+++ /dev/null
-/*
- * Copyright (c) 2003-2009,2012,2014 Apple Inc. All Rights Reserved.
- *
- * @APPLE_LICENSE_HEADER_START@
- *
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this
- * file.
- *
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- *
- * @APPLE_LICENSE_HEADER_END@
- *
- * keychain_set_settings.c
- */
-
-#include "keychain_set_settings.h"
-#include "keychain_utilities.h"
-#include "readline_cssm.h"
-#include "security_tool.h"
-
-#include <limits.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-#include <Security/SecKeychain.h>
-#include <Security/SecKeychainPriv.h>
-
-#define PW_BUF_SIZE 512 /* size of buffer to alloc for password */
-
-
-static int
-do_keychain_set_settings(const char *keychainName, SecKeychainSettings newKeychainSettings)
-{
- SecKeychainRef keychain = NULL;
- OSStatus result;
-
- if (keychainName)
- {
- keychain = keychain_open(keychainName);
- if (!keychain)
- {
- result = 1;
- goto cleanup;
- }
- }
- result = SecKeychainSetSettings(keychain, &newKeychainSettings);
- if (result)
- {
- sec_error("SecKeychainSetSettings %s: %s", keychainName ? keychainName : "<NULL>", sec_errstr(result));
- }
-
-cleanup:
- if (keychain)
- CFRelease(keychain);
-
- return result;
-}
-
-
-static int
-do_keychain_set_password(const char *keychainName, const char* oldPassword, const char* newPassword)
-{
- SecKeychainRef keychain = NULL;
- OSStatus result = 1;
- UInt32 oldLen = (oldPassword) ? (UInt32) strlen(oldPassword) : 0;
- UInt32 newLen = (newPassword) ? (UInt32) strlen(newPassword) : 0;
- char *oldPass = (oldPassword) ? (char*)oldPassword : NULL;
- char *newPass = (newPassword) ? (char*)newPassword : NULL;
- char *oldBuf = NULL;
- char *newBuf = NULL;
-
- if (keychainName)
- {
- keychain = keychain_open(keychainName);
- if (!keychain)
- {
- result = 1;
- goto cleanup;
- }
- }
-
- if (!oldPass) {
- /* prompt for old password */
- char *pBuf = getpass("Old Password: ");
- if (pBuf) {
- oldBuf = (char*) calloc(PW_BUF_SIZE, 1);
- oldLen = (UInt32) strlen(pBuf);
- memcpy(oldBuf, pBuf, oldLen);
- bzero(pBuf, oldLen);
- oldPass = oldBuf;
- }
- }
-
- if (!newPass) {
- /* prompt for new password */
- char *pBuf = getpass("New Password: ");
- if (pBuf) {
- newBuf = (char*) calloc(PW_BUF_SIZE, 1);
- newLen = (UInt32) strlen(pBuf);
- memcpy(newBuf, pBuf, newLen);
- bzero(pBuf, newLen);
- }
- /* confirm new password */
- pBuf = getpass("Retype New Password: ");
- if (pBuf) {
- UInt32 confirmLen = (UInt32) strlen(pBuf);
- if (confirmLen == newLen && newBuf &&
- !memcmp(pBuf, newBuf, newLen)) {
- newPass = newBuf;
- }
- bzero(pBuf, confirmLen);
- }
- }
-
- if (!oldPass || !newPass) {
- sec_error("try again");
- goto cleanup;
- }
-
- /* change the password, if daemon agrees everything looks good */
- result = SecKeychainChangePassword(keychain, oldLen, oldPass, newLen, newPass);
- if (result)
- {
- sec_error("error changing password for \"%s\": %s",
- keychainName ? keychainName : "<NULL>", sec_errstr(result));
- }
-
-cleanup:
- /* if we allocated password buffers, zero and free them */
- if (oldBuf) {
- bzero(oldBuf, PW_BUF_SIZE);
- free(oldBuf);
- }
- if (newBuf) {
- bzero(newBuf, PW_BUF_SIZE);
- free(newBuf);
- }
- if (keychain) {
- CFRelease(keychain);
- }
- return result;
-}
-
-
-int
-keychain_set_settings(int argc, char * const *argv)
-{
- char *keychainName = NULL;
- int ch, result = 0;
- SecKeychainSettings newKeychainSettings =
- { SEC_KEYCHAIN_SETTINGS_VERS1, FALSE, FALSE, INT_MAX };
-
- while ((ch = getopt(argc, argv, "hlt:u")) != -1)
- {
- switch (ch)
- {
- case 'l':
- newKeychainSettings.lockOnSleep = TRUE;
- break;
- case 't':
- newKeychainSettings.lockInterval = atoi(optarg);
- break;
- case 'u':
- newKeychainSettings.useLockInterval = TRUE;
- break;
- case '?':
- default:
- result = 2; /* @@@ Return 2 triggers usage message. */
- goto cleanup;
- }
- }
-
- if (newKeychainSettings.lockInterval != INT_MAX) {
- // -t was specified, which implies -u
- newKeychainSettings.useLockInterval = TRUE;
- } else {
- // -t was unspecified, so revert to no timeout
- newKeychainSettings.useLockInterval = FALSE;
- }
-
- argc -= optind;
- argv += optind;
-
- if (argc == 1)
- {
- keychainName = argv[0];
- if (*keychainName == '\0')
- {
- result = 2;
- goto cleanup;
- }
- }
- else if (argc != 0)
- {
- result = 2;
- goto cleanup;
- }
-
- result = do_keychain_set_settings(keychainName, newKeychainSettings);
-
-cleanup:
-
- return result;
-}
-
-int
-keychain_set_password(int argc, char * const *argv)
-{
- char *keychainName = NULL;
- char *oldPassword = NULL;
- char *newPassword = NULL;
- int ch, result = 0;
-
- while ((ch = getopt(argc, argv, "ho:p:")) != -1)
- {
- switch (ch)
- {
- case 'o':
- oldPassword = optarg;
- break;
- case 'p':
- newPassword = optarg;
- break;
- case '?':
- default:
- result = 2; /* @@@ Return 2 triggers usage message. */
- goto cleanup;
- }
- }
-
- argc -= optind;
- argv += optind;
-
- if (argc == 1)
- {
- keychainName = argv[0];
- if (*keychainName == '\0')
- {
- result = 2;
- goto cleanup;
- }
- }
- else if (argc != 0)
- {
- result = 2;
- goto cleanup;
- }
-
- result = do_keychain_set_password(keychainName, oldPassword, newPassword);
-
-cleanup:
-
- return result;
-}
-
projects / apple / security.git / blobdiff