There is nothing linux specific about secretservice. I was able to
build it on openbsd with this change.
Signed-off-by: Rafael Ávila de Espíndola <rafael@espindo.la>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
secret_item_get_secret() may return null if an item is locked or not loaded.
While we set SECRET_SEARCH_LOAD_SECRETS and SECRET_SEARCH_UNLOCK, there may
still be locked items, for example the user may refuse the unlock request.
So we still need to check if the secret data is NULL before we can try to
reference it.
Signed-off-by: Moritz "WanzenBug" Wanzenböck <moritz@wanzenbug.xyz>
Secretservice entries have a "label". This is intended to be a
human-readable description. It's actually called "Description" in UIs
like seahorse, and the listing of existing secrets shows this as a name
for each one.
The entries stored by the credential helper set this to simply the
repository URL. This is rather unfriendly, since entries like
"gitlab.com" and "index.docker.io/v1" show up. Mixed in with
entries from all other applications, it's hard to figure out what
application owns each entry.
This commit changes the label used when saving entries to be something
human-readable (this is the intent of the "label" field, btw). Because
of the naming scheme, this also results in all entries being shown
together by default (since UIs tend to sort lexicographically).
New entries will now be stores as:
Registry credentials for $REGISTRY_URL
Note that items stored by the secret service have multiple fields inside
of them. One of those fields is called "label", and is used by the
helper to filter items from the secret service. This "label" field is
entirely unrelated to the items' label. The naming is most unfortunate.
Signed-off-by: Hugo Osvaldo Barrera <hugo@barrera.io>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
List wraps the error from secretservice_linux.c so the List can give the caller more useful error message for diagnosing.
Signed-off-by: Qi Wang <qiwan@redhat.com>
/go/src/github.com/docker/docker-credential-helper/pass/pass.go:1:1: package comment should be of the form "Package pass ..."
/go/src/github.com/docker/docker-credential-helper/pass/pass.go:22:7: don't use ALL_CAPS in Go names; use CamelCase
/go/src/github.com/docker/docker-credential-helper/pass/pass.go:22:7: exported const PASS_FOLDER should have comment or be unexported
/go/src/github.com/docker/docker-credential-helper/pass/pass.go:82:1: receiver name h should be consistent with previous receiver name p for Pass
/go/src/github.com/docker/docker-credential-helper/pass/pass.go:94:1: receiver name h should be consistent with previous receiver name p for Pass
/go/src/github.com/docker/docker-credential-helper/pass/pass.go:131:1: receiver name h should be consistent with previous receiver name p for Pass
/go/src/github.com/docker/docker-credential-helper/pass/pass.go:161:1: receiver name h should be consistent with previous receiver name p for Pass
/go/src/github.com/docker/docker-credential-helper/registryurl/url_go18.go:9:1: exported function GetHostname should have comment or be unexported
/go/src/github.com/docker/docker-credential-helper/registryurl/url_go18.go:13:1: exported function GetPort should have comment or be unexported
/go/src/github.com/docker/docker-credential-helper/secretservice/secretservice_linux_test.go:22:2: don't use underscores in Go names; var old_auths should be oldAuths
/go/src/github.com/docker/docker-credential-helper/secretservice/secretservice_linux_test.go:64:2: don't use underscores in Go names; var new_auths should be newAuths
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The code was set up so that it would free the individual items and the data
in `freeListData`, but there was already a Go `defer` to free the data item,
resulting in a double free.
Remove the `free` in `freeListData` and leave the original one.
In addition, move the `defer` for freeing the list data before the error
check, so that the data is also free in the error case. This just removes
a minor leak.
This vulnerability was discovered by:
Jasiel Spelman of Trend Micro Zero Day Initiative and Trend Micro Team Nebula
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
This adds a workaround for the `secretservice` sub-package to build under 32bit Linux.
It limits the total number of list entries to (2^29)-1.
A short explanation of how this number was calculated has been added in a comment.
Signed-off-by: Daniel Joos <daniel@joosweb.de>
This is a simplification of how the docker engine implements
this feature, but it will be ported there once this is merged.
Signed-off-by: David Calavera <david.calavera@gmail.com>
Rafael Ávila de Espíndola