You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@subversion.apache.org by st...@apache.org on 2014/02/27 17:06:29 UTC
svn commit: r1572640 - in /subversion/trunk/subversion: include/svn_config.h
libsvn_subr/simple_providers.c libsvn_subr/ssl_client_cert_pw_providers.c
libsvn_subr/ssl_server_trust_providers.c libsvn_subr/username_providers.c
svn/auth-cmd.c
Author: stsp
Date: Thu Feb 27 16:06:28 2014
New Revision: 1572640
URL: http://svn.apache.org/r1572640
Log:
Make the auth cache hash keys part of the public API.
This allows API consumers to make better use of the data returned by
functions like svn_config_walk_auth_data(), eliminates duplicate
definitions of some of these keys, and makes it easier to add new
key definitions in the future.
There is no reason for these definitions to be private since we are
unlikely to remove existing hash keys used by the on-disk format.
* subversion/include/svn_config.h
(SVN_CONFIG_AUTHN_USERNAME_KEY,
SVN_CONFIG_AUTHN_PASSWORD_KEY,
SVN_CONFIG_AUTHN_PASSPHRASE_KEY,
SVN_CONFIG_AUTHN_PASSTYPE_KEY,
SVN_CONFIG_AUTHN_ASCII_CERT_KEY,
SVN_CONFIG_AUTHN_FAILURES_KEY): Declare and document. Equivalent to
local AUTHN_* macro definitions in the various files below.
* subversion/libsvn_subr/simple_providers.c,
subversion/libsvn_subr/ssl_client_cert_pw_providers.c,
subversion/libsvn_subr/ssl_server_trust_providers.c,
subversion/libsvn_subr/username_providers.c,
subversion/svn/auth-cmd.c: Remove local definitions of hash keys and
use the global definitions instead.
Modified:
subversion/trunk/subversion/include/svn_config.h
subversion/trunk/subversion/libsvn_subr/simple_providers.c
subversion/trunk/subversion/libsvn_subr/ssl_client_cert_pw_providers.c
subversion/trunk/subversion/libsvn_subr/ssl_server_trust_providers.c
subversion/trunk/subversion/libsvn_subr/username_providers.c
subversion/trunk/subversion/svn/auth-cmd.c
Modified: subversion/trunk/subversion/include/svn_config.h
URL: http://svn.apache.org/viewvc/subversion/trunk/subversion/include/svn_config.h?rev=1572640&r1=1572639&r2=1572640&view=diff
==============================================================================
--- subversion/trunk/subversion/include/svn_config.h (original)
+++ subversion/trunk/subversion/include/svn_config.h Thu Feb 27 16:06:28 2014
@@ -674,6 +674,40 @@ svn_config_ensure(const char *config_dir
*/
#define SVN_CONFIG_REALMSTRING_KEY "svn:realmstring"
+/** Hash keys used for attributes of authentication credentials.
+ *
+ * @c SVN_CONFIG_AUTHN_USERNAME_KEY is a key for usernames.
+ *
+ * @c SVN_CONFIG_AUTHN_PASSWORD_KEY is a key for passwords.
+ * The password may be in plaintext or encrypted form, depending on
+ * the authentication provider.
+ *
+ * @c SVN_CONFIG_AUTHN_PASSPHRASE_KEY is a key for passphrases,
+ * such as SSL client ceritifcate passphrases. The passphrase may be in
+ * plaintext or encrypted form, depending on the authentication provider.
+ *
+ * @c SVN_CONFIG_AUTHN_PASSTYPE_KEY records the passphrase type next to
+ * a password or passphrase, so that anyone who is manually editing files
+ * in the auth cache can know which provider owns the credential.
+ *
+ * @c SVN_CONFIG_AUTHN_ASCII_CERT_KEY is a key for an ASCII-representation
+ * of an SSL certificate using base64 encoding. This is not human-readable!
+ *
+ * @c SVN_CONFIG_AUTHN_FAILURES_KEY is a key for SSL certificate verification
+ * failures encoded as an ASCII integer containing any of the SVN_AUTH_SSL_*
+ * SSL server certificate failure bits defined in svn_auth.h.
+ *
+ * @since New in 1.9.
