+++ /dev/null
-//
-//
-//
-//
-
-
-
-#include <CoreFoundation/CoreFoundation.h>
-
-#include <Security/SecItem.h>
-
-#include <SecurityTool/tool_errors.h>
-#include <SecurityTool/readline.h>
-
-#include <utilities/SecCFWrappers.h>
-
-#include "SecurityCommands.h"
-
-//
-// Craptastic hacks.
-
-typedef uint32_t SecProtocolType;
-typedef uint32_t SecAuthenticationType;
-
-/* Parse a string of the form attr=value,attr=value,attr=value */
-static void
-keychain_query_parse_string(CFMutableDictionaryRef q, CFStringRef s) {
- bool inkey = true;
- bool escaped = false;
- CFStringRef key = NULL;
- CFMutableStringRef str = CFStringCreateMutable(0, 0);
- CFRange rng = { .location = 0, .length = CFStringGetLength(s) };
- CFCharacterSetRef cs_key = CFCharacterSetCreateWithCharactersInString(0, CFSTR("=\\"));
- CFCharacterSetRef cs_value = CFCharacterSetCreateWithCharactersInString(0, CFSTR(",\\"));
- while (rng.length) {
- CFRange r;
- CFStringRef sub;
- bool complete = false;
- if (escaped) {
- r.location = rng.location;
- r.length = 1;
- sub = CFStringCreateWithSubstring(0, s, r);
- escaped = false;
- } else if (CFStringFindCharacterFromSet(s, inkey ? cs_key : cs_value, rng, 0, &r)) {
- if (CFStringGetCharacterAtIndex(s, r.location) == '\\') {
- escaped = true;
- } else {
- complete = true;
- }
- CFIndex next = r.location + 1;
- r.length = r.location - rng.location;
- r.location = rng.location;
- sub = CFStringCreateWithSubstring(0, s, r);
- rng.length -= next - rng.location;
- rng.location = next;
- } else {
- sub = CFStringCreateWithSubstring(0, s, rng);
- rng.location += rng.length;
- rng.length = 0;
- complete = true;
- }
- CFStringAppend(str, sub);
- CFRelease(sub);
- if (complete) {
- CFStringRef value = CFStringCreateCopy(0, str);
- CFStringReplaceAll(str, CFSTR(""));
- if (inkey) {
- key = value;
- } else {
- CFDictionarySetValue(q, key, value);
- CFReleaseNull(value);
- CFReleaseNull(key);
- }
- inkey = !inkey;
- }
- }
- if (key) {
- /* Dangeling key value is true?. */
- CFDictionarySetValue(q, key, kCFBooleanTrue);
- CFRelease(key);
- }
-
- CFRelease(str);
- CFReleaseSafe(cs_key);
- CFReleaseSafe(cs_value);
-}
-
-static void
-keychain_query_parse_cstring(CFMutableDictionaryRef q, const char *query) {
- CFStringRef s;
- s = CFStringCreateWithCStringNoCopy(0, query, kCFStringEncodingUTF8, kCFAllocatorNull);
- keychain_query_parse_string(q, s);
- CFRelease(s);
-}
-
-static CFMutableDictionaryRef
-keychain_create_query_from_string(const char *query) {
- CFMutableDictionaryRef q;
-
- q = CFDictionaryCreateMutable(0, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);
- keychain_query_parse_cstring(q, query);
- return q;
-}
-
-static void add_key(const void *key, const void *value, void *context) {
- CFArrayAppendValue(context, key);
-}
-
-static void display_item(const void *v_item, void *context) {
- CFDictionaryRef item = (CFDictionaryRef)v_item;
- CFIndex dict_count, key_ix, key_count;
- CFMutableArrayRef keys = NULL;
- CFIndex maxWidth = 10; /* Maybe precompute this or grab from context? */
-
- dict_count = CFDictionaryGetCount(item);
- keys = CFArrayCreateMutable(kCFAllocatorDefault, dict_count,
- &kCFTypeArrayCallBacks);
- CFDictionaryApplyFunction(item, add_key, keys);
- key_count = CFArrayGetCount(keys);
- CFArraySortValues(keys, CFRangeMake(0, key_count),
- (CFComparatorFunction)CFStringCompare, 0);
-
- for (key_ix = 0; key_ix < key_count; ++key_ix) {
- CFStringRef key = (CFStringRef)CFArrayGetValueAtIndex(keys, key_ix);
- CFTypeRef value = CFDictionaryGetValue(item, key);
- CFMutableStringRef line = CFStringCreateMutable(NULL, 0);
-
- CFStringAppend(line, key);
- CFIndex jx;
