You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@subversion.apache.org by ph...@apache.org on 2012/02/10 14:38:08 UTC
svn commit: r1242759 - in /subversion/trunk/subversion: include/private/
libsvn_auth_gnome_keyring/ libsvn_auth_kwallet/ libsvn_subr/
Author: philip
Date: Fri Feb 10 13:38:08 2012
New Revision: 1242759
URL: http://svn.apache.org/viewvc?rev=1242759&view=rev
Log:
Fix issues 4112, GNOME keyring --non-interactive prevents passwords on
disk, and 4110, open KDE wallet not used when --non-interactive. This
also delays any GNOME unlock prompt until the keyring is accessed so
matching the KDE behvaiour.
* subversion/include/private/svn_auth_private.h
(svn_auth__password_get_t, svn_auth__simple_password_get): Add boolean
parameter, return svn_error_t.
(svn_auth__simple_password_get, svn_auth__simple_password_set,
svn_auth__ssl_client_cert_pw_get,
svn_auth__ssl_client_cert_pw_set): Adjust to match new prototype.
* subversion/libsvn_auth_gnome_keyring/gnome_keyring.c
(ensure_gnome_keyring_is_unlocked): New, code factored from
functions such as simple_gnome_keyring_first_creds.
(password_get_gnome_keyring, password_set_gnome_keyring): New
prototype, do unlocked check here.
(simple_gnome_keyring_first_creds, simple_gnome_keyring_save_creds,
ssl_client_cert_pw_gnome_keyring_first_creds,
ssl_client_cert_pw_gnome_keyring_save_creds): Don't do unlocked check.
* subversion/libsvn_auth_kwallet/kwallet.cpp
(kwallet_password_get, kwallet_password_set): Adjust to match new
prototype, allow non-interactive access if wallet is unlocked.
* subversion/libsvn_subr/simple_providers.c
(svn_auth__simple_password_get, svn_auth__simple_password_set,
svn_auth__simple_first_creds_helper,
svn_auth__simple_save_creds_helper): Adjust to match new prototype.
* subversion/libsvn_subr/ssl_client_cert_pw_providers.c
(svn_auth__ssl_client_cert_pw_get, svn_auth__ssl_client_cert_pw_set,
svn_auth__ssl_client_cert_pw_file_first_creds_helper,
svn_auth__ssl_client_cert_pw_file_save_creds_helper): Adjust to match
new prototype.
* subversion/libsvn_subr/win32_crypto.c
(windows_password_encrypter, windows_password_decrypter,
windows_ssl_client_cert_pw_encrypter,
windows_ssl_client_cert_pw_decrypter): Adjust to match new prototype.
* subversion/libsvn_subr/macos_keychain.c
(keychain_password_set, keychain_password_get): Adjust to match new
prototype.
* subversion/libsvn_subr/gpg_agent.c
(password_get_gpg_agent, password_set_gpg_agent): Adjust to match new
prototype.
Modified:
subversion/trunk/subversion/include/private/svn_auth_private.h
subversion/trunk/subversion/libsvn_auth_gnome_keyring/gnome_keyring.c
subversion/trunk/subversion/libsvn_auth_kwallet/kwallet.cpp
subversion/trunk/subversion/libsvn_subr/gpg_agent.c
subversion/trunk/subversion/libsvn_subr/macos_keychain.c
subversion/trunk/subversion/libsvn_subr/simple_providers.c
subversion/trunk/subversion/libsvn_subr/ssl_client_cert_pw_providers.c
subversion/trunk/subversion/libsvn_subr/win32_crypto.c
Modified: subversion/trunk/subversion/include/private/svn_auth_private.h
URL: http://svn.apache.org/viewvc/subversion/trunk/subversion/include/private/svn_auth_private.h?rev=1242759&r1=1242758&r2=1242759&view=diff
==============================================================================
--- subversion/trunk/subversion/include/private/svn_auth_private.h (original)
+++ subversion/trunk/subversion/include/private/svn_auth_private.h Fri Feb 10 13:38:08 2012
@@ -53,9 +53,12 @@ extern "C" {
from an external store, using REALMSTRING and USERNAME as keys.
(The behavior is undefined if REALMSTRING or USERNAME are NULL.)
If NON_INTERACTIVE is set, the user must not be involved in the
- retrieval process. POOL is used for any necessary allocation. */
-typedef svn_boolean_t (*svn_auth__password_get_t)
- (const char **password,
+ retrieval process. Set *DONE to TRUE if a password was stored
+ in *PASSWORD, to FALSE otherwise. POOL is used for any necessary
+ allocation. */
+typedef svn_error_t * (*svn_auth__password_get_t)
+ (svn_boolean_t *done,
+ const char **password,
apr_hash_t *creds,
const char *realmstring,
const char *username,
@@ -66,10 +69,12 @@ typedef svn_boolean_t (*svn_auth__passwo
/* A function that stores PASSWORD (or some encrypted version thereof)
either directly in CREDS, or externally using REALMSTRING and USERNAME
as keys into the external store. If NON_INTERACTIVE is set, the user
- must not be involved in the storage process. POOL is used for any
- necessary allocation. */
-typedef svn_boolean_t (*svn_auth__password_set_t)
- (apr_hash_t *creds,
+ must not be involved in the storage process. Set *DONE to TRUE if the
+ password was store, to FALSE otherwise. POOL is used for any necessary
+ allocation. */
+typedef svn_error_t * (*svn_auth__password_set_t)
+ (svn_boolean_t *done,
+ apr_hash_t *creds,
const char *realmstring,
const char *username,
const char *password,
@@ -111,8 +116,9 @@ svn_auth__simple_save_creds_helper(svn_b
/* Implementation of svn_auth__password_get_t that retrieves
the plaintext password from CREDS when USERNAME matches the stored
credentials. */
-svn_boolean_t
-svn_auth__simple_password_get(const char **password,
+svn_error_t *
+svn_auth__simple_password_get(svn_boolean_t *done,
+ const char **password,
apr_hash_t *creds,
const char *realmstring,
const char *username,
@@ -122,8 +128,9 @@ svn_auth__simple_password_get(const char
/* Implementation of svn_auth__password_set_t that stores
the plaintext password in CREDS. */
-svn_boolean_t
-svn_auth__simple_password_set(apr_hash_t *creds,
+svn_error_t *
+svn_auth__simple_password_set(svn_boolean_t *done,
+ apr_hash_t *creds,
const char *realmstring,
const char *username,
const char *password,
@@ -169,8 +176,9 @@ svn_auth__ssl_client_cert_pw_file_save_c
/* This implements the svn_auth__password_get_t interface.
