Author: svn-role
Date: Thu Mar 19 18:23:29 2015
New Revision: 1667829
URL: http://svn.apache.org/r1667829
Log:
Merge the r1664078 group from trunk:
*
r1664078,r1664080,r1664187,r1664191,r1664200,r1664344,r1664588,r1664927,r1665886
Instead of making more changes to the auth batons from ra sessions, reduce
the number of changes by introducing an internal slave auth baton feature.
Justification:
Without this patch (or a complete redesign of the auth layer), the
ra sessions cache (currently on a feature branch), will open the ra
sessions from outside configuration changes caused by opening other
ra sessions. This patch not only reverts the additional changes to the
auth baton on init that are new in 1.9, but also removes cases where we
already applied similar changes inside specific ra providers.
Notes:
The reason I group this under release blockers, is to avoid the behavior
change introduced in r1609499 from reaching released versions. The changes
itself are safe for a later backport as it only affects ra-session
internal state.
Votes:
+1: rhuijben, brane, philip
Modified:
subversion/branches/1.9.x/ (props changed)
subversion/branches/1.9.x/STATUS
subversion/branches/1.9.x/subversion/include/private/svn_auth_private.h
subversion/branches/1.9.x/subversion/libsvn_ra/ra_loader.c
subversion/branches/1.9.x/subversion/libsvn_ra/ra_loader.h
subversion/branches/1.9.x/subversion/libsvn_ra/wrapper_template.h
subversion/branches/1.9.x/subversion/libsvn_ra_local/ra_local.h
subversion/branches/1.9.x/subversion/libsvn_ra_local/ra_plugin.c
subversion/branches/1.9.x/subversion/libsvn_ra_serf/ra_serf.h
subversion/branches/1.9.x/subversion/libsvn_ra_serf/serf.c
subversion/branches/1.9.x/subversion/libsvn_ra_serf/util.c
subversion/branches/1.9.x/subversion/libsvn_ra_svn/client.c
subversion/branches/1.9.x/subversion/libsvn_ra_svn/cyrus_auth.c
subversion/branches/1.9.x/subversion/libsvn_ra_svn/internal_auth.c
subversion/branches/1.9.x/subversion/libsvn_ra_svn/ra_svn.h
subversion/branches/1.9.x/subversion/libsvn_subr/auth.c
Propchange: subversion/branches/1.9.x/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Thu Mar 19 18:23:29 2015
@@ -89,4 +89,4 @@
/subversion/branches/verify-at-commit:1462039-1462408
/subversion/branches/verify-keep-going:1439280-1546110
/subversion/branches/wc-collate-path:1402685-1480384
-/subversion/trunk:1660545-1660547,1660549-1662901,1663003,1663450,1663697,1663706,1663749,1664084-1664085,1664476,1664480-1664481,1664483,1664507,1664520-1664521,1664523,1664526-1664527,1664531-1664532,1665164,1665611-1665612,1665845,1665850,1665852
+/subversion/trunk:1660545-1660547,1660549-1662901,1663003,1663450,1663697,1663706,1663749,1664078,1664080,1664084-1664085,1664187,1664191,1664200,1664344,1664476,1664480-1664481,1664483,1664507,1664520-1664521,1664523,1664526-1664527,1664531-1664532,1664588,1664927,1665164,1665611-1665612,1665845,1665850,1665852,1665886
Modified: subversion/branches/1.9.x/STATUS
URL:
http://svn.apache.org/viewvc/subversion/branches/1.9.x/STATUS?rev=1667829&r1=1667828&r2=1667829&view=diff
==============================================================================
--- subversion/branches/1.9.x/STATUS (original)
+++ subversion/branches/1.9.x/STATUS Thu Mar 19 18:23:29 2015
@@ -178,24 +178,6 @@ Veto-blocked changes:
Approved changes:
=================
- *
r1664078,r1664080,r1664187,r1664191,r1664200,r1664344,r1664588,r1664927,r1665886
- Instead of making more changes to the auth batons from ra sessions, reduce
- the number of changes by introducing an internal slave auth baton feature.
