Checkout
Karl Fogel
committed
on 15 Jul 08
Cache SSL client certificate passphrases, when user indicates it's okay.
This resolves issue #2489, and prompted issues #3238, #3239, and #3… Show more
Cache SSL client certificate passphrases, when user indicates it's okay.

This resolves issue #2489, and prompted issues #3238, #3239, and #3236.

Patch by: stylesen

(Tweaked by kfogel.)

* subversion/include/svn_config.h

 (SVN_CONFIG_OPTION_STORE_SSL_CLIENT_CERT_PP,

  SVN_CONFIG_OPTION_STORE_SSL_CLIENT_CERT_PP_PLAINTEXT): New options,

   for storing SSL client cert passphrase at all and for storing it

   as plaintext, respectively.

 (SVN_CONFIG_DEFAULT_OPTION_STORE_SSL_CLIENT_CERT_PP,

  SVN_CONFIG_DEFAULT_OPTION_STORE_SSL_CLIENT_CERT_PP_PLAINTEXT): New defaults.

* subversion/libsvn_subr/config_file.c

 (ensure_auth_dirs): Create new auth dir to store ssl client cert passphrase.

 (svn_config_ensure): Add doc for the new options in the servers file string.

* subversion/libsvn_ra/ra_loader.c

 (svn_ra_open3): Load above new options from servers config file.

* subversion/libsvn_subr/cmdline.c

 (get_auth_simple_provider): Rename to...

 (get_auth_provider): ...this.  Take a new argument provider_type

   and use it to get the right provider.  Document this function.

 (svn_cmdline_setup_auth_baton): If we have gnome keyring support get the

   corresponding ssl client cert passphrase provider.

* subversion/libsvn_subr/prompt.c

 (plaintext_prompt_helper): New helper function, abstracts out the

   logic for plaintext promting.

 (svn_cmdline_auth_plaintext_prompt): Just wrap above new helper.

 (svn_cmdline_auth_plaintext_passphrase_prompt): New function, also

   using above new helper.

* subversion/libsvn_subr/ssl_client_cert_pw_providers.c: Include

   svn_auth_private.h and svn_private_config.h.

 (AUTHN_PASSPHRASE_KEY): Define passphrase key.

 (AUTHN_PASSTYPE_KEY): Define passtype key.

 (ssl_client_cert_pw_file_provider_baton_t): New baton for ssl client cert

  passphrase provider.

 (simple_passphrase_get): New function to get plaintext passphrase.

 (simple_passphrase_set): New function to store plaintext passphrase.

 (svn_auth__ssl_client_cert_pw_file_first_creds_helper): New internal

   API, abstracted out from...

 (ssl_client_cert_pw_file_first_credentials): ...here, which just

   wraps the above now.

 (svn_auth__ssl_client_cert_pw_file_save_creds_helper): New internal

   API, abstracted out from...

 (ssl_client_cert_pw_file_save_credentials): ...here, which just

   wraps the above now.

 (ssl_client_cert_pw_file_provider): Register above to save the credentials.

 (svn_auth_get_ssl_client_cert_pw_file_provider2): New public API which has

   a prompt function now.

 (svn_auth_get_ssl_client_cert_pw_file_provider): Update API for the above.

* subversion/include/private/svn_auth_private.h

 (svn_auth__ssl_client_cert_pw_file_first_creds_helper): Declare new API.

 (svn_auth__ssl_client_cert_pw_file_save_creds_helper): Declare new API.

* subversion/libsvn_auth_gnome_keyring/gnome_keyring.c

 (gnome_keyring_ssl_client_cert_pw_first_creds): New function to get ssl

  client cert passphrase from encrypted credentials.

 (gnome_keyring_ssl_client_cert_pw_save_creds): New function to save

  encrypted ssl client cert passphrase.

 (gnome_keyring_ssl_client_cert_pw_provider): New baton.

 (svn_auth_get_gnome_keyring_ssl_client_cert_pw_provider): New public API for

  gnome keyring based ssl client cert passphrase storage and retrieval.

* subversion/include/svn_auth_dso.h

 (svn_auth_get_gnome_keyring_ssl_client_cert_pw_provider): New public API.

* subversion/include/svn_cmdline.h

 (svn_cmdline_auth_plaintext_passphrase_prompt): New public API added to

  prompt for storing plaintext passphrases.

* subversion/include/svn_auth.h

 (svn_auth_ssl_client_cert_pw_provider_func_t): Define function type for the

  provider.

 (svn_auth_plaintext_passphrase_prompt_func_t): New function prototype.

 (SVN_AUTH_PARAM_DONT_STORE_SSL_CLIENT_CERT_PP): New constant.

 (SVN_AUTH_PARAM_STORE_SSL_CLIENT_CERT_PP_PLAINTEXT): New constant.

 (svn_auth_get_ssl_client_cert_pw_file_provider2): New public API.

* subversion/libsvn_ra_neon/session.c

 (client_ssl_decrypt_cert): Call svn_auth_save_credentials to save

   the ssl client certificate passphrase.

Show less