Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Allow win/mac credential managers to build on all platforms #11993

Merged
merged 5 commits into from
Apr 18, 2023
Merged

fix: Allow win/mac credential managers to build on all platforms #11993

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
feb6d88
feat(cred): Common unsupported credentials
epage Apr 18, 2023
2e3dde1
refactor(cred): Move macos impl to inline mod
epage Apr 18, 2023
72fee80
fix(cred): Get macos building on all platforms
epage Apr 18, 2023
b533f89
refactor(cred): Move win impl to inline mod
epage Apr 18, 2023
943edea
fix(cred): Get wincred building on all platforms
epage Apr 18, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
76 changes: 42 additions & 34 deletions crates/credential/cargo-credential-macos-keychain/src/main.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,50 +1,58 @@
//! Cargo registry macos keychain credential process.

use cargo_credential::{Credential, Error};
use security_framework::os::macos::keychain::SecKeychain;
#[cfg(target_os = "macos")]
mod macos {
use cargo_credential::{Credential, Error};
use security_framework::os::macos::keychain::SecKeychain;

struct MacKeychain;
pub(crate) struct MacKeychain;

/// The account name is not used.
const ACCOUNT: &'static str = "";
/// The account name is not used.
const ACCOUNT: &'static str = "";

fn registry(registry_name: &str) -> String {
format!("cargo-registry:{}", registry_name)
}

impl Credential for MacKeychain {
fn name(&self) -> &'static str {
env!("CARGO_PKG_NAME")
fn registry(registry_name: &str) -> String {
format!("cargo-registry:{}", registry_name)
}

fn get(&self, index_url: &str) -> Result<String, Error> {
let keychain = SecKeychain::default().unwrap();
let service_name = registry(index_url);
let (pass, _item) = keychain.find_generic_password(&service_name, ACCOUNT)?;
String::from_utf8(pass.as_ref().to_vec())
.map_err(|_| "failed to convert token to UTF8".into())
}
impl Credential for MacKeychain {
fn name(&self) -> &'static str {
env!("CARGO_PKG_NAME")
}

fn store(&self, index_url: &str, token: &str, name: Option<&str>) -> Result<(), Error> {
let keychain = SecKeychain::default().unwrap();
let service_name = registry(name.unwrap_or(index_url));
if let Ok((_pass, mut item)) = keychain.find_generic_password(&service_name, ACCOUNT) {
item.set_password(token.as_bytes())?;
} else {
keychain.add_generic_password(&service_name, ACCOUNT, token.as_bytes())?;
fn get(&self, index_url: &str) -> Result<String, Error> {
let keychain = SecKeychain::default().unwrap();
let service_name = registry(index_url);
let (pass, _item) = keychain.find_generic_password(&service_name, ACCOUNT)?;
String::from_utf8(pass.as_ref().to_vec())
.map_err(|_| "failed to convert token to UTF8".into())
}
Ok(())
}

fn erase(&self, index_url: &str) -> Result<(), Error> {
let keychain = SecKeychain::default().unwrap();
let service_name = registry(index_url);
let (_pass, item) = keychain.find_generic_password(&service_name, ACCOUNT)?;
item.delete();
Ok(())
fn store(&self, index_url: &str, token: &str, name: Option<&str>) -> Result<(), Error> {
let keychain = SecKeychain::default().unwrap();
let service_name = registry(name.unwrap_or(index_url));
if let Ok((_pass, mut item)) = keychain.find_generic_password(&service_name, ACCOUNT) {
item.set_password(token.as_bytes())?;
} else {
keychain.add_generic_password(&service_name, ACCOUNT, token.as_bytes())?;
}
Ok(())
}

fn erase(&self, index_url: &str) -> Result<(), Error> {
let keychain = SecKeychain::default().unwrap();
let service_name = registry(index_url);
let (_pass, item) = keychain.find_generic_password(&service_name, ACCOUNT)?;
item.delete();
Ok(())
}
}
}

#[cfg(not(target_os = "macos"))]
use cargo_credential::UnsupportedCredential as MacKeychain;
#[cfg(target_os = "macos")]
use macos::MacKeychain;

fn main() {
cargo_credential::main(MacKeychain);
}
187 changes: 99 additions & 88 deletions crates/credential/cargo-credential-wincred/src/main.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,111 +1,122 @@
//! Cargo registry windows credential process.

