void SG_password__get( SG_context *pCtx, const char *szRepoSpec, const char *username, SG_string **pPassword) { SG_byte *pwdata = NULL; SG_uint32 pwlen; SG_string *password = NULL; SG_string *path = NULL; SG_string *server = NULL; SecProtocolType proto; SG_uint32 port; SG_bool isValid = SG_FALSE; OSStatus findRes; SG_NULLARGCHECK_RETURN(pPassword); *pPassword = NULL; SG_NULLARGCHECK(username); SG_NULLARGCHECK(szRepoSpec); SG_ERR_CHECK( _sg_password__parse_url(pCtx, szRepoSpec, &isValid, &proto, &server, &path, &port) ); if (! isValid) SG_ERR_THROW(SG_ERR_NOTIMPLEMENTED); findRes = SecKeychainFindInternetPassword( NULL, SG_STRLEN( SG_string__sz(server) ), SG_string__sz(server), 0, NULL, SG_STRLEN(username), username, SG_STRLEN( SG_string__sz(path) ), SG_string__sz(path), port, proto, kSecAuthenticationTypeDefault, (UInt32 *)&pwlen, (void **)&pwdata, NULL); if (findRes == errSecItemNotFound || findRes == errSecInteractionNotAllowed) goto fail; else if (findRes != errSecSuccess) _SG_THROW_MAC_SEC_ERROR(findRes); SG_ERR_CHECK( SG_STRING__ALLOC__BUF_LEN(pCtx, &password, pwdata, pwlen) ); *pPassword = password; password = NULL; fail: if (pwdata) SecKeychainItemFreeContent(NULL, pwdata); SG_STRING_NULLFREE(pCtx, path); SG_STRING_NULLFREE(pCtx, server); SG_STRING_NULLFREE(pCtx, password); }
static void find_internet_password(void) { void *buf; UInt32 len; SecKeychainItemRef item; if (SecKeychainFindInternetPassword(KEYCHAIN_ARGS, &len, &buf, &item)) return; write_item("password", buf, len); if (!username) find_username_in_item(item); SecKeychainItemFreeContent(NULL, buf); }
static void delete_internet_password(void) { SecKeychainItemRef item; /* * Require at least a protocol and host for removal, which is what git * will give us; if you want to do something more fancy, use the * Keychain manager. */ if (!protocol || !host) return; if (SecKeychainFindInternetPassword(KEYCHAIN_ARGS, 0, NULL, &item)) return; SecKeychainItemDelete(item); }
bool OsxWallet::getCredentials(const QString &realm, QString &user, QString &password) { const QByteArray realm_data = realm.toUtf8(); const QByteArray user_data = user.toUtf8(); SecKeychainItemRef itemRef = NULL; /* get password */ int rc = SecKeychainFindInternetPassword(keychain, realm_data.size(), realm_data.constData(), 0, NULL, user_data.size(), user_data.constData(), 0, NULL, 0, kSecProtocolTypeAny, kSecAuthenticationTypeAny, 0, NULL, &itemRef); if (rc != errSecSuccess) return false; /* get username */ SecKeychainAttribute attr; SecKeychainAttributeList attrList; attr.tag = kSecAccountItemAttr; attr.length = 0; attr.data = NULL; attrList.count = 1; attrList.attr = &attr; UInt32 password_length = 0; void *password_data = NULL; if (SecKeychainItemCopyContent(itemRef, NULL, &attrList, &password_length, &password_data) != errSecSuccess) { CFRelease(itemRef); return false; } /* store results */ user = QString::fromUtf8(QByteArray((char*)attr.data, attr.length)); password = QString::fromUtf8(QByteArray((char*)password_data, password_length)); SecKeychainItemFreeContent(&attrList, password_data); CFRelease(itemRef); return true; }
bool OsxWallet::setCredentials(const QString &realm, const QString &user, const QString &password) { const QByteArray realm_data = realm.toUtf8(); const QByteArray user_data = user.toUtf8(); const QByteArray password_data = password.toUtf8(); /* check whether the entry already exists */ SecKeychainItemRef itemRef = NULL; int rc = SecKeychainFindInternetPassword(keychain, realm_data.size(), realm_data.constData(), 0, NULL, user_data.size(), user_data.constData(), 0, NULL, 0, kSecProtocolTypeAny, kSecAuthenticationTypeAny, 0, NULL, &itemRef); if (rc == errSecSuccess) { // FIXME: we should not update username! SecKeychainAttribute attr; SecKeychainAttributeList attrList; attr.tag = kSecAccountItemAttr; attr.length = user_data.size(); attr.data = (void*)user_data.constData(); attrList.count = 1; attrList.attr = &attr; rc = SecKeychainItemModifyAttributesAndData(itemRef, &attrList, password_data.size(), password_data.constData()); CFRelease(itemRef); } else { rc = SecKeychainAddInternetPassword(keychain, realm_data.size(), realm_data.constData(), 0, NULL, user_data.size(), user_data.constData(), 0, NULL, 0, kSecProtocolTypeAny, kSecAuthenticationTypeAny, password_data.size(), password_data.constData(), NULL); } return (rc == errSecSuccess); }
