int keyring_erase(struct credential *c) { char *object = NULL; GList *entries; GnomeKeyringNetworkPasswordData *password_data; GnomeKeyringResult result; /* * Sanity check that we actually have something to match * against. The input we get is a restrictive pattern, * so technically a blank credential means "erase everything". * But it is too easy to accidentally send this, since it is equivalent * to empty input. So explicitly disallow it, and require that the * pattern have some actual content to match. */ if (!c->protocol && !c->host && !c->path && !c->username) return EXIT_FAILURE; object = keyring_object(c); result = gnome_keyring_find_network_password_sync( c->username, NULL /* domain */, c->host, object, c->protocol, NULL /* authtype */, c->port, &entries); free(object); if (result == GNOME_KEYRING_RESULT_NO_MATCH) return EXIT_SUCCESS; if (result == GNOME_KEYRING_RESULT_CANCELLED) return EXIT_SUCCESS; if (result != GNOME_KEYRING_RESULT_OK) { error("%s",gnome_keyring_result_to_message(result)); return EXIT_FAILURE; } /* pick the first one from the list (delete all matches?) */ password_data = (GnomeKeyringNetworkPasswordData *) entries->data; result = gnome_keyring_item_delete_sync( password_data->keyring, password_data->item_id); gnome_keyring_network_password_list_free(entries); if (result != GNOME_KEYRING_RESULT_OK) { error("%s",gnome_keyring_result_to_message(result)); return EXIT_FAILURE; } return EXIT_SUCCESS; }
static void /* GnomeVFSModuleCallback */ vfs_fill_authentication_callback (gconstpointer in, size_t in_size, gpointer out, size_t out_size, gpointer user_data) { GnomeVFSModuleCallbackFillAuthenticationIn *in_real; GnomeVFSModuleCallbackFillAuthenticationOut *out_real; GnomeKeyringNetworkPasswordData *pwd_data; GList *list; GnomeKeyringResult result; g_return_if_fail (sizeof (GnomeVFSModuleCallbackFillAuthenticationIn) == in_size && sizeof (GnomeVFSModuleCallbackFillAuthenticationOut) == out_size); g_return_if_fail (in != NULL); g_return_if_fail (out != NULL); in_real = (GnomeVFSModuleCallbackFillAuthenticationIn *)in; out_real = (GnomeVFSModuleCallbackFillAuthenticationOut *)out; result = gnome_keyring_find_network_password_sync (in_real->username, in_real->domain, in_real->server, in_real->object, in_real->protocol, in_real->authtype, in_real->port, &list); if (result != GNOME_KEYRING_RESULT_OK || list == NULL) { out_real->valid = FALSE; } else { /* We use the first result, which is the least specific match */ pwd_data = list->data; out_real->valid = TRUE; out_real->username = g_strdup (pwd_data->user); out_real->domain = g_strdup (pwd_data->domain); out_real->password = g_strdup (pwd_data->password); gnome_keyring_network_password_list_free (list); } }
int keyring_get(struct credential *c) { char* object = NULL; GList *entries; GnomeKeyringNetworkPasswordData *password_data; GnomeKeyringResult result; if (!c->protocol || !(c->host || c->path)) return EXIT_FAILURE; object = keyring_object(c); result = gnome_keyring_find_network_password_sync( c->username, NULL /* domain */, c->host, object, c->protocol, NULL /* authtype */, c->port, &entries); free(object); if (result == GNOME_KEYRING_RESULT_NO_MATCH) return EXIT_SUCCESS; if (result == GNOME_KEYRING_RESULT_CANCELLED) return EXIT_SUCCESS; if (result != GNOME_KEYRING_RESULT_OK) { error("%s",gnome_keyring_result_to_message(result)); return EXIT_FAILURE; } /* pick the first one from the list */ password_data = (GnomeKeyringNetworkPasswordData *) entries->data; free_password(c->password); c->password = xstrdup(password_data->password); if (!c->username) c->username = xstrdup(password_data->user); gnome_keyring_network_password_list_free(entries); return EXIT_SUCCESS; }