- Justification:
- Without this patch (or a complete redesign of the auth layer), the
- ra sessions cache (currently on a feature branch), will open the ra
- sessions from outside configuration changes caused by opening other
- ra sessions. This patch not only reverts the additional changes to the
- auth baton on init that are new in 1.9, but also removes cases where we
- already applied similar changes inside specific ra providers.
- Notes:
- The reason I group this under release blockers, is to avoid the behavior
- change introduced in r1609499 from reaching released versions. The changes
- itself are safe for a later backport as it only affects ra-session
- internal state.
- Votes:
- +1: rhuijben, brane, philip
-
* r1663338, r1663347, r1663374
Properly record resolving of individual property conflicts.
Justification:
Modified:
subversion/branches/1.9.x/subversion/include/private/svn_auth_private.h
URL:
http://svn.apache.org/viewvc/subversion/branches/1.9.x/subversion/include/private/svn_auth_private.h?rev=1667829&r1=1667828&r2=1667829&view=diff
==============================================================================
--- subversion/branches/1.9.x/subversion/include/private/svn_auth_private.h
(original)
+++ subversion/branches/1.9.x/subversion/include/private/svn_auth_private.h Thu
Mar 19 18:23:29 2015
@@ -234,10 +234,12 @@ svn_auth__ssl_client_cert_pw_set(svn_boo
/* Apply the specified configuration for connecting with SERVER_NAME
to the auth baton */
svn_error_t *
-svn_auth__apply_config_for_server(svn_auth_baton_t *ab,
- apr_hash_t *config,
- const char *server_name,
- apr_pool_t *scratch_pool);
+svn_auth__make_session_auth(svn_auth_baton_t **session_auth_baton,
+ const svn_auth_baton_t *auth_baton,
+ apr_hash_t *config,
+ const char *server_name,
+ apr_pool_t *result_pool,
+ apr_pool_t *scratch_pool);
#if (defined(WIN32) && !defined(__MINGW32__)) || defined(DOXYGEN)
/**
Modified: subversion/branches/1.9.x/subversion/libsvn_ra/ra_loader.c
URL:
http://svn.apache.org/viewvc/subversion/branches/1.9.x/subversion/libsvn_ra/ra_loader.c?rev=1667829&r1=1667828&r2=1667829&view=diff
==============================================================================
--- subversion/branches/1.9.x/subversion/libsvn_ra/ra_loader.c (original)
+++ subversion/branches/1.9.x/subversion/libsvn_ra/ra_loader.c Thu Mar 19
18:23:29 2015
@@ -266,6 +266,7 @@ svn_error_t *svn_ra_open4(svn_ra_session
apr_pool_t *pool)
{
apr_pool_t *sesspool = svn_pool_create(pool);
+ apr_pool_t *scratch_pool = svn_pool_create(sesspool);
svn_ra_session_t *session;
const struct ra_lib_defn *defn;
const svn_ra__vtable_t *vtable = NULL;
@@ -275,6 +276,7 @@ svn_error_t *svn_ra_open4(svn_ra_session
#ifdef CHOOSABLE_DAV_MODULE
const char *http_library = DEFAULT_HTTP_LIBRARY;
#endif
+ svn_auth_baton_t *auth_baton;
/* Initialize the return variable. */
*session_p = NULL;
@@ -290,8 +292,12 @@ svn_error_t *svn_ra_open4(svn_ra_session
repos_URL);
if (callbacks->auth_baton)
- SVN_ERR(svn_auth__apply_config_for_server(callbacks->auth_baton, config,