- for (jx = CFStringGetLength(key);
- jx < maxWidth; ++jx) {
- CFStringAppend(line, CFSTR(" "));
- }
- CFStringAppend(line, CFSTR(" : "));
- if (CFStringGetTypeID() == CFGetTypeID(value)) {
- CFStringAppend(line, (CFStringRef)value);
- } else if (CFNumberGetTypeID() == CFGetTypeID(value)) {
- CFNumberRef v_n = (CFNumberRef)value;
- CFStringAppendFormat(line, NULL, CFSTR("%@"), v_n);
- } else if (CFDateGetTypeID() == CFGetTypeID(value)) {
- CFDateRef v_d = (CFDateRef)value;
- CFStringAppendFormat(line, NULL, CFSTR("%@"), v_d);
- } else if (CFDataGetTypeID() == CFGetTypeID(value)) {
- CFDataRef v_d = (CFDataRef)value;
- CFStringRef v_s = CFStringCreateFromExternalRepresentation(
- kCFAllocatorDefault, v_d, kCFStringEncodingUTF8);
- if (v_s) {
- CFStringAppend(line, CFSTR("/"));
- CFStringAppend(line, v_s);
- CFStringAppend(line, CFSTR("/ "));
- CFRelease(v_s);
- }
- const uint8_t *bytes = CFDataGetBytePtr(v_d);
- CFIndex len = CFDataGetLength(v_d);
- for (jx = 0; jx < len; ++jx) {
- CFStringAppendFormat(line, NULL, CFSTR("%.02X"), bytes[jx]);
- }
- } else {
- CFStringAppendFormat(line, NULL, CFSTR("%@"), value);
- }
-
- CFStringWriteToFileWithNewline(line, stdout);
-
- CFRelease(line);
- }
- CFRelease(keys);
-
- CFStringWriteToFileWithNewline(CFSTR("===="), stdout);
-
- //CFShow(item);
-}
-
-
-static void display_results(CFTypeRef results) {
- if (CFGetTypeID(results) == CFArrayGetTypeID()) {
- CFArrayRef r_a = (CFArrayRef)results;
- CFArrayApplyFunction(r_a, CFRangeMake(0, CFArrayGetCount(r_a)),
- display_item, NULL);
- } else if (CFGetTypeID(results) == CFArrayGetTypeID()) {
- display_item(results, NULL);
- } else {
- fprintf(stderr, "SecItemCopyMatching returned unexpected results:");
- CFShow(results);
- }
-}
-
-static OSStatus do_find_or_delete(CFDictionaryRef query, bool do_delete) {
- OSStatus result;
- if (do_delete) {
- result = SecItemDelete(query);
- if (result) {
- sec_perror("SecItemDelete", result);
- }
- } else {
- CFTypeRef results = NULL;
- result = SecItemCopyMatching(query, &results);
- if (result) {
- sec_perror("SecItemCopyMatching", result);
- } else {
- display_results(results);
- }
- CFReleaseSafe(results);
- }
- return result;
-}
-
-static int
-do_keychain_find_or_delete_internet_password(Boolean do_delete,
- const char *serverName, const char *securityDomain,
- const char *accountName, const char *path, UInt16 port,
- SecProtocolType protocol, SecAuthenticationType authenticationType,
- Boolean get_password)
- {
- OSStatus result;
- CFDictionaryRef query = NULL;
- const void *keys[11], *values[11];
- CFIndex ix = 0;
-
- keys[ix] = kSecClass;
- values[ix++] = kSecClassInternetPassword;
- if (serverName) {
- keys[ix] = kSecAttrServer;
- values[ix++] = CFStringCreateWithCStringNoCopy(NULL, serverName,
- kCFStringEncodingUTF8, kCFAllocatorNull);
- }
- if (securityDomain) {
- keys[ix] = kSecAttrSecurityDomain;
- values[ix++] = CFStringCreateWithCStringNoCopy(NULL, securityDomain,
- kCFStringEncodingUTF8, kCFAllocatorNull);
- }
- if (accountName) {
- keys[ix] = kSecAttrAccount;
- values[ix++] = CFStringCreateWithCStringNoCopy(NULL, accountName,
- kCFStringEncodingUTF8, kCFAllocatorNull);
- }
- if (path) {
- keys[ix] = kSecAttrPath;
- values[ix++] = CFStringCreateWithCStringNoCopy(NULL, path,
- kCFStringEncodingUTF8, kCFAllocatorNull);
- }
- if (port != 0) {
- keys[ix] = kSecAttrPort;
- values[ix++] = CFNumberCreate(NULL, kCFNumberSInt16Type, &port);
- }
- if (protocol != 0) {
- /* Protocol is a 4 char code, perhaps we should use a string rep
- instead. */
- keys[ix] = kSecAttrProtocol;
- values[ix++] = CFNumberCreate(NULL, kCFNumberSInt32Type, &protocol);
- }
