From: <ho...@us...> - 2009-12-20 15:57:36
|
Revision: 16383 http://bibdesk.svn.sourceforge.net/bibdesk/?rev=16383&view=rev Author: hofman Date: 2009-12-20 15:57:29 +0000 (Sun, 20 Dec 2009) Log Message: ----------- compare only real characters of password, as no trailing zero-character is added Modified Paths: -------------- trunk/bibdesk/BDSKPasswordController.m Modified: trunk/bibdesk/BDSKPasswordController.m =================================================================== --- trunk/bibdesk/BDSKPasswordController.m 2009-12-20 15:51:48 UTC (rev 16382) +++ trunk/bibdesk/BDSKPasswordController.m 2009-12-20 15:57:29 UTC (rev 16383) @@ -86,7 +86,7 @@ if (err == noErr) { // password was on keychain, so flush the buffer and then modify the keychain if necessary - if (strcmp(passwordData, oldPasswordData) != 0) { + if (passwordLength != strlen(passwordData) || strncmp(passwordData, oldPasswordData, passwordLength) != 0) { SecKeychainAttribute attrs[] = { { kSecAccountItemAttr, strlen(userNameCString), (char *)userNameCString }, { kSecServiceItemAttr, strlen(nameCString), (char *)nameCString } }; This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <ho...@us...> - 2009-12-20 18:23:31
|
Revision: 16384 http://bibdesk.svn.sourceforge.net/bibdesk/?rev=16384&view=rev Author: hofman Date: 2009-12-20 18:23:20 +0000 (Sun, 20 Dec 2009) Log Message: ----------- just get data from string directly, no need to get bytes first Modified Paths: -------------- trunk/bibdesk/BDSKPasswordController.m Modified: trunk/bibdesk/BDSKPasswordController.m =================================================================== --- trunk/bibdesk/BDSKPasswordController.m 2009-12-20 15:57:29 UTC (rev 16383) +++ trunk/bibdesk/BDSKPasswordController.m 2009-12-20 18:23:20 UTC (rev 16384) @@ -120,8 +120,7 @@ if (password == nil) return nil; - const void *passwordBytes = [password UTF8String]; - return [[NSData dataWithBytes:passwordBytes length:strlen(passwordBytes)] sha1Signature]; + return [[password dataUsingEncoding:NSUTF8StringEncoding] sha1Signature]; } + (NSData *)runModalPanelForKeychainServiceName:(NSString *)name message:(NSString *)status { This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <ho...@us...> - 2010-12-11 00:46:53
|
Revision: 17618 http://bibdesk.svn.sourceforge.net/bibdesk/?rev=17618&view=rev Author: hofman Date: 2010-12-11 00:46:45 +0000 (Sat, 11 Dec 2010) Log Message: ----------- don't get added keychain item, we don't need it and it is leaked. Modified Paths: -------------- trunk/bibdesk/BDSKPasswordController.m Modified: trunk/bibdesk/BDSKPasswordController.m =================================================================== --- trunk/bibdesk/BDSKPasswordController.m 2010-12-10 07:41:47 UTC (rev 17617) +++ trunk/bibdesk/BDSKPasswordController.m 2010-12-11 00:46:45 UTC (rev 17618) @@ -98,7 +98,7 @@ SecKeychainItemFreeContent(NULL, (void *)oldPasswordData); } else if (err == errSecItemNotFound) { // password not on keychain, so add it - err = SecKeychainAddGenericPassword(NULL, strlen(nameCString), nameCString, strlen(userNameCString), userNameCString, strlen(passwordData), passwordData, &itemRef); + err = SecKeychainAddGenericPassword(NULL, strlen(nameCString), nameCString, strlen(userNameCString), userNameCString, strlen(passwordData), passwordData, NULL); result = (err == noErr); } else { NSLog(@"Error %d occurred setting password", err); This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <ho...@us...> - 2010-12-11 01:03:52
|
Revision: 17619 http://bibdesk.svn.sourceforge.net/bibdesk/?rev=17619&view=rev Author: hofman Date: 2010-12-11 01:03:45 +0000 (Sat, 11 Dec 2010) Log Message: ----------- no need to change service and account of existing keychain item Modified Paths: -------------- trunk/bibdesk/BDSKPasswordController.m Modified: trunk/bibdesk/BDSKPasswordController.m =================================================================== --- trunk/bibdesk/BDSKPasswordController.m 2010-12-11 00:46:45 UTC (rev 17618) +++ trunk/bibdesk/BDSKPasswordController.m 2010-12-11 01:03:45 UTC (rev 17619) @@ -87,12 +87,7 @@ if (err == noErr) { // password was on keychain, so flush the buffer and then modify the keychain if necessary if (passwordLength != strlen(passwordData) || strncmp(passwordData, oldPasswordData, passwordLength) != 0) { - SecKeychainAttribute attrs[] = { - { kSecAccountItemAttr, strlen(userNameCString), (char *)userNameCString }, - { kSecServiceItemAttr, strlen(nameCString), (char *)nameCString } }; - const SecKeychainAttributeList attributes = { sizeof(attrs) / sizeof(attrs[0]), attrs }; - - err = SecKeychainItemModifyAttributesAndData(itemRef, &attributes, strlen(passwordData), passwordData); + err = SecKeychainItemModifyAttributesAndData(itemRef, NULL, strlen(passwordData), passwordData); result = (err == noErr); } SecKeychainItemFreeContent(NULL, (void *)oldPasswordData); This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <ho...@us...> - 2018-01-30 21:57:12
|
Revision: 21818 http://sourceforge.net/p/bibdesk/svn/21818 Author: hofman Date: 2018-01-30 21:57:10 +0000 (Tue, 30 Jan 2018) Log Message: ----------- Keychain item is implicitly retained when returned, so we need to release it Modified Paths: -------------- trunk/bibdesk/BDSKPasswordController.m Modified: trunk/bibdesk/BDSKPasswordController.m =================================================================== --- trunk/bibdesk/BDSKPasswordController.m 2018-01-30 07:30:31 UTC (rev 21817) +++ trunk/bibdesk/BDSKPasswordController.m 2018-01-30 21:57:10 UTC (rev 21818) @@ -85,6 +85,7 @@ result = (err == noErr); } SecKeychainItemFreeContent(NULL, (void *)oldPasswordData); + CFRelease(itemRef); } else if (err == errSecItemNotFound) { // password not on keychain, so add it err = SecKeychainAddGenericPassword(NULL, strlen(nameCString), nameCString, strlen(userNameCString), userNameCString, strlen(passwordData), passwordData, NULL); This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <ho...@us...> - 2018-02-01 17:25:51
|
Revision: 21824 http://sourceforge.net/p/bibdesk/svn/21824 Author: hofman Date: 2018-02-01 17:25:49 +0000 (Thu, 01 Feb 2018) Log Message: ----------- look up old keychain item by service name only, we ignore the account name Modified Paths: -------------- trunk/bibdesk/BDSKPasswordController.m Modified: trunk/bibdesk/BDSKPasswordController.m =================================================================== --- trunk/bibdesk/BDSKPasswordController.m 2018-02-01 07:30:34 UTC (rev 21823) +++ trunk/bibdesk/BDSKPasswordController.m 2018-02-01 17:25:49 UTC (rev 21824) @@ -76,7 +76,7 @@ BOOL result = NO; // first see if the password exists in the keychain - err = SecKeychainFindGenericPassword(NULL, strlen(nameCString), nameCString, strlen(userNameCString), userNameCString, &passwordLength, (void **)&oldPasswordData, &itemRef); + err = SecKeychainFindGenericPassword(NULL, strlen(nameCString), nameCString, 0, NULL, &passwordLength, (void **)&oldPasswordData, &itemRef); if (err == noErr) { // password was on keychain, so flush the buffer and then modify the keychain if necessary This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <ho...@us...> - 2018-02-05 16:58:38
|
Revision: 21829 http://sourceforge.net/p/bibdesk/svn/21829 Author: hofman Date: 2018-02-05 16:58:35 +0000 (Mon, 05 Feb 2018) Log Message: ----------- Log every keychain error, unless not found or user canceled, also log error message Modified Paths: -------------- trunk/bibdesk/BDSKPasswordController.m Modified: trunk/bibdesk/BDSKPasswordController.m =================================================================== --- trunk/bibdesk/BDSKPasswordController.m 2018-02-05 07:30:46 UTC (rev 21828) +++ trunk/bibdesk/BDSKPasswordController.m 2018-02-05 16:58:35 UTC (rev 21829) @@ -57,6 +57,8 @@ if(err == noErr){ pwData = [NSData dataWithBytes:password length:passwordLength]; SecKeychainItemFreeContent(NULL, password); + } else if (err != errSecItemNotFound && err != errSecUserCanceled){ + NSLog(@"Error %d occurred getting password: %@", (int)err, [(id)SecCopyErrorMessageString(err, NULL) autorelease]); } return pwData; } @@ -82,6 +84,8 @@ // password was on keychain, so flush the buffer and then modify the keychain if necessary if (passwordLength != strlen(passwordData) || strncmp(passwordData, oldPasswordData, passwordLength) != 0) { err = SecKeychainItemModifyAttributesAndData(itemRef, NULL, strlen(passwordData), passwordData); + if (err != noErr && err != errSecUserCanceled) + NSLog(@"Error %d occurred modifying password: %@", (int)err, [(id)SecCopyErrorMessageString(err, NULL) autorelease]); result = (err == noErr); } SecKeychainItemFreeContent(NULL, (void *)oldPasswordData); @@ -88,10 +92,12 @@ CFRelease(itemRef); } else if (err == errSecItemNotFound) { // password not on keychain, so add it - err = SecKeychainAddGenericPassword(NULL, strlen(nameCString), nameCString, strlen(userNameCString), userNameCString, strlen(passwordData), passwordData, NULL); + err = SecKeychainAddGenericPassword(NULL, strlen(nameCString), nameCString, strlen(userNameCString), userNameCString, strlen(passwordData), passwordData, NULL); + if (err != noErr && err != errSecUserCanceled) + NSLog(@"Error %d occurred adding password: %@", (int)err, [(id)SecCopyErrorMessageString(err, NULL) autorelease]); result = (err == noErr); - } else { - NSLog(@"Error %d occurred setting password", (int)err); + } else if (err != errSecUserCanceled) { + NSLog(@"Error %d occurred getting password: %@", (int)err, [(id)SecCopyErrorMessageString(err, NULL) autorelease]); } return result; } This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <ho...@us...> - 2018-02-07 20:14:25
|
Revision: 21841 http://sourceforge.net/p/bibdesk/svn/21841 Author: hofman Date: 2018-02-07 20:14:22 +0000 (Wed, 07 Feb 2018) Log Message: ----------- Pass account for keychain Modified Paths: -------------- trunk/bibdesk/BDSKPasswordController.m Modified: trunk/bibdesk/BDSKPasswordController.m =================================================================== --- trunk/bibdesk/BDSKPasswordController.m 2018-02-07 20:09:24 UTC (rev 21840) +++ trunk/bibdesk/BDSKPasswordController.m 2018-02-07 20:14:22 UTC (rev 21841) @@ -56,7 +56,7 @@ NSData *pwData = nil; // see if the password exists in the keychain - err = SecKeychainFindGenericPassword(NULL, strlen(serviceCString), serviceCString, account ? strlen(accountCString) : 0, NULL, &passwordLength, &password, NULL); + err = SecKeychainFindGenericPassword(NULL, strlen(serviceCString), serviceCString, account ? strlen(accountCString) : 0, accountCString, &passwordLength, &password, NULL); if (err == errSecItemNotFound && name) { // see if an item in the old format exists SecKeychainItemRef itemRef = nil; @@ -98,7 +98,7 @@ UInt32 passwordLength = 0; // first see if the password exists in the keychain - err = SecKeychainFindGenericPassword(NULL, strlen(serviceCString), serviceCString, account ? strlen(accountCString) : 0, NULL, &passwordLength, (void **)&oldPasswordData, &itemRef); + err = SecKeychainFindGenericPassword(NULL, strlen(serviceCString), serviceCString, account ? strlen(accountCString) : 0, accountCString, &passwordLength, (void **)&oldPasswordData, &itemRef); if (err == noErr) { // password was on keychain, so flush the buffer and then modify the keychain if necessary This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <ho...@us...> - 2018-02-07 22:44:41
|
Revision: 21842 http://sourceforge.net/p/bibdesk/svn/21842 Author: hofman Date: 2018-02-07 22:44:38 +0000 (Wed, 07 Feb 2018) Log Message: ----------- inline functions to do some repeating tasks Modified Paths: -------------- trunk/bibdesk/BDSKPasswordController.m Modified: trunk/bibdesk/BDSKPasswordController.m =================================================================== --- trunk/bibdesk/BDSKPasswordController.m 2018-02-07 20:14:22 UTC (rev 21841) +++ trunk/bibdesk/BDSKPasswordController.m 2018-02-07 22:44:38 UTC (rev 21842) @@ -44,6 +44,23 @@ @implementation BDSKPasswordController +static inline void logError(NSString *action, OSStatus err) { + if (err != errSecItemNotFound && err != errSecUserCanceled) + NSLog(@"Error %d occurred %@ password: %@", (int)err, action, [(id)SecCopyErrorMessageString(err, NULL) autorelease]); +} + +static inline SecKeychainAttributeList makeAttributeList(const char *serviceCString, const char *accountCString, const char *nameCString) { + // default is to use current user's username + if (accountCString == NULL) + accountCString = [NSUserName() UTF8String]; + SecKeychainAttribute attrs[] = { + {kSecServiceItemAttr, (SInt32)strlen(serviceCString), (void *)serviceCString}, + {kSecAccountItemAttr, (SInt32)strlen(accountCString), (void *)accountCString}, + {kSecLabelItemAttr, (SInt32)strlen(nameCString), (void *)nameCString}}; + SecKeychainAttributeList attributes = {3, attrs}; + return attributes; +} + + (NSData *)passwordForKeychainService:(NSString *)service account:(NSString *)account name:(NSString *)name { // use the service name to get password from keychain and hash it with sha1 for comparison purposes OSStatus err; @@ -63,14 +80,7 @@ err = SecKeychainFindGenericPassword(NULL, strlen(nameCString), nameCString, 0, NULL, &passwordLength, &password, &itemRef); if (err == noErr) { // item in old format exists, update to new format - // default is to use current user's username - if (account == nil) - accountCString = [NSUserName() UTF8String]; - SecKeychainAttribute attrs[] = { - {kSecServiceItemAttr, (SInt32)strlen(serviceCString), (void *)serviceCString}, - {kSecAccountItemAttr, (SInt32)strlen(accountCString), (void *)accountCString}, - {kSecLabelItemAttr, (SInt32)strlen(nameCString), (void *)nameCString}}; - SecKeychainAttributeList attributes = {3, attrs}; + SecKeychainAttributeList attributes = makeAttributeList(serviceCString, accountCString, nameCString); SecKeychainItemModifyAttributesAndData(itemRef, &attributes, 0, NULL); CFRelease(itemRef); } @@ -78,8 +88,8 @@ if (err == noErr) { pwData = [NSData dataWithBytes:password length:passwordLength]; SecKeychainItemFreeContent(NULL, password); - } else if (err != errSecItemNotFound && err != errSecUserCanceled){ - NSLog(@"Error %d occurred getting password: %@", (int)err, [(id)SecCopyErrorMessageString(err, NULL) autorelease]); + } else { + logError(@"getting", err); } return pwData; } @@ -104,8 +114,7 @@ // password was on keychain, so flush the buffer and then modify the keychain if necessary if (passwordLength != strlen(passwordData) || strncmp(passwordData, oldPasswordData, passwordLength) != 0) { err = SecKeychainItemModifyAttributesAndData(itemRef, NULL, strlen(passwordData), passwordData); - if (err != noErr && err != errSecUserCanceled) - NSLog(@"Error %d occurred modifying password: %@", (int)err, [(id)SecCopyErrorMessageString(err, NULL) autorelease]); + logError(@"modifying", err); } SecKeychainItemFreeContent(NULL, (void *)oldPasswordData); CFRelease(itemRef); @@ -117,23 +126,18 @@ // see if an item in the old format exists err = SecKeychainFindGenericPassword(NULL, strlen(nameCString), nameCString, 0, NULL, NULL, NULL, &itemRef); - // default is to use current user's username - if (account == nil) - accountCString = [NSUserName() UTF8String]; - SecKeychainAttribute attrs[] = { - {kSecServiceItemAttr, (SInt32)strlen(serviceCString), (void *)serviceCString}, - {kSecAccountItemAttr, (SInt32)strlen(accountCString), (void *)accountCString}, - {kSecLabelItemAttr, (SInt32)strlen(nameCString), (void *)nameCString}}; - SecKeychainAttributeList attributes = {3, attrs}; + SecKeychainAttributeList attributes = makeAttributeList(serviceCString, accountCString, nameCString); if (err == noErr) { // password in old format was on keychain, modify the keychain to the new format err = SecKeychainItemModifyAttributesAndData(itemRef, &attributes, strlen(passwordData), passwordData); + logError(@"modifying", err); CFRelease(itemRef); } else if (err == errSecItemNotFound) { // password not on keychain, so add it err = SecKeychainItemCreateFromContent(kSecGenericPasswordItemClass, &attributes, strlen(passwordData), passwordData, NULL, NULL, NULL); - } else if (err != errSecUserCanceled) { - NSLog(@"Error %d occurred getting password: %@", (int)err, [(id)SecCopyErrorMessageString(err, NULL) autorelease]); + logError(@"adding", err); + } else { + logError(@"getting", err); } } else { // simple password not on keychain, so add it @@ -141,11 +145,10 @@ if (account == nil) accountCString = [NSUserName() UTF8String]; err = SecKeychainAddGenericPassword(NULL, strlen(serviceCString), serviceCString, strlen(accountCString), accountCString, strlen(passwordData), passwordData, NULL); - if (err != noErr && err != errSecUserCanceled) - NSLog(@"Error %d occurred adding password: %@", (int)err, [(id)SecCopyErrorMessageString(err, NULL) autorelease]); + logError(@"adding", err); } - } else if (err != errSecUserCanceled) { - NSLog(@"Error %d occurred getting password: %@", (int)err, [(id)SecCopyErrorMessageString(err, NULL) autorelease]); + } else { + logError(@"getting", err); } return (err == noErr); } This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <ho...@us...> - 2018-02-07 22:51:27
