/* Implementation of svn_auth__password_set_t that stores the password in the OS X KeyChain. */ static svn_error_t * keychain_password_set(svn_boolean_t *done, apr_hash_t *creds, const char *realmstring, const char *username, const char *password, apr_hash_t *parameters, svn_boolean_t non_interactive, apr_pool_t *pool) { OSStatus status; SecKeychainItemRef item; if (non_interactive) SecKeychainSetUserInteractionAllowed(FALSE); status = SecKeychainFindGenericPassword(NULL, (int) strlen(realmstring), realmstring, username == NULL ? 0 : (int) strlen(username), username, 0, NULL, &item); if (status) { if (status == errSecItemNotFound) status = SecKeychainAddGenericPassword(NULL, (int) strlen(realmstring), realmstring, username == NULL ? 0 : (int) strlen(username), username, (int) strlen(password), password, NULL); } else { status = SecKeychainItemModifyAttributesAndData(item, NULL, (int) strlen(password), password); CFRelease(item); } if (non_interactive) SecKeychainSetUserInteractionAllowed(TRUE); *done = (status == 0); return SVN_NO_ERROR; }
void SoundCloudCAPI_DefaultAuthenticationSave(SoundCloudCAPI *api) { SecKeychainItemRef ref; const char *data=SoundCloudCAPI_GetCredentials(api); const char *service=api->apiBaseURL; CFStringRef bundleName=CFBundleGetIdentifier(CFBundleGetMainBundle()); const char *name=CFStringGetCStringPtr(bundleName,kCFStringEncodingMacRoman); OSErr status=SecKeychainFindGenericPassword(NULL,strlen(name),name,strlen(service),service,0,0,&ref); if (status) status=SecKeychainAddGenericPassword(NULL,strlen(name),name,strlen(service),service,strlen(data),data,0); else { status=SecKeychainItemModifyAttributesAndData(ref,NULL,strlen(data),data); CFRelease(ref); } if (status) sc_log(api,SoundCloudCAPI_LogLevel_Errors,"Failed to save token, with err: %d\n",status); }
bool OsxWallet::setCredentials(const QString &realm, const QString &user, const QString &password) { const QByteArray realm_data = realm.toUtf8(); const QByteArray user_data = user.toUtf8(); const QByteArray password_data = password.toUtf8(); /* check whether the entry already exists */ SecKeychainItemRef itemRef = NULL; int rc = SecKeychainFindInternetPassword(keychain, realm_data.size(), realm_data.constData(), 0, NULL, user_data.size(), user_data.constData(), 0, NULL, 0, kSecProtocolTypeAny, kSecAuthenticationTypeAny, 0, NULL, &itemRef); if (rc == errSecSuccess) { // FIXME: we should not update username! SecKeychainAttribute attr; SecKeychainAttributeList attrList; attr.tag = kSecAccountItemAttr; attr.length = user_data.size(); attr.data = (void*)user_data.constData(); attrList.count = 1; attrList.attr = &attr; rc = SecKeychainItemModifyAttributesAndData(itemRef, &attrList, password_data.size(), password_data.constData()); CFRelease(itemRef); } else { rc = SecKeychainAddInternetPassword(keychain, realm_data.size(), realm_data.constData(), 0, NULL, user_data.size(), user_data.constData(), 0, NULL, 0, kSecProtocolTypeAny, kSecAuthenticationTypeAny, password_data.size(), password_data.constData(), NULL); } return (rc == errSecSuccess); }
