subversion-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cmpil...@apache.org
Subject svn commit: r1365620 - in /subversion/branches/master-passphrase/subversion: include/svn_cmdline.h libsvn_subr/auth_store.c libsvn_subr/cmdline.c libsvn_subr/prompt.c
Date Wed, 25 Jul 2012 15:17:13 GMT
Author: cmpilato
Date: Wed Jul 25 15:17:12 2012
New Revision: 1365620

URL: http://svn.apache.org/viewvc?rev=1365620&view=rev
Log:
On the 'master-passphrase' branch: Clean up the cleanup of auth
stores, and move away from a hardcoded master passphrase via the
addition of a prompting callback.

* subversion/include/svn_cmdline.h,
* subversion/libsvn_subr/prompt.c
  (svn_cmdline_auth_master_passphrase_prompt): New function.

* subversion/libsvn_subr/auth_store.c
  (svn_auth__store_t): Add 'pool' member.
  (svn_auth__store_create): Initialize new 'pool' struct member.
  (cleanup_auth_store_close): New.
  (svn_auth__store_open): Register the cleanup_auth_store_close() pool
    cleanup handler with the auth store pool.
  (svn_auth__store_close): Don't require that the store be open, but only
    attempt to really close it if it is.

* subversion/libsvn_subr/cmdline.c
  (fetch_nonsecret_secret, cleanup_auth_store_close): Remove as unused.
  (open_auth_store): Add 'pb' parameter, passed as the baton for the
    new svn_cmdline_auth_master_passphrase_prompt, which itself
    replaces fetch_nonsecret_secret as the master passphrase fetch
    callback.  Also, don't bother registering a pool cleanup function
    for the auth store.

Modified:
    subversion/branches/master-passphrase/subversion/include/svn_cmdline.h
    subversion/branches/master-passphrase/subversion/libsvn_subr/auth_store.c
    subversion/branches/master-passphrase/subversion/libsvn_subr/cmdline.c
    subversion/branches/master-passphrase/subversion/libsvn_subr/prompt.c

Modified: subversion/branches/master-passphrase/subversion/include/svn_cmdline.h
URL: http://svn.apache.org/viewvc/subversion/branches/master-passphrase/subversion/include/svn_cmdline.h?rev=1365620&r1=1365619&r2=1365620&view=diff
==============================================================================
--- subversion/branches/master-passphrase/subversion/include/svn_cmdline.h (original)
+++ subversion/branches/master-passphrase/subversion/include/svn_cmdline.h Wed Jul 25 15:17:12
2012
@@ -41,6 +41,7 @@
 #include "svn_types.h"
 #include "svn_auth.h"
 #include "svn_config.h"
+#include "svn_string.h"
 
 #ifdef __cplusplus
 extern "C" {
@@ -315,6 +316,19 @@ svn_cmdline_auth_plaintext_passphrase_pr
                                              apr_pool_t *pool);
 
 
+/** An implementation of @c svn_auth__master_passphrase_fetch_t that
+ * prompts the user for the master passphrase which protects an
+ * encrypted authentication store.
+ *
+ * @since New in 1.8.
+ */
+svn_error_t *
+svn_cmdline_auth_master_passphrase_prompt(const svn_string_t **secret,
+                                          void *baton, 
+                                          apr_pool_t *result_pool,
+                                          apr_pool_t *scratch_pool);
+
+
 /** Set @a *ab to an authentication baton allocated from @a pool and
  * initialized with the standard set of authentication providers used
  * by the command line client.

