Merge pull request #66 from n4ss/release-v0.5.1

Update version tag to v0.5.1
Update version tag
2026-06-28 07:11:36 +05:30 · 2017-05-29 16:44:20 +02:00 · 2017-05-29 16:32:21 +02:00 · 2017-05-29 10:21:50 +02:00 · 2017-05-26 09:25:21 -07:00 · 2017-05-24 15:41:34 -07:00
18 changed files with 441 additions and 53 deletions
@@ -1 +1,2 @@
 bin
 release
@@ -25,6 +25,7 @@
 			"lk4d4",
 			"mavenugo",
 			"mhbauer",
 			"n4ss",
 			"runcom",
 			"stevvooe",
 			"thajeztah",
@@ -114,6 +115,11 @@
 	Email = "mbauer@us.ibm.com"
 	GitHub = "mhbauer"
 	[people.n4ss]
 	Name = "Nassim Eddequiouaq"
 	Email = "eddequiouaq.nassim@gmail.com"
 	GitHub = "n4ss"
 	[people.runcom]
 	Name = "Antonio Murdaca"
 	Email = "runcom@redhat.com"
@@ -1,14 +1,19 @@
 .PHONY: all deps osxkeychain secretservice test validate wincred
 TRAVIS_OS_NAME ?= linux
 VERSION = 0.5.1
 all: test
 deps:
 	go get github.com/golang/lint/golint
 clean:
 	rm -rf bin
 	rm -rf release
 osxkeychain:
-	mkdir -p bin
+	mkdir bin
 	go build -ldflags -s -o bin/docker-credential-osxkeychain osxkeychain/cmd/main_darwin.go
 codesign: osxkeychain
@@ -16,12 +21,16 @@ codesign: osxkeychain
 	xcrun -log codesign -s $(SIGNINGHASH) --force --verbose bin/docker-credential-osxkeychain
 	xcrun codesign --verify --deep --strict --verbose=2 --display bin/docker-credential-osxkeychain
 osxrelease: clean test codesign
 	mkdir -p release
 	cd bin && tar cvfz ../release/docker-credential-osxkeychain-v$(VERSION)-amd64.tar.gz docker-credential-osxkeychain
 secretservice:
-	mkdir -p bin
+	mkdir bin
 	go build -o bin/docker-credential-secretservice secretservice/cmd/main_linux.go
 wincred:
-	mkdir -p bin
+	mkdir bin
 	go build -o bin/docker-credential-wincred.exe wincred/cmd/main_windows.go
 test:
@@ -9,12 +9,27 @@ import (
 	"github.com/docker/docker-credential-helpers/credentials"
 )
 // isValidCredsMessage checks if 'msg' contains invalid credentials error message.
 // It returns whether the logs are free of invalid credentials errors and the error if it isn't.
 // error values can be errCredentialsMissingServerURL or errCredentialsMissingUsername.
 func isValidCredsMessage(msg string) error {
 	if credentials.IsCredentialsMissingServerURLMessage(msg) {
 		return credentials.NewErrCredentialsMissingServerURL()
 	}
 	if credentials.IsCredentialsMissingUsernameMessage(msg) {
 		return credentials.NewErrCredentialsMissingUsername()
 	}
 	return nil
 }
 // Store uses an external program to save credentials.
-func Store(program ProgramFunc, credentials *credentials.Credentials) error {
+func Store(program ProgramFunc, creds *credentials.Credentials) error {
 	cmd := program("store")
 	buffer := new(bytes.Buffer)
-	if err := json.NewEncoder(buffer).Encode(credentials); err != nil {
+	if err := json.NewEncoder(buffer).Encode(creds); err != nil {
 		return err
 	}
 	cmd.Input(buffer)
@@ -22,6 +37,11 @@ func Store(program ProgramFunc, credentials *credentials.Credentials) error {
 	out, err := cmd.Output()
 	if err != nil {
 		t := strings.TrimSpace(string(out))
 		if isValidErr := isValidCredsMessage(t); isValidErr != nil {
 			err = isValidErr
 		}
 		return fmt.Errorf("error storing credentials - err: %v, out: `%s`", err, t)
 	}
@@ -41,6 +61,10 @@ func Get(program ProgramFunc, serverURL string) (*credentials.Credentials, error
 			return nil, credentials.NewErrCredentialsNotFound()
 		}
 		if isValidErr := isValidCredsMessage(t); isValidErr != nil {
 			err = isValidErr
 		}
 		return nil, fmt.Errorf("error getting credentials - err: %v, out: `%s`", err, t)
 	}
@@ -62,6 +86,11 @@ func Erase(program ProgramFunc, serverURL string) error {
 	out, err := cmd.Output()
 	if err != nil {
 		t := strings.TrimSpace(string(out))
 		if isValidErr := isValidCredsMessage(t); isValidErr != nil {
 			err = isValidErr
 		}
 		return fmt.Errorf("error erasing credentials - err: %v, out: `%s`", err, t)
 	}
@@ -75,6 +104,11 @@ func List(program ProgramFunc) (map[string]string, error) {
 	out, err := cmd.Output()
 	if err != nil {
 		t := strings.TrimSpace(string(out))
 		if isValidErr := isValidCredsMessage(t); isValidErr != nil {
 			err = isValidErr
 		}
 		return nil, fmt.Errorf("error listing credentials - err: %v, out: `%s`", err, t)
 	}
@@ -56,6 +56,8 @@ func (m *mockProgram) Output() ([]byte, error) {
 			return []byte(credentials.NewErrCredentialsNotFound().Error()), errProgramExited
 		case invalidServerAddress:
 			return []byte("program failed"), errProgramExited
 		case "":
 			return []byte(credentials.NewErrCredentialsMissingServerURL().Error()), errProgramExited
 		}
 	case "store":
 		var c credentials.Credentials
@@ -158,12 +160,16 @@ func TestGet(t *testing.T) {
 		}
 	}
 	missingServerURLErr := credentials.NewErrCredentialsMissingServerURL()
 	invalid := []struct {
 		serverURL string
 		err       string
 	}{
 		{missingCredsAddress, credentials.NewErrCredentialsNotFound().Error()},
 		{invalidServerAddress, "error getting credentials - err: exited 1, out: `program failed`"},
 		{"", fmt.Sprintf("error getting credentials - err: %s, out: `%s`",
 			missingServerURLErr.Error(), missingServerURLErr.Error())},
 	}
 	for _, v := range invalid {
@@ -2,6 +2,7 @@ package client
 import (
 	"io"
 	"os"
 	"os/exec"
 )
@@ -17,10 +18,16 @@ type ProgramFunc func(args ...string) Program
 // NewShellProgramFunc creates programs that are executed in a Shell.
