You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@subversion.apache.org by cm...@apache.org on 2012/10/02 19:18:01 UTC
svn commit: r1393043 - in /subversion/branches/1.7.x: ./
subversion/include/private/ subversion/libsvn_auth_gnome_keyring/
subversion/libsvn_auth_kwallet/ subversion/libsvn_subr/
Author: cmpilato
Date: Tue Oct 2 17:18:00 2012
New Revision: 1393043
URL: http://svn.apache.org/viewvc?rev=1393043&view=rev
Log:
On the '1.7.x' branch, merge changes from the '1.7.x-r1242759' branch:
* r1242759, r1242770, r1242794, r1380175, r1392599
Fix various issues with GNOME and KDE keyring providers, especially
as regards how their interact with --non-interactive mode. Fixes
issues #4110 ("kwallet not used with --non-interactive") and #4112
("gnome keyring --non-interactive fail with password on disk").
Justification:
Fixes user-reported problem which significantly limits
usabilility in certain environments.
Branch:
^/subversion/branches/1.7.x-r1242759
Votes:
+1: philip, cmpilato, breser
Modified:
subversion/branches/1.7.x/ (props changed)
subversion/branches/1.7.x/configure.ac
subversion/branches/1.7.x/subversion/include/private/svn_auth_private.h
subversion/branches/1.7.x/subversion/libsvn_auth_gnome_keyring/gnome_keyring.c
subversion/branches/1.7.x/subversion/libsvn_auth_kwallet/kwallet.cpp
subversion/branches/1.7.x/subversion/libsvn_subr/macos_keychain.c
subversion/branches/1.7.x/subversion/libsvn_subr/simple_providers.c
subversion/branches/1.7.x/subversion/libsvn_subr/ssl_client_cert_pw_providers.c
subversion/branches/1.7.x/subversion/libsvn_subr/win32_crypto.c
Propchange: subversion/branches/1.7.x/
------------------------------------------------------------------------------
Merged /subversion/trunk:r1242759,1242770,1242794,1380175,1392599
Merged /subversion/branches/1.7.x-r1242759:r1372522-1393041
Modified: subversion/branches/1.7.x/configure.ac
URL: http://svn.apache.org/viewvc/subversion/branches/1.7.x/configure.ac?rev=1393043&r1=1393042&r2=1393043&view=diff
==============================================================================
--- subversion/branches/1.7.x/configure.ac (original)
+++ subversion/branches/1.7.x/configure.ac Tue Oct 2 17:18:00 2012
@@ -532,7 +532,7 @@ AC_PREPROC_IFELSE([AC_LANG_SOURCE([[
CPPFLAGS="$old_CPPFLAGS"
-dnl D-Bus (required for support for KWallet and GNOME Keyring) -------------------
+dnl D-Bus (required for support for KWallet) -------------------
if test -n "$PKG_CONFIG"; then
AC_MSG_CHECKING([for D-Bus .pc file])
@@ -582,31 +582,27 @@ if test "$with_gnome_keyring" != "no"; t
if test "$svn_enable_shared" = "yes"; then
if test "$APR_HAS_DSO" = "yes"; then
if test -n "$PKG_CONFIG"; then
- if test "$HAVE_DBUS" = "yes"; then
- AC_MSG_CHECKING([for GLib and GNOME Keyring .pc files])
- if $PKG_CONFIG --exists glib-2.0 gnome-keyring-1; then
+ AC_MSG_CHECKING([for GLib and GNOME Keyring .pc files])
+ if $PKG_CONFIG --exists glib-2.0 gnome-keyring-1; then
+ AC_MSG_RESULT([yes])
+ old_CPPFLAGS="$CPPFLAGS"
+ SVN_GNOME_KEYRING_INCLUDES="`$PKG_CONFIG --cflags glib-2.0 gnome-keyring-1`"
+ CPPFLAGS="$CPPFLAGS $SVN_GNOME_KEYRING_INCLUDES"
+ AC_CHECK_HEADER(gnome-keyring.h, with_gnome_keyring=yes, with_gnome_keyring=no)
+ AC_MSG_CHECKING([for GNOME Keyring])
+ if test "$with_gnome_keyring" = "yes"; then
AC_MSG_RESULT([yes])
- old_CPPFLAGS="$CPPFLAGS"
- SVN_GNOME_KEYRING_INCLUDES="$DBUS_CPPFLAGS `$PKG_CONFIG --cflags glib-2.0 gnome-keyring-1`"
- CPPFLAGS="$CPPFLAGS $SVN_GNOME_KEYRING_INCLUDES"
- AC_CHECK_HEADER(gnome-keyring.h, with_gnome_keyring=yes, with_gnome_keyring=no)
- AC_MSG_CHECKING([for GNOME Keyring])
- if test "$with_gnome_keyring" = "yes"; then
- AC_MSG_RESULT([yes])
- AC_DEFINE([SVN_HAVE_GNOME_KEYRING], [1],
- [Is GNOME Keyring support enabled?])
- CPPFLAGS="$old_CPPFLAGS"
- SVN_GNOME_KEYRING_LIBS="$DBUS_LIBS `$PKG_CONFIG --libs glib-2.0 gnome-keyring-1`"
- else
- AC_MSG_RESULT([no])
- AC_MSG_ERROR([cannot find GNOME Keyring])
- fi
+ AC_DEFINE([SVN_HAVE_GNOME_KEYRING], [1],
+ [Is GNOME Keyring support enabled?])