Modified: subversion/branches/master-passphrase/subversion/libsvn_subr/auth_store.c
URL: http://svn.apache.org/viewvc/subversion/branches/master-passphrase/subversion/libsvn_subr/auth_store.c?rev=1365620&r1=1365619&r2=1365620&view=diff
==============================================================================
--- subversion/branches/master-passphrase/subversion/libsvn_subr/auth_store.c (original)
+++ subversion/branches/master-passphrase/subversion/libsvn_subr/auth_store.c Wed Jul 25 15:17:12
2012
@@ -33,6 +33,7 @@ struct svn_auth__store_t
   svn_auth__store_cb_get_cred_hash_t get_cred_hash_func;
   svn_auth__store_cb_set_cred_hash_t set_cred_hash_func;
   svn_auth__store_cb_iterate_creds_t iterate_creds_func;
+  apr_pool_t *pool;
 };
 
 
@@ -41,6 +42,7 @@ svn_auth__store_create(svn_auth__store_t
                        apr_pool_t *result_pool)
 {
   *auth_store = apr_pcalloc(result_pool, sizeof(**auth_store));
+  (*auth_store)->pool = result_pool;
   return SVN_NO_ERROR;
 }
 
@@ -108,6 +110,15 @@ svn_auth__store_set_iterate_creds(svn_au
 }
 
 
+/* APR pool cleanup handler which closes an auth_store. */
+static apr_status_t
+cleanup_auth_store_close(void *arg)
+{
+  svn_auth__store_t *auth_store = arg;
+  svn_auth__store_close(auth_store, auth_store->pool);
+  return 0;
+}
+
 
 svn_error_t *
 svn_auth__store_open(svn_auth__store_t *auth_store,
@@ -119,6 +130,12 @@ svn_auth__store_open(svn_auth__store_t *
     {
       SVN_ERR(auth_store->open_func(auth_store->store_baton, create,
                                     scratch_pool));
+
+      /* Register a pool cleanup handler which closes the store. */
+      apr_pool_cleanup_register(auth_store->pool, auth_store,
+                                cleanup_auth_store_close,
+                                apr_pool_cleanup_null);
+
       auth_store->is_open = TRUE;
     }
   else
@@ -133,8 +150,7 @@ svn_error_t *
 svn_auth__store_close(svn_auth__store_t *auth_store,
                       apr_pool_t *scratch_pool)
 {
-  SVN_ERR_ASSERT(auth_store->is_open);
-  if (auth_store->close_func)
+  if (auth_store->is_open && auth_store->close_func)
     SVN_ERR(auth_store->close_func(auth_store->store_baton, scratch_pool));
   return SVN_NO_ERROR;
 }

Modified: subversion/branches/master-passphrase/subversion/libsvn_subr/cmdline.c
URL: http://svn.apache.org/viewvc/subversion/branches/master-passphrase/subversion/libsvn_subr/cmdline.c?rev=1365620&r1=1365619&r2=1365620&view=diff
==============================================================================
--- subversion/branches/master-passphrase/subversion/libsvn_subr/cmdline.c (original)
+++ subversion/branches/master-passphrase/subversion/libsvn_subr/cmdline.c Wed Jul 25 15:17:12
2012
@@ -447,33 +447,12 @@ ssl_trust_unknown_server_cert
 }
 