- if (authenticationType != 0) {
- keys[ix] = kSecAttrAuthenticationType;
- values[ix++] = CFNumberCreate(NULL, kCFNumberSInt32Type,
- &authenticationType);
- }
- if (get_password) {
- /* Only ask for the data if so required. */
- keys[ix] = kSecReturnData;
- values[ix++] = kCFBooleanTrue;
- }
- keys[ix] = kSecReturnAttributes;
- values[ix++] = kCFBooleanTrue;
- if (!do_delete) {
- /* If we aren't deleting ask for all items. */
- keys[ix] = kSecMatchLimit;
- values[ix++] = kSecMatchLimitAll;
- }
-
- query = CFDictionaryCreate(NULL, keys, values, ix,
- &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);
- result = do_find_or_delete(query, do_delete);
- CFReleaseSafe(query);
-
- return result;
-}
-
-static int
-parse_fourcharcode(const char *name, uint32_t *code)
-{
- /* @@@ Check for errors. */
- char *p = (char *)code;
- strncpy(p, name, 4);
- return 0;
-}
-
-static int
-keychain_find_or_delete_internet_password(Boolean do_delete, int argc, char * const *argv)
-{
- char *serverName = NULL, *securityDomain = NULL, *accountName = NULL, *path = NULL;
- UInt16 port = 0;
- SecProtocolType protocol = 0;
- SecAuthenticationType authenticationType = 0;
- int ch, result = 0;
- Boolean get_password = FALSE;
-
- while ((ch = getopt(argc, argv, "a:d:hgp:P:r:s:t:")) != -1)
- {
- switch (ch)
- {
- case 'a':
- accountName = optarg;
- break;
- case 'd':
- securityDomain = optarg;
- break;
- case 'g':
- if (do_delete)
- return 2;
- get_password = TRUE;
- break;
- case 'p':
- path = optarg;
- break;
- case 'P':
- port = atoi(optarg);
- break;
- case 'r':
- result = parse_fourcharcode(optarg, &protocol);
- if (result)
- goto loser;
- break;
- case 's':
- serverName = optarg;
- break;
- case 't':
- result = parse_fourcharcode(optarg, &authenticationType);
- if (result)
- goto loser;
- break;
- case '?':
- default:
- return 2; /* @@@ Return 2 triggers usage message. */
- }
- }
-
- argc -= optind;
- argv += optind;
-
- result = do_keychain_find_or_delete_internet_password(do_delete, serverName, securityDomain,
- accountName, path, port, protocol,authenticationType, get_password);
-
-
-loser:
-
- return result;
-}
-
-int
-keychain_find_internet_password(int argc, char * const *argv) {
- return keychain_find_or_delete_internet_password(0, argc, argv);
-}
-
-int
-keychain_delete_internet_password(int argc, char * const *argv) {
- return keychain_find_or_delete_internet_password(1, argc, argv);
-}
-
-static int
-do_keychain_find_or_delete_generic_password(Boolean do_delete,
- const char *serviceName, const char *accountName,
- Boolean get_password)
- {
- OSStatus result;
- CFDictionaryRef query = NULL;
- const void *keys[6], *values[6];
- CFIndex ix = 0;
-
- keys[ix] = kSecClass;
- values[ix++] = kSecClassGenericPassword;
- if (serviceName) {
- keys[ix] = kSecAttrService;
- values[ix++] = CFStringCreateWithCStringNoCopy(NULL, serviceName,
- kCFStringEncodingUTF8, kCFAllocatorNull);
- }
- if (accountName) {
- keys[ix] = kSecAttrAccount;
- values[ix++] = CFStringCreateWithCStringNoCopy(NULL, accountName,
- kCFStringEncodingUTF8, kCFAllocatorNull);
- }
- if (get_password) {
- /* Only ask for the data if so required. */
- keys[ix] = kSecReturnData;
- values[ix++] = kCFBooleanTrue;
- }
- keys[ix] = kSecReturnAttributes;
- values[ix++] = kCFBooleanTrue;
- if (!do_delete) {
- /* If we aren't deleting ask for all items. */
- keys[ix] = kSecMatchLimit;
- values[ix++] = kSecMatchLimitAll;
- }
-
- query = CFDictionaryCreate(NULL, keys, values, ix,
- &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);
-
- result = do_find_or_delete(query, do_delete);
-
- CFReleaseSafe(query);
-
- return result;
-}
-
