/* Implementation of svn_auth__password_set_t that stores
the password in the OS X KeyChain. */
static svn_error_t *
keychain_password_set(svn_boolean_t *done,
apr_hash_t *creds,
const char *realmstring,
const char *username,
const char *password,
apr_hash_t *parameters,
svn_boolean_t non_interactive,
apr_pool_t *pool)
{
OSStatus status;
SecKeychainItemRef item;
if (non_interactive)
SecKeychainSetUserInteractionAllowed(FALSE);
status = SecKeychainFindGenericPassword(NULL, (int) strlen(realmstring),
realmstring, username == NULL
? 0
: (int) strlen(username),
username, 0, NULL, &item);
if (status)
{
if (status == errSecItemNotFound)
status = SecKeychainAddGenericPassword(NULL, (int) strlen(realmstring),
realmstring, username == NULL
? 0
: (int) strlen(username),
username, (int) strlen(password),
password, NULL);
}
else
{
status = SecKeychainItemModifyAttributesAndData(item, NULL,
(int) strlen(password),
password);
CFRelease(item);
}
if (non_interactive)
SecKeychainSetUserInteractionAllowed(TRUE);
*done = (status == 0);
return SVN_NO_ERROR;
}
void SoundCloudCAPI_DefaultAuthenticationSave(SoundCloudCAPI *api)
{
SecKeychainItemRef ref;
const char *data=SoundCloudCAPI_GetCredentials(api);
const char *service=api->apiBaseURL;
CFStringRef bundleName=CFBundleGetIdentifier(CFBundleGetMainBundle());
const char *name=CFStringGetCStringPtr(bundleName,kCFStringEncodingMacRoman);
OSErr status=SecKeychainFindGenericPassword(NULL,strlen(name),name,strlen(service),service,0,0,&ref);
if (status) status=SecKeychainAddGenericPassword(NULL,strlen(name),name,strlen(service),service,strlen(data),data,0);
else {
status=SecKeychainItemModifyAttributesAndData(ref,NULL,strlen(data),data);
CFRelease(ref);
}
if (status) sc_log(api,SoundCloudCAPI_LogLevel_Errors,"Failed to save token, with err: %d\n",status);
}
bool OsxWallet::setCredentials(const QString &realm, const QString &user, const QString &password)
{
const QByteArray realm_data = realm.toUtf8();
const QByteArray user_data = user.toUtf8();
const QByteArray password_data = password.toUtf8();
/* check whether the entry already exists */
SecKeychainItemRef itemRef = NULL;
int rc = SecKeychainFindInternetPassword(keychain,
realm_data.size(), realm_data.constData(),
0, NULL,
user_data.size(), user_data.constData(),
0, NULL,
0, kSecProtocolTypeAny, kSecAuthenticationTypeAny,
0, NULL,
&itemRef);
if (rc == errSecSuccess)
{
// FIXME: we should not update username!
SecKeychainAttribute attr;
SecKeychainAttributeList attrList;
attr.tag = kSecAccountItemAttr;
attr.length = user_data.size();
attr.data = (void*)user_data.constData();
attrList.count = 1;
attrList.attr = &attr;
rc = SecKeychainItemModifyAttributesAndData(itemRef, &attrList, password_data.size(), password_data.constData());
CFRelease(itemRef);
} else {
rc = SecKeychainAddInternetPassword(keychain,
realm_data.size(), realm_data.constData(),
0, NULL,
user_data.size(), user_data.constData(),
0, NULL,
0, kSecProtocolTypeAny, kSecAuthenticationTypeAny,
password_data.size(), password_data.constData(), NULL);
}
return (rc == errSecSuccess);
}
/* Creates or updates a keychain item to match new details.
