From: "Bo Anderson via GitGitGadget" <gitgitgadget@gmail.com>
To: git@vger.kernel.org
Cc: Bo Anderson <mail@boanderson.me>, Bo Anderson <mail@boanderson.me>
Subject: [PATCH 3/4] osxkeychain: erase matching passwords only
Date: Sat, 17 Feb 2024 23:34:55 +0000 [thread overview]
Message-ID: <f7ac228aae69941032d904c3c6222216786c1d0e.1708212896.git.gitgitgadget@gmail.com> (raw)
In-Reply-To: <pull.1667.git.1708212896.gitgitgadget@gmail.com>
From: Bo Anderson <mail@boanderson.me>
Other credential helpers support deleting credentials that match a
specified password. See 7144dee3ec (credential/libsecret: erase matching
creds only, 2023-07-26) and cb626f8e5c (credential/wincred: erase
matching creds only, 2023-07-26).
Support this in osxkeychain too by extracting, decrypting and comparing
the stored password before deleting.
Fixes the following test failure with osxkeychain:
11 - helper (osxkeychain) does not erase a password distinct from
input
Signed-off-by: Bo Anderson <mail@boanderson.me>
---
.../osxkeychain/git-credential-osxkeychain.c | 56 ++++++++++++++++++-
1 file changed, 55 insertions(+), 1 deletion(-)
diff --git a/contrib/credential/osxkeychain/git-credential-osxkeychain.c b/contrib/credential/osxkeychain/git-credential-osxkeychain.c
index e9cee3aed45..9e742796336 100644
--- a/contrib/credential/osxkeychain/git-credential-osxkeychain.c
+++ b/contrib/credential/osxkeychain/git-credential-osxkeychain.c
@@ -169,9 +169,55 @@ static OSStatus find_internet_password(void)
return result;
}
+static OSStatus delete_ref(const void *itemRef)
+{
+ CFArrayRef item_ref_list;
+ CFDictionaryRef delete_query;
+ OSStatus result;
+
+ item_ref_list = CFArrayCreate(kCFAllocatorDefault,
+ &itemRef,
+ 1,
+ &kCFTypeArrayCallBacks);
+ delete_query = create_dictionary(kCFAllocatorDefault,
+ kSecClass, kSecClassInternetPassword,
+ kSecMatchItemList, item_ref_list,
+ NULL);
+
+ if (password) {
+ /* We only want to delete items with a matching password */
+ CFIndex capacity;
+ CFMutableDictionaryRef query;
+ CFDataRef data;
+
+ capacity = CFDictionaryGetCount(delete_query) + 1;
+ query = CFDictionaryCreateMutableCopy(kCFAllocatorDefault,
+ capacity,
+ delete_query);
+ CFDictionarySetValue(query, kSecReturnData, kCFBooleanTrue);
+ result = SecItemCopyMatching(query, (CFTypeRef *)&data);
+ if (!result) {
+ if (CFEqual(data, password))
+ result = SecItemDelete(delete_query);
+
+ CFRelease(data);
+ }
+
+ CFRelease(query);
+ } else {
+ result = SecItemDelete(delete_query);
+ }
+
+ CFRelease(delete_query);
+ CFRelease(item_ref_list);
+
+ return result;
+}
+
static OSStatus delete_internet_password(void)
{
CFDictionaryRef attrs;
+ CFArrayRef refs;
OSStatus result;
/*
@@ -183,10 +229,18 @@ static OSStatus delete_internet_password(void)
return -1;
attrs = CREATE_SEC_ATTRIBUTES(kSecMatchLimit, kSecMatchLimitAll,
+ kSecReturnRef, kCFBooleanTrue,
NULL);
- result = SecItemDelete(attrs);
+ result = SecItemCopyMatching(attrs, (CFTypeRef *)&refs);
CFRelease(attrs);
+ if (!result) {
+ for (CFIndex i = 0; !result && i < CFArrayGetCount(refs); i++)
+ result = delete_ref(CFArrayGetValueAtIndex(refs, i));
+
+ CFRelease(refs);
+ }
+
/* We consider not found to not be an error */
if (result == errSecItemNotFound)
result = errSecSuccess;
--
gitgitgadget
next prev parent reply other threads:[~2024-02-17 23:35 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-02-17 23:34 [PATCH 0/4] osxkeychain: bring in line with other credential helpers Bo Anderson via GitGitGadget
2024-02-17 23:34 ` [PATCH 1/4] osxkeychain: replace deprecated SecKeychain API Bo Anderson via GitGitGadget
2024-02-18 6:08 ` Eric Sunshine
2024-02-18 14:48 ` Bo Anderson
2024-02-18 18:39 ` Eric Sunshine
2024-02-17 23:34 ` [PATCH 2/4] osxkeychain: erase all matching credentials Bo Anderson via GitGitGadget
2024-02-17 23:34 ` Bo Anderson via GitGitGadget [this message]
2024-02-17 23:34 ` [PATCH 4/4] osxkeychain: store new attributes Bo Anderson via GitGitGadget
2024-02-18 6:31 ` Eric Sunshine
2024-02-18 6:38 ` [PATCH 0/4] osxkeychain: bring in line with other credential helpers Eric Sunshine
2024-02-18 20:40 ` M Hickford
2024-02-18 23:23 ` Bo Anderson
2024-03-04 8:00 ` M Hickford
2024-03-07 9:47 ` Jeff King
2024-04-02 13:21 ` Robert Coup
2024-04-02 13:53 ` Bo Anderson
2024-04-02 14:54 ` Robert Coup
2024-04-01 21:40 ` M Hickford
2024-04-01 22:16 ` Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=f7ac228aae69941032d904c3c6222216786c1d0e.1708212896.git.gitgitgadget@gmail.com \
--to=gitgitgadget@gmail.com \
--cc=git@vger.kernel.org \
--cc=mail@boanderson.me \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).