You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@subversion.apache.org by sv...@apache.org on 2018/10/02 04:00:05 UTC

svn commit: r1842578 - in /subversion/branches/1.10.x: ./ STATUS subversion/libsvn_ra_serf/util.c subversion/libsvn_subr/ssl_client_cert_pw_providers.c

Author: svn-role
Date: Tue Oct  2 04:00:05 2018
New Revision: 1842578

URL: http://svn.apache.org/viewvc?rev=1842578&view=rev
Log:
Merge the r1836762 group from trunk:

 * r1836762, r1836802
   Store the HTTPS client cert password.
   Justification:
     Restores a feature lost when we switched from neon to serf.
   Votes:
     +1: philip, rhuijben, stsp

Modified:
    subversion/branches/1.10.x/   (props changed)
    subversion/branches/1.10.x/STATUS
    subversion/branches/1.10.x/subversion/libsvn_ra_serf/util.c
    subversion/branches/1.10.x/subversion/libsvn_subr/ssl_client_cert_pw_providers.c

Propchange: subversion/branches/1.10.x/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Tue Oct  2 04:00:05 2018
@@ -101,4 +101,4 @@
 /subversion/branches/verify-at-commit:1462039-1462408
 /subversion/branches/verify-keep-going:1439280-1546110
 /subversion/branches/wc-collate-path:1402685-1480384
-/subversion/trunk:1817837,1817856,1818577-1818578,1818584,1818651,1818662,1818727,1818801,1818803,1818807,1818868,1818871,1819036-1819037,1819043,1819049,1819052,1819093,1819146,1819162,1819444,1819556-1819557,1819603,1819804,1819911,1820044,1820046-1820047,1820518,1820627,1820718,1820778,1821183,1821224,1821621,1821678,1822401,1822587,1822591,1822996,1823202-1823203,1823211,1823327,1823791,1823966,1823989,1824033,1825024,1825045,1825215,1825266,1825306,1825709,1825711,1825721,1825736,1825778,1825783,1825787-1825788,1825979,1826720-1826721,1826747,1826811,1826814,1826877,1826907,1826971,1827105,1827114,1827191,1827562,1827574,1827670,1828613,1829012,1829015,1829241,1829260,1829344,1830083,1830882-1830883,1830885,1830900-1830901,1831110,1831112,1831540,1833465,1833621,1833836,1833842,1833864,1833866,1833895,1833897,1833899,1833901,1835760,1836306,1837037
+/subversion/trunk:1817837,1817856,1818577-1818578,1818584,1818651,1818662,1818727,1818801,1818803,1818807,1818868,1818871,1819036-1819037,1819043,1819049,1819052,1819093,1819146,1819162,1819444,1819556-1819557,1819603,1819804,1819911,1820044,1820046-1820047,1820518,1820627,1820718,1820778,1821183,1821224,1821621,1821678,1822401,1822587,1822591,1822996,1823202-1823203,1823211,1823327,1823791,1823966,1823989,1824033,1825024,1825045,1825215,1825266,1825306,1825709,1825711,1825721,1825736,1825778,1825783,1825787-1825788,1825979,1826720-1826721,1826747,1826811,1826814,1826877,1826907,1826971,1827105,1827114,1827191,1827562,1827574,1827670,1828613,1829012,1829015,1829241,1829260,1829344,1830083,1830882-1830883,1830885,1830900-1830901,1831110,1831112,1831540,1833465,1833621,1833836,1833842,1833864,1833866,1833895,1833897,1833899,1833901,1835760,1836306,1836762,1836802,1837037

Modified: subversion/branches/1.10.x/STATUS
URL: http://svn.apache.org/viewvc/subversion/branches/1.10.x/STATUS?rev=1842578&r1=1842577&r2=1842578&view=diff
==============================================================================
--- subversion/branches/1.10.x/STATUS (original)
+++ subversion/branches/1.10.x/STATUS Tue Oct  2 04:00:05 2018
@@ -21,13 +21,6 @@ Veto-blocked changes:
 Approved changes:
 =================
 
- * r1836762, r1836802
-   Store the HTTPS client cert password.
-   Justification:
-     Restores a feature lost when we switched from neon to serf.
-   Votes:
-     +1: philip, rhuijben, stsp
-
  * r1834612, r1834835
    On the '1.10.x-issue4758' branch: Fix SVN-4758 "Unable to shelve changes
    when using custom diff-cmd".