static void get_password_from_keychain(Pop3 pc, const char *username, const char *servername, /*@out@ */ char *password, /*@out@ */ unsigned char *password_len) { SecKeychainRef kc; OSStatus rc; char *secpwd; UInt32 pwdlen; rc = SecKeychainCopyDefault(&kc); if (rc != noErr) { DM(pc, DEBUG_ERROR, "passmgr: unable to open keychain, exiting\n"); exit(EXIT_FAILURE); } rc = SecKeychainFindInternetPassword(kc, strlen(servername), servername, 0, NULL, strlen(username), username, 0, NULL, 0, NULL, kSecAuthenticationTypeDefault, &pwdlen, (void **) &secpwd, NULL); if (rc != noErr) { DM(pc, DEBUG_ERROR, "passmgr: keychain password grab for %s at %s failed, exiting\n", username, servername); DM(pc, DEBUG_ERROR, "passmgr: (perhaps you pressed 'deny')\n"); /* this seems like the sanest thing to do, for now */ exit(EXIT_FAILURE); } if (pwdlen < *password_len) { strncpy(password, secpwd, pwdlen); password[pwdlen] = '\0'; *password_len = pwdlen; } else { DM(pc, DEBUG_ERROR, "passmgr: warning: your password appears longer (%lu) than expected (%d)\n", strlen(secpwd), *password_len - 1); } rc = SecKeychainItemFreeContent(NULL, secpwd); return; }
bool OsxWallet::deleteCredentials(const QString &realm, const QString &user) { const QByteArray realm_data = realm.toUtf8(); const QByteArray user_data = user.toUtf8(); SecKeychainItemRef itemRef = NULL; /* check whether the entry exists */ int rc = SecKeychainFindInternetPassword(keychain, realm_data.size(), realm_data.constData(), 0, NULL, user_data.size(), user_data.constData(), 0, NULL, 0, kSecProtocolTypeAny, kSecAuthenticationTypeAny, 0, NULL, &itemRef); if (rc != errSecSuccess) return false; rc = SecKeychainItemDelete(itemRef); CFRelease(itemRef); return (rc == errSecSuccess); }
gboolean gnc_keyring_get_password ( GtkWidget *parent, const gchar *access_method, const gchar *server, guint32 port, const gchar *service, gchar **user, gchar **password) { gboolean password_found = FALSE; #ifdef HAVE_GNOME_KEYRING GnomeKeyringResult gkr_result; GList *found_list = NULL; GnomeKeyringNetworkPasswordData *found; #endif #ifdef HAVE_OSX_KEYCHAIN void *password_data; UInt32 password_length; OSStatus status; #endif g_return_val_if_fail (user != NULL, FALSE); g_return_val_if_fail (password != NULL, FALSE); *password = NULL; #ifdef HAVE_GNOME_KEYRING gkr_result = gnome_keyring_find_network_password_sync ( *user, NULL, server, service, access_method, NULL, port, &found_list ); if (gkr_result == GNOME_KEYRING_RESULT_OK) { found = (GnomeKeyringNetworkPasswordData *) found_list->data; if (found->password) *password = g_strdup(found->password); password_found = TRUE; } else PWARN ("Gnome-keyring access failed: %s.", gnome_keyring_result_to_message(gkr_result)); gnome_keyring_network_password_list_free(found_list); #endif /* HAVE_GNOME_KEYRING */ #ifdef HAVE_OSX_KEYCHAIN /* mysql and postgres aren't valid protocols on Mac OS X. * So we use the security domain parameter to allow us to * distinguish between these two. */ if (*user != NULL) { status = SecKeychainFindInternetPassword( NULL, strlen(server), server, strlen(access_method), access_method, strlen(*user), *user, strlen(service), service, port, kSecProtocolTypeAny, kSecAuthenticationTypeDefault, &password_length, &password_data, NULL); if ( status == noErr ) { *password = g_strndup(password_data, password_length); password_found = TRUE; SecKeychainItemFreeContent(NULL, password_data); } else { CFStringRef osx_resultstring = SecCopyErrorMessageString( status, NULL ); const gchar *resultstring = CFStringGetCStringPtr(osx_resultstring, GetApplicationTextEncoding()); PWARN ( "OS X keychain error: %s", resultstring ); CFRelease ( osx_resultstring ); } } #endif /* HAVE_OSX_KEYCHAIN */ if ( !password_found ) { /* If we got here, either no proper password store is * available on this system, or we couldn't retrieve * a password from it. In both cases, just ask the user * to enter one */ gchar *db_path, *heading; if ( port == 0 ) db_path = g_strdup_printf ( "%s://%s/%s", access_method, server, service ); else db_path = g_strdup_printf ( "%s://%s:%d/%s", access_method, server, port, service ); heading = g_strdup_printf ( /* Translators: %s is a path to a database or any other url, like mysql://[email protected]/somedb, http://www.somequotes.com/thequotes */ _("Enter a user name and password to connect to: %s"), db_path ); password_found = gnc_get_username_password ( parent, heading, *user, NULL, user, password ); g_free ( db_path ); g_free ( heading ); if ( password_found ) { /* User entered new user/password information * Let's try to add it to a password store. */ gchar *newuser = g_strdup( *user ); gchar *newpassword = g_strdup( *password ); gnc_keyring_set_password ( access_method, server, port, service, newuser, newpassword ); g_free ( newuser ); g_free ( newpassword ); } } return password_found; }
/* Implementation of OSXKeychain.findInternetPassword(). See the Java docs for * explanations of the parameters. */ JNIEXPORT jstring JNICALL Java_com_mcdermottroe_apple_OSXKeychain__1findInternetPassword(JNIEnv* env, jobject obj, jstring serverName, jstring securityDomain, jstring accountName, jstring path, jint port) { OSStatus status; jstring_unpacked server_name; jstring_unpacked security_domain; jstring_unpacked account_name; jstring_unpacked server_path; jstring result = NULL; /* This is the password buffer which will be used by * SecKeychainFindInternetPassword */ void* password; UInt32 password_length; /* Query the keychain */ status = SecKeychainSetPreferenceDomain(kSecPreferencesDomainUser); if (status != errSecSuccess) { throw_osxkeychainexception(env, status); return NULL; } /* Unpack all the jstrings into useful structures. */ jstring_unpack(env, serverName, &server_name); jstring_unpack(env, securityDomain, &security_domain); jstring_unpack(env, accountName, &account_name); jstring_unpack(env, path, &server_path); if (server_name.str == NULL || security_domain.str == NULL || account_name.str == NULL || server_path.str == NULL) { jstring_unpacked_free(env, serverName, &server_name); jstring_unpacked_free(env, securityDomain, &security_domain); jstring_unpacked_free(env, accountName, &account_name); jstring_unpacked_free(env, path, &server_path); return NULL; } status = SecKeychainFindInternetPassword( NULL, server_name.len, server_name.str, security_domain.len, security_domain.str, account_name.len, account_name.str, server_path.len, server_path.str, port, kSecProtocolTypeAny, kSecAuthenticationTypeAny, &password_length, &password, NULL ); if (status != errSecSuccess) { throw_osxkeychainexception(env, status); } else { // the returned value from keychain is not // null terminated, so a copy is created. char* password_buffer = (char *) malloc(password_length+1); memcpy(password_buffer, password, password_length); password_buffer[password_length] = 0; /* Create the return value. */ result = (*env)->NewStringUTF(env, password_buffer); /* Clean up. */ bzero(password_buffer, password_length); free(password_buffer); SecKeychainItemFreeContent(NULL, password); } jstring_unpacked_free(env, serverName, &server_name); jstring_unpacked_free(env, securityDomain, &security_domain); jstring_unpacked_free(env, accountName, &account_name); jstring_unpacked_free(env, path, &server_path); return result; }
