termscp 1.1.1

termscp is a feature rich terminal file transfer and explorer with support for SCP/SFTP/FTP/Kube/S3/WebDAV
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138

//! ## KeyringStorage
//!
//! `keyringstorage` provides an implementation of the `KeyStorage` trait using the OS keyring

// Local
// Ext
use std::sync::Once;

use keyring_core::{Entry as Keyring, Error as KeyringError};

use super::{KeyStorage, KeyStorageError};

/// Guards the one-time registration of the process-wide default credential store.
static INIT_STORE: Once = Once::new();

/// Registers the native credential store as `keyring-core`'s process-wide default.
///
/// Unlike `keyring` 3.x, which selected the credential store at compile time via
/// Cargo features, `keyring-core` 4.x requires the application to register a store
/// at runtime *before* creating any [`Keyring`] entry. We do this lazily and
/// exactly once, choosing the native store for the current platform. On platforms
/// with no supported store nothing is registered, so [`Keyring`] operations fail
/// and the caller transparently falls back to file-based storage.
fn ensure_default_store() {
    INIT_STORE.call_once(|| {
        #[cfg(target_os = "macos")]
        if let Ok(store) = apple_native_keyring_store::keychain::Store::new() {
            keyring_core::set_default_store(store);
        }
        #[cfg(target_os = "windows")]
        if let Ok(store) = windows_native_keyring_store::Store::new() {
            keyring_core::set_default_store(store);
        }
        #[cfg(any(target_os = "linux", target_os = "freebsd"))]
        if let Ok(store) = dbus_secret_service_keyring_store::Store::new() {
            keyring_core::set_default_store(store);
        }
    });
}

/// provides a `KeyStorage` implementation using the keyring crate
pub struct KeyringStorage {
    username: String,
}

impl KeyringStorage {
    /// Instantiates a new KeyringStorage
    pub fn new(username: &str) -> Self {
        KeyringStorage {
            username: username.to_string(),
        }
    }
}

impl KeyStorage for KeyringStorage {
    /// Retrieve key from the key storage.
    /// The key might be acccess through an identifier, which identifies
    /// the key in the storage
    fn get_key(&self, storage_id: &str) -> Result<String, KeyStorageError> {
        ensure_default_store();
        let storage: Keyring = Keyring::new(storage_id, self.username.as_str())?;
        match storage.get_password() {
            Ok(s) => Ok(s),
            Err(e) => match e {
                KeyringError::NoEntry => Err(KeyStorageError::NoSuchKey),
                KeyringError::PlatformFailure(_)
                | KeyringError::NoStorageAccess(_)
                | KeyringError::Invalid(_, _)
                | KeyringError::Ambiguous(_) => Err(KeyStorageError::ProviderError),
                KeyringError::BadEncoding(_) | KeyringError::TooLong(_, _) => {
                    Err(KeyStorageError::BadSyntax)
                }
                _ => Err(KeyStorageError::ProviderError),
            },
        }
    }

    /// Set the key into the key storage
    fn set_key(&self, storage_id: &str, key: &str) -> Result<(), KeyStorageError> {
        ensure_default_store();
        let storage: Keyring = Keyring::new(storage_id, self.username.as_str())?;
        match storage.set_password(key) {
            Ok(_) => Ok(()),
            Err(_) => Err(KeyStorageError::ProviderError),
        }
    }

    /// is_supported
    ///
    /// Returns whether the key storage is supported on the host system
    fn is_supported(&self) -> bool {
        ensure_default_store();
        let dummy: String = String::from("dummy-service");
        let storage: Keyring = match Keyring::new(dummy.as_str(), self.username.as_str()) {
            Ok(s) => s,
            Err(e) => {
                error!("could not instantiate keyring {e}");
                return false;
            }
        };
        // Check what kind of error is returned
        match storage.get_password() {
            Ok(_) => true,
            Err(KeyringError::NoStorageAccess(_) | KeyringError::PlatformFailure(_)) => false,
            Err(_) => true,
        }
    }
}

#[cfg(test)]
mod tests {
    #[test]
    #[cfg(all(not(feature = "github-actions"), not(feature = "isolated-tests")))]
    fn test_system_keys_keyring_storage() {
        use pretty_assertions::assert_eq;

        use super::*;

        let username = whoami::username().expect("no username");
        let storage = KeyringStorage::new(username.as_str());
        assert!(storage.is_supported());
        let app_name: &str = "termscp-test2";
        let secret: &str = "Th15-15/My-Супер-Секрет";
        let kring: Keyring = Keyring::new(app_name, username.as_str()).unwrap();
        let _ = kring.delete_credential();
        drop(kring);
        // Secret should not exist
        assert!(storage.get_key(app_name).is_err());
        // Write secret
        assert!(storage.set_key(app_name, secret).is_ok());
        // Get secret
        assert_eq!(storage.get_key(app_name).unwrap().as_str(), secret);

        // Delete the key manually...
        let kring: Keyring = Keyring::new(app_name, username.as_str()).unwrap();
        assert!(kring.delete_credential().is_ok());
    }
}