subversion-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From phi...@apache.org
Subject svn commit: r1236630 - in /subversion/branches/1.7.x-r1236343: ./ subversion/libsvn_ra_svn/cyrus_auth.c
Date Fri, 27 Jan 2012 11:05:10 GMT
Author: philip
Date: Fri Jan 27 11:05:10 2012
New Revision: 1236630

URL: http://svn.apache.org/viewvc?rev=1236630&view=rev
Log:
On 1.7.x-r1236343 branch.  Merge 1179776, 1222628, 1222644, 1222699,
1236283, 1236343 from trunk and resolve conflicts in 1236343.

Modified:
    subversion/branches/1.7.x-r1236343/   (props changed)
    subversion/branches/1.7.x-r1236343/subversion/libsvn_ra_svn/cyrus_auth.c

Propchange: subversion/branches/1.7.x-r1236343/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Fri Jan 27 11:05:10 2012
@@ -72,4 +72,4 @@
 /subversion/branches/tree-conflicts:868291-873154
 /subversion/branches/tree-conflicts-notify:873926-874008
 /subversion/branches/uris-as-urls:1060426-1064427
-/subversion/trunk:1146013,1146121,1146219,1146222,1146274,1146492,1146555,1146606,1146620,1146684,1146781,1146832,1146834,1146870,1146899,1146904,1147293,1147299,1147309,1147882,1148071,1148083,1148094,1148131,1148374,1148424,1148566,1148588,1148652,1148662,1148699,1148853,1148877,1148882,1148936,1149103,1149105,1149135,1149141,1149160,1149228,1149240,1149343,1149371-1149372,1149377,1149398,1149401,1149539,1149572,1149627,1149675,1149701,1149713,1150242,1150254,1150260-1150261,1150266,1150302,1150327,1150344,1150368,1150372,1150441,1150506,1150812,1150853,1151036,1151177,1151610,1151854,1151906,1151911,1152129,1152140,1152189-1152190,1152267,1152282,1152286,1152726,1152809,1153138,1153141,1153416,1153540,1153566,1153799,1153807,1153968,1154009,1154023,1154115,1154119,1154121,1154144,1154155,1154159,1154165,1154215,1154225,1154273,1154278,1154379,1154382,1154461,1154717-1154718,1154733,1154908,1154982,1155015,1155044,1155124,1155131,1155160,1155313,1155334,1155391,1155404,115
 6085,1156098,1156216,1156218,1156312,1156527,1156717,1156721,1156750,1156827,1156838,1157416,1158187,1158193-1158194,1158196,1158201,1158207,1158209-1158210,1158217,1158285,1158288,1158303,1158309,1158407,1158419,1158421,1158436,1158455,1158616-1158617,1158634,1158854,1158875,1158886,1158893,1158896,1158919,1158923-1158924,1158929,1158963,1159093,1159098,1159101,1159132,1159136,1159148,1159230,1159275,1159400,1159686,1159760,1159772,1160605,1160671,1160682,1160704-1160705,1160756,1161063,1161080,1161185,1161210,1161683,1161721,1162024,1162033,1162201,1162516,1162880,1162974,1162995,1163243,1163372,1163383,1163557,1163792,1163953,1164027,1164386,1164426,1164517,1164535,1164554,1164580,1164614,1164645,1164760,1164765,1166267,1166500,1166555,1166678,1167062,1167173,1167209,1167269,1167503,1167659,1167681,1169524,1169531,1169650,1171708,1173111,1173425,1173639,1174051,1174060,1174652,1174761,1174797-1174798,1174806,1175888,1176915,1176949,1177001,1177492,1177732,1178280,1178282,
 1178942,1179680,1179767,1180154,1181090,1181110,1181155,1181215,1181609,1181666,1182115,1182527,1182771,1182904,1182909,1183054,1183263,1183347,1185222,1185242,1185280,1185282,1185730,1185738,1185746,1185763,1185768,1185886,1185911,1185918,1186059,1186092,1186101,1186107,1186109,1186121,1186231,1186240,1186422,1186434,1186732,1186755,1186784,1186815,1186928,1186944,1186981,1186983,1187311,1187676,1187695,1188609,1188652,1188677,1188762,1188774,1189190,1189261,1189395,1189580,1189665,1195480,1197135,1197998,1199876,1199950,1200837,1201002,1201824,1202135,1202187,1202630,1202807,1203546,1203651,1203653,1204167,1204478,1204610,1204673,1205193,1205726,1205839,1205848,1206523,1206533,1206576,1206718-1206719,1206724,1206741,1206748,1207656,1207663,1207823,1207858,1207949,1208840,1209631,1209654,1210195,1211483,1211859,1211885,1212476,1212482,1212484,1213331,1213673,1213681,1213690,1213711,1213716,1214139,1215260,1215288,1215374-1215375,1215379,1220742,1220750,1221793,1222521,12226
