← Back to branch summary

~ubuntu-branches/debian/sid/subversion/sid

« back to all changes in this revision

Viewing changes to subversion/libsvn_subr/config_auth.c

  • Committer: Package Import Robot
  • Author(s): James McCoy
  • Date: 2015-08-07 21:32:47 UTC
  • mfrom: (0.2.15) (4.1.7 experimental)
  • Revision ID: package-import@ubuntu.com-20150807213247-ozyewtmgsr6tkewl
Tags: 1.9.0-1
http://bugs.debian.org/791844
* Upload to unstable
* New upstream release.
  + Security fixes
    - CVE-2015-3184: Mixed anonymous/authenticated path-based authz with
      httpd 2.4
    - CVE-2015-3187: svn_repos_trace_node_locations() reveals paths hidden
      by authz
* Add >= 2.7 requirement for python-all-dev Build-Depends, needed to run
  tests.
* Remove Build-Conflicts against ruby-test-unit.  (Closes: #791844)
* Remove patches/apache_module_dependency in favor of expressing the
  dependencies in authz_svn.load/dav_svn.load.
* Build-Depend on apache2-dev (>= 2.4.16) to ensure ap_some_authn_required()
  is available when building mod_authz_svn and Depend on apache2-bin (>=
  2.4.16) for runtime support.

Show diffs side-by-side

added added

removed removed

Lines of Context:
subversion/libsvn_subr/config_auth.c
35
35
 
36
36
#include "private/svn_auth_private.h"
37
37
 
38
 
/* Helper for svn_config_{read|write}_auth_data.  Return a path to a
39
 
   file within ~/.subversion/auth/ that holds CRED_KIND credentials
40
 
   within REALMSTRING.  If no path is available *PATH will be set to
41
 
   NULL. */
42
38
svn_error_t *
43
39
svn_auth__file_path(const char **path,
44
40
                    const char *cred_kind,
124
120
                           const char *config_dir,
125
121
                           apr_pool_t *pool)
126
122
{
127
 
  apr_file_t *authfile = NULL;
128
123
  svn_stream_t *stream;
129
 
  const char *auth_path;
 
124
  const char *auth_path, *tmp_path;
130
125
 
131
126
  SVN_ERR(svn_auth__file_path(&auth_path, cred_kind, realmstring, config_dir,
132
127
                              pool));
135
130
                            _("Unable to locate auth file"));
136
131
 
137
132
  /* Add the realmstring to the hash, so programs (or users) can
138
 
     verify exactly which set of credentials this file holds.  */
 
133
     verify exactly which set of credentials this file holds.
 
134
     ### What if realmstring key is already in the hash? */
139
135
  svn_hash_sets(hash, SVN_CONFIG_REALMSTRING_KEY,
140
136
                svn_string_create(realmstring, pool));
141
137
 
142
 
  SVN_ERR_W(svn_io_file_open(&authfile, auth_path,
143
 
                             (APR_WRITE | APR_CREATE | APR_TRUNCATE
144
 
                              | APR_BUFFERED),
145
 
                             APR_OS_DEFAULT, pool),
 
138
  SVN_ERR_W(svn_stream_open_unique(&stream, &tmp_path,
 
139
                                   svn_dirent_dirname(auth_path, pool),
 
140
                                   svn_io_file_del_on_pool_cleanup,
 
141
                                   pool, pool),
146
142
            _("Unable to open auth file for writing"));
147
 
 
148
 
  stream = svn_stream_from_aprfile2(authfile, FALSE, pool);
149
143
  SVN_ERR_W(svn_hash_write2(hash, stream, SVN_HASH_TERMINATOR, pool),
150
144
            apr_psprintf(pool, _("Error writing hash to '%s'"),
151
145
                         svn_dirent_local_style(auth_path, pool)));
152
 
 
153
146
  SVN_ERR(svn_stream_close(stream));
 
147
  SVN_ERR(svn_io_file_rename(tmp_path, auth_path, pool));
154
148
 
155
149
  /* To be nice, remove the realmstring from the hash again, just in
156
 
     case the caller wants their hash unchanged. */
 
150
     case the caller wants their hash unchanged.
 
151
     ### Should we also do this when a write error occurs? */
157
152
  svn_hash_sets(hash, SVN_CONFIG_REALMSTRING_KEY, NULL);
158
153
 
159
154
  return SVN_NO_ERROR;
213
208
      itempool = svn_pool_create(iterpool);
214
209
      for (hi = apr_hash_first(iterpool, nodes); hi; hi = apr_hash_next(hi))
215
210
        {
216
 
          svn_io_dirent2_t *dirent = svn__apr_hash_index_val(hi);
 
211
          svn_io_dirent2_t *dirent = apr_hash_this_val(hi);
217
212
          svn_stream_t *stream;
218
213
          apr_hash_t *creds_hash;
219
214
          const svn_string_t *realm;
227
222
 
228
223
          svn_pool_clear(itempool);
229
224
 
230
 
          item_path = svn_dirent_join(dir_path, svn__apr_hash_index_key(hi),
 
225
          item_path = svn_dirent_join(dir_path, apr_hash_this_key(hi),
231
226
                                      itempool);
232
227
 
233
228
          err = svn_stream_open_readonly(&stream, item_path,