From c01c71d3b22b9acb983c238b608401f7d032ef9b Mon Sep 17 00:00:00 2001
From: Nemurimasu Neiro
Date: Mon, 6 Sep 2010 05:11:05 +0000
Subject: store our password in the Mac OS keychain

much more secure than XORing against a MAC address :)
---
 linden/indra/newview/CMakeLists.txt |  2 ++
 linden/indra/newview/llstartup.cpp  | 45 ++++++++++++++++++++++++++++++++++---
 2 files changed, 44 insertions(+), 3 deletions(-)

(limited to 'linden')

diff --git a/linden/indra/newview/CMakeLists.txt b/linden/indra/newview/CMakeLists.txt
index 995ef7e..313ed9f 100644
--- a/linden/indra/newview/CMakeLists.txt
+++ b/linden/indra/newview/CMakeLists.txt
@@ -955,11 +955,13 @@ if (DARWIN)
   find_library(APPKIT_LIBRARY AppKit)
   find_library(COCOA_LIBRARY Cocoa)
   find_library(IOKIT_LIBRARY IOKit)
+  find_library(SECURITY_LIBRARY SECURITY)
 
   set(viewer_LIBRARIES
     ${COCOA_LIBRARY}
     ${AGL_LIBRARY}
     ${IOKIT_LIBRARY}
+    ${SECURITY_LIBRARY}
     )
 
   # Add resource files to the project.
diff --git a/linden/indra/newview/llstartup.cpp b/linden/indra/newview/llstartup.cpp
index 6622740..606262f 100644
--- a/linden/indra/newview/llstartup.cpp
+++ b/linden/indra/newview/llstartup.cpp
@@ -2935,17 +2935,29 @@ std::string LLStartUp::loadPasswordFromDisk()
 		return hashed_password;
 	}
 
+	// UUID is 16 bytes, written into ASCII is 32 characters
+	// without trailing \0
+	const S32 HASHED_LENGTH = 32;
+
 	std::string filepath = gDirUtilp->getExpandedFilename(LL_PATH_USER_SETTINGS,
 													   "password.dat");
 	LLFILE* fp = LLFile::fopen(filepath, "rb");		/* Flawfinder: ignore */
 	if (!fp)
 	{
+#if LL_DARWIN
+		UInt32 passwordLength;
+		char *passwordData;
+		OSStatus stat = SecKeychainFindGenericPassword(NULL, 10, "Imprudence", 0, NULL, &passwordLength, (void**)&passwordData, NULL);
+		if (stat == noErr)
+		{
+			if (passwordLength == HASHED_LENGTH)
+				hashed_password.assign(passwordData, HASHED_LENGTH);
+			SecKeychainItemFreeContent(NULL, passwordData);
+		}
+#endif
 		return hashed_password;
 	}
 
-	// UUID is 16 bytes, written into ASCII is 32 characters
-	// without trailing \0
-	const S32 HASHED_LENGTH = 32;
 	U8 buffer[HASHED_LENGTH+1];
 
 	if (1 != fread(buffer, HASHED_LENGTH, 1, fp))
@@ -2969,6 +2981,10 @@ std::string LLStartUp::loadPasswordFromDisk()
 	{
 		hashed_password.assign((char*)buffer);
 	}
+#if LL_DARWIN
+	// we're migrating to the keychain
+	LLFile::remove(filepath);
+#endif
 
 	return hashed_password;
 }
@@ -2977,6 +2993,19 @@ std::string LLStartUp::loadPasswordFromDisk()
 // static
 void LLStartUp::savePasswordToDisk(const std::string& hashed_password)
 {
+#if LL_DARWIN
+	SecKeychainItemRef keychainItem;
+	OSStatus status = SecKeychainFindGenericPassword(NULL, 10, "Imprudence", 0, NULL, NULL, NULL, &keychainItem);
+	if (status == noErr)
+	{
+		SecKeychainItemModifyAttributesAndData(keychainItem, NULL, hashed_password.length(), hashed_password.c_str());
+		CFRelease(keychainItem);
+	}
+	else
+	{
+		SecKeychainAddGenericPassword(NULL, 10, "Imprudence", 0, NULL, hashed_password.length(), hashed_password.c_str(), NULL);
+	}
+#else
 	std::string filepath = gDirUtilp->getExpandedFilename(LL_PATH_USER_SETTINGS,
 													   "password.dat");
 	LLFILE* fp = LLFile::fopen(filepath, "wb");		/* Flawfinder: ignore */
@@ -3000,12 +3029,22 @@ void LLStartUp::savePasswordToDisk(const std::string& hashed_password)
 	}
 
 	fclose(fp);
+#endif
 }
 
 
 // static
 void LLStartUp::deletePasswordFromDisk()
 {
+#if LL_DARWIN
+	SecKeychainItemRef keychainItem;
+	OSStatus status = SecKeychainFindGenericPassword(NULL, 10, "Imprudence", 0, NULL, NULL, NULL, &keychainItem);
+	if (status == noErr)
+	{
+		SecKeychainItemDelete(keychainItem);
+		CFRelease(keychainItem);
+	}
+#endif
 	std::string filepath = gDirUtilp->getExpandedFilename(LL_PATH_USER_SETTINGS,
 														  "password.dat");
 	LLFile::remove(filepath);
-- 
cgit v1.1