From d697456dc90adbaf68224ed7c115b38d5855e582 Mon Sep 17 00:00:00 2001 From: Valentin Rothberg Date: Mon, 24 Jun 2019 11:29:13 +0200 Subject: migrate to go-modules Signed-off-by: Valentin Rothberg --- .../docker/docker-credential-helpers/README.md | 82 -------- .../osxkeychain/osxkeychain_darwin.c | 228 --------------------- .../osxkeychain/osxkeychain_darwin.go | 196 ------------------ .../osxkeychain/osxkeychain_darwin.h | 14 -- .../osxkeychain/url_go18.go | 13 -- .../osxkeychain/url_non_go18.go | 41 ---- .../secretservice/secretservice_linux.c | 162 --------------- .../secretservice/secretservice_linux.go | 118 ----------- .../secretservice/secretservice_linux.h | 13 -- 9 files changed, 867 deletions(-) delete mode 100644 vendor/github.com/docker/docker-credential-helpers/README.md delete mode 100644 vendor/github.com/docker/docker-credential-helpers/osxkeychain/osxkeychain_darwin.c delete mode 100644 vendor/github.com/docker/docker-credential-helpers/osxkeychain/osxkeychain_darwin.go delete mode 100644 vendor/github.com/docker/docker-credential-helpers/osxkeychain/osxkeychain_darwin.h delete mode 100644 vendor/github.com/docker/docker-credential-helpers/osxkeychain/url_go18.go delete mode 100644 vendor/github.com/docker/docker-credential-helpers/osxkeychain/url_non_go18.go delete mode 100644 vendor/github.com/docker/docker-credential-helpers/secretservice/secretservice_linux.c delete mode 100644 vendor/github.com/docker/docker-credential-helpers/secretservice/secretservice_linux.go delete mode 100644 vendor/github.com/docker/docker-credential-helpers/secretservice/secretservice_linux.h (limited to 'vendor/github.com/docker/docker-credential-helpers') diff --git a/vendor/github.com/docker/docker-credential-helpers/README.md b/vendor/github.com/docker/docker-credential-helpers/README.md deleted file mode 100644 index f9cbc3fb5..000000000 --- a/vendor/github.com/docker/docker-credential-helpers/README.md +++ /dev/null @@ -1,82 +0,0 @@ -## Introduction - -docker-credential-helpers is a suite of programs to use native stores to keep Docker credentials safe. - -## Installation - -Go to the [Releases](https://github.com/docker/docker-credential-helpers/releases) page and download the binary that works better for you. Put that binary in your `$PATH`, so Docker can find it. - -### Building from scratch - -The programs in this repository are written with the Go programming language. These instructions assume that you have previous knowledge about the language and you have it installed in your machine. - -1 - Download the source and put it in your `$GOPATH` with `go get`. - -``` -$ go get github.com/docker/docker-credential-helpers -``` - -2 - Use `make` to build the program you want. That will leave any executable in the `bin` directory inside the repository. - -``` -$ cd $GOPATH/docker/docker-credentials-helpers -$ make osxkeychain -``` - -3 - Put that binary in your `$PATH`, so Docker can find it. - -## Usage - -### With the Docker Engine - -Set the `credsStore` option in your `.docker/config.json` file with the suffix of the program you want to use. For instance, set it to `osxkeychain` if you want to use `docker-credential-osxkeychain`. - -```json -{ - "credsStore": "osxkeychain" -} -``` - -### With other command line applications - -The sub-package [client](https://godoc.org/github.com/docker/docker-credential-helpers/client) includes -functions to call external programs from your own command line applications. - -There are three things you need to know if you need to interact with a helper: - -1. The name of the program to execute, for instance `docker-credential-osxkeychain`. -2. The server address to identify the credentials, for instance `https://example.com`. -3. The username and secret to store, when you want to store credentials. - -You can see examples of each function in the [client](https://godoc.org/github.com/docker/docker-credential-helpers/client) documentation. - -### Available programs - -1. osxkeychain: Provides a helper to use the OS X keychain as credentials store. -2. secretservice: Provides a helper to use the D-Bus secret service as credentials store. -3. wincred: Provides a helper to use Windows credentials manager as store. -4. pass: Provides a helper to use `pass` as credentials store. - -#### Note - -`pass` needs to be configured for `docker-credential-pass` to work properly. -It must be initialized with a `gpg2` key ID. Make sure your GPG key exists is in `gpg2` keyring as `pass` uses `gpg2` instead of the regular `gpg`. - -## Development - -A credential helper can be any program that can read values from the standard input. We use the first argument in the command line to differentiate the kind of command to execute. There are four valid values: - -- `store`: Adds credentials to the keychain. The payload in the standard input is a JSON document with `ServerURL`, `Username` and `Secret`. -- `get`: Retrieves credentials from the keychain. The payload in the standard input is the raw value for the `ServerURL`. -- `erase`: Removes credentials from the keychain. The payload in the standard input is the raw value for the `ServerURL`. -- `list`: Lists stored credentials. There is no standard input payload. - -This repository also includes libraries to implement new credentials programs in Go. Adding a new helper program is pretty easy. You can see how the OS X keychain helper works in the [osxkeychain](osxkeychain) directory. - -1. Implement the interface `credentials.Helper` in `YOUR_PACKAGE/YOUR_PACKAGE_$GOOS.go` -2. Create a main program in `YOUR_PACKAGE/cmd/main_$GOOS.go`. -3. Add make tasks to build your program and run tests. - -## License - -MIT. See [LICENSE](LICENSE) for more information. diff --git a/vendor/github.com/docker/docker-credential-helpers/osxkeychain/osxkeychain_darwin.c b/vendor/github.com/docker/docker-credential-helpers/osxkeychain/osxkeychain_darwin.c deleted file mode 100644 index f84d61ee5..000000000 --- a/vendor/github.com/docker/docker-credential-helpers/osxkeychain/osxkeychain_darwin.c +++ /dev/null @@ -1,228 +0,0 @@ -#include "osxkeychain_darwin.h" -#include -#include -#include -#include - -char *get_error(OSStatus status) { - char *buf = malloc(128); - CFStringRef str = SecCopyErrorMessageString(status, NULL); - int success = CFStringGetCString(str, buf, 128, kCFStringEncodingUTF8); - if (!success) { - strncpy(buf, "Unknown error", 128); - } - return buf; -} - -char *keychain_add(struct Server *server, char *label, char *username, char *secret) { - SecKeychainItemRef item; - - OSStatus status = SecKeychainAddInternetPassword( - NULL, - strlen(server->host), server->host, - 0, NULL, - strlen(username), username, - strlen(server->path), server->path, - server->port, - server->proto, - kSecAuthenticationTypeDefault, - strlen(secret), secret, - &item - ); - - if (status) { - return get_error(status); - } - - SecKeychainAttribute attribute; - SecKeychainAttributeList attrs; - attribute.tag = kSecLabelItemAttr; - attribute.data = label; - attribute.length = strlen(label); - attrs.count = 1; - attrs.attr = &attribute; - - status = SecKeychainItemModifyContent(item, &attrs, 0, NULL); - - if (status) { - return get_error(status); - } - - return NULL; -} - -char *keychain_get(struct Server *server, unsigned int *username_l, char **username, unsigned int *secret_l, char **secret) { - char *tmp; - SecKeychainItemRef item; - - OSStatus status = SecKeychainFindInternetPassword( - NULL, - strlen(server->host), server->host, - 0, NULL, - 0, NULL, - strlen(server->path), server->path, - server->port, - server->proto, - kSecAuthenticationTypeDefault, - secret_l, (void **)&tmp, - &item); - - if (status) { - return get_error(status); - } - - *secret = strdup(tmp); - SecKeychainItemFreeContent(NULL, tmp); - - SecKeychainAttributeList list; - SecKeychainAttribute attr; - - list.count = 1; - list.attr = &attr; - attr.tag = kSecAccountItemAttr; - - status = SecKeychainItemCopyContent(item, NULL, &list, NULL, NULL); - if (status) { - return get_error(status); - } - - *username = strdup(attr.data); - *username_l = attr.length; - SecKeychainItemFreeContent(&list, NULL); - - return NULL; -} - -char *keychain_delete(struct Server *server) { - SecKeychainItemRef item; - - OSStatus status = SecKeychainFindInternetPassword( - NULL, - strlen(server->host), server->host, - 0, NULL, - 0, NULL, - strlen(server->path), server->path, - server->port, - server->proto, - kSecAuthenticationTypeDefault, - 0, NULL, - &item); - - if (status) { - return get_error(status); - } - - status = SecKeychainItemDelete(item); - if (status) { - return get_error(status); - } - return NULL; -} - -char * CFStringToCharArr(CFStringRef aString) { - if (aString == NULL) { - return NULL; - } - CFIndex length = CFStringGetLength(aString); - CFIndex maxSize = - CFStringGetMaximumSizeForEncoding(length, kCFStringEncodingUTF8) + 1; - char *buffer = (char *)malloc(maxSize); - if (CFStringGetCString(aString, buffer, maxSize, - kCFStringEncodingUTF8)) { - return buffer; - } - return NULL; -} - -char *keychain_list(char *credsLabel, char *** paths, char *** accts, unsigned int *list_l) { - CFStringRef credsLabelCF = CFStringCreateWithCString(NULL, credsLabel, kCFStringEncodingUTF8); - CFMutableDictionaryRef query = CFDictionaryCreateMutable (NULL, 1, NULL, NULL); - CFDictionaryAddValue(query, kSecClass, kSecClassInternetPassword); - CFDictionaryAddValue(query, kSecReturnAttributes, kCFBooleanTrue); - CFDictionaryAddValue(query, kSecMatchLimit, kSecMatchLimitAll); - CFDictionaryAddValue(query, kSecAttrLabel, credsLabelCF); - //Use this query dictionary - CFTypeRef result= NULL; - OSStatus status = SecItemCopyMatching( - query, - &result); - - CFRelease(credsLabelCF); - - //Ran a search and store the results in result - if (status) { - return get_error(status); - } - CFIndex numKeys = CFArrayGetCount(result); - *paths = (char **) malloc((int)sizeof(char *)*numKeys); - *accts = (char **) malloc((int)sizeof(char *)*numKeys); - //result is of type CFArray - for(CFIndex i=0; i -*/ -import "C" -import ( - "errors" - "net/url" - "strconv" - "strings" - "unsafe" - - "github.com/docker/docker-credential-helpers/credentials" -) - -// errCredentialsNotFound is the specific error message returned by OS X -// when the credentials are not in the keychain. -const errCredentialsNotFound = "The specified item could not be found in the keychain." - -// Osxkeychain handles secrets using the OS X Keychain as store. -type Osxkeychain struct{} - -// Add adds new credentials to the keychain. -func (h Osxkeychain) Add(creds *credentials.Credentials) error { - h.Delete(creds.ServerURL) - - s, err := splitServer(creds.ServerURL) - if err != nil { - return err - } - defer freeServer(s) - - label := C.CString(credentials.CredsLabel) - defer C.free(unsafe.Pointer(label)) - username := C.CString(creds.Username) - defer C.free(unsafe.Pointer(username)) - secret := C.CString(creds.Secret) - defer C.free(unsafe.Pointer(secret)) - - errMsg := C.keychain_add(s, label, username, secret) - if errMsg != nil { - defer C.free(unsafe.Pointer(errMsg)) - return errors.New(C.GoString(errMsg)) - } - - return nil -} - -// Delete removes credentials from the keychain. -func (h Osxkeychain) Delete(serverURL string) error { - s, err := splitServer(serverURL) - if err != nil { - return err - } - defer freeServer(s) - - errMsg := C.keychain_delete(s) - if errMsg != nil { - defer C.free(unsafe.Pointer(errMsg)) - return errors.New(C.GoString(errMsg)) - } - - return nil -} - -// Get returns the username and secret to use for a given registry server URL. -func (h Osxkeychain) Get(serverURL