-int keychain_item(int argc, char * const *argv) {
- int ch, result = 0;
- CFMutableDictionaryRef query, update = NULL;
- bool get_password = false;
- bool do_delete = false;
- bool do_add = false;
- bool verbose = false;
- int limit = 0;
-
- query = CFDictionaryCreateMutable(0, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);
- while ((ch = getopt(argc, argv, "ad:Df:gq:u:vl:")) != -1)
- {
- switch (ch)
- {
- case 'a':
- do_add = true;
- break;
- case 'D':
- do_delete = true;
- break;
- case 'd':
- {
- CFStringRef data = CFStringCreateWithCString(0, optarg, kCFStringEncodingUTF8);
- if (data) {
- CFDictionarySetValue(update ? update : query, kSecValueData, data);
- CFRelease(data);
- } else {
- result = 1;
- goto out;
- }
- break;
- }
- case 'f':
- {
- CFDataRef data = copyFileContents(optarg);
- CFDictionarySetValue(update ? update : query, kSecValueData, data);
- CFRelease(data);
- break;
- }
- case 'g':
- get_password = true;
- break;
- case 'q':
- keychain_query_parse_cstring(query, optarg);
- break;
- case 'u':
- if (!update)
- update = keychain_create_query_from_string(optarg);
- else
- keychain_query_parse_cstring(update, optarg);
- break;
- case 'v':
- verbose = true;
- break;
- case 'l':
- limit = atoi(optarg);
- break;
- case '?':
- default:
- /* Return 2 triggers usage message. */
- result = 2;
- goto out;
- }
- }
-
- if (((do_add || do_delete) && (get_password || update)) || !query) {
- result = 2;
- goto out;
- }
-
- argc -= optind;
- argv += optind;
-
- int ix;
- for (ix = 0; ix < argc; ++ix) {
- keychain_query_parse_cstring(query, argv[ix]);
- }
-
- if (!update && !do_add && !do_delete) {
- CFDictionarySetValue(query, kSecReturnAttributes, kCFBooleanTrue);
- if(limit) {
- CFNumberRef cfLimit = CFNumberCreate(kCFAllocatorDefault, kCFNumberIntType, &limit);
- CFDictionarySetValue(query, kSecMatchLimit, cfLimit);
- CFReleaseSafe(cfLimit);
- } else {
- CFDictionarySetValue(query, kSecMatchLimit, kSecMatchLimitAll);
- }
- if (get_password)
- CFDictionarySetValue(query, kSecReturnData, kCFBooleanTrue);
- }
-
- if (verbose)
- CFShow(query);
-
- OSStatus error;
- if (do_add) {
- error = SecItemAdd(query, NULL);
- if (error) {
- sec_perror("SecItemAdd", error);
- result = 1;
- }
- } else if (update) {
- error = SecItemUpdate(query, update);
- if (error) {
- sec_perror("SecItemUpdate", error);
- result = 1;
- }
- } else if (do_delete) {
- error = SecItemDelete(query);
- if (error) {
- sec_perror("SecItemDelete", error);
- result = 1;
- }
- } else {
- do_find_or_delete(query, do_delete);
- }
-
-out:
- CFReleaseSafe(query);
- CFReleaseSafe(update);
- return result;
-}
-
-static int
-keychain_find_or_delete_generic_password(Boolean do_delete,
- int argc, char * const *argv)
-{
- char *serviceName = NULL, *accountName = NULL;
- int ch, result = 0;
- Boolean get_password = FALSE;
-
- while ((ch = getopt(argc, argv, "a:s:g")) != -1)
- {
- switch (ch)
- {
- case 'a':
- accountName = optarg;
- break;
- case 'g':
- if (do_delete)
- return 2;
- get_password = TRUE;
- break;
- case 's':
- serviceName = optarg;
- break;
- case '?':
- default:
- return 2; /* @@@ Return 2 triggers usage message. */
- }
- }
-
- argc -= optind;
- argv += optind;
-
- result = do_keychain_find_or_delete_generic_password(do_delete,
- serviceName, accountName, get_password);
-
- return result;
-}
-
-int
-keychain_find_generic_password(int argc, char * const *argv) {
- return keychain_find_or_delete_generic_password(0, argc, argv);
-}
-
-int
-keychain_delete_generic_password(int argc, char * const *argv) {
- return keychain_find_or_delete_generic_password(1, argc, argv);
-}
projects / apple / security.git / blobdiff