Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
1.0k views
in Technique[技术] by (71.8m points)

iphone - Unable to identify iOS OSStatus Code

I have a really strange behavior in an iOS App. I switched from iOS 6 to iOS 7. In iOS 6 everything worked perfectly.

- (NSMutableDictionary *)newSearchDictionary:(NSString *)identifier {
    NSMutableDictionary *searchDictionary = [[NSMutableDictionary alloc] init];

    [searchDictionary setObject:(__bridge id)kSecClassGenericPassword forKey:(__bridge id)kSecClass];

    NSData *encodedIdentifier = [identifier dataUsingEncoding:NSUTF8StringEncoding];
    [searchDictionary setObject:encodedIdentifier forKey:(__bridge id)kSecAttrGeneric];
    [searchDictionary setObject:encodedIdentifier forKey:(__bridge id)kSecAttrAccount];
    [searchDictionary setObject:serviceName forKey:(__bridge id)kSecAttrService];

    return searchDictionary;
}

- (NSData *)searchKeychainCopyMatching:(NSString *)identifier {
    NSMutableDictionary *searchDictionary = [self newSearchDictionary:identifier];

    [searchDictionary setObject:(__bridge id)kSecMatchLimitOne forKey:(__bridge id)kSecMatchLimit];
    [searchDictionary setObject:(id)kCFBooleanTrue forKey:(__bridge id)kSecReturnData];

    CFDataRef dataRef;
    OSStatus status = SecItemCopyMatching((__bridge CFDictionaryRef)searchDictionary,
                                      (CFTypeRef *)&dataRef);

    if (status != errSecSuccess) {
#ifdef DEBUG
        NSLog(@"%s - No OSStatus errSecSuccess. Caused by SecItemCopyMatching", __PRETTY_FUNCTION__);
#endif
        return nil;
    }
    NSData *result = (__bridge_transfer NSData *)dataRef;
    return result;
}

When the App starts the - (NSData *)searchKeychainCopyMatching:(NSString *)identifier function loads the values from the keychain. Everything works fine for a while. But after about 15 successful value requests I get an error.

OSStatus Code -34018

The SecItemCopyMatching function returns that error code. The documentation says

@result A result code. See "Security Error Codes" (SecBase.h).

But looking in the SecBase.h there are only these OSStatus codes specified.

enum
{
    errSecSuccess                               = 0,       /* No error. */
    errSecUnimplemented                         = -4,      /* Function or operation not implemented. */
    errSecIO                                    = -36,     /*I/O error (bummers)*/
    errSecOpWr                                  = -49,     /*file already open with with write permission*/
    errSecParam                                 = -50,     /* One or more parameters passed to a function where not valid. */
    errSecAllocate                              = -108,    /* Failed to allocate memory. */
    errSecUserCanceled                          = -128,    /* User canceled the operation. */
    errSecBadReq                                = -909,    /* Bad parameter or invalid state for operation. */
    errSecInternalComponent                     = -2070,
    errSecNotAvailable                          = -25291,  /* No keychain is available. You may need to restart your computer. */
    errSecDuplicateItem                         = -25299,  /* The specified item already exists in the keychain. */
    errSecItemNotFound                          = -25300,  /* The specified item could not be found in the keychain. */
    errSecInteractionNotAllowed                 = -25308,  /* User interaction is not allowed. */
    errSecDecode                                = -26275,  /* Unable to decode the provided data. */
    errSecAuthFailed                            = -25293,  /* The user name or passphrase you entered is not correct. */
};

The values doesn't get overridden, already checked.

And last but not least the search dictionary:

enter image description here

Edit - new info

I was debugging the whole day and I found some news. I'm downloading a Zip-File containing an executable Bundle. This is a In-House App so no worries about point 2.7 and 2.8 in the review guidelines. After successfully loading the bundle the entitlements error appears.

NSBundle *bundle = nil;
NSError *error = nil;
bundle = [[NSBundle alloc] initWithPath:bundlePath];
if (!bundle) {
    return nil;
}

// Here i can access the keychain as usually
[bundle loadAndReturnError:&error];
// Well here it suddenly doesn't work anymore
// error is also nil

Well the bundle code inside does not use the keychain. May be this is some kind of security logic? Any clues?

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

This error indicates a problem with your app's entitlements. Found this: The cause is often that the App Identifier Prefix in the app's entitlements doesn't match the App Identifier Prefix in the provisioning profile.

To verify, use the codesign tool to view your app's entitlements:

codesign -d --entitlements - MyApp.app/

Then, compare the App Identifier Prefix to that in the provisioning profile:

cat MyApp.app/embedded.mobileprovision

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

2.1m questions

2.1m answers

60 comments

57.0k users

...