← Back to branch summary

~ubuntu-branches/debian/sid/subversion/sid

« back to all changes in this revision

Viewing changes to subversion/libsvn_subr/config_auth.c

  • Committer: Package Import Robot
  • Author(s): James McCoy, Peter Samuelson, James McCoy
  • Date: 2014-01-12 19:48:33 UTC
  • mfrom: (0.2.10)
  • Revision ID: package-import@ubuntu.com-20140112194833-w3axfwksn296jn5x
Tags: 1.8.5-1
http://bugs.debian.org/725787
http://bugs.debian.org/507430
http://bugs.debian.org/734163
http://bugs.debian.org/601544
http://bugs.debian.org/687291
http://bugs.debian.org/273874
http://bugs.debian.org/690815
http://bugs.debian.org/654172
http://bugs.debian.org/678224
http://bugs.debian.org/566148
http://bugs.debian.org/734918
http://bugs.debian.org/722393
[ Peter Samuelson ]
* New upstream release.  (Closes: #725787) Rediff patches:
  - Remove apr-abi1 (applied upstream), rename apr-abi2 to apr-abi
  - Remove loosen-sqlite-version-check (shouldn't be needed)
  - Remove java-osgi-metadata (applied upstream)
  - svnmucc prompts for a changelog if none is provided. (Closes: #507430)
  - Remove fix-bdb-version-detection, upstream uses "apu-config --dbm-libs"
  - Remove ruby-test-wc (applied upstream)
  - Fix “svn diff -r N file” when file has svn:mime-type set.
    (Closes: #734163)
  - Support specifying an encoding for mod_dav_svn's environment in which
    hooks are run.  (Closes: #601544)
  - Fix ordering of “svnadmin dump” paths with certain APR versions.
    (Closes: #687291)
  - Provide a better error message when authentication fails with an
    svn+ssh:// URL.  (Closes: #273874)
  - Updated Polish translations.  (Closes: #690815)

[ James McCoy ]
* Remove all traces of libneon, replaced by libserf.
* patches/sqlite_3.8.x_workaround: Upstream fix for wc-queries-test test
  failurse.
* Run configure with --with-apache-libexecdir, which allows removing part of
  patches/rpath.
* Re-enable auth-test as upstream has fixed the problem of picking up
  libraries from the environment rather than the build tree.
  (Closes: #654172)
* Point LD_LIBRARY_PATH at the built auth libraries when running the svn
  command during the build.  (Closes: #678224)
* Add a NEWS entry describing how to configure mod_dav_svn to understand
  UTF-8.  (Closes: #566148)
* Remove ancient transitional package, libsvn-ruby.
* Enable compatibility with Sqlite3 versions back to Wheezy.
* Enable hardening flags.  (Closes: #734918)
* patches/build-fixes: Enable verbose build logs.
* Build against the default ruby version.  (Closes: #722393)

Show diffs side-by-side

added added

removed removed

Lines of Context:
subversion/libsvn_subr/config_auth.c
26
26
#include "svn_dirent_uri.h"
27
27
#include "svn_hash.h"
28
28
#include "svn_io.h"
29
 
 
 
29
#include "svn_pools.h"
30
30
#include "config_impl.h"
31
31
 
 
32
#include "auth.h"
 
33
 
32
34
#include "svn_private_config.h"
33
35
 
 
36
#include "private/svn_auth_private.h"
 
37
 
34
38
/* Helper for svn_config_{read|write}_auth_data.  Return a path to a
35
39
   file within ~/.subversion/auth/ that holds CRED_KIND credentials
36
40
   within REALMSTRING.  If no path is available *PATH will be set to
37
41
   NULL. */
38
 
static svn_error_t *
39
 
auth_file_path(const char **path,
40
 
               const char *cred_kind,
41
 
               const char *realmstring,
42
 
               const char *config_dir,
43
 
               apr_pool_t *pool)
 
42
svn_error_t *
 
43
svn_auth__file_path(const char **path,
 
44
                    const char *cred_kind,
 
45
                    const char *realmstring,
 
46
                    const char *config_dir,
 
47
                    apr_pool_t *pool)
44
48
{
45
49
  const char *authdir_path, *hexname;
46
50
  svn_checksum_t *checksum;
81
85
 
82
86
  *hash = NULL;
83
87
 
84
 
  SVN_ERR(auth_file_path(&auth_path, cred_kind, realmstring, config_dir,
85
 
                         pool));
 
88
  SVN_ERR(svn_auth__file_path(&auth_path, cred_kind, realmstring, config_dir,
 
89
                              pool));
86
90
  if (! auth_path)
87
91
    return SVN_NO_ERROR;
88
92
 
118
122
  svn_stream_t *stream;
119
123
  const char *auth_path;
120
124
 
121
 
  SVN_ERR(auth_file_path(&auth_path, cred_kind, realmstring, config_dir,
122
 
                         pool));
 
125
  SVN_ERR(svn_auth__file_path(&auth_path, cred_kind, realmstring, config_dir,
 
126
                              pool));
123
127
  if (! auth_path)
124
128
    return svn_error_create(SVN_ERR_NO_AUTH_FILE_PATH, NULL,
125
129
                            _("Unable to locate auth file"));
126
130
 
127
131
  /* Add the realmstring to the hash, so programs (or users) can
128
132
     verify exactly which set of credentials this file holds.  */
129
 
  apr_hash_set(hash, SVN_CONFIG_REALMSTRING_KEY, APR_HASH_KEY_STRING,
130
 
               svn_string_create(realmstring, pool));
 