static PyObject* gnome_keyring_password_get(PyObject *self, PyObject *args) { const char *realmstring; const char *username; const char *password; if (!PyArg_ParseTuple(args, "ss", &realmstring, &username)){ PyErr_Clear(); PyErr_SetString(PyExc_TypeError, "password_get() must be called as (servicename,username)"); return NULL; } if ((! dbus_bus_get(DBUS_BUS_SESSION,NULL)) || (!gnome_keyring_is_available())){ PyErr_Clear(); PyErr_SetString(PyExc_OSError, "Can's access the keyring now"); return NULL; } GnomeKeyringResult result; GList *items; result = gnome_keyring_find_network_password_sync(username, realmstring, NULL, NULL, NULL, NULL, 0, &items); int status = 0; if (result == GNOME_KEYRING_RESULT_OK){ if (items && items->data){ GnomeKeyringNetworkPasswordData *item; item = (GnomeKeyringNetworkPasswordData *)items->data; if (item->password){ size_t len = strlen(item->password); password = string_dump(item->password, len); status = 1; } gnome_keyring_network_password_list_free(items); } } if (!status){ PyErr_Clear(); PyErr_SetString(PyExc_OSError, "Can't fech password from system"); return NULL; } return Py_BuildValue("s",password); }
static void tny_gnome_keyring_password_getter_forget_password (TnyPasswordGetter *self, const gchar *aid) { GList *list=NULL; GnomeKeyringResult keyringret; gchar *keyring; GnomeKeyringNetworkPasswordData *pwd_data; gnome_keyring_get_default_keyring_sync (&keyring); keyringret = gnome_keyring_find_network_password_sync ( aid /* user */, "Mail", aid /* hostname */, "password", aid /* proto */, "PLAIN", 0, &list); if (keyringret == GNOME_KEYRING_RESULT_OK && list) { pwd_data = list->data; gnome_keyring_item_delete_sync (keyring, pwd_data->item_id); gnome_keyring_network_password_list_free (list); } return; }
gboolean gnc_keyring_get_password ( GtkWidget *parent, const gchar *access_method, const gchar *server, guint32 port, const gchar *service, gchar **user, gchar **password) { gboolean password_found = FALSE; #ifdef HAVE_GNOME_KEYRING GnomeKeyringResult gkr_result; GList *found_list = NULL; GnomeKeyringNetworkPasswordData *found; #endif #ifdef HAVE_OSX_KEYCHAIN void *password_data; UInt32 password_length; OSStatus status; #endif g_return_val_if_fail (user != NULL, FALSE); g_return_val_if_fail (password != NULL, FALSE); *password = NULL; #ifdef HAVE_GNOME_KEYRING gkr_result = gnome_keyring_find_network_password_sync ( *user, NULL, server, service, access_method, NULL, port, &found_list ); if (gkr_result == GNOME_KEYRING_RESULT_OK) { found = (GnomeKeyringNetworkPasswordData *) found_list->data; if (found->password) *password = g_strdup(found->password); password_found = TRUE; } else PWARN ("Gnome-keyring access failed: %s.", gnome_keyring_result_to_message(gkr_result)); gnome_keyring_network_password_list_free(found_list); #endif /* HAVE_GNOME_KEYRING */ #ifdef HAVE_OSX_KEYCHAIN /* mysql and postgres aren't valid protocols on Mac OS X. * So we use the security domain parameter to allow us to * distinguish between these two. */ if (*user != NULL) { status = SecKeychainFindInternetPassword( NULL, strlen(server), server, strlen(access_method), access_method, strlen(*user), *user, strlen(service), service, port, kSecProtocolTypeAny, kSecAuthenticationTypeDefault, &password_length, &password_data, NULL); if ( status == noErr ) { *password = g_strndup(password_data, password_length); password_found = TRUE; SecKeychainItemFreeContent(NULL, password_data); } else { CFStringRef osx_resultstring = SecCopyErrorMessageString( status, NULL ); const gchar *resultstring = CFStringGetCStringPtr(osx_resultstring, GetApplicationTextEncoding()); PWARN ( "OS X keychain error: %s", resultstring ); CFRelease ( osx_resultstring ); } } #endif /* HAVE_OSX_KEYCHAIN */ if ( !password_found ) { /* If we got here, either no proper password store is * available on this system, or we couldn't retrieve * a password from it. In both cases, just ask the user * to enter one */ gchar *db_path, *heading; if ( port == 0 ) db_path = g_strdup_printf ( "%s://%s/%s", access_method, server, service ); else db_path = g_strdup_printf ( "%s://%s:%d/%s", access_method, server, port, service ); heading = g_strdup_printf ( /* Translators: %s is a path to a database or any other url, like mysql://[email protected]/somedb, http://www.somequotes.com/thequotes */ _("Enter a user name and password to connect to: %s"), db_path ); password_found = gnc_get_username_password ( parent, heading, *user, NULL, user, password ); g_free ( db_path ); g_free ( heading ); if ( password_found ) { /* User entered new user/password information * Let's try to add it to a password store. */ gchar *newuser = g_strdup( *user ); gchar *newpassword = g_strdup( *password ); gnc_keyring_set_password ( access_method, server, port, service, newuser, newpassword ); g_free ( newuser ); g_free ( newpassword ); } } return password_found; }
int main(int argc, char **argv) { GnomeKeyringResult result; GList *results; char *host; int i, tried, verbose = 0, remove = 0, list = 0; int set_domain = 0, set_host = 0, set_server = 0; int set_protocol = 0, set_port = 0, set_passfd = 0; int dry = 0; char *user = default_user(); char *domain = NULL; char *server = NULL; char *object = NULL; char *protocol = NULL; char *authtype = NULL; guint32 port = 0; int passfd = 0; char *use_keyring = GNOME_KEYRING_DEFAULT; for (i = 1; i < argc; i++) { if (ARG(u) || LARG(user)) { S_OPT(user); } else if (ARG(h) || LARG(host)) { S_OPT_Q(host); } else if (ARG(s) || LARG(server)) { S_OPT_Q(server); } else if (ARG(d) || LARG(domain)) { S_OPT_Q(domain); } else if (ARG(P) || LARG(protocol)) { S_OPT_Q(protocol); } else if (ARG(p) || LARG(port)) { I_OPT_Q(port); } else if (LARG(passfd)) { I_OPT_Q(passfd); } else if (ARG(v) || LARG(verbose)) { verbose = 1; } else if (ARG(R) || LARG(remove)) { MODE(remove); } else if (ARG(l) || LARG(list)) { MODE(list); } else if (ARG(n) || LARG(dry)) { dry = 1; verbose++; } else if (ARG(k) || LARG(keyring)) { S_OPT(use_keyring); } else if (LARG(help)) { usage(); return 0; } else { fprintf(stderr, "Unknown argument: %s\n", argv[i]); return 1; } } if (set_host && !(set_domain && set_server)) { char *dot = index(host, '.'); if (dot) { dot[0] = '\0'; dot++; if (!set_domain) domain = dot; if (!set_server) server = host; } else { server = host; domain = ""; } } else if (set_domain && set_server) { host = NULL; } else if (!list) { fprintf(stderr, "Must set --host or (--server and --domain)\n"); return 1; } if ((set_port + set_protocol) == 1) { if (set_protocol) { set_port_by_protocol(&port, protocol); } else if (set_port) { set_protocol_by_port(&protocol, port); } } else if (!(set_port || set_protocol || list)) { fprintf(stderr, "Must set at least one of --port or --protocol\n"); return 1; } if (set_protocol && !port) { fprintf(stderr, "Couldn't determine port for --protocol %s\n", protocol); return 1; } if (verbose && !list) { #define VALUE(X) printf("%s: %s\n", #X, X ? X : "(null)") VALUE(user); VALUE(domain); VALUE(server); VALUE(host); VALUE(protocol); #undef VALUE printf("port: %d\n", port); if (dry) return 0; } if (!gnome_keyring_is_available()) { fprintf(stderr, "No keyring available\n"); return 1; } if (list) return key_listing(verbose); for (tried = 0; tried < 2; tried++) { result = gnome_keyring_find_network_password_sync( user, domain, server, object, protocol, authtype, port, &results ); if (verbose) printf("attempt #%d: ", tried); if (result == OK) { GList *current; GnomeKeyringNetworkPasswordData *passdata; char *password; for (i = 0, current = results; current; i++, current = current->next) { passdata = (GnomeKeyringNetworkPasswordData *)current->data; password = passdata->password; if (verbose) { printf("Result[%d]=%s\n", i, password); continue; } if (remove) { result = gnome_keyring_item_delete_sync( passdata->keyring, passdata->item_id ); if (verbose) printf("Remove %s %d -> %s\n", passdata->keyring, passdata->item_id, result == OK ? "OK" : "NOT OK"); if (!current->next) return 0; continue; } printf("%s", password); return 0; } if (password) break; } if (remove) { printf("No such password\n"); return 1; } if (verbose) printf("nope\n"); if (!tried) { char *password; if (set_passfd) { password = password_from(passfd); } else { password = password_prompt(user, server, domain, protocol, port); } if (password) { guint32 item_id; gnome_keyring_set_network_password_sync( use_keyring, user, domain, server, object, protocol, authtype, port, password, &item_id ); if (verbose) printf("Stored password? %s\n", item_id ? "yes" : "no"); } } } return 0; }