Set **PASSPHRASE to the plaintext passphrase retrieved from CREDS;
ignore other parameters. */
-svn_boolean_t
-svn_auth__ssl_client_cert_pw_get(const char **passphrase,
+svn_error_t *
+svn_auth__ssl_client_cert_pw_get(svn_boolean_t *done,
+ const char **passphrase,
apr_hash_t *creds,
const char *realmstring,
const char *username,
@@ -180,8 +188,9 @@ svn_auth__ssl_client_cert_pw_get(const c
/* This implements the svn_auth__password_set_t interface.
Store PASSPHRASE in CREDS; ignore other parameters. */
-svn_boolean_t
-svn_auth__ssl_client_cert_pw_set(apr_hash_t *creds,
+svn_error_t *
+svn_auth__ssl_client_cert_pw_set(svn_boolean_t *done,
+ apr_hash_t *creds,
const char *realmstring,
const char *username,
const char *passphrase,
Modified: subversion/trunk/subversion/libsvn_auth_gnome_keyring/gnome_keyring.c
URL: http://svn.apache.org/viewvc/subversion/trunk/subversion/libsvn_auth_gnome_keyring/gnome_keyring.c?rev=1242759&r1=1242758&r2=1242759&view=diff
==============================================================================
--- subversion/trunk/subversion/libsvn_auth_gnome_keyring/gnome_keyring.c (original)
+++ subversion/trunk/subversion/libsvn_auth_gnome_keyring/gnome_keyring.c Fri Feb 10 13:38:08 2012
@@ -230,10 +230,60 @@ unlock_gnome_keyring(const char *keyring
return TRUE;
}
-/* Implementation of password_get_t that retrieves the password
+
+/* There is a race here: this ensures keyring is unlocked just now,
+ but will it still be unlocked when we use it? */
+static svn_error_t *
+ensure_gnome_keyring_is_unlocked(svn_boolean_t non_interactive,
+ apr_hash_t *parameters,
+ apr_pool_t *scratch_pool)
+{
+ const char *default_keyring = get_default_keyring_name(scratch_pool);
+
+ if (! non_interactive)
+ {
+ svn_auth_gnome_keyring_unlock_prompt_func_t unlock_prompt_func =
+ apr_hash_get(parameters,
+ SVN_AUTH_PARAM_GNOME_KEYRING_UNLOCK_PROMPT_FUNC,
+ APR_HASH_KEY_STRING);
+ void *unlock_prompt_baton =
+ apr_hash_get(parameters,
+ SVN_AUTH_PARAM_GNOME_KEYRING_UNLOCK_PROMPT_BATON,
+ APR_HASH_KEY_STRING);
+
+ char *keyring_password;
+
+ if (unlock_prompt_func && check_keyring_is_locked(default_keyring))
+ {
+ SVN_ERR((*unlock_prompt_func)(&keyring_password,
+ default_keyring,
+ unlock_prompt_baton,
+ scratch_pool));
+
+ /* If keyring is locked give up and try the next provider. */
+ if (! unlock_gnome_keyring(default_keyring, keyring_password,
+ scratch_pool))
+ return SVN_NO_ERROR;
+ }
+ }
+ else
+ {
+ if (check_keyring_is_locked(default_keyring))
+ {
+ return svn_error_create(SVN_ERR_AUTHN_CREDS_UNAVAILABLE, NULL,
+ _("GNOME Keyring is locked and "
+ "we are non-interactive"));
+ }
+ }
+
+ return SVN_NO_ERROR;
+}
+
+/* Implementation of svn_auth__password_get_t that retrieves the password
from GNOME Keyring. */
-static svn_boolean_t
-password_get_gnome_keyring(const char **password,
+static svn_error_t *
+password_get_gnome_keyring(svn_boolean_t *done,
+ const char **password,
apr_hash_t *creds,
const char *realmstring,
const char *username,
@@ -244,13 +294,10 @@ password_get_gnome_keyring(const char **
char *default_keyring = NULL;
GnomeKeyringResult result;
GList *items;
- svn_boolean_t ret = FALSE;
- if (! dbus_bus_get(DBUS_BUS_SESSION, NULL))
- return FALSE;
+ *done = FALSE;
- if (! gnome_keyring_is_available())
- return FALSE;
+ SVN_ERR(ensure_gnome_keyring_is_unlocked(non_interactive, parameters, pool));
default_keyring = get_default_keyring_name(pool);
@@ -278,7 +325,7 @@ password_get_gnome_keyring(const char **
if (len > 0)
{
*password = apr_pstrmemdup(pool, item->password, len);
- ret = TRUE;
+ *done = TRUE;
}
}
gnome_keyring_network_password_list_free(items);
@@ -294,13 +341,14 @@ password_get_gnome_keyring(const char **
free(default_keyring);
- return ret;
+ return SVN_NO_ERROR;
}
-/* Implementation of password_set_t that stores the password in
+/* Implementation of svn_auth__password_set_t that stores the password in
GNOME Keyring. */
-static svn_boolean_t
-password_set_gnome_keyring(apr_hash_t *creds,
+static svn_error_t *
+password_set_gnome_keyring(svn_boolean_t *done,
+ apr_hash_t *creds,
const char *realmstring,
const char *username,
const char *password,