 func NewShellProgramFunc(name string) ProgramFunc {
 	return func(args ...string) Program {
-		return &Shell{cmd: exec.Command(name, args...)}
+		return &Shell{cmd: newCmdRedirectErr(name, args)}
 	}
 }
 func newCmdRedirectErr(name string, args []string) *exec.Cmd {
 	newCmd := exec.Command(name, args...)
 	newCmd.Stderr = os.Stderr
 	return newCmd
 }
 // Shell invokes shell commands to talk with a remote credentials helper.
 type Shell struct {
 	cmd *exec.Cmd
@@ -17,6 +17,31 @@ type Credentials struct {
 	Secret    string
 }
 // isValid checks the integrity of Credentials object such that no credentials lack
 // a server URL or a username.
 // It returns whether the credentials are valid and the error if it isn't.
 // error values can be errCredentialsMissingServerURL or errCredentialsMissingUsername
 func (c *Credentials) isValid() (bool, error) {
 	if len(c.ServerURL) == 0 {
 		return false, NewErrCredentialsMissingServerURL()
 	}
 	if len(c.Username) == 0 {
 		return false, NewErrCredentialsMissingUsername()
 	}
 	return true, nil
 }
 // Docker credentials should be labeled as such in credentials stores that allow labelling.
 // That label allows to filter out non-Docker credentials too at lookup/search in macOS keychain,
 // Windows credentials manager and Linux libsecret. Default value is "Docker Credentials"
 var CredsLabel = "Docker Credentials"
 func SetCredsLabel(label string) {
 	CredsLabel = label
 }
 // Serve initializes the credentials helper and parses the action argument.
 // This function is designed to be called from a command line interface.
 // It uses os.Args[1] as the key for the action.
@@ -72,6 +97,10 @@ func Store(helper Helper, reader io.Reader) error {
 		return err
 	}
 	if ok, err := creds.isValid(); !ok {
 		return err
 	}
 	return helper.Add(&creds)
 }
@@ -91,6 +120,9 @@ func Get(helper Helper, reader io.Reader, writer io.Writer) error {
 	}
 	serverURL := strings.TrimSpace(buffer.String())
 	if len(serverURL) == 0 {
 		return NewErrCredentialsMissingServerURL()
 	}
 	username, secret, err := helper.Get(serverURL)
 	if err != nil {
@@ -98,6 +130,7 @@ func Get(helper Helper, reader io.Reader, writer io.Writer) error {
 	}
 	resp := Credentials{
 		ServerURL: serverURL,
 		Username: username,
 		Secret:   secret,
 	}
@@ -126,6 +159,9 @@ func Erase(helper Helper, reader io.Reader) error {
 	}
 	serverURL := strings.TrimSpace(buffer.String())
 	if len(serverURL) == 0 {
 		return NewErrCredentialsMissingServerURL()
 	}
 	return helper.Delete(serverURL)
 }
@@ -73,6 +73,46 @@ func TestStore(t *testing.T) {
 	}
 }
 func TestStoreMissingServerURL(t *testing.T) {
 	creds := &Credentials{
 		ServerURL: "",
 		Username: "foo",
 		Secret: "bar",
 	}
 	b, err := json.Marshal(creds)
 	if err != nil {
 		t.Fatal(err)
 	}
 	in := bytes.NewReader(b)
 	h := newMemoryStore()
 	if err := Store(h, in); IsCredentialsMissingServerURL(err) == false {
 		t.Fatal(err)
 	}
 }
 func TestStoreMissingUsername(t *testing.T) {
 	creds := &Credentials{
 		ServerURL: "https://index.docker.io/v1/",
 		Username: "",
 		Secret: "bar",
 	}
 	b, err := json.Marshal(creds)
 	if err != nil {
 		t.Fatal(err)
 	}
 	in := bytes.NewReader(b)
 	h := newMemoryStore()
 	if err := Store(h, in); IsCredentialsMissingUsername(err) == false {
 		t.Fatal(err)
 	}
 }
 func TestGet(t *testing.T) {
 	serverURL := "https://index.docker.io/v1/"
 	creds := &Credentials{
@@ -115,6 +155,32 @@ func TestGet(t *testing.T) {
 	}
 }
 func TestGetMissingServerURL(t *testing.T) {
 	serverURL := "https://index.docker.io/v1/"
 	creds := &Credentials{
 		ServerURL: serverURL,
 		Username:  "foo",
 		Secret:    "bar",
 	}
 	b, err := json.Marshal(creds)
 	if err != nil {
 		t.Fatal(err)
 	}
 	in := bytes.NewReader(b)
 	h := newMemoryStore()
 	if err := Store(h, in); err != nil {
 		t.Fatal(err)
 	}
 	buf := strings.NewReader("")
 	w := new(bytes.Buffer)
 	if err := Get(h, buf, w); IsCredentialsMissingServerURL(err) == false {
 		t.Fatal(err)
 	}
 }
 func TestErase(t *testing.T) {
 	serverURL := "https://index.docker.io/v1/"
 	creds := &Credentials{
@@ -144,6 +210,30 @@ func TestErase(t *testing.T) {
 	}
 }
 func TestEraseMissingServerURL(t *testing.T) {
 	serverURL := "https://index.docker.io/v1/"
 	creds := &Credentials{
 		ServerURL: serverURL,
 		Username:  "foo",
 		Secret:    "bar",
 	}
 	b, err := json.Marshal(creds)
 	if err != nil {
 		t.Fatal(err)
 	}
 	in := bytes.NewReader(b)
 	h := newMemoryStore()
 	if err := Store(h, in); err != nil {
 		t.Fatal(err)
 	}
 	buf := strings.NewReader("")
 	if err := Erase(h, buf); IsCredentialsMissingServerURL(err) == false {
 		t.Fatal(err)
 	}
 }
 func TestList(t *testing.T) {
 	//This tests that there is proper input an output into the byte stream
 	//Individual stores are very OS specific and have been tested in osxkeychain and secretservice respectively
@@ -1,8 +1,15 @@
 package credentials
-// ErrCredentialsNotFound standarizes the not found error, so every helper returns
+const (
-// the same message and docker can handle it properly.