 93,1226597,1227146,1228340,1229252,1229303,1229677,1229833,1229980,1231944-1231945,1235264,1235296,1235302,1235736,1236163
+/subversion/trunk:1146013,1146121,1146219,1146222,1146274,1146492,1146555,1146606,1146620,1146684,1146781,1146832,1146834,1146870,1146899,1146904,1147293,1147299,1147309,1147882,1148071,1148083,1148094,1148131,1148374,1148424,1148566,1148588,1148652,1148662,1148699,1148853,1148877,1148882,1148936,1149103,1149105,1149135,1149141,1149160,1149228,1149240,1149343,1149371-1149372,1149377,1149398,1149401,1149539,1149572,1149627,1149675,1149701,1149713,1150242,1150254,1150260-1150261,1150266,1150302,1150327,1150344,1150368,1150372,1150441,1150506,1150812,1150853,1151036,1151177,1151610,1151854,1151906,1151911,1152129,1152140,1152189-1152190,1152267,1152282,1152286,1152726,1152809,1153138,1153141,1153416,1153540,1153566,1153799,1153807,1153968,1154009,1154023,1154115,1154119,1154121,1154144,1154155,1154159,1154165,1154215,1154225,1154273,1154278,1154379,1154382,1154461,1154717-1154718,1154733,1154908,1154982,1155015,1155044,1155124,1155131,1155160,1155313,1155334,1155391,1155404,115
 6085,1156098,1156216,1156218,1156312,1156527,1156717,1156721,1156750,1156827,1156838,1157416,1158187,1158193-1158194,1158196,1158201,1158207,1158209-1158210,1158217,1158285,1158288,1158303,1158309,1158407,1158419,1158421,1158436,1158455,1158616-1158617,1158634,1158854,1158875,1158886,1158893,1158896,1158919,1158923-1158924,1158929,1158963,1159093,1159098,1159101,1159132,1159136,1159148,1159230,1159275,1159400,1159686,1159760,1159772,1160605,1160671,1160682,1160704-1160705,1160756,1161063,1161080,1161185,1161210,1161683,1161721,1162024,1162033,1162201,1162516,1162880,1162974,1162995,1163243,1163372,1163383,1163557,1163792,1163953,1164027,1164386,1164426,1164517,1164535,1164554,1164580,1164614,1164645,1164760,1164765,1166267,1166500,1166555,1166678,1167062,1167173,1167209,1167269,1167503,1167659,1167681,1169524,1169531,1169650,1171708,1173111,1173425,1173639,1174051,1174060,1174652,1174761,1174797-1174798,1174806,1175888,1176915,1176949,1177001,1177492,1177732,1178280,1178282,
 1178942,1179680,1179767,1179776,1180154,1181090,1181110,1181155,1181215,1181609,1181666,1182115,1182527,1182771,1182904,1182909,1183054,1183263,1183347,1185222,1185242,1185280,1185282,1185730,1185738,1185746,1185763,1185768,1185886,1185911,1185918,1186059,1186092,1186101,1186107,1186109,1186121,1186231,1186240,1186422,1186434,1186732,1186755,1186784,1186815,1186928,1186944,1186981,1186983,1187311,1187676,1187695,1188609,1188652,1188677,1188762,1188774,1189190,1189261,1189395,1189580,1189665,1195480,1197135,1197998,1199876,1199950,1200837,1201002,1201824,1202135,1202187,1202630,1202807,1203546,1203651,1203653,1204167,1204478,1204610,1204673,1205193,1205726,1205839,1205848,1206523,1206533,1206576,1206718-1206719,1206724,1206741,1206748,1207656,1207663,1207823,1207858,1207949,1208840,1209631,1209654,1210195,1211483,1211859,1211885,1212476,1212482,1212484,1213331,1213673,1213681,1213690,1213711,1213716,1214139,1215260,1215288,1215374-1215375,1215379,1220742,1220750,1221793,12225
 21,1222628,1222644,1222693,1222699,1226597,1227146,1228340,1229252,1229303,1229677,1229833,1229980,1231944-1231945,1235264,1235296,1235302,1235736,1236163,1236283,1236343