@@ -312,11 +360,9 @@ password_set_gnome_keyring(apr_hash_t *c
GnomeKeyringResult result;
guint32 item_id;
- if (! dbus_bus_get(DBUS_BUS_SESSION, NULL))
- return FALSE;
+ *done = FALSE;
- if (! gnome_keyring_is_available())
- return FALSE;
+ SVN_ERR(ensure_gnome_keyring_is_unlocked(non_interactive, parameters, pool));
default_keyring = get_default_keyring_name(pool);
@@ -344,7 +390,8 @@ password_set_gnome_keyring(apr_hash_t *c
free(default_keyring);
- return result == GNOME_KEYRING_RESULT_OK;
+ *done = (result == GNOME_KEYRING_RESULT_OK);
+ return SVN_NO_ERROR;
}
/* Get cached encrypted credentials from the simple provider's cache. */
@@ -356,43 +403,6 @@ simple_gnome_keyring_first_creds(void **
const char *realmstring,
apr_pool_t *pool)
{
- svn_boolean_t non_interactive = apr_hash_get(parameters,
- SVN_AUTH_PARAM_NON_INTERACTIVE,
- APR_HASH_KEY_STRING) != NULL;
- const char *default_keyring = get_default_keyring_name(pool);
- if (! non_interactive)
- {
- svn_auth_gnome_keyring_unlock_prompt_func_t unlock_prompt_func =
- apr_hash_get(parameters,
- SVN_AUTH_PARAM_GNOME_KEYRING_UNLOCK_PROMPT_FUNC,
- APR_HASH_KEY_STRING);
- void *unlock_prompt_baton =
- apr_hash_get(parameters, SVN_AUTH_PARAM_GNOME_KEYRING_UNLOCK_PROMPT_BATON,
- APR_HASH_KEY_STRING);
-
- char *keyring_password;
-
- if (unlock_prompt_func && check_keyring_is_locked(default_keyring))
- {
- SVN_ERR((*unlock_prompt_func)(&keyring_password,
- default_keyring,
- unlock_prompt_baton,
- pool));
-
- /* If keyring is locked give up and try the next provider. */
- if (! unlock_gnome_keyring(default_keyring, keyring_password, pool))
- return SVN_NO_ERROR;
- }
- }
- else
- {
- if (check_keyring_is_locked(default_keyring))
- {
- return svn_error_create(SVN_ERR_AUTHN_CREDS_UNAVAILABLE, NULL,
- _("GNOME Keyring is locked and "
- "we are non-interactive"));
- }
- }
return svn_auth__simple_first_creds_helper
(credentials,
iter_baton, provider_baton,
@@ -411,43 +421,6 @@ simple_gnome_keyring_save_creds(svn_bool
const char *realmstring,
apr_pool_t *pool)
{
- svn_boolean_t non_interactive = apr_hash_get(parameters,
- SVN_AUTH_PARAM_NON_INTERACTIVE,
- APR_HASH_KEY_STRING) != NULL;
- const char *default_keyring = get_default_keyring_name(pool);
- if (! non_interactive)
- {
- svn_auth_gnome_keyring_unlock_prompt_func_t unlock_prompt_func =
- apr_hash_get(parameters,
- SVN_AUTH_PARAM_GNOME_KEYRING_UNLOCK_PROMPT_FUNC,
- APR_HASH_KEY_STRING);
- void *unlock_prompt_baton =
- apr_hash_get(parameters, SVN_AUTH_PARAM_GNOME_KEYRING_UNLOCK_PROMPT_BATON,
- APR_HASH_KEY_STRING);
-
- char *keyring_password;
-
- if (unlock_prompt_func && check_keyring_is_locked(default_keyring))
- {
- SVN_ERR((*unlock_prompt_func)(&keyring_password,
- default_keyring,
- unlock_prompt_baton,
- pool));
-
- /* If keyring is locked give up and try the next provider. */
- if (! unlock_gnome_keyring(default_keyring, keyring_password, pool))
- return SVN_NO_ERROR;
- }
- }
- else
- {
- if (check_keyring_is_locked(default_keyring))
- {
- return svn_error_create(SVN_ERR_AUTHN_CREDS_NOT_SAVED, NULL,
- _("GNOME Keyring is locked and "
- "we are non-interactive"));
- }
- }
return svn_auth__simple_save_creds_helper
(saved, credentials,
provider_baton, parameters,
@@ -518,43 +491,6 @@ ssl_client_cert_pw_gnome_keyring_first_c
const char *realmstring,
apr_pool_t *pool)
{
- svn_boolean_t non_interactive = apr_hash_get(parameters,
- SVN_AUTH_PARAM_NON_INTERACTIVE,
- APR_HASH_KEY_STRING) != NULL;
- const char *default_keyring = get_default_keyring_name(pool);
- if (! non_interactive)
- {
- svn_auth_gnome_keyring_unlock_prompt_func_t unlock_prompt_func =
- apr_hash_get(parameters,
- SVN_AUTH_PARAM_GNOME_KEYRING_UNLOCK_PROMPT_FUNC,
- APR_HASH_KEY_STRING);
- void *unlock_prompt_baton =
- apr_hash_get(parameters, SVN_AUTH_PARAM_GNOME_KEYRING_UNLOCK_PROMPT_BATON,
- APR_HASH_KEY_STRING);
-
- char *keyring_password;
-
- if (unlock_prompt_func && check_keyring_is_locked(default_keyring))
- {
- SVN_ERR((*unlock_prompt_func)(&keyring_password,
- default_keyring,
- unlock_prompt_baton,
- pool));
-
- /* If keyring is locked give up and try the next provider. */
- if (! unlock_gnome_keyring(default_keyring, keyring_password, pool))