- repos_URI.hostname, sesspool));
+ SVN_ERR(svn_auth__make_session_auth(&auth_baton,
+ callbacks->auth_baton, config,
+ repos_URI.hostname,
+ sesspool, scratch_pool));
+ else
+ auth_baton = NULL;
#ifdef CHOOSABLE_DAV_MODULE
if (config)
@@ -344,16 +350,16 @@ svn_error_t *svn_ra_open4(svn_ra_session
if (! initfunc)
SVN_ERR(load_ra_module(&initfunc, NULL, defn->ra_name,
- sesspool));
+ scratch_pool));
if (! initfunc)
/* Library not found. */
continue;
- SVN_ERR(initfunc(svn_ra_version(), &vtable, sesspool));
+ SVN_ERR(initfunc(svn_ra_version(), &vtable, scratch_pool));
SVN_ERR(check_ra_version(vtable->get_version(), scheme));
- if (! has_scheme_of(vtable->get_schemes(sesspool), repos_URL))
+ if (! has_scheme_of(vtable->get_schemes(scratch_pool), repos_URL))
/* Library doesn't support the scheme at runtime. */
continue;
@@ -377,10 +383,12 @@ svn_error_t *svn_ra_open4(svn_ra_session
/* Ask the library to open the session. */
err = vtable->open_session(session, corrected_url_p,
repos_URL,
- callbacks, callback_baton, config, sesspool);
+ callbacks, callback_baton, auth_baton,
+ config, sesspool, scratch_pool);
if (err)
{
+ svn_pool_destroy(sesspool); /* Includes scratch_pool */
if (err->apr_err == SVN_ERR_RA_SESSION_URL_MISMATCH)
return svn_error_trace(err);
@@ -398,7 +406,7 @@ svn_error_t *svn_ra_open4(svn_ra_session
{
/* *session_p = NULL; */
*corrected_url_p = apr_pstrdup(pool, *corrected_url_p);
- svn_pool_destroy(sesspool);
+ svn_pool_destroy(sesspool); /* Includes scratch_pool */
return SVN_NO_ERROR;
}
@@ -412,7 +420,7 @@ svn_error_t *svn_ra_open4(svn_ra_session
{
/* Duplicate the uuid as it is allocated in sesspool */
repository_uuid = apr_pstrdup(pool, repository_uuid);
- svn_pool_destroy(sesspool);
+ svn_pool_destroy(sesspool); /* includes scratch_pool */
return svn_error_createf(SVN_ERR_RA_UUID_MISMATCH, NULL,
_("Repository UUID '%s' doesn't match "
"expected UUID '%s'"),
@@ -420,6 +428,7 @@ svn_error_t *svn_ra_open4(svn_ra_session
}
}
+ svn_pool_destroy(scratch_pool);
*session_p = session;
return SVN_NO_ERROR;
}
Modified: subversion/branches/1.9.x/subversion/libsvn_ra/ra_loader.h
URL:
http://svn.apache.org/viewvc/subversion/branches/1.9.x/subversion/libsvn_ra/ra_loader.h?rev=1667829&r1=1667828&r2=1667829&view=diff
==============================================================================
--- subversion/branches/1.9.x/subversion/libsvn_ra/ra_loader.h (original)
+++ subversion/branches/1.9.x/subversion/libsvn_ra/ra_loader.h Thu Mar 19
18:23:29 2015
@@ -61,8 +61,10 @@ typedef struct svn_ra__vtable_t {
const char *session_URL,
const svn_ra_callbacks2_t *callbacks,
void *callback_baton,
+ svn_auth_baton_t *auth_baton,
apr_hash_t *config,
- apr_pool_t *pool);
+ apr_pool_t *result_pool,
+ apr_pool_t *scratch_pool);
/* Backs svn_ra_dup_session */
svn_error_t * (*dup_session)(svn_ra_session_t *new_session,
svn_ra_session_t *old_session,
Modified: subversion/branches/1.9.x/subversion/libsvn_ra/wrapper_template.h
URL:
http://svn.apache.org/viewvc/subversion/branches/1.9.x/subversion/libsvn_ra/wrapper_template.h?rev=1667829&r1=1667828&r2=1667829&view=diff
==============================================================================
--- subversion/branches/1.9.x/subversion/libsvn_ra/wrapper_template.h (original)
+++ subversion/branches/1.9.x/subversion/libsvn_ra/wrapper_template.h Thu Mar
19 18:23:29 2015
@@ -91,7 +91,9 @@ static svn_error_t *compat_open(void **s
callbacks2->progress_baton = NULL;
SVN_ERR(VTBL.open_session(sess, &session_url, repos_URL,
- callbacks2, callback_baton, config, sesspool));
+ callbacks2, callback_baton,
+ callbacks ? callbacks->auth_baton : NULL,
+ config, sesspool, sesspool));
if (strcmp(repos_URL, session_url) != 0)
{
Modified: subversion/branches/1.9.x/subversion/libsvn_ra_local/ra_local.h
URL:
http://svn.apache.org/viewvc/subversion/branches/1.9.x/subversion/libsvn_ra_local/ra_local.h?rev=1667829&r1=1667828&r2=1667829&view=diff
==============================================================================
--- subversion/branches/1.9.x/subversion/libsvn_ra_local/ra_local.h (original)
+++ subversion/branches/1.9.x/subversion/libsvn_ra_local/ra_local.h Thu Mar 19
18:23:29 2015
@@ -63,6 +63,9 @@ typedef struct svn_ra_local__session_bat
const svn_ra_callbacks2_t *callbacks;
void *callback_baton;
+ /* Slave auth baton */
+ svn_auth_baton_t *auth_baton;
+
const char *useragent;
} svn_ra_local__session_baton_t;
Modified: subversion/branches/1.9.x/subversion/libsvn_ra_local/ra_plugin.c
URL:
http://svn.apache.org/viewvc/subversion/branches/1.9.x/subversion/libsvn_ra_local/ra_plugin.c?rev=1667829&r1=1667828&r2=1667829&view=diff
==============================================================================
--- subversion/branches/1.9.x/subversion/libsvn_ra_local/ra_plugin.c (original)
+++ subversion/branches/1.9.x/subversion/libsvn_ra_local/ra_plugin.c Thu Mar 19
18:23:29 2015
@@ -86,7 +86,7 @@ get_username(svn_ra_session_t *session,
{
/* Get a username somehow, so we have some svn:author property to
attach to a commit. */
- if (sess->callbacks->auth_baton)
+ if (sess->auth_baton)
{
void *creds;
svn_auth_cred_username_t *username_creds;
@@ -95,7 +95,7 @@ get_username(svn_ra_session_t *session,
SVN_ERR(svn_auth_first_credentials(&creds, &iterstate,
SVN_AUTH_CRED_USERNAME,
sess->uuid, /* realmstring */
- sess->callbacks->auth_baton,
+ sess->auth_baton,
scratch_pool));
/* No point in calling next_creds(), since that assumes that the
@@ -551,13 +551,16 @@ svn_ra_local__open(svn_ra_session_t *ses
const char *repos_URL,
const svn_ra_callbacks2_t *callbacks,
void *callback_baton,
+ svn_auth_baton_t *auth_baton,
apr_hash_t *config,
- apr_pool_t *pool)
+ apr_pool_t *result_pool,
+ apr_pool_t *scratch_pool)
{
const char *client_string;
svn_ra_local__session_baton_t *sess;
const char *fs_path;
static volatile svn_atomic_t cache_init_state = 0;
+ apr_pool_t *pool = result_pool;
/* Initialise the FSFS memory cache size. We can only do this once
so one CONFIG will win the race and all others will be ignored