string) (string, string, error) { - s, err := splitServer(serverURL) - if err != nil { - return "", "", err - } - defer freeServer(s) - - var usernameLen C.uint - var username *C.char - var secretLen C.uint - var secret *C.char - defer C.free(unsafe.Pointer(username)) - defer C.free(unsafe.Pointer(secret)) - - errMsg := C.keychain_get(s, &usernameLen, &username, &secretLen, &secret) - if errMsg != nil { - defer C.free(unsafe.Pointer(errMsg)) - goMsg := C.GoString(errMsg) - if goMsg == errCredentialsNotFound { - return "", "", credentials.NewErrCredentialsNotFound() - } - - return "", "", errors.New(goMsg) - } - - user := C.GoStringN(username, C.int(usernameLen)) - pass := C.GoStringN(secret, C.int(secretLen)) - return user, pass, nil -} - -// List returns the stored URLs and corresponding usernames. -func (h Osxkeychain) List() (map[string]string, error) { - credsLabelC := C.CString(credentials.CredsLabel) - defer C.free(unsafe.Pointer(credsLabelC)) - - var pathsC **C.char - defer C.free(unsafe.Pointer(pathsC)) - var acctsC **C.char - defer C.free(unsafe.Pointer(acctsC)) - var listLenC C.uint - errMsg := C.keychain_list(credsLabelC, &pathsC, &acctsC, &listLenC) - if errMsg != nil { - defer C.free(unsafe.Pointer(errMsg)) - goMsg := C.GoString(errMsg) - return nil, errors.New(goMsg) - } - - defer C.freeListData(&pathsC, listLenC) - defer C.freeListData(&acctsC, listLenC) - - var listLen int - listLen = int(listLenC) - pathTmp := (*[1 << 30]*C.char)(unsafe.Pointer(pathsC))[:listLen:listLen] - acctTmp := (*[1 << 30]*C.char)(unsafe.Pointer(acctsC))[:listLen:listLen] - //taking the array of c strings into go while ignoring all the stuff irrelevant to credentials-helper - resp := make(map[string]string) - for i := 0; i < listLen; i++ { - if C.GoString(pathTmp[i]) == "0" { - continue - } - resp[C.GoString(pathTmp[i])] = C.GoString(acctTmp[i]) - } - return resp, nil -} - -func splitServer(serverURL string) (*C.struct_Server, error) { - u, err := parseURL(serverURL) - if err != nil { - return nil, err - } - - proto := C.kSecProtocolTypeHTTPS - if u.Scheme == "http" { - proto = C.kSecProtocolTypeHTTP - } - var port int - p := getPort(u) - if p != "" { - port, err = strconv.Atoi(p) - if err != nil { - return nil, err - } - } - - return &C.struct_Server{ - proto: C.SecProtocolType(proto), - host: C.CString(getHostname(u)), - port: C.uint(port), - path: C.CString(u.Path), - }, nil -} - -func freeServer(s *C.struct_Server) { - C.free(unsafe.Pointer(s.host)) - C.free(unsafe.Pointer(s.path)) -} - -// parseURL parses and validates a given serverURL to an url.URL, and -// returns an error if validation failed. Querystring parameters are -// omitted in the resulting URL, because they are not used in the helper. -// -// If serverURL does not have a valid scheme, `//` is used as scheme -// before parsing. This prevents the hostname being used as path, -// and the credentials being stored without host. -func parseURL(serverURL string) (*url.URL, error) { - // Check if serverURL has a scheme, otherwise add `//` as scheme. - if !strings.Contains(serverURL, "://") && !strings.HasPrefix(serverURL, "//") { - serverURL = "//" + serverURL - } - - u, err := url.Parse(serverURL) - if err != nil { - return nil, err - } - - if u.Scheme != "" && u.Scheme != "https" && u.Scheme != "http" { - return nil, errors.New("unsupported scheme: " + u.Scheme) - } - if getHostname(u) == "" { - return nil, errors.New("no hostname in URL") - } - - u.RawQuery = "" - return u, nil -} diff --git a/vendor/github.com/docker/docker-credential-helpers/osxkeychain/osxkeychain_darwin.h b/vendor/github.com/docker/docker-credential-helpers/osxkeychain/osxkeychain_darwin.h deleted file mode 100644 index c54e7d728..000000000 --- a/vendor/github.com/docker/docker-credential-helpers/osxkeychain/osxkeychain_darwin.h +++ /dev/null @@ -1,14 +0,0 @@ -#include - -struct Server { - SecProtocolType