+ CPPFLAGS="$old_CPPFLAGS"
+ SVN_GNOME_KEYRING_LIBS="`$PKG_CONFIG --libs glib-2.0 gnome-keyring-1`"
else
AC_MSG_RESULT([no])
- AC_MSG_ERROR([cannot find GLib and GNOME Keyring .pc files])
+ AC_MSG_ERROR([cannot find GNOME Keyring])
fi
else
- AC_MSG_ERROR([cannot find D-Bus])
+ AC_MSG_RESULT([no])
+ AC_MSG_ERROR([cannot find GLib and GNOME Keyring .pc files])
fi
else
AC_MSG_ERROR([cannot find pkg-config])
Modified: subversion/branches/1.7.x/subversion/include/private/svn_auth_private.h
URL: http://svn.apache.org/viewvc/subversion/branches/1.7.x/subversion/include/private/svn_auth_private.h?rev=1393043&r1=1393042&r2=1393043&view=diff
==============================================================================
--- subversion/branches/1.7.x/subversion/include/private/svn_auth_private.h (original)
+++ subversion/branches/1.7.x/subversion/include/private/svn_auth_private.h Tue Oct 2 17:18:00 2012
@@ -52,9 +52,12 @@ extern "C" {
from an external store, using REALMSTRING and USERNAME as keys.
(The behavior is undefined if REALMSTRING or USERNAME are NULL.)
If NON_INTERACTIVE is set, the user must not be involved in the
- retrieval process. POOL is used for any necessary allocation. */
-typedef svn_boolean_t (*svn_auth__password_get_t)
- (const char **password,
+ retrieval process. Set *DONE to TRUE if a password was stored
+ in *PASSWORD, to FALSE otherwise. POOL is used for any necessary
+ allocation. */
+typedef svn_error_t * (*svn_auth__password_get_t)
+ (svn_boolean_t *done,
+ const char **password,
apr_hash_t *creds,
const char *realmstring,
const char *username,
@@ -65,10 +68,12 @@ typedef svn_boolean_t (*svn_auth__passwo
/* A function that stores PASSWORD (or some encrypted version thereof)
either directly in CREDS, or externally using REALMSTRING and USERNAME
as keys into the external store. If NON_INTERACTIVE is set, the user
- must not be involved in the storage process. POOL is used for any
- necessary allocation. */
-typedef svn_boolean_t (*svn_auth__password_set_t)
- (apr_hash_t *creds,
+ must not be involved in the storage process. Set *DONE to TRUE if the
+ password was store, to FALSE otherwise. POOL is used for any necessary
+ allocation. */
+typedef svn_error_t * (*svn_auth__password_set_t)
+ (svn_boolean_t *done,
+ apr_hash_t *creds,
const char *realmstring,
const char *username,
const char *password,
@@ -110,8 +115,9 @@ svn_auth__simple_save_creds_helper(svn_b
/* Implementation of svn_auth__password_get_t that retrieves
the plaintext password from CREDS when USERNAME matches the stored
credentials. */
-svn_boolean_t
-svn_auth__simple_password_get(const char **password,
+svn_error_t *
+svn_auth__simple_password_get(svn_boolean_t *done,
+ const char **password,
apr_hash_t *creds,
const char *realmstring,
const char *username,
@@ -121,8 +127,9 @@ svn_auth__simple_password_get(const char
/* Implementation of svn_auth__password_set_t that stores
the plaintext password in CREDS. */
-svn_boolean_t
-svn_auth__simple_password_set(apr_hash_t *creds,
+svn_error_t *
+svn_auth__simple_password_set(svn_boolean_t *done,
+ apr_hash_t *creds,
const char *realmstring,
const char *username,
const char *password,
@@ -168,8 +175,9 @@ svn_auth__ssl_client_cert_pw_file_save_c
/* This implements the svn_auth__password_get_t interface.
Set **PASSPHRASE to the plaintext passphrase retrieved from CREDS;
ignore other parameters. */
-svn_boolean_t
-svn_auth__ssl_client_cert_pw_get(const char **passphrase,
+svn_error_t *
+svn_auth__ssl_client_cert_pw_get(svn_boolean_t *done,
+ const char **passphrase,
apr_hash_t *creds,
const char *realmstring,
const char *username,
@@ -179,8 +187,9 @@ svn_auth__ssl_client_cert_pw_get(const c
/* This implements the svn_auth__password_set_t interface.
