Keychain: Set kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly #14 #3

woboq · Apr 20, 2020 · eea6d06 · eea6d06
1 parent a39f570
commit eea6d06
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 4 deletions.
diff --git a/3rdparty/PDKeychainBindingsController/PDKeychainBindingsController.m b/3rdparty/PDKeychainBindingsController/PDKeychainBindingsController.m
@@ -81,18 +81,26 @@ - (BOOL)storeString:(NSString*)string forKey:(NSString*)key {
     } else {
 #if TARGET_OS_IPHONE
         NSData *stringData = [string dataUsingEncoding:NSUTF8StringEncoding];
-        NSDictionary *spec = [NSDictionary dictionaryWithObjectsAndKeys:(id)kSecClassGenericPassword, kSecClass,
-                              key, kSecAttrAccount,[self serviceName], kSecAttrService, nil];
+        NSDictionary *spec = [NSDictionary dictionaryWithObjectsAndKeys:
+                              (id)kSecClassGenericPassword, kSecClass,
+                              key, kSecAttrAccount,
+                              [self serviceName], kSecAttrService,
+                              kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly, kSecAttrAccessible,
+                              nil];
 
         if(!string) {
             return !SecItemDelete((CFDictionaryRef)spec);
         }else if([self stringForKey:key]) {
             NSDictionary *update = [NSDictionary dictionaryWithObject:stringData forKey:(id)kSecValueData];
-            return !SecItemUpdate((CFDictionaryRef)spec, (CFDictionaryRef)update);
+            OSStatus s = SecItemUpdate((CFDictionaryRef)spec, (CFDictionaryRef)update);
+            NSLog(@"Keychain update for %@ gave %d", key, s);
+            return !s;
         }else{
             NSMutableDictionary *data = [NSMutableDictionary dictionaryWithDictionary:spec];
             [data setObject:stringData forKey:(id)kSecValueData];
-            return !SecItemAdd((CFDictionaryRef)data, NULL);
+            OSStatus s = SecItemAdd((CFDictionaryRef)data, NULL);
+            NSLog(@"Keychain create for %@ gave %d", key, s);
+            return !s;
         }
 #else //OSX
         SecKeychainItemRef item = NULL;

diff --git a/quassel-for-ios/quassel-for-ios/vcs/LoginViewController.m b/quassel-for-ios/quassel-for-ios/vcs/LoginViewController.m
@@ -153,6 +153,12 @@ - (void) prepareForSegue:(UIStoryboardSegue *)segue sender:(id)sender
 {
     if ([segue.identifier isEqualToString:@"ConnectSegue"]) {
         PDKeychainBindings *kc = [PDKeychainBindings sharedKeychainBindings];
+        // Delete first so we can set security to kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly
+        [kc setObject:nil forKey:@"userName"];
+        [kc setObject:nil forKey:@"passWord"];
+        [kc setObject:nil forKey:@"hostName"];
+        [kc setObject:nil forKey:@"port"];
+        // Store
         [kc setObject:userNameField.text forKey:@"userName"];
         [kc setObject:passWordField.text forKey:@"passWord"];
         [kc setObject:hostNameField.text forKey:@"hostName"];