Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

third-part addInternetKeyChain for cyberduck #5669

Closed
cyberduck opened this issue Jan 26, 2011 · 5 comments
Closed

third-part addInternetKeyChain for cyberduck #5669

cyberduck opened this issue Jan 26, 2011 · 5 comments
Assignees
@dkocher
Labels
bug ftp FTP Protocol Implementation thirdparty Issue caused by third party

Comments

@cyberduck
Copy link
Collaborator

c62fb3f created the issue

I code an app to write many ftp address, port, accounts and passwords to keychain using api:
SecTrustedApplicationCreateFromPath
SecAccessCreate
SecKeychainItemCreateFromContent

I hope cyberduck could use them, but even I update the keychain fields the same as cyberduck saved,
cyberduck couldn't use them. when connecting to an ftp, the password dialog pop up.

Is it because cyberduck save the ftp info with X509Certificate?

If I want to add keychains for cyberduck, how to do?

I create a ticket here, cause the forum above can't be reached in my country.

thank you!
@cyberduck
Copy link
Collaborator Author

@dkocher commented

Make sure the item you add with SecKeychainAddInternetPassword has the properties kSecProtocolTypeFTP and a service name matching the hostname plus a matching username.

@cyberduck
Copy link
Collaborator Author

c62fb3f commented

//This is my code and the item i add. but it can't work.

#import <Cocoa/Cocoa.h>
#include <Security/SecKeychain.h>
#include <Security/SecKeychainItem.h>
#include <Security/SecAccess.h>
#include <Security/SecTrustedApplication.h>
#include <Security/SecACL.h>

SecAccessRef createAccess(NSString *accessLabel)
{
    OSStatus err;
    SecAccessRef access=nil;
    NSArray *trustedApplications=nil;
	
    //Make an exception list of trusted applications; that is,
    // applications that are allowed to access the item without
    // requiring user confirmation:
    SecTrustedApplicationRef myself, someOther;
	//Create trusted application references; see SecTrustedApplications.h:
    err = SecTrustedApplicationCreateFromPath(NULL, &myself);
    err = SecTrustedApplicationCreateFromPath("/Applications/web/Cyberduck.app", &someOther);
    trustedApplications = [NSArray arrayWithObjects:(id)myself, (id)someOther, nil];
	//Create an access object:
    err = SecAccessCreate((CFStringRef)accessLabel,
						  (CFArrayRef)trustedApplications, &access);
    if (err) return nil;
	
    return access;
}


void addInternetPassword(NSString *itemLabel, NSString *account, NSString *password, 
						 SecProtocolType protocol, NSString *server, int port, NSString *path)
{
    OSStatus err;
    SecKeychainItemRef item = nil;
    const char *itemLabelUTF8 = [itemLabel UTF8String];
    const char *accountUTF8 = [account UTF8String];
    const char *passwordUTF8 = [password UTF8String];
	const char *serverUTF8 = [server UTF8String];
	const char *pathUTF8 = [path UTF8String];
	
    //Create initial access control settings for the item:
    SecAccessRef access = createAccess(itemLabel);
	
    //Following is the lower-level equivalent to the
    // SecKeychainAddInternetPassword function:
	
    //Set up the attribute vector (each attribute consists
    // of {tag, length, pointer}):
    SecKeychainAttribute attrs[] = {
        { kSecLabelItemAttr, strlen(itemLabelUTF8), (char *)itemLabelUTF8 },
        { kSecAccountItemAttr, strlen(accountUTF8), (char *)accountUTF8 },
        { kSecServerItemAttr, strlen(serverUTF8), (char *)serverUTF8 },
        { kSecPortItemAttr, sizeof(int), (int *)&port },
        { kSecProtocolItemAttr, sizeof(SecProtocolType), (SecProtocolType *)&protocol },
        { kSecPathItemAttr, strlen(pathUTF8), (char *)pathUTF8 }
    };
    SecKeychainAttributeList attributes = { sizeof(attrs) / sizeof(attrs[0]), attrs };
	
    err = SecKeychainItemCreateFromContent(kSecInternetPasswordItemClass,
										   &attributes,
										   strlen(passwordUTF8),
										   passwordUTF8,
										   NULL, // use the default keychain
										   access,
										   &item);
	//NSLog(@"%@", item);
	
    if (access) CFRelease(access);
    if (item) CFRelease(item);
}


int main(int argc, const char *argv[])
{
    NSAutoreleasePool *pool = [[NSAutoreleasePool alloc] init];
	
    addInternetPassword(@"222.132.26.196", @"username", @"password", kSecProtocolTypeFTP, @"222.132.26.196", 4321, @"");
	
    [pool release];
	
    return 0;
}

@cyberduck
Copy link
Collaborator Author

@dkocher commented

Use the hostname instead of the IP address for the service name.

@cyberduck
Copy link
Collaborator Author

c62fb3f commented

Replying to [comment:4 dkocher]:

Use the hostname instead of the IP address for the service name.

Using ip for server name is ok, That is not the point, I changed this line like this:

addInternetPassword(@"myftp", @"username", @"password", kSecProtocolTypeFTP, @"ftp.servername.com", 21, @"");

It still can't work.

And I hope that you get a ftp server and test the code above.

@cyberduck
Copy link
Collaborator Author

@dkocher commented

Replying to [comment:5 likun]:

Replying to [comment:4 dkocher]:

Use the hostname instead of the IP address for the service name.

Using ip for server name is ok, That is not the point, I changed this line like this:

addInternetPassword(@"myftp", @"username", @"password", kSecProtocolTypeFTP, @"ftp.servername.com", 21, @"");

It still can't work.

And I hope that you get a ftp server and test the code above.

Refer to the API. Make sure the serverName parameter equals the hostname.

@iterate-ch iterate-ch locked as resolved and limited conversation to collaborators Nov 26, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@dkocher dkocher

Labels
bug ftp FTP Protocol Implementation thirdparty Issue caused by third party
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dkocher @cyberduck