Modified: subversion/branches/1.7.x-r1236343/subversion/libsvn_ra_svn/cyrus_auth.c
URL: http://svn.apache.org/viewvc/subversion/branches/1.7.x-r1236343/subversion/libsvn_ra_svn/cyrus_auth.c?rev=1236630&r1=1236629&r2=1236630&view=diff
==============================================================================
--- subversion/branches/1.7.x-r1236343/subversion/libsvn_ra_svn/cyrus_auth.c (original)
+++ subversion/branches/1.7.x-r1236343/subversion/libsvn_ra_svn/cyrus_auth.c Fri Jan 27 11:05:10
2012
@@ -169,12 +169,66 @@ apr_status_t svn_ra_svn__sasl_common_ini
   return apr_err;
 }
 
+/* We are going to look at errno when we get SASL_FAIL but we don't
+   know for sure whether SASL always sets errno.  Clearing errno
+   before calling SASL functions helps in cases where SASL does
+   nothing to set errno. */
+#ifdef apr_set_os_error
+#define clear_sasl_errno() apr_set_os_error(APR_SUCCESS)
+#else
+#define clear_sasl_errno() (void)0
+#endif
+
+/* Sometimes SASL returns SASL_FAIL as RESULT and sets errno.
+ * SASL_FAIL translates to "generic error" which is quite unhelpful.
+ * Try to append a more informative error message based on errno so
+ * should be called before doing anything that may change errno. */
+static const char *
+get_sasl_errno_msg(int result, apr_pool_t *result_pool)
+{
+#ifdef apr_get_os_error
+  char buf[1024];
+
+  if (result == SASL_FAIL && apr_get_os_error() != 0)
+    return apr_psprintf(result_pool, ": %s",
+                        svn_strerror(apr_get_os_error(), buf, sizeof(buf)));
+#endif
+  return "";
+}
+
+/* Wrap an error message from SASL with a prefix that allows users
+ * to tell that the error message came from SASL.  Queries errno and
+ * so should be called before doing anything that may change errno. */
+static const char *
+get_sasl_error(sasl_conn_t *sasl_ctx, int result, apr_pool_t *result_pool)
+{
+  const char *sasl_errno_msg = get_sasl_errno_msg(result, result_pool);
+
+  return apr_psprintf(result_pool,
+                      _("SASL authentication error: %s%s"),
+                      sasl_errdetail(sasl_ctx), sasl_errno_msg);
+}
+
 static svn_error_t *sasl_init_cb(void *baton, apr_pool_t *pool)
 {
-  if (svn_ra_svn__sasl_common_init(pool) != APR_SUCCESS
-      || sasl_client_init(NULL) != SASL_OK)
+  int result;
+
+  if (svn_ra_svn__sasl_common_init(pool) != APR_SUCCESS)
     return svn_error_create(SVN_ERR_RA_NOT_AUTHORIZED, NULL,
                             _("Could not initialize the SASL library"));
+  clear_sasl_errno();
+  result = sasl_client_init(NULL);
+  if (result != SASL_OK)
+    {
+      const char *sasl_errno_msg = get_sasl_errno_msg(result, pool);
+
+      return svn_error_createf
+        (SVN_ERR_RA_NOT_AUTHORIZED, NULL,
+         _("Could not initialized the SASL library: %s%s"),
+         sasl_errstring(result, NULL, NULL),
+         sasl_errno_msg);
+    }
+
   return SVN_NO_ERROR;
 }
 