Store PASSPHRASE in CREDS; ignore other parameters. */
-svn_boolean_t
-svn_auth__ssl_client_cert_pw_set(apr_hash_t *creds,
+svn_error_t *
+svn_auth__ssl_client_cert_pw_set(svn_boolean_t *done,
+ apr_hash_t *creds,
const char *realmstring,
const char *username,
const char *passphrase,
Modified: subversion/branches/1.7.x/subversion/libsvn_auth_gnome_keyring/gnome_keyring.c
URL: http://svn.apache.org/viewvc/subversion/branches/1.7.x/subversion/libsvn_auth_gnome_keyring/gnome_keyring.c?rev=1393043&r1=1393042&r2=1393043&view=diff
==============================================================================
--- subversion/branches/1.7.x/subversion/libsvn_auth_gnome_keyring/gnome_keyring.c (original)
+++ subversion/branches/1.7.x/subversion/libsvn_auth_gnome_keyring/gnome_keyring.c Tue Oct 2 17:18:00 2012
@@ -38,7 +38,6 @@
#include "svn_private_config.h"
#include <glib.h>
-#include <dbus/dbus.h>
#include <gnome-keyring.h>
@@ -230,10 +229,60 @@ unlock_gnome_keyring(const char *keyring
return TRUE;
}
-/* Implementation of password_get_t that retrieves the password
+
+/* There is a race here: this ensures keyring is unlocked just now,
+ but will it still be unlocked when we use it? */
+static svn_error_t *
+ensure_gnome_keyring_is_unlocked(svn_boolean_t non_interactive,
+ apr_hash_t *parameters,
+ apr_pool_t *scratch_pool)
+{
+ const char *default_keyring = get_default_keyring_name(scratch_pool);
+
+ if (! non_interactive)
+ {
+ svn_auth_gnome_keyring_unlock_prompt_func_t unlock_prompt_func =
+ apr_hash_get(parameters,
+ SVN_AUTH_PARAM_GNOME_KEYRING_UNLOCK_PROMPT_FUNC,
+ APR_HASH_KEY_STRING);
+ void *unlock_prompt_baton =
+ apr_hash_get(parameters,
+ SVN_AUTH_PARAM_GNOME_KEYRING_UNLOCK_PROMPT_BATON,
+ APR_HASH_KEY_STRING);
+
+ char *keyring_password;
+
+ if (unlock_prompt_func && check_keyring_is_locked(default_keyring))
+ {
+ SVN_ERR((*unlock_prompt_func)(&keyring_password,
+ default_keyring,
+ unlock_prompt_baton,
+ scratch_pool));
+
+ /* If keyring is locked give up and try the next provider. */
+ if (! unlock_gnome_keyring(default_keyring, keyring_password,
+ scratch_pool))
+ return SVN_NO_ERROR;
+ }
+ }
+ else
+ {
+ if (check_keyring_is_locked(default_keyring))
+ {
+ return svn_error_create(SVN_ERR_AUTHN_CREDS_UNAVAILABLE, NULL,
+ _("GNOME Keyring is locked and "
+ "we are non-interactive"));
+ }
+ }
+
+ return SVN_NO_ERROR;
+}
+
+/* Implementation of svn_auth__password_get_t that retrieves the password
from GNOME Keyring. */
-static svn_boolean_t
-password_get_gnome_keyring(const char **password,
+static svn_error_t *
+password_get_gnome_keyring(svn_boolean_t *done,
+ const char **password,
apr_hash_t *creds,
const char *realmstring,
const char *username,
@@ -244,13 +293,10 @@ password_get_gnome_keyring(const char **
char *default_keyring = NULL;
GnomeKeyringResult result;
GList *items;
- svn_boolean_t ret = FALSE;
- if (! dbus_bus_get(DBUS_BUS_SESSION, NULL))
- return FALSE;
+ *done = FALSE;
- if (! gnome_keyring_is_available())
- return FALSE;
+ SVN_ERR(ensure_gnome_keyring_is_unlocked(non_interactive, parameters, pool));
default_keyring = get_default_keyring_name(pool);
@@ -278,7 +324,7 @@ password_get_gnome_keyring(const char **
if (len > 0)
{
*password = apr_pstrmemdup(pool, item->password, len);
- ret = TRUE;
+ *done = TRUE;
}
}
gnome_keyring_network_password_list_free(items);
@@ -294,13 +340,14 @@ password_get_gnome_keyring(const char **
free(default_keyring);
- return ret;
+ return SVN_NO_ERROR;
}
-/* Implementation of password_set_t that stores the password in
+/* Implementation of svn_auth__password_set_t that stores the password in
GNOME Keyring. */
-static svn_boolean_t
-password_set_gnome_keyring(apr_hash_t *creds,
+static svn_error_t *
+password_set_gnome_keyring(svn_boolean_t *done,
+ apr_hash_t *creds,
const char *realmstring,
const char *username,
const char *password,
@@ -312,11 +359,9 @@ password_set_gnome_keyring(apr_hash_t *c
GnomeKeyringResult result;
guint32 item_id;
- if (! dbus_bus_get(DBUS_BUS_SESSION, NULL))
- return FALSE;
+ *done = FALSE;
- if (! gnome_keyring_is_available())
- return FALSE;
+ SVN_ERR(ensure_gnome_keyring_is_unlocked(non_interactive, parameters, pool));
default_keyring = get_default_keyring_name(pool);
@@ -344,7 +389,8 @@ password_set_gnome_keyring(apr_hash_t *c