+	// ErrCredentialsNotFound standardizes the not found error, so every helper returns
-const errCredentialsNotFoundMessage = "credentials not found in native keychain"
+	// the same message and docker can handle it properly.
 	errCredentialsNotFoundMessage = "credentials not found in native keychain"
 	// ErrCredentialsMissingServerURL and ErrCredentialsMissingUsername standardize
 	// invalid credentials or credentials management operations
 	errCredentialsMissingServerURLMessage = "no credentials server URL"
 	errCredentialsMissingUsernameMessage = "no credentials username"
 )
 // errCredentialsNotFound represents an error
 // raised when credentials are not in the store.
@@ -35,3 +42,64 @@ func IsErrCredentialsNotFound(err error) bool {
 func IsErrCredentialsNotFoundMessage(err string) bool {
 	return err == errCredentialsNotFoundMessage
 }
 // errCredentialsMissingServerURL represents an error raised
 // when the credentials object has no server URL or when no
 // server URL is provided to a credentials operation requiring
 // one.
 type errCredentialsMissingServerURL struct{}
 func (errCredentialsMissingServerURL) Error() string {
 	return errCredentialsMissingServerURLMessage
 }
 // errCredentialsMissingUsername represents an error raised
 // when the credentials object has no username or when no
 // username is provided to a credentials operation requiring
 // one.
 type errCredentialsMissingUsername struct{}
 func (errCredentialsMissingUsername) Error() string {
 	return errCredentialsMissingUsernameMessage
 }
 // NewErrCredentialsMissingServerURL creates a new error for
 // errCredentialsMissingServerURL.
 func NewErrCredentialsMissingServerURL() error {
 	return errCredentialsMissingServerURL{}
 }
 // NewErrCredentialsMissingUsername creates a new error for
 // errCredentialsMissingUsername.
 func NewErrCredentialsMissingUsername() error {
 	return errCredentialsMissingUsername{}
 }
 // IsCredentialsMissingServerURL returns true if the error
 // was an errCredentialsMissingServerURL.
 func IsCredentialsMissingServerURL(err error) bool {
 	_, ok := err.(errCredentialsMissingServerURL)
 	return ok
 }
 // IsCredentialsMissingServerURLMessage checks for an
 // errCredentialsMissingServerURL in the error message.
 func IsCredentialsMissingServerURLMessage(err string) bool {
 	return err == errCredentialsMissingServerURLMessage
 }
 // IsCredentialsMissingUsername returns true if the error
 // was an errCredentialsMissingUsername.
 func IsCredentialsMissingUsername(err error) bool {
 	_, ok := err.(errCredentialsMissingUsername)
 	return ok
 }
 // IsCredentialsMissingUsernameMessage checks for an
 // errCredentialsMissingUsername in the error message.