@@ -572,6 +575,7 @@ svn_ra_local__open(svn_ra_session_t *ses
sess = apr_pcalloc(pool, sizeof(*sess));
sess->callbacks = callbacks;
sess->callback_baton = callback_baton;
+ sess->auth_baton = auth_baton;
/* Look through the URL, figure out which part points to the
repository, and which part is the path *within* the
Modified: subversion/branches/1.9.x/subversion/libsvn_ra_serf/ra_serf.h
URL:
http://svn.apache.org/viewvc/subversion/branches/1.9.x/subversion/libsvn_ra_serf/ra_serf.h?rev=1667829&r1=1667828&r2=1667829&view=diff
==============================================================================
--- subversion/branches/1.9.x/subversion/libsvn_ra_serf/ra_serf.h (original)
+++ subversion/branches/1.9.x/subversion/libsvn_ra_serf/ra_serf.h Thu Mar 19
18:23:29 2015
@@ -154,6 +154,7 @@ struct svn_ra_serf__session_t {
/* Callback functions to get info from WC */
const svn_ra_callbacks2_t *wc_callbacks;
void *wc_callback_baton;
+ svn_auth_baton_t *auth_baton;
/* Callback function to send progress info to the client */
svn_ra_progress_notify_func_t progress_func;
Modified: subversion/branches/1.9.x/subversion/libsvn_ra_serf/serf.c
URL:
http://svn.apache.org/viewvc/subversion/branches/1.9.x/subversion/libsvn_ra_serf/serf.c?rev=1667829&r1=1667828&r2=1667829&view=diff
==============================================================================
--- subversion/branches/1.9.x/subversion/libsvn_ra_serf/serf.c (original)
+++ subversion/branches/1.9.x/subversion/libsvn_ra_serf/serf.c Thu Mar 19
18:23:29 2015
@@ -180,17 +180,17 @@ load_config(svn_ra_serf__session_t *sess
svn_config_get(config, &timeout_str, SVN_CONFIG_SECTION_GLOBAL,
SVN_CONFIG_OPTION_HTTP_TIMEOUT, NULL);
- if (session->wc_callbacks->auth_baton)
+ if (session->auth_baton)
{
if (config_client)
{
- svn_auth_set_parameter(session->wc_callbacks->auth_baton,
+ svn_auth_set_parameter(session->auth_baton,
SVN_AUTH_PARAM_CONFIG_CATEGORY_CONFIG,
config_client);
}
if (config)
{
- svn_auth_set_parameter(session->wc_callbacks->auth_baton,
+ svn_auth_set_parameter(session->auth_baton,
SVN_AUTH_PARAM_CONFIG_CATEGORY_SERVERS,
config);
}
@@ -255,7 +255,7 @@ load_config(svn_ra_serf__session_t *sess
SERF_LOG_INFO));
#endif
- server_group = svn_auth_get_parameter(session->wc_callbacks->auth_baton,
+ server_group = svn_auth_get_parameter(session->auth_baton,
SVN_AUTH_PARAM_SERVER_GROUP);
if (server_group)
@@ -474,27 +474,29 @@ svn_ra_serf__open(svn_ra_session_t *sess
const char *session_URL,
const svn_ra_callbacks2_t *callbacks,
void *callback_baton,
+ svn_auth_baton_t *auth_baton,
apr_hash_t *config,
- apr_pool_t *pool)
+ apr_pool_t *result_pool,
+ apr_pool_t *scratch_pool)
{
apr_status_t status;
svn_ra_serf__session_t *serf_sess;
apr_uri_t url;
const char *client_string = NULL;
svn_error_t *err;
- apr_pool_t *subpool;
if (corrected_url)
*corrected_url = NULL;
- serf_sess = apr_pcalloc(pool, sizeof(*serf_sess));
- serf_sess->pool = svn_pool_create(pool);
+ serf_sess = apr_pcalloc(result_pool, sizeof(*serf_sess));