*/
void keychain_update_password(const char *origServer, const char *origUser, const char *server, const char *username, const char *password)
{
if (!strlen(server) || !strlen(username))
return;
void *s1 = NULL;
BADGE_HOSTNAME(server);
SecKeychainItemRef origItem = NULL;
OSStatus status;
if (strlen(origServer) && strlen(origUser))
{
s1 = (void*)BADGE_HOSTNAME(origServer);
origItem = get_password_details(origServer, origUser, NULL, 0);
}
SecKeychainItemRef newItem = get_password_details(server, username, NULL, 0);
if (origItem || newItem)
{
// Modify the existing password
SecKeychainItemRef keychainItem = (origItem) ? origItem : newItem;
// use 7 instead of kSecLabelItemAttr because of a Carbon bug
// details: http://lists.apple.com/archives/apple-cdsa/2006//May/msg00037.html
SecKeychainAttribute attrs[] =
{
{kSecAccountItemAttr, strlen(username), (void*)username},
{7, strlen(server), (void*)server},
{kSecServiceItemAttr, strlen(server), (void*)server}
};
SecKeychainAttributeList list = { sizeof(attrs) / sizeof(attrs[0]), attrs };
status = SecKeychainItemModifyAttributesAndData(keychainItem, &list, strlen(password), password);
if (status != noErr)
EXTENDED_KC_ERR(status, "editing an existing password");
}
else
{
// Password doesn't exist, create it
status = SecKeychainAddGenericPassword (
NULL, // default keychain
strlen(server), // length of service name
server, // service name
strlen(username), // length of account name
username, // account name
strlen(password), // length of password
password, // pointer to password data
NULL // the item reference
);
if (status != noErr)
EXTENDED_KC_ERR(status, "saving a new password");
}
free(s1);
free((void*)server);
}
static OSStatus SetKeyLabelAndTag(SecKeyRef keyRef, CFTypeRef label, CFDataRef tag)
{
int numToModify = 0;
if (label != NULL)
{
numToModify += 1;
}
if (tag != NULL)
{
numToModify += 1;
}
if (numToModify == 0)
{
return noErr;
}
SecKeychainAttributeList attrList;
SecKeychainAttribute attributes[numToModify];
int i = 0;
if (label != NULL)
{
if (CFStringGetTypeID() == CFGetTypeID(label)) {
CFStringRef label_string = static_cast<CFStringRef>(label);
attributes[i].tag = kSecKeyPrintName;
attributes[i].data = (void*) CFStringGetCStringPtr(label_string, kCFStringEncodingUTF8);
if (NULL == attributes[i].data) {
CFIndex buffer_length = CFStringGetMaximumSizeForEncoding(CFStringGetLength(label_string), kCFStringEncodingUTF8);
attributes[i].data = alloca((size_t)buffer_length);
if (NULL == attributes[i].data) {
UnixError::throwMe(ENOMEM);
}
if (!CFStringGetCString(label_string, static_cast<char *>(attributes[i].data), buffer_length, kCFStringEncodingUTF8)) {
MacOSError::throwMe(paramErr);
}
}
attributes[i].length = strlen(static_cast<char *>(attributes[i].data));
} else if (CFDataGetTypeID() == CFGetTypeID(label)) {
// 10.6 bug compatibility
CFDataRef label_data = static_cast<CFDataRef>(label);
attributes[i].tag = kSecKeyLabel;
attributes[i].data = (void*) CFDataGetBytePtr(label_data);
attributes[i].length = CFDataGetLength(label_data);
} else {
MacOSError::throwMe(paramErr);
}
i++;
}
if (tag != NULL)
{
attributes[i].tag = kSecKeyApplicationTag;
attributes[i].data = (void*) CFDataGetBytePtr(tag);
attributes[i].length = CFDataGetLength(tag);
i++;
}
attrList.count = numToModify;
attrList.attr = attributes;
return SecKeychainItemModifyAttributesAndData((SecKeychainItemRef) keyRef, &attrList, 0, NULL);
}
void SG_password__set(
SG_context *pCtx,
const char *szRepoSpec,
SG_string *pUserName,
SG_string *pPassword)
{
const char *username, *password;
SG_string *path = NULL;
SG_string *server = NULL;
SecProtocolType proto;
SG_uint32 port;
SG_bool isValid = SG_FALSE;
OSStatus saveRes, findRes;
SecKeychainItemRef item = NULL;
SG_NULLARGCHECK(pUserName);