+ * @note: These hash keys were also used in versions < 1.9 but were
+ * not part of the public API.
+ */
+#define SVN_CONFIG_AUTHN_USERNAME_KEY "username"
+#define SVN_CONFIG_AUTHN_PASSWORD_KEY "password"
+#define SVN_CONFIG_AUTHN_PASSPHRASE_KEY "passphrase"
+#define SVN_CONFIG_AUTHN_PASSTYPE_KEY "passtype"
+#define SVN_CONFIG_AUTHN_ASCII_CERT_KEY "ascii_cert"
+#define SVN_CONFIG_AUTHN_FAILURES_KEY "failures"
+
/** Use @a cred_kind and @a realmstring to locate a file within the
* ~/.subversion/auth/ area. If the file exists, initialize @a *hash
* and load the file contents into the hash, using @a pool. If the
Modified: subversion/trunk/subversion/libsvn_subr/simple_providers.c
URL: http://svn.apache.org/viewvc/subversion/trunk/subversion/libsvn_subr/simple_providers.c?rev=1572640&r1=1572639&r2=1572640&view=diff
==============================================================================
--- subversion/trunk/subversion/libsvn_subr/simple_providers.c (original)
+++ subversion/trunk/subversion/libsvn_subr/simple_providers.c Thu Feb 27 16:06:28 2014
@@ -47,12 +47,6 @@
/* File provider */
/*-----------------------------------------------------------------------*/
-/* The keys that will be stored on disk. These serve the same role as
- similar constants in other providers. */
-#define AUTHN_USERNAME_KEY "username"
-#define AUTHN_PASSWORD_KEY "password"
-#define AUTHN_PASSTYPE_KEY "passtype"
-
/* Baton type for the simple provider. */
typedef struct simple_provider_baton_t
{
@@ -81,10 +75,10 @@ svn_auth__simple_password_get(svn_boolea
*done = FALSE;
- str = svn_hash_gets(creds, AUTHN_USERNAME_KEY);
+ str = svn_hash_gets(creds, SVN_CONFIG_AUTHN_USERNAME_KEY);
if (str && username && strcmp(str->data, username) == 0)
{
- str = svn_hash_gets(creds, AUTHN_PASSWORD_KEY);
+ str = svn_hash_gets(creds, SVN_CONFIG_AUTHN_PASSWORD_KEY);
if (str && str->data)
{
*password = str->data;
@@ -107,7 +101,8 @@ svn_auth__simple_password_set(svn_boolea
svn_boolean_t non_interactive,
apr_pool_t *pool)
{
- svn_hash_sets(creds, AUTHN_PASSWORD_KEY, svn_string_create(password, pool));
+ svn_hash_sets(creds, SVN_CONFIG_AUTHN_PASSWORD_KEY,
+ svn_string_create(password, pool));
*done = TRUE;
return SVN_NO_ERROR;
@@ -122,7 +117,7 @@ simple_username_get(const char **usernam
svn_boolean_t non_interactive)
{
svn_string_t *str;
- str = svn_hash_gets(creds, AUTHN_USERNAME_KEY);
+ str = svn_hash_gets(creds, SVN_CONFIG_AUTHN_USERNAME_KEY);
if (str && str->data)
{
*username = str->data;
@@ -184,7 +179,7 @@ svn_auth__simple_creds_cache_get(void **
/* The password type in the auth data must match the
mangler's type, otherwise the password must be
interpreted by another provider. */
- str = svn_hash_gets(creds_hash, AUTHN_PASSTYPE_KEY);
+ str = svn_hash_gets(creds_hash, SVN_CONFIG_AUTHN_PASSTYPE_KEY);
if (str && str->data)
if (passtype && (0 == strcmp(str->data, passtype)))
have_passtype = TRUE;
@@ -333,7 +328,7 @@ svn_auth__simple_creds_cache_set(svn_boo
/* Put the username into the credentials hash. */
creds_hash = apr_hash_make(pool);
- svn_hash_sets(creds_hash, AUTHN_USERNAME_KEY,