- return SVN_NO_ERROR;
- }
- }
- else
- {
- if (check_keyring_is_locked(default_keyring))
- {
- return svn_error_create(SVN_ERR_AUTHN_CREDS_UNAVAILABLE, NULL,
- _("GNOME Keyring is locked and "
- "we are non-interactive"));
- }
- }
return svn_auth__ssl_client_cert_pw_file_first_creds_helper
(credentials,
iter_baton, provider_baton,
@@ -574,43 +510,6 @@ ssl_client_cert_pw_gnome_keyring_save_cr
const char *realmstring,
apr_pool_t *pool)
{
- svn_boolean_t non_interactive = apr_hash_get(parameters,
- SVN_AUTH_PARAM_NON_INTERACTIVE,
- APR_HASH_KEY_STRING) != NULL;
- const char *default_keyring = get_default_keyring_name(pool);
- if (! non_interactive)
- {
- svn_auth_gnome_keyring_unlock_prompt_func_t unlock_prompt_func =
- apr_hash_get(parameters,
- SVN_AUTH_PARAM_GNOME_KEYRING_UNLOCK_PROMPT_FUNC,
- APR_HASH_KEY_STRING);
- void *unlock_prompt_baton =
- apr_hash_get(parameters, SVN_AUTH_PARAM_GNOME_KEYRING_UNLOCK_PROMPT_BATON,
- APR_HASH_KEY_STRING);
-
- char *keyring_password;
-
- if (unlock_prompt_func && check_keyring_is_locked(default_keyring))
- {
- SVN_ERR((*unlock_prompt_func)(&keyring_password,
- default_keyring,
- unlock_prompt_baton,
- pool));
-
- /* If keyring is locked give up and try the next provider. */
- if (! unlock_gnome_keyring(default_keyring, keyring_password, pool))
- return SVN_NO_ERROR;
- }
- }
- else
- {
- if (check_keyring_is_locked(default_keyring))
- {
- return svn_error_create(SVN_ERR_AUTHN_CREDS_NOT_SAVED, NULL,
- _("GNOME Keyring is locked and "
- "we are non-interactive"));
- }
- }
return svn_auth__ssl_client_cert_pw_file_save_creds_helper
(saved, credentials,
provider_baton, parameters,
Modified: subversion/trunk/subversion/libsvn_auth_kwallet/kwallet.cpp
URL: http://svn.apache.org/viewvc/subversion/trunk/subversion/libsvn_auth_kwallet/kwallet.cpp?rev=1242759&r1=1242758&r2=1242759&view=diff
==============================================================================
--- subversion/trunk/subversion/libsvn_auth_kwallet/kwallet.cpp (original)
+++ subversion/trunk/subversion/libsvn_auth_kwallet/kwallet.cpp Fri Feb 10 13:38:08 2012
@@ -181,8 +181,9 @@ kwallet_terminate(void *data)
/* Implementation of svn_auth__password_get_t that retrieves
the password from KWallet. */
-static svn_boolean_t
-kwallet_password_get(const char **password,
+static svn_error_t *
+kwallet_password_get(svn_boolean_t *done,
+ const char **password,
apr_hash_t *creds,
const char *realmstring,
const char *username,
@@ -190,14 +191,22 @@ kwallet_password_get(const char **passwo
svn_boolean_t non_interactive,
apr_pool_t *pool)
{
- if (non_interactive)
+ QString wallet_name = get_wallet_name(parameters);
+
+ *done = FALSE;
+
+ if (! dbus_bus_get(DBUS_BUS_SESSION, NULL))
{
- return FALSE;
+ return SVN_NO_ERROR;
}
- if (! dbus_bus_get(DBUS_BUS_SESSION, NULL))
+ if (non_interactive)
{
- return FALSE;
+ if (!KWallet::Wallet::isOpen(wallet_name))
+ return SVN_NO_ERROR;
+
+ /* There is a race here: the wallet was open just now, but will
+ it still be open when we come to use it below? */
}
QCoreApplication *app;
@@ -216,8 +225,6 @@ kwallet_password_get(const char **passwo
ki18n("Version control system"),
KCmdLineArgs::CmdLineArgKDE);
KComponentData component_data(KCmdLineArgs::aboutData());
- svn_boolean_t ret = FALSE;
- QString wallet_name = get_wallet_name(parameters);
QString folder = QString::fromUtf8("Subversion");
QString key =
QString::fromUtf8(username) + "@" + QString::fromUtf8(realmstring);
@@ -238,7 +245,7 @@ kwallet_password_get(const char **passwo
*password = apr_pstrmemdup(pool,
q_password.toUtf8().data(),
q_password.size());
- ret = TRUE;
+ *done = TRUE;
}
}
}
@@ -246,13 +253,14 @@ kwallet_password_get(const char **passwo
apr_pool_cleanup_register(pool, parameters, kwallet_terminate, NULL);
- return ret;
+ return SVN_NO_ERROR;
}
/* Implementation of svn_auth__password_set_t that stores
the password in KWallet. */
-static svn_boolean_t
-kwallet_password_set(apr_hash_t *creds,
+static svn_error_t *
+kwallet_password_set(svn_boolean_t *done,
+ apr_hash_t *creds,
const char *realmstring,
const char *username,
const char *password,
