int main( int argc, char **argv ) {
if ( argc < 4 ) {
g_print("Usage: %s url user password\n",argv[0]);
return 1;
}
if ( gnome_keyring_is_available() ) {
guint32 item_id; gchar *cleaned = cleanurl(argv[1]);
gnome_keyring_set_network_password_sync(NULL,
argv[2],
"midori",
cleaned,
NULL,
NULL,
NULL,
0,
argv[3],
&item_id);
g_free(cleaned);
g_print("Created Gnome Keyring entry # %d\n",item_id);
} else {
g_print("Gnome Keyring not available!\n");
return 1;
}
return 0;
}
int keyring_store(struct credential *c)
{
guint32 item_id;
char *object = NULL;
/*
* Sanity check that what we are storing is actually sensible.
* In particular, we can't make a URL without a protocol field.
* Without either a host or pathname (depending on the scheme),
* we have no primary key. And without a username and password,
* we are not actually storing a credential.
*/
if (!c->protocol || !(c->host || c->path) ||
!c->username || !c->password)
return EXIT_FAILURE;
object = keyring_object(c);
gnome_keyring_set_network_password_sync(
GNOME_KEYRING_DEFAULT,
c->username,
NULL /* domain */,
c->host,
object,
c->protocol,
NULL /* authtype */,
c->port,
c->password,
&item_id);
free(object);
return EXIT_SUCCESS;
}
static PyObject*
gnome_keyring_password_set(PyObject *self, PyObject *args)
{
const char *realmstring;
const char *username;
const char *password;
if (!PyArg_ParseTuple(args, "sss", &realmstring, &username, &password)){
PyErr_Clear();
PyErr_SetString(PyExc_TypeError,
"password_set() must be called as (servicename,username,password)");
return NULL;
}
if ((! dbus_bus_get(DBUS_BUS_SESSION,NULL)) ||
(!gnome_keyring_is_available())){
PyErr_Clear();
PyErr_SetString(PyExc_OSError,
"Can's access the keyring now");
return NULL;
}
GnomeKeyringResult result;
guint32 item_id;
result = gnome_keyring_set_network_password_sync(NULL, username, realmstring,
NULL, NULL, NULL, NULL, 0, password, &item_id);
Py_RETURN_NONE;
}
void gnc_keyring_set_password (const gchar *access_method,
const gchar *server,
guint32 port,
const gchar *service,
const gchar *user,
const gchar* password)
{
#ifdef HAVE_GNOME_KEYRING
GnomeKeyringResult gkr_result;
guint32 item_id = 0;
gkr_result = gnome_keyring_set_network_password_sync
(NULL, user, NULL, server, service,
access_method, NULL, port, password, &item_id);
if (gkr_result != GNOME_KEYRING_RESULT_OK)
{
PWARN ("Gnome-keyring error: %s",
gnome_keyring_result_to_message(gkr_result));
PWARN ("The user will be prompted for a password again next time.");
}
#endif /* HAVE_GNOME_KEYRING */
#ifdef HAVE_OSX_KEYCHAIN
OSStatus status;
SecKeychainItemRef *itemRef = NULL;
/* mysql and postgres aren't valid protocols on Mac OS X.
* So we use the security domain parameter to allow us to
* distinguish between these two.
