PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-09 22:21:29 +00:00
Code Issues Projects Releases Wiki Activity

Replace svn_auth.c with function from subversion-1.5.x.

Browse Source 
This is for compatibility with the OS X 10.5 SDK.
This commit is contained in:
david
2012-01-02 05:13:19 +00:00
parent a09fe59558
commit 9729059ccb
2 changed files with 91 additions and 137 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
nmap-update/nmap-update.c
View File

@@ -880,13 +880,12 @@ static svn_error_t *checkout_svn(const char *url, const char *path)
APR_HASH_KEY_STRING); APR_HASH_KEY_STRING);
svn_config_set_bool(cfg, SVN_CONFIG_SECTION_GLOBAL, svn_config_set_bool(cfg, SVN_CONFIG_SECTION_GLOBAL,
SVN_CONFIG_OPTION_SSL_TRUST_DEFAULT_CA, TRUE); SVN_CONFIG_OPTION_SSL_TRUST_DEFAULT_CA, TRUE);
nmap_update_svn_cmdline_create_auth_baton(&ctx->auth_baton, nmap_update_svn_cmdline_setup_auth_baton(&ctx->auth_baton,
FALSE, /* non_interactive */ FALSE, /* non_interactive */
options.username, /* username */ options.username, /* username */
options.password, /* password */ options.password, /* password */
NULL, /* config_dir */ NULL, /* config_dir */
FALSE, /* no_auth_cache */ FALSE, /* no_auth_cache */
FALSE,
cfg, /* cfg */ cfg, /* cfg */
NULL, /* cancel_func */ NULL, /* cancel_func */
NULL, /* cancel_baton */ NULL, /* cancel_baton */

225
nmap-update/svn_auth.c
View File

@@ -1,6 +1,6 @@
/* The functions in this file have been copied from /* The functions in this file have been copied from
subversion-1.6.17/subversion/libsvn_subr/cmdline.c subversion-1.5.x/subversion/libsvn_subr/cmdline.c
subversion-1.6.17/subversion/libsvn_subr/simple_providers.c subversion-1.5.x/subversion/libsvn_subr/simple_providers.c
The point of copying these functions is to disable automatic username The point of copying these functions is to disable automatic username
guessing based on UID, and always prompt for a username unless it is already guessing based on UID, and always prompt for a username unless it is already
defined in the auth cache or in a configuration file. libsvn_cmdline doesn't defined in the auth cache or in a configuration file. libsvn_cmdline doesn't
@@ -9,12 +9,10 @@
minimum amount of code to disable username guessing. minimum amount of code to disable username guessing.
These changes have been made (set off with #if 0): These changes have been made (set off with #if 0):
* Made trust_server_cert always false in svn_cmdline_create_auth_baton. (This
is only to avoid having to also copy in ssl_trust_unknown_server_cert.)
* Disabled username guessing in prompt_for_simple_creds. * Disabled username guessing in prompt_for_simple_creds.
* Made svn_auth_get_simple_prompt_provider have static scope. * Made svn_auth_get_simple_prompt_provider have static scope.
* Put an "nmap_update_" prefix on svn_auth_get_simple_prompt_provider and * Put an "nmap_update_" prefix on svn_auth_get_simple_prompt_provider and
svn_cmdline_create_auth_baton. */ svn_cmdline_setup_auth_baton. */
/* /*
* ==================================================================== * ====================================================================
@@ -52,11 +50,24 @@
#include <svn_types.h> #include <svn_types.h>
#endif #endif
/* The keys that will be stored on disk. These serve the same role as
similar constants in other providers. */ /*-----------------------------------------------------------------------*/
#define AUTHN_USERNAME_KEY "username" /* File provider */
#define AUTHN_PASSWORD_KEY "password" /*-----------------------------------------------------------------------*/
