Post

Replies

Boosts

Views

Activity

Keychain starts returning error -25330 after Mac goes to sleep for a while
Hello I'm seeing a 100% reproducible issue with macOS keychain when dealing with items protected with kSecAccessControlApplicationPassword. Creating, accessing the item works fine unless the user is running on macOS 12 (Monterey) and the system has been sleeping for at least 15 minutes (based on testing). I've seen the exact same behavior on an iMac and a Macbook (both running on the latest Monterey version). After sleeping for at least 15 minutes, trying to get an existing keychain item will fail with .errSecAuthFailed. From the Console I can see various messages like this: default 12:03:11.395081+0100 KeychainAppPasswordDemo LAContext[3506:10] created new cid:88 default 12:03:11.395231+0100 coreauthd setCredential:5621 type:0 on ContextProxy[398:287:387] rid:829 default 12:03:11.395261+0100 coreauthd Replacing ACM passphrase credential with purpose 0 on ACMContext 387 default 12:03:11.395395+0100 KeychainAppPasswordDemo setCredential:5621 type:0 on LAContext[3506:10] cid:89 returned success default 12:03:11.395522+0100 coreauthd isCredentialSet:0 on ContextProxy[398:287:387] rid:830 default 12:03:11.395549+0100 coreauthd Checking ACM credential 2 on ACMContext 387 default 12:03:11.395668+0100 KeychainAppPasswordDemo isCredentialSet:0 on LAContext[3506:10] cid:90 returned YES default 12:03:11.395843+0100 coreauthd externalizedContextWithReply on ContextProxy[398:287:387] rid:831 default 12:03:11.396022+0100 coreauthd AgentProxy for coreauthd[456] (agent for user 501) has registered hash 7d18cdb (uuid 8ec80e7) => RemoteContext registration for Context[287:387] in coreauthd[456] (agent for user 501) default 12:03:11.396223+0100 KeychainAppPasswordDemo externalizedContext on LAContext[3506:10] cid:91 returned 7d18cdb default 12:03:11.397073+0100 secd Authentication is needed for genp,rowid=32577 (-25330): Error Domain=NSOSStatusErrorDomain Code=-25330 "(null)" UserInfo={-25330=( ( {length = 57, bytes = 0x3137300a 0c05626f 756e6401 0101300b ... 04646163 6c010101 }, od ) )} default 12:03:11.397169+0100 secd Authentication is needed KeychainAppPassw[3506]/1#6 LF=0 copy_matching Error Domain=NSOSStatusErrorDomain Code=-25330 "(null)" UserInfo={-25330=( ( {length = 57, bytes = 0x3137300a 0c05626f 756e6401 0101300b ... 04646163 6c010101 }, od ) )} default 12:03:11.397239+0100 KeychainAppPasswordDemo Creating LAContext with externalized context 7d18cdb cid:92 default 12:03:11.397635+0100 coreauthd ContextProxy[399:287:387] created for Context[287:387] pid:3506 uid:501 default 12:03:11.397749+0100 KeychainAppPasswordDemo LAContext[3506:11] created with externalized context 7d18cdb cid:92 default 12:03:11.397789+0100 KeychainAppPasswordDemo evaluateAccessControl:<SecAccessControlRef: aku;prp(true);dacl(true)> operation:od options:(null) on LAContext[3506:11] (sync) cid:93 default 12:03:11.397902+0100 coreauthd evaluateACL:c683961 operation:od options:(null), uiDelegate:0 on ContextProxy[399:287:387] rid:832 default 12:03:11.398142+0100 coreauthd Determined path for PID 3506: /Users/pfandrade/Library/Developer/Xcode/DerivedData/KeychainAppPasswordDemo-hbjazmbzffpzybgdfkjdykftompn/Build/Products/Debug/KeychainAppPasswordDemo.app/Contents/MacOS/KeychainAppPasswordDemo default 12:03:11.398686+0100 coreauthd Determined localized name for bundle com.outercorner.KeychainAppPasswordDemo: `KeychainAppPasswordDemo` default 12:03:11.398709+0100 coreauthd Determined name KeychainAppPasswordDemo and bundle ID com.outercorner.KeychainAppPasswordDemo for pid 3506 default 12:03:11.398768+0100 coreauthd <ContextPluginACM: 0x7f8690104a60> evaluates operation: od default 12:03:11.398865+0100 coreauthd Checking ACM credential 2 on ACMContext 387 default 12:03:11.399015+0100 KeychainAppPasswordDemo evaluateAccessControl on LAContext[3506:11] cid:93 returned { } default 12:03:11.399871+0100 KeychainAppPasswordDemo evaluateAccessControl:<SecAccessControlRef: aku;prp(true);dacl(true)> operation:od options:(null) on LAContext[3506:11] (sync) cid:94 default 12:03:11.399705+0100 secd Authentication is needed for genp,rowid=32577 (-25330): Error Domain=NSOSStatusErrorDomain Code=-25330 "(null)" UserInfo={-25330=( ( {length = 57, bytes = 0x3137300a 0c05626f 756e6401 0101300b ... 04646163 6c010101 }, od ) )} This pattern loops until it gives up with: default 12:03:11.433438+0100 KeychainAppPasswordDemo Simulating crash, reason: Reached maximum count of authentication attempts operation: od acl:3137300A0C05626F756E64010101300B0C0470726F740C03616B75301C0C0361636C311530080C0370727001010130090C046461636C010101 , code=53c00006 And the call to SecItemCopyMatching returns with .errSecAuthFailed Simply logging the user out and back in of macOS doesn't do anything. But restarting the Mac always fixes it. I'm baffled by this and have no clue what I could try to do on my app to avoid this. Help!
3
0
1.2k
May ’23
Is there a limit on how many shares a user can belong to?
I know a CKShare can only have 100 participants. But I’m asking the other way around. Is there a limit on how many CKShares a user can be a participant on? The idea is for each user to have a shared zone with my service, that would act like an inbox. So my service would be a participant on each user's CKShare, and if the app is successful then server could be potentially participating in thousands of shares.
1
0
581
Jan ’23
Duplicate definition error when compiling .intentdefinition
Hello, On Xcode 12 I'm getting a bunch of redefinition/duplicate definition errors when compiling my .intentdefinition file. The relevant code is not even my code. It's auto-generated. I don't eve understand why it's saying it's duplicated. Looks fine to me. Code compiles fine on previous versions of Xcode. Any ideas on how to get around this? Compiler error - https://developer.apple.com/forums/content/attachment/18cffd22-d061-4738-9883-42badd1fddb5
3
0
3.1k
Jul ’20
Accessibility: how to influence what VoiceOver shows for "Window Spots" (VO-U)
User VoiceOver a user can press VO-U to show the Window Spots menu to quickly navigate to another section of the window. Whatever the default process of choosing these window spots is using, it's not doing a good job in my app. I'd like to influence what is displayed here, be it which spots appear and their names. I've found 0 documentation on this. Can anyone shed some light on this?
0
0
488
Sep ’20