Пример #1
0
int keyring_erase(struct credential *c)
{
	char  *object = NULL;
	GList *entries;
	GnomeKeyringNetworkPasswordData *password_data;
	GnomeKeyringResult result;

	/*
	 * Sanity check that we actually have something to match
	 * against. The input we get is a restrictive pattern,
	 * so technically a blank credential means "erase everything".
	 * But it is too easy to accidentally send this, since it is equivalent
	 * to empty input. So explicitly disallow it, and require that the
	 * pattern have some actual content to match.
	 */
	if (!c->protocol && !c->host && !c->path && !c->username)
		return EXIT_FAILURE;

	object = keyring_object(c);

	result = gnome_keyring_find_network_password_sync(
				c->username,
				NULL /* domain */,
				c->host,
				object,
				c->protocol,
				NULL /* authtype */,
				c->port,
				&entries);

	free(object);

	if (result == GNOME_KEYRING_RESULT_NO_MATCH)
		return EXIT_SUCCESS;

	if (result == GNOME_KEYRING_RESULT_CANCELLED)
		return EXIT_SUCCESS;

	if (result != GNOME_KEYRING_RESULT_OK)
	{
		error("%s",gnome_keyring_result_to_message(result));
		return EXIT_FAILURE;
	}

	/* pick the first one from the list (delete all matches?) */
	password_data = (GnomeKeyringNetworkPasswordData *) entries->data;

	result = gnome_keyring_item_delete_sync(
		password_data->keyring, password_data->item_id);

	gnome_keyring_network_password_list_free(entries);

	if (result != GNOME_KEYRING_RESULT_OK)
	{
		error("%s",gnome_keyring_result_to_message(result));
		return EXIT_FAILURE;
	}

	return EXIT_SUCCESS;
}
Пример #2
0
static void /* GnomeVFSModuleCallback */
vfs_fill_authentication_callback (gconstpointer in,
                                  size_t        in_size,
				  gpointer      out,
                                  size_t        out_size,
				  gpointer      user_data)
{
  GnomeVFSModuleCallbackFillAuthenticationIn  *in_real;
  GnomeVFSModuleCallbackFillAuthenticationOut *out_real;
  GnomeKeyringNetworkPasswordData             *pwd_data;
  GList                                       *list;
  GnomeKeyringResult                           result;

  g_return_if_fail
    (sizeof (GnomeVFSModuleCallbackFillAuthenticationIn) == in_size &&
     sizeof (GnomeVFSModuleCallbackFillAuthenticationOut) == out_size);

  g_return_if_fail (in != NULL);
  g_return_if_fail (out != NULL);

  in_real  = (GnomeVFSModuleCallbackFillAuthenticationIn *)in;
  out_real = (GnomeVFSModuleCallbackFillAuthenticationOut *)out;

  result = gnome_keyring_find_network_password_sync (in_real->username,
                                                     in_real->domain,
                                                     in_real->server,
                                                     in_real->object,
                                                     in_real->protocol,
                                                     in_real->authtype,
                                                     in_real->port,
                                                     &list);

  if (result != GNOME_KEYRING_RESULT_OK || list == NULL)
    {
      out_real->valid = FALSE;
    }
  else
    {
      /* We use the first result, which is the least specific match */
      pwd_data = list->data;

      out_real->valid    = TRUE;
      out_real->username = g_strdup (pwd_data->user);
      out_real->domain   = g_strdup (pwd_data->domain);
      out_real->password = g_strdup (pwd_data->password);

      gnome_keyring_network_password_list_free (list);
    }
}
Пример #3
0
int keyring_get(struct credential *c)
{
	char* object = NULL;
	GList *entries;
	GnomeKeyringNetworkPasswordData *password_data;
	GnomeKeyringResult result;

	if (!c->protocol || !(c->host || c->path))
		return EXIT_FAILURE;

	object = keyring_object(c);

	result = gnome_keyring_find_network_password_sync(
				c->username,
				NULL /* domain */,
				c->host,
				object,
				c->protocol,
				NULL /* authtype */,
				c->port,
				&entries);

	free(object);

	if (result == GNOME_KEYRING_RESULT_NO_MATCH)
		return EXIT_SUCCESS;

	if (result == GNOME_KEYRING_RESULT_CANCELLED)
		return EXIT_SUCCESS;

	if (result != GNOME_KEYRING_RESULT_OK) {
		error("%s",gnome_keyring_result_to_message(result));
		return EXIT_FAILURE;
	}