 func IsCredentialsMissingUsernameMessage(err string) bool {
 	return err == errCredentialsMissingUsernameMessage
 }
@@ -14,7 +14,9 @@ char *get_error(OSStatus status) {
  return buf;
 }
-char *keychain_add(struct Server *server, char *username, char *secret) {
+char *keychain_add(struct Server *server, char *label, char *username, char *secret) {
  SecKeychainItemRef item;
  OSStatus status = SecKeychainAddInternetPassword(
    NULL,
    strlen(server->host), server->host,
@@ -25,11 +27,27 @@ char *keychain_add(struct Server *server, char *username, char *secret) {
    server->proto,
    kSecAuthenticationTypeDefault,
    strlen(secret), secret,
-    NULL
+    &item
  );
  if (status) {
    return get_error(status);
  }
  SecKeychainAttribute attribute;
  SecKeychainAttributeList attrs;
  attribute.tag = kSecLabelItemAttr;
  attribute.data = label;
  attribute.length = strlen(label);
  attrs.count = 1;
  attrs.attr = &attribute;
  status = SecKeychainItemModifyContent(item, &attrs, 0, NULL);
  if (status) {
    return get_error(status);
  }
  return NULL;
 }
@@ -116,16 +134,21 @@ char * CFStringToCharArr(CFStringRef aString) {
  return NULL;
 }
-char *keychain_list(char *** paths, char *** accts, unsigned int *list_l) {
+char *keychain_list(char *credsLabel, char *** paths, char *** accts, unsigned int *list_l) {
    CFStringRef credsLabelCF = CFStringCreateWithCString(NULL, credsLabel, kCFStringEncodingUTF8);
    CFMutableDictionaryRef query = CFDictionaryCreateMutable (NULL, 1, NULL, NULL);
    CFDictionaryAddValue(query, kSecClass, kSecClassInternetPassword);
    CFDictionaryAddValue(query, kSecReturnAttributes, kCFBooleanTrue);
    CFDictionaryAddValue(query, kSecMatchLimit, kSecMatchLimitAll);
    CFDictionaryAddValue(query, kSecAttrLabel, credsLabelCF);
    //Use this query dictionary
    CFTypeRef result= NULL;
    OSStatus status = SecItemCopyMatching(
                                          query,
                                          &result);
    CFRelease(credsLabelCF);
    //Ran a search and store the results in result
    if (status) {
        return get_error(status);
@@ -35,12 +35,14 @@ func (h Osxkeychain) Add(creds *credentials.Credentials) error {
 	}
 	defer freeServer(s)
 	label := C.CString(credentials.CredsLabel)
 	defer C.free(unsafe.Pointer(label))
 	username := C.CString(creds.Username)
 	defer C.free(unsafe.Pointer(username))
 	secret := C.CString(creds.Secret)
 	defer C.free(unsafe.Pointer(secret))
-	errMsg := C.keychain_add(s, username, secret)
+	errMsg := C.keychain_add(s, label, username, secret)
 	if errMsg != nil {
 		defer C.free(unsafe.Pointer(errMsg))
 		return errors.New(C.GoString(errMsg))
@@ -99,12 +101,15 @@ func (h Osxkeychain) Get(serverURL string) (string, string, error) {
 // List returns the stored URLs and corresponding usernames.
 func (h Osxkeychain) List() (map[string]string, error) {
 	credsLabelC := C.CString(credentials.CredsLabel)
 	defer C.free(unsafe.Pointer(credsLabelC))
 	var pathsC **C.char
 	defer C.free(unsafe.Pointer(pathsC))
 	var acctsC **C.char
 	defer C.free(unsafe.Pointer(acctsC))
 	var listLenC C.uint
-	errMsg := C.keychain_list(&pathsC, &acctsC, &listLenC)
+	errMsg := C.keychain_list(credsLabelC, &pathsC, &acctsC, &listLenC)
 	if errMsg != nil {
 		defer C.free(unsafe.Pointer(errMsg))
 		goMsg := C.GoString(errMsg)
@@ -7,8 +7,8 @@ struct Server {
  unsigned int port;
 };
-char *keychain_add(struct Server *server, char *username, char *secret);
+char *keychain_add(struct Server *server, char *label, char *username, char *secret);
 char *keychain_get(struct Server *server, unsigned int *username_l, char **username, unsigned int *secret_l, char **secret);
 char *keychain_delete(struct Server *server);
-char *keychain_list(char *** data, char *** accts, unsigned int *list_l);
+char *keychain_list(char *credsLabel, char *** data, char *** accts, unsigned int *list_l);
 void freeListData(char *** data, unsigned int length);
@@ -7,6 +7,7 @@ const SecretSchema *docker_get_schema(void)
 	static const SecretSchema docker_schema = {
 		"io.docker.Credentials", SECRET_SCHEMA_NONE,
 		{
 		    { "label", SECRET_SCHEMA_ATTRIBUTE_STRING },
 			{ "server", SECRET_SCHEMA_ATTRIBUTE_STRING },
 			{ "username", SECRET_SCHEMA_ATTRIBUTE_STRING },
 			{ "docker_cli", SECRET_SCHEMA_ATTRIBUTE_STRING },
@@ -16,11 +17,12 @@ const SecretSchema *docker_get_schema(void)
 	return &docker_schema;
 }
-GError *add(char *server, char *username, char *secret) {
+GError *add(char *label, char *server, char *username, char *secret) {
 	GError *err = NULL;
 	secret_password_store_sync (DOCKER_SCHEMA, SECRET_COLLECTION_DEFAULT,
 			server, secret, NULL, &err,
 			"label", label,
 			"server", server,
 			"username", username,
 			"docker_cli", "1",
@@ -40,7 +42,7 @@ GError *delete(char *server) {
 	return NULL;
 }
-char *get_username(SecretItem *item) {
+char *get_attribute(const char *attribute, SecretItem *item) {
 	GHashTable *attributes;
 	GHashTableIter iter;
 	gchar *value, *key;