Modified: subversion/branches/1.10.x/subversion/libsvn_ra_serf/util.c
URL: http://svn.apache.org/viewvc/subversion/branches/1.10.x/subversion/libsvn_ra_serf/util.c?rev=1842578&r1=1842577&r2=1842578&view=diff
==============================================================================
--- subversion/branches/1.10.x/subversion/libsvn_ra_serf/util.c (original)
+++ subversion/branches/1.10.x/subversion/libsvn_ra_serf/util.c Tue Oct  2 04:00:05 2018
@@ -756,6 +756,9 @@ handle_client_cert_pw(void *data,
 
     if (creds)
       {
+        /* At this stage we are unable to check whether the password
+           is correct; if it is incorrect serf will fail to establish
+           an SSL connection and will return a generic SSL error. */
         svn_auth_cred_ssl_client_cert_pw_t *pw_creds;
         pw_creds = creds;
         *password = pw_creds->password;
@@ -1445,6 +1448,23 @@ handle_response(serf_request_t *request,
 
  process_body:
 
+  /* A client cert file password was obtained and worked (any HTTP
+     response means that the SSL connection was established.) */
+  if (handler->conn->ssl_client_pw_auth_state)
+    {
+      SVN_ERR(svn_auth_save_credentials(handler->conn->ssl_client_pw_auth_state,
+                                        handler->session->pool));
+      handler->conn->ssl_client_pw_auth_state = NULL;
+    }
+  if (handler->conn->ssl_client_auth_state)
+    {
+      /* The cert file provider doesn't have any code to save creds so
+         this is currently a no-op. */
+      SVN_ERR(svn_auth_save_credentials(handler->conn->ssl_client_auth_state,
+                                        handler->session->pool));
+      handler->conn->ssl_client_auth_state = NULL;
+    }
+
   /* We've been instructed to ignore the body. Drain whatever is present.  */
   if (handler->discard_body)
     {

Modified: subversion/branches/1.10.x/subversion/libsvn_subr/ssl_client_cert_pw_providers.c
URL: http://svn.apache.org/viewvc/subversion/branches/1.10.x/subversion/libsvn_subr/ssl_client_cert_pw_providers.c?rev=1842578&r1=1842577&r2=1842578&view=diff
==============================================================================
--- subversion/branches/1.10.x/subversion/libsvn_subr/ssl_client_cert_pw_providers.c (original)
+++ subversion/branches/1.10.x/subversion/libsvn_subr/ssl_client_cert_pw_providers.c Tue Oct  2 04:00:05 2018
@@ -36,7 +36,7 @@
 #include "svn_private_config.h"
 
 /*-----------------------------------------------------------------------*/
-/* File provider                                                         */
+/* File password provider                                                */
 /*-----------------------------------------------------------------------*/
 
 /* Baton type for the ssl client cert passphrase provider. */
@@ -51,6 +51,13 @@ typedef struct ssl_client_cert_pw_file_p
   apr_hash_t *plaintext_answers;
 } ssl_client_cert_pw_file_provider_baton_t;
 
+/* The client cert password provider only deals with a password and
+   realm (the client cert filename), there is no username.  The gnome
+   keyring backend based on libsecret requires a non-NULL username so
+   we have to invent one.  An empty string is acceptable and doesn't
+   change the value stored by the kwallet backend. */
+#define DUMMY_USERNAME ""
+
 /* This implements the svn_auth__password_get_t interface.
    Set **PASSPHRASE to the plaintext passphrase retrieved from CREDS;
    ignore other parameters. */
@@ -132,7 +139,8 @@ svn_auth__ssl_client_cert_pw_cache_get(v
           svn_boolean_t done;
 
           SVN_ERR(passphrase_get(&done, &password, creds_hash, realmstring,
-                                 NULL, parameters, non_interactive, pool));
+                                 DUMMY_USERNAME, parameters, non_interactive,
+                                 pool));
           if (!done)
             password = NULL;
         }
@@ -293,7 +301,7 @@ svn_auth__ssl_client_cert_pw_cache_set(s
       if (may_save_passphrase)
         {
           SVN_ERR(passphrase_set(saved, creds_hash, realmstring,
-                                 NULL, creds->password, parameters,
+                                 DUMMY_USERNAME, creds->password, parameters,
                                  non_interactive, pool));
 
           if (*saved && passtype)