> -----Original Message-----
> From: Paul Burba [mailto:ptburba_at_gmail.com]
> Sent: woensdag 3 september 2008 16:59
> To: dev_at_subversion.tigris.org; jwhitlock_at_tigris.org
> Cc: svn_at_subversion.tigris.org
> Subject: Re: svn commit: r32860 - in trunk/subversion: include
> libsvn_subr
>
> On Tue, Sep 2, 2008 at 3:12 PM, <jwhitlock_at_tigris.org> wrote:
> > Author: jwhitlock
> > Date: Tue Sep 2 12:12:54 2008
> > New Revision: 32860
> >
> > Log:
> > Support storing SSL client certificate passphrases in OSX Keychain.
> >
> > * subversion/libsvn_subr/cmdline.c (svn_cmdline_set_up_auth_baton):
> Add OSX
> > Keychain SSL client certificate passphrase provider to the
> providers array.
> >
> > * subversion/libsvn_subr/macos_keychain.c (keychain_password_set,
> > keychain_password_get): Added NULL check for username.
> > (keychain_ssl_client_cert_pw_first_creds,
> > keychain_ssl_client_cert_pw_save_creds,
> > svn_auth_get_keychain_ssl_client_cert_pw_provider): New functions.
> > (keychain_ssl_client_cert_pw_provider): New object.
> >
> > * subversion/libsvn_subr/ssl_client_cert_pw_providers.c
> > (svn_auth__ssl_client_cert_pw_file_save_creds_helper): Add OSX
> Keychain SSL
> > client certificate passphrase provider to the list of providers
> which
> > store passphrases encrypted.
> >
> > * subversion/include/svn_auth.h
> > (svn_auth_get_keychain_ssl_client_cert_pw_provider): New function.
> >
> > Approved by: arfrever
> > stylesen
> >
> > Modified:
> > trunk/subversion/include/svn_auth.h
> > trunk/subversion/libsvn_subr/cmdline.c
> > trunk/subversion/libsvn_subr/macos_keychain.c
> > trunk/subversion/libsvn_subr/ssl_client_cert_pw_providers.c
> >
> > Modified: trunk/subversion/include/svn_auth.h
> > URL:
> http://svn.collab.net/viewvc/svn/trunk/subversion/include/svn_auth.h?pa
> threv=32860&r1=32859&r2=32860
> >
> =======================================================================
> =======
> > --- trunk/subversion/include/svn_auth.h Tue Sep 2 11:03:49 2008
> (r32859)
> > +++ trunk/subversion/include/svn_auth.h Tue Sep 2 12:12:54 2008
> (r32860)
> > @@ -825,6 +825,23 @@ svn_auth_get_windows_simple_provider(svn
> > void
> > svn_auth_get_keychain_simple_provider(svn_auth_provider_object_t
> **provider,
> > apr_pool_t *pool);
> > +
> > +/**
> > + * Create and return @a *provider, an authentication provider of
> type @c
> > + * svn_auth_cred_ssl_client_cert_pw_t that gets/sets information
> from the
> > + * user's ~/.subversion configuration directory. Allocate @a
> *provider in
> > + * @a pool.
> > + *
> > + * This is like svn_client_get_ssl_client_cert_pw_file_provider(),
> except
> > + * that the password is stored in the Mac OS KeyChain.
> > + *
> > + * @since New in 1.6
> > + * @note This function is only available on Mac OS 10.2 and higher.