+ svn_hash_sets(creds_hash, SVN_CONFIG_AUTHN_USERNAME_KEY,
svn_string_create(creds->username, pool));
/* Don't store passwords in any form if the user has told
@@ -461,7 +456,7 @@ svn_auth__simple_creds_cache_set(svn_boo
if (*saved && passtype)
/* Store the password type with the auth data, so that we
know which provider owns the password. */
- svn_hash_sets(creds_hash, AUTHN_PASSTYPE_KEY,
+ svn_hash_sets(creds_hash, SVN_CONFIG_AUTHN_PASSTYPE_KEY,
svn_string_create(passtype, pool));
}
}
@@ -600,7 +595,7 @@ prompt_for_simple_creds(svn_auth_cred_si
svn_error_clear(err);
if (! err && creds_hash)
{
- str = svn_hash_gets(creds_hash, AUTHN_USERNAME_KEY);
+ str = svn_hash_gets(creds_hash, SVN_CONFIG_AUTHN_USERNAME_KEY);
if (str && str->data)
default_username = str->data;
}
Modified: subversion/trunk/subversion/libsvn_subr/ssl_client_cert_pw_providers.c
URL: http://svn.apache.org/viewvc/subversion/trunk/subversion/libsvn_subr/ssl_client_cert_pw_providers.c?rev=1572640&r1=1572639&r2=1572640&view=diff
==============================================================================
--- subversion/trunk/subversion/libsvn_subr/ssl_client_cert_pw_providers.c (original)
+++ subversion/trunk/subversion/libsvn_subr/ssl_client_cert_pw_providers.c Thu Feb 27 16:06:28 2014
@@ -39,16 +39,6 @@
/* File provider */
/*-----------------------------------------------------------------------*/
-/* The keys that will be stored on disk. These serve the same role as
- * similar constants in other providers.
- *
- * AUTHN_PASSTYPE_KEY just records the passphrase type next to the
- * passphrase, so that anyone who is manually editing their authn
- * files can know which provider owns the password.
- */
-#define AUTHN_PASSPHRASE_KEY "passphrase"
-#define AUTHN_PASSTYPE_KEY "passtype"
-
/* Baton type for the ssl client cert passphrase provider. */
typedef struct ssl_client_cert_pw_file_provider_baton_t
{
@@ -75,7 +65,7 @@ svn_auth__ssl_client_cert_pw_get(svn_boo
apr_pool_t *pool)
{
svn_string_t *str;
- str = svn_hash_gets(creds, AUTHN_PASSPHRASE_KEY);
+ str = svn_hash_gets(creds, SVN_CONFIG_AUTHN_PASSPHRASE_KEY);
if (str && str->data)
{
*passphrase = str->data;
@@ -98,7 +88,7 @@ svn_auth__ssl_client_cert_pw_set(svn_boo
svn_boolean_t non_interactive,
apr_pool_t *pool)
{
- svn_hash_sets(creds, AUTHN_PASSPHRASE_KEY,
+ svn_hash_sets(creds, SVN_CONFIG_AUTHN_PASSPHRASE_KEY,
svn_string_create(passphrase, pool));
*done = TRUE;
return SVN_NO_ERROR;
@@ -308,7 +298,7 @@ svn_auth__ssl_client_cert_pw_cache_set(s
if (*saved && passtype)
{
- svn_hash_sets(creds_hash, AUTHN_PASSTYPE_KEY,
+ svn_hash_sets(creds_hash, SVN_CONFIG_AUTHN_PASSTYPE_KEY,
svn_string_create(passtype, pool));
}
Modified: subversion/trunk/subversion/libsvn_subr/ssl_server_trust_providers.c
URL: http://svn.apache.org/viewvc/subversion/trunk/subversion/libsvn_subr/ssl_server_trust_providers.c?rev=1572640&r1=1572639&r2=1572640&view=diff
==============================================================================
--- subversion/trunk/subversion/libsvn_subr/ssl_server_trust_providers.c (original)
+++ subversion/trunk/subversion/libsvn_subr/ssl_server_trust_providers.c Thu Feb 27 16:06:28 2014
