[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: svn commit: r32860 - in trunk/subversion: include libsvn_subr

From: Paul Burba <ptburba_at_gmail.com>
Date: Wed, 3 Sep 2008 10:58:41 -0400

On Tue, Sep 2, 2008 at 3:12 PM, <jwhitlock_at_tigris.org> wrote:
> Author: jwhitlock
> Date: Tue Sep 2 12:12:54 2008
> New Revision: 32860
>
> Log:
> Support storing SSL client certificate passphrases in OSX Keychain.
>
> * subversion/libsvn_subr/cmdline.c (svn_cmdline_set_up_auth_baton): Add OSX
> Keychain SSL client certificate passphrase provider to the providers array.
>
> * subversion/libsvn_subr/macos_keychain.c (keychain_password_set,
> keychain_password_get): Added NULL check for username.
> (keychain_ssl_client_cert_pw_first_creds,
> keychain_ssl_client_cert_pw_save_creds,
> svn_auth_get_keychain_ssl_client_cert_pw_provider): New functions.
> (keychain_ssl_client_cert_pw_provider): New object.
>
> * subversion/libsvn_subr/ssl_client_cert_pw_providers.c
> (svn_auth__ssl_client_cert_pw_file_save_creds_helper): Add OSX Keychain SSL
> client certificate passphrase provider to the list of providers which
> store passphrases encrypted.
>
> * subversion/include/svn_auth.h
> (svn_auth_get_keychain_ssl_client_cert_pw_provider): New function.
>
> Approved by: arfrever
> stylesen
>
> Modified:
> trunk/subversion/include/svn_auth.h
> trunk/subversion/libsvn_subr/cmdline.c
> trunk/subversion/libsvn_subr/macos_keychain.c
> trunk/subversion/libsvn_subr/ssl_client_cert_pw_providers.c
>
> Modified: trunk/subversion/include/svn_auth.h
> URL: http://svn.collab.net/viewvc/svn/trunk/subversion/include/svn_auth.h?pathrev=32860&r1=32859&r2=32860
> ==============================================================================
> --- trunk/subversion/include/svn_auth.h Tue Sep 2 11:03:49 2008 (r32859)
> +++ trunk/subversion/include/svn_auth.h Tue Sep 2 12:12:54 2008 (r32860)
> @@ -825,6 +825,23 @@ svn_auth_get_windows_simple_provider(svn
> void
> svn_auth_get_keychain_simple_provider(svn_auth_provider_object_t **provider,
> apr_pool_t *pool);
> +
> +/**
> + * Create and return @a *provider, an authentication provider of type @c
> + * svn_auth_cred_ssl_client_cert_pw_t that gets/sets information from the
> + * user's ~/.subversion configuration directory. Allocate @a *provider in
> + * @a pool.
> + *
> + * This is like svn_client_get_ssl_client_cert_pw_file_provider(), except
> + * that the password is stored in the Mac OS KeyChain.
> + *
> + * @since New in 1.6
> + * @note This function is only available on Mac OS 10.2 and higher.
> + */
> +void
> +svn_auth_get_keychain_ssl_client_cert_pw_provider
> + (svn_auth_provider_object_t **provider,
> + apr_pool_t *pool);
> #endif /* DARWIN || DOXYGEN */
>
>
>
> Modified: trunk/subversion/libsvn_subr/cmdline.c
> URL: http://svn.collab.net/viewvc/svn/trunk/subversion/libsvn_subr/cmdline.c?pathrev=32860&r1=32859&r2=32860
> ==============================================================================
> --- trunk/subversion/libsvn_subr/cmdline.c Tue Sep 2 11:03:49 2008 (r32859)
> +++ trunk/subversion/libsvn_subr/cmdline.c Tue Sep 2 12:12:54 2008 (r32860)
> @@ -510,6 +510,9 @@ svn_cmdline_set_up_auth_baton(svn_auth_b
> #ifdef SVN_HAVE_KEYCHAIN_SERVICES
> svn_auth_get_keychain_simple_provider(&provider, pool);
> APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider;
> +
> + svn_auth_get_keychain_ssl_client_cert_pw_provider(&provider, pool);
> + APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider;
> #endif
> continue;
> }
>
> Modified: trunk/subversion/libsvn_subr/macos_keychain.c
> URL: http://svn.collab.net/viewvc/svn/trunk/subversion/libsvn_subr/macos_keychain.c?pathrev=32860&r1=32859&r2=32860
> ==============================================================================
> --- trunk/subversion/libsvn_subr/macos_keychain.c Tue Sep 2 11:03:49 2008 (r32859)
> +++ trunk/subversion/libsvn_subr/macos_keychain.c Tue Sep 2 12:12:54 2008 (r32860)
> @@ -75,13 +75,17 @@ keychain_password_set(apr_hash_t *creds,
> SecKeychainSetUserInteractionAllowed(FALSE);
>
> status = SecKeychainFindGenericPassword(NULL, strlen(realmstring),
> - realmstring, strlen(username),
> + realmstring, username == NULL
> + ? 0
> + : strlen(username),
> username, 0, NULL, &item);
> if (status)
> {
> if (status == errSecItemNotFound)
> status = SecKeychainAddGenericPassword(NULL, strlen(realmstring),