@@ -260,14 +268,22 @@ kwallet_password_set(apr_hash_t *creds,
svn_boolean_t non_interactive,
apr_pool_t *pool)
{
- if (non_interactive)
+ QString wallet_name = get_wallet_name(parameters);
+
+ *done = FALSE;
+
+ if (! dbus_bus_get(DBUS_BUS_SESSION, NULL))
{
- return FALSE;
+ return SVN_NO_ERROR;
}
- if (! dbus_bus_get(DBUS_BUS_SESSION, NULL))
+ if (non_interactive)
{
- return FALSE;
+ if (!KWallet::Wallet::isOpen(wallet_name))
+ return SVN_NO_ERROR;
+
+ /* There is a race here: the wallet was open just now, but will
+ it still be open when we come to use it below? */
}
QCoreApplication *app;
@@ -286,9 +302,7 @@ kwallet_password_set(apr_hash_t *creds,
ki18n("Version control system"),
KCmdLineArgs::CmdLineArgKDE);
KComponentData component_data(KCmdLineArgs::aboutData());
- svn_boolean_t ret = FALSE;
QString q_password = QString::fromUtf8(password);
- QString wallet_name = get_wallet_name(parameters);
QString folder = QString::fromUtf8("Subversion");
KWallet::Wallet *wallet = get_wallet(wallet_name, parameters);
if (wallet)
@@ -307,14 +321,14 @@ kwallet_password_set(apr_hash_t *creds,
+ QString::fromUtf8(realmstring);
if (wallet->writePassword(key, q_password) == 0)
{
- ret = TRUE;
+ *done = TRUE;
}
}
}
apr_pool_cleanup_register(pool, parameters, kwallet_terminate, NULL);
- return ret;
+ return SVN_NO_ERROR;
}
/* Get cached encrypted credentials from the simple provider's cache. */
Modified: subversion/trunk/subversion/libsvn_subr/gpg_agent.c
URL: http://svn.apache.org/viewvc/subversion/trunk/subversion/libsvn_subr/gpg_agent.c?rev=1242759&r1=1242758&r2=1242759&view=diff
==============================================================================
--- subversion/trunk/subversion/libsvn_subr/gpg_agent.c (original)
+++ subversion/trunk/subversion/libsvn_subr/gpg_agent.c Fri Feb 10 13:38:08 2012
@@ -154,8 +154,9 @@ send_option(int sd, char *buf, size_t n,
/* Implementation of svn_auth__password_get_t that retrieves the password
from gpg-agent */
-static svn_boolean_t
-password_get_gpg_agent(const char **password,
+static svn_error_t *
+password_get_gpg_agent(svn_boolean_t *done,
+ const char **password,
apr_hash_t *creds,
const char *realmstring,
const char *username,
@@ -182,6 +183,8 @@ password_get_gpg_agent(const char **pass
char *password_prompt;
char *realm_prompt;
+ *done = FALSE;
+
gpg_agent_info = getenv("GPG_AGENT_INFO");
if (gpg_agent_info != NULL)
{
@@ -190,7 +193,7 @@ password_get_gpg_agent(const char **pass
socket_name = APR_ARRAY_IDX(socket_details, 0, const char *);
}
else
- return FALSE;
+ return SVN_NO_ERROR;
if (socket_name != NULL)
{
@@ -200,29 +203,29 @@ password_get_gpg_agent(const char **pass
sd = socket(AF_UNIX, SOCK_STREAM, 0);
if (sd == -1)
- return FALSE;
+ return SVN_NO_ERROR;
if (connect(sd, (struct sockaddr *)&addr, sizeof(addr)) == -1)
{
close(sd);
- return FALSE;
+ return SVN_NO_ERROR;
}
}
else
- return FALSE;
+ return SVN_NO_ERROR;
/* Receive the connection status from the gpg-agent daemon. */
buffer = apr_palloc(pool, BUFFER_SIZE);
if (!receive_from_gpg_agent(sd, buffer, BUFFER_SIZE))
{
close(sd);
- return FALSE;
+ return SVN_NO_ERROR;
}
if (strncmp(buffer, "OK", 2) != 0)
{
close(sd);
- return FALSE;
+ return SVN_NO_ERROR;
}
/* The GPG-Agent documentation says:
@@ -232,19 +235,19 @@ password_get_gpg_agent(const char **pass
if (write(sd, request, strlen(request)) == -1)
{
close(sd);
- return FALSE;
+ return SVN_NO_ERROR;
}
if (!receive_from_gpg_agent(sd, buffer, BUFFER_SIZE))
{
close(sd);
- return FALSE;
+ return SVN_NO_ERROR;
}
if (strncmp(buffer, "D", 1) == 0)
p = &buffer[2];
if (!p)
{
close(sd);
- return FALSE;
+ return SVN_NO_ERROR;
}
ep = strchr(p, '\n');
if (ep != NULL)
@@ -252,18 +255,18 @@ password_get_gpg_agent(const char **pass
if (strcmp(socket_name, p) != 0)
{
close(sd);
- return FALSE;
+ return SVN_NO_ERROR;
}
/* The agent will terminate its response with "OK". */
if (!receive_from_gpg_agent(sd, buffer, BUFFER_SIZE))
{
close(sd);
- return FALSE;
+ return SVN_NO_ERROR;
}
if (strncmp(buffer, "OK", 2) != 0)
{
close(sd);
- return FALSE;
+ return SVN_NO_ERROR;
}
/* Send TTY_NAME to the gpg-agent daemon. */
@@ -273,13 +276,13 @@ password_get_gpg_agent(const char **pass