use cargo_credential::{Credential, Error};
use std::ffi::OsStr;
use std::os::windows::ffi::OsStrExt;
#[cfg(windows)]
mod win {
use cargo_credential::{Credential, Error};
use std::ffi::OsStr;
use std::os::windows::ffi::OsStrExt;

use windows_sys::core::PWSTR;
use windows_sys::Win32::Foundation::ERROR_NOT_FOUND;
use windows_sys::Win32::Foundation::FILETIME;
use windows_sys::Win32::Foundation::TRUE;
use windows_sys::Win32::Security::Credentials::CredDeleteW;
use windows_sys::Win32::Security::Credentials::CredReadW;
use windows_sys::Win32::Security::Credentials::CredWriteW;
use windows_sys::Win32::Security::Credentials::CREDENTIALW;
use windows_sys::Win32::Security::Credentials::CRED_PERSIST_LOCAL_MACHINE;
use windows_sys::Win32::Security::Credentials::CRED_TYPE_GENERIC;
use windows_sys::core::PWSTR;
use windows_sys::Win32::Foundation::ERROR_NOT_FOUND;
use windows_sys::Win32::Foundation::FILETIME;
use windows_sys::Win32::Foundation::TRUE;
use windows_sys::Win32::Security::Credentials::CredDeleteW;
use windows_sys::Win32::Security::Credentials::CredReadW;
use windows_sys::Win32::Security::Credentials::CredWriteW;
use windows_sys::Win32::Security::Credentials::CREDENTIALW;
use windows_sys::Win32::Security::Credentials::CRED_PERSIST_LOCAL_MACHINE;
use windows_sys::Win32::Security::Credentials::CRED_TYPE_GENERIC;

struct WindowsCredential;
pub(crate) struct WindowsCredential;

/// Converts a string to a nul-terminated wide UTF-16 byte sequence.
fn wstr(s: &str) -> Vec<u16> {
let mut wide: Vec<u16> = OsStr::new(s).encode_wide().collect();
if wide.iter().any(|b| *b == 0) {
panic!("nul byte in wide string");
/// Converts a string to a nul-terminated wide UTF-16 byte sequence.
fn wstr(s: &str) -> Vec<u16> {
let mut wide: Vec<u16> = OsStr::new(s).encode_wide().collect();
if wide.iter().any(|b| *b == 0) {
panic!("nul byte in wide string");
}
wide.push(0);
wide
}
wide.push(0);
wide
}

fn target_name(registry_name: &str) -> Vec<u16> {
wstr(&format!("cargo-registry:{}", registry_name))
}

impl Credential for WindowsCredential {
fn name(&self) -> &'static str {
env!("CARGO_PKG_NAME")
fn target_name(registry_name: &str) -> Vec<u16> {
wstr(&format!("cargo-registry:{}", registry_name))
}

fn get(&self, index_url: &str) -> Result<String, Error> {
let target_name = target_name(index_url);
let p_credential: *mut CREDENTIALW = std::ptr::null_mut() as *mut _;
unsafe {
if CredReadW(
target_name.as_ptr(),
CRED_TYPE_GENERIC,
0,
p_credential as *mut _ as *mut _,
) != TRUE
{
return Err(
format!("failed to fetch token: {}", std::io::Error::last_os_error()).into(),
impl Credential for WindowsCredential {
fn name(&self) -> &'static str {
env!("CARGO_PKG_NAME")
}

fn get(&self, index_url: &str) -> Result<String, Error> {
let target_name = target_name(index_url);
let p_credential: *mut CREDENTIALW = std::ptr::null_mut() as *mut _;
unsafe {
if CredReadW(
target_name.as_ptr(),
CRED_TYPE_GENERIC,
0,
p_credential as *mut _ as *mut _,
) != TRUE
{
return Err(format!(
"failed to fetch token: {}",
std::io::Error::last_os_error()
)
.into());
}
let bytes = std::slice::from_raw_parts(
(*p_credential).CredentialBlob,
(*p_credential).CredentialBlobSize as usize,
);
String::from_utf8(bytes.to_vec())
.map_err(|_| "failed to convert token to UTF8".into())
}
let bytes = std::slice::from_raw_parts(
(*p_credential).CredentialBlob,
(*p_credential).CredentialBlobSize as usize,
);
String::from_utf8(bytes.to_vec()).map_err(|_| "failed to convert token to UTF8".into())
}
}

