Rev 810: Merge support for password authentication. in file:///data/jelmer/bzr-svn/0.4/
Jelmer Vernooij
jelmer at samba.org
Sat Dec 15 02:11:15 GMT 2007
At file:///data/jelmer/bzr-svn/0.4/
------------------------------------------------------------
revno: 810
revision-id:jelmer at samba.org-20071215021115-zduj7tryfvykjke6
parent: jelmer at samba.org-20071214162708-j5gkj5o5wfnudlfa
parent: jelmer at samba.org-20071215020338-5axq143vr9kysdch
committer: Jelmer Vernooij <jelmer at samba.org>
branch nick: 0.4
timestamp: Sat 2007-12-15 03:11:15 +0100
message:
Merge support for password authentication.
added:
auth.py auth.py-20071209174622-w8d42k6nm5yhxvi8-1
modified:
FAQ faq-20070910195147-p9u38s9wplds2d4o-1
NEWS news-20061231030336-h9fhq245ie0de8bs-1
transport.py transport.py-20060406231150-b3472d06b3a0818d
------------------------------------------------------------
revno: 803.1.4
revision-id:jelmer at samba.org-20071215020338-5axq143vr9kysdch
parent: jelmer at samba.org-20071215020142-0ggoyq5l31t8opd5
committer: Jelmer Vernooij <jelmer at samba.org>
branch nick: authprompt
timestamp: Sat 2007-12-15 03:03:38 +0100
message:
Support retrieving passwords from Bazaar.
modified:
NEWS news-20061231030336-h9fhq245ie0de8bs-1
auth.py auth.py-20071209174622-w8d42k6nm5yhxvi8-1
transport.py transport.py-20060406231150-b3472d06b3a0818d
------------------------------------------------------------
revno: 803.1.3
revision-id:jelmer at samba.org-20071215020142-0ggoyq5l31t8opd5
parent: jelmer at samba.org-20071209191517-vnb33q212ihdijx7
parent: jelmer at samba.org-20071214162708-j5gkj5o5wfnudlfa
committer: Jelmer Vernooij <jelmer at samba.org>
branch nick: authprompt
timestamp: Sat 2007-12-15 03:01:42 +0100
message:
Merge upstream.
modified:
FAQ faq-20070910195147-p9u38s9wplds2d4o-1
NEWS news-20061231030336-h9fhq245ie0de8bs-1
logwalker.py logwalker.py-20060621215743-c13fhfnyzh1xzwh2-1
transport.py transport.py-20060406231150-b3472d06b3a0818d
------------------------------------------------------------
revno: 803.1.2
revision-id:jelmer at samba.org-20071209191517-vnb33q212ihdijx7
parent: jelmer at samba.org-20071209181221-vhittt1qp3vyvg5f
committer: Jelmer Vernooij <jelmer at samba.org>
branch nick: authprompt
timestamp: Sun 2007-12-09 20:15:17 +0100
message:
Start using auth providers when possible.
modified:
auth.py auth.py-20071209174622-w8d42k6nm5yhxvi8-1
transport.py transport.py-20060406231150-b3472d06b3a0818d
------------------------------------------------------------
revno: 803.1.1
revision-id:jelmer at samba.org-20071209181221-vhittt1qp3vyvg5f
parent: jelmer at samba.org-20071206175113-m0ayc56h3u3wi5s5
committer: Jelmer Vernooij <jelmer at samba.org>
branch nick: authprompt
timestamp: Sun 2007-12-09 19:12:21 +0100
message:
Start working on authentication providers that use the Bazaar authentication ring.
added:
auth.py auth.py-20071209174622-w8d42k6nm5yhxvi8-1
=== added file 'auth.py'
--- a/auth.py 1970-01-01 00:00:00 +0000
+++ b/auth.py 2007-12-15 02:03:38 +0000
@@ -0,0 +1,132 @@
+# Copyright (C) 2005-2007 Jelmer Vernooij <jelmer at samba.org>
+
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+from bzrlib.config import AuthenticationConfig
+from bzrlib.ui import ui_factory
+from svn.core import (svn_auth_cred_username_t,
+ svn_auth_cred_simple_t,
+ svn_auth_cred_ssl_client_cert_t,
+ svn_auth_cred_ssl_client_cert_pw_t,
+ svn_auth_cred_ssl_server_trust_t,
+ svn_auth_get_username_prompt_provider,
+ svn_auth_get_simple_prompt_provider,
+ svn_auth_get_ssl_server_trust_prompt_provider,
+ svn_auth_get_ssl_client_cert_pw_prompt_provider)
+
+
+class SubversionAuthenticationConfig(AuthenticationConfig):
+ """Simple extended version of AuthenticationConfig that can provide
+ the information Subversion requires.
+ """
+ def __init__(self, file=None, scheme="svn", host=None):
+ super(SubversionAuthenticationConfig, self).__init__(file)
+ self.scheme = scheme
+ self.host = host
+
+ def get_svn_username(self, realm, may_save, pool=None):
+ """Look up a Subversion user name in the Bazaar authentication cache.
+
+ :param realm: Authentication realm (optional)
+ :param may_save: Whether or not the username should be saved.
+ :param pool: Allocation pool, is ignored.
+ """
+ username_cred = svn_auth_cred_username_t()
+ username_cred.username = self.get_user(self.scheme, host=self.host, realm=realm)
+ username_cred.may_save = False
+ return username_cred
+
+ def get_svn_simple(self, realm, username, may_save, pool):
+ """Look up a Subversion user name+password combination in the Bazaar authentication cache.
+
+ :param realm: Authentication realm (optional)
+ :param username: Username, if it is already known, or None.
+ :param may_save: Whether or not the username should be saved.
+ :param pool: Allocation pool, is ignored.