if (!send_option(sd, buffer, BUFFER_SIZE, "ttyname", tty_name, pool))
{
close(sd);
- return FALSE;
+ return SVN_NO_ERROR;
}
}
else
{
close(sd);
- return FALSE;
+ return SVN_NO_ERROR;
}
/* Send TTY_TYPE to the gpg-agent daemon. */
@@ -289,13 +292,13 @@ password_get_gpg_agent(const char **pass
if (!send_option(sd, buffer, BUFFER_SIZE, "ttytype", tty_type, pool))
{
close(sd);
- return FALSE;
+ return SVN_NO_ERROR;
}
}
else
{
close(sd);
- return FALSE;
+ return SVN_NO_ERROR;
}
/* Compute LC_CTYPE. */
@@ -311,7 +314,7 @@ password_get_gpg_agent(const char **pass
if (!send_option(sd, buffer, BUFFER_SIZE, "lc-ctype", lc_ctype, pool))
{
close(sd);
- return FALSE;
+ return SVN_NO_ERROR;
}
}
@@ -323,7 +326,7 @@ password_get_gpg_agent(const char **pass
if (!send_option(sd, buffer, BUFFER_SIZE, "display", display, pool))
{
close(sd);
- return FALSE;
+ return SVN_NO_ERROR;
}
}
@@ -348,25 +351,25 @@ password_get_gpg_agent(const char **pass
if (write(sd, request, strlen(request)) == -1)
{
close(sd);
- return FALSE;
+ return SVN_NO_ERROR;
}
if (!receive_from_gpg_agent(sd, buffer, BUFFER_SIZE))
{
close(sd);
- return FALSE;
+ return SVN_NO_ERROR;
}
close(sd);
if (strncmp(buffer, "ERR", 3) == 0)
- return FALSE;
+ return SVN_NO_ERROR;
p = NULL;
if (strncmp(buffer, "D", 1) == 0)
p = &buffer[2];
if (!p)
- return FALSE;
+ return SVN_NO_ERROR;
ep = strchr(p, '\n');
if (ep != NULL)
@@ -374,7 +377,8 @@ password_get_gpg_agent(const char **pass
*password = p;
- return TRUE;
+ *done = TRUE;
+ return SVN_NO_ERROR;
}
@@ -384,8 +388,9 @@ password_get_gpg_agent(const char **pass
the user via the pinentry program immediately upon its provision
(and regardless of its accuracy as passwords go), so there's
nothing really to do here. */
-static svn_boolean_t
-password_set_gpg_agent(apr_hash_t *creds,
+static svn_error_t *
+password_set_gpg_agent(svn_boolean_t *done,
+ apr_hash_t *creds,
const char *realmstring,
const char *username,
const char *password,
@@ -393,7 +398,9 @@ password_set_gpg_agent(apr_hash_t *creds
svn_boolean_t non_interactive,
apr_pool_t *pool)
{
- return TRUE;
+ *done = TRUE;
+
+ return SVN_NO_ERROR;
}
Modified: subversion/trunk/subversion/libsvn_subr/macos_keychain.c
URL: http://svn.apache.org/viewvc/subversion/trunk/subversion/libsvn_subr/macos_keychain.c?rev=1242759&r1=1242758&r2=1242759&view=diff
==============================================================================
--- subversion/trunk/subversion/libsvn_subr/macos_keychain.c (original)
+++ subversion/trunk/subversion/libsvn_subr/macos_keychain.c Fri Feb 10 13:38:08 2012
@@ -65,8 +65,9 @@
/* Implementation of svn_auth__password_set_t that stores
the password in the OS X KeyChain. */
-static svn_boolean_t
-keychain_password_set(apr_hash_t *creds,
+static svn_error_t *
+keychain_password_set(svn_boolean_t *done,
+ apr_hash_t *creds,
const char *realmstring,
const char *username,
const char *password,
@@ -106,13 +107,16 @@ keychain_password_set(apr_hash_t *creds,
if (non_interactive)
SecKeychainSetUserInteractionAllowed(TRUE);
- return status == 0;
+ *done = (status == 0);
+
+ return SVN_NO_ERROR;
}
/* Implementation of svn_auth__password_get_t that retrieves
the password from the OS X KeyChain. */
-static svn_boolean_t
-keychain_password_get(const char **password,
+static svn_error_t *
+keychain_password_get(svn_boolean_t *done,
+ const char **password,
apr_hash_t *creds,
const char *realmstring,
const char *username,
@@ -124,6 +128,8 @@ keychain_password_get(const char **passw
UInt32 length;
void *data;
+ *done = FALSE;
+
if (non_interactive)
SecKeychainSetUserInteractionAllowed(FALSE);
@@ -137,11 +143,12 @@ keychain_password_get(const char **passw
SecKeychainSetUserInteractionAllowed(TRUE);
if (status != 0)
- return FALSE;
+ return SVN_NO_ERROR;
*password = apr_pstrmemdup(pool, data, length);
SecKeychainItemFreeContent(NULL, data);
- return TRUE;
+ *done = TRUE;
+ return SVN_NO_ERROR;
}
/* Get cached encrypted credentials from the simple provider's cache. */
Modified: subversion/trunk/subversion/libsvn_subr/simple_providers.c
URL: http://svn.apache.org/viewvc/subversion/trunk/subversion/libsvn_subr/simple_providers.c?rev=1242759&r1=1242758&r2=1242759&view=diff