> > + */
> > +void
> > +svn_auth_get_keychain_ssl_client_cert_pw_provider
> > + (svn_auth_provider_object_t **provider,
> > + apr_pool_t *pool);
> > #endif /* DARWIN || DOXYGEN */
> >
> >
> >
> > Modified: trunk/subversion/libsvn_subr/cmdline.c
> > URL:
> http://svn.collab.net/viewvc/svn/trunk/subversion/libsvn_subr/cmdline.c
> ?pathrev=32860&r1=32859&r2=32860
> >
> =======================================================================
> =======
> > --- trunk/subversion/libsvn_subr/cmdline.c Tue Sep 2 11:03:49
> 2008 (r32859)
> > +++ trunk/subversion/libsvn_subr/cmdline.c Tue Sep 2 12:12:54
> 2008 (r32860)
> > @@ -510,6 +510,9 @@ svn_cmdline_set_up_auth_baton(svn_auth_b
> > #ifdef SVN_HAVE_KEYCHAIN_SERVICES
> > svn_auth_get_keychain_simple_provider(&provider, pool);
> > APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) =
> provider;
> > +
> > +
> svn_auth_get_keychain_ssl_client_cert_pw_provider(&provider, pool);
> > + APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) =
> provider;
> > #endif
> > continue;
> > }
> >
> > Modified: trunk/subversion/libsvn_subr/macos_keychain.c
> > URL:
> http://svn.collab.net/viewvc/svn/trunk/subversion/libsvn_subr/macos_key
> chain.c?pathrev=32860&r1=32859&r2=32860
> >
> =======================================================================
> =======
> > --- trunk/subversion/libsvn_subr/macos_keychain.c Tue Sep 2
> 11:03:49 2008 (r32859)
> > +++ trunk/subversion/libsvn_subr/macos_keychain.c Tue Sep 2
> 12:12:54 2008 (r32860)
> > @@ -75,13 +75,17 @@ keychain_password_set(apr_hash_t *creds,
> > SecKeychainSetUserInteractionAllowed(FALSE);
> >
> > status = SecKeychainFindGenericPassword(NULL, strlen(realmstring),
> > - realmstring,
> strlen(username),
> > + realmstring, username ==
> NULL
> > + ? 0
> > + : strlen(username),
> > username, 0, NULL, &item);
> > if (status)
> > {
> > if (status == errSecItemNotFound)
> > status = SecKeychainAddGenericPassword(NULL,
> strlen(realmstring),
> > - realmstring,
> strlen(username),
> > + realmstring, username
> == NULL
> > + ? 0
> > + : strlen(username),
> > username,
> strlen(password),
> > password, NULL);
> > }
> > @@ -117,7 +121,9 @@ keychain_password_get(const char **passw
> > SecKeychainSetUserInteractionAllowed(FALSE);
> >
> > status = SecKeychainFindGenericPassword(NULL, strlen(realmstring),
> > - realmstring,
> strlen(username),
> > + realmstring, username ==
> NULL
> > + ? 0
> > + : strlen(username),
> > username, &length, &data,
> NULL);
> >
> > if (non_interactive)
> > @@ -175,6 +181,52 @@ static const svn_auth_provider_t keychai
> > keychain_simple_save_creds
> > };
> >
> > +/* Get cached encrypted credentials from the ssl client cert
> password
> > + provider's cache. */
> > +static svn_error_t *
> > +keychain_ssl_client_cert_pw_first_creds(void **credentials,
> > + void **iter_baton,
> > + void *provider_baton,
> > + apr_hash_t *parameters,
> > + const char *realmstring,
> > + apr_pool_t *pool)
> > +{
> > + return svn_auth__ssl_client_cert_pw_file_first_creds_helper
> > + (credentials,
> > + iter_baton, provider_baton,
> > + parameters, realmstring,
> > + keychain_password_get,
> > + SVN_AUTH__KEYCHAIN_PASSWORD_TYPE,
> > + pool);
> > +}
> > +
> > +/* Save encrypted credentials to the ssl client cert password
> provider's
> > + cache. */
> > +static svn_error_t *
> > +keychain_ssl_client_cert_pw_save_creds(svn_boolean_t *saved,
> > + void *credentials,
> > + void *provider_baton,
> > + apr_hash_t *parameters,
> > + const char *realmstring,
> > + apr_pool_t *pool)
> > +{