@@ -36,12 +36,6 @@
/* File provider */
/*-----------------------------------------------------------------------*/
-/* The keys that will be stored on disk. These serve the same role as
- similar constants in other providers. */
-#define AUTHN_ASCII_CERT_KEY "ascii_cert"
-#define AUTHN_FAILURES_KEY "failures"
-
-
/* retrieve ssl server CA failure overrides (if any) from servers
config */
static svn_error_t *
@@ -74,9 +68,9 @@ ssl_server_trust_file_first_credentials(
svn_string_t *trusted_cert, *this_cert, *failstr;
apr_uint32_t last_failures = 0;
- trusted_cert = svn_hash_gets(creds_hash, AUTHN_ASCII_CERT_KEY);
+ trusted_cert = svn_hash_gets(creds_hash, SVN_CONFIG_AUTHN_ASCII_CERT_KEY);
this_cert = svn_string_create(cert_info->ascii_cert, pool);
- failstr = svn_hash_gets(creds_hash, AUTHN_FAILURES_KEY);
+ failstr = svn_hash_gets(creds_hash, SVN_CONFIG_AUTHN_FAILURES_KEY);
if (failstr)
SVN_ERR(svn_cstring_atoui(&last_failures, failstr->data));
@@ -125,10 +119,9 @@ ssl_server_trust_file_save_credentials(s
cert_info = svn_hash_gets(parameters, SVN_AUTH_PARAM_SSL_SERVER_CERT_INFO);
creds_hash = apr_hash_make(pool);
- svn_hash_sets(creds_hash, AUTHN_ASCII_CERT_KEY,
+ svn_hash_sets(creds_hash, SVN_CONFIG_AUTHN_ASCII_CERT_KEY,
svn_string_create(cert_info->ascii_cert, pool));
- svn_hash_sets(creds_hash,
- AUTHN_FAILURES_KEY,
+ svn_hash_sets(creds_hash, SVN_CONFIG_AUTHN_FAILURES_KEY,
svn_string_createf(pool, "%lu",
(unsigned long)creds->accepted_failures));
Modified: subversion/trunk/subversion/libsvn_subr/username_providers.c
URL: http://svn.apache.org/viewvc/subversion/trunk/subversion/libsvn_subr/username_providers.c?rev=1572640&r1=1572639&r2=1572640&view=diff
==============================================================================
--- subversion/trunk/subversion/libsvn_subr/username_providers.c (original)
+++ subversion/trunk/subversion/libsvn_subr/username_providers.c Thu Feb 27 16:06:28 2014
@@ -42,12 +42,6 @@
/* File provider */
/*-----------------------------------------------------------------------*/
-/* The key that will be stored on disk. Serves the same role as similar
- constants in other providers. */
-#define AUTHN_USERNAME_KEY "username"
-
-
-�
/*** Username-only Provider ***/
static svn_error_t *
username_first_creds(void **credentials,
@@ -79,7 +73,8 @@ username_first_creds(void **credentials,
svn_error_clear(err);
if (! err && creds_hash)
{
- svn_string_t *str = svn_hash_gets(creds_hash, AUTHN_USERNAME_KEY);
+ svn_string_t *str = svn_hash_gets(creds_hash,
+ SVN_CONFIG_AUTHN_USERNAME_KEY);
if (str && str->data)
username = str->data;
}
@@ -127,7 +122,7 @@ username_save_creds(svn_boolean_t *saved
/* Put the credentials in a hash and save it to disk */
creds_hash = apr_hash_make(pool);
- svn_hash_sets(creds_hash, AUTHN_USERNAME_KEY,
+ svn_hash_sets(creds_hash, SVN_CONFIG_AUTHN_USERNAME_KEY,
svn_string_create(creds->username, pool));
err = svn_config_write_auth_data(creds_hash, SVN_AUTH_CRED_USERNAME,
realmstring, config_dir, pool);
Modified: subversion/trunk/subversion/svn/auth-cmd.c
URL: http://svn.apache.org/viewvc/subversion/trunk/subversion/svn/auth-cmd.c?rev=1572640&r1=1572639&r2=1572640&view=diff