==============================================================================
--- subversion/trunk/subversion/libsvn_subr/simple_providers.c (original)
+++ subversion/trunk/subversion/libsvn_subr/simple_providers.c Fri Feb 10 13:38:08 2012
@@ -62,8 +62,9 @@ typedef struct simple_provider_baton_t
�
/* Implementation of svn_auth__password_get_t that retrieves
the plaintext password from CREDS. */
-svn_boolean_t
-svn_auth__simple_password_get(const char **password,
+svn_error_t *
+svn_auth__simple_password_get(svn_boolean_t *done,
+ const char **password,
apr_hash_t *creds,
const char *realmstring,
const char *username,
@@ -72,6 +73,9 @@ svn_auth__simple_password_get(const char
apr_pool_t *pool)
{
svn_string_t *str;
+
+ *done = FALSE;
+
str = apr_hash_get(creds, AUTHN_USERNAME_KEY, APR_HASH_KEY_STRING);
if (str && username && strcmp(str->data, username) == 0)
{
@@ -79,16 +83,18 @@ svn_auth__simple_password_get(const char
if (str && str->data)
{
*password = str->data;
- return TRUE;
+ *done = TRUE;
}
}
- return FALSE;
+
+ return SVN_NO_ERROR;
}
/* Implementation of svn_auth__password_set_t that stores
the plaintext password in CREDS. */
-svn_boolean_t
-svn_auth__simple_password_set(apr_hash_t *creds,
+svn_error_t *
+svn_auth__simple_password_set(svn_boolean_t *done,
+ apr_hash_t *creds,
const char *realmstring,
const char *username,
const char *password,
@@ -98,7 +104,9 @@ svn_auth__simple_password_set(apr_hash_t
{
apr_hash_set(creds, AUTHN_PASSWORD_KEY, APR_HASH_KEY_STRING,
svn_string_create(password, pool));
- return TRUE;
+ *done = TRUE;
+
+ return SVN_NO_ERROR;
}
/* Set **USERNAME to the username retrieved from CREDS; ignore
@@ -211,8 +219,12 @@ svn_auth__simple_first_creds_helper(void
{
if (have_passtype)
{
- if (!password_get(&default_password, creds_hash, realmstring,
- username, parameters, non_interactive, pool))
+ svn_boolean_t done;
+
+ SVN_ERR(password_get(&done, &default_password, creds_hash,
+ realmstring, username, parameters,
+ non_interactive, pool));
+ if (done)
{
need_to_save = TRUE;
}
@@ -241,9 +253,12 @@ svn_auth__simple_first_creds_helper(void
password = NULL;
else
{
- if (!password_get(&password, creds_hash, realmstring,
- username, parameters, non_interactive,
- pool))
+ svn_boolean_t done;
+
+ SVN_ERR(password_get(&done, &password, creds_hash,
+ realmstring, username, parameters,
+ non_interactive, pool));
+ if (!done)
password = NULL;
/* If the auth data didn't contain a password type,
@@ -458,9 +473,9 @@ svn_auth__simple_save_creds_helper(svn_b
if (may_save_password)
{
- *saved = password_set(creds_hash, realmstring,
- creds->username, creds->password,
- parameters, non_interactive, pool);
+ SVN_ERR(password_set(saved, creds_hash, realmstring,
+ creds->username, creds->password,
+ parameters, non_interactive, pool));
if (*saved && passtype)
/* Store the password type with the auth data, so that we
know which provider owns the password. */
Modified: subversion/trunk/subversion/libsvn_subr/ssl_client_cert_pw_providers.c
URL: http://svn.apache.org/viewvc/subversion/trunk/subversion/libsvn_subr/ssl_client_cert_pw_providers.c?rev=1242759&r1=1242758&r2=1242759&view=diff
==============================================================================
--- subversion/trunk/subversion/libsvn_subr/ssl_client_cert_pw_providers.c (original)
+++ subversion/trunk/subversion/libsvn_subr/ssl_client_cert_pw_providers.c Fri Feb 10 13:38:08 2012
@@ -63,8 +63,9 @@ typedef struct ssl_client_cert_pw_file_p
/* This implements the svn_auth__password_get_t interface.
Set **PASSPHRASE to the plaintext passphrase retrieved from CREDS;
ignore other parameters. */
-svn_boolean_t
-svn_auth__ssl_client_cert_pw_get(const char **passphrase,
+svn_error_t *
+svn_auth__ssl_client_cert_pw_get(svn_boolean_t *done,
+ const char **passphrase,
apr_hash_t *creds,
const char *realmstring,
const char *username,
@@ -77,15 +78,18 @@ svn_auth__ssl_client_cert_pw_get(const c
if (str && str->data)
{
*passphrase = str->data;
- return TRUE;
+ *done = TRUE;
+ return SVN_NO_ERROR;
}
+ *done = FALSE;
return FALSE;
}
/* This implements the svn_auth__password_set_t interface.