void SG_password__set( SG_context *pCtx, const char *szRepoSpec, SG_string *pUserName, SG_string *pPassword) { const char *username, *password; SG_string *path = NULL; SG_string *server = NULL; SecProtocolType proto; SG_uint32 port; SG_bool isValid = SG_FALSE; OSStatus saveRes, findRes; SecKeychainItemRef item = NULL; SG_NULLARGCHECK(pUserName); SG_NULLARGCHECK(pPassword); SG_NULLARGCHECK(szRepoSpec); username = SG_string__sz(pUserName); password = SG_string__sz(pPassword); SG_ERR_CHECK( _sg_password__parse_url(pCtx, szRepoSpec, &isValid, &proto, &server, &path, &port) ); if (! isValid) SG_ERR_THROW(SG_ERR_NOTIMPLEMENTED); findRes = SecKeychainFindInternetPassword( NULL, SG_STRLEN( SG_string__sz(server) ), SG_string__sz(server), 0, NULL, SG_STRLEN(username), username, SG_STRLEN( SG_string__sz(path) ), SG_string__sz(path), port, proto, kSecAuthenticationTypeDefault, NULL, NULL, &item); if (findRes == errSecSuccess) { saveRes = SecKeychainItemModifyAttributesAndData(item, NULL, SG_STRLEN(password), password); } else { saveRes = SecKeychainAddInternetPassword( NULL, SG_STRLEN( SG_string__sz(server) ), SG_string__sz(server), 0, NULL, SG_STRLEN(username), username, SG_STRLEN( SG_string__sz(path) ), SG_string__sz(path), port, proto, kSecAuthenticationTypeDefault, SG_STRLEN(password), password, NULL); } if (saveRes != errSecSuccess) _SG_THROW_MAC_SEC_ERROR(saveRes); fail: if (item) CFRelease(item); SG_STRING_NULLFREE(pCtx, path); SG_STRING_NULLFREE(pCtx, server); }
VALUE internet_password_for(VALUE self, VALUE data) { VALUE ret = Qnil; CHECK_FETCH_HASH_KEY(account) CHECK_FETCH_HASH_KEY(protocol) CHECK_FETCH_HASH_KEY(server) VALUE sym_auth = rb_eval_string(":auth"); VALUE auth; if (!rb_funcall(data, rb_intern("has_key?"), 1, sym_auth)) { auth = 0; } else { auth = rb_funcall(rb_funcall(data, rb_intern("fetch"), 1, sym_auth), rb_intern("to_s"), 0); auth = String2FourChar(StringValuePtr(auth)); } VALUE sym_port = rb_eval_string(":port"); VALUE port; if (!rb_funcall(data, rb_intern("has_key?"), 1, sym_port)) { port = 0; } else { port = rb_funcall(rb_funcall(data, rb_intern("fetch"), 1, sym_port), rb_intern("to_i"), 0); port = NUM2INT(port); } VALUE sym_path = rb_eval_string(":path"); VALUE path; if (!rb_funcall(data, rb_intern("has_key?"), 1, sym_path)) { path = rb_str_new2(""); } else { path = rb_funcall(rb_funcall(data, rb_intern("fetch"), 1, sym_path), rb_intern("to_s"), 0); } char *passwordData = nil; // will be allocated and filled in by SecKeychainFindGenericPassword UInt32 passwordLength = nil; OSStatus status = SecKeychainFindInternetPassword ( NULL, // default keychain strlen(StringValuePtr(server)), // length of serverName StringValuePtr(server), // serverName 0, // length of domain NULL, // no domain strlen(StringValuePtr(account)), // length of account name StringValuePtr(account), // account name strlen(StringValuePtr(path)), // length of path StringValuePtr(path), // path port, // ignore port String2FourChar(StringValuePtr(protocol)), // protocol auth, &passwordLength, &passwordData, NULL ); if (status == noErr) { ((char*)passwordData)[passwordLength] = '\0'; // Should this be necessary? ret = rb_str_new2(passwordData); SecKeychainItemFreeContent(NULL, passwordData); } else if (status == errSecItemNotFound) { ret = Qnil; } else if (status == errSecAuthFailed) { rb_raise(rb_eSecurityError, "Authorisation failed"); } else { rb_raise(rb_eStandardError, getStatusString(status)); } return ret; }