/* Creates or updates a keychain item to match new details. */ void keychain_update_password(const char *origServer, const char *origUser, const char *server, const char *username, const char *password) { if (!strlen(server) || !strlen(username)) return; void *s1 = NULL; BADGE_HOSTNAME(server); SecKeychainItemRef origItem = NULL; OSStatus status; if (strlen(origServer) && strlen(origUser)) { s1 = (void*)BADGE_HOSTNAME(origServer); origItem = get_password_details(origServer, origUser, NULL, 0); } SecKeychainItemRef newItem = get_password_details(server, username, NULL, 0); if (origItem || newItem) { // Modify the existing password SecKeychainItemRef keychainItem = (origItem) ? origItem : newItem; // use 7 instead of kSecLabelItemAttr because of a Carbon bug // details: http://lists.apple.com/archives/apple-cdsa/2006//May/msg00037.html SecKeychainAttribute attrs[] = { {kSecAccountItemAttr, strlen(username), (void*)username}, {7, strlen(server), (void*)server}, {kSecServiceItemAttr, strlen(server), (void*)server} }; SecKeychainAttributeList list = { sizeof(attrs) / sizeof(attrs[0]), attrs }; status = SecKeychainItemModifyAttributesAndData(keychainItem, &list, strlen(password), password); if (status != noErr) EXTENDED_KC_ERR(status, "editing an existing password"); } else { // Password doesn't exist, create it status = SecKeychainAddGenericPassword ( NULL, // default keychain strlen(server), // length of service name server, // service name strlen(username), // length of account name username, // account name strlen(password), // length of password password, // pointer to password data NULL // the item reference ); if (status != noErr) EXTENDED_KC_ERR(status, "saving a new password"); } free(s1); free((void*)server); }
static OSStatus SetKeyLabelAndTag(SecKeyRef keyRef, CFTypeRef label, CFDataRef tag) { int numToModify = 0; if (label != NULL) { numToModify += 1; } if (tag != NULL) { numToModify += 1; } if (numToModify == 0) { return noErr; } SecKeychainAttributeList attrList; SecKeychainAttribute attributes[numToModify]; int i = 0; if (label != NULL) { if (CFStringGetTypeID() == CFGetTypeID(label)) { CFStringRef label_string = static_cast<CFStringRef>(label); attributes[i].tag = kSecKeyPrintName; attributes[i].data = (void*) CFStringGetCStringPtr(label_string, kCFStringEncodingUTF8); if (NULL == attributes[i].data) { CFIndex buffer_length = CFStringGetMaximumSizeForEncoding(CFStringGetLength(label_string), kCFStringEncodingUTF8); attributes[i].data = alloca((size_t)buffer_length); if (NULL == attributes[i].data) { UnixError::throwMe(ENOMEM); } if (!CFStringGetCString(label_string, static_cast<char *>(attributes[i].data), buffer_length, kCFStringEncodingUTF8)) { MacOSError::throwMe(paramErr); } } attributes[i].length = strlen(static_cast<char *>(attributes[i].data)); } else if (CFDataGetTypeID() == CFGetTypeID(label)) { // 10.6 bug compatibility CFDataRef label_data = static_cast<CFDataRef>(label); attributes[i].tag = kSecKeyLabel; attributes[i].data = (void*) CFDataGetBytePtr(label_data); attributes[i].length = CFDataGetLength(label_data); } else { MacOSError::throwMe(paramErr); } i++; } if (tag != NULL) { attributes[i].tag = kSecKeyApplicationTag; attributes[i].data = (void*) CFDataGetBytePtr(tag); attributes[i].length = CFDataGetLength(tag); i++; } attrList.count = numToModify; attrList.attr = attributes; return SecKeychainItemModifyAttributesAndData((SecKeychainItemRef) keyRef, &attrList, 0, NULL); }
void SG_password__set( SG_context *pCtx, const char *szRepoSpec, SG_string *pUserName, SG_string *pPassword) { const char *username, *password; SG_string *path = NULL; SG_string *server = NULL; SecProtocolType proto; SG_uint32 port; SG_bool isValid = SG_FALSE; OSStatus saveRes, findRes; SecKeychainItemRef item = NULL; SG_NULLARGCHECK(pUserName); SG_NULLARGCHECK(pPassword); SG_NULLARGCHECK(szRepoSpec); username = SG_string__sz(pUserName); password = SG_string__sz(pPassword); SG_ERR_CHECK( _sg_password__parse_url(pCtx, szRepoSpec, &isValid, &proto, &server, &path, &port) ); if (! isValid) SG_ERR_THROW(SG_ERR_NOTIMPLEMENTED); findRes = SecKeychainFindInternetPassword( NULL, SG_STRLEN( SG_string__sz(server) ), SG_string__sz(server), 0, NULL, SG_STRLEN(username), username, SG_STRLEN( SG_string__sz(path) ), SG_string__sz(path), port, proto, kSecAuthenticationTypeDefault, NULL, NULL, &item); if (findRes == errSecSuccess) { saveRes = SecKeychainItemModifyAttributesAndData(item, NULL, SG_STRLEN(password), password); } else { saveRes = SecKeychainAddInternetPassword( NULL, SG_STRLEN( SG_string__sz(server) ), SG_string__sz(server), 0, NULL, SG_STRLEN(username), username, SG_STRLEN( SG_string__sz(path) ), SG_string__sz(path), port, proto, kSecAuthenticationTypeDefault, SG_STRLEN(password), password, NULL); } if (saveRes != errSecSuccess) _SG_THROW_MAC_SEC_ERROR(saveRes); fail: if (item) CFRelease(item); SG_STRING_NULLFREE(pCtx, path); SG_STRING_NULLFREE(pCtx, server); }
VALUE set_internet_password_for(VALUE self, VALUE data) { VALUE ret = Qfalse; CHECK_FETCH_HASH_KEY(account) CHECK_FETCH_HASH_KEY(protocol) CHECK_FETCH_HASH_KEY(server) CHECK_FETCH_HASH_KEY(password) VALUE sym_auth = rb_eval_string(":auth"); VALUE auth; if (!rb_funcall(data, rb_intern("has_key?"), 1, sym_auth)) { auth = kSecAuthenticationTypeDefault; } else { auth = rb_funcall(rb_funcall(data, rb_intern("fetch"), 1, sym_auth), rb_intern("to_s"), 0); auth = String2FourChar(StringValuePtr(auth)); } VALUE sym_port = rb_eval_string(":port"); VALUE port; if (!rb_funcall(data, rb_intern("has_key?"), 1, sym_port)) { port = 0; } else { port = rb_funcall(rb_funcall(data, rb_intern("fetch"), 1, sym_port), rb_intern("to_i"), 0); port = NUM2INT(port); } VALUE sym_path = rb_eval_string(":path"); VALUE path; if (!rb_funcall(data, rb_intern("has_key?"), 1, sym_path)) { path = rb_str_new2(""); } else { path = rb_funcall(rb_funcall(data, rb_intern("fetch"), 1, sym_path), rb_intern("to_s"), 0); } OSStatus status = SecKeychainAddInternetPassword ( NULL, // default keychain strlen(StringValuePtr(server)), // length of serverName StringValuePtr(server), // serverName 0, // length of domain NULL, // no domain strlen(StringValuePtr(account)), // length of account name StringValuePtr(account), // account name strlen(StringValuePtr(path)), // length of path StringValuePtr(path), // path port, // ignore port String2FourChar(StringValuePtr(protocol)), // protocol auth, // auth type strlen(StringValuePtr(password)), StringValuePtr(password), NULL ); if (status == noErr) { ret = Qtrue; } else if (status == errSecDuplicateItem) { // Try updating instead SecKeychainItemRef itemRef = nil; status = SecKeychainFindInternetPassword ( NULL, // default keychain strlen(StringValuePtr(server)), // length of serverName StringValuePtr(server), // serverName 0, // length of domain NULL, // no domain strlen(StringValuePtr(account)), // length of account name StringValuePtr(account), // account name strlen(StringValuePtr(path)), // length of path StringValuePtr(path), // path port, // ignore port String2FourChar(StringValuePtr(protocol)), // protocol auth, nil, nil, &itemRef ); if (status != noErr) rb_raise(rb_eStandardError, getStatusString(status)); status = SecKeychainItemModifyAttributesAndData ( itemRef, // the item reference NULL, // no change to attributes strlen(StringValuePtr(password)), // length of password StringValuePtr(password) // pointer to password data ); if (status != noErr) rb_raise(rb_eStandardError, getStatusString(status)); ret = Qtrue; } else { rb_raise(rb_eStandardError, getStatusString(status)); } return ret; }