libobs: Add libsecret keychain implementation

obsproject · Jun 30, 2023 · 7ae14b9 · 7ae14b9
1 parent 50e56ea
commit 7ae14b9
Show file tree

Hide file tree

Showing 4 changed files with 120 additions and 1 deletion.
diff --git a/libobs/cmake/legacy.cmake b/libobs/cmake/legacy.cmake
@@ -424,6 +424,14 @@ elseif(OS_POSIX)
     target_link_libraries(libobs PRIVATE GIO::GIO)
 
     target_sources(libobs PRIVATE util/platform-nix-dbus.c util/platform-nix-portal.c)
+
+    find_package(Libsecret)
+    if(TARGET Libsecret::Libsecret)
+      obs_status(STATUS "-> libsecret found, enabling keychain API")
+      target_link_libraries(libobs PRIVATE Libsecret::Libsecret)
+      target_compile_definitions(libobs PRIVATE USE_LIBSECRET)
+      target_sources(libobs PRIVATE util/platform-nix-libsecret.c)
+    endif()
   endif()
 
   if(TARGET XCB::XINPUT)

diff --git a/libobs/cmake/os-linux.cmake b/libobs/cmake/os-linux.cmake
@@ -5,6 +5,7 @@ find_package(x11-xcb REQUIRED)
 find_package(xcb COMPONENTS xcb OPTIONAL_COMPONENTS xcb-xinput QUIET)
 # cmake-format: on
 find_package(gio)
+find_package(Libsecret)
 
 target_sources(
   libobs
@@ -43,6 +44,15 @@ endif()
 if(TARGET gio::gio)
   target_sources(libobs PRIVATE util/platform-nix-dbus.c util/platform-nix-portal.c)
   target_link_libraries(libobs PRIVATE gio::gio)
+
+  if(TARGET Libsecret::Libsecret)
+    target_compile_definitions(libobs PRIVATE USE_LIBSECRET)
+    target_sources(libobs PRIVATE util/platform-nix-libsecret.c)
+    target_link_libraries(libobs PRIVATE Libsecret::Libsecret)
+    target_enable_feature(libobs "Libsecret Keychain API (Linux)")
+  else()
+    target_disable_feature(libobs "Libsecret Keychain API (Linux)")
+  endif()
 endif()
 
 if(ENABLE_WAYLAND)

diff --git a/libobs/util/platform-nix-libsecret.c b/libobs/util/platform-nix-libsecret.c
@@ -0,0 +1,101 @@
+/*
+ * Copyright (c) 2023 Dennis Sädtler <[email protected]>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <gio/gio.h>
+#include <libsecret/secret.h>
+
+#include "platform.h"
+#include "bmem.h"
+
+static const SecretSchema obs_schema = {
+	"com.obsproject.libobs.Secret",
+	SECRET_SCHEMA_NONE,
+	{
+		{"key", SECRET_SCHEMA_ATTRIBUTE_STRING},
+		{"NULL", 0},
+	}};
+
+bool os_keychain_available(void)
+{
+	return true;
+}
+
+bool os_keychain_save(const char *label, const char *key, const char *data)
+{
+	if (!label || !key || !data)
+		return false;
+
+	GError *error = NULL;
+	secret_password_store_sync(&obs_schema, SECRET_COLLECTION_DEFAULT,
+				   label, data, NULL, &error, "key", key, NULL);
+	if (error != NULL) {
+		blog(LOG_ERROR,
+		     "Keychain item \"%s::%s\" could not be saved: %s", label,
+		     key, error->message);
+		g_error_free(error);
+		return false;
+	}
+
+	return true;
+}
+
+bool os_keychain_load(const char *label, const char *key, char **data)
+{
+	if (!label || !key || !data)
+		return false;
+
+	GError *error = NULL;
+	gchar *password = secret_password_lookup_sync(&obs_schema, NULL, &error,
+						      "key", key, NULL);
+
+	if (error != NULL) {
+		blog(LOG_ERROR,
+		     "Keychain item \"%s::%s\" could not be read: %s", label,
+		     key, error->message);
+		g_error_free(error);
+		return false;
+	} else if (password == NULL) {
+		return false;
+	}
+
+	*data = bstrdup(password);
+	secret_password_free(password);
+	return true;
+}
+
+bool os_keychain_delete(const char *label, const char *key)
+{
+	if (!label || !key)
+		return false;
+
+	GError *error = NULL;
+	gboolean removed = secret_password_clear_sync(&obs_schema, NULL, &error,
+						      "key", key, NULL);
+
+	if (error != NULL) {
+		if (error->code == SECRET_ERROR_NO_SUCH_OBJECT) {
+			removed = true;
+		} else {
+			blog(LOG_ERROR,
+			     "Keychain item \"%s::%s\" could not be deleted: %s",
+			     label, key, error->message);
+		}
+
+		g_error_free(error);
+	}
+
+	return removed;
+}
diff --git a/libobs/util/platform-nix.c b/libobs/util/platform-nix.c
@@ -1149,7 +1149,7 @@ char *os_generate_uuid(void)
 	return out;
 }
 
-#ifndef __APPLE__
+#if !defined(__APPLE__) && !defined(USE_LIBSECRET)
 bool os_keychain_available(void)
 {
 	return false;