free(default_keyring);
- return result == GNOME_KEYRING_RESULT_OK;
+ *done = (result == GNOME_KEYRING_RESULT_OK);
+ return SVN_NO_ERROR;
}
/* Get cached encrypted credentials from the simple provider's cache. */
@@ -356,43 +402,6 @@ simple_gnome_keyring_first_creds(void **
const char *realmstring,
apr_pool_t *pool)
{
- svn_boolean_t non_interactive = apr_hash_get(parameters,
- SVN_AUTH_PARAM_NON_INTERACTIVE,
- APR_HASH_KEY_STRING) != NULL;
- const char *default_keyring = get_default_keyring_name(pool);
- if (! non_interactive)
- {
- svn_auth_gnome_keyring_unlock_prompt_func_t unlock_prompt_func =
- apr_hash_get(parameters,
- SVN_AUTH_PARAM_GNOME_KEYRING_UNLOCK_PROMPT_FUNC,
- APR_HASH_KEY_STRING);
- void *unlock_prompt_baton =
- apr_hash_get(parameters, SVN_AUTH_PARAM_GNOME_KEYRING_UNLOCK_PROMPT_BATON,
- APR_HASH_KEY_STRING);
-
- char *keyring_password;
-
- if (unlock_prompt_func && check_keyring_is_locked(default_keyring))
- {
- SVN_ERR((*unlock_prompt_func)(&keyring_password,
- default_keyring,
- unlock_prompt_baton,
- pool));
-
- /* If keyring is locked give up and try the next provider. */
- if (! unlock_gnome_keyring(default_keyring, keyring_password, pool))
- return SVN_NO_ERROR;
- }
- }
- else
- {
- if (check_keyring_is_locked(default_keyring))
- {
- return svn_error_create(SVN_ERR_AUTHN_CREDS_UNAVAILABLE, NULL,
- _("GNOME Keyring is locked and "
- "we are non-interactive"));
- }
- }
return svn_auth__simple_first_creds_helper
(credentials,
iter_baton, provider_baton,
@@ -411,43 +420,6 @@ simple_gnome_keyring_save_creds(svn_bool
const char *realmstring,
apr_pool_t *pool)
{
- svn_boolean_t non_interactive = apr_hash_get(parameters,
- SVN_AUTH_PARAM_NON_INTERACTIVE,
- APR_HASH_KEY_STRING) != NULL;
- const char *default_keyring = get_default_keyring_name(pool);
- if (! non_interactive)
- {
- svn_auth_gnome_keyring_unlock_prompt_func_t unlock_prompt_func =
- apr_hash_get(parameters,
- SVN_AUTH_PARAM_GNOME_KEYRING_UNLOCK_PROMPT_FUNC,
- APR_HASH_KEY_STRING);
- void *unlock_prompt_baton =
- apr_hash_get(parameters, SVN_AUTH_PARAM_GNOME_KEYRING_UNLOCK_PROMPT_BATON,
- APR_HASH_KEY_STRING);
-
- char *keyring_password;
-
- if (unlock_prompt_func && check_keyring_is_locked(default_keyring))
- {
- SVN_ERR((*unlock_prompt_func)(&keyring_password,
- default_keyring,
- unlock_prompt_baton,
- pool));
-
- /* If keyring is locked give up and try the next provider. */
- if (! unlock_gnome_keyring(default_keyring, keyring_password, pool))
- return SVN_NO_ERROR;
- }
- }
- else
- {
- if (check_keyring_is_locked(default_keyring))
- {
- return svn_error_create(SVN_ERR_AUTHN_CREDS_NOT_SAVED, NULL,
- _("GNOME Keyring is locked and "
- "we are non-interactive"));
- }
- }
return svn_auth__simple_save_creds_helper
(saved, credentials,
provider_baton, parameters,
@@ -522,43 +494,6 @@ ssl_client_cert_pw_gnome_keyring_first_c
const char *realmstring,
apr_pool_t *pool)
{
- svn_boolean_t non_interactive = apr_hash_get(parameters,
- SVN_AUTH_PARAM_NON_INTERACTIVE,
- APR_HASH_KEY_STRING) != NULL;
- const char *default_keyring = get_default_keyring_name(pool);
- if (! non_interactive)
- {
- svn_auth_gnome_keyring_unlock_prompt_func_t unlock_prompt_func =
- apr_hash_get(parameters,
- SVN_AUTH_PARAM_GNOME_KEYRING_UNLOCK_PROMPT_FUNC,
- APR_HASH_KEY_STRING);
- void *unlock_prompt_baton =
- apr_hash_get(parameters, SVN_AUTH_PARAM_GNOME_KEYRING_UNLOCK_PROMPT_BATON,
- APR_HASH_KEY_STRING);
-
- char *keyring_password;
-
- if (unlock_prompt_func && check_keyring_is_locked(default_keyring))
- {
- SVN_ERR((*unlock_prompt_func)(&keyring_password,
- default_keyring,
- unlock_prompt_baton,
- pool));
-
- /* If keyring is locked give up and try the next provider. */
- if (! unlock_gnome_keyring(default_keyring, keyring_password, pool))
- return SVN_NO_ERROR;
- }
- }
- else
- {
- if (check_keyring_is_locked(default_keyring))
- {
- return svn_error_create(SVN_ERR_AUTHN_CREDS_UNAVAILABLE, NULL,
- _("GNOME Keyring is locked and "
- "we are non-interactive"));
- }
- }
return svn_auth__ssl_client_cert_pw_file_first_creds_helper
(credentials,
iter_baton, provider_baton,
@@ -578,43 +513,6 @@ ssl_client_cert_pw_gnome_keyring_save_cr
const char *realmstring,
apr_pool_t *pool)
{
- svn_boolean_t non_interactive = apr_hash_get(parameters,
