X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/84aacf34eae6543be9f0280b2015385f91e5c2c6..b54c578e17e9bcbd74aa30ea75e25e955b9a6205:/SecurityTool/macOS/keychain_set_settings.c?ds=inline diff --git a/SecurityTool/macOS/keychain_set_settings.c b/SecurityTool/macOS/keychain_set_settings.c new file mode 100644 index 00000000..1adbdfcd --- /dev/null +++ b/SecurityTool/macOS/keychain_set_settings.c @@ -0,0 +1,266 @@ +/* + * Copyright (c) 2003-2009,2012,2014 Apple Inc. All Rights Reserved. + * + * @APPLE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this + * file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_LICENSE_HEADER_END@ + * + * keychain_set_settings.c + */ + +#include "keychain_set_settings.h" +#include "keychain_utilities.h" +#include "readline_cssm.h" +#include "security_tool.h" + +#include +#include +#include +#include +#include +#include +#include + +#define PW_BUF_SIZE 512 /* size of buffer to alloc for password */ + + +static int +do_keychain_set_settings(const char *keychainName, SecKeychainSettings newKeychainSettings) +{ + SecKeychainRef keychain = NULL; + OSStatus result; + + if (keychainName) + { + keychain = keychain_open(keychainName); + if (!keychain) + { + result = 1; + goto cleanup; + } + } + result = SecKeychainSetSettings(keychain, &newKeychainSettings); + if (result) + { + sec_error("SecKeychainSetSettings %s: %s", keychainName ? keychainName : "", sec_errstr(result)); + } + +cleanup: + if (keychain) + CFRelease(keychain); + + return result; +} + + +static int +do_keychain_set_password(const char *keychainName, const char* oldPassword, const char* newPassword) +{ + SecKeychainRef keychain = NULL; + OSStatus result = 1; + UInt32 oldLen = (oldPassword) ? (UInt32) strlen(oldPassword) : 0; + UInt32 newLen = (newPassword) ? (UInt32) strlen(newPassword) : 0; + char *oldPass = (oldPassword) ? (char*)oldPassword : NULL; + char *newPass = (newPassword) ? (char*)newPassword : NULL; + char *oldBuf = NULL; + char *newBuf = NULL; + + if (keychainName) + { + keychain = keychain_open(keychainName); + if (!keychain) + { + result = 1; + goto cleanup; + } + } + + if (!oldPass) { + /* prompt for old password */ + char *pBuf = getpass("Old Password: "); + if (pBuf) { + oldBuf = (char*) calloc(PW_BUF_SIZE, 1); + oldLen = (UInt32) strlen(pBuf); + memcpy(oldBuf, pBuf, oldLen); + bzero(pBuf, oldLen); + oldPass = oldBuf; + } + } + + if (!newPass) { + /* prompt for new password */ + char *pBuf = getpass("New Password: "); + if (pBuf) { + newBuf = (char*) calloc(PW_BUF_SIZE, 1); + newLen = (UInt32) strlen(pBuf); + memcpy(newBuf, pBuf, newLen); + bzero(pBuf, newLen); + } + /* confirm new password */ + pBuf = getpass("Retype New Password: "); + if (pBuf) { + UInt32 confirmLen = (UInt32) strlen(pBuf); + if (confirmLen == newLen && newBuf && + !memcmp(pBuf, newBuf, newLen)) { + newPass = newBuf; + } + bzero(pBuf, confirmLen); + } + } + + if (!oldPass || !newPass) { + sec_error("try again"); + goto cleanup; + } + + /* change the password, if daemon agrees everything looks good */ + result = SecKeychainChangePassword(keychain, oldLen, oldPass, newLen, newPass); + if (result) + { + sec_error("error changing password for \"%s\": %s", + keychainName ? keychainName : "", sec_errstr(result)); + } + +cleanup: + /* if we allocated password buffers, zero and free them */ + if (oldBuf) { + bzero(oldBuf, PW_BUF_SIZE); + free(oldBuf); + } + if (newBuf) { + bzero(newBuf, PW_BUF_SIZE); + free(newBuf); + } + if (keychain) { + CFRelease(keychain); + } + return result; +} + + +int +keychain_set_settings(int argc, char * const *argv) +{ + char *keychainName = NULL; + int ch, result = 0; + SecKeychainSettings newKeychainSettings = + { SEC_KEYCHAIN_SETTINGS_VERS1, FALSE, FALSE, INT_MAX }; + + while ((ch = getopt(argc, argv, "hlt:u")) != -1) + { + switch (ch) + { + case 'l': + newKeychainSettings.lockOnSleep = TRUE; + break; + case 't': + newKeychainSettings.lockInterval = atoi(optarg); + break; + case 'u': + newKeychainSettings.useLockInterval = TRUE; + break; + case '?': + default: + result = 2; /* @@@ Return 2 triggers usage message. */ + goto cleanup; + } + } + + if (newKeychainSettings.lockInterval != INT_MAX) { + // -t was specified, which implies -u + newKeychainSettings.useLockInterval = TRUE; + } else { + // -t was unspecified, so revert to no timeout + newKeychainSettings.useLockInterval = FALSE; + } + + argc -= optind; + argv += optind; + + if (argc == 1) + { + keychainName = argv[0]; + if (*keychainName == '\0') + { + result = 2; + goto cleanup; + } + } + else if (argc != 0) + { + result = 2; + goto cleanup; + } + + result = do_keychain_set_settings(keychainName, newKeychainSettings); + +cleanup: + + return result; +} + +int +keychain_set_password(int argc, char * const *argv) +{ + char *keychainName = NULL; + char *oldPassword = NULL; + char *newPassword = NULL; + int ch, result = 0; + + while ((ch = getopt(argc, argv, "ho:p:")) != -1) + { + switch (ch) + { + case 'o': + oldPassword = optarg; + break; + case 'p': + newPassword = optarg; + break; + case '?': + default: + result = 2; /* @@@ Return 2 triggers usage message. */ + goto cleanup; + } + } + + argc -= optind; + argv += optind; + + if (argc == 1) + { + keychainName = argv[0]; + if (*keychainName == '\0') + { + result = 2; + goto cleanup; + } + } + else if (argc != 0) + { + result = 2; + goto cleanup; + } + + result = do_keychain_set_password(keychainName, oldPassword, newPassword); + +cleanup: + + return result; +} +