#define AUTHN_PASSTYPE_KEY "passtype"
/* The keys that will be stored on disk */
#define SVN_AUTH__AUTHFILE_USERNAME_KEY "username"
#define SVN_AUTH__AUTHFILE_PASSWORD_KEY "password"
#define SVN_AUTH__AUTHFILE_PASSTYPE_KEY "passtype"
#define SVN_AUTH__SIMPLE_PASSWORD_TYPE "simple"
#define SVN_AUTH__WINCRYPT_PASSWORD_TYPE "wincrypt"
#define SVN_AUTH__KEYCHAIN_PASSWORD_TYPE "keychain"
/*-----------------------------------------------------------------------*/
/* Prompt provider */
/*-----------------------------------------------------------------------*/
/* Baton type for username/password prompting. */ /* Baton type for username/password prompting. */
typedef struct typedef struct
@@ -76,6 +87,7 @@ typedef struct
int retries; int retries;
} simple_prompt_iter_baton_t; } simple_prompt_iter_baton_t;
/*** Helper Functions ***/ /*** Helper Functions ***/
static svn_error_t * static svn_error_t *
prompt_for_simple_creds(svn_auth_cred_simple_t **cred_p, prompt_for_simple_creds(svn_auth_cred_simple_t **cred_p,
@@ -86,8 +98,7 @@ prompt_for_simple_creds(svn_auth_cred_simple_t **cred_p,
svn_boolean_t may_save, svn_boolean_t may_save,
apr_pool_t *pool) apr_pool_t *pool)
{ {
const char *default_username = NULL; const char *def_username = NULL, *def_password = NULL;
const char *default_password = NULL;
*cred_p = NULL; *cred_p = NULL;
@@ -95,12 +106,12 @@ prompt_for_simple_creds(svn_auth_cred_simple_t **cred_p,
so. */ so. */
if (first_time) if (first_time)
{ {
default_username = apr_hash_get(parameters, def_username = apr_hash_get(parameters,
SVN_AUTH_PARAM_DEFAULT_USERNAME, SVN_AUTH_PARAM_DEFAULT_USERNAME,
APR_HASH_KEY_STRING); APR_HASH_KEY_STRING);
/* No default username? Try the auth cache. */ /* No default username? Try the auth cache. */
if (! default_username) if (! def_username)
{ {
const char *config_dir = apr_hash_get(parameters, const char *config_dir = apr_hash_get(parameters,
SVN_AUTH_PARAM_CONFIG_DIR, SVN_AUTH_PARAM_CONFIG_DIR,
@@ -114,37 +125,23 @@ prompt_for_simple_creds(svn_auth_cred_simple_t **cred_p,
svn_error_clear(err); svn_error_clear(err);
if (! err && creds_hash) if (! err && creds_hash)
{ {
str = apr_hash_get(creds_hash, AUTHN_USERNAME_KEY, str = apr_hash_get(creds_hash,
SVN_AUTH__AUTHFILE_USERNAME_KEY,
APR_HASH_KEY_STRING); APR_HASH_KEY_STRING);
if (str && str->data) if (str && str->data)
default_username = str->data; def_username = str->data;
} }
} }
/* Still no default username? Try the 'servers' file. */
if (! default_username)
{
svn_config_t *cfg = apr_hash_get(parameters,
SVN_AUTH_PARAM_CONFIG_CATEGORY_SERVERS,
APR_HASH_KEY_STRING);
const char *server_group = apr_hash_get(parameters,
SVN_AUTH_PARAM_SERVER_GROUP,
APR_HASH_KEY_STRING);
default_username =
svn_config_get_server_setting(cfg, server_group,
SVN_CONFIG_OPTION_USERNAME,
NULL);
}
#if 0 #if 0
/* Still no default username? Try the UID. */ /* Still no default username? Try the UID. */
if (! default_username) if (! def_username)
default_username = svn_user_get_name(pool); def_username = svn_user_get_name(pool);
#endif #endif
default_password = apr_hash_get(parameters, def_password = apr_hash_get(parameters,
SVN_AUTH_PARAM_DEFAULT_PASSWORD, SVN_AUTH_PARAM_DEFAULT_PASSWORD,
APR_HASH_KEY_STRING); APR_HASH_KEY_STRING);
} }
/* If we have defaults, just build the cred here and return it. /* If we have defaults, just build the cred here and return it.
@@ -153,17 +150,17 @@ prompt_for_simple_creds(svn_auth_cred_simple_t **cred_p,
* ### 'defaults' provider that would run before the prompt * ### 'defaults' provider that would run before the prompt
* ### provider... Hmmm. * ### provider... Hmmm.