- SVN_AUTH_PARAM_NON_INTERACTIVE,
- APR_HASH_KEY_STRING) != NULL;
- const char *default_keyring = get_default_keyring_name(pool);
- if (! non_interactive)
- {
- svn_auth_gnome_keyring_unlock_prompt_func_t unlock_prompt_func =
- apr_hash_get(parameters,
- SVN_AUTH_PARAM_GNOME_KEYRING_UNLOCK_PROMPT_FUNC,
- APR_HASH_KEY_STRING);
- void *unlock_prompt_baton =
- apr_hash_get(parameters, SVN_AUTH_PARAM_GNOME_KEYRING_UNLOCK_PROMPT_BATON,
- APR_HASH_KEY_STRING);
-
- char *keyring_password;
-
- if (unlock_prompt_func && check_keyring_is_locked(default_keyring))
- {
- SVN_ERR((*unlock_prompt_func)(&keyring_password,
- default_keyring,
- unlock_prompt_baton,
- pool));
-
- /* If keyring is locked give up and try the next provider. */
- if (! unlock_gnome_keyring(default_keyring, keyring_password, pool))
- return SVN_NO_ERROR;
- }
- }
- else
- {
- if (check_keyring_is_locked(default_keyring))
- {
- return svn_error_create(SVN_ERR_AUTHN_CREDS_NOT_SAVED, NULL,
- _("GNOME Keyring is locked and "
- "we are non-interactive"));
- }
- }
return svn_auth__ssl_client_cert_pw_file_save_creds_helper
(saved, credentials,
provider_baton, parameters,
Modified: subversion/branches/1.7.x/subversion/libsvn_auth_kwallet/kwallet.cpp
URL: http://svn.apache.org/viewvc/subversion/branches/1.7.x/subversion/libsvn_auth_kwallet/kwallet.cpp?rev=1393043&r1=1393042&r2=1393043&view=diff
==============================================================================
--- subversion/branches/1.7.x/subversion/libsvn_auth_kwallet/kwallet.cpp (original)
+++ subversion/branches/1.7.x/subversion/libsvn_auth_kwallet/kwallet.cpp Tue Oct 2 17:18:00 2012
@@ -181,8 +181,9 @@ kwallet_terminate(void *data)
/* Implementation of svn_auth__password_get_t that retrieves
the password from KWallet. */
-static svn_boolean_t
-kwallet_password_get(const char **password,
+static svn_error_t *
+kwallet_password_get(svn_boolean_t *done,
+ const char **password,
apr_hash_t *creds,
const char *realmstring,
const char *username,
@@ -190,14 +191,22 @@ kwallet_password_get(const char **passwo
svn_boolean_t non_interactive,
apr_pool_t *pool)
{
- if (non_interactive)
+ QString wallet_name = get_wallet_name(parameters);
+
+ *done = FALSE;
+
+ if (! dbus_bus_get(DBUS_BUS_SESSION, NULL))
{
- return FALSE;
+ return SVN_NO_ERROR;
}
- if (! dbus_bus_get(DBUS_BUS_SESSION, NULL))
+ if (non_interactive)
{
- return FALSE;
+ if (!KWallet::Wallet::isOpen(wallet_name))
+ return SVN_NO_ERROR;
+
+ /* There is a race here: the wallet was open just now, but will
+ it still be open when we come to use it below? */
}
QCoreApplication *app;
@@ -216,8 +225,6 @@ kwallet_password_get(const char **passwo
ki18n("Version control system"),
KCmdLineArgs::CmdLineArgKDE);
KComponentData component_data(KCmdLineArgs::aboutData());
- svn_boolean_t ret = FALSE;
- QString wallet_name = get_wallet_name(parameters);
QString folder = QString::fromUtf8("Subversion");
QString key =
QString::fromUtf8(username) + "@" + QString::fromUtf8(realmstring);
@@ -238,7 +245,7 @@ kwallet_password_get(const char **passwo
*password = apr_pstrmemdup(pool,
q_password.toUtf8().data(),
q_password.size());
- ret = TRUE;
+ *done = TRUE;
}
}
}
@@ -246,13 +253,14 @@ kwallet_password_get(const char **passwo
apr_pool_cleanup_register(pool, parameters, kwallet_terminate, NULL);
- return ret;
+ return SVN_NO_ERROR;
}
/* Implementation of svn_auth__password_set_t that stores
the password in KWallet. */
-static svn_boolean_t
-kwallet_password_set(apr_hash_t *creds,
+static svn_error_t *
+kwallet_password_set(svn_boolean_t *done,
+ apr_hash_t *creds,
const char *realmstring,
const char *username,
const char *password,
@@ -260,14 +268,22 @@ kwallet_password_set(apr_hash_t *creds,
svn_boolean_t non_interactive,
apr_pool_t *pool)
{
- if (non_interactive)
+ QString wallet_name = get_wallet_name(parameters);
+
+ *done = FALSE;
+
+ if (! dbus_bus_get(DBUS_BUS_SESSION, NULL))
{
- return FALSE;
+ return SVN_NO_ERROR;
}
- if (! dbus_bus_get(DBUS_BUS_SESSION, NULL))
+ if (non_interactive)
{
- return FALSE;
+ if (!KWallet::Wallet::isOpen(wallet_name))
+ return SVN_NO_ERROR;
+
+ /* There is a race here: the wallet was open just now, but will
+ it still be open when we come to use it below? */
}
QCoreApplication *app;
