Re: [Pyobjc-dev] Wrapping SecKeychainFindInternetPassword (using Xcode3 and Pyobjc2)

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

On 12 Dec, 2007, at 21:12, Michael McCracken wrote:

> Hi, I wrote a C extension module to use
> SecKeychainFindInternetPassword, and I wanted to ask here if anyone
> else wanted it, and if there was a better way to do the wrapping.
> If there's a preferred technique that'll make it more general, I don't
> mind putting that wrapper together for public use - especially if it's
> automated :)

Thanks for the offer :-)

>
>
> I didn't use the ObjC Keychain.framework because I really only needed
> the one function, and this seemed like less work...
>
> What I did was using the XCode 3 template, I simply added a C file to
> munge the strings back and forth, and initialized it in main.m
>
> To wit:
>
> SecKeychainWrapperModule.c:
> // include Python.h, Security/Security.h, and Core{Foundation,  
> Services}.h
>
> static PyObject *
> SecKeychainWrapperModule_findPasword(PyObject *self  
> __attribute__((unused)),
>                                         PyObject *args)
> { ...do some stuff to unwrap username, pass, and protocol, call
> SecKeychainFindInternetPassword, then rewrap and return password
> data...
> }
>
> static PyMethodDef SecKeychainWrapperModuleMethods[] = {
>    {"findPassword",  SecKeychainWrapperModule_findPasword,  
> METH_VARARGS,
>    "Find a password in the Keychain for a server/username/protocol  
> tuple." },
>    {NULL, NULL, 0, NULL }        /* Sentinel */
> };
>
> PyMODINIT_FUNC
> initSecKeychainWrapperModule(void)
> {
>    PyObject* mod =  Py_InitModule3("SecKeychainWrapperModule",
>                                    SecKeychainWrapperModuleMethods,
>                                    "Wrapper for part of the
> SecKeychain C API" );
>    if(mod == NULL) return;
> }
>
> Then in main.m I added this:
>    /* Init wrapper for SecKeychain functions */
>    initSecKeychainWrapperModule();
>
> Just after Py_Initialize().
>
> And that's it. This works pretty well for me, but if there's a better
> way to wrap the whole of SecKeychain*, I'd be glad to do it for the
> public good.
>
> (Also, if there needs to be some docs on how to do that in the new
> pyobjc2 world, I don't mind helping with them)

This should be a lot easier in pyobjc2: it should be possible to wrap  
most if not all of the security framework without writing a single  
line of C code. You "just" have to generate an XML file that describes  
the API and include that in a
small wrapper package.

The official way for generating said metadata is through  
gen_bridge_metadata(1), a commandline tool on Leopard. An alternative  
way is to use 'pyobjc-wrapper-gen', which will appear when you install  
the pyobjc-metadata package from pyobjc's Subversion repository.

When you use the latter tool it will create the required python  
packages, setup.py and metadata files for you. You will have to  
examine and update the file Exceptions/Security.bridgesupport. This  
contains a description of all metadata that might require manual  
attention, see the BridgeSuppport(5) manualpage for information on the  
format of that file. Then add unittests, examples and documentation to  
taste.

I'm currently pyobjc-wrapper-gen to see how much output that generates  
and how much work it would be to create a good wrapper.

Ronald

P.S. pyobjc-wrapper-gen takes rather a long amount of time due to  
compiling and running loads and loads of small C programs.