You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@subversion.apache.org by cm...@apache.org on 2012/08/06 22:26:39 UTC
svn commit: r1369983 - in /subversion/branches/master-passphrase/subversion:
libsvn_subr/pathetic_auth_store.c tests/libsvn_subr/crypto-test.c
Author: cmpilato
Date: Mon Aug 6 20:26:39 2012
New Revision: 1369983
URL: http://svn.apache.org/viewvc?rev=1369983&view=rev
Log:
On the 'master-passphrase' branch: Delay the acquisition of the master
password until it's needed to read from the store.
* subversion/libsvn_subr/pathetic_auth_store.c
(acquire_secret): Move higher in the source file.
(get_cred_hash, set_cred_hash): Call acquire_secret() as needed.
(pathetic_store_open): No longer call acquire_secret().
* subversion/tests/libsvn_subr/crypto-test.c
(open_auth_store): New helper function, cored from ...
(test_auth_store_basic): ... here.
Modified:
subversion/branches/master-passphrase/subversion/libsvn_subr/pathetic_auth_store.c
subversion/branches/master-passphrase/subversion/tests/libsvn_subr/crypto-test.c
Modified: subversion/branches/master-passphrase/subversion/libsvn_subr/pathetic_auth_store.c
URL: http://svn.apache.org/viewvc/subversion/branches/master-passphrase/subversion/libsvn_subr/pathetic_auth_store.c?rev=1369983&r1=1369982&r2=1369983&view=diff
==============================================================================
--- subversion/branches/master-passphrase/subversion/libsvn_subr/pathetic_auth_store.c (original)
+++ subversion/branches/master-passphrase/subversion/libsvn_subr/pathetic_auth_store.c Mon Aug 6 20:26:39 2012
@@ -245,6 +245,89 @@ create_auth_store(pathetic_auth_store_ba
}
+static svn_error_t *
+acquire_secret(pathetic_auth_store_baton_t *auth_store,
+ svn_boolean_t verify,
+ apr_pool_t *scratch_pool)
+{
+ void *creds;
+ svn_auth_iterstate_t *iterstate;
+
+ if (auth_store->secret)
+ return SVN_NO_ERROR;
+
+ if (! auth_store->secret_auth_baton)
+ return svn_error_create(SVN_ERR_AUTHN_FAILED, NULL,
+ _("Can't get master password"));
+
+ SVN_ERR(svn_auth_first_credentials(&creds, &iterstate,
+ SVN_AUTH_CRED_MASTER_PASSPHRASE,
+ "Pathetic Encrypted Auth Store",
+ auth_store->secret_auth_baton,
+ scratch_pool));
+ if (!creds)
+ {
+ return svn_error_create(SVN_ERR_AUTHN_FAILED, NULL,
+ _("Can't get master password"));
+ }
+ while (creds)
+ {
+ svn_boolean_t valid_secret;
+ const svn_string_t *passphrase =
+ ((svn_auth_cred_master_passphrase_t *) creds)->passphrase;
+
+ if (verify)
+ {
+ svn_skel_t *cipher_skel, *iv_skel, *salt_skel, *check_skel;
+
+ SVN_ERR_ASSERT(auth_store->checktext_skel);
+
+ cipher_skel = auth_store->checktext_skel->children;
+ iv_skel = auth_store->checktext_skel->children->next;
+ salt_skel = auth_store->checktext_skel->children->next->next;
+ check_skel = auth_store->checktext_skel->children->next->next->next;
+
+ SVN_ERR(svn_crypto__verify_secret(
+ &valid_secret, auth_store->crypto_ctx, passphrase,
+ svn_string_ncreate(cipher_skel->data,
+ cipher_skel->len,
+ scratch_pool),
+ svn_string_ncreate(iv_skel->data,
+ iv_skel->len,
+ scratch_pool),
+ svn_string_ncreate(salt_skel->data,
+ salt_skel->len,
+ scratch_pool),
+ apr_pstrmemdup(scratch_pool,
+ check_skel->data,
+ check_skel->len),
+ scratch_pool));
+ }
+ else
+ {
+ valid_secret = TRUE;
+ }
+
+ if (valid_secret)
+ {
