You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@subversion.apache.org by st...@apache.org on 2014/03/03 20:51:48 UTC

svn commit: r1573701 - /subversion/trunk/subversion/svn/auth-cmd.c

Author: stsp
Date: Mon Mar  3 19:51:47 2014
New Revision: 1573701

URL: http://svn.apache.org/r1573701
Log:
Make 'svn auth' match SSL hostnames and fingerprints case-insensitively.
Hostnames and fingerprints should have characters from the ASCII range only.

* subversion/svn/auth-cmd.c
  (match_pattern): Add 'caseblind' parameter which triggers case-insensitive
    matching.
  (match_credential): Update caller. Match SSL hostnames and fingerprints
   case-insensitively. Other credential data is matched case-sensitively.

Modified:
    subversion/trunk/subversion/svn/auth-cmd.c

Modified: subversion/trunk/subversion/svn/auth-cmd.c
URL: http://svn.apache.org/viewvc/subversion/trunk/subversion/svn/auth-cmd.c?rev=1573701&r1=1573700&r2=1573701&view=diff
==============================================================================
--- subversion/trunk/subversion/svn/auth-cmd.c (original)
+++ subversion/trunk/subversion/svn/auth-cmd.c Mon Mar  3 19:51:47 2014
@@ -104,11 +104,12 @@ struct walk_credentials_baton_t
 
 static svn_boolean_t
 match_pattern(const char *pattern, const char *value,
-              apr_pool_t *scratch_pool)
+              svn_boolean_t caseblind, apr_pool_t *scratch_pool)
 {
   const char *p = apr_psprintf(scratch_pool, "*%s*", pattern);
+  int flags = (caseblind ? APR_FNM_CASE_BLIND : 0);
 
-  return (apr_fnmatch(p, value, 0) == APR_SUCCESS);
+  return (apr_fnmatch(p, value, flags) == APR_SUCCESS);
 }
 
 static svn_error_t *
@@ -129,9 +130,9 @@ match_credential(svn_boolean_t *match,
       const char *pattern = APR_ARRAY_IDX(patterns, i, const char *);
       int j;
 
-      *match = match_pattern(pattern, cred_kind, iterpool);
+      *match = match_pattern(pattern, cred_kind, FALSE, iterpool);
       if (!*match)
-        *match = match_pattern(pattern, realmstring, iterpool);
+        *match = match_pattern(pattern, realmstring, FALSE, iterpool);
       if (!*match)
         {
           svn_pool_clear(iterpool);
@@ -149,8 +150,11 @@ match_credential(svn_boolean_t *match,
                 continue; /* don't match secrets */
               else if (strcmp(key, SVN_CONFIG_AUTHN_ASCII_CERT_KEY) == 0)
                 continue; /* don't match base64 data */
+              else if (strcmp(key, SVN_CONFIG_AUTHN_HOSTNAME_KEY) == 0 ||
+                       strcmp(key, SVN_CONFIG_AUTHN_FINGERPRINT_KEY) == 0)
+                *match = match_pattern(pattern, value->data, TRUE, iterpool);
               else
-                *match = match_pattern(pattern, value->data, iterpool);
+                *match = match_pattern(pattern, value->data, FALSE, iterpool);
 
               if (*match)
                 break;