ferrous26 / keychain Goto Github PK

I dual boot between Linux and OSX. And I'm fiddling on the idea of a password sync between some keychain like offering on Linux and OSX's keychain.

I found that this worked well:

security list-keychains | grep -v System | cut -f 2 -d\" | sed s+\^.\*/++ |  xargs -n 1 security unlock-keychain -p MYKEYCHAINPASS
security list-keychains | cut -f 2 -d\" | sed s+\^.\*/++ | xargs -n 1 security dump-keychain -d

I didn't like having to click on Allow for every password entry, but I got a pattern and accepted it. However I didn't like the output. And quite frankly was afraid I might lose something in the text based output. It was a one way output, and I wanted something programatic and eventually two way.

So I went and found someone who had written about using RubyCocoa to get access to the Keychain:

http://bjeanes.com/2008/04/10/rubycocoa-and-keychain-access

Bjeans stuff was interesting, but it just showed creating and searching for specific items. I wanted to list all the passwords. So I found your keychain

https://github.com/ferrous26/keychain/tree/symbols-not-constants

Specificially the Keychain.items method:

http://rubydoc.info/github/ferrous26/keychain/b5fb696898eb3a518831/Keychain#items-class_method

I wrote this simple snippit

framework 'Security'
require 'mr_keychain'
Keychain.items({}).map {|x| {
                       :account=>x[KSecAttrAccount],
                       :server=>x[KSecAttrServer],
                       :port=>x[KSecAttrPort],
                       :path=>x[KSecAttrPath] ,
                       :password => x[KSecAttrPassword]}}.to_yaml

This prompts for each password, probably what Apple wants and it does the job of accessing the keychain programatically.

Cool, I feel I'm getting closer. However it seems to default to going beyond my user keychains and trying to query the system keychain. My command line above I grep out the System keychain. So I went and looked at the source for the security tool in OSX:

http://www.opensource.apple.com/source/SecurityTool/SecurityTool-36576/security.c

Then went to look at the keychain_list command:

http://www.opensource.apple.com/source/SecurityTool/SecurityTool-36576/keychain_list.c

They do some SecKeychainCopyDomainSearchList calls with a CFArrayRef called searchList, but when I try to replicate them I get an error:

>> SecKeychainCopyDomainSearchList(KSecPreferencesDomainUser,[])
ArgumentError: can't convert an empty array to a `^{__CFArray}' pointer
    
>> SecKeychainCopyDomainSearchList(KSecPreferencesDomainUser,Pointer.new(:id))
TypeError: expected instance of Pointer of type `^{__CFArray}', got `@'

Obviously I've got a few things to learn about calling functions that want pointers to Core Foundation native types in MacRuby.

I'd also love for this to just work to limit to the user's keychains.

>> SecKeychainSetPreferenceDomain(KSecPreferencesDomainUser)
=> 0

However subsequent calls to Keychain.items search still seems to go through the System keychain in addition to my own.

Anyone have any thoughts/pointers? Would it be possible to use Universal Access for assistive devices to drive clicking on the accept buttons?