*/ */
if (default_username && default_password) if (def_username && def_password)
{ {
*cred_p = apr_palloc(pool, sizeof(**cred_p)); *cred_p = apr_palloc(pool, sizeof(**cred_p));
(*cred_p)->username = apr_pstrdup(pool, default_username); (*cred_p)->username = apr_pstrdup(pool, def_username);
(*cred_p)->password = apr_pstrdup(pool, default_password); (*cred_p)->password = apr_pstrdup(pool, def_password);
(*cred_p)->may_save = TRUE; (*cred_p)->may_save = TRUE;
} }
else else
{ {
SVN_ERR(pb->prompt_func(cred_p, pb->prompt_baton, realmstring, SVN_ERR(pb->prompt_func(cred_p, pb->prompt_baton, realmstring,
default_username, may_save, pool)); def_username, may_save, pool));
} }
return SVN_NO_ERROR; return SVN_NO_ERROR;
@@ -213,7 +210,7 @@ simple_prompt_next_creds(void **credentials_p,
SVN_AUTH_PARAM_NO_AUTH_CACHE, SVN_AUTH_PARAM_NO_AUTH_CACHE,
APR_HASH_KEY_STRING); APR_HASH_KEY_STRING);
if ((pb->retry_limit >= 0) && (ib->retries >= pb->retry_limit)) if (ib->retries >= pb->retry_limit)
{ {
/* give up, go on to next provider. */ /* give up, go on to next provider. */
*credentials_p = NULL; *credentials_p = NULL;
@@ -221,9 +218,11 @@ simple_prompt_next_creds(void **credentials_p,
} }
ib->retries++; ib->retries++;
return prompt_for_simple_creds((svn_auth_cred_simple_t **) credentials_p, SVN_ERR(prompt_for_simple_creds((svn_auth_cred_simple_t **) credentials_p,
pb, parameters, realmstring, FALSE, pb, parameters, realmstring, FALSE,
! no_auth_cache, pool); ! no_auth_cache, pool));
return SVN_NO_ERROR;
} }
@@ -257,88 +256,63 @@ nmap_update_svn_auth_get_simple_prompt_provider
} }
svn_error_t * svn_error_t *
nmap_update_svn_cmdline_create_auth_baton(svn_auth_baton_t **ab, nmap_update_svn_cmdline_setup_auth_baton(svn_auth_baton_t **ab,
svn_boolean_t non_interactive, svn_boolean_t non_interactive,
const char *auth_username, const char *auth_username,
const char *auth_password, const char *auth_password,
const char *config_dir, const char *config_dir,
svn_boolean_t no_auth_cache, svn_boolean_t no_auth_cache,
svn_boolean_t trust_server_cert, svn_config_t *cfg,
svn_config_t *cfg, svn_cancel_func_t cancel_func,
svn_cancel_func_t cancel_func, void *cancel_baton,
void *cancel_baton, apr_pool_t *pool)
apr_pool_t *pool)
{ {
svn_boolean_t store_password_val = TRUE; svn_boolean_t store_password_val = TRUE;
svn_boolean_t store_auth_creds_val = TRUE;
svn_auth_provider_object_t *provider; svn_auth_provider_object_t *provider;
svn_cmdline_prompt_baton2_t *pb = NULL;
/* The whole list of registered providers */ /* The whole list of registered providers */
apr_array_header_t *providers; apr_array_header_t *providers
= apr_array_make(pool, 12, sizeof(svn_auth_provider_object_t *));
/* Populate the registered providers with the platform-specific providers */
SVN_ERR(svn_auth_get_platform_specific_client_providers
(&providers, cfg, pool));
/* If we have a cancellation function, cram it and the stuff it
needs into the prompt baton. */
if (cancel_func)
{
pb = apr_palloc(pool, sizeof(*pb));
pb->cancel_func = cancel_func;
pb->cancel_baton = cancel_baton;
pb->config_dir = config_dir;
}
if (non_interactive == FALSE)
{
/* This provider doesn't prompt the user in order to get creds;
it prompts the user regarding the caching of creds. */
svn_auth_get_simple_provider2(&provider,
svn_cmdline_auth_plaintext_prompt,
pb, pool);
}
else
{
svn_auth_get_simple_provider2(&provider, NULL, NULL, pool);
}
/* The main disk-caching auth providers, for both
'username/password' creds and 'username' creds. */
#if defined(WIN32) && !defined(__MINGW32__)
svn_auth_get_windows_simple_provider(&provider, pool);
APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider;
#endif
#ifdef SVN_HAVE_KEYCHAIN_SERVICES
svn_auth_get_keychain_simple_provider(&provider, pool);
APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider;
#endif
svn_auth_get_simple_provider(&provider, pool);
APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider; APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider;
svn_auth_get_username_provider(&provider, pool); svn_auth_get_username_provider(&provider, pool);
APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider; APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider;
/* The server-cert, client-cert, and client-cert-password providers. */ /* The server-cert, client-cert, and client-cert-password providers. */
SVN_ERR(svn_auth_get_platform_specific_provider(&provider, #if defined(WIN32) && !defined(__MINGW32__)
"windows", svn_auth_get_windows_ssl_server_trust_provider(&provider, pool);