@@ -321,16 +375,6 @@ get_password_cb(sasl_conn_t *conn, void 
   return SASL_FAIL;
 }
 
-/* Wrap an error message from SASL with a prefix that allow users
- * to tell that the error message came from SASL. */
-static const char *
-get_sasl_error(sasl_conn_t *sasl_ctx, apr_pool_t *result_pool)
-{
-  return apr_psprintf(result_pool,
-                      _("SASL authentication error: %s"),
-                      sasl_errdetail(sasl_ctx));
-}
-
 /* Create a new SASL context. */
 static svn_error_t *new_sasl_ctx(sasl_conn_t **sasl_ctx,
                                  svn_boolean_t is_tunneled,
@@ -343,14 +387,20 @@ static svn_error_t *new_sasl_ctx(sasl_co
   sasl_security_properties_t secprops;
   int result;
 
+  clear_sasl_errno();
   result = sasl_client_new(SVN_RA_SVN_SASL_NAME,
                            hostname, local_addrport, remote_addrport,
                            callbacks, SASL_SUCCESS_DATA,
                            sasl_ctx);
   if (result != SASL_OK)
-    return svn_error_create(SVN_ERR_RA_NOT_AUTHORIZED, NULL,
-                            sasl_errstring(result, NULL, NULL));
+    {
+      const char *sasl_errno_msg = get_sasl_errno_msg(result, pool);
 
+      return svn_error_createf(SVN_ERR_RA_NOT_AUTHORIZED, NULL,
+                               _("Could not create SASL context: %s%s"),
+                               sasl_errstring(result, NULL, NULL),
+                               sasl_errno_msg);
+    }
   svn_atomic_inc(&sasl_ctx_count);
   apr_pool_cleanup_register(pool, *sasl_ctx, sasl_dispose_cb,
                             apr_pool_cleanup_null);
@@ -361,11 +411,12 @@ static svn_error_t *new_sasl_ctx(sasl_co
          otherwise it will ignore EXTERNAL. The third parameter
          should be the username, but since SASL doesn't seem
          to use it on the client side, any non-empty string will do. */
+      clear_sasl_errno();
       result = sasl_setprop(*sasl_ctx,
                             SASL_AUTH_EXTERNAL, " ");
       if (result != SASL_OK)
         return svn_error_create(SVN_ERR_RA_NOT_AUTHORIZED, NULL,
-                                get_sasl_error(*sasl_ctx, pool));
+                                get_sasl_error(*sasl_ctx, result, pool));
     }
 
   /* Set security properties. */
@@ -393,6 +444,7 @@ static svn_error_t *try_auth(svn_ra_svn_
   do
     {
       again = FALSE;
+      clear_sasl_errno();
       result = sasl_client_start(sasl_ctx,
                                  mechstring,
                                  &client_interact,
@@ -411,7 +463,7 @@ static svn_error_t *try_auth(svn_ra_svn_
           case SASL_NOMEM:
             /* Fatal error.  Fail the authentication. */
             return svn_error_create(SVN_ERR_RA_NOT_AUTHORIZED, NULL,
-                                    get_sasl_error(sasl_ctx, pool));
+                                    get_sasl_error(sasl_ctx, result, pool));
           default:
             /* For anything else, delete the mech from the list
                and try again. */
@@ -463,6 +515,7 @@ static svn_error_t *try_auth(svn_ra_svn_
       if (strcmp(mech, "CRAM-MD5") != 0)
         in = svn_base64_decode_string(in, pool);
 