@@ -286,9 +302,7 @@ kwallet_password_set(apr_hash_t *creds,
ki18n("Version control system"),
KCmdLineArgs::CmdLineArgKDE);
KComponentData component_data(KCmdLineArgs::aboutData());
- svn_boolean_t ret = FALSE;
QString q_password = QString::fromUtf8(password);
- QString wallet_name = get_wallet_name(parameters);
QString folder = QString::fromUtf8("Subversion");
KWallet::Wallet *wallet = get_wallet(wallet_name, parameters);
if (wallet)
@@ -307,14 +321,14 @@ kwallet_password_set(apr_hash_t *creds,
+ QString::fromUtf8(realmstring);
if (wallet->writePassword(key, q_password) == 0)
{
- ret = TRUE;
+ *done = TRUE;
}
}
}
apr_pool_cleanup_register(pool, parameters, kwallet_terminate, NULL);
- return ret;
+ return SVN_NO_ERROR;
}
/* Get cached encrypted credentials from the simple provider's cache. */
Modified: subversion/branches/1.7.x/subversion/libsvn_subr/macos_keychain.c
URL: http://svn.apache.org/viewvc/subversion/branches/1.7.x/subversion/libsvn_subr/macos_keychain.c?rev=1393043&r1=1393042&r2=1393043&view=diff
==============================================================================
--- subversion/branches/1.7.x/subversion/libsvn_subr/macos_keychain.c (original)
+++ subversion/branches/1.7.x/subversion/libsvn_subr/macos_keychain.c Tue Oct 2 17:18:00 2012
@@ -65,8 +65,9 @@
/* Implementation of svn_auth__password_set_t that stores
the password in the OS X KeyChain. */
-static svn_boolean_t
-keychain_password_set(apr_hash_t *creds,
+static svn_error_t *
+keychain_password_set(svn_boolean_t *done,
+ apr_hash_t *creds,
const char *realmstring,
const char *username,
const char *password,
@@ -106,13 +107,16 @@ keychain_password_set(apr_hash_t *creds,
if (non_interactive)
SecKeychainSetUserInteractionAllowed(TRUE);
- return status == 0;
+ *done = (status == 0);
+
+ return SVN_NO_ERROR;
}
/* Implementation of svn_auth__password_get_t that retrieves
the password from the OS X KeyChain. */
-static svn_boolean_t
-keychain_password_get(const char **password,
+static svn_error_t *
+keychain_password_get(svn_boolean_t *done,
+ const char **password,
apr_hash_t *creds,
const char *realmstring,
const char *username,
@@ -124,6 +128,8 @@ keychain_password_get(const char **passw
UInt32 length;
void *data;
+ *done = FALSE;
+
if (non_interactive)
SecKeychainSetUserInteractionAllowed(FALSE);
@@ -137,11 +143,12 @@ keychain_password_get(const char **passw
SecKeychainSetUserInteractionAllowed(TRUE);
if (status != 0)
- return FALSE;
+ return SVN_NO_ERROR;
*password = apr_pstrmemdup(pool, data, length);
SecKeychainItemFreeContent(NULL, data);
- return TRUE;
+ *done = TRUE;
+ return SVN_NO_ERROR;
}
/* Get cached encrypted credentials from the simple provider's cache. */
Modified: subversion/branches/1.7.x/subversion/libsvn_subr/simple_providers.c
URL: http://svn.apache.org/viewvc/subversion/branches/1.7.x/subversion/libsvn_subr/simple_providers.c?rev=1393043&r1=1393042&r2=1393043&view=diff
==============================================================================
--- subversion/branches/1.7.x/subversion/libsvn_subr/simple_providers.c (original)
+++ subversion/branches/1.7.x/subversion/libsvn_subr/simple_providers.c Tue Oct 2 17:18:00 2012
@@ -62,8 +62,9 @@ typedef struct simple_provider_baton_t
/* Implementation of svn_auth__password_get_t that retrieves
the plaintext password from CREDS. */
-svn_boolean_t
-svn_auth__simple_password_get(const char **password,
+svn_error_t *
+svn_auth__simple_password_get(svn_boolean_t *done,
+ const char **password,
apr_hash_t *creds,
const char *realmstring,
const char *username,
@@ -72,6 +73,9 @@ svn_auth__simple_password_get(const char
apr_pool_t *pool)
{
svn_string_t *str;
+
+ *done = FALSE;
+
str = apr_hash_get(creds, AUTHN_USERNAME_KEY, APR_HASH_KEY_STRING);
if (str && username && strcmp(str->data, username) == 0)
{
@@ -79,16 +83,18 @@ svn_auth__simple_password_get(const char
if (str && str->data)
{
*password = str->data;
- return TRUE;
+ *done = TRUE;
}
}
- return FALSE;
+
+ return SVN_NO_ERROR;
}
/* Implementation of svn_auth__password_set_t that stores
the plaintext password in CREDS. */
-svn_boolean_t
-svn_auth__simple_password_set(apr_hash_t *creds,
+svn_error_t *
+svn_auth__simple_password_set(svn_boolean_t *done,
+ apr_hash_t *creds,
const char *realmstring,
const char *username,