@@ -48,7 +50,7 @@ char *get_username(SecretItem *item) {
 	attributes = secret_item_get_attributes(item);
 	g_hash_table_iter_init(&iter, attributes);
 	while (g_hash_table_iter_next(&iter, (void **)&key, (void **)&value)) {
-		if (strncmp(key, "username", strlen(key)) == 0)
+		if (strncmp(key, attribute, strlen(key)) == 0)
 			return (char *)value;
 	}
 	g_hash_table_unref(attributes);
@@ -71,7 +73,7 @@ GError *get(char *server, char **username, char **secret) {
 	service = secret_service_get_sync(SECRET_SERVICE_NONE, NULL, &err);
 	if (err == NULL) {
-		items = secret_service_search_sync(service, NULL, attributes, flags, NULL, &err);
+		items = secret_service_search_sync(service, DOCKER_SCHEMA, attributes, flags, NULL, &err);
 		if (err == NULL) {
 			for (l = items; l != NULL; l = g_list_next(l)) {
 				value = secret_item_get_schema_name(l->data);
@@ -85,7 +87,7 @@ GError *get(char *server, char **username, char **secret) {
 					*secret = strdup(secret_value_get(secretValue, &length));
 					secret_value_unref(secretValue);
 				}
-				*username = get_username(l->data);
+				*username = get_attribute("username", l->data);
 			}
 			g_list_free_full(items, g_object_unref);
 		}
@@ -98,22 +100,30 @@ GError *get(char *server, char **username, char **secret) {
 	return NULL;
 }
-GError *list(char *** paths, char *** accts, unsigned int *list_l) {
+GError *list(char *ref_label, char *** paths, char *** accts, unsigned int *list_l) {
 	GList *items;
 	GError *err = NULL;
 	SecretService *service;
 	SecretSearchFlags flags = SECRET_SEARCH_LOAD_SECRETS | SECRET_SEARCH_ALL | SECRET_SEARCH_UNLOCK;
-	GHashTable *attributes;
+	GHashTable *attributes = g_hash_table_new_full(g_str_hash, g_str_equal, g_free, g_free);
-	g_hash_table_new_full(g_str_hash, g_str_equal, g_free, g_free);
+
-	attributes = g_hash_table_new_full(g_str_hash, g_str_equal, g_free, g_free);
+	// List credentials with the right label only
 	g_hash_table_insert(attributes, g_strdup("label"), g_strdup(ref_label));
 	service = secret_service_get_sync(SECRET_SERVICE_NONE, NULL, &err);
 	if (err != NULL) {
 		return err;
 	}
 	items = secret_service_search_sync(service, NULL, attributes, flags, NULL, &err);
 	int numKeys = g_list_length(items);
 	if (err != NULL) {
 		return err;
 	}
-	*paths = (char **) malloc((int)sizeof(char *)*numKeys);
+
-	*accts = (char **) malloc((int)sizeof(char *)*numKeys);
+	char **tmp_paths = (char **) calloc(1,(int)sizeof(char *)*numKeys);
 	char **tmp_accts = (char **) calloc(1,(int)sizeof(char *)*numKeys);
 	// items now contains our keys from the gnome keyring
 	// we will now put it in our two lists to return it to go
 	GList *current;
@@ -121,21 +131,25 @@ GError *list(char *** paths, char *** accts, unsigned int *list_l) {
 	for(current = items; current!=NULL; current = current->next) {
 		char *pathTmp = secret_item_get_label(current->data);
 		// you cannot have a key without a label in the gnome keyring
-		char *acctTmp = get_username(current->data);
+		char *acctTmp = get_attribute("username",current->data);
 		if (acctTmp==NULL) {
 			acctTmp = "account not defined";
 		}
-		char *path = (char *) malloc(strlen(pathTmp));
+
-		char *acct = (char *) malloc(strlen(acctTmp));
+		tmp_paths[listNumber] = (char *) calloc(1, sizeof(char)*(strlen(pathTmp)+1));
-		path = pathTmp;
+		tmp_accts[listNumber] = (char *) calloc(1, sizeof(char)*(strlen(acctTmp)+1));
-		acct = acctTmp;
+
-		(*paths)[listNumber] = (char *) malloc(sizeof(char)*(strlen(path)));
+		memcpy(tmp_paths[listNumber], pathTmp, sizeof(char)*(strlen(pathTmp)+1));
-		memcpy((*paths)[listNumber], path, sizeof(char)*(strlen(path)));
+		memcpy(tmp_accts[listNumber], acctTmp, sizeof(char)*(strlen(acctTmp)+1));
-		(*accts)[listNumber] = (char *) malloc(sizeof(char)*(strlen(acct)));
+
 		memcpy((*accts)[listNumber], acct, sizeof(char)*(strlen(acct)));
 		listNumber = listNumber + 1;
 	}
-	*list_l = numKeys;
+
 	*paths = (char **) realloc(tmp_paths, (int)sizeof(char *)*listNumber);
 	*accts = (char **) realloc(tmp_accts, (int)sizeof(char *)*listNumber);
 	*list_l = listNumber;
 	return NULL;
 }
@@ -22,6 +22,8 @@ func (h Secretservice) Add(creds *credentials.Credentials) error {
 	if creds == nil {
 		return errors.New("missing credentials")
 	}
 	credsLabel := C.CString(credentials.CredsLabel)
 	defer C.free(unsafe.Pointer(credsLabel))
 	server := C.CString(creds.ServerURL)
 	defer C.free(unsafe.Pointer(server))
 	username := C.CString(creds.Username)
@@ -29,7 +31,7 @@ func (h Secretservice) Add(creds *credentials.Credentials) error {
 	secret := C.CString(creds.Secret)
 	defer C.free(unsafe.Pointer(secret))
-	if err := C.add(server, username, secret); err != nil {
+	if err := C.add(credsLabel, server, username, secret); err != nil {
 		defer C.g_error_free(err)
 		errMsg := (*C.char)(unsafe.Pointer(err.message))
 		return errors.New(C.GoString(errMsg))
@@ -79,14 +81,17 @@ func (h Secretservice) Get(serverURL string) (string, string, error) {
 	return user, pass, nil
 }
-// List returns the stored URLs and corresponding usernames.
