Re: How to silently use Proxy authentication credentials from Keychain, like Safari, Mail, etc.

2016-09-07 Thread Jens Alfke
> On Sep 6, 2016, at 5:36 AM, Motti Shneor > wrote: > > All my app does, is use KeyChain APIs to read proxy user/password. I believe > securityd agent/daemon is the one to prompt user for permission. It runs > under user ‘root’ - much like my

Re: How to silently use Proxy authentication credentials from Keychain, like Safari, Mail, etc.

2016-09-07 Thread Jens Alfke
> On Sep 6, 2016, at 5:36 AM, Motti Shneor wrote: > > All my app does, is use KeyChain APIs to read proxy user/password. I believe > securityd agent/daemon is the one to prompt user for permission. It runs > under user ‘root’ - much like my own daemon. Yes, but root

Re: How to silently use Proxy authentication credentials from Keychain, like Safari, Mail, etc.

2016-09-06 Thread Frank D. Engel, Jr.
The limitation of this approach is that if the proxy settings change, the daemon will be out of sync and you would need to rerun the installer (or some sort of "Fix Proxy Settings Utility") to bring it up to date. On 9/5/2016 15:10, Jens Alfke wrote: One other possibility is: * Installer

Re: How to silently use Proxy authentication credentials from Keychain, like Safari, Mail, etc.

2016-09-06 Thread Ken Thomases
On Sep 6, 2016, at 7:36 AM, Motti Shneor wrote: > > I doubt all Apple preinstalled applications have free access to any keychain > content (passwords), or else any Apple application would serve as a potential > vulnerability and the whole point of encrypted key-chains

Re: How to silently use Proxy authentication credentials from Keychain, like Safari, Mail, etc.

2016-09-06 Thread Motti Shneor
Hello Jens, and thanks. I doubt all Apple preinstalled applications have free access to any keychain content (passwords), or else any Apple application would serve as a potential vulnerability and the whole point of encrypted key-chains wouldn’t worth much. I think there is some kind of

Re: How to silently use Proxy authentication credentials from Keychain, like Safari, Mail, etc.

2016-09-05 Thread Jens Alfke
> On Sep 5, 2016, at 6:51 AM, Motti Shneor wrote: > > 1. Why don’t Safari, Mail, Photos, and other standard apps trigger such > dialog when they clearly use proxy settings (including credentials) to go to > the internet? Is this behavior acceptable, and how is it done?

How to silently use Proxy authentication credentials from Keychain, like Safari, Mail, etc.

2016-09-05 Thread Motti Shneor
Hello everyone. We use C++ boost asyncio for cross-platform networking. Hence, on Mac OS-X, we can’t use higher-level APIs (such as NSURLSession). We use our own proprietary binary protocol, but we need to pass it sometimes through HTTP Proxy on client sites. We use the “HTTP Connect” command