Mailing Lists: Apple Mailing Lists
 Image of Mac OS face in stamp
Re: CSSM_DL_Authenticate
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CSSM_DL_Authenticate

Title: Re: CSSM_DL_Authenticate
Hi Perry,

Thanks for your reply and yes I was going to ask about "credential sample" later.  You beat me to it.  However, I still have some questions there:

1- What does the callback in the CSSM_ACCESS_CREDENTIALS do?

2- You said it will remember the password.  Does that mean I only need to set this up once and that is it.  Even after i restart the computer the password will be remembered?  If that is the case would delete keychain remove the credentials?

3- I am having difficulties tryiing to understand the Sample and how to set the password. I am using ListTools.cpp from the LibCDSACrypt sample:

retError = SecKeychainGetDLDBHandle ( keychain, &dLDBHandle);
if ( retError == 0 )
{
memset ( &accessCreds, 0, sizeof(CSSM_ACCESS_CREDENTIALS));
InitCssmSampleGroup ( &accessCreds.Samples, 1);
               
list = (CSSM_LIST_PTR) &accessCreds.Samples.Samples[0].TypedSample;
InitCssmList ( list, CSSM_SAMPLE_TYPE_KEYCHAIN_LOCK);
element = CreateCssmListElementWordID ( CSSM_SAMPLE_TYPE_PASSWORD);
CssmListAppendElement ( list, element);
               
cssmRet = CSSM_DL_Authenticate ( dLDBHandle, CSSM_DB_ACCESS_PRIVILEGED,
                                           &accessCreds);
cssmPerror ( "CSSM_DL_Authenticate", cssmRet);
}

How do I pass the password?

4- Which buffers do I have to keep and which I have to free when I make the call to CSSM_DL_Authenticate?

Thanks,

Haider
At 1:33 PM -0800 2/28/06, Perry The Cynic wrote:
--On February 28, 2006 1:16:16 PM -0500 Haider <email@hidden> wrote:
Hello,

I am trying to use CSSM_DL_Authenticate to associate a password with a
keychain.  I having difficulties figuring out what to use for the
CSSM_DL_DB_HANDLE which is a pair of handles for the DL and DB.

Well, if you opened the database at the CSSM layer, that would be the DL handle you got from Attach and the Db handle you got from DbOpen. If you got your keychain from the Sec* layer, call SecKeychainGetDLDBHandle on the SecKeychainRef to get the underlying DLDbHandle.
The credential sample type you're looking for (in case you were wondering :-) is CSSM_SAMPLE_TYPE_KEYCHAIN_LOCK. The credentials sample is a CSSM List with elements
 CSSM_SAMPLE_TYPE_KEYCHAIN_LOCK (number)
 CSSM_SAMPLE_TYPE_PASSWORD (number)
 the password (CssmData)

You can pass that to either DbOpen directly, or to DL_Authenticate. (It remembers the last one set by either.)

Cheers
 -- perry
---------------------------------------------------------------------------
Perry The Cynic                                             email@hidden
To a blind optimist, an optimistic realist must seem like an Accursed Cynic.
---------------------------------------------------------------------------

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Apple-cdsa mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden


Visit the Apple Store online or at retail locations.
1-800-MY-APPLE

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2011 Apple Inc. All rights reserved.