==============================================================================
--- subversion/trunk/subversion/svn/auth-cmd.c (original)
+++ subversion/trunk/subversion/svn/auth-cmd.c Thu Feb 27 16:06:28 2014
@@ -257,10 +257,6 @@ load_cert(serf_ssl_certificate_t **cert,
}
#endif
-/* ### from libsvn_subr/ssl_server_trust_providers.c */
-#define AUTHN_ASCII_CERT_KEY "ascii_cert"
-#define AUTHN_FAILURES_KEY "failures"
-
/* Display the base64-encoded DER certificate ASCII_CERT. */
static svn_error_t *
show_ascii_cert(const char *ascii_cert,
@@ -350,14 +346,6 @@ show_cert_failures(const char *failure_s
return SVN_NO_ERROR;
}
-/* ### from libsvn_subr/simple_providers.c */
-#define AUTHN_USERNAME_KEY "username"
-#define AUTHN_PASSWORD_KEY "password"
-#define AUTHN_PASSTYPE_KEY "passtype"
-
-/* ### from libsvn_subr/ssl_client_cert_pw_providers.c */
-#define AUTHN_PASSPHRASE_KEY "passphrase"
-
struct walk_credentials_baton_t
{
int matches;
@@ -483,10 +471,10 @@ match_credential(svn_boolean_t *match,
item = APR_ARRAY_IDX(cred_items, j, svn_sort__item_t);
key = item.key;
value = item.value;
- if (strcmp(key, AUTHN_PASSWORD_KEY) == 0 ||
- strcmp(key, AUTHN_PASSPHRASE_KEY) == 0)
+ if (strcmp(key, SVN_CONFIG_AUTHN_PASSWORD_KEY) == 0 ||
+ strcmp(key, SVN_CONFIG_AUTHN_PASSPHRASE_KEY) == 0)
continue; /* don't match secrets */
- else if (strcmp(key, AUTHN_ASCII_CERT_KEY) == 0)
+ else if (strcmp(key, SVN_CONFIG_AUTHN_ASCII_CERT_KEY) == 0)
SVN_ERR(match_ascii_cert(match, pattern, value->data,
iterpool));
else
@@ -531,7 +519,7 @@ list_credential(const char *cred_kind,
value = item.value;
if (strcmp(value->data, realmstring) == 0)
continue; /* realm string was already shown above */
- else if (strcmp(key, AUTHN_PASSWORD_KEY) == 0)
+ else if (strcmp(key, SVN_CONFIG_AUTHN_PASSWORD_KEY) == 0)
{
if (show_passwords)
SVN_ERR(svn_cmdline_printf(iterpool,
@@ -539,7 +527,7 @@ list_credential(const char *cred_kind,
else
SVN_ERR(svn_cmdline_printf(iterpool, _("Password: [not shown]\n")));
}
- else if (strcmp(key, AUTHN_PASSPHRASE_KEY) == 0)
+ else if (strcmp(key, SVN_CONFIG_AUTHN_PASSPHRASE_KEY) == 0)
{
if (show_passwords)
SVN_ERR(svn_cmdline_printf(iterpool,
@@ -548,14 +536,14 @@ list_credential(const char *cred_kind,
SVN_ERR(svn_cmdline_printf(iterpool,
_("Passphrase: [not shown]\n")));
}
- else if (strcmp(key, AUTHN_PASSTYPE_KEY) == 0)
+ else if (strcmp(key, SVN_CONFIG_AUTHN_PASSTYPE_KEY) == 0)
SVN_ERR(svn_cmdline_printf(iterpool, _("Password cache: %s\n"),
value->data));
- else if (strcmp(key, AUTHN_USERNAME_KEY) == 0)
+ else if (strcmp(key, SVN_CONFIG_AUTHN_USERNAME_KEY) == 0)
SVN_ERR(svn_cmdline_printf(iterpool, _("Username: %s\n"), value->data));
- else if (strcmp(key, AUTHN_ASCII_CERT_KEY) == 0)
+ else if (strcmp(key, SVN_CONFIG_AUTHN_ASCII_CERT_KEY) == 0)
SVN_ERR(show_ascii_cert(value->data, iterpool));
- else if (strcmp(key, AUTHN_FAILURES_KEY) == 0)
+ else if (strcmp(key, SVN_CONFIG_AUTHN_FAILURES_KEY) == 0)
SVN_ERR(show_cert_failures(value->data, iterpool));
else
SVN_ERR(svn_cmdline_printf(iterpool, "%s: %s\n", key, value->data));