133
  svn_hash_sets(hash, SVN_CONFIG_REALMSTRING_KEY,
 
134
                svn_string_create(realmstring, pool));
131
135
 
132
136
  SVN_ERR_W(svn_io_file_open(&authfile, auth_path,
133
137
                             (APR_WRITE | APR_CREATE | APR_TRUNCATE
144
148
 
145
149
  /* To be nice, remove the realmstring from the hash again, just in
146
150
     case the caller wants their hash unchanged. */
147
 
  apr_hash_set(hash, SVN_CONFIG_REALMSTRING_KEY, APR_HASH_KEY_STRING, NULL);
148
 
 
 
151
  svn_hash_sets(hash, SVN_CONFIG_REALMSTRING_KEY, NULL);
 
152
 
 
153
  return SVN_NO_ERROR;
 
154
}
 
155
 
 
156
 
 
157
svn_error_t *
 
158
svn_config_walk_auth_data(const char *config_dir,
 
159
                          svn_config_auth_walk_func_t walk_func,
 
160
                          void *walk_baton,
 
161
                          apr_pool_t *scratch_pool)
 
162
{
 
163
  int i;
 
164
  apr_pool_t *iterpool;
 
165
  svn_boolean_t finished = FALSE;
 
166
  const char *cred_kinds[] =
 
167
    {
 
168
      SVN_AUTH_CRED_SIMPLE,
 
169
      SVN_AUTH_CRED_USERNAME,
 
170
      SVN_AUTH_CRED_SSL_CLIENT_CERT,
 
171
      SVN_AUTH_CRED_SSL_CLIENT_CERT_PW,
 
172
      SVN_AUTH_CRED_SSL_SERVER_TRUST,
 
173
      NULL
 
174
    };
 
175
 
 
176
  iterpool = svn_pool_create(scratch_pool);
 
177
  for (i = 0; cred_kinds[i]; i++)
 
178
    {
 
179
      const char *item_path;
 
180
      const char *dir_path;
 
181
      apr_hash_t *nodes;
 
182
      svn_error_t *err;
 
183
      apr_pool_t *itempool;
 
184
      apr_hash_index_t *hi;
 
185
 
 
186
      svn_pool_clear(iterpool);
 
187
 
 
188
      if (finished)
 
189
        break;
 
190
 
 
191
      SVN_ERR(svn_auth__file_path(&item_path, cred_kinds[i], "!", config_dir,
 
192
                                  iterpool));
 
193
 
 
194
      dir_path = svn_dirent_dirname(item_path, iterpool);
 
195
 
 
196
      err = svn_io_get_dirents3(&nodes, dir_path, TRUE, iterpool, iterpool);
 
197
      if (err)
 
198
        {
 
199
          if (!APR_STATUS_IS_ENOENT(err->apr_err)
 
200
              && !SVN__APR_STATUS_IS_ENOTDIR(err->apr_err))
 
201
            return svn_error_trace(err);
 
202
 
 
203
          svn_error_clear(err);
 
204
          continue;
 
205
        }
 
206
 
 
207
      itempool = svn_pool_create(iterpool);
 
208
      for (hi = apr_hash_first(iterpool, nodes); hi; hi = apr_hash_next(hi))
 
209
        {
 
210
          svn_io_dirent2_t *dirent = svn__apr_hash_index_val(hi);
 
211
          svn_stream_t *stream;
 
212
          apr_hash_t *creds_hash;
 
213
          const svn_string_t *realm;
 
214
          svn_boolean_t delete_file = FALSE;
 
215
 
 
216
          if (finished)
 
217
            break;
 
218
 
 
219
          if (dirent->kind != svn_node_file)
 
220
            continue;
 
221
 
 
222
          svn_pool_clear(itempool);
 
223
 
 
224
          item_path = svn_dirent_join(dir_path, svn__apr_hash_index_key(hi),
 
225
                                      itempool);
 
226
 
 
227
          err = svn_stream_open_readonly(&stream, item_path,
 
228
                                         itempool, itempool);
 
229
          if (err)
 
230
            {
 
231
              /* Ignore this file. There are no credentials in it anyway */
 
232
              svn_error_clear(err);
 
233
              continue;
 
234
            }
 
235
 
 
236
          creds_hash = apr_hash_make(itempool);
 
237
          err = svn_hash_read2(creds_hash, stream,
 
238
                               SVN_HASH_TERMINATOR, itempool);
 
239
          err = svn_error_compose_create(err, svn_stream_close(stream));
 
240
          if (err)
 
241
            {
 
242
              /* Ignore this file. There are no credentials in it anyway */
 
243
              svn_error_clear(err);
 
244
              continue;
 
245
            }
 
246
 
 
247
          realm = svn_hash_gets(creds_hash, SVN_CONFIG_REALMSTRING_KEY);
 
248
          if (! realm)
 
249
            continue; /* Not an auth file */
 
250
 
 
251
          err = walk_func(&delete_file, walk_baton, cred_kinds[i],
 
252
                          realm->data, creds_hash, itempool);
 
253
          if (err && err->apr_err == SVN_ERR_CEASE_INVOCATION)
 
254
            {
 
255
              svn_error_clear(err);
 
256
              err = SVN_NO_ERROR;
 
257
              finished = TRUE;
 
258
            }
 
259
          SVN_ERR(err);
 
260
 
 
261
          if (delete_file)
 
262
            {
 
263
              /* Delete the file on disk */
 
264
              SVN_ERR(svn_io_remove_file2(item_path, TRUE, itempool));
 
265
            }
 
266
        }
 
267
    }
 
268
 
 
269
  svn_pool_destroy(iterpool);
149
270
  return SVN_NO_ERROR;
150
271
}