Author: cmpilato Date: Thu Apr 5 19:36:04 2012 New Revision: 1310031 URL: http://svn.apache.org/viewvc?rev=1310031&view=rev Log: Some logic abstraction / API isolation.
Reviewed by: pburba * subversion/libsvn_subr/win32_crypto.c (encrypt_data, decrypt_data): New helper functions which isolate the actual interaction with the Win32 Crypto API, abstracted from ... (windows_password_encrypter, windows_ssl_client_cert_pw_encrypter, windows_password_decrypter, windows_ssl_client_cert_pw_decrypter): ... these functions, which now defer to the new helpers. Modified: subversion/trunk/subversion/libsvn_subr/win32_crypto.c Modified: subversion/trunk/subversion/libsvn_subr/win32_crypto.c URL: http://svn.apache.org/viewvc/subversion/trunk/subversion/libsvn_subr/win32_crypto.c?rev=1310031&r1=1310030&r2=1310031&view=diff ============================================================================== --- subversion/trunk/subversion/libsvn_subr/win32_crypto.c (original) +++ subversion/trunk/subversion/libsvn_subr/win32_crypto.c Thu Apr 5 19:36:04 2012 @@ -28,28 +28,77 @@ /*** Includes. ***/ #include <apr_pools.h> +#include <apr_base64.h> #include "svn_auth.h" #include "svn_error.h" #include "svn_utf.h" #include "svn_config.h" #include "svn_user.h" +#include "svn_base64.h" #include "private/svn_auth_private.h" #include "svn_private_config.h" #include <wincrypt.h> -#include <apr_base64.h> - -/*-----------------------------------------------------------------------*/ -/* Windows simple provider, encrypts the password on Win2k and later. */ -/*-----------------------------------------------------------------------*/ + /* The description string that's combined with unencrypted data by the Windows CryptoAPI. Used during decryption to verify that the encrypted data were valid. */ static const WCHAR description[] = L"auth_svn.simple.wincrypt"; + +/* Return a copy of ORIG, encrypted using the Windows CryptoAPI and + allocated from POOL. */ +const svn_string_t * +encrypt_data(const svn_string_t *orig, + apr_pool_t *pool) +{ + DATA_BLOB blobin; + DATA_BLOB blobout; + const svn_string_t *crypted = NULL; + + blobin.cbData = orig->len; + blobin.pbData = (BYTE *)orig->data; + if (CryptProtectData(&blobin, description, NULL, NULL, NULL, + CRYPTPROTECT_UI_FORBIDDEN, &blobout)) + { + crypted = svn_string_ncreate(blobout.pbData, blobout.cbData, pool); + LocalFree(blobout.pbData); + } + return crypted; +} + +/* Return a copy of CRYPTED, decrypted using the Windows CryptoAPI and + allocated from POOL. */ +const svn_string_t * +decrypt_data(const svn_string_t *crypted, + apr_pool_t *pool) +{ + DATA_BLOB blobin; + DATA_BLOB blobout; + LPWSTR descr; + const svn_string_t *orig = NULL; + + blobin.cbData = crypted->len; + blobin.pbData = (BYTE *)crypted->data; + if (CryptUnprotectData(&blobin, &descr, NULL, NULL, NULL, + CRYPTPROTECT_UI_FORBIDDEN, &blobout)) + { + if (0 == lstrcmpW(descr, description)) + orig = svn_string_ncreate(blobout.pbData, blobout.cbData, pool); + LocalFree(blobout.pbData); + LocalFree(descr); + } + return orig; +} + + +/*-----------------------------------------------------------------------*/ +/* Windows simple provider, encrypts the password on Win2k and later. */ +/*-----------------------------------------------------------------------*/ + /* Implementation of svn_auth__password_set_t that encrypts the incoming password using the Windows CryptoAPI. */ static svn_error_t * @@ -62,22 +111,15 @@ windows_password_encrypter(svn_boolean_t svn_boolean_t non_interactive, apr_pool_t *pool) { - DATA_BLOB blobin; - DATA_BLOB blobout; - svn_boolean_t crypted; + const svn_string_t *coded; - blobin.cbData = strlen(in); - blobin.pbData = (BYTE*) in; - crypted = CryptProtectData(&blobin, description, NULL, NULL, NULL, - CRYPTPROTECT_UI_FORBIDDEN, &blobout); - if (crypted) + coded = encrypt_data(svn_string_create(in, pool), pool); + if (coded) { - char *coded = apr_palloc(pool, apr_base64_encode_len(blobout.cbData)); - apr_base64_encode(coded, (const char*)blobout.pbData, blobout.cbData); + coded = svn_base64_encode_string2(coded, FALSE, pool); SVN_ERR(svn_auth__simple_password_set(done, creds, realmstring, username, - coded, parameters, + coded->data, parameters, non_interactive, pool)); - LocalFree(blobout.pbData); } return SVN_NO_ERROR; @@ -96,33 +138,25 @@ windows_password_decrypter(svn_boolean_t svn_boolean_t non_interactive, apr_pool_t *pool) { - DATA_BLOB blobin; - DATA_BLOB blobout; - LPWSTR descr; - svn_boolean_t decrypted; - char *in; + const svn_string_t *orig; + const char *in; SVN_ERR(svn_auth__simple_password_get(done, &in, creds, realmstring, username, parameters, non_interactive, pool)); if (!done) return SVN_NO_ERROR; - blobin.cbData = strlen(in); - blobin.pbData = apr_palloc(pool, apr_base64_decode_len(in)); - apr_base64_decode((char*)blobin.pbData, in); - decrypted = CryptUnprotectData(&blobin, &descr, NULL, NULL, NULL, - CRYPTPROTECT_UI_FORBIDDEN, &blobout); - if (decrypted) + orig = svn_base64_decode_string(svn_string_create(in, pool), pool); + orig = decrypt_data(orig, pool); + if (orig) { - if (0 == lstrcmpW(descr, description)) - *out = apr_pstrndup(pool, (const char*)blobout.pbData, blobout.cbData); - else - decrypted = FALSE; - LocalFree(blobout.pbData); - LocalFree(descr); + *out = orig->data; + *done = TRUE; + } + else + { + *done = FALSE; } - - *done = decrypted; return SVN_NO_ERROR; } @@ -200,22 +234,16 @@ windows_ssl_client_cert_pw_encrypter(svn svn_boolean_t non_interactive, apr_pool_t *pool) { - DATA_BLOB blobin; - DATA_BLOB blobout; - svn_boolean_t crypted; + const svn_string_t *coded; - blobin.cbData = strlen(in); - blobin.pbData = (BYTE*) in; - crypted = CryptProtectData(&blobin, description, NULL, NULL, NULL, - CRYPTPROTECT_UI_FORBIDDEN, &blobout); - if (crypted) + coded = encrypt_data(svn_string_create(in, pool), pool); + if (coded) { - char *coded = apr_palloc(pool, apr_base64_encode_len(blobout.cbData)); - apr_base64_encode(coded, (const char*)blobout.pbData, blobout.cbData); + coded = svn_base64_encode_string2(coded, FALSE, pool); SVN_ERR(svn_auth__ssl_client_cert_pw_set(done, creds, realmstring, - username, coded, parameters, - non_interactive, pool)); - LocalFree(blobout.pbData); + username, coded->data, + parameters, non_interactive, + pool)); } return SVN_NO_ERROR; @@ -234,11 +262,8 @@ windows_ssl_client_cert_pw_decrypter(svn svn_boolean_t non_interactive, apr_pool_t *pool) { - DATA_BLOB blobin; - DATA_BLOB blobout; - LPWSTR descr; - svn_boolean_t decrypted; - char *in; + const svn_string_t *orig; + const char *in; SVN_ERR(svn_auth__ssl_client_cert_pw_get(done, &in, creds, realmstring, username, parameters, @@ -246,22 +271,17 @@ windows_ssl_client_cert_pw_decrypter(svn if (!done) return SVN_NO_ERROR; - blobin.cbData = strlen(in); - blobin.pbData = apr_palloc(pool, apr_base64_decode_len(in)); - apr_base64_decode((char*)blobin.pbData, in); - decrypted = CryptUnprotectData(&blobin, &descr, NULL, NULL, NULL, - CRYPTPROTECT_UI_FORBIDDEN, &blobout); - if (decrypted) + orig = svn_base64_decode_string(svn_string_create(in, pool), pool); + orig = decrypt_data(orig, pool); + if (orig) { - if (0 == lstrcmpW(descr, description)) - *out = apr_pstrndup(pool, (const char*)blobout.pbData, blobout.cbData); - else - decrypted = FALSE; - LocalFree(blobout.pbData); - LocalFree(descr); + *out = orig->data; + *done = TRUE; + } + else + { + *done = FALSE; } - - *done = decrypted; return SVN_NO_ERROR; }