PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-07 05:01:29 +00:00
Code Issues Projects Releases Wiki Activity

Replace svn_auth.c with function from subversion-1.5.x.

Browse Source 
This is for compatibility with the OS X 10.5 SDK.
This commit is contained in:
david
2012-01-02 05:13:19 +00:00
parent a09fe59558
commit 9729059ccb
2 changed files with 91 additions and 137 deletions
Download Patch File Download Diff File Expand all files Collapse all files

225
nmap-update/svn_auth.c
View File

@@ -1,6 +1,6 @@
/* The functions in this file have been copied from
subversion-1.6.17/subversion/libsvn_subr/cmdline.c
subversion-1.6.17/subversion/libsvn_subr/simple_providers.c
subversion-1.5.x/subversion/libsvn_subr/cmdline.c
subversion-1.5.x/subversion/libsvn_subr/simple_providers.c
The point of copying these functions is to disable automatic username
guessing based on UID, and always prompt for a username unless it is already
defined in the auth cache or in a configuration file. libsvn_cmdline doesn't
@@ -9,12 +9,10 @@
minimum amount of code to disable username guessing.
These changes have been made (set off with #if 0):
* Made trust_server_cert always false in svn_cmdline_create_auth_baton. (This
is only to avoid having to also copy in ssl_trust_unknown_server_cert.)
* Disabled username guessing in prompt_for_simple_creds.
* Made svn_auth_get_simple_prompt_provider have static scope.
* Put an "nmap_update_" prefix on svn_auth_get_simple_prompt_provider and
svn_cmdline_create_auth_baton. */
svn_cmdline_setup_auth_baton. */
/*
* ====================================================================
@@ -52,11 +50,24 @@
#include <svn_types.h>
#endif
/* The keys that will be stored on disk. These serve the same role as
similar constants in other providers. */
#define AUTHN_USERNAME_KEY "username"
#define AUTHN_PASSWORD_KEY "password"
#define AUTHN_PASSTYPE_KEY "passtype"
/*-----------------------------------------------------------------------*/
/* File provider */
/*-----------------------------------------------------------------------*/
/* The keys that will be stored on disk */
#define SVN_AUTH__AUTHFILE_USERNAME_KEY "username"
#define SVN_AUTH__AUTHFILE_PASSWORD_KEY "password"
#define SVN_AUTH__AUTHFILE_PASSTYPE_KEY "passtype"
#define SVN_AUTH__SIMPLE_PASSWORD_TYPE "simple"
#define SVN_AUTH__WINCRYPT_PASSWORD_TYPE "wincrypt"
#define SVN_AUTH__KEYCHAIN_PASSWORD_TYPE "keychain"
/*-----------------------------------------------------------------------*/
/* Prompt provider */
/*-----------------------------------------------------------------------*/
/* Baton type for username/password prompting. */
typedef struct
@@ -76,6 +87,7 @@ typedef struct
int retries;
} simple_prompt_iter_baton_t;
/*** Helper Functions ***/
static svn_error_t *
prompt_for_simple_creds(svn_auth_cred_simple_t **cred_p,
@@ -86,8 +98,7 @@ prompt_for_simple_creds(svn_auth_cred_simple_t **cred_p,
svn_boolean_t may_save,
apr_pool_t *pool)
{
const char *default_username = NULL;
const char *default_password = NULL;
const char *def_username = NULL, *def_password = NULL;
*cred_p = NULL;
@@ -95,12 +106,12 @@ prompt_for_simple_creds(svn_auth_cred_simple_t **cred_p,
so. */
if (first_time)
{
default_username = apr_hash_get(parameters,
SVN_AUTH_PARAM_DEFAULT_USERNAME,
APR_HASH_KEY_STRING);
def_username = apr_hash_get(parameters,
SVN_AUTH_PARAM_DEFAULT_USERNAME,
APR_HASH_KEY_STRING);
/* No default username? Try the auth cache. */
if (! default_username)
if (! def_username)
{
const char *config_dir = apr_hash_get(parameters,
SVN_AUTH_PARAM_CONFIG_DIR,
@@ -114,37 +125,23 @@ prompt_for_simple_creds(svn_auth_cred_simple_t **cred_p,
svn_error_clear(err);
if (! err && creds_hash)
{
str = apr_hash_get(creds_hash, AUTHN_USERNAME_KEY,
str = apr_hash_get(creds_hash,
SVN_AUTH__AUTHFILE_USERNAME_KEY,
APR_HASH_KEY_STRING);
if (str && str->data)
default_username = str->data;
def_username = str->data;
}
}
/* Still no default username? Try the 'servers' file. */
if (! default_username)
{
svn_config_t *cfg = apr_hash_get(parameters,
SVN_AUTH_PARAM_CONFIG_CATEGORY_SERVERS,
APR_HASH_KEY_STRING);
const char *server_group = apr_hash_get(parameters,
SVN_AUTH_PARAM_SERVER_GROUP,
APR_HASH_KEY_STRING);
default_username =
svn_config_get_server_setting(cfg, server_group,
SVN_CONFIG_OPTION_USERNAME,
NULL);
}
#if 0
/* Still no default username? Try the UID. */
if (! default_username)
default_username = svn_user_get_name(pool);
if (! def_username)
def_username = svn_user_get_name(pool);
#endif
default_password = apr_hash_get(parameters,
SVN_AUTH_PARAM_DEFAULT_PASSWORD,
APR_HASH_KEY_STRING);
def_password = apr_hash_get(parameters,
SVN_AUTH_PARAM_DEFAULT_PASSWORD,
APR_HASH_KEY_STRING);
}
/* If we have defaults, just build the cred here and return it.