+// List returns the stored URLs and corresponding usernames for a given credentials label
 func (h Secretservice) List() (map[string]string, error) {
 	credsLabelC := C.CString(credentials.CredsLabel)
 	defer C.free(unsafe.Pointer(credsLabelC))
 	var pathsC **C.char
 	defer C.free(unsafe.Pointer(pathsC))
 	var acctsC **C.char
 	defer C.free(unsafe.Pointer(acctsC))
 	var listLenC C.uint
-	err := C.list(&pathsC, &acctsC, &listLenC)
+	err := C.list(credsLabelC, &pathsC, &acctsC, &listLenC)
 	if err != nil {
 		defer C.free(unsafe.Pointer(err))
 		return nil, errors.New("Error from list function in secretservice_linux.c likely due to error in secretservice library")
@@ -94,10 +99,14 @@ func (h Secretservice) List() (map[string]string, error) {
 	defer C.freeListData(&pathsC, listLenC)
 	defer C.freeListData(&acctsC, listLenC)
 	resp := make(map[string]string)
 	listLen := int(listLenC)
 	if listLen == 0 {
 		return resp, nil
 	}
 	pathTmp := (*[1 << 30]*C.char)(unsafe.Pointer(pathsC))[:listLen:listLen]
 	acctTmp := (*[1 << 30]*C.char)(unsafe.Pointer(acctsC))[:listLen:listLen]
 	resp := make(map[string]string)
 	for i := 0; i < listLen; i++ {
 		resp[C.GoString(pathTmp[i])] = C.GoString(acctTmp[i])
 	}
@@ -6,8 +6,8 @@ const SecretSchema *docker_get_schema(void) G_GNUC_CONST;
 #define DOCKER_SCHEMA docker_get_schema()
-GError *add(char *server, char *username, char *secret);
+GError *add(char *label, char *server, char *username, char *secret);
 GError *delete(char *server);
 GError *get(char *server, char **username, char **secret);
-GError *list(char *** paths, char *** accts, unsigned int *list_l);
+GError *list(char *label, char *** paths, char *** accts, unsigned int *list_l);
 void freeListData(char *** data, unsigned int length);
@@ -1,6 +1,7 @@
 package secretservice
 import (
 	"strings"
 	"testing"
 	"github.com/docker/docker-credential-helpers/credentials"
@@ -16,10 +17,36 @@ func TestSecretServiceHelper(t *testing.T) {
 	}
 	helper := Secretservice{}
 	// Check how many docker credentials we have when starting the test
 	old_auths, err := helper.List()
 	if err != nil {
 		t.Fatal(err)
 	}
 	// If any docker credentials with the tests values we are providing, we
 	// remove them as they probably come from a previous failed test
 	for k, v := range old_auths {
 		if strings.Compare(k, creds.ServerURL) == 0 && strings.Compare(v, creds.Username) == 0 {
 			if err := helper.Delete(creds.ServerURL); err != nil {
 				t.Fatal(err)
 			}
 		}
 	}
 	// Check again how many docker credentials we have when starting the test
 	old_auths, err = helper.List()
 	if err != nil {
 		t.Fatal(err)
 	}
 	// Add new credentials
 	if err := helper.Add(creds); err != nil {
 		t.Fatal(err)
 	}
 	// Verify that it is inside the secret service store
 	username, secret, err := helper.Get(creds.ServerURL)
 	if err != nil {
 		t.Fatal(err)
@@ -33,15 +60,21 @@ func TestSecretServiceHelper(t *testing.T) {
 		t.Fatalf("expected %s, got %s\n", "foobarbaz", secret)
 	}
 	// We should have one more credential than before adding
 	new_auths, err := helper.List()
 	if err != nil || (len(new_auths)-len(old_auths) != 1) {
 		t.Fatal(err)
 	}
 	old_auths = new_auths
 	// Deleting the credentials associated to current server url should succeed
 	if err := helper.Delete(creds.ServerURL); err != nil {
 		t.Fatal(err)
 	}
-	auths, err := helper.List()
+
-	if err != nil || len(auths) == 0 {
+	// We should have one less credential than before deleting
-		t.Fatal(err)
+	new_auths, err = helper.List()
-	}
+	if err != nil || (len(old_auths)-len(new_auths) != 1) {
 	helper.Add(creds)
 	if newauths, err := helper.List(); (len(newauths) - len(auths)) != 1 {
 		t.Fatal(err)
 	}
 }
@@ -1,6 +1,9 @@
 package wincred
 import (
 	"bytes"
 	"strings"
 	winc "github.com/danieljoos/wincred"
 	"github.com/docker/docker-credential-helpers/credentials"
 )
@@ -14,6 +17,8 @@ func (h Wincred) Add(creds *credentials.Credentials) error {
 	g.UserName = creds.Username
 	g.CredentialBlob = []byte(creds.Secret)
 	g.Persist = winc.PersistLocalMachine
 	g.Attributes = []winc.CredentialAttribute{{"label", []byte(credentials.CredsLabel)}}
 	return g.Write()
 }
@@ -35,10 +40,17 @@ func (h Wincred) Get(serverURL string) (string, string, error) {
 	if g == nil {
 		return "", "", credentials.NewErrCredentialsNotFound()
 	}
-	return g.UserName, string(g.CredentialBlob), nil
+	for _, attr := range g.Attributes {
 		if strings.Compare(attr.Keyword, "label") == 0 &&
 			bytes.Compare(attr.Value, []byte(credentials.CredsLabel)) == 0 {
 			return g.UserName, string(g.CredentialBlob), nil
 		}
 	}
 	return "", "", credentials.NewErrCredentialsNotFound()
 }
-// List returns the stored URLs and corresponding usernames.
