[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

[PATCH] issue #4375: provide --password-fd option

From: William Orr <will_at_worrbase.com>
Date: Sun, 17 Sep 2017 01:06:14 -0700


This is my first patch to subversion, so please bear with me.

This looks to address a very commonly requested feature: providing an
alternative for automated tools to provide a password to svn via piping
it in over an fd (similar to gnupg).

One outstanding concern that I couldn't find addressed is clearing out
memory that once contained passwords (like with memset_s or
explicit_bzero). If I missed a technique for doing this that exists in
svn already, please let me know so I can update the diff.

Tested on Fedora 25 x86_64 and OpenBSD 6.1 x86_64.

Please CC me; I'm not on this list.

Introduce global opt --password-fd to allow applications to provide a
password over an already-opened file descriptor.

* subversion/include/svn_cmdline.h
  (svn_cmdline_create_auth_baton2): Add `auth_password_fd` argument
* subversion/include/svn_error_codes.h
  (SVN_ERR_IO_PIPE_READ_ERROR): Undeprecate, as now used
* subversion/libsvn_subr/cmdline.c
  (read_pass_from_fd): Add static function to get password from a file
  (svn_cmdline_create_auth_baton2): Add `auth_password_fd` arg and
trigger read of fd if this arg is not -1
* subversion/libsvn_subr/deprecated.c:
  (svn_cmdline_create_auth_baton): Add default val of -1 when calling
* subversion/svn/svn.c
  (svn_cl__longopt_t): Add `opt_auth_password_fd` longopt
  (svn_cl__global_options): Add `opt_auth_password_fd` to global options
  (sub_main): Process global option `opt_auth_password_fd` and pass it
to `svn_cmdline_create_auth_baton2`
* subversion/svnmucc/svnmucc.c
  (sub_main): Process global option `opt_auth_password_fd` and pass it
to `svn_cmdline_create_auth_baton2`
* subversion/svnrdump/svnrdump.c
  (svn_svnrdump__longopt_t): add `opt_auth_password_fd`
  (svnrdump__options): add help message for `--password-fd`
  (init_client_context): Pass `auth_password_fd` to
  (sub_main): Process global option `opt_auth_password_fd` and pass it
to `init_client_context`
* subversion/svnsync/svnsync.c
  (svnsync__opt): Add `svnsync_opt_source_password_fd` and
  (svnsync_options): Add help messages for `--source-password-fd` and
  (opt_baton_t): Add `source_password_fd` and `sync_password_fd`
  (sub_main): Process global option `--source-password-fd` and
`--sync-password-fd` and pass it to `svn_cmdline_create_auth_baton2`
* subversion/tests/cmdline/atomic-ra-revprop-change.c
  (construct_auth_baton): Pass -1 as the `auth_password_fd`
* subversion/tests/cmdline/getopt_tests_data/svn_help_log_switch_stdout
  (): Add new `--password-fd` option to expected output
* subversion/tests/libsvn_ra/ra-test.c
  (check_tunnel_callback_test): Pass -1 as the `auth_password_fd`
  (tunnel_callback_test): Pass -1 as the `auth_password_fd`
  (tunnel_run_checkout): Pass -1 as the `auth_password_fd`
* subversion/tests/svn_test_main.c
  (svn_test__init_auth_baton): Pass -1 as the `auth_password_fd`
* tools/client-side/svn-mergeinfo-normalizer/mergeinfo-normalizer.h
  (svn_min__opt_state_t): Add `auth_password_fd`
* tools/client-side/svn-mergeinfo-normalizer/svn-mergeinfo-normalizer.c
  (svn_min__longopt_t) Add `opt_auth_password_fd`
  (sub_main) Process global option `--password-fd` and pass it to
`svn_cmdline_create_auth_baton2` invocations
* tools/client-side/svnconflict/svnconflict.c
  (svnconflict_opt_state_t): Add `auth_password_fd`
  (svnconflict_options): Add `--password-fd` documentation
  (svnconflict_global_options): Add `opt_auth_password_fd`
  (sub_main): Process global option `--password-fd` and pass it to
`svn_cmdline_create_auth_baton2` invocations
* tools/dev/svnmover/svnmover.c
  (sub_main): Process global option `--password-fd` and pass it to
`svn_cmdline_create_auth_baton2` invocations

Received on 2017-09-17 10:08:08 CEST

This is an archived mail posted to the Subversion Dev mailing list.