	/* pick the first one from the list */
	password_data = (GnomeKeyringNetworkPasswordData *) entries->data;

	free_password(c->password);
	c->password = xstrdup(password_data->password);

	if (!c->username)
		c->username = xstrdup(password_data->user);

	gnome_keyring_network_password_list_free(entries);

	return EXIT_SUCCESS;
}
Пример #4
0
static PyObject*
gnome_keyring_password_get(PyObject *self, PyObject *args)
{
    const char *realmstring;
    const char *username;
    const char *password;

    if (!PyArg_ParseTuple(args, "ss", &realmstring, &username)){
        PyErr_Clear();
        PyErr_SetString(PyExc_TypeError, 
                "password_get() must be called as (servicename,username)");
        return NULL;
    }
    if ((! dbus_bus_get(DBUS_BUS_SESSION,NULL)) || 
            (!gnome_keyring_is_available())){
        PyErr_Clear();
        PyErr_SetString(PyExc_OSError, "Can's access the keyring now");
        return NULL;
    }

    GnomeKeyringResult result;
    GList *items;

    result = gnome_keyring_find_network_password_sync(username, realmstring, 
                                           NULL, NULL, NULL, NULL, 0, &items);

    int status = 0;
    if (result == GNOME_KEYRING_RESULT_OK){
        if (items && items->data){
            GnomeKeyringNetworkPasswordData *item;
            item = (GnomeKeyringNetworkPasswordData *)items->data;
            if (item->password){
                size_t len = strlen(item->password);
                password = string_dump(item->password, len);
                status = 1;
            }
            gnome_keyring_network_password_list_free(items);
    }
    }  

    if (!status){
        PyErr_Clear();
        PyErr_SetString(PyExc_OSError, "Can't fech password from system");
        return NULL;
    }
    
    return Py_BuildValue("s",password); 
}
Пример #5
0
static void
tny_gnome_keyring_password_getter_forget_password (TnyPasswordGetter *self, const gchar *aid)
{
	GList *list=NULL;
	GnomeKeyringResult keyringret;
	gchar *keyring;
	GnomeKeyringNetworkPasswordData *pwd_data;

	gnome_keyring_get_default_keyring_sync (&keyring);

	keyringret = gnome_keyring_find_network_password_sync (
		aid /* user */,
		"Mail", aid /* hostname */,
		"password", aid /* proto */, 
		"PLAIN", 0, &list);

	if (keyringret == GNOME_KEYRING_RESULT_OK && list)
	{
		pwd_data = list->data;
		gnome_keyring_item_delete_sync (keyring, pwd_data->item_id);
		gnome_keyring_network_password_list_free (list);
	}
	return;
}
Пример #6
0
gboolean gnc_keyring_get_password ( GtkWidget *parent,
                                    const gchar *access_method,
                                    const gchar *server,
                                    guint32 port,
                                    const gchar *service,
                                    gchar **user,
                                    gchar **password)
{
    gboolean password_found = FALSE;
#ifdef HAVE_GNOME_KEYRING
    GnomeKeyringResult  gkr_result;
    GList *found_list = NULL;
    GnomeKeyringNetworkPasswordData *found;
#endif
#ifdef HAVE_OSX_KEYCHAIN
    void *password_data;
    UInt32 password_length;
    OSStatus status;
#endif

    g_return_val_if_fail (user != NULL, FALSE);
    g_return_val_if_fail (password != NULL, FALSE);

    *password = NULL;

#ifdef HAVE_GNOME_KEYRING
    gkr_result = gnome_keyring_find_network_password_sync
                 ( *user, NULL, server, service,
                   access_method, NULL, port, &found_list );

    if (gkr_result == GNOME_KEYRING_RESULT_OK)
    {
        found = (GnomeKeyringNetworkPasswordData *) found_list->data;
        if (found->password)
            *password = g_strdup(found->password);
        password_found = TRUE;
    }
    else
        PWARN ("Gnome-keyring access failed: %s.",
               gnome_keyring_result_to_message(gkr_result));

    gnome_keyring_network_password_list_free(found_list);
#endif /* HAVE_GNOME_KEYRING */