|
Revision: 21843 http://sourceforge.net/p/bibdesk/svn/21843 Author: hofman Date: 2018-02-07 22:51:25 +0000 (Wed, 07 Feb 2018) Log Message: ----------- fix type Modified Paths: -------------- trunk/bibdesk/BDSKPasswordController.m Modified: trunk/bibdesk/BDSKPasswordController.m =================================================================== --- trunk/bibdesk/BDSKPasswordController.m 2018-02-07 22:44:38 UTC (rev 21842) +++ trunk/bibdesk/BDSKPasswordController.m 2018-02-07 22:51:25 UTC (rev 21843) @@ -54,9 +54,9 @@ if (accountCString == NULL) accountCString = [NSUserName() UTF8String]; SecKeychainAttribute attrs[] = { - {kSecServiceItemAttr, (SInt32)strlen(serviceCString), (void *)serviceCString}, - {kSecAccountItemAttr, (SInt32)strlen(accountCString), (void *)accountCString}, - {kSecLabelItemAttr, (SInt32)strlen(nameCString), (void *)nameCString}}; + {kSecServiceItemAttr, (UInt32)strlen(serviceCString), (void *)serviceCString}, + {kSecAccountItemAttr, (UInt32)strlen(accountCString), (void *)accountCString}, + {kSecLabelItemAttr, (UInt32)strlen(nameCString), (void *)nameCString}}; SecKeychainAttributeList attributes = {3, attrs}; return attributes; } This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <ho...@us...> - 2022-09-22 17:03:35
|
Revision: 27921 http://sourceforge.net/p/bibdesk/svn/27921 Author: hofman Date: 2022-09-22 17:03:06 +0000 (Thu, 22 Sep 2022) Log Message: ----------- replace old keychain functions by core foundation based functions Modified Paths: -------------- trunk/bibdesk/BDSKPasswordController.m Modified: trunk/bibdesk/BDSKPasswordController.m =================================================================== --- trunk/bibdesk/BDSKPasswordController.m 2022-09-21 09:11:45 UTC (rev 27920) +++ trunk/bibdesk/BDSKPasswordController.m 2022-09-22 17:03:06 UTC (rev 27921) @@ -47,111 +47,95 @@ @synthesize passwordField, statusField; static inline void logError(NSString *action, OSStatus err) { - if (err != errSecItemNotFound && err != errSecUserCanceled) + if (err != noErr && err != errSecItemNotFound && err != errSecUserCanceled) NSLog(@"Error %d occurred %@ password: %@", (int)err, action, [(id)SecCopyErrorMessageString(err, NULL) autorelease]); } -static inline SecKeychainAttributeList makeAttributeList(const char *serviceCString, const char *accountCString, const char *nameCString) { - // default is to use current user's username - if (accountCString == NULL) - accountCString = [NSUserName() UTF8String]; - SecKeychainAttribute attrs[] = { - {kSecServiceItemAttr, (UInt32)strlen(serviceCString), (void *)serviceCString}, - {kSecAccountItemAttr, (UInt32)strlen(accountCString), (void *)accountCString}, - {kSecLabelItemAttr, (UInt32)strlen(nameCString), (void *)nameCString}}; - SecKeychainAttributeList attributes = {3, attrs}; - return attributes; -} - + (NSString *)passwordForKeychainService:(NSString *)service account:(NSString *)account name:(NSString *)name { // use the service name to get password from keychain and hash it with sha1 for comparison purposes + NSString *passwordString = nil; + NSData *passwordData = nil; OSStatus err; + NSMutableDictionary *query = [NSMutableDictionary dictionary]; - const char *serviceCString = [service UTF8String]; - const char *accountCString = [account UTF8String]; - const char *nameCString = [name UTF8String]; - void *password = NULL; - UInt32 passwordLength = 0; - NSString *passwordString = nil; + [query setObject:(NSString *)kSecClassGenericPassword forKey:(NSString *)kSecClass]; + [query setObject:(NSString *)kSecMatchLimitOne forKey:(NSString *)kSecMatchLimit]; + [query setObject:[NSNumber numberWithBool:YES] forKey:(NSString *)kSecReturnData]; + [query setObject:service forKey:(NSString *)kSecAttrService]; + if (account) + [query setObject:account forKey:(NSString *)kSecAttrAccount]; // see if the password exists in the keychain - err = SecKeychainFindGenericPassword(NULL, strlen(serviceCString), serviceCString, account ? strlen(accountCString) : 