Rev 805: Start using auth providers when possible. in file:///data/jelmer/bzr-svn/authprompt/
Jelmer Vernooij
jelmer at samba.org
Sun Dec 9 19:15:17 GMT 2007
At file:///data/jelmer/bzr-svn/authprompt/
------------------------------------------------------------
revno: 805
revision-id:jelmer at samba.org-20071209191517-vnb33q212ihdijx7
parent: jelmer at samba.org-20071209181221-vhittt1qp3vyvg5f
committer: Jelmer Vernooij <jelmer at samba.org>
branch nick: authprompt
timestamp: Sun 2007-12-09 20:15:17 +0100
message:
Start using auth providers when possible.
modified:
auth.py auth.py-20071209174622-w8d42k6nm5yhxvi8-1
transport.py transport.py-20060406231150-b3472d06b3a0818d
=== modified file 'auth.py'
--- a/auth.py 2007-12-09 18:12:21 +0000
+++ b/auth.py 2007-12-09 19:15:17 +0000
@@ -14,13 +14,16 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
from bzrlib.config import AuthenticationConfig
+from bzrlib.ui import ui_factory
from svn.core import (svn_auth_cred_username_t,
svn_auth_cred_simple_t,
svn_auth_cred_ssl_client_cert_t,
svn_auth_cred_ssl_client_cert_pw_t,
svn_auth_cred_ssl_server_trust_t,
svn_auth_get_username_prompt_provider,
- svn_auth_get_simple_prompt_provider)
+ svn_auth_get_simple_prompt_provider,
+ svn_auth_get_ssl_server_trust_prompt_provider,
+ svn_auth_get_ssl_client_cert_pw_prompt_provider)
class SubversionAuthenticationConfig(AuthenticationConfig):
@@ -39,7 +42,7 @@
:param pool: Allocation pool, is ignored.
"""
username_cred = svn_auth_cred_username_t()
- username_cred.username = self.auth_config.get_user(self.scheme, host=None, realm=realm)
+ username_cred.username = self.get_user(self.scheme, host=None, realm=realm)
username_cred.may_save = False
return username_cred
@@ -53,11 +56,32 @@
"""
simple_cred = svn_auth_cred_simple_t()
simple_cred.username = username or self.get_username(realm, may_save, pool)
- simple_cred.password = self.auth_config.get_password(self.scheme, host=None,
+ simple_cred.password = self.get_password(self.scheme, host=None,
user=simple_cred.username, realm=realm)
simple_cred.may_save = False
return simple_cred
+ def get_svn_ssl_server_trust(realm, failures, cert_info, may_save, pool):
+ """Return a Subversion auth provider that verifies SSL server trust.
+
+ :param realm: Realm name (optional)
+ :param failures: Failures to check for (bit field, SVN_AUTH_SSL_*)
+ :param cert_info: Certificate information
+ :param may_save: Whether this information may be stored.
+ """
+ ssl_server_trust = svn_auth_cred_ssl_server_trust_t()
+ credentials = self.get_credentials(self.scheme, host=None)
+ if credentials.has_key("verify_certificates") and credentials["verify_certificates"] == False:
+ ssl_server_trust.accepted_failures = (svn.core.SVN_AUTH_SSL_NOTYETVALID +
+ svn.core.SVN_AUTH_SSL_EXPIRED +
+ svn.core.SVN_AUTH_SSL_CNMISMATCH +
+ svn.core.SVN_AUTH_SSL_UNKNOWNCA +
+ svn.core.SVN_AUTH_SSL_OTHER)
+ else:
+ ssl_server_trust.accepted_failures = 0
+ ssl_server_trust.may_save = False
+ return ssl_server_trust
+
def get_svn_username_prompt_provider(self, retries):
"""Return a Subversion auth provider for retrieving the username, as
accepted by svn_auth_open().
@@ -74,23 +98,32 @@
"""
return svn_auth_get_simple_prompt_provider(self.get_svn_simple, retries)
+ def get_svn_ssl_server_trust_prompt_provider(self):
+ """Return a Subversion auth provider for checking
+ whether a SSL server is trusted."""
+ return svn_auth_get_ssl_server_trust_prompt_provider(self.get_svn_ssl_server_trust)
-def get_ssl_client_cert(realm, may_save, pool):
- ssl_cred = svn_auth_cred_ssl_client_cert_t()
- ssl_cred.cert_file = "my-certs-file"
- ssl_cred.may_save = False
- return ssl_cred
+ def get_svn_auth_providers(self):
+ """Return a list of auth providers for this authentication file.
+ """
+ return [self.get_svn_username_prompt_provider(1),
+ self.get_svn_simple_prompt_provider(1),
+ self.get_svn_ssl_server_trust_prompt_provider()]
def get_ssl_client_cert_pw(realm, may_save, pool):
+ """Simple SSL client certificate password prompter.
+
+ :param realm: Realm, optional.
+ :param may_save: Whether the password can be cached.
+ """
ssl_cred_pw = svn_auth_cred_ssl_client_cert_pw_t()
- ssl_cred_pw.password = "supergeheim"
+ ssl_cred_pw.password = \
+ ui_factory.get_password("Please enter password for client certificate[realm=%s]" % realm)
ssl_cred_pw.may_save = False
return ssl_cred_pw
-def get_ssl_server_trust(realm, failures, cert_info, may_save, pool):
- ssl_server_trust = svn_auth_cred_ssl_server_trust_t()
- ssl_server_trust.accepted_failures = 0
- ssl_server_trust.may_save = False
- return ssl_server_trust
+def get_ssl_client_cert_pw_provider(tries):
+ return svn_auth_get_ssl_client_cert_pw_prompt_provider(get_ssl_client_cert_pw, tries)
+
=== modified file 'transport.py'
--- a/transport.py 2007-11-13 22:40:56 +0000
+++ b/transport.py 2007-12-09 19:15:17 +0000
@@ -42,6 +42,10 @@
svn.client.get_ssl_client_cert_pw_file_provider(pool),
svn.client.get_ssl_server_trust_file_provider(pool),
]
+ if svn.core.SVN_VER_MAJOR == 1 and svn.core.SVN_VER_MINOR >= 5:
+ import auth
+ providers += auth.SubversionAuthenticationConfig().get_svn_auth_providers()
+ providers.append(get_ssl_client_cert_pw_provider(1))
return svn.core.svn_auth_open(providers, pool)
More information about the bazaar-commits
mailing list