@@ -153,17 +150,17 @@ prompt_for_simple_creds(svn_auth_cred_simple_t **cred_p,
* ### 'defaults' provider that would run before the prompt
* ### provider... Hmmm.
*/
if (default_username && default_password)
if (def_username && def_password)
{
*cred_p = apr_palloc(pool, sizeof(**cred_p));
(*cred_p)->username = apr_pstrdup(pool, default_username);
(*cred_p)->password = apr_pstrdup(pool, default_password);
(*cred_p)->username = apr_pstrdup(pool, def_username);
(*cred_p)->password = apr_pstrdup(pool, def_password);
(*cred_p)->may_save = TRUE;
}
else
{
SVN_ERR(pb->prompt_func(cred_p, pb->prompt_baton, realmstring,
default_username, may_save, pool));
def_username, may_save, pool));
}
return SVN_NO_ERROR;
@@ -213,7 +210,7 @@ simple_prompt_next_creds(void **credentials_p,
SVN_AUTH_PARAM_NO_AUTH_CACHE,
APR_HASH_KEY_STRING);
if ((pb->retry_limit >= 0) && (ib->retries >= pb->retry_limit))
if (ib->retries >= pb->retry_limit)
{
/* give up, go on to next provider. */
*credentials_p = NULL;
@@ -221,9 +218,11 @@ simple_prompt_next_creds(void **credentials_p,
}
ib->retries++;
return prompt_for_simple_creds((svn_auth_cred_simple_t **) credentials_p,
pb, parameters, realmstring, FALSE,
! no_auth_cache, pool);
SVN_ERR(prompt_for_simple_creds((svn_auth_cred_simple_t **) credentials_p,
pb, parameters, realmstring, FALSE,
! no_auth_cache, pool));
return SVN_NO_ERROR;
}
@@ -257,88 +256,63 @@ nmap_update_svn_auth_get_simple_prompt_provider
}
svn_error_t *
nmap_update_svn_cmdline_create_auth_baton(svn_auth_baton_t **ab,
svn_boolean_t non_interactive,
const char *auth_username,
const char *auth_password,
const char *config_dir,
svn_boolean_t no_auth_cache,
svn_boolean_t trust_server_cert,
svn_config_t *cfg,
svn_cancel_func_t cancel_func,
void *cancel_baton,
apr_pool_t *pool)
nmap_update_svn_cmdline_setup_auth_baton(svn_auth_baton_t **ab,
svn_boolean_t non_interactive,
const char *auth_username,
const char *auth_password,
const char *config_dir,
svn_boolean_t no_auth_cache,
svn_config_t *cfg,
svn_cancel_func_t cancel_func,
void *cancel_baton,
apr_pool_t *pool)
{
svn_boolean_t store_password_val = TRUE;
svn_boolean_t store_auth_creds_val = TRUE;
svn_auth_provider_object_t *provider;
svn_cmdline_prompt_baton2_t *pb = NULL;
/* The whole list of registered providers */
apr_array_header_t *providers;
/* Populate the registered providers with the platform-specific providers */
SVN_ERR(svn_auth_get_platform_specific_client_providers
(&providers, cfg, pool));
/* If we have a cancellation function, cram it and the stuff it
needs into the prompt baton. */
if (cancel_func)
{
pb = apr_palloc(pool, sizeof(*pb));
pb->cancel_func = cancel_func;
pb->cancel_baton = cancel_baton;
pb->config_dir = config_dir;
}
if (non_interactive == FALSE)
{
/* This provider doesn't prompt the user in order to get creds;
it prompts the user regarding the caching of creds. */
svn_auth_get_simple_provider2(&provider,
svn_cmdline_auth_plaintext_prompt,
pb, pool);
}
else
{
svn_auth_get_simple_provider2(&provider, NULL, NULL, pool);
}
apr_array_header_t *providers
= apr_array_make(pool, 12, sizeof(svn_auth_provider_object_t *));
/* The main disk-caching auth providers, for both
'username/password' creds and 'username' creds. */
#if defined(WIN32) && !defined(__MINGW32__)
svn_auth_get_windows_simple_provider(&provider, pool);
APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider;
#endif
#ifdef SVN_HAVE_KEYCHAIN_SERVICES
svn_auth_get_keychain_simple_provider(&provider, pool);
APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider;
#endif
svn_auth_get_simple_provider(&provider, pool);
APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider;
svn_auth_get_username_provider(&provider, pool);
APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider;
/* The server-cert, client-cert, and client-cert-password providers. */
SVN_ERR(svn_auth_get_platform_specific_provider(&provider,
"windows",
"ssl_server_trust",
pool));
if (provider)
APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider;
#if defined(WIN32) && !defined(__MINGW32__)
svn_auth_get_windows_ssl_server_trust_provider(&provider, pool);
APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider;
#endif
svn_auth_get_ssl_server_trust_file_provider(&provider, pool);
APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider;
svn_auth_get_ssl_client_cert_file_provider(&provider, pool);
APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider;
if (non_interactive == FALSE)
{
/* This provider doesn't prompt the user in order to get creds;
it prompts the user regarding the caching of creds. */
svn_auth_get_ssl_client_cert_pw_file_provider2
(&provider, svn_cmdline_auth_plaintext_passphrase_prompt,
pb, pool);
}
else
{
svn_auth_get_ssl_client_cert_pw_file_provider2(&provider, NULL, NULL,
pool);
}
svn_auth_get_ssl_client_cert_pw_file_provider(&provider, pool);
APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider;
if (non_interactive == FALSE)
{
svn_cmdline_prompt_baton_t *pb = NULL;
if (cancel_func)
{
pb = apr_palloc(pool, sizeof(*pb));
pb->cancel_func = cancel_func;
pb->cancel_baton = cancel_baton;
}
/* Two basic prompt providers: username/password, and just username. */
nmap_update_svn_auth_get_simple_prompt_provider(&provider,
svn_cmdline_auth_simple_prompt,
@@ -366,15 +340,6 @@ nmap_update_svn_cmdline_create_auth_baton(svn_auth_baton_t **ab,
(&provider, svn_cmdline_auth_ssl_client_cert_pw_prompt, pb, 2, pool);
APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider;
}
#if 0
else if (trust_server_cert)
{
/* Remember, only register this provider if non_interactive. */
svn_auth_get_ssl_server_trust_prompt_provider
(&provider, ssl_trust_unknown_server_cert, NULL, pool);
APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider;
}
#endif
/* Build an authentication baton to give to libsvn_client. */
svn_auth_open(ab, providers, pool);
@@ -396,34 +361,24 @@ nmap_update_svn_cmdline_create_auth_baton(svn_auth_baton_t **ab,
svn_auth_set_parameter(*ab, SVN_AUTH_PARAM_CONFIG_DIR,
config_dir);
/* Determine whether storing passwords in any form is allowed.
* This is the deprecated location for this option, the new
* location is SVN_CONFIG_CATEGORY_SERVERS. The RA layer may
* override the value we set here. */
SVN_ERR(svn_config_get_bool(cfg, &store_password_val,
SVN_CONFIG_SECTION_AUTH,
SVN_CONFIG_OPTION_STORE_PASSWORDS,
SVN_CONFIG_DEFAULT_OPTION_STORE_PASSWORDS));
TRUE));
if (! store_password_val)
svn_auth_set_parameter(*ab, SVN_AUTH_PARAM_DONT_STORE_PASSWORDS, "");
/* Determine whether we are allowed to write to the auth/ area.
* This is the deprecated location for this option, the new
* location is SVN_CONFIG_CATEGORY_SERVERS. The RA layer may
* override the value we set here. */
SVN_ERR(svn_config_get_bool(cfg, &store_auth_creds_val,
/* There are two different ways the user can disable disk caching
of credentials: either via --no-auth-cache, or in the config
file ('store-auth-creds = no'). */
SVN_ERR(svn_config_get_bool(cfg, &store_password_val,
SVN_CONFIG_SECTION_AUTH,
SVN_CONFIG_OPTION_STORE_AUTH_CREDS,
SVN_CONFIG_DEFAULT_OPTION_STORE_AUTH_CREDS));
TRUE));
if (no_auth_cache || ! store_auth_creds_val)
if (no_auth_cache || ! store_password_val)
svn_auth_set_parameter(*ab, SVN_AUTH_PARAM_NO_AUTH_CACHE, "");
#ifdef SVN_HAVE_GNOME_KEYRING
svn_auth_set_parameter(*ab, SVN_AUTH_PARAM_GNOME_KEYRING_UNLOCK_PROMPT_FUNC,
&svn_cmdline__auth_gnome_keyring_unlock_prompt);
#endif /* SVN_HAVE_GNOME_KEYRING */
return SVN_NO_ERROR;
}