-
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathosx_keychain.rb
executable file
·113 lines (92 loc) · 3.4 KB
/
osx_keychain.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
#!/usr/bin/ruby -w
require 'rubygems'
require 'inline'
class OSXKeychain
VERSION = '1.0.2'
def []= service, username, password
set(service, username, password)
end
def [] service, username = nil
get(service, username)
end
inline :C do |builder|
builder.include '<Security/Security.h>'
builder.add_link_flags %w[-lc]
builder.add_link_flags %w[-framework Security
-framework CoreFoundation
-framework CoreServices]
builder.c <<-EOC
VALUE get(char * service, VALUE _username) {
char *username = RTEST(_username) ? StringValueCStr(_username) : NULL;
OSStatus status;
UInt32 length;
CFArrayRef keychains = NULL;
void *data;
VALUE result = Qnil;
status = SecKeychainCopySearchList(&keychains);
if (status)
rb_raise(rb_eRuntimeError,
"can't access keychains, Authorization failed: %d", status);
status = SecKeychainFindGenericPassword(keychains,
(UInt32)strlen(service), service,
username ? (UInt32)strlen(username) : 0, username,
&length, &data, NULL);
if (status == errSecItemNotFound)
status = SecKeychainFindInternetPassword(keychains,
(UInt32)strlen(service), service,
0, NULL,
username ? (UInt32)strlen(username) : 0, username,
0, NULL, 0, kSecProtocolTypeAny, kSecAuthenticationTypeAny,
&length, &data, NULL);
switch (status) {
case 0:
result = rb_str_new(data, length);
SecKeychainItemFreeContent(NULL, data);
break;
case errSecItemNotFound:
// do nothing, return nil password
break;
default:
rb_raise(rb_eRuntimeError, "Can't fetch password from system");
break;
}
CFRelease(keychains);
return result;
}
EOC
builder.c <<-EOC
void set(char * service, char * username, char * password) {
OSStatus status;
SecKeychainRef keychain;
SecKeychainItemRef item;
status = SecKeychainOpen("login.keychain",&keychain);
if (status)
rb_raise(rb_eRuntimeError,
"can't access keychains, Authorization failed: %d", status);
status = SecKeychainFindGenericPassword(keychain,
(UInt32)strlen(service), service,
username == NULL ? 0 : (UInt32)strlen(username), username,
0, NULL, &item);
switch (status) {
case 0:
status = SecKeychainItemModifyAttributesAndData(item, NULL,
(UInt32)strlen(password), password);
CFRelease(item);
break;
case errSecItemNotFound:
status = SecKeychainAddGenericPassword(keychain,
(UInt32)strlen(service), service,
username == NULL ? 0 : (UInt32)strlen(username), username,
(UInt32)strlen(password), password,
NULL);
break;
default:
rb_raise(rb_eRuntimeError, "Can't fetch password from system");
break;
}
if (status)
rb_raise(rb_eRuntimeError, "Can't store password in Keychain");
}
EOC
end
end