*/
// FIXME I'm not sure this works if a password was already in the keychain
// I may have to do a lookup first and if it exists, run some update
// update function instead
status = SecKeychainAddInternetPassword ( NULL, /* keychain */
strlen(server), server, /* servername */
strlen(access_method), access_method, /* securitydomain */
strlen(user), user, /* acountname */
strlen(service), service, /* path */
port, /* port */
kSecProtocolTypeAny, /* protocol */
kSecAuthenticationTypeDefault, /* auth type */
strlen(password), password, /* passworddata */
itemRef );
if ( status != noErr )
{
CFStringRef osx_resultstring = SecCopyErrorMessageString( status, NULL );
const gchar *resultstring = CFStringGetCStringPtr(osx_resultstring,
GetApplicationTextEncoding());
PWARN ( "OS X keychain error: %s", resultstring );
PWARN ( "The user will be prompted for a password again next time." );
CFRelease ( osx_resultstring );
}
#endif /* HAVE_OSX_KEYCHAIN */
}
void SG_password__set(
SG_context* pCtx,
const char *szRepoSpec,
SG_string *pUserName,
SG_string *pPassword)
{
const char *username;
const char *password;
SG_string *path = NULL;
SG_string *server = NULL;
SG_string *proto = NULL;
SG_uint32 port;
SG_bool isValid = SG_FALSE;
GnomeKeyringResult saveRes = 0;
guint32 itemid = 0;
if (! SG_password__supported())
goto fail;
SG_NULLARGCHECK(pUserName);
SG_NULLARGCHECK(pPassword);
SG_NULLARGCHECK(szRepoSpec);
username = SG_string__sz(pUserName);
password = SG_string__sz(pPassword);
SG_ERR_CHECK( _sg_password__parse_url(pCtx, szRepoSpec,
&isValid, &proto, &server, &path, &port) );
if (! isValid)
SG_ERR_THROW(SG_ERR_NOTIMPLEMENTED);
saveRes = gnome_keyring_set_network_password_sync(
NULL,
username, NULL,
SG_string__sz(server), SG_string__sz(path),
SG_string__sz(proto), NULL, (guint32)port,
password,
&itemid);
if ((saveRes != GNOME_KEYRING_RESULT_OK) && (saveRes != GNOME_KEYRING_RESULT_NO_MATCH) && (saveRes != GNOME_KEYRING_RESULT_CANCELLED))
_SG_THROW_LINUX_SEC_ERROR(saveRes);
fail:
SG_STRING_NULLFREE(pCtx, path);
SG_STRING_NULLFREE(pCtx, server);
SG_STRING_NULLFREE(pCtx, proto);
}
int main(int argc, char **argv) {
GnomeKeyringResult result;
GList *results;
char *host;
int i, tried, verbose = 0, remove = 0, list = 0;
int set_domain = 0, set_host = 0, set_server = 0;
int set_protocol = 0, set_port = 0, set_passfd = 0;
int dry = 0;
char *user = default_user();
char *domain = NULL;
char *server = NULL;
char *object = NULL;
char *protocol = NULL;
char *authtype = NULL;
guint32 port = 0;
int passfd = 0;
char *use_keyring = GNOME_KEYRING_DEFAULT;
for (i = 1; i < argc; i++) {
if (ARG(u) || LARG(user)) {
S_OPT(user);
} else if (ARG(h) || LARG(host)) {
S_OPT_Q(host);
} else if (ARG(s) || LARG(server)) {
S_OPT_Q(server);
} else if (ARG(d) || LARG(domain)) {
S_OPT_Q(domain);
} else if (ARG(P) || LARG(protocol)) {
S_OPT_Q(protocol);
} else if (ARG(p) || LARG(port)) {
I_OPT_Q(port);
} else if (LARG(passfd)) {
I_OPT_Q(passfd);
} else if (ARG(v) || LARG(verbose)) {
verbose = 1;
} else if (ARG(R) || LARG(remove)) {
MODE(remove);
} else if (ARG(l) || LARG(list)) {
MODE(list);
} else if (ARG(n) || LARG(dry)) {
dry = 1;
verbose++;
} else if (ARG(k) || LARG(keyring)) {
S_OPT(use_keyring);
} else if (LARG(help)) {
usage();
return 0;
} else {
fprintf(stderr, "Unknown argument: %s\n", argv[i]);
return 1;
}
}
if (set_host && !(set_domain && set_server)) {
char *dot = index(host, '.');
if (dot) {
dot[0] = '\0';
dot++;
if (!set_domain) domain = dot;
if (!set_server) server = host;
} else {
server = host;
domain = "";
}
} else if (set_domain && set_server) {
host = NULL;
} else if (!list) {
fprintf(stderr, "Must set --host or (--server and --domain)\n");
return 1;
}
if ((set_port + set_protocol) == 1) {
if (set_protocol) {
set_port_by_protocol(&port, protocol);
} else if (set_port) {
set_protocol_by_port(&protocol, port);
}
} else if (!(set_port || set_protocol || list)) {
fprintf(stderr, "Must set at least one of --port or --protocol\n");
return 1;
}
if (set_protocol && !port) {
fprintf(stderr, "Couldn't determine port for --protocol %s\n", protocol);
return 1;
}
if (verbose && !list) {
#define VALUE(X) printf("%s: %s\n", #X, X ? X : "(null)")
VALUE(user);
VALUE(domain);
VALUE(server);
VALUE(host);