const char *password,
@@ -98,7 +104,9 @@ svn_auth__simple_password_set(apr_hash_t
{
apr_hash_set(creds, AUTHN_PASSWORD_KEY, APR_HASH_KEY_STRING,
svn_string_create(password, pool));
- return TRUE;
+ *done = TRUE;
+
+ return SVN_NO_ERROR;
}
/* Set **USERNAME to the username retrieved from CREDS; ignore
@@ -211,8 +219,12 @@ svn_auth__simple_first_creds_helper(void
{
if (have_passtype)
{
- if (!password_get(&default_password, creds_hash, realmstring,
- username, parameters, non_interactive, pool))
+ svn_boolean_t done;
+
+ SVN_ERR(password_get(&done, &default_password, creds_hash,
+ realmstring, username, parameters,
+ non_interactive, pool));
+ if (!done)
{
need_to_save = TRUE;
}
@@ -241,9 +253,12 @@ svn_auth__simple_first_creds_helper(void
password = NULL;
else
{
- if (!password_get(&password, creds_hash, realmstring,
- username, parameters, non_interactive,
- pool))
+ svn_boolean_t done;
+
+ SVN_ERR(password_get(&done, &password, creds_hash,
+ realmstring, username, parameters,
+ non_interactive, pool));
+ if (!done)
password = NULL;
/* If the auth data didn't contain a password type,
@@ -452,9 +467,9 @@ svn_auth__simple_save_creds_helper(svn_b
if (may_save_password)
{
- *saved = password_set(creds_hash, realmstring,
- creds->username, creds->password,
- parameters, non_interactive, pool);
+ SVN_ERR(password_set(saved, creds_hash, realmstring,
+ creds->username, creds->password,
+ parameters, non_interactive, pool));
if (*saved && passtype)
/* Store the password type with the auth data, so that we
know which provider owns the password. */
Modified: subversion/branches/1.7.x/subversion/libsvn_subr/ssl_client_cert_pw_providers.c
URL: http://svn.apache.org/viewvc/subversion/branches/1.7.x/subversion/libsvn_subr/ssl_client_cert_pw_providers.c?rev=1393043&r1=1393042&r2=1393043&view=diff
==============================================================================
--- subversion/branches/1.7.x/subversion/libsvn_subr/ssl_client_cert_pw_providers.c (original)
+++ subversion/branches/1.7.x/subversion/libsvn_subr/ssl_client_cert_pw_providers.c Tue Oct 2 17:18:00 2012
@@ -63,8 +63,9 @@ typedef struct ssl_client_cert_pw_file_p
/* This implements the svn_auth__password_get_t interface.
Set **PASSPHRASE to the plaintext passphrase retrieved from CREDS;
ignore other parameters. */
-svn_boolean_t
-svn_auth__ssl_client_cert_pw_get(const char **passphrase,
+svn_error_t *
+svn_auth__ssl_client_cert_pw_get(svn_boolean_t *done,
+ const char **passphrase,
apr_hash_t *creds,
const char *realmstring,
const char *username,
@@ -77,15 +78,18 @@ svn_auth__ssl_client_cert_pw_get(const c
if (str && str->data)
{
*passphrase = str->data;
- return TRUE;
+ *done = TRUE;
+ return SVN_NO_ERROR;
}
- return FALSE;
+ *done = FALSE;
+ return SVN_NO_ERROR;
}
/* This implements the svn_auth__password_set_t interface.
Store PASSPHRASE in CREDS; ignore other parameters. */
-svn_boolean_t
-svn_auth__ssl_client_cert_pw_set(apr_hash_t *creds,
+svn_error_t *
+svn_auth__ssl_client_cert_pw_set(svn_boolean_t *done,
+ apr_hash_t *creds,
const char *realmstring,
const char *username,
const char *passphrase,
@@ -95,7 +99,8 @@ svn_auth__ssl_client_cert_pw_set(apr_has
{
apr_hash_set(creds, AUTHN_PASSPHRASE_KEY, APR_HASH_KEY_STRING,
svn_string_create(passphrase, pool));
- return TRUE;
+ *done = TRUE;
+ return SVN_NO_ERROR;
}
svn_error_t *
@@ -137,8 +142,11 @@ svn_auth__ssl_client_cert_pw_file_first_
svn_error_clear(err);
if (! err && creds_hash)
{
- if (!passphrase_get(&password, creds_hash, realmstring,
- NULL, parameters, non_interactive, pool))
+ svn_boolean_t done;
+
+ SVN_ERR(passphrase_get(&done, &password, creds_hash, realmstring,
+ NULL, parameters, non_interactive, pool));
+ if (!done)
password = NULL;
}
}
@@ -301,9 +309,9 @@ svn_auth__ssl_client_cert_pw_file_save_c
if (may_save_passphrase)
{
- *saved = passphrase_set(creds_hash, realmstring,
- NULL, creds->password, parameters,
- non_interactive, pool);
+ SVN_ERR(passphrase_set(saved, creds_hash, realmstring,
+ NULL, creds->password, parameters,
+ non_interactive, pool));
if (*saved && passtype)
{
Modified: subversion/branches/1.7.x/subversion/libsvn_subr/win32_crypto.c
URL: http://svn.apache.org/viewvc/subversion/branches/1.7.x/subversion/libsvn_subr/win32_crypto.c?rev=1393043&r1=1393042&r2=1393043&view=diff