 
-/* Implements `svn_auth__master_passphrase_fetch_t' */
-static svn_error_t *
-fetch_nonsecret_secret(const svn_string_t **secret,
-                       void *baton,
-                       apr_pool_t *result_pool,
-                       apr_pool_t *scratch_pool)
-{
-  *secret = svn_string_create("2secretive4u", result_pool);
-  return SVN_NO_ERROR;
-}
-
-
-/* APR pool cleanup handler which closes an auth_store. */
-static apr_status_t
-cleanup_auth_store_close(void *arg)
-{
-  svn_auth__store_t *auth_store = arg;
-  svn_auth__store_close(auth_store, NULL); /* ### FIXME: NULL pool? Uncool. */
-  return 0;
-}
-
-
 /* Instantiate and open an auth store. */
 static svn_error_t *
 open_auth_store(svn_auth__store_t **auth_store_p,
                 const char *config_dir,
                 svn_boolean_t use_master_password,
+                svn_cmdline_prompt_baton2_t *pb,
                 apr_pool_t *pool)
 {
   svn_auth__store_t *auth_store;
@@ -486,21 +465,16 @@ open_auth_store(svn_auth__store_t **auth
       SVN_ERR(svn_config_get_user_config_path(&auth_config_path, config_dir,
                                               SVN_CONFIG__AUTH_SUBDIR, pool));
       SVN_ERR(svn_crypto__context_create(&crypto_ctx, pool));
-      SVN_ERR(svn_auth__pathetic_store_get(&auth_store,
-                                           svn_path_join(auth_config_path,
-                                                         "pathetic.db",
-                                                         pool),
-                                           crypto_ctx,
-                                           fetch_nonsecret_secret,
-                                           NULL, pool, pool));
+      SVN_ERR(svn_auth__pathetic_store_get(
+                  &auth_store,
+                  svn_path_join(auth_config_path, "pathetic.db", pool),
+                  crypto_ctx, svn_cmdline_auth_master_passphrase_prompt,
+                  pb, pool, pool));
     }
   else
     {
       SVN_ERR(svn_auth__config_store_get(&auth_store, config_dir, pool, pool));
     }
-
-  apr_pool_cleanup_register(pool, auth_store, cleanup_auth_store_close,
-                            apr_pool_cleanup_null);
   
   SVN_ERR(svn_auth__store_open(auth_store, TRUE, pool));
   *auth_store_p = auth_store;
@@ -646,7 +620,8 @@ svn_cmdline_create_auth_baton(svn_auth_b
                            auth_password);
 
   /* Open the appropriate auth store, and cache it in the auth baton. */
-  SVN_ERR(open_auth_store(&auth_store, config_dir, use_master_password, pool));
+  SVN_ERR(open_auth_store(&auth_store, config_dir, use_master_password,
+                          pb, pool));
   svn_auth_set_parameter(*ab, SVN_AUTH_PARAM_AUTH_STORE, auth_store);
 
   /* Same with the --non-interactive option. */

Modified: subversion/branches/master-passphrase/subversion/libsvn_subr/prompt.c
URL: http://svn.apache.org/viewvc/subversion/branches/master-passphrase/subversion/libsvn_subr/prompt.c?rev=1365620&r1=1365619&r2=1365620&view=diff
==============================================================================
--- subversion/branches/master-passphrase/subversion/libsvn_subr/prompt.c (original)
+++ subversion/branches/master-passphrase/subversion/libsvn_subr/prompt.c Wed Jul 25 15:17:12
2012
@@ -35,6 +35,7 @@
 #include "svn_auth.h"
 #include "svn_error.h"
 #include "svn_path.h"
+#include "svn_checksum.h"
 
 #include "private/svn_cmdline_private.h"
 #include "svn_private_config.h"
@@ -496,6 +497,31 @@ svn_cmdline_auth_plaintext_passphrase_pr
                                  pool);
 }
 
+
+/* This implements 'svn_auth__master_passphrase_fetch_t'. */
+svn_error_t *
+svn_cmdline_auth_master_passphrase_prompt(const svn_string_t **secret,
+                                          void *baton, 
+                                          apr_pool_t *result_pool,
+                                          apr_pool_t *scratch_pool)
+{
+  const char *response;
+  int response_len;
+  svn_cmdline_prompt_baton2_t *pb = baton;
+  svn_checksum_t *checksum;
+
+  SVN_ERR(prompt(&response, _("Enter master passphrase: "),
+                 TRUE, pb, scratch_pool));
+  response_len = strlen(response);
+  SVN_ERR(svn_checksum(&checksum, svn_checksum_sha1,
+                       response, response_len, scratch_pool));
+  memset((void *)response, 0, response_len);
+  *secret = svn_string_ncreate((const char *)checksum->digest,
+                               svn_checksum_size(checksum),
+                               result_pool);
+  return SVN_NO_ERROR;
+}
+
 
 /** Generic prompting. **/
 



Mime
View raw message