+ serf_sess->pool = result_pool;
if (config)
- SVN_ERR(svn_config_copy_config(&serf_sess->config, config, pool));
+ SVN_ERR(svn_config_copy_config(&serf_sess->config, config, result_pool));
else
serf_sess->config = NULL;
serf_sess->wc_callbacks = callbacks;
serf_sess->wc_callback_baton = callback_baton;
+ serf_sess->auth_baton = auth_baton;
serf_sess->progress_func = callbacks->progress_func;
serf_sess->progress_baton = callbacks->progress_baton;
serf_sess->cancel_func = callbacks->cancel_func;
@@ -551,13 +553,16 @@ svn_ra_serf__open(svn_ra_session_t *sess
/* create the user agent string */
if (callbacks->get_client_string)
- SVN_ERR(callbacks->get_client_string(callback_baton, &client_string,
pool));
+ SVN_ERR(callbacks->get_client_string(callback_baton, &client_string,
+ scratch_pool));
if (client_string)
- serf_sess->useragent = apr_pstrcat(pool, get_user_agent_string(pool), " ",
+ serf_sess->useragent = apr_pstrcat(result_pool,
+ get_user_agent_string(scratch_pool),
+ " ",
client_string, SVN_VA_NULL);
else
- serf_sess->useragent = get_user_agent_string(pool);
+ serf_sess->useragent = get_user_agent_string(result_pool);
/* go ahead and tell serf about the connection. */
status =
@@ -578,24 +583,29 @@ svn_ra_serf__open(svn_ra_session_t *sess
session->priv = serf_sess;
- /* This subpool not only avoids having a lot of temporary state in the long
- living session pool, but it also works around a bug in serf
- <= r2319 / 1.3.4 where serf doesn't report the request as failed/cancelled
- when the authorization request handler fails to handle the request.
-
- In this specific case the serf connection is cleaned up by the pool
- handlers before our handler is cleaned up (via subpools). Using a
- subpool here cleans up our handler before the connection is cleaned. */
- subpool = svn_pool_create(pool);
+ /* The following code explicitly works around a bug in serf <= r2319 / 1.3.8
+ where serf doesn't report the request as failed/cancelled when the
+ authorization request handler fails to handle the request.
+
+ As long as we allocate the request in a subpool of the serf connection
+ pool, we know that the handler is always cleaned before the connection.
+
+ Luckily our caller now passes us two pools which handle this case.
+ */
+#if defined(SVN_DEBUG) && !SERF_VERSION_AT_LEAST(1,4,0)
+ /* Currently ensured by svn_ra_open4().
+ If failing causes segfault in basic_tests.py 48, "basic auth test" */
+ SVN_ERR_ASSERT((serf_sess->pool != scratch_pool)
+ && apr_pool_is_ancestor(serf_sess->pool, scratch_pool));
+#endif
err = svn_ra_serf__exchange_capabilities(serf_sess, corrected_url,
- pool, subpool);
+ result_pool, scratch_pool);
/* serf should produce a usable error code instead of APR_EGENERAL */
if (err && err->apr_err == APR_EGENERAL)
err = svn_error_createf(SVN_ERR_RA_DAV_REQUEST_FAILED, err,
_("Connection to '%s' failed"), session_URL);
- svn_pool_clear(subpool);
SVN_ERR(err);
/* We have set up a useful connection (that doesn't indication a redirect).