VALUE(protocol);
#undef VALUE
printf("port: %d\n", port);
if (dry)
return 0;
}
if (!gnome_keyring_is_available()) {
fprintf(stderr, "No keyring available\n");
return 1;
}
if (list)
return key_listing(verbose);
for (tried = 0; tried < 2; tried++) {
result = gnome_keyring_find_network_password_sync(
user, domain, server, object, protocol, authtype, port,
&results
);
if (verbose) printf("attempt #%d: ", tried);
if (result == OK) {
GList *current;
GnomeKeyringNetworkPasswordData *passdata;
char *password;
for (i = 0, current = results; current; i++, current = current->next) {
passdata = (GnomeKeyringNetworkPasswordData *)current->data;
password = passdata->password;
if (verbose) {
printf("Result[%d]=%s\n", i, password);
continue;
}
if (remove) {
result = gnome_keyring_item_delete_sync(
passdata->keyring,
passdata->item_id
);
if (verbose)
printf("Remove %s %d -> %s\n", passdata->keyring, passdata->item_id, result == OK ? "OK" : "NOT OK");
if (!current->next)
return 0;
continue;
}
printf("%s", password);
return 0;
}
if (password)
break;
}
if (remove) {
printf("No such password\n");
return 1;
}
if (verbose) printf("nope\n");
if (!tried) {
char *password;
if (set_passfd) {
password = password_from(passfd);
} else {
password = password_prompt(user, server, domain, protocol, port);
}
if (password) {
guint32 item_id;
gnome_keyring_set_network_password_sync(
use_keyring,
user, domain, server, object, protocol, authtype, port,
password, &item_id
);
if (verbose) printf("Stored password? %s\n", item_id ? "yes" : "no");
}
}
}
return 0;
}
static const gchar*
tny_gnome_keyring_password_getter_get_password (TnyPasswordGetter *self, const gchar *aid, const gchar *prompt, gboolean *cancel)
{
gchar *retval = NULL;
GList *list;
GnomeKeyringResult keyringret;
gchar *keyring;
gnome_keyring_get_default_keyring_sync (&keyring);
keyringret = gnome_keyring_find_network_password_sync (aid, "Mail",
aid /* hostname */,
"password", aid /* proto */,
"PLAIN", 0, &list);
if ((keyringret != GNOME_KEYRING_RESULT_OK) || (list == NULL))
{
gboolean canc = FALSE;
GnomePasswordDialog *dialog = GNOME_PASSWORD_DIALOG
(gnome_password_dialog_new
(_("Enter password"), prompt,
NULL,
NULL, TRUE));
gnome_password_dialog_set_domain (dialog, "Mail");
gnome_password_dialog_set_remember (dialog,
GNOME_PASSWORD_DIALOG_REMEMBER_FOREVER);
gnome_password_dialog_set_readonly_username (dialog, TRUE);
/* gnome_password_dialog_set_username (dialog,
tny_account_get_user (account)); */
gnome_password_dialog_set_show_username (dialog, FALSE);
gnome_password_dialog_set_show_remember (dialog,
gnome_keyring_is_available ());
gnome_password_dialog_set_show_domain (dialog, FALSE);
gnome_password_dialog_set_show_userpass_buttons (dialog, FALSE);
canc = gnome_password_dialog_run_and_block (dialog);
if (canc)
{
guint32 item_id;
GnomePasswordDialogRemember r;
retval = gnome_password_dialog_get_password (dialog);
mlock (retval, strlen (retval));
r = gnome_password_dialog_get_remember (dialog);
if (r == GNOME_PASSWORD_DIALOG_REMEMBER_FOREVER)
{
gnome_keyring_set_network_password_sync (keyring,
aid /* user */,
"Mail", aid /* hostname */,
"password", aid /* proto */,
"PLAIN", 0, retval, &item_id);
}
} else retval = NULL;
*cancel = (!canc);
/* this causes warnings, but should be done afaik */
gtk_object_destroy (GTK_OBJECT (dialog));
while (gtk_events_pending ())
gtk_main_iteration ();
} else {
GnomeKeyringNetworkPasswordData *pwd_data;
pwd_data = list->data;
retval = g_strdup (pwd_data->password);
*cancel = FALSE;
gnome_keyring_network_password_list_free (list);
}
return retval;
}
static void
parse_and_decrypt_signons (const char *signons,
gboolean handle_forms)
{
int version;
gchar **lines;
int i;
guint length;
lines = g_strsplit (signons, "\r\n", -1);
if (!g_ascii_strncasecmp (lines[0], "#2c", 3))
version = 1;
else if (!g_ascii_strncasecmp (lines[0], "#2d", 3))
version = 2;
else if (!g_ascii_strncasecmp (lines[0], "#2e", 3))
version = 3;
else
goto out;
/* Skip the never-saved list */
for (i = 1; lines[i] && !g_str_equal (lines[i], "."); i++) {
;
}
i++;
/*
* Read saved passwords. The information is stored in blocks
* separated by lines that only contain a dot. We find a block by
* the separator and parse them one by one.