static const gchar* tny_gnome_keyring_password_getter_get_password (TnyPasswordGetter *self, const gchar *aid, const gchar *prompt, gboolean *cancel) { gchar *retval = NULL; GList *list; GnomeKeyringResult keyringret; gchar *keyring; gnome_keyring_get_default_keyring_sync (&keyring); keyringret = gnome_keyring_find_network_password_sync (aid, "Mail", aid /* hostname */, "password", aid /* proto */, "PLAIN", 0, &list); if ((keyringret != GNOME_KEYRING_RESULT_OK) || (list == NULL)) { gboolean canc = FALSE; GnomePasswordDialog *dialog = GNOME_PASSWORD_DIALOG (gnome_password_dialog_new (_("Enter password"), prompt, NULL, NULL, TRUE)); gnome_password_dialog_set_domain (dialog, "Mail"); gnome_password_dialog_set_remember (dialog, GNOME_PASSWORD_DIALOG_REMEMBER_FOREVER); gnome_password_dialog_set_readonly_username (dialog, TRUE); /* gnome_password_dialog_set_username (dialog, tny_account_get_user (account)); */ gnome_password_dialog_set_show_username (dialog, FALSE); gnome_password_dialog_set_show_remember (dialog, gnome_keyring_is_available ()); gnome_password_dialog_set_show_domain (dialog, FALSE); gnome_password_dialog_set_show_userpass_buttons (dialog, FALSE); canc = gnome_password_dialog_run_and_block (dialog); if (canc) { guint32 item_id; GnomePasswordDialogRemember r; retval = gnome_password_dialog_get_password (dialog); mlock (retval, strlen (retval)); r = gnome_password_dialog_get_remember (dialog); if (r == GNOME_PASSWORD_DIALOG_REMEMBER_FOREVER) { gnome_keyring_set_network_password_sync (keyring, aid /* user */, "Mail", aid /* hostname */, "password", aid /* proto */, "PLAIN", 0, retval, &item_id); } } else retval = NULL; *cancel = (!canc); /* this causes warnings, but should be done afaik */ gtk_object_destroy (GTK_OBJECT (dialog)); while (gtk_events_pending ()) gtk_main_iteration (); } else { GnomeKeyringNetworkPasswordData *pwd_data; pwd_data = list->data; retval = g_strdup (pwd_data->password); *cancel = FALSE; gnome_keyring_network_password_list_free (list); } return retval; }
void SG_password__get( SG_context *pCtx, const char *szRepoSpec, const char *username, SG_string **ppstrPassword) { SG_string *password = NULL; SG_string *path = NULL; SG_string *server = NULL; SG_string *proto = NULL; SG_uint32 port; SG_bool isValid = SG_FALSE; GnomeKeyringResult saveRes = 0; GList *results = NULL; guint count = 0; SG_NULLARGCHECK(username); SG_NULLARGCHECK(ppstrPassword); SG_NULLARGCHECK(szRepoSpec); if (! SG_password__supported()) goto fail; SG_ERR_CHECK( _sg_password__parse_url(pCtx, szRepoSpec, &isValid, &proto, &server, &path, &port) ); if (! isValid) SG_ERR_THROW(SG_ERR_NOTIMPLEMENTED); saveRes = gnome_keyring_find_network_password_sync( username, NULL, SG_string__sz(server), SG_string__sz(path), SG_string__sz(proto), NULL, (guint32)port, &results); if ((saveRes != GNOME_KEYRING_RESULT_OK) && (saveRes != GNOME_KEYRING_RESULT_NO_MATCH) && (saveRes != GNOME_KEYRING_RESULT_CANCELLED)) _SG_THROW_LINUX_SEC_ERROR(saveRes); if (results != NULL) count = g_list_length(results); if (count > 0) { const char *pw = ""; GnomeKeyringNetworkPasswordData *entry = g_list_nth_data(results, 0); SG_ASSERT(entry != NULL); if (entry->password) pw = entry->password; SG_ERR_CHECK( SG_string__alloc__sz(pCtx, &password, pw) ); } *ppstrPassword = password; password = NULL; fail: SG_STRING_NULLFREE(pCtx, path); SG_STRING_NULLFREE(pCtx, server); SG_STRING_NULLFREE(pCtx, proto); SG_STRING_NULLFREE(pCtx, password); if (results) gnome_keyring_network_password_list_free(results); }