> On Sep 6, 2016, at 5:36 AM, Motti Shneor <motti.shn...@me.com> wrote: > > All my app does, is use KeyChain APIs to read proxy user/password. I believe > securityd agent/daemon is the one to prompt user for permission. It runs > under user ‘root’ - much like my own daemon.
Yes, but root isn’t a normal user account, so various system services (such as LaunchServices, IIRC) don’t work correctly from processes running as root. > * How does it gain access to my Login keychain? At login time, the Keychain APIs running in your account unlock the keychain by sending the daemon the keychain password. The login.keychain has the same password as your user account, so the login procedure just sends that same password to security. > How does it determine which keychain to consult for a specific connection? > does it somehow impersonate my user (and call the key-chain APIs)? The Keychain APIs running in a process tell it which keychains to open. > Can’t believe this is true, because when proxy settings change - who will > synchronize? It’s not something that’s ‘true’, it’s just a possible mechanism I suggested that you might try to use. And yes, it would need to be updated when proxy settings change. Anyway, this is not the best mailing list to discuss this. I would suggest either macnetworkprog or apple-cdsa (the misleadingly-named security list.) —Jens _______________________________________________ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