+// List returns the stored URLs and corresponding usernames for a given credentials label.
 func (h Wincred) List() (map[string]string, error) {
 	creds, err := winc.List()
 	if err != nil {
@@ -47,7 +59,16 @@ func (h Wincred) List() (map[string]string, error) {
 	resp := make(map[string]string)
 	for i := range creds {
-		resp[creds[i].TargetName] = creds[i].UserName
+		attrs := creds[i].Attributes
 		for _, attr := range attrs {
 			if strings.Compare(attr.Keyword, "label") == 0 &&
 				bytes.Compare(attr.Value, []byte(credentials.CredsLabel)) == 0 {
 				resp[creds[i].TargetName] = creds[i].UserName
 			}
 		}
 	}
 	return resp, nil
 }
@@ -2,6 +2,7 @@ package wincred
 import (
 	"testing"
 	"strings"
 	"github.com/docker/docker-credential-helpers/credentials"
 )
@@ -19,6 +20,31 @@ func TestWinCredHelper(t *testing.T) {
 	}
 	helper := Wincred{}
 	// check for and remove remaining credentials from previous fail tests
 	oldauths, err := helper.List()
 	if err != nil {
 		t.Fatal(err)
 	}
 	for k, v := range oldauths {
 		if strings.Compare(k, creds.ServerURL) == 0 && strings.Compare(v, creds.Username) == 0 {
 			if err := helper.Delete(creds.ServerURL); err != nil {
 				t.Fatal(err)
 			}
 		} else if strings.Compare(k, creds1.ServerURL) == 0 && strings.Compare(v, creds1.Username) == 0 {
 			if err := helper.Delete(creds1.ServerURL); err != nil {
 				t.Fatal(err)
 			}
 		}
 	}
 	// recount for credentials
 	oldauths, err = helper.List()
 	if err != nil {
 		t.Fatal(err)
 	}
 	if err := helper.Add(creds); err != nil {
 		t.Fatal(err)
 	}
@@ -37,7 +63,7 @@ func TestWinCredHelper(t *testing.T) {
 	}
 	auths, err := helper.List()
-	if err != nil || len(auths) == 0 {
+	if err != nil || len(auths) - len(oldauths) != 1 {
 		t.Fatal(err)
 	}
Author	SHA1	Message	Date
Jean-Laurent de Morlhon	0e7779e5a1	Merge pull request #66 from n4ss/release-v0.5.1 Update version tag to v0.5.1	2017-05-29 16:44:20 +02:00
Nassim 'Nass' Eddequiouaq	fb9549d396	Update version tag Signed-off-by: Nassim 'Nass' Eddequiouaq <eddequiouaq.nassim@gmail.com>	2017-05-29 16:32:21 +02:00
Nassim Eddequiouaq	ed11c58ebf	Prevent invalid credentials: no missing server URL or username (#62 ) * Prevent invalid credentials: no missing server URL or username Signed-off-by: Nassim 'Nass' Eddequiouaq <eddequiouaq.nassim@gmail.com> * Add missing username/serverURL error checks in credstore client Signed-off-by: Nassim 'Nass' Eddequiouaq <eddequiouaq.nassim@gmail.com> * Clean up doc on invalid creds errors and client's error checks Signed-off-by: Nassim 'Nass' Eddequiouaq <eddequiouaq.nassim@gmail.com> * Add tests for missing ServerURL/Username Signed-off-by: Nassim 'Nass' Eddequiouaq <eddequiouaq.nassim@gmail.com> * Clean isValidCredsMessage prototype Signed-off-by: Nassim 'Nass' Eddequiouaq <eddequiouaq.nassim@gmail.com> * Add test for missing server URL and more detailed error msg Signed-off-by: Nassim 'Nass' Eddequiouaq <eddequiouaq.nassim@gmail.com>	2017-05-29 10:21:50 +02:00
Vincent Demeester	79ab7059b0	Merge pull request #64 from shhsu/redirect_stderr Caller of cred helpers would now see the stderr returns from cred helpers	2017-05-26 09:25:21 -07:00
shhsu@microsoft.com	18d35e4984	Caller of cred helpers would now see the stderr returns from cred helpers Signed-off-by: shhsu@microsoft.com <shhsu@microsoft.com>	2017-05-24 15:41:34 -07:00
Vincent Demeester	71779cf7f5	Merge pull request #56 from simonferquel/align-get-with-list-filtering [Windows] align get with list behavior	2017-03-22 09:53:49 +01:00
Simon Ferquel	51c78cdc14	[Windows] align get with list behavior Avoiding to get unlabelled credentials Signed-off-by: Simon Ferquel <simon.ferquel@docker.com>	2017-03-16 18:16:37 +01:00
Vincent Demeester	120e37f15d	Merge pull request #54 from vdemeester/update-maintainers Add n4ss as maintainer 👼	2017-03-14 19:30:38 +01:00
Vincent Demeester	4962f775bf	Add n4ss as maintainer 👼 Signed-off-by: Vincent Demeester <vincent@sbr.pm>	2017-03-14 16:04:27 +01:00
Jean-Laurent de Morlhon	ce617b3357	Merge pull request #52 from jeanlaurent/run-test-on-release Clean and run test before osx release	2017-03-13 16:45:02 -07:00
Jean-Laurent de Morlhon	f3071aff0a	Merge pull request #53 from n4ss/fix-windows-typos-tests Fix syntax typos and tests implementation for Windows	2017-03-13 16:44:48 -07:00
