• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
RE: Read/write proxy authentication info into keychain
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Read/write proxy authentication info into keychain

  • Subject: RE: Read/write proxy authentication info into keychain
  • From: "Patrick Lee" <email@hidden>
  • Date: Thu, 9 Mar 2006 17:13:16 -0700
  • Thread-topic: Read/write proxy authentication info into keychain
Title: RE: Read/write proxy authentication info into keychain

Thanks so much.

Our application is required to run from OS X 10.2 and up. I realize that CFHTTPAuthentication is only available from 10.4 and I need to use a different set of api for 10.2 and 10.3. It seems to me that 10.2 and 10.3 only support Basic proxy authentication but not NTLM (Safari doesn't work with NTLM). Am I correct?

Patrick

-----Original Message-----
From: macnetworkprog-bounces+patrickl=email@hidden
[mailto:macnetworkprog-bounces+patrickl=email@hidden]On
Behalf Of Jim Luther
Sent: Thursday, March 09, 2006 3:25 PM
To: Mac networking problem
Subject: Re: Read/write proxy authentication info into keychain


Patrick,

Good question.

Since the keychain doesn't have an attribute for the domain, we use 
the same method for combining the domain with the username that 
Windows uses -- combine the domain and username into a single string 
in the format: domain "\" username

Here's a function that combines the domain with the username (if there 
is a domain) and returns it in a new string (which you'll need to free).

char * CombineDomainUsername(const char * domain, const char * username)
{
     char * result;

     if ( (domain == NULL) || (strlen(domain) == 0) ) {
        result = malloc(strlen(username) + 1);
        if ( result != NULL ) {
            strcpy(result, username);
        }
     }
     else {
        result = malloc(strlen(domain) + strlen(username) + 2);
        if ( result != NULL ) {
            strcpy(result, domain);
            strcat(result, "\\");
            strcat(result, username);
        }
     }
     return ( result );
}

Now you're probably wondering... "When I get the username from the 
keychain, do I need to break the combined domain\username back apart 
before passing it to CFHTTPAuthentication?"

No, you don't need to split it back up if you use 
CFHTTPMessageApplyCredentials(). CFHTTPMessageApplyCredentials() sees 
a domain is needed to authenticate, it will look at the username and 
if it contains a '\', it will be split into the domain and username 
pieces.

However, if you use CFHTTPMessageApplyCredentialDictionary(), you'll 
need to split the username up yourself and if there's a domain, add it 
to the credentials dictionary with the 
kCFHTTPAuthenticationAccountDomain key. You'd do that with code 
something like this:

     CFArrayRef list;

     list = CFStringCreateArrayBySeparatingStrings(CFGetAllocator
(username), username, CFSTR("\\"));
     if ( (list == NULL ) || (CFArrayGetCount(list) != 2) ) {
        CFDictionaryAddValue(dict, kCFHTTPAuthenticationUsername, username);
     }
     else {
        CFDictionaryAddValue(dict, kCFHTTPAuthenticationAccountDomain, 
CFArrayGetValueAtIndex(list, 0));
        CFDictionaryAddValue(dict, kCFHTTPAuthenticationUsername, 
CFArrayGetValueAtIndex(list, 1));
     }
     if (list) {
        CFRelease(list);
     }

- Jim

On Mar 9, 2006, at 12:18 PM, Patrick Lee wrote:

> Hi,
>
> I'm writing a HTTP tunneling application and I need to read and 
> write proxy authentication info into keychain. I knew how to read 
> account and password credentials from keychain with these code:
>
>                 SecKeychainAttribute attr;
>                 SecKeychainAttributeList attrList;
>                 UInt32 length;
>                 void *outData;
>
>                 // Account name attribute
>                 attr.tag = kSecAccountItemAttr;
>                 attr.length = 0;
>                 attr.data = "">
>
>                 attrList.count = 1;
>                 attrList.attr = &attr;
>
>                 error = SecKeychainItemCopyContent(itemRef, NULL, 
> &attrList, &length, &outData);
>
> When it comes to NTLM authentication, I also need to read the domain 
> value. I'd tried kSecSecurityDomainItemAttr but it doesn't seem to 
> work. Any idea?
>
> Patrick

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden 

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
  • Follow-Ups:
    • Re: Read/write proxy authentication info into keychain
      • From: Jim Luther <email@hidden>
  • Prev by Date: Re: Read/write proxy authentication info into keychain
  • Next by Date: Re: Read/write proxy authentication info into keychain
  • Previous by thread: Re: Read/write proxy authentication info into keychain
  • Next by thread: Re: Read/write proxy authentication info into keychain
  • Index(es):
    • Date
    • Thread