VALUE destroy_internet_password_for(VALUE self, VALUE data) { CHECK_FETCH_HASH_KEY(account) CHECK_FETCH_HASH_KEY(protocol) CHECK_FETCH_HASH_KEY(server) VALUE sym_auth = rb_eval_string(":auth"); VALUE auth; if (!rb_funcall(data, rb_intern("has_key?"), 1, sym_auth)) { auth = 0; } else { auth = rb_funcall(rb_funcall(data, rb_intern("fetch"), 1, sym_auth), rb_intern("to_s"), 0); auth = String2FourChar(StringValuePtr(auth)); } VALUE sym_port = rb_eval_string(":port"); VALUE port; if (!rb_funcall(data, rb_intern("has_key?"), 1, sym_port)) { port = 0; } else { port = rb_funcall(rb_funcall(data, rb_intern("fetch"), 1, sym_port), rb_intern("to_i"), 0); port = NUM2INT(port); } VALUE sym_path = rb_eval_string(":path"); VALUE path; if (!rb_funcall(data, rb_intern("has_key?"), 1, sym_path)) { path = rb_str_new2(""); } else { path = rb_funcall(rb_funcall(data, rb_intern("fetch"), 1, sym_path), rb_intern("to_s"), 0); } SecKeychainItemRef itemRef = nil; OSStatus status = SecKeychainFindInternetPassword ( NULL, // default keychain strlen(StringValuePtr(server)), // length of serverName StringValuePtr(server), // serverName 0, // length of domain NULL, // no domain strlen(StringValuePtr(account)), // length of account name StringValuePtr(account), // account name strlen(StringValuePtr(path)), // length of path StringValuePtr(path), // path port, // ignore port String2FourChar(StringValuePtr(protocol)), // protocol auth, nil, nil, &itemRef ); if (status != noErr || !itemRef) return Qfalse; status = SecKeychainItemDelete(itemRef); return status == noErr ? Qtrue : Qfalse; }
VALUE set_internet_password_for(VALUE self, VALUE data) { VALUE ret = Qfalse; CHECK_FETCH_HASH_KEY(account) CHECK_FETCH_HASH_KEY(protocol) CHECK_FETCH_HASH_KEY(server) CHECK_FETCH_HASH_KEY(password) VALUE sym_auth = rb_eval_string(":auth"); VALUE auth; if (!rb_funcall(data, rb_intern("has_key?"), 1, sym_auth)) { auth = kSecAuthenticationTypeDefault; } else { auth = rb_funcall(rb_funcall(data, rb_intern("fetch"), 1, sym_auth), rb_intern("to_s"), 0); auth = String2FourChar(StringValuePtr(auth)); } VALUE sym_port = rb_eval_string(":port"); VALUE port; if (!rb_funcall(data, rb_intern("has_key?"), 1, sym_port)) { port = 0; } else { port = rb_funcall(rb_funcall(data, rb_intern("fetch"), 1, sym_port), rb_intern("to_i"), 0); port = NUM2INT(port); } VALUE sym_path = rb_eval_string(":path"); VALUE path; if (!rb_funcall(data, rb_intern("has_key?"), 1, sym_path)) { path = rb_str_new2(""); } else { path = rb_funcall(rb_funcall(data, rb_intern("fetch"), 1, sym_path), rb_intern("to_s"), 0); } OSStatus status = SecKeychainAddInternetPassword ( NULL, // default keychain strlen(StringValuePtr(server)), // length of serverName StringValuePtr(server), // serverName 0, // length of domain NULL, // no domain strlen(StringValuePtr(account)), // length of account name StringValuePtr(account), // account name strlen(StringValuePtr(path)), // length of path StringValuePtr(path), // path port, // ignore port String2FourChar(StringValuePtr(protocol)), // protocol auth, // auth type strlen(StringValuePtr(password)), StringValuePtr(password), NULL ); if (status == noErr) { ret = Qtrue; } else if (status == errSecDuplicateItem) { // Try updating instead SecKeychainItemRef itemRef = nil; status = SecKeychainFindInternetPassword ( NULL, // default keychain strlen(StringValuePtr(server)), // length of serverName StringValuePtr(server), // serverName 0, // length of domain NULL, // no domain strlen(StringValuePtr(account)), // length of account name StringValuePtr(account), // account name strlen(StringValuePtr(path)), // length of path StringValuePtr(path), // path port, // ignore port String2FourChar(StringValuePtr(protocol)), // protocol auth, nil, nil, &itemRef ); if (status != noErr) rb_raise(rb_eStandardError, getStatusString(status)); status = SecKeychainItemModifyAttributesAndData ( itemRef, // the item reference NULL, // no change to attributes strlen(StringValuePtr(password)), // length of password StringValuePtr(password) // pointer to password data ); if (status != noErr) rb_raise(rb_eStandardError, getStatusString(status)); ret = Qtrue; } else { rb_raise(rb_eStandardError, getStatusString(status)); } return ret; }