#ifdef HAVE_OSX_KEYCHAIN
    /* mysql and postgres aren't valid protocols on Mac OS X.
     * So we use the security domain parameter to allow us to
     * distinguish between these two.
     */
    if (*user != NULL)
    {
        status = SecKeychainFindInternetPassword( NULL,
                 strlen(server), server,
                 strlen(access_method), access_method,
                 strlen(*user), *user,
                 strlen(service), service,
                 port,
                 kSecProtocolTypeAny,
                 kSecAuthenticationTypeDefault,
                 &password_length, &password_data,
                 NULL);

        if ( status == noErr )
        {
            *password = g_strndup(password_data, password_length);
            password_found = TRUE;
            SecKeychainItemFreeContent(NULL, password_data);
        }
        else
        {
            CFStringRef osx_resultstring = SecCopyErrorMessageString( status, NULL );
            const gchar *resultstring = CFStringGetCStringPtr(osx_resultstring,
                                        GetApplicationTextEncoding());
            PWARN ( "OS X keychain error: %s", resultstring );
            CFRelease ( osx_resultstring );
        }
    }
#endif /* HAVE_OSX_KEYCHAIN */

    if ( !password_found )
    {
        /* If we got here, either no proper password store is
         * available on this system, or we couldn't retrieve
         * a password from it. In both cases, just ask the user
         * to enter one
         */
        gchar *db_path, *heading;

        if ( port == 0 )
            db_path = g_strdup_printf ( "%s://%s/%s", access_method, server, service );
        else
            db_path = g_strdup_printf ( "%s://%s:%d/%s", access_method, server, port, service );
        heading = g_strdup_printf ( /* Translators: %s is a path to a database or any other url,
                 like mysql://[email protected]/somedb, http://www.somequotes.com/thequotes */
                      _("Enter a user name and password to connect to: %s"),
                      db_path );

        password_found = gnc_get_username_password ( parent, heading,
                         *user, NULL,
                         user, password );
        g_free ( db_path );
        g_free ( heading );

        if ( password_found )
        {
            /* User entered new user/password information
             * Let's try to add it to a password store.
             */
            gchar *newuser = g_strdup( *user );
            gchar *newpassword = g_strdup( *password );
            gnc_keyring_set_password ( access_method,
                                       server,
                                       port,
                                       service,
                                       newuser,
                                       newpassword );
            g_free ( newuser );
            g_free ( newpassword );
        }
    }

    return password_found;
}
Пример #7
0
int main(int argc, char **argv) {
  GnomeKeyringResult result;
  GList *results;
  char *host;
  int i, tried, verbose = 0, remove = 0, list = 0;
  int set_domain = 0, set_host = 0, set_server = 0;
  int set_protocol = 0, set_port = 0, set_passfd = 0;
  int dry = 0;

  char *user = default_user();
  char *domain = NULL;
  char *server = NULL;
  char *object = NULL;
  char *protocol = NULL;
  char *authtype = NULL;
  guint32 port = 0;
  int passfd = 0;

  char *use_keyring = GNOME_KEYRING_DEFAULT;

  for (i = 1; i < argc; i++) {
    if (ARG(u) || LARG(user)) {
      S_OPT(user);
    } else if (ARG(h) || LARG(host)) {
      S_OPT_Q(host);
    } else if (ARG(s) || LARG(server)) {
      S_OPT_Q(server);
    } else if (ARG(d) || LARG(domain)) {
      S_OPT_Q(domain);
    } else if (ARG(P) || LARG(protocol)) {
      S_OPT_Q(protocol);
    } else if (ARG(p) || LARG(port)) {
      I_OPT_Q(port);
    } else if (LARG(passfd)) {
      I_OPT_Q(passfd);
    } else if (ARG(v) || LARG(verbose)) {
      verbose = 1;
    } else if (ARG(R) || LARG(remove)) {
      MODE(remove);
    } else if (ARG(l) || LARG(list)) {
      MODE(list);
    } else if (ARG(n) || LARG(dry)) {
      dry = 1;
      verbose++;
    } else if (ARG(k) || LARG(keyring)) {
      S_OPT(use_keyring);
    } else if (LARG(help)) {
      usage();
      return 0;
    } else {
      fprintf(stderr, "Unknown argument: %s\n", argv[i]);
      return 1;
    }
  }

  if (set_host && !(set_domain && set_server)) {
    char *dot = index(host, '.');
    if (dot) {
      dot[0] = '\0';
      dot++;
      if (!set_domain) domain = dot;
      if (!set_server) server = host;
    } else {
      server = host;
      domain = "";
    }
  } else if (set_domain && set_server) {
    host = NULL;
  } else if (!list) {
    fprintf(stderr, "Must set --host or (--server and --domain)\n");
    return 1;
  }

  if ((set_port + set_protocol) == 1) {
    if (set_protocol) {
      set_port_by_protocol(&port, protocol);
    } else if (set_port) {
      set_protocol_by_port(&protocol, port);
    }
  } else if (!(set_port || set_protocol || list)) {
    fprintf(stderr, "Must set at least one of --port or --protocol\n");
    return 1;
  }

  if (set_protocol && !port) {
    fprintf(stderr, "Couldn't determine port for --protocol %s\n", protocol);
    return 1;
  }

  if (verbose && !list) {
#define VALUE(X) printf("%s: %s\n", #X, X ? X : "(null)")
    VALUE(user);
    VALUE(domain);
    VALUE(server);
    VALUE(host);
    VALUE(protocol);
#undef VALUE
    printf("port: %d\n", port);
    if (dry)
      return 0;
  }

  if (!gnome_keyring_is_available()) {
    fprintf(stderr, "No keyring available\n");
    return 1;
  }

  if (list)
    return key_listing(verbose);

  for (tried = 0; tried < 2; tried++) {
    result = gnome_keyring_find_network_password_sync(
      user, domain, server, object, protocol, authtype, port,
      &results
    );
    if (verbose) printf("attempt #%d: ", tried);
    if (result == OK) {
      GList *current;
      GnomeKeyringNetworkPasswordData *passdata;
      char *password;
      for (i = 0, current = results; current; i++, current = current->next) {
        passdata = (GnomeKeyringNetworkPasswordData *)current->data;
        password = passdata->password;
        if (verbose) {
          printf("Result[%d]=%s\n", i, password);
          continue;
        }
        if (remove) {
          result = gnome_keyring_item_delete_sync(
            passdata->keyring,
            passdata->item_id
          );
          if (verbose)
            printf("Remove %s %d -> %s\n", passdata->keyring, passdata->item_id, result == OK ? "OK" : "NOT OK");
          if (!current->next)
            return 0;
          continue;
        }
        printf("%s", password);
        return 0;
      }
      if (password)
        break;
    }
    if (remove) {
      printf("No such password\n");
      return 1;
    }
    if (verbose) printf("nope\n");
    if (!tried) {
      char *password;
      if (set_passfd) {
        password = password_from(passfd);
      } else {
        password = password_prompt(user, server, domain, protocol, port);
      }
      if (password) {
        guint32 item_id;
        gnome_keyring_set_network_password_sync(
          use_keyring,
          user, domain, server, object, protocol, authtype, port,
          password, &item_id
        );
        if (verbose) printf("Stored password? %s\n", item_id ? "yes" : "no");
      }
    }
  }
  return 0;
}
Пример #8
0
static const gchar*
tny_gnome_keyring_password_getter_get_password (TnyPasswordGetter *self, const gchar *aid, const gchar *prompt, gboolean *cancel)
{
	gchar *retval = NULL;
	GList *list;
	GnomeKeyringResult keyringret;
	gchar *keyring;

	gnome_keyring_get_default_keyring_sync (&keyring);

	keyringret = gnome_keyring_find_network_password_sync (aid, "Mail", 
		aid /* hostname */,
		"password", aid /* proto */, 
		"PLAIN", 0, &list);

	if ((keyringret != GNOME_KEYRING_RESULT_OK) || (list == NULL))
	{
		gboolean canc = FALSE;

