From a9130ec0256db562e9153643c8519082fcda2135 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= Date: Tue, 5 Jun 2007 04:16:46 +0000 Subject: [PATCH] Allow opening a specific chain, making "system" special and be the system X509Anchors file. By not specifing any keychain ("KEYCHAIN:"), all keychains are probed. git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20917 ec53bebd-3082-4978-b11e-865c3cabbd6b --- lib/hx509/ks_keychain.c | 34 ++++++++++++++++++++++++++++++++-- 1 file changed, 32 insertions(+), 2 deletions(-) diff --git a/lib/hx509/ks_keychain.c b/lib/hx509/ks_keychain.c index 2bd968d88..a594fda42 100644 --- a/lib/hx509/ks_keychain.c +++ b/lib/hx509/ks_keychain.c @@ -37,12 +37,38 @@ RCSID("$Id$"); #ifdef HAVE_FRAMEWORK_SECURITY +struct ks_keychain { + SecKeychainRef keychain; +}; + + static int keychain_init(hx509_context context, hx509_certs certs, void **data, int flags, const char *residue, hx509_lock lock) { - *data = NULL; + struct ks_keychain *ctx; + OSStatus ret; + + ctx = calloc(1, sizeof(*ctx)); + if (ctx == NULL) { + hx509_clear_error_string(context); + return ENOMEM; + } + + if (strcasecmp(residue, "system") == 0) + residue = "/System/Library/Keychains/X509Anchors"; + + if (residue && residue[0] != '\0') { + ret = SecKeychainOpen(residue, &ctx->keychain); + if (ret != noErr) { + hx509_set_error_string(context, 0, ENOENT, + "Failed to open %s", residue); + return ENOENT; + } + } + + *data = ctx; return 0; } @@ -53,7 +79,11 @@ keychain_init(hx509_context context, static int keychain_free(hx509_certs certs, void *data) { - assert(data == NULL); + struct ks_keychain *ctx = data; + if (ctx->keychain) + CFRelease(ctx->keychain); + memset(ctx, 0, sizeof(*ctx)); + free(ctx); return 0; }