"ssl_server_trust", APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider;
pool)); #endif
if (provider)
APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider;
svn_auth_get_ssl_server_trust_file_provider(&provider, pool); svn_auth_get_ssl_server_trust_file_provider(&provider, pool);
APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider; APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider;
svn_auth_get_ssl_client_cert_file_provider(&provider, pool); svn_auth_get_ssl_client_cert_file_provider(&provider, pool);
APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider; APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider;
svn_auth_get_ssl_client_cert_pw_file_provider(&provider, pool);
if (non_interactive == FALSE)
{
/* This provider doesn't prompt the user in order to get creds;
it prompts the user regarding the caching of creds. */
svn_auth_get_ssl_client_cert_pw_file_provider2
(&provider, svn_cmdline_auth_plaintext_passphrase_prompt,
pb, pool);
}
else
{
svn_auth_get_ssl_client_cert_pw_file_provider2(&provider, NULL, NULL,
pool);
}
APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider; APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider;
if (non_interactive == FALSE) if (non_interactive == FALSE)
{ {
svn_cmdline_prompt_baton_t *pb = NULL;
if (cancel_func)
{
pb = apr_palloc(pool, sizeof(*pb));
pb->cancel_func = cancel_func;
pb->cancel_baton = cancel_baton;
}
/* Two basic prompt providers: username/password, and just username. */ /* Two basic prompt providers: username/password, and just username. */
nmap_update_svn_auth_get_simple_prompt_provider(&provider, nmap_update_svn_auth_get_simple_prompt_provider(&provider,
svn_cmdline_auth_simple_prompt, svn_cmdline_auth_simple_prompt,
@@ -366,15 +340,6 @@ nmap_update_svn_cmdline_create_auth_baton(svn_auth_baton_t **ab,
(&provider, svn_cmdline_auth_ssl_client_cert_pw_prompt, pb, 2, pool); (&provider, svn_cmdline_auth_ssl_client_cert_pw_prompt, pb, 2, pool);
APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider; APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider;
} }
#if 0
else if (trust_server_cert)
{
/* Remember, only register this provider if non_interactive. */
svn_auth_get_ssl_server_trust_prompt_provider
(&provider, ssl_trust_unknown_server_cert, NULL, pool);
APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider;
}
#endif
/* Build an authentication baton to give to libsvn_client. */ /* Build an authentication baton to give to libsvn_client. */
svn_auth_open(ab, providers, pool); svn_auth_open(ab, providers, pool);
@@ -396,34 +361,24 @@ nmap_update_svn_cmdline_create_auth_baton(svn_auth_baton_t **ab,
svn_auth_set_parameter(*ab, SVN_AUTH_PARAM_CONFIG_DIR, svn_auth_set_parameter(*ab, SVN_AUTH_PARAM_CONFIG_DIR,
config_dir); config_dir);
/* Determine whether storing passwords in any form is allowed.
* This is the deprecated location for this option, the new
* location is SVN_CONFIG_CATEGORY_SERVERS. The RA layer may
* override the value we set here. */
SVN_ERR(svn_config_get_bool(cfg, &store_password_val, SVN_ERR(svn_config_get_bool(cfg, &store_password_val,
SVN_CONFIG_SECTION_AUTH, SVN_CONFIG_SECTION_AUTH,
SVN_CONFIG_OPTION_STORE_PASSWORDS, SVN_CONFIG_OPTION_STORE_PASSWORDS,
SVN_CONFIG_DEFAULT_OPTION_STORE_PASSWORDS)); TRUE));
if (! store_password_val) if (! store_password_val)
svn_auth_set_parameter(*ab, SVN_AUTH_PARAM_DONT_STORE_PASSWORDS, ""); svn_auth_set_parameter(*ab, SVN_AUTH_PARAM_DONT_STORE_PASSWORDS, "");
/* Determine whether we are allowed to write to the auth/ area. /* There are two different ways the user can disable disk caching
* This is the deprecated location for this option, the new of credentials: either via --no-auth-cache, or in the config
* location is SVN_CONFIG_CATEGORY_SERVERS. The RA layer may file ('store-auth-creds = no'). */
* override the value we set here. */ SVN_ERR(svn_config_get_bool(cfg, &store_password_val,
SVN_ERR(svn_config_get_bool(cfg, &store_auth_creds_val,
SVN_CONFIG_SECTION_AUTH, SVN_CONFIG_SECTION_AUTH,
SVN_CONFIG_OPTION_STORE_AUTH_CREDS, SVN_CONFIG_OPTION_STORE_AUTH_CREDS,
SVN_CONFIG_DEFAULT_OPTION_STORE_AUTH_CREDS)); TRUE));
if (no_auth_cache || ! store_auth_creds_val) if (no_auth_cache || ! store_password_val)
svn_auth_set_parameter(*ab, SVN_AUTH_PARAM_NO_AUTH_CACHE, ""); svn_auth_set_parameter(*ab, SVN_AUTH_PARAM_NO_AUTH_CACHE, "");
#ifdef SVN_HAVE_GNOME_KEYRING
svn_auth_set_parameter(*ab, SVN_AUTH_PARAM_GNOME_KEYRING_UNLOCK_PROMPT_FUNC,
&svn_cmdline__auth_gnome_keyring_unlock_prompt);
#endif /* SVN_HAVE_GNOME_KEYRING */
return SVN_NO_ERROR; return SVN_NO_ERROR;
} }