+ auth_store->secret = svn_string_dup(passphrase, auth_store->pool);
+ break;
+ }
+
+ SVN_ERR(svn_auth_next_credentials(&creds, iterstate, scratch_pool));
+ }
+ if (!creds)
+ {
+ return svn_error_create(SVN_ERR_AUTHN_FAILED, NULL,
+ _("Invalid master passphrase; unable to open "
+ "encrypted store"));
+ }
+
+ SVN_ERR(svn_auth_save_credentials(iterstate, scratch_pool));
+ return SVN_NO_ERROR;
+}
+
+
/* ### TODO: document */
static svn_error_t *
get_cred_hash(apr_hash_t **cred_hash,
@@ -264,6 +347,10 @@ get_cred_hash(apr_hash_t **cred_hash,
SVN_ERR_ASSERT(realmstring);
SVN_ERR_ASSERT(cred_kind_string);
+ /* Ensure that we have a valid SECRET. */
+ if (! auth_store->secret)
+ SVN_ERR(acquire_secret(auth_store, TRUE, scratch_pool));
+
key = apr_pstrcat(scratch_pool, cred_kind_string, ":", realmstring, NULL);
realmstring_skel = apr_hash_get(auth_store->realmstring_skels,
key, APR_HASH_KEY_STRING);
@@ -312,6 +399,10 @@ set_cred_hash(struct pathetic_auth_store
const svn_string_t *skel_str;
const svn_string_t *ciphertext, *iv, *salt;
+ /* Ensure that we have a valid SECRET. */
+ if (! auth_store->secret)
+ SVN_ERR(acquire_secret(auth_store, TRUE, scratch_pool));
+
SVN_ERR(svn_skel__unparse_proplist(&proplist_skel, cred_hash, scratch_pool));
skel_buf = svn_skel__unparse(proplist_skel, scratch_pool);
skel_str = svn_base64_encode_string2(svn_string_ncreate(skel_buf->data,
@@ -346,89 +437,6 @@ set_cred_hash(struct pathetic_auth_store
}
-static svn_error_t *
-acquire_secret(pathetic_auth_store_baton_t *auth_store,
- svn_boolean_t verify,
- apr_pool_t *scratch_pool)
-{
- void *creds;
- svn_auth_iterstate_t *iterstate;
-
- if (auth_store->secret)
- return SVN_NO_ERROR;
-
- if (! auth_store->secret_auth_baton)
- return svn_error_create(SVN_ERR_AUTHN_FAILED, NULL,
- _("Can't get master password"));
-
- SVN_ERR(svn_auth_first_credentials(&creds, &iterstate,
- SVN_AUTH_CRED_MASTER_PASSPHRASE,
- "Pathetic Encrypted Auth Store",
- auth_store->secret_auth_baton,
- scratch_pool));
- if (!creds)
- {
- return svn_error_create(SVN_ERR_AUTHN_FAILED, NULL,
- _("Can't get master password"));
- }
- while (creds)
- {
- svn_boolean_t valid_secret;
- const svn_string_t *passphrase =
- ((svn_auth_cred_master_passphrase_t *) creds)->passphrase;
-
- if (verify)
- {
- svn_skel_t *cipher_skel, *iv_skel, *salt_skel, *check_skel;
-
- SVN_ERR_ASSERT(auth_store->checktext_skel);
-
- cipher_skel = auth_store->checktext_skel->children;
- iv_skel = auth_store->checktext_skel->children->next;
- salt_skel = auth_store->checktext_skel->children->next->next;
- check_skel = auth_store->checktext_skel->children->next->next->next;
-
- SVN_ERR(svn_crypto__verify_secret(
- &valid_secret, auth_store->crypto_ctx, passphrase,
- svn_string_ncreate(cipher_skel->data,
- cipher_skel->len,
- scratch_pool),
- svn_string_ncreate(iv_skel->data,
- iv_skel->len,
- scratch_pool),
- svn_string_ncreate(salt_skel->data,
- salt_skel->len,
- scratch_pool),
- apr_pstrmemdup(scratch_pool,
- check_skel->data,
- check_skel->len),
- scratch_pool));
- }
- else
- {
- valid_secret = TRUE;
- }
-
- if (valid_secret)
- {
- auth_store->secret = svn_string_dup(passphrase, auth_store->pool);
- break;
- }
-
- SVN_ERR(svn_auth_next_credentials(&creds, iterstate, scratch_pool));
- }
- if (!creds)
- {
- return svn_error_create(SVN_ERR_AUTHN_FAILED, NULL,