*/
length = g_strv_length (lines);
while (i < length) {
size_t begin = i;
size_t end = i + 1;
const char *realmBracketBegin = " (";
const char *realmBracketEnd = ")";
SoupURI *uri = NULL;
char *realm = NULL;
while (lines[end] && !g_str_equal (lines[end], "."))
end++;
i = end + 1;
/* A block has at least five lines */
if (end - begin < 5)
continue;
/* The first line is the site URL.
* For HTTP authentication logins, the URL may contain http realm,
* which will be in bracket:
* sitename:8080 (realm)
*/
if (g_strstr_len (lines[begin], -1, realmBracketBegin)) {
char *start_ptr, *end_ptr;
char *full_url, *url;
glong start, end;
/* In this case the scheme may not exist. We assume that the
* scheme is HTTP.
*/
if (!g_strstr_len (lines[begin], -1, "://"))
full_url = g_strconcat ("http://", lines[begin], NULL);
else
full_url = g_strdup (lines[begin]);
start_ptr = g_strstr_len (full_url, -1, realmBracketBegin);
start = g_utf8_pointer_to_offset (full_url, start_ptr);
url = g_utf8_substring (full_url, 0, start);
url = g_strstrip (url);
uri = soup_uri_new (url);
g_free (url);
start += strlen (realmBracketBegin);
end_ptr = g_strstr_len (full_url, -1, realmBracketEnd) -1;
end = g_utf8_pointer_to_offset (full_url, end_ptr);
realm = g_utf8_substring (full_url, start, end);
g_free (full_url);
} else {
/* Don't have HTTP realm. It is the URL that the following
* password belongs to.
*/
uri = soup_uri_new (lines[begin]);
}
if (!SOUP_URI_VALID_FOR_HTTP (uri)) {
soup_uri_free (uri);
g_free (realm);
continue;
}
++begin;
/* There may be multiple username/password pairs for this site.
* In this case, they are saved in one block without a separated
* line (contains a dot).
*/
while (begin + 4 < end) {
char *username = NULL;
char *password = NULL;
char *form_username = NULL;
char *form_password = NULL;
guint32 item_id;
/* The username */
if (handle_forms) {
form_username = g_strdup (lines[begin++]);
} else {
begin++; /* Skip username element */
}
username = decrypt (lines[begin++]);
/* The password */
/* The element name has a leading '*' */
if (lines[begin][0] == '*') {
if (handle_forms) {
form_password = g_strdup (lines[begin++]);
} else {
begin++; /* Skip password element */
}
password = decrypt (lines[begin++]);
} else {
/* Maybe the file is broken, skip to the next block */
g_free (username);
break;
}
/* The action attribute for from the form element. This line
* exists in version 2 or above
*/
if (version >= 2) {
if (begin < end)
/* Skip it */ ;
begin++;
/* Version 3 has an extra line for further use */
if (version == 3)
begin++;
}
if (handle_forms && !realm &&
username && password &&
!g_str_equal (username, "") &&
!g_str_equal (form_username, "") &&
!g_str_equal (form_password, "*")) {
char *u = soup_uri_to_string (uri, FALSE);
/* We skip the '*' at the beginning of form_password. */
_ephy_profile_utils_store_form_auth_data (u,
form_username,
form_password+1,
username,
password);
g_free (u);
} else if (!handle_forms && realm &&
username && password &&
!g_str_equal (username, "") &&
form_username == NULL && form_password == NULL) {
gnome_keyring_set_network_password_sync (NULL,
username,
realm,
uri->host,
NULL,
uri->scheme,
NULL,
uri->port,
password,
&item_id);
}
g_free (username);
g_free (password);
g_free (form_username);
g_free (form_password);
}
soup_uri_free (uri);
g_free (realm);
}
out:
g_strfreev (lines);
}