proto; - char *host; - char *path; - unsigned int port; -}; - -char *keychain_add(struct Server *server, char *label, char *username, char *secret); -char *keychain_get(struct Server *server, unsigned int *username_l, char **username, unsigned int *secret_l, char **secret); -char *keychain_delete(struct Server *server); -char *keychain_list(char *credsLabel, char *** data, char *** accts, unsigned int *list_l); -void freeListData(char *** data, unsigned int length); \ No newline at end of file diff --git a/vendor/github.com/docker/docker-credential-helpers/osxkeychain/url_go18.go b/vendor/github.com/docker/docker-credential-helpers/osxkeychain/url_go18.go deleted file mode 100644 index 0b7297d2f..000000000 --- a/vendor/github.com/docker/docker-credential-helpers/osxkeychain/url_go18.go +++ /dev/null @@ -1,13 +0,0 @@ -//+build go1.8 - -package osxkeychain - -import "net/url" - -func getHostname(u *url.URL) string { - return u.Hostname() -} - -func getPort(u *url.URL) string { - return u.Port() -} diff --git a/vendor/github.com/docker/docker-credential-helpers/osxkeychain/url_non_go18.go b/vendor/github.com/docker/docker-credential-helpers/osxkeychain/url_non_go18.go deleted file mode 100644 index bdf9b7b00..000000000 --- a/vendor/github.com/docker/docker-credential-helpers/osxkeychain/url_non_go18.go +++ /dev/null @@ -1,41 +0,0 @@ -//+build !go1.8 - -package osxkeychain - -import ( - "net/url" - "strings" -) - -func getHostname(u *url.URL) string { - return stripPort(u.Host) -} - -func getPort(u *url.URL) string { - return portOnly(u.Host) -} - -func stripPort(hostport string) string { - colon := strings.IndexByte(hostport, ':') - if colon == -1 { - return hostport - } - if i := strings.IndexByte(hostport, ']'); i != -1 { - return strings.TrimPrefix(hostport[:i], "[") - } - return hostport[:colon] -} - -func portOnly(hostport string) string { - colon := strings.IndexByte(hostport, ':') - if colon == -1 { - return "" - } - if i := strings.Index(hostport, "]:"); i != -1 { - return hostport[i+len("]:"):] - } - if strings.Contains(hostport, "]") { - return "" - } - return hostport[colon+len(":"):] -} diff --git a/vendor/github.com/docker/docker-credential-helpers/secretservice/secretservice_linux.c b/vendor/github.com/docker/docker-credential-helpers/secretservice/secretservice_linux.c deleted file mode 100644 index 35dea92da..000000000 --- a/vendor/github.com/docker/docker-credential-helpers/secretservice/secretservice_linux.c +++ /dev/null @@ -1,162 +0,0 @@ -#include -#include -#include "secretservice_linux.h" - -const SecretSchema *docker_get_schema(void) -{ - static const SecretSchema docker_schema = { - "io.docker.Credentials", SECRET_SCHEMA_NONE, - { - { "label", SECRET_SCHEMA_ATTRIBUTE_STRING }, - { "server", SECRET_SCHEMA_ATTRIBUTE_STRING }, - { "username", SECRET_SCHEMA_ATTRIBUTE_STRING }, - { "docker_cli", SECRET_SCHEMA_ATTRIBUTE_STRING }, - { "NULL", 0 }, - } - }; - return &docker_schema; -} - -GError *add(char *label, char *server, char *username, char *secret) { - GError *err = NULL; - - secret_password_store_sync (DOCKER_SCHEMA, SECRET_COLLECTION_DEFAULT, - server, secret, NULL, &err, - "label", label, - "server", server, - "username", username, - "docker_cli", "1", - NULL); - return err; -} - -GError *delete(char *server) { - GError *err = NULL; - - secret_password_clear_sync(DOCKER_SCHEMA, NULL, &err, - "server", server, - "docker_cli", "1", - NULL); - if (err != NULL) - return err; - return NULL; -} - -char *get_attribute(const char *attribute, SecretItem *item) { - GHashTable *attributes; - GHashTableIter iter; - gchar *value, *key; - - attributes = secret_item_get_attributes(item); - g_hash_table_iter_init(&iter, attributes); - while (g_hash_table_iter_next(&iter, (void **)&key, (void **)&value)) { - if (strncmp(key, attribute, strlen(key)) == 0) - return (char *)value; - } - g_hash_table_unref(attributes); - return