+ """
+ simple_cred = svn_auth_cred_simple_t()
+ simple_cred.username = username or self.get_username(realm, may_save, pool)
+ simple_cred.password = self.get_password(self.scheme, host=self.host,
+ user=simple_cred.username, realm=realm)
+ simple_cred.may_save = False
+ return simple_cred
+
+ def get_svn_ssl_server_trust(self, realm, failures, cert_info, may_save, pool):
+ """Return a Subversion auth provider that verifies SSL server trust.
+
+ :param realm: Realm name (optional)
+ :param failures: Failures to check for (bit field, SVN_AUTH_SSL_*)
+ :param cert_info: Certificate information
+ :param may_save: Whether this information may be stored.
+ """
+ ssl_server_trust = svn_auth_cred_ssl_server_trust_t()
+ credentials = self.get_credentials(self.scheme, host=self.host)
+ if (credentials is not None and
+ credentials.has_key("verify_certificates") and
+ credentials["verify_certificates"] == False):
+ ssl_server_trust.accepted_failures = (svn.core.SVN_AUTH_SSL_NOTYETVALID +
+ svn.core.SVN_AUTH_SSL_EXPIRED +
+ svn.core.SVN_AUTH_SSL_CNMISMATCH +
+ svn.core.SVN_AUTH_SSL_UNKNOWNCA +
+ svn.core.SVN_AUTH_SSL_OTHER)
+ else:
+ ssl_server_trust.accepted_failures = 0
+ ssl_server_trust.may_save = False
+ return ssl_server_trust
+
+ def get_svn_username_prompt_provider(self, retries):
+ """Return a Subversion auth provider for retrieving the username, as
+ accepted by svn_auth_open().
+
+ :param retries: Number of allowed retries.
+ """
+ return svn_auth_get_username_prompt_provider(self.get_svn_username, retries)
+
+ def get_svn_simple_prompt_provider(self, retries):
+ """Return a Subversion auth provider for retrieving a
+ username+password combination, as accepted by svn_auth_open().
+
+ :param retries: Number of allowed retries.
+ """
+ return svn_auth_get_simple_prompt_provider(self.get_svn_simple, retries)
+
+ def get_svn_ssl_server_trust_prompt_provider(self):
+ """Return a Subversion auth provider for checking
+ whether a SSL server is trusted."""
+ return svn_auth_get_ssl_server_trust_prompt_provider(self.get_svn_ssl_server_trust)
+
+ def get_svn_auth_providers(self):
+ """Return a list of auth providers for this authentication file.
+ """
+ return [self.get_svn_username_prompt_provider(1),
+ self.get_svn_simple_prompt_provider(1),
+ self.get_svn_ssl_server_trust_prompt_provider()]
+
+
+def get_ssl_client_cert_pw(realm, may_save, pool):
+ """Simple SSL client certificate password prompter.
+
+ :param realm: Realm, optional.
+ :param may_save: Whether the password can be cached.
+ """
+ ssl_cred_pw = svn_auth_cred_ssl_client_cert_pw_t()
+ ssl_cred_pw.password = \
+ ui_factory.get_password("Please enter password for client certificate[realm=%s]" % realm)
+ ssl_cred_pw.may_save = False
+ return ssl_cred_pw
+
+
+def get_ssl_client_cert_pw_provider(tries):
+ return svn_auth_get_ssl_client_cert_pw_prompt_provider(get_ssl_client_cert_pw, tries)
+
=== modified file 'FAQ'
--- a/FAQ 2007-12-14 16:27:08 +0000
+++ b/FAQ 2007-12-15 02:11:15 +0000
@@ -19,7 +19,11 @@
==============================================================================
I am unable to access a repository that requires user/password authentication.
==============================================================================
-bzr-svn doesn't support prompting for passwords yet, but it can
+The Python bindings required for password prompting are only present in
+version 1.5 of Subversion so password prompting is only possible if
+you have that version installed.
+
+If you have an older version installed, bzr-svn can
use passwords cached by Subversion. Subversion can be forced to cache
the password by accessing the repository using the Subversion command-line
client. For example, try running 'svn info <url>'.
=== modified file 'NEWS'
--- a/NEWS 2007-12-14 13:52:08 +0000
+++ b/NEWS 2007-12-15 02:11:15 +0000
@@ -8,6 +8,14 @@
* Work around memory leak in the Python Subversion bindings of svn.ra.get_log().
+ FEATURES
+
+ * Support retrieving credentials from Bazaar rather than relying on Subversions' cache. (#120768)
+
+ BUG FIXES
+
+ * Improved compatibility with Subversion 1.5.
+
bzr-svn 0.4.5 2007-12-01
IMPROVEMENTS
=== modified file 'transport.py'
--- a/transport.py 2007-12-14 15:56:28 +0000
+++ b/transport.py 2007-12-15 02:03:38 +0000
@@ -35,13 +35,21 @@
"""Create a Subversion authentication baton. """
# Give the client context baton a suite of authentication
# providers.h
- providers = [
+ providers = []
+
+ if svn.core.SVN_VER_MAJOR == 1 and svn.core.SVN_VER_MINOR >= 5:
+ import auth
+ providers += auth.SubversionAuthenticationConfig().get_svn_auth_providers()
+ providers += [auth.get_ssl_client_cert_pw_provider(1)]
+
+ providers += [
svn.client.get_simple_provider(pool),
svn.client.get_username_provider(pool),
svn.client.get_ssl_client_cert_file_provider(pool),
svn.client.get_ssl_client_cert_pw_file_provider(pool),
svn.client.get_ssl_server_trust_file_provider(pool),
]
+
return svn.core.svn_auth_open(providers, pool)
More information about the bazaar-commits
mailing list