==============================================================================
--- subversion/branches/1.7.x/subversion/libsvn_subr/win32_crypto.c (original)
+++ subversion/branches/1.7.x/subversion/libsvn_subr/win32_crypto.c Tue Oct 2 17:18:00 2012
@@ -52,8 +52,9 @@ static const WCHAR description[] = L"aut
/* Implementation of svn_auth__password_set_t that encrypts
the incoming password using the Windows CryptoAPI. */
-static svn_boolean_t
-windows_password_encrypter(apr_hash_t *creds,
+static svn_error_t *
+windows_password_encrypter(svn_boolean_t *done,
+ apr_hash_t *creds,
const char *realmstring,
const char *username,
const char *in,
@@ -73,20 +74,21 @@ windows_password_encrypter(apr_hash_t *c
{
char *coded = apr_palloc(pool, apr_base64_encode_len(blobout.cbData));
apr_base64_encode(coded, (const char*)blobout.pbData, blobout.cbData);
- crypted = svn_auth__simple_password_set(creds, realmstring, username,
- coded, parameters,
- non_interactive, pool);
+ SVN_ERR(svn_auth__simple_password_set(done, creds, realmstring, username,
+ coded, parameters,
+ non_interactive, pool));
LocalFree(blobout.pbData);
}
- return crypted;
+ return SVN_NO_ERROR;
}
/* Implementation of svn_auth__password_get_t that decrypts
the incoming password using the Windows CryptoAPI and verifies its
validity. */
-static svn_boolean_t
-windows_password_decrypter(const char **out,
+static svn_error_t *
+windows_password_decrypter(svn_boolean_t *done,
+ const char **out,
apr_hash_t *creds,
const char *realmstring,
const char *username,
@@ -100,9 +102,10 @@ windows_password_decrypter(const char **
svn_boolean_t decrypted;
char *in;
- if (!svn_auth__simple_password_get(&in, creds, realmstring, username,
- parameters, non_interactive, pool))
- return FALSE;
+ SVN_ERR(svn_auth__simple_password_get(done, &in, creds, realmstring, username,
+ parameters, non_interactive, pool));
+ if (!done)
+ return SVN_NO_ERROR;
blobin.cbData = strlen(in);
blobin.pbData = apr_palloc(pool, apr_base64_decode_len(in));
@@ -119,7 +122,8 @@ windows_password_decrypter(const char **
LocalFree(descr);
}
- return decrypted;
+ *done = decrypted;
+ return SVN_NO_ERROR;
}
/* Get cached encrypted credentials from the simple provider's cache. */
@@ -186,8 +190,9 @@ svn_auth_get_windows_simple_provider(svn
/* Implementation of svn_auth__password_set_t that encrypts
the incoming password using the Windows CryptoAPI. */
-static svn_boolean_t
-windows_ssl_client_cert_pw_encrypter(apr_hash_t *creds,
+static svn_error_t *
+windows_ssl_client_cert_pw_encrypter(svn_boolean_t *done,
+ apr_hash_t *creds,
const char *realmstring,
const char *username,
const char *in,
@@ -207,20 +212,21 @@ windows_ssl_client_cert_pw_encrypter(apr
{
char *coded = apr_palloc(pool, apr_base64_encode_len(blobout.cbData));
apr_base64_encode(coded, (const char*)blobout.pbData, blobout.cbData);
- crypted = svn_auth__ssl_client_cert_pw_set(creds, realmstring, username,
- coded, parameters,
- non_interactive, pool);
+ SVN_ERR(svn_auth__ssl_client_cert_pw_set(done, creds, realmstring,
+ username, coded, parameters,
+ non_interactive, pool));
LocalFree(blobout.pbData);
}
- return crypted;
+ return SVN_NO_ERROR;
}
/* Implementation of svn_auth__password_get_t that decrypts
the incoming password using the Windows CryptoAPI and verifies its
validity. */
-static svn_boolean_t
-windows_ssl_client_cert_pw_decrypter(const char **out,
+static svn_error_t *
+windows_ssl_client_cert_pw_decrypter(svn_boolean_t *done,
+ const char **out,
apr_hash_t *creds,
const char *realmstring,
const char *username,
@@ -234,9 +240,11 @@ windows_ssl_client_cert_pw_decrypter(con
svn_boolean_t decrypted;
char *in;
- if (!svn_auth__ssl_client_cert_pw_get(&in, creds, realmstring, username,
- parameters, non_interactive, pool))
- return FALSE;
+ SVN_ERR(svn_auth__ssl_client_cert_pw_get(done, &in, creds, realmstring,
+ username, parameters,
+ non_interactive, pool));
+ if (!done)
+ return SVN_NO_ERROR;
blobin.cbData = strlen(in);
blobin.pbData = apr_palloc(pool, apr_base64_decode_len(in));
@@ -253,7 +261,8 @@ windows_ssl_client_cert_pw_decrypter(con
LocalFree(descr);
}
- return decrypted;
+ *done = decrypted;
+ return SVN_NO_ERROR;
}
/* Get cached encrypted credentials from the simple provider's cache. */