SG_NULLARGCHECK(pPassword);
SG_NULLARGCHECK(szRepoSpec);
username = SG_string__sz(pUserName);
password = SG_string__sz(pPassword);
SG_ERR_CHECK( _sg_password__parse_url(pCtx, szRepoSpec,
&isValid, &proto, &server, &path, &port) );
if (! isValid)
SG_ERR_THROW(SG_ERR_NOTIMPLEMENTED);
findRes = SecKeychainFindInternetPassword(
NULL,
SG_STRLEN( SG_string__sz(server) ), SG_string__sz(server),
0, NULL,
SG_STRLEN(username), username,
SG_STRLEN( SG_string__sz(path) ), SG_string__sz(path),
port, proto, kSecAuthenticationTypeDefault,
NULL, NULL,
&item);
if (findRes == errSecSuccess)
{
saveRes = SecKeychainItemModifyAttributesAndData(item, NULL, SG_STRLEN(password), password);
}
else
{
saveRes = SecKeychainAddInternetPassword(
NULL,
SG_STRLEN( SG_string__sz(server) ), SG_string__sz(server),
0, NULL,
SG_STRLEN(username), username,
SG_STRLEN( SG_string__sz(path) ), SG_string__sz(path),
port, proto, kSecAuthenticationTypeDefault,
SG_STRLEN(password), password,
NULL);
}
if (saveRes != errSecSuccess)
_SG_THROW_MAC_SEC_ERROR(saveRes);
fail:
if (item)
CFRelease(item);
SG_STRING_NULLFREE(pCtx, path);
SG_STRING_NULLFREE(pCtx, server);
}
VALUE set_internet_password_for(VALUE self, VALUE data) {
VALUE ret = Qfalse;
CHECK_FETCH_HASH_KEY(account)
CHECK_FETCH_HASH_KEY(protocol)
CHECK_FETCH_HASH_KEY(server)
CHECK_FETCH_HASH_KEY(password)
VALUE sym_auth = rb_eval_string(":auth");
VALUE auth;
if (!rb_funcall(data, rb_intern("has_key?"), 1, sym_auth)) {
auth = kSecAuthenticationTypeDefault;
} else {
auth = rb_funcall(rb_funcall(data, rb_intern("fetch"), 1, sym_auth), rb_intern("to_s"), 0);
auth = String2FourChar(StringValuePtr(auth));
}
VALUE sym_port = rb_eval_string(":port");
VALUE port;
if (!rb_funcall(data, rb_intern("has_key?"), 1, sym_port)) {
port = 0;
} else {
port = rb_funcall(rb_funcall(data, rb_intern("fetch"), 1, sym_port), rb_intern("to_i"), 0);
port = NUM2INT(port);
}
VALUE sym_path = rb_eval_string(":path");
VALUE path;
if (!rb_funcall(data, rb_intern("has_key?"), 1, sym_path)) {
path = rb_str_new2("");
} else {
path = rb_funcall(rb_funcall(data, rb_intern("fetch"), 1, sym_path), rb_intern("to_s"), 0);
}
OSStatus status = SecKeychainAddInternetPassword (
NULL, // default keychain
strlen(StringValuePtr(server)), // length of serverName
StringValuePtr(server), // serverName
0, // length of domain
NULL, // no domain
strlen(StringValuePtr(account)), // length of account name
StringValuePtr(account), // account name
strlen(StringValuePtr(path)), // length of path
StringValuePtr(path), // path
port, // ignore port
String2FourChar(StringValuePtr(protocol)), // protocol
auth, // auth type
strlen(StringValuePtr(password)),
StringValuePtr(password),
NULL
);
if (status == noErr) {
ret = Qtrue;
} else if (status == errSecDuplicateItem) {
// Try updating instead
SecKeychainItemRef itemRef = nil;
status = SecKeychainFindInternetPassword (
NULL, // default keychain
strlen(StringValuePtr(server)), // length of serverName
StringValuePtr(server), // serverName
0, // length of domain
NULL, // no domain
strlen(StringValuePtr(account)), // length of account name
StringValuePtr(account), // account name
strlen(StringValuePtr(path)), // length of path
StringValuePtr(path), // path
port, // ignore port
String2FourChar(StringValuePtr(protocol)), // protocol
auth,
nil,
nil,
&itemRef
);
if (status != noErr)
rb_raise(rb_eStandardError, getStatusString(status));
status = SecKeychainItemModifyAttributesAndData (
itemRef, // the item reference
NULL, // no change to attributes
strlen(StringValuePtr(password)), // length of password
StringValuePtr(password) // pointer to password data
);
if (status != noErr)
rb_raise(rb_eStandardError, getStatusString(status));
ret = Qtrue;
} else {
rb_raise(rb_eStandardError, getStatusString(status));
}
return ret;
}
