. I think that caching is the root of all evil, and I must find all processes posessing keychain, SIGSTOP them, then write to the keychain, then restart them.
Or maybe you know more straight way?
PS. Step (b) from initial message changed: I don’t want to use direct sqlite as far as I can use SecItemXxx calls