Re: [PATCH] Cache ssl client cert passphrase in gnome-keyring

From: Arfrever Frehtes Taifersar Arahesis <arfrever.fta_at_gmail.com>
Date: Thu, 29 May 2008 23:14:21 +0200

2008-05-29 08:43:05 Senthil Kumaran S napisaÅ‚(a):
> subversion/libsvn_subr/cmdline.c
> ===================================================================
> --- subversion/libsvn_subr/cmdline.cÂ Â Â Â (revision 31507)
> +++ subversion/libsvn_subr/cmdline.cÂ Â Â Â (working copy)
> @@ -355,10 +355,11 @@
> Â }
> Â
> Â #if defined(SVN_HAVE_KWALLET) || defined(SVN_HAVE_GNOME_KEYRING)
> -/* Dynamically load authentication simple provider. */
> +/* Dynamically load authentication provider. */
> Â static svn_boolean_t
> -get_auth_simple_provider(svn_auth_provider_object_t **provider,
> +get_auth_provider(svn_auth_provider_object_t **provider,
> Â Â Â Â Â Â Â Â Â Â Â Â Â const char *provider_name,
> + Â Â Â Â Â Â Â Â Â Â Â Â const char *provider_type,
> Â Â Â Â Â Â Â Â Â Â Â Â Â apr_pool_t *pool)
^^^^^^^
Indentation should be updated here.

> @@ -501,7 +511,36 @@
> Â Â APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider;
> Â Â svn_auth_get_ssl_client_cert_file_provider(&provider, pool);
> Â Â APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider;
> - Â svn_auth_get_ssl_client_cert_pw_file_provider(&provider, pool);
> +#ifdef SVN_HAVE_GNOME_KEYRING
> + Â for (i = 0; i < password_stores->nelts; i++)
> + Â Â {
> + Â Â Â const char *password_store = APR_ARRAY_IDX(password_stores, i,
> + Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â const char *);
> +
> + Â Â Â if (apr_strnatcmp(password_store, "gnome-keyring") == 0)
> + Â Â Â Â {
> + Â Â Â Â Â if (get_auth_provider(&provider, "gnome_keyring",
> + Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â "ssl_client_cert_pw", pool))
> + Â Â Â Â Â Â {
> + Â Â Â Â Â Â Â APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) =
> provider; + Â Â Â Â Â Â }
> + Â Â Â Â Â continue;
> + Â Â Â Â }
> + Â Â }

You should use the already existing loop.

> Index: subversion/libsvn_auth_gnome_keyring/gnome_keyring.c
> ===================================================================
> --- subversion/libsvn_auth_gnome_keyring/gnome_keyring.cÂ (revision 31507)
> +++ subversion/libsvn_auth_gnome_keyring/gnome_keyring.cÂ (working copy)
> @@ -189,3 +189,60 @@
> Â
> Â Â gnome_keyring_init();
> Â }
> +
> +/* Get cached encrypted credentials from the ssl client cert password
> + * provider's cache. */
> +static svn_error_t *
> +gnome_keyring_ssl_client_cert_pw_first_creds(void **credentials,
> + Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â void **iter_baton,
> + Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â void *provider_baton,
> + Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â apr_hash_t *parameters,
> + Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â const char *realmstring,
> + Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â apr_pool_t *pool)
> +{
> + Â return svn_auth__ssl_client_cert_pw_file_first_creds_helper
> + Â Â Â Â Â (credentials,
> + Â Â Â Â Â Â iter_baton, provider_baton,
> + Â Â Â Â Â Â parameters, realmstring,
> + Â Â Â Â Â Â gnome_keyring_password_get,
> + Â Â Â Â Â Â SVN_AUTH__GNOME_KEYRING_PASSWORD_TYPE,
> + Â Â Â Â Â Â pool);
> +}
> +
> +/* Save encrypted credentials to the ssl client cert password provider's
> + * cache. */
> +static svn_error_t *
> +gnome_keyring_ssl_client_cert_pw_save_creds(svn_boolean_t *saved,
> + Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â void *credentials,
> + Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â void *provider_baton,
> + Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â apr_hash_t *parameters,
> + Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â const char *realmstring,
> + Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â apr_pool_t *pool)
> +{
> + Â return svn_auth__ssl_client_cert_pw_file_save_creds_helper
> + Â Â Â Â Â (saved, credentials,
> + Â Â Â Â Â Â provider_baton, parameters,
> + Â Â Â Â Â Â realmstring,
> + Â Â Â Â Â Â gnome_keyring_password_set,
> + Â Â Â Â Â Â SVN_AUTH__GNOME_KEYRING_PASSWORD_TYPE,
> + Â Â Â Â Â Â pool);
> +}

You use gnome_keyring_password_get() and gnome_keyring_password_set().
Won't it cause collision with passwords stored by GNOME Keyring simple provider?

> +/* Public API */
> +void
> +svn_auth_get_gnome_keyring_ssl_client_cert_pw_provider
> + Â Â (svn_auth_provider_object_t **provider,
> + Â Â apr_pool_t *pool)
> +{
> + Â svn_auth_provider_object_t *po = apr_pcalloc(pool, sizeof(*po));
> +
> + Â po->vtable = &gnome_keyring_ssl_client_cert_pw_provider;
> + Â *provider = po;
> +}

You can declare this function in subversion/include/svn_auth_dso.h.

-- 
Arfrever Frehtes Taifersar Arahesis

application/pgp-signature attachment: This is a digitally signed message part.

Received on 2008-05-29 23:20:05 CEST

This message: [ Message body ]
Next message: Paul Burba: "Re: 1.5.0-rc8 up for signing/testing"
Previous message: Martin Furter: "Re: [PATCH] issue #2662, yet another authz wildcards support patch..."
In reply to: Senthil Kumaran S: "Re: [PATCH] Cache ssl client cert passphrase in gnome-keyring"
Next in thread: Senthil Kumaran S: "Re: [PATCH] Cache ssl client cert passphrase in gnome-keyring"
Reply: Senthil Kumaran S: "Re: [PATCH] Cache ssl client cert passphrase in gnome-keyring"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]