[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

[PATCH] Cache ssl client cert passphrase in gnome-keyring

From: Senthil Kumaran S <senthil_at_collab.net>
Date: Wed, 28 May 2008 16:35:36 +0530

Hi,

As a follow up to the patch posted here
http://svn.haxx.se/dev/archive-2008-05/0337.shtml and the discussion went on
from there, I am posting a new patch which uses the gnome-keyring to store the
ssl client cert passphrase. Apart from this when we don't have gnome-keyring
support enabled, this patch makes it possible for the user to cache the
passphrase in the plaintext form in auth area, _only_ if the user desires.

This patch is based on the work done on
"dont-save-plaintext-passwords-by-default" and "gnome-keyring" branches. It
implements the caching of the passphrase in the same way as done in these branches.

I will start working on extending this for "KWallet" and "CryptAPI", before
which I would like to receive comments about this patch and get this into
trunk, if this looks fine.

[[[
Cache ssl client certificate passphrase.

* subversion/libsvn_ra/ra_loader.c
   (svn_ra_open3): Load config options for storing passphrase from servers
    config file.

* subversion/libsvn_subr/config_file.c
   (ensure_auth_dirs): Create new auth dir to store ssl client cert passphrase.
   (svn_config_ensure): Add doc for the new options in the servers file string.

* subversion/libsvn_subr/cmdline.c
   (get_auth_ssl_client_cert_pw_provider): New function to load ssl client cert
    password provider dynamically.
   (svn_cmdline_setup_auth_baton): If we have gnome keyring support get the
    corresponding ssl client cert passphrase provider.

* subversion/libsvn_subr/ssl_client_cert_pw_providers.c
   (): Include some private headers. Define SVN_AUTH__AUTHFILE_PASSPHRASE_KEY,
    SVN_AUTH__AUTHFILE_PASSTYPE_KEY.
   (ssl_client_cert_pw_file_provider_baton_t): New baton for ssl client cert
    passphrase provider.
   (simple_passphrase_get): New function to get plaintext passphrase.
   (simple_passphrase_set): New function to store plaintext passphrase.
   (ssl_client_cert_pw_file_first_credentials): Move logic to new helper.
   (ssl_client_cert_pw_file_save_credentials): Move logic to new helper.
   (svn_auth__ssl_client_cert_pw_file_first_creds_helper): New helper function
    for ssl_client_cert_pw_file_first_credentials.
   (svn_auth__ssl_client_cert_pw_file_save_creds_helper): New helper function
    for ssl_client_cert_pw_file_save_credentials.
   (ssl_client_cert_pw_file_provider): Add provision for saving credentials.
   (svn_auth_get_ssl_client_cert_pw_file_provider2): New public API which has
    a prompt function now.
   (svn_auth_get_ssl_client_cert_pw_file_provider): Update API for the above.

* subversion/libsvn_subr/prompt.c
   (svn_cmdline_auth_plaintext_passphrase_prompt): New prompt function for
    plaintext passphrase prompt.

* subversion/libsvn_auth_gnome_keyring/gnome_keyring.c
   (gnome_keyring_ssl_client_cert_pw_first_creds): New function to get ssl
    client cert passphrase from encrypted credentials.
   (gnome_keyring_ssl_client_cert_pw_save_creds): New function to save
    encrypted ssl client cert passphrase.
   (gnome_keyring_ssl_client_cert_pw_provider): New baton.
   (svn_auth_get_gnome_keyring_ssl_client_cert_pw_provider): New public API for
    gnome keyring based ssl client cert passphrase storage and retrieval.

* subversion/include/svn_config.h
   (SVN_CONFIG_OPTION_STORE_SSL_CLIENT_CERT_PP): New option to store ssl client
    cert passphrase.
   (SVN_CONFIG_OPTION_STORE_PLAINTEXT_PASSPHRASE): New option to store plaintext
    passphrase.
   (SVN_CONFIG_DEFAULT_OPTION_STORE_PASSPHRASE): New default option for storing
    passphrase set to 'yes'.
   (SVN_CONFIG_DEFAULT_OPTION_STORE_PLAINTEXT_PASSPHRASE): New default option to
    store plaintext passphrase set to 'ask'.

* subversion/include/svn_cmdline.h
   (svn_cmdline_auth_plaintext_passphrase_prompt): New public API added to
    prompt for storing plaintext passphrases.

* subversion/include/private/svn_auth_private.h
   (svn_auth__ssl_client_cert_pw_file_first_creds_helper): New private function.
   (svn_auth__ssl_client_cert_pw_file_save_creds_helper): New private function.

* subversion/include/svn_auth.h
   (svn_auth_ssl_client_cert_pw_provider_func_t): Define function type for the
    provider.
   (svn_auth_plaintext_passphrase_prompt_func_t): New function prototype.
   (SVN_AUTH_PARAM_DONT_STORE_PASSPHRASE): New constant.
   (SVN_AUTH_PARAM_STORE_PLAINTEXT_PASSPHRASE): New constant.
   (svn_auth_get_ssl_client_cert_pw_file_provider2): New public API.

* subversion/libsvn_ra_neon/session.c
   (client_ssl_decrypt_cert): Call svn_auth_save_credentials to save the ssl
    client certificate passphrase.

Patch by: stylesen
]]]

Thank You. 

-- 
Senthil Kumaran S
http://www.stylesen.org/

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: dev-help_at_subversion.tigris.org

Received on 2008-05-28 13:06:51 CEST

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.