Store PASSPHRASE in CREDS; ignore other parameters. */
-svn_boolean_t
-svn_auth__ssl_client_cert_pw_set(apr_hash_t *creds,
+svn_error_t *
+svn_auth__ssl_client_cert_pw_set(svn_boolean_t *done,
+ apr_hash_t *creds,
const char *realmstring,
const char *username,
const char *passphrase,
@@ -95,7 +99,8 @@ svn_auth__ssl_client_cert_pw_set(apr_has
{
apr_hash_set(creds, AUTHN_PASSPHRASE_KEY, APR_HASH_KEY_STRING,
svn_string_create(passphrase, pool));
- return TRUE;
+ *done = TRUE;
+ return SVN_NO_ERROR;
}
svn_error_t *
@@ -137,8 +142,11 @@ svn_auth__ssl_client_cert_pw_file_first_
svn_error_clear(err);
if (! err && creds_hash)
{
- if (!passphrase_get(&password, creds_hash, realmstring,
- NULL, parameters, non_interactive, pool))
+ svn_boolean_t done;
+
+ SVN_ERR(passphrase_get(&done, &password, creds_hash, realmstring,
+ NULL, parameters, non_interactive, pool));
+ if (!done)
password = NULL;
}
}
@@ -305,9 +313,9 @@ svn_auth__ssl_client_cert_pw_file_save_c
if (may_save_passphrase)
{
- *saved = passphrase_set(creds_hash, realmstring,
- NULL, creds->password, parameters,
- non_interactive, pool);
+ SVN_ERR(passphrase_set(saved, creds_hash, realmstring,
+ NULL, creds->password, parameters,
+ non_interactive, pool));
if (*saved && passtype)
{
Modified: subversion/trunk/subversion/libsvn_subr/win32_crypto.c
URL: http://svn.apache.org/viewvc/subversion/trunk/subversion/libsvn_subr/win32_crypto.c?rev=1242759&r1=1242758&r2=1242759&view=diff
==============================================================================
--- subversion/trunk/subversion/libsvn_subr/win32_crypto.c (original)
+++ subversion/trunk/subversion/libsvn_subr/win32_crypto.c Fri Feb 10 13:38:08 2012
@@ -52,8 +52,9 @@ static const WCHAR description[] = L"aut
/* Implementation of svn_auth__password_set_t that encrypts
the incoming password using the Windows CryptoAPI. */
-static svn_boolean_t
-windows_password_encrypter(apr_hash_t *creds,
+static svn_error_t *
+windows_password_encrypter(svn_boolean_t *done,
+ apr_hash_t *creds,
const char *realmstring,
const char *username,
const char *in,
@@ -79,14 +80,16 @@ windows_password_encrypter(apr_hash_t *c
LocalFree(blobout.pbData);
}
- return crypted;
+ *done = crypted;
+ return SVN_NO_ERROR;
}
/* Implementation of svn_auth__password_get_t that decrypts
the incoming password using the Windows CryptoAPI and verifies its
validity. */
-static svn_boolean_t
-windows_password_decrypter(const char **out,
+static svn_error_t *
+windows_password_decrypter(svn_boolean_t *done,
+ const char **out,
apr_hash_t *creds,
const char *realmstring,
const char *username,
@@ -100,9 +103,10 @@ windows_password_decrypter(const char **
svn_boolean_t decrypted;
char *in;
- if (!svn_auth__simple_password_get(&in, creds, realmstring, username,
- parameters, non_interactive, pool))
- return FALSE;
+ SVN_ERR(svn_auth__simple_password_get(done, &in, creds, realmstring, username,
+ parameters, non_interactive, pool));
+ if (!done)
+ return SVN_NO_ERROR;
blobin.cbData = strlen(in);
blobin.pbData = apr_palloc(pool, apr_base64_decode_len(in));
@@ -119,7 +123,8 @@ windows_password_decrypter(const char **
LocalFree(descr);
}
- return decrypted;
+ *done = decrypted;
+ return SVN_NO_ERROR;
}
/* Get cached encrypted credentials from the simple provider's cache. */
@@ -186,8 +191,9 @@ svn_auth_get_windows_simple_provider(svn
/* Implementation of svn_auth__password_set_t that encrypts
the incoming password using the Windows CryptoAPI. */
-static svn_boolean_t
-windows_ssl_client_cert_pw_encrypter(apr_hash_t *creds,
+static svn_error_t *
+windows_ssl_client_cert_pw_encrypter(svn_boolean_t *done,
+ apr_hash_t *creds,
const char *realmstring,
const char *username,
const char *in,
@@ -213,14 +219,16 @@ windows_ssl_client_cert_pw_encrypter(apr
LocalFree(blobout.pbData);
}
- return crypted;
+ *done = crypted;
+ return SVN_NO_ERROR;
}
/* Implementation of svn_auth__password_get_t that decrypts
the incoming password using the Windows CryptoAPI and verifies its
validity. */
-static svn_boolean_t
-windows_ssl_client_cert_pw_decrypter(const char **out,
+static svn_error_t *
+windows_ssl_client_cert_pw_decrypter(svn_boolean_t *done,
+ const char **out,
apr_hash_t *creds,
const char *realmstring,
const char *username,
@@ -234,9 +242,11 @@ windows_ssl_client_cert_pw_decrypter(con
svn_boolean_t decrypted;
char *in;
- if (!svn_auth__ssl_client_cert_pw_get(&in, creds, realmstring, username,
- parameters, non_interactive, pool))
- return FALSE;
+ SVN_ERR(svn_auth__ssl_client_cert_pw_get(done, &in, creds, realmstring,
+ username, parameters,
+ non_interactive, pool));
+ if (!done)
+ return SVN_NO_ERROR;
blobin.cbData = strlen(in);
blobin.pbData = apr_palloc(pool, apr_base64_decode_len(in));
@@ -253,7 +263,8 @@ windows_ssl_client_cert_pw_decrypter(con
LocalFree(descr);
}
- return decrypted;
+ *done = decrypted;
+ return SVN_NO_ERROR;
}
/* Get cached encrypted credentials from the simple provider's cache. */