From eea6d0606fb82a982da5d5bef6a4b127aa89ef76 Mon Sep 17 00:00:00 2001
From: Markus Goetz <markus@woboq.com>
Date: Mon, 20 Apr 2020 10:51:45 +0200
Subject: [PATCH] Keychain: Set
 kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly #14 #3

---
 .../PDKeychainBindingsController.m               | 16 ++++++++++++----
 .../quassel-for-ios/vcs/LoginViewController.m    |  6 ++++++
 2 files changed, 18 insertions(+), 4 deletions(-)

diff --git a/3rdparty/PDKeychainBindingsController/PDKeychainBindingsController.m b/3rdparty/PDKeychainBindingsController/PDKeychainBindingsController.m
index d8443a6..06ba079 100644
--- a/3rdparty/PDKeychainBindingsController/PDKeychainBindingsController.m
+++ b/3rdparty/PDKeychainBindingsController/PDKeychainBindingsController.m
@@ -81,18 +81,26 @@ - (BOOL)storeString:(NSString*)string forKey:(NSString*)key {
     } else {
 #if TARGET_OS_IPHONE
         NSData *stringData = [string dataUsingEncoding:NSUTF8StringEncoding];
-        NSDictionary *spec = [NSDictionary dictionaryWithObjectsAndKeys:(id)kSecClassGenericPassword, kSecClass,
-                              key, kSecAttrAccount,[self serviceName], kSecAttrService, nil];
+        NSDictionary *spec = [NSDictionary dictionaryWithObjectsAndKeys:
+                              (id)kSecClassGenericPassword, kSecClass,
+                              key, kSecAttrAccount,
+                              [self serviceName], kSecAttrService,
+                              kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly, kSecAttrAccessible,
+                              nil];
         
         if(!string) {
             return !SecItemDelete((CFDictionaryRef)spec);
         }else if([self stringForKey:key]) {
             NSDictionary *update = [NSDictionary dictionaryWithObject:stringData forKey:(id)kSecValueData];
-            return !SecItemUpdate((CFDictionaryRef)spec, (CFDictionaryRef)update);
+            OSStatus s = SecItemUpdate((CFDictionaryRef)spec, (CFDictionaryRef)update);
+            NSLog(@"Keychain update for %@ gave %d", key, s);
+            return !s;
         }else{
             NSMutableDictionary *data = [NSMutableDictionary dictionaryWithDictionary:spec];
             [data setObject:stringData forKey:(id)kSecValueData];
-            return !SecItemAdd((CFDictionaryRef)data, NULL);
+            OSStatus s = SecItemAdd((CFDictionaryRef)data, NULL);
+            NSLog(@"Keychain create for %@ gave %d", key, s);
+            return !s;
         }
 #else //OSX
         SecKeychainItemRef item = NULL;
diff --git a/quassel-for-ios/quassel-for-ios/vcs/LoginViewController.m b/quassel-for-ios/quassel-for-ios/vcs/LoginViewController.m
index 4e46351..131cf48 100644
--- a/quassel-for-ios/quassel-for-ios/vcs/LoginViewController.m
+++ b/quassel-for-ios/quassel-for-ios/vcs/LoginViewController.m
@@ -153,6 +153,12 @@ - (void) prepareForSegue:(UIStoryboardSegue *)segue sender:(id)sender
 {
     if ([segue.identifier isEqualToString:@"ConnectSegue"]) {
         PDKeychainBindings *kc = [PDKeychainBindings sharedKeychainBindings];
+        // Delete first so we can set security to kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly
+        [kc setObject:nil forKey:@"userName"];
+        [kc setObject:nil forKey:@"passWord"];
+        [kc setObject:nil forKey:@"hostName"];
+        [kc setObject:nil forKey:@"port"];
+        // Store
         [kc setObject:userNameField.text forKey:@"userName"];
         [kc setObject:passWordField.text forKey:@"passWord"];
         [kc setObject:hostNameField.text forKey:@"hostName"];