Mailing Lists: Apple Mailing Lists
Image of Mac OS face in stamp
 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Read/write proxy authentication info into keychain

Title: RE: Read/write proxy authentication info into keychain

Thanks so much.

Our application is required to run from OS X 10.2 and up. I realize that CFHTTPAuthentication is only available from 10.4 and I need to use a different set of api for 10.2 and 10.3. It seems to me that 10.2 and 10.3 only support Basic proxy authentication but not NTLM (Safari doesn't work with NTLM). Am I correct?

Patrick

-----Original Message-----
From: macnetworkprog-bounces+patrickl=email@hidden
[mailto:macnetworkprog-bounces+patrickl=email@hidden]On
Behalf Of Jim Luther
Sent: Thursday, March 09, 2006 3:25 PM
To: Mac networking problem
Subject: Re: Read/write proxy authentication info into keychain


Patrick,

Good question.

Since the keychain doesn't have an attribute for the domain, we use 
the same method for combining the domain with the username that 
Windows uses -- combine the domain and username into a single string 
in the format: domain "\" username

Here's a function that combines the domain with the username (if there 
is a domain) and returns it in a new string (which you'll need to free).

char * CombineDomainUsername(const char * domain, const char * username)
{
     char * result;

     if ( (domain == NULL) || (strlen(domain) == 0) ) {
        result = malloc(strlen(username) + 1);
        if ( result != NULL ) {
            strcpy(result, username);
        }
     }
     else {
        result = malloc(strlen(domain) + strlen(username) + 2);
        if ( result != NULL ) {
            strcpy(result, domain);
            strcat(result, "\\");
            strcat(result, username);
        }
     }
     return ( result );
}

Now you're probably wondering... "When I get the username from the 
keychain, do I need to break the combined domain\username back apart 
before passing it to CFHTTPAuthentication?"

No, you don't need to split it back up if you use 
CFHTTPMessageApplyCredentials(). CFHTTPMessageApplyCredentials() sees 
a domain is needed to authenticate, it will look at the username and 
if it contains a '\', it will be split into the domain and username 
pieces.

However, if you use CFHTTPMessageApplyCredentialDictionary(), you'll 
need to split the username up yourself and if there's a domain, add it 
to the credentials dictionary with the 
kCFHTTPAuthenticationAccountDomain key. You'd do that with code 
something like this:

     CFArrayRef list;

     list = CFStringCreateArrayBySeparatingStrings(CFGetAllocator
(username), username, CFSTR("\\"));
     if ( (list == NULL ) || (CFArrayGetCount(list) != 2) ) {
        CFDictionaryAddValue(dict, kCFHTTPAuthenticationUsername, username);
     }
     else {
        CFDictionaryAddValue(dict, kCFHTTPAuthenticationAccountDomain, 
CFArrayGetValueAtIndex(list, 0));
        CFDictionaryAddValue(dict, kCFHTTPAuthenticationUsername, 
CFArrayGetValueAtIndex(list, 1));
     }
     if (list) {
        CFRelease(list);
     }

- Jim

On Mar 9, 2006, at 12:18 PM, Patrick Lee wrote:

> Hi,
>
> I'm writing a HTTP tunneling application and I need to read and 
> write proxy authentication info into keychain. I knew how to read 
> account and password credentials from keychain with these code:
>
>                 SecKeychainAttribute attr;
>                 SecKeychainAttributeList attrList;
>                 UInt32 length;
>                 void *outData;
>
>                 // Account name attribute
>                 attr.tag = kSecAccountItemAttr;
>                 attr.length = 0;
>                 attr.data = "">
>
>                 attrList.count = 1;
>                 attrList.attr = &attr;
>
>                 error = SecKeychainItemCopyContent(itemRef, NULL, 
> &attrList, &length, &outData);
>
> When it comes to NTLM authentication, I also need to read the domain 
> value. I'd tried kSecSecurityDomainItemAttr but it doesn't seem to 
> work. Any idea?
>
> Patrick

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macnetworkprog/email@hidden

This email sent to email@hidden 

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macnetworkprog/email@hidden

This email sent to email@hidden


Visit the Apple Store online or at retail locations.
1-800-MY-APPLE

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2007 Apple Inc. All rights reserved.