0, accountCString, &passwordLength, &password, NULL); + err = SecItemCopyMatching((CFDictionaryRef)query, (CFTypeRef *)&passwordData); if (err == errSecItemNotFound && name) { // see if an item in the old format exists - SecKeychainItemRef itemRef = nil; - err = SecKeychainFindGenericPassword(NULL, strlen(nameCString), nameCString, 0, NULL, &passwordLength, &password, &itemRef); + [query setObject:name forKey:(NSString *)kSecAttrService]; + [query removeObjectForKey:(NSString *)kSecAttrAccount]; + err = SecItemCopyMatching((CFDictionaryRef)query, (CFTypeRef *)&passwordData); if (err == noErr) { // item in old format exists, update to new format - SecKeychainAttributeList attributes = makeAttributeList(serviceCString, accountCString, nameCString); - SecKeychainItemModifyAttributesAndData(itemRef, &attributes, 0, NULL); - CFRelease(itemRef); + NSDictionary *attributes = [NSDictionary dictionaryWithObjectsAndKeys:service, (NSString *)kSecAttrService, account ?: [NSUserName() dataUsingEncoding:NSUTF8StringEncoding], (NSString *)kSecAttrAccount, name, (NSString *)kSecAttrLabel, nil]; + [query removeObjectForKey:(NSString *)kSecReturnData]; + SecItemUpdate((CFDictionaryRef)query, (CFDictionaryRef)attributes); } } + if (err == noErr) { - passwordString = [[[NSString alloc] initWithBytes:password length:passwordLength encoding:NSUTF8StringEncoding] autorelease]; - SecKeychainItemFreeContent(NULL, password); + passwordString = [[[NSString alloc] initWithData:passwordData encoding:NSUTF8StringEncoding] autorelease]; + [passwordData release]; } else { logError(@"getting", err); } + return passwordString; } + (BOOL)addOrModifyPassword:(NSString *)password forKeychainService:(NSString *)service account:(NSString *)account name:(NSString *)name { + NSString *passwordString = nil; + NSData *passwordData = nil; + OSStatus err; + NSMutableDictionary *query = [NSMutableDictionary dictionary]; + NSMutableDictionary *attributes = [NSMutableDictionary dictionary]; - NSParameterAssert(service != nil); - NSParameterAssert(password != nil); - const char *serviceCString = [service UTF8String]; - const char *accountCString = [account UTF8String]; + // first try to update an existing item + [query setObject:(NSString *)kSecClassGenericPassword forKey:(NSString *)kSecClass]; + [query setObject:(NSString *)kSecMatchLimitOne forKey:(NSString *)kSecMatchLimit]; + [query setObject:service forKey:(NSString *)kSecAttrService]; + if (account) + [query setObject:account forKey:(NSString *)kSecAttrAccount]; - OSStatus err; - SecKeychainItemRef itemRef = NULL; - const void *passwordData = [password UTF8String]; - const void *oldPasswordData = NULL; - UInt32 passwordLength = 0; + [attributes setObject:[password dataUsingEncoding:NSUTF8StringEncoding] forKey:(NSString *)kSecValueData]; - // first see if the password exists in the keychain - err = SecKeychainFindGenericPassword(NULL, strlen(serviceCString), serviceCString, account ? strlen(accountCString) : 0, accountCString, &passwordLength, (void **)&oldPasswordData, &itemRef); + err = SecItemUpdate((CFDictionaryRef)query, (CFDictionaryRef)attributes); - if (err == noErr) { - // password was on keychain, so flush the buffer and then modify the keychain if necessary - if (passwordLength != strlen(passwordData) || strncmp(passwordData, oldPasswordData, passwordLength) != 0) { - err = SecKeychainItemModifyAttributesAndData(itemRef, NULL, strlen(passwordData), passwordData); - logError(@"modifying", err); - } - SecKeychainItemFreeContent(NULL, (void *)oldPasswordData); - CFRelease(itemRef); - } else if (err == errSecItemNotFound) { - // password not on keychain + logError(@"updating", err); + + if (err == errSecItemNotFound) { + [attributes setObject:service forKey:(NSString *)kSecAttrService]; + [attributes setObject:account ?: [NSUserName() dataUsingEncoding:NSUTF8StringEncoding] forKey:(NSString *)kSecAttrAccount]; + if (name) { - const char *nameCString = [name UTF8String]; - // see if an item in the old format exists - err = SecKeychainFindGenericPassword(NULL, strlen(nameCString), nameCString, 0, NULL, NULL, NULL, &itemRef); + [attributes setObject:name forKey:(NSString *)kSecAttrLabel]; - SecKeychainAttributeList attributes = makeAttributeList(serviceCString, accountCString, nameCString); - if (err == noErr) { - // password in old format was on keychain, modify the keychain to the new format - err = SecKeychainItemModifyAttributesAndData(itemRef, &attributes, strlen(passwordData), passwordData); - logError(@"modifying", err); - CFRelease(itemRef); - } else if (err == errSecItemNotFound) { - // password not on keychain, so add it - err = SecKeychainItemCreateFromContent(kSecGenericPasswordItemClass, &attributes, strlen(passwordData), passwordData, NULL, NULL, NULL); - logError(@"adding", err); - } else { - logError(@"getting", err); - } - } else { - // simple password not on keychain, so add it - // default is to use current user's username - if (account == nil) - accountCString = [NSUserName() UTF8String]; - err = SecKeychainAddGenericPassword(NULL, strlen(serviceCString), serviceCString, strlen(accountCString), accountCString, strlen(passwordData), passwordData, NULL); + [query setObject:name forKey:(NSString *)kSecAttrService]; + [query removeObjectForKey:(NSString *)kSecAttrAccount]; + + err = SecItemUpdate((CFDictionaryRef)query, (CFDictionaryRef)attributes); + + logError(@"updating", err); + } + + if (err == errSecItemNotFound) { + // password not yet on keychain, so add it + [attributes setObject:(NSString *)kSecClassGenericPassword forKey:(NSString *)kSecClass]; + + err = SecItemAdd((CFDictionaryRef)attributes, NULL); + logError(@"adding", err); } - } else { - logError(@"getting", err); } + return (err == noErr); } This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <ho...@us...> - 2022-09-26 09:01:35
|
Revision: 27933 http://sourceforge.net/p/bibdesk/svn/27933 Author: hofman Date: 2022-09-26 09:01:33 +0000 (Mon, 26 Sep 2022) Log Message: ----------- don't bother setting item limit to default value, use security constant for no error Modified Paths: -------------- trunk/bibdesk/BDSKPasswordController.m Modified: trunk/bibdesk/BDSKPasswordController.m =================================================================== --- trunk/bibdesk/BDSKPasswordController.m 2022-09-25 23:10:02 UTC (rev 27932) +++ trunk/bibdesk/BDSKPasswordController.m 2022-09-26 09:01:33 UTC (rev 27933) @@ -47,7 +47,7 @@ @synthesize passwordField, statusField; static inline void logError(NSString *action, OSStatus err) { - if (err != noErr && err != errSecItemNotFound && err != errSecUserCanceled) + if (err != errSecSuccess && err != errSecItemNotFound && err != errSecUserCanceled) NSLog(@"Error %d occurred %@ password: %@", (int)err, action, [(id)SecCopyErrorMessageString(err, NULL) autorelease]); } @@ -59,7 +59,6 @@ NSMutableDictionary *query = [NSMutableDictionary dictionary]; [query setObject:(NSString *)kSecClassGenericPassword forKey:(NSString *)kSecClass]; - [query setObject:(NSString *)kSecMatchLimitOne forKey:(NSString *)kSecMatchLimit]; [query setObject:[NSNumber numberWithBool:YES] forKey:(NSString *)kSecReturnData]; [query setObject:service forKey:(NSString *)kSecAttrService]; if (account) @@ -72,7 +71,7 @@ [query setObject:name forKey:(NSString *)kSecAttrService]; [query removeObjectForKey:(NSString *)kSecAttrAccount]; err = SecItemCopyMatching((CFDictionaryRef)query, (CFTypeRef *)&passwordData); - if (err == noErr) { + if (err == errSecSuccess) { // item in old format exists, update to new format NSDictionary *attributes = [NSDictionary dictionaryWithObjectsAndKeys:service, (NSString *)kSecAttrService, account ?: [NSUserName() dataUsingEncoding:NSUTF8StringEncoding], (NSString *)kSecAttrAccount, name, (NSString *)kSecAttrLabel, nil]; [query removeObjectForKey:(NSString *)kSecReturnData]; @@ -80,7 +79,7 @@ } } - if (err == noErr) { + if (err == errSecSuccess) { passwordString = [[[NSString alloc] initWithData:passwordData encoding:NSUTF8StringEncoding] autorelease]; [passwordData release]; } else { @@ -99,7 +98,6 @@ // first try to update an existing item [query setObject:(NSString *)kSecClassGenericPassword forKey:(NSString *)kSecClass]; - [query setObject:(NSString *)kSecMatchLimitOne forKey:(NSString *)kSecMatchLimit]; [query setObject:service forKey:(NSString *)kSecAttrService]; if (account) [query setObject:account forKey:(NSString *)kSecAttrAccount]; @@ -136,7 +134,7 @@ } } - return (err == noErr); + return (err == errSecSuccess); } + (NSString *)passwordForKeychainServer:(NSString *)server port:(NSInteger)port account:(NSString *)account { @@ -147,17 +145,16 @@ NSMutableDictionary *query = [NSMutableDictionary dictionary]; [query setObject:(NSString *)kSecClassInternetPassword forKey:(NSString *)kSecClass]; - [query setObject:(NSString *)kSecMatchLimitOne forKey:(NSString *)kSecMatchLimit]; [query setObject:[NSNumber numberWithBool:YES] forKey:(NSString *)kSecReturnData]; [query setObject:server forKey:(NSString *)kSecAttrServer]; [query setObject:account forKey:(NSString *)kSecAttrAccount]; - if (port) + if (port != 0) [query setObject:[NSNumber numberWithInteger:port] forKey:(NSString *)kSecAttrPort]; // see if the password exists in the keychain err = SecItemCopyMatching((CFDictionaryRef)query, (CFTypeRef *)&passwordData); - if (err == noErr) { + if (err == errSecSuccess) { passwordString = [[[NSString alloc] initWithData:passwordData encoding:NSUTF8StringEncoding] autorelease]; [passwordData release]; } else { @@ -176,10 +173,9 @@ // first try to update an existing item [query setObject:(NSString *)kSecClassInternetPassword forKey:(NSString *)kSecClass]; - [query setObject:(NSString *)kSecMatchLimitOne forKey:(NSString *)kSecMatchLimit]; [query setObject:server forKey:(NSString *)kSecAttrServer]; [query setObject:account forKey:(NSString *)kSecAttrAccount]; - if (port) + if (port != 0) [query setObject:[NSNumber numberWithInteger:port] forKey:(NSString *)kSecAttrPort]; [attributes setObject:[password dataUsingEncoding:NSUTF8StringEncoding] forKey:(NSString *)kSecValueData]; @@ -190,7 +186,6 @@ if (err == errSecItemNotFound) { [attributes addEntriesFromDictionary:query]; - [attributes removeObjectForKey:(NSString *)kSecMatchLimit]; [attributes setObject:(NSString *)kSecAttrProtocolHTTPS forKey:(NSString *)kSecAttrProtocol]; if (err == errSecItemNotFound) { @@ -202,7 +197,7 @@ } } - return (err == noErr); + return (err == errSecSuccess); } - (NSString *)runModalWithMessage:(NSString *)status { This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <ho...@us...> - 2022-09-26 16:42:00
|
Revision: 27936 http://sourceforge.net/p/bibdesk/svn/27936 Author: hofman Date: 2022-09-26 16:41:58 +0000 (Mon, 26 Sep 2022) Log Message: ----------- remove second check for same condition Modified Paths: -------------- trunk/bibdesk/BDSKPasswordController.m Modified: trunk/bibdesk/BDSKPasswordController.m =================================================================== --- trunk/bibdesk/BDSKPasswordController.m 2022-09-26 09:45:50 UTC (rev 27935) +++ trunk/bibdesk/BDSKPasswordController.m 2022-09-26 16:41:58 UTC (rev 27936) @@ -185,16 +185,13 @@ logError(@"updating", err); if (err == errSecItemNotFound) { + // password not yet on keychain, so add it [attributes addEntriesFromDictionary:query]; [attributes setObject:(NSString *)kSecAttrProtocolHTTPS forKey:(NSString *)kSecAttrProtocol]; - if (err == errSecItemNotFound) { - // password not yet on keychain, so add it - - err = SecItemAdd((CFDictionaryRef)attributes, NULL); - - logError(@"adding", err); - } + err = SecItemAdd((CFDictionaryRef)attributes, NULL); + + logError(@"adding", err); } return (err == errSecSuccess); This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <ho...@us...> - 2022-10-01 22:25:10
|
Revision: 27979 http://sourceforge.net/p/bibdesk/svn/27979 Author: hofman Date: 2022-10-01 22:25:06 +0000 (Sat, 01 Oct 2022) Log Message: ----------- set type for search group keychain items Modified Paths: -------------- trunk/bibdesk/BDSKPasswordController.m Modified: trunk/bibdesk/BDSKPasswordController.m =================================================================== --- trunk/bibdesk/BDSKPasswordController.m 2022-10-01 21:00:30 UTC (rev 27978) +++ trunk/bibdesk/BDSKPasswordController.m 2022-10-01 22:25:06 UTC (rev 27979) @@ -184,6 +184,7 @@ // password not yet on keychain, so add it [attributes addEntriesFromDictionary:query]; [attributes setObject:(NSString *)kSecAttrProtocolHTTPS forKey:(NSString *)kSecAttrProtocol]; + [attributes setObject:[NSNumber numberWithUnsignedInt:'BDsg'] forKey:(NSString *)kSecAttrType]; err = SecItemAdd((CFDictionaryRef)attributes, NULL); This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |