Rev 805: Start using auth providers when possible. in file:///data/jelmer/bzr-svn/authprompt/

Sun Dec 9 19:15:17 GMT 2007

At file:///data/jelmer/bzr-svn/authprompt/

------------------------------------------------------------
revno: 805
revision-id:jelmer at samba.org-20071209191517-vnb33q212ihdijx7
parent: jelmer at samba.org-20071209181221-vhittt1qp3vyvg5f
committer: Jelmer Vernooij <jelmer at samba.org>
branch nick: authprompt
timestamp: Sun 2007-12-09 20:15:17 +0100
message:
  Start using auth providers when possible.
modified:
  auth.py                        auth.py-20071209174622-w8d42k6nm5yhxvi8-1
  transport.py                   transport.py-20060406231150-b3472d06b3a0818d
=== modified file 'auth.py'

--- a/auth.py	2007-12-09 18:12:21 +0000
+++ b/auth.py	2007-12-09 19:15:17 +0000
@@ -14,13 +14,16 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 from bzrlib.config import AuthenticationConfig
+from bzrlib.ui import ui_factory
 from svn.core import (svn_auth_cred_username_t, 
                       svn_auth_cred_simple_t,
                       svn_auth_cred_ssl_client_cert_t,
                       svn_auth_cred_ssl_client_cert_pw_t,
                       svn_auth_cred_ssl_server_trust_t,
                       svn_auth_get_username_prompt_provider,
-                      svn_auth_get_simple_prompt_provider)
+                      svn_auth_get_simple_prompt_provider,
+                      svn_auth_get_ssl_server_trust_prompt_provider,
+                      svn_auth_get_ssl_client_cert_pw_prompt_provider)
 
 
 class SubversionAuthenticationConfig(AuthenticationConfig):
@@ -39,7 +42,7 @@
         :param pool: Allocation pool, is ignored.
         """
         username_cred = svn_auth_cred_username_t()
-        username_cred.username = self.auth_config.get_user(self.scheme, host=None, realm=realm)
+        username_cred.username = self.get_user(self.scheme, host=None, realm=realm)
         username_cred.may_save = False
         return username_cred
 
@@ -53,11 +56,32 @@
         """
         simple_cred = svn_auth_cred_simple_t()
         simple_cred.username = username or self.get_username(realm, may_save, pool)
-        simple_cred.password = self.auth_config.get_password(self.scheme, host=None, 
+        simple_cred.password = self.get_password(self.scheme, host=None, 
                                     user=simple_cred.username, realm=realm)
         simple_cred.may_save = False
         return simple_cred
 
+    def get_svn_ssl_server_trust(realm, failures, cert_info, may_save, pool):
+        """Return a Subversion auth provider that verifies SSL server trust.
+
+        :param realm: Realm name (optional)
+        :param failures: Failures to check for (bit field, SVN_AUTH_SSL_*)
+        :param cert_info: Certificate information
+        :param may_save: Whether this information may be stored.
+        """
+        ssl_server_trust = svn_auth_cred_ssl_server_trust_t()
+        credentials = self.get_credentials(self.scheme, host=None)
+        if credentials.has_key("verify_certificates") and credentials["verify_certificates"] == False:
+            ssl_server_trust.accepted_failures = (svn.core.SVN_AUTH_SSL_NOTYETVALID + 
+                                                  svn.core.SVN_AUTH_SSL_EXPIRED +
+                                                  svn.core.SVN_AUTH_SSL_CNMISMATCH +
+                                                  svn.core.SVN_AUTH_SSL_UNKNOWNCA +
+                                                  svn.core.SVN_AUTH_SSL_OTHER)
+        else:
+            ssl_server_trust.accepted_failures = 0
+        ssl_server_trust.may_save = False
+        return ssl_server_trust
+
     def get_svn_username_prompt_provider(self, retries):
         """Return a Subversion auth provider for retrieving the username, as 
         accepted by svn_auth_open().
@@ -74,23 +98,32 @@
         """
         return svn_auth_get_simple_prompt_provider(self.get_svn_simple, retries)
 
+    def get_svn_ssl_server_trust_prompt_provider(self):
+        """Return a Subversion auth provider for checking 
+        whether a SSL server is trusted."""
+        return svn_auth_get_ssl_server_trust_prompt_provider(self.get_svn_ssl_server_trust)
 
-def get_ssl_client_cert(realm, may_save, pool):
-    ssl_cred = svn_auth_cred_ssl_client_cert_t()
-    ssl_cred.cert_file = "my-certs-file"
-    ssl_cred.may_save = False
-    return ssl_cred
+    def get_svn_auth_providers(self):
+        """Return a list of auth providers for this authentication file.
+        """
+        return [self.get_svn_username_prompt_provider(1),
+                self.get_svn_simple_prompt_provider(1),
+                self.get_svn_ssl_server_trust_prompt_provider()]
 
 
 def get_ssl_client_cert_pw(realm, may_save, pool):
+    """Simple SSL client certificate password prompter.
+
+    :param realm: Realm, optional.
+    :param may_save: Whether the password can be cached.
+    """
     ssl_cred_pw = svn_auth_cred_ssl_client_cert_pw_t()
-    ssl_cred_pw.password = "supergeheim"
+    ssl_cred_pw.password = \
+            ui_factory.get_password("Please enter password for client certificate[realm=%s]" % realm)
     ssl_cred_pw.may_save = False
     return ssl_cred_pw
 
 
-def get_ssl_server_trust(realm, failures, cert_info, may_save, pool):
-    ssl_server_trust = svn_auth_cred_ssl_server_trust_t()
-    ssl_server_trust.accepted_failures = 0
-    ssl_server_trust.may_save = False
-    return ssl_server_trust
+def get_ssl_client_cert_pw_provider(tries):
+    return svn_auth_get_ssl_client_cert_pw_prompt_provider(get_ssl_client_cert_pw, tries)
+

=== modified file 'transport.py'
--- a/transport.py	2007-11-13 22:40:56 +0000
+++ b/transport.py	2007-12-09 19:15:17 +0000
@@ -42,6 +42,10 @@
         svn.client.get_ssl_client_cert_pw_file_provider(pool),
         svn.client.get_ssl_server_trust_file_provider(pool),
         ]
+    if svn.core.SVN_VER_MAJOR == 1 and svn.core.SVN_VER_MINOR >= 5:
+        import auth
+        providers += auth.SubversionAuthenticationConfig().get_svn_auth_providers()
+        providers.append(get_ssl_client_cert_pw_provider(1))
     return svn.core.svn_auth_open(providers, pool)
 
 