+      clear_sasl_errno();
       result = sasl_client_step(sasl_ctx,
                                 in->data,
                                 in->len,
@@ -472,7 +525,7 @@ static svn_error_t *try_auth(svn_ra_svn_
 
       if (result != SASL_OK && result != SASL_CONTINUE)
         return svn_error_create(SVN_ERR_RA_NOT_AUTHORIZED, NULL,
-                                get_sasl_error(sasl_ctx, pool));
+                                get_sasl_error(sasl_ctx, result, pool));
 
       /* If the server thinks we're done, then don't send any response. */
       if (strcmp(status, "success") == 0)
@@ -551,12 +604,13 @@ static svn_error_t *sasl_read_cb(void *b
           *len = 0;
           return SVN_NO_ERROR;
         }
+      clear_sasl_errno();
       result = sasl_decode(sasl_baton->ctx, buffer, len2,
                            &sasl_baton->read_buf,
                            &sasl_baton->read_len);
       if (result != SASL_OK)
         return svn_error_create(SVN_ERR_RA_NOT_AUTHORIZED, NULL,
-                                get_sasl_error(sasl_baton->ctx,
+                                get_sasl_error(sasl_baton->ctx, result,
                                                sasl_baton->scratch_pool));
     }
 
@@ -592,13 +646,14 @@ sasl_write_cb(void *baton, const char *b
     {
       /* Make sure we don't write too much. */
       *len = (*len > sasl_baton->maxsize) ? sasl_baton->maxsize : *len;
+      clear_sasl_errno();
       result = sasl_encode(sasl_baton->ctx, buffer, *len,
                            &sasl_baton->write_buf,
                            &sasl_baton->write_len);
 
       if (result != SASL_OK)
         return svn_error_create(SVN_ERR_RA_NOT_AUTHORIZED, NULL,
-                                get_sasl_error(sasl_baton->ctx,
+                                get_sasl_error(sasl_baton->ctx, result,
                                                sasl_baton->scratch_pool));
     }
 
@@ -652,10 +707,11 @@ svn_error_t *svn_ra_svn__enable_sasl_enc
       int result;
 
       /* Get the strength of the security layer. */
+      clear_sasl_errno();
       result = sasl_getprop(sasl_ctx, SASL_SSF, (void*) &ssfp);
       if (result != SASL_OK)
         return svn_error_create(SVN_ERR_RA_NOT_AUTHORIZED, NULL,
-                                get_sasl_error(sasl_ctx, pool));
+                                get_sasl_error(sasl_ctx, result, pool));
 
       if (*ssfp > 0)
         {
@@ -671,23 +727,25 @@ svn_error_t *svn_ra_svn__enable_sasl_enc
           sasl_baton->scratch_pool = conn->pool;
 
           /* Find out the maximum input size for sasl_encode. */
+          clear_sasl_errno();
           result = sasl_getprop(sasl_ctx, SASL_MAXOUTBUF, &maxsize);
           if (result != SASL_OK)
             return svn_error_create(SVN_ERR_RA_NOT_AUTHORIZED, NULL,
-                                    get_sasl_error(sasl_ctx, pool));
+                                    get_sasl_error(sasl_ctx, result, pool));
           sasl_baton->maxsize = *((const unsigned int *) maxsize);
 
           /* If there is any data left in the read buffer at this point,
              we need to decrypt it. */
           if (conn->read_end > conn->read_ptr)
             {
+              clear_sasl_errno();
               result = sasl_decode(sasl_ctx, conn->read_ptr,
                                    conn->read_end - conn->read_ptr,
                                    &sasl_baton->read_buf,
                                    &sasl_baton->read_len);
               if (result != SASL_OK)
                 return svn_error_create(SVN_ERR_RA_NOT_AUTHORIZED, NULL,
-                                        get_sasl_error(sasl_ctx, pool));
+                                        get_sasl_error(sasl_ctx, result, pool));
               conn->read_end = conn->read_ptr;
             }
 



Mime
View raw message