- _("Invalid master passphrase; unable to open "
- "encrypted store"));
- }
-
- SVN_ERR(svn_auth_save_credentials(iterstate, scratch_pool));
- return SVN_NO_ERROR;
-}
-
-
/*** svn_auth__store_t Callback Functions ***/
@@ -440,7 +448,6 @@ pathetic_store_open(void *baton,
pathetic_auth_store_baton_t *auth_store = baton;
SVN_ERR(read_auth_store(auth_store, scratch_pool));
- SVN_ERR(acquire_secret(auth_store, TRUE, scratch_pool));
return SVN_NO_ERROR;
}
Modified: subversion/branches/master-passphrase/subversion/tests/libsvn_subr/crypto-test.c
URL: http://svn.apache.org/viewvc/subversion/branches/master-passphrase/subversion/tests/libsvn_subr/crypto-test.c?rev=1369983&r1=1369982&r2=1369983&view=diff
==============================================================================
--- subversion/branches/master-passphrase/subversion/tests/libsvn_subr/crypto-test.c (original)
+++ subversion/branches/master-passphrase/subversion/tests/libsvn_subr/crypto-test.c Mon Aug 6 20:26:39 2012
@@ -139,6 +139,28 @@ create_ephemeral_auth_store(svn_auth__st
}
+/* Attempt to open the AUTH_STORE at AUTH_STORE_PATH using SECRET. */
+static svn_error_t *
+open_auth_store(svn_auth__store_t **auth_store,
+ const char *auth_store_path,
+ svn_crypto__ctx_t *ctx,
+ const svn_string_t *secret,
+ apr_pool_t *pool)
+{
+ svn_auth_baton_t *auth_baton;
+ apr_hash_t *cred_hash;
+
+ SVN_ERR(get_master_passphrase_auth_baton(&auth_baton, secret, pool));
+ SVN_ERR(svn_auth__pathetic_store_get(auth_store, auth_store_path,
+ auth_baton, ctx, pool, pool));
+ SVN_ERR(svn_auth__store_open(*auth_store, pool));
+ SVN_ERR(svn_auth__store_get_cred_hash(&cred_hash, *auth_store,
+ SVN_AUTH_CRED_USERNAME, "(dummy)",
+ pool, pool));
+ return SVN_NO_ERROR;
+}
+
+
/*** Test functions ***/
@@ -243,7 +265,6 @@ test_auth_store_basic(apr_pool_t *pool)
svn_crypto__ctx_t *ctx;
svn_auth__store_t *auth_store;
const char *auth_store_path;
- svn_auth_baton_t *auth_baton;
const svn_string_t *secret = svn_string_create("My Secret", pool);
const svn_string_t *bad_secret = svn_string_create("Not My Secret", pool);
@@ -255,19 +276,9 @@ test_auth_store_basic(apr_pool_t *pool)
SVN_ERR(create_ephemeral_auth_store(&auth_store, &auth_store_path,
ctx, secret, pool));
- /* Close and reopen the auth store. */
- SVN_ERR(svn_auth__store_close(auth_store, pool));
- SVN_ERR(get_master_passphrase_auth_baton(&auth_baton, secret, pool));
- SVN_ERR(svn_auth__pathetic_store_get(&auth_store, auth_store_path,
- auth_baton, ctx, pool, pool));
- SVN_ERR(svn_auth__store_open(auth_store, pool));
-
/* Close and reopen the auth store with a bogus secret. */
SVN_ERR(svn_auth__store_close(auth_store, pool));
- SVN_ERR(get_master_passphrase_auth_baton(&auth_baton, bad_secret, pool));
- SVN_ERR(svn_auth__pathetic_store_get(&auth_store, auth_store_path,
- auth_baton, ctx, pool, pool));
- err = svn_auth__store_open(auth_store, pool);
+ err = open_auth_store(&auth_store, auth_store_path, ctx, bad_secret, pool);
if (! err)
return svn_error_create(SVN_ERR_TEST_FAILED, NULL,
"Successfully opened auth store with the wrong "
@@ -279,6 +290,8 @@ test_auth_store_basic(apr_pool_t *pool)
}
SVN_ERR(err);
+ /* Reopen the auth store with the correct secret. */
+ SVN_ERR(open_auth_store(&auth_store, auth_store_path, ctx, secret, pool));
return SVN_NO_ERROR;
}