NULL; -} - -GError *get(char *server, char **username, char **secret) { - GError *err = NULL; - GHashTable *attributes; - SecretService *service; - GList *items, *l; - SecretSearchFlags flags = SECRET_SEARCH_LOAD_SECRETS | SECRET_SEARCH_ALL | SECRET_SEARCH_UNLOCK; - SecretValue *secretValue; - gsize length; - gchar *value; - - attributes = g_hash_table_new_full(g_str_hash, g_str_equal, g_free, g_free); - g_hash_table_insert(attributes, g_strdup("server"), g_strdup(server)); - g_hash_table_insert(attributes, g_strdup("docker_cli"), g_strdup("1")); - - service = secret_service_get_sync(SECRET_SERVICE_NONE, NULL, &err); - if (err == NULL) { - items = secret_service_search_sync(service, DOCKER_SCHEMA, attributes, flags, NULL, &err); - if (err == NULL) { - for (l = items; l != NULL; l = g_list_next(l)) { - value = secret_item_get_schema_name(l->data); - if (strncmp(value, "io.docker.Credentials", strlen(value)) != 0) { - g_free(value); - continue; - } - g_free(value); - secretValue = secret_item_get_secret(l->data); - if (secret != NULL) { - *secret = strdup(secret_value_get(secretValue, &length)); - secret_value_unref(secretValue); - } - *username = get_attribute("username", l->data); - } - g_list_free_full(items, g_object_unref); - } - g_object_unref(service); - } - g_hash_table_unref(attributes); - if (err != NULL) { - return err; - } - return NULL; -} - -GError *list(char *ref_label, char *** paths, char *** accts, unsigned int *list_l) { - GList *items; - GError *err = NULL; - SecretService *service; - SecretSearchFlags flags = SECRET_SEARCH_LOAD_SECRETS | SECRET_SEARCH_ALL | SECRET_SEARCH_UNLOCK; - GHashTable *attributes = g_hash_table_new_full(g_str_hash, g_str_equal, g_free, g_free); - - // List credentials with the right label only - g_hash_table_insert(attributes, g_strdup("label"), g_strdup(ref_label)); - - service = secret_service_get_sync(SECRET_SERVICE_NONE, NULL, &err); - if (err != NULL) { - return err; - } - - items = secret_service_search_sync(service, NULL, attributes, flags, NULL, &err); - int numKeys = g_list_length(items); - if (err != NULL) { - return err; - } - - char **tmp_paths = (char **) calloc(1,(int)sizeof(char *)*numKeys); - char **tmp_accts = (char **) calloc(1,(int)sizeof(char *)*numKeys); - - // items now contains our keys from the gnome keyring - // we will now put it in our two lists to return it to go - GList *current; - int listNumber = 0; - for(current = items; current!=NULL; current = current->next) { - char *pathTmp = secret_item_get_label(current->data); - // you cannot have a key without a label in the gnome keyring - char *acctTmp = get_attribute("username",current->data); - if (acctTmp==NULL) { - acctTmp = "account not defined"; - } - - tmp_paths[listNumber] = (char *) calloc(1, sizeof(char)*(strlen(pathTmp)+1)); - tmp_accts[listNumber] = (char *) calloc(1, sizeof(char)*(strlen(acctTmp)+1)); - - memcpy(tmp_paths[listNumber], pathTmp, sizeof(char)*(strlen(pathTmp)+1)); - memcpy(tmp_accts[listNumber], acctTmp, sizeof(char)*(strlen(acctTmp)+1)); - - listNumber = listNumber + 1; - } - - *paths = (char **) realloc(tmp_paths, (int)sizeof(char *)*listNumber); - *accts = (char **) realloc(tmp_accts, (int)sizeof(char *)*listNumber); - - *list_l = listNumber; - - return NULL; -} - -void freeListData(char *** data, unsigned int length) { - int i; - for(i=0; i -*/ -import "C" -import ( - "errors" - "unsafe" - - "github.com/docker/docker-credential-helpers/credentials" -) - -// Secretservice handles secrets using Linux secret-service as a store. -type Secretservice struct{} - -// Add adds new credentials to the keychain. -func (h Secretservice) Add(creds *credentials.Credentials) error { - if creds == nil { - return errors.New("missing credentials") - } - credsLabel := C.CString(credentials.CredsLabel) - defer C.free(unsafe.Pointer(credsLabel)) - server := C.CString(creds.ServerURL) - defer C.free(unsafe.Pointer(server)) - username := C.CString(creds.Username) - defer C.free(unsafe.Pointer(username)) - secret := C.CString(creds.Secret) - defer C.free(unsafe.Pointer(secret)) - - if err := C.add(credsLabel, server, username, secret); err != nil { - defer C.g_error_free(err) - errMsg := (*C.char)(unsafe.Pointer(err.message)) - return errors.New(C.GoString(errMsg)) - } - return nil -} - -// Delete removes credentials from the store. -func (h Secretservice) Delete(serverURL string) error { - if serverURL == "" { - return errors.New("missing server url") - } - server := C.CString(serverURL) - defer C.free(unsafe.Pointer(server)) - - if err := C.delete(server); err != nil { - defer C.g_error_free(err) - errMsg := (*C.char)(unsafe.Pointer(err.message)) - return errors.New(C.GoString(errMsg)) - } - return nil -} - -// Get returns the username and secret to use for a given registry server URL. -func (h Secretservice) Get(serverURL string) (string, string, error) { - if serverURL == "" { - return "", "", errors.New("missing server url") - } - var username *C.char - defer C.free(unsafe.Pointer(username)) - var secret *C.char - defer C.free(unsafe.Pointer(secret)) - server := C.CString(serverURL) - defer C.free(unsafe.Pointer(server)) - - err := C.get(server, &username, &secret) - if err != nil { - defer C.g_error_free(err) - errMsg := (*C.char)(unsafe.Pointer(err.message)) - return "", "", errors.New(C.GoString(errMsg)) - } - user := C.GoString(username) - pass := C.GoString(secret) - if pass == "" { - return "", "", credentials.NewErrCredentialsNotFound() - } - return user, pass, nil -} - -// List returns the stored URLs and corresponding usernames for a given credentials label -func (h Secretservice) List() (map[string]string, error) { - credsLabelC := C.CString(credentials.CredsLabel) - defer C.free(unsafe.Pointer(credsLabelC)) - - var pathsC **C.char - defer C.free(unsafe.Pointer(pathsC)) - var acctsC **C.char - defer C.free(unsafe.Pointer(acctsC)) - var listLenC C.uint - err := C.list(credsLabelC, &pathsC, &acctsC, &listLenC) - if err != nil { - defer C.free(unsafe.Pointer(err)) - return nil, errors.New("Error from list function in secretservice_linux.c likely due to error in secretservice library") - } - defer C.freeListData(&pathsC, listLenC) - defer C.freeListData(&acctsC, listLenC) - - resp := make(map[string]string) - - listLen := int(listLenC) - if listLen == 0 { - return resp, nil - } - // The maximum capacity of the following two slices is limited to (2^29)-1 to remain compatible - // with 32-bit platforms. The size of a `*C.char` (a pointer) is 4 Byte on a 32-bit system - // and (2^29)*4 == math.MaxInt32 + 1. -- See issue golang/go#13656 - pathTmp := (*[(1 << 29) - 1]*C.char)(unsafe.Pointer(pathsC))[:listLen:listLen] - acctTmp := (*[(1 << 29) - 1]*C.char)(unsafe.Pointer(acctsC))[:listLen:listLen] - for i := 0; i < listLen; i++ { - resp[C.GoString(pathTmp[i])] = C.GoString(acctTmp[i]) - } - - return resp, nil -} diff --git a/vendor/github.com/docker/docker-credential-helpers/secretservice/secretservice_linux.h b/vendor/github.com/docker/docker-credential-helpers/secretservice/secretservice_linux.h deleted file mode 100644 index a28179db3..000000000 --- a/vendor/github.com/docker/docker-credential-helpers/secretservice/secretservice_linux.h +++ /dev/null @@ -1,13 +0,0 @@ -#define SECRET_WITH_UNSTABLE 1 -#define SECRET_API_SUBJECT_TO_CHANGE 1 -#include - -const SecretSchema *docker_get_schema(void) G_GNUC_CONST; - -#define DOCKER_SCHEMA docker_get_schema() - -GError *add(char *label, char *server, char *username, char *secret); -GError *delete(char *server); -GError *get(char *server, char **username, char **secret); -GError *list(char *label, char *** paths, char *** accts, unsigned int *list_l); -void freeListData(char *** data, unsigned int length); -- cgit v1.2.3-54-g00ecf