fn store(&self, index_url: &str, token: &str, name: Option<&str>) -> Result<(), Error> {
let token = token.as_bytes();
let target_name = target_name(index_url);
let comment = match name {
Some(name) => wstr(&format!("Cargo registry token for {}", name)),
None => wstr("Cargo registry token"),
};
let mut credential = CREDENTIALW {
Flags: 0,
Type: CRED_TYPE_GENERIC,
TargetName: target_name.as_ptr() as PWSTR,
Comment: comment.as_ptr() as PWSTR,
LastWritten: FILETIME {
dwLowDateTime: 0,
dwHighDateTime: 0,
},
CredentialBlobSize: token.len() as u32,
CredentialBlob: token.as_ptr() as *mut u8,
Persist: CRED_PERSIST_LOCAL_MACHINE,
AttributeCount: 0,
Attributes: std::ptr::null_mut(),
TargetAlias: std::ptr::null_mut(),
UserName: std::ptr::null_mut(),
};
let result = unsafe { CredWriteW(&mut credential, 0) };
if result != TRUE {
let err = std::io::Error::last_os_error();
return Err(format!("failed to store token: {}", err).into());
fn store(&self, index_url: &str, token: &str, name: Option<&str>) -> Result<(), Error> {
let token = token.as_bytes();
let target_name = target_name(index_url);
let comment = match name {
Some(name) => wstr(&format!("Cargo registry token for {}", name)),
None => wstr("Cargo registry token"),
};
let mut credential = CREDENTIALW {
Flags: 0,
Type: CRED_TYPE_GENERIC,
TargetName: target_name.as_ptr() as PWSTR,
Comment: comment.as_ptr() as PWSTR,
LastWritten: FILETIME {
dwLowDateTime: 0,
dwHighDateTime: 0,
},
CredentialBlobSize: token.len() as u32,
CredentialBlob: token.as_ptr() as *mut u8,
Persist: CRED_PERSIST_LOCAL_MACHINE,
AttributeCount: 0,
Attributes: std::ptr::null_mut(),
TargetAlias: std::ptr::null_mut(),
UserName: std::ptr::null_mut(),
};
let result = unsafe { CredWriteW(&mut credential, 0) };
if result != TRUE {
let err = std::io::Error::last_os_error();
return Err(format!("failed to store token: {}", err).into());
}
Ok(())
}
Ok(())
}

fn erase(&self, index_url: &str) -> Result<(), Error> {
let target_name = target_name(index_url);
let result = unsafe { CredDeleteW(target_name.as_ptr(), CRED_TYPE_GENERIC, 0) };
if result != TRUE {
let err = std::io::Error::last_os_error();
if err.raw_os_error() == Some(ERROR_NOT_FOUND as i32) {
eprintln!("not currently logged in to `{}`", index_url);
return Ok(());
fn erase(&self, index_url: &str) -> Result<(), Error> {
let target_name = target_name(index_url);
let result = unsafe { CredDeleteW(target_name.as_ptr(), CRED_TYPE_GENERIC, 0) };
if result != TRUE {
let err = std::io::Error::last_os_error();
if err.raw_os_error() == Some(ERROR_NOT_FOUND as i32) {
eprintln!("not currently logged in to `{}`", index_url);
return Ok(());
}
return Err(format!("failed to remove token: {}", err).into());
}
return Err(format!("failed to remove token: {}", err).into());
Ok(())
}
Ok(())
}
}

#[cfg(not(windows))]
use cargo_credential::UnsupportedCredential as WindowsCredential;
#[cfg(windows)]
use win::WindowsCredential;

fn main() {
cargo_credential::main(WindowsCredential);
}
20 changes: 20 additions & 0 deletions crates/credential/cargo-credential/src/lib.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,26 @@ pub trait Credential {
fn erase(&self, index_url: &str) -> Result<(), Error>;
}

pub struct UnsupportedCredential;

impl Credential for UnsupportedCredential {
fn name(&self) -> &'static str {
"unsupported"
}

fn get(&self, _index_url: &str) -> Result<String, Error> {
Err("unsupported".into())
}

fn store(&self, _index_url: &str, _token: &str, _name: Option<&str>) -> Result<(), Error> {
Err("unsupported".into())
}

fn erase(&self, _index_url: &str) -> Result<(), Error> {
Err("unsupported".into())
}
}

/// Runs the credential interaction by processing the command-line and
/// environment variables.
pub fn main(credential: impl Credential) {
Expand Down