> > + return svn_auth__ssl_client_cert_pw_file_save_creds_helper
> > + (saved, credentials,
> > + provider_baton, parameters,
> > + realmstring,
> > + keychain_password_set,
> > + SVN_AUTH__KEYCHAIN_PASSWORD_TYPE,
> > + pool);
> > +}
> > +
> > +static const svn_auth_provider_t
> keychain_ssl_client_cert_pw_provider = {
> > + SVN_AUTH_CRED_SSL_CLIENT_CERT_PW,
> > + keychain_ssl_client_cert_pw_first_creds,
> > + NULL,
> > + keychain_ssl_client_cert_pw_save_creds
> > +};
> > +
> > +
> > /* Public API */
> > void
> > svn_auth_get_keychain_simple_provider(svn_auth_provider_object_t
> **provider,
> > @@ -186,4 +238,14 @@ svn_auth_get_keychain_simple_provider(sv
> > *provider = po;
> > }
> >
> > +void
> > +svn_auth_get_keychain_ssl_client_cert_pw_provider
> > + (svn_auth_provider_object_t **provider,
> > + apr_pool_t *pool)
> > +{
> > + svn_auth_provider_object_t *po = apr_pcalloc(pool, sizeof(*po));
> > +
> > + po->vtable = &keychain_ssl_client_cert_pw_provider;
> > + *provider = po;
> > +}
> > #endif /* SVN_HAVE_KEYCHAIN_SERVICES */
> >
> > Modified: trunk/subversion/libsvn_subr/ssl_client_cert_pw_providers.c
> > URL:
> http://svn.collab.net/viewvc/svn/trunk/subversion/libsvn_subr/ssl_clien
> t_cert_pw_providers.c?pathrev=32860&r1=32859&r2=32860
> >
> =======================================================================
> =======
> > --- trunk/subversion/libsvn_subr/ssl_client_cert_pw_providers.c Tue
> Sep 2 11:03:49 2008 (r32859)
> > +++ trunk/subversion/libsvn_subr/ssl_client_cert_pw_providers.c Tue
> Sep 2 12:12:54 2008 (r32860)
> > @@ -207,7 +207,8 @@ svn_auth__ssl_client_cert_pw_file_save_c
> > ahead and store it to disk. Else determine whether saving
> > in plaintext is OK. */
> > if (strcmp(passtype, SVN_AUTH__KWALLET_PASSWORD_TYPE) == 0
> > - || strcmp(passtype, SVN_AUTH__GNOME_KEYRING_PASSWORD_TYPE)
> == 0)
> > + || strcmp(passtype, SVN_AUTH__GNOME_KEYRING_PASSWORD_TYPE)
> == 0
> > + || strcmp(passtype, SVN_AUTH__KEYCHAIN_PASSWORD_TYPE) ==
> 0)
> > {
> > may_save_passphrase = TRUE;
> > }
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: svn-unsubscribe_at_subversion.tigris.org
> > For additional commands, e-mail: svn-help_at_subversion.tigris.org
>
> Hi Jeremy,
>
> Do you have a windows build environment available? This commit breaks
> the build on Windows -- the win32-xp VS2005 builbot is down right now
> so you won't have noticed. I'm not sure why this breaks the build
> exactly since everything you added is blocked in defined(DARWIN) ||
> defined(DOXYGEN) or #ifdef SVN_HAVE_KEYCHAIN_SERVICES.
>
> Somehow svn_auth_get_keychain_ssl_client_cert_pw_provider is ending up
> in the libsvn_subr.def (module definition file) when doing a clean
> build. Not sure why this is (hand editing the file to remove it fixes
> the build). I can try to look into this more later, but just wanted
> to give you a heads up.
It looks like the other darwin specific define is special cased in
build/generator/extractor.py
as not being available on windows.
The .def format has been deprecated for a long time (It was the recommended method until Windows '95 arrived).
Many other projects (including APR) have moved to using a specific define in their headers that is #defined to __declspec(dllexport) when compiling for a DLL on windows.
Implementing a similar change in subversion would allow removing the .def generator support from the python generator.
Bert
> Paul
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: dev-help_at_subversion.tigris.org
Received on 2008-09-03 19:46:51 CEST