Nassim 'Nass' Eddequiouaq	1515d4547e	Fix syntax typos and tests implementation for windows Signed-off-by: Nassim 'Nass' Eddequiouaq <eddequiouaq.nassim@gmail.com>	2017-03-13 14:51:03 -07:00
Jean-Laurent de Morlhon	f67589c36e	Clean and run test before osx release Signed-off-by: Jean-Laurent de Morlhon <jeanlaurent@morlhon.net>	2017-03-13 12:49:05 -07:00
Vincent Demeester	479de2a4f5	Merge pull request #45 from jeanlaurent/fix-mkdir Remove mkdir -p where neccessary	2017-03-13 20:43:59 +01:00
Vincent Demeester	cdba2ced06	Merge pull request #44 from jeanlaurent/osxrelease-task Add a osx release target to the makefile to ease releasing.	2017-03-13 20:43:49 +01:00
Nassim Eddequiouaq	7f0538cd5e	Merge pull request #50 from n4ss/fix-secserv-tests Fix secretservice tests and expected behaviors	2017-03-13 11:56:46 -07:00
Nassim Eddequiouaq	14381bf0d6	Merge pull request #49 from n4ss/label-creds Label credentials on each platform' creds store and fix secretservice behavior	2017-03-13 11:22:23 -07:00
Nassim 'Nass' Eddequiouaq	7133af577e	Creds label can be configured from helpers Signed-off-by: Nassim 'Nass' Eddequiouaq <eddequiouaq.nassim@gmail.com>	2017-03-11 12:34:22 +01:00
Nassim 'Nass' Eddequiouaq	2f2e85cfb9	Remove unnecessary creds list's size check Signed-off-by: Nassim 'Nass' Eddequiouaq <eddequiouaq.nassim@gmail.com>	2017-03-10 16:59:57 +01:00
Nassim 'Nass' Eddequiouaq	47566329ff	Fix secretservice tests and expected behaviors Signed-off-by: Nassim 'Nass' Eddequiouaq <eddequiouaq.nassim@gmail.com>	2017-03-10 07:29:25 -08:00
Nassim 'Nass' Eddequiouaq	b9d19b479a	Return empty server-url to usernames map if no search results Signed-off-by: Nassim 'Nass' Eddequiouaq <eddequiouaq.nassim@gmail.com>	2017-03-10 15:23:43 +01:00
Nassim 'Nass' Eddequiouaq	e522e56699	Fix memory leaks and non-null terminated strings usage Signed-off-by: Nassim 'Nass' Eddequiouaq <eddequiouaq.nassim@gmail.com>	2017-03-10 15:23:17 +01:00
Nassim 'Nass' Eddequiouaq	8cb3338668	Filter docker credentials with label directly through libsecret Signed-off-by: Nassim 'Nass' Eddequiouaq <eddequiouaq.nassim@gmail.com>	2017-03-10 15:18:14 +01:00
Nassim 'Nass' Eddequiouaq	cd76e4253f	Use the proper docker secret schema for items to search for Signed-off-by: Nassim 'Nass' Eddequiouaq <eddequiouaq.nassim@gmail.com>	2017-03-10 15:15:05 +01:00
Nassim 'Nass' Eddequiouaq	021d7d6a19	Add label filter on the list of secrets Signed-off-by: Nassim 'Nass' Eddequiouaq <eddequiouaq.nassim@gmail.com>	2017-03-10 15:14:34 +01:00
Nassim 'Nass' Eddequiouaq	2a8670e0da	Cleanup original modifications to the exposed APIs Signed-off-by: Nassim 'Nass' Eddequiouaq <eddequiouaq.nassim@gmail.com>	2017-03-10 15:14:04 +01:00
Nassim 'Nass' Eddequiouaq	c5fbd3a5ad	Fix type conversion for labels added to search queries on macOS Signed-off-by: Nassim 'Nass' Eddequiouaq <eddequiouaq.nassim@gmail.com>	2017-03-10 15:12:53 +01:00
Nassim 'Nass' Eddequiouaq	c6cf8aa13b	Add Label to Credentials in test files Signed-off-by: Nassim 'Nass' Eddequiouaq <eddequiouaq.nassim@gmail.com>	2017-03-10 15:12:32 +01:00
Nassim 'Nass' Eddequiouaq	cfe7556d6d	[SYNTAX] Run gofmt on changed files Signed-off-by: Nassim 'Nass' Eddequiouaq <eddequiouaq.nassim@gmail.com>	2017-03-10 15:12:12 +01:00
Nassim 'Nass' Eddequiouaq	23a1f310a5	Add a Docker Credentials label support for windows Signed-off-by: Nassim 'Nass' Eddequiouaq <eddequiouaq.nassim@gmail.com>	2017-03-10 15:11:57 +01:00
Nassim 'Nass' Eddequiouaq	f7f2744e6d	Add a Docker Credentials label support for linux Signed-off-by: Nassim 'Nass' Eddequiouaq <eddequiouaq.nassim@gmail.com>	2017-03-10 15:11:25 +01:00
Nassim 'Nass' Eddequiouaq	406812bf8e	Add a Docker Credentials label support for macOS Signed-off-by: Nassim 'Nass' Eddequiouaq <eddequiouaq.nassim@gmail.com>	2017-03-10 15:11:13 +01:00
Nassim 'Nass' Eddequiouaq	595b7f2531	Add a Docker Credentials label to store and list creds Signed-off-by: Nassim 'Nass' Eddequiouaq <eddequiouaq.nassim@gmail.com>	2017-03-10 15:10:54 +01:00
Jean-Laurent de Morlhon	ad4463616e	Remove mkdir -p where neccessary Signed-off-by: Jean-Laurent de Morlhon <jeanlaurent@morlhon.net>	2017-03-03 18:51:21 +01:00
Jean-Laurent de Morlhon	365da011fb	Add a osx release target to the makefile to ease releasing. Signed-off-by: Jean-Laurent de Morlhon <jeanlaurent@morlhon.net>	2017-03-03 18:49:23 +01:00