		GnomePasswordDialog *dialog = GNOME_PASSWORD_DIALOG 
				(gnome_password_dialog_new
					(_("Enter password"), prompt,
					NULL, 
					NULL, TRUE));

		gnome_password_dialog_set_domain (dialog, "Mail");
		gnome_password_dialog_set_remember (dialog, 
			GNOME_PASSWORD_DIALOG_REMEMBER_FOREVER);

		gnome_password_dialog_set_readonly_username (dialog, TRUE);
		/* gnome_password_dialog_set_username (dialog, 
			tny_account_get_user (account)); */

		gnome_password_dialog_set_show_username (dialog, FALSE);
		gnome_password_dialog_set_show_remember (dialog, 
			gnome_keyring_is_available ());
		gnome_password_dialog_set_show_domain (dialog, FALSE);
		gnome_password_dialog_set_show_userpass_buttons (dialog, FALSE);

		canc = gnome_password_dialog_run_and_block (dialog);

		if (canc)
		{
			guint32 item_id;
			GnomePasswordDialogRemember r;

			retval = gnome_password_dialog_get_password (dialog);

			mlock (retval, strlen (retval));

			r = gnome_password_dialog_get_remember (dialog);

			if (r == GNOME_PASSWORD_DIALOG_REMEMBER_FOREVER)
			{
				gnome_keyring_set_network_password_sync (keyring,
					aid /* user */,
					"Mail", aid /* hostname */,
					"password", aid /* proto */, 
					"PLAIN", 0, retval, &item_id);
			}
		} else retval = NULL;

		*cancel = (!canc);

		/* this causes warnings, but should be done afaik */
		gtk_object_destroy (GTK_OBJECT (dialog));

		while (gtk_events_pending ())
			gtk_main_iteration ();

	} else {

		GnomeKeyringNetworkPasswordData *pwd_data;
		pwd_data = list->data;
		retval = g_strdup (pwd_data->password);

		*cancel = FALSE;

		gnome_keyring_network_password_list_free (list);
	}

	return retval;
}
Пример #9
0
void SG_password__get(
	SG_context *pCtx,
	const char *szRepoSpec,
	const char *username,
	SG_string **ppstrPassword)
{
	SG_string *password = NULL;
	SG_string *path = NULL;
	SG_string *server = NULL;
	SG_string *proto = NULL;
	SG_uint32 port;
	SG_bool isValid = SG_FALSE;
	GnomeKeyringResult saveRes = 0;
	GList *results = NULL;
	guint count = 0;

	SG_NULLARGCHECK(username);
	SG_NULLARGCHECK(ppstrPassword);
	SG_NULLARGCHECK(szRepoSpec);

	if (! SG_password__supported())
		goto fail;

	SG_ERR_CHECK(  _sg_password__parse_url(pCtx, szRepoSpec,
		&isValid, &proto, &server, &path, &port)  );

	if (! isValid)
		SG_ERR_THROW(SG_ERR_NOTIMPLEMENTED);

	saveRes = gnome_keyring_find_network_password_sync(
		username, NULL,
		SG_string__sz(server), SG_string__sz(path),
		SG_string__sz(proto), NULL, (guint32)port,
		&results);

	if ((saveRes != GNOME_KEYRING_RESULT_OK) && (saveRes != GNOME_KEYRING_RESULT_NO_MATCH) && (saveRes != GNOME_KEYRING_RESULT_CANCELLED))
		_SG_THROW_LINUX_SEC_ERROR(saveRes);

	if (results != NULL)
		count = g_list_length(results);

	if (count > 0)
	{
		const char *pw = "";
		GnomeKeyringNetworkPasswordData *entry = g_list_nth_data(results, 0);

		SG_ASSERT(entry != NULL);

		if (entry->password)
			pw = entry->password;

		SG_ERR_CHECK(  SG_string__alloc__sz(pCtx, &password, pw)  );
	}

	*ppstrPassword = password;
	password = NULL;

fail:
	SG_STRING_NULLFREE(pCtx, path);
	SG_STRING_NULLFREE(pCtx, server);
	SG_STRING_NULLFREE(pCtx, proto);
	SG_STRING_NULLFREE(pCtx, password);
	if (results)
		gnome_keyring_network_password_list_free(results);
}