> - realmstring, strlen(username),
> + realmstring, username == NULL
> + ? 0
> + : strlen(username),
> username, strlen(password),
> password, NULL);
> }
> @@ -117,7 +121,9 @@ keychain_password_get(const char **passw
> SecKeychainSetUserInteractionAllowed(FALSE);
>
> status = SecKeychainFindGenericPassword(NULL, strlen(realmstring),
> - realmstring, strlen(username),
> + realmstring, username == NULL
> + ? 0
> + : strlen(username),
> username, &length, &data, NULL);
>
> if (non_interactive)
> @@ -175,6 +181,52 @@ static const svn_auth_provider_t keychai
> keychain_simple_save_creds
> };
>
> +/* Get cached encrypted credentials from the ssl client cert password
> + provider's cache. */
> +static svn_error_t *
> +keychain_ssl_client_cert_pw_first_creds(void **credentials,
> + void **iter_baton,
> + void *provider_baton,
> + apr_hash_t *parameters,
> + const char *realmstring,
> + apr_pool_t *pool)
> +{
> + return svn_auth__ssl_client_cert_pw_file_first_creds_helper
> + (credentials,
> + iter_baton, provider_baton,
> + parameters, realmstring,
> + keychain_password_get,
> + SVN_AUTH__KEYCHAIN_PASSWORD_TYPE,
> + pool);
> +}
> +
> +/* Save encrypted credentials to the ssl client cert password provider's
> + cache. */
> +static svn_error_t *
> +keychain_ssl_client_cert_pw_save_creds(svn_boolean_t *saved,
> + void *credentials,
> + void *provider_baton,
> + apr_hash_t *parameters,
> + const char *realmstring,
> + apr_pool_t *pool)
> +{
> + return svn_auth__ssl_client_cert_pw_file_save_creds_helper
> + (saved, credentials,
> + provider_baton, parameters,
> + realmstring,
> + keychain_password_set,
> + SVN_AUTH__KEYCHAIN_PASSWORD_TYPE,
> + pool);
> +}
> +
> +static const svn_auth_provider_t keychain_ssl_client_cert_pw_provider = {
> + SVN_AUTH_CRED_SSL_CLIENT_CERT_PW,
> + keychain_ssl_client_cert_pw_first_creds,
> + NULL,
> + keychain_ssl_client_cert_pw_save_creds
> +};
> +
> +
> /* Public API */
> void
> svn_auth_get_keychain_simple_provider(svn_auth_provider_object_t **provider,
> @@ -186,4 +238,14 @@ svn_auth_get_keychain_simple_provider(sv
> *provider = po;
> }
>
> +void
> +svn_auth_get_keychain_ssl_client_cert_pw_provider
> + (svn_auth_provider_object_t **provider,
> + apr_pool_t *pool)
> +{
> + svn_auth_provider_object_t *po = apr_pcalloc(pool, sizeof(*po));
> +
> + po->vtable = &keychain_ssl_client_cert_pw_provider;
> + *provider = po;
> +}
> #endif /* SVN_HAVE_KEYCHAIN_SERVICES */
>
> Modified: trunk/subversion/libsvn_subr/ssl_client_cert_pw_providers.c
> URL: http://svn.collab.net/viewvc/svn/trunk/subversion/libsvn_subr/ssl_client_cert_pw_providers.c?pathrev=32860&r1=32859&r2=32860
> ==============================================================================
> --- trunk/subversion/libsvn_subr/ssl_client_cert_pw_providers.c Tue Sep 2 11:03:49 2008 (r32859)
> +++ trunk/subversion/libsvn_subr/ssl_client_cert_pw_providers.c Tue Sep 2 12:12:54 2008 (r32860)
> @@ -207,7 +207,8 @@ svn_auth__ssl_client_cert_pw_file_save_c
> ahead and store it to disk. Else determine whether saving
> in plaintext is OK. */
> if (strcmp(passtype, SVN_AUTH__KWALLET_PASSWORD_TYPE) == 0
> - || strcmp(passtype, SVN_AUTH__GNOME_KEYRING_PASSWORD_TYPE) == 0)
> + || strcmp(passtype, SVN_AUTH__GNOME_KEYRING_PASSWORD_TYPE) == 0
> + || strcmp(passtype, SVN_AUTH__KEYCHAIN_PASSWORD_TYPE) == 0)
> {
> may_save_passphrase = TRUE;
> }
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: svn-unsubscribe_at_subversion.tigris.org
> For additional commands, e-mail: svn-help_at_subversion.tigris.org

Hi Jeremy,

Do you have a windows build environment available? This commit breaks
the build on Windows -- the win32-xp VS2005 builbot is down right now
so you won't have noticed. I'm not sure why this breaks the build
exactly since everything you added is blocked in defined(DARWIN) ||
defined(DOXYGEN) or #ifdef SVN_HAVE_KEYCHAIN_SERVICES.

Somehow svn_auth_get_keychain_ssl_client_cert_pw_provider is ending up
in the libsvn_subr.def (module definition file) when doing a clean
build. Not sure why this is (hand editing the file to remove it fixes
the build). I can try to look into this more later, but just wanted
to give you a heads up.

Paul

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: dev-help_at_subversion.tigris.org
Received on 2008-09-03 16:58:55 CEST

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.