@@ -604,9 +614,7 @@ svn_ra_serf__open(svn_ra_session_t *sess
problems in any proxy. */
if ((corrected_url == NULL || *corrected_url == NULL)
&& serf_sess->detect_chunking && !serf_sess->http10)
- SVN_ERR(svn_ra_serf__probe_proxy(serf_sess, subpool));
-
- svn_pool_destroy(subpool);
+ SVN_ERR(svn_ra_serf__probe_proxy(serf_sess, scratch_pool));
return SVN_NO_ERROR;
}
Modified: subversion/branches/1.9.x/subversion/libsvn_ra_serf/util.c
URL:
http://svn.apache.org/viewvc/subversion/branches/1.9.x/subversion/libsvn_ra_serf/util.c?rev=1667829&r1=1667828&r2=1667829&view=diff
==============================================================================
--- subversion/branches/1.9.x/subversion/libsvn_ra_serf/util.c (original)
+++ subversion/branches/1.9.x/subversion/libsvn_ra_serf/util.c Thu Mar 19
18:23:29 2015
@@ -313,11 +313,11 @@ ssl_server_cert(void *baton, int failure
{
svn_error_t *err;
- svn_auth_set_parameter(conn->session->wc_callbacks->auth_baton,
+ svn_auth_set_parameter(conn->session->auth_baton,
SVN_AUTH_PARAM_SSL_SERVER_CERT_INFO,
&cert_info);
- svn_auth_set_parameter(conn->session->wc_callbacks->auth_baton,
+ svn_auth_set_parameter(conn->session->auth_baton,
SVN_AUTH_PARAM_SSL_SERVER_FAILURES,
&svn_failures);
@@ -327,13 +327,13 @@ ssl_server_cert(void *baton, int failure
err = svn_auth_first_credentials(&creds, &state,
SVN_AUTH_CRED_SSL_SERVER_AUTHORITY,
realmstring,
- conn->session->wc_callbacks->auth_baton,
+ conn->session->auth_baton,
scratch_pool);
- svn_auth_set_parameter(conn->session->wc_callbacks->auth_baton,
+ svn_auth_set_parameter(conn->session->auth_baton,
SVN_AUTH_PARAM_SSL_SERVER_CERT_INFO, NULL);
- svn_auth_set_parameter(conn->session->wc_callbacks->auth_baton,
+ svn_auth_set_parameter(conn->session->auth_baton,
SVN_AUTH_PARAM_SSL_SERVER_FAILURES, NULL);
if (err)
@@ -360,11 +360,11 @@ ssl_server_cert(void *baton, int failure
return APR_SUCCESS;
}
- svn_auth_set_parameter(conn->session->wc_callbacks->auth_baton,
+ svn_auth_set_parameter(conn->session->auth_baton,
SVN_AUTH_PARAM_SSL_SERVER_FAILURES,
&svn_failures);
- svn_auth_set_parameter(conn->session->wc_callbacks->auth_baton,
+ svn_auth_set_parameter(conn->session->auth_baton,
SVN_AUTH_PARAM_SSL_SERVER_CERT_INFO,
&cert_info);
@@ -373,7 +373,7 @@ ssl_server_cert(void *baton, int failure
SVN_ERR(svn_auth_first_credentials(&creds, &state,
SVN_AUTH_CRED_SSL_SERVER_TRUST,
realmstring,
- conn->session->wc_callbacks->auth_baton,
+ conn->session->auth_baton,
scratch_pool));
if (creds)
{
@@ -394,7 +394,7 @@ ssl_server_cert(void *baton, int failure
}
}
- svn_auth_set_parameter(conn->session->wc_callbacks->auth_baton,
+ svn_auth_set_parameter(conn->session->auth_baton,
SVN_AUTH_PARAM_SSL_SERVER_CERT_INFO, NULL);
/* Are there non accepted failures left? */
@@ -648,7 +648,7 @@ handle_client_cert(void *data,
&conn->ssl_client_auth_state,
SVN_AUTH_CRED_SSL_CLIENT_CERT,
realm,
- session->wc_callbacks->auth_baton,
+ session->auth_baton,
pool));
}
else
@@ -700,7 +700,7 @@ handle_client_cert_pw(void *data,
&conn->ssl_client_pw_auth_state,
SVN_AUTH_CRED_SSL_CLIENT_CERT_PW,
cert_path,
- session->wc_callbacks->auth_baton,
+ session->auth_baton,
pool));
}
else
@@ -1132,7 +1132,7 @@ svn_ra_serf__credentials_callback(char *
&session->auth_state,
SVN_AUTH_CRED_SIMPLE,
realm,
- session->wc_callbacks->auth_baton,
+ session->auth_baton,
session->pool);
}
else
Modified: subversion/branches/1.9.x/subversion/libsvn_ra_svn/client.c
URL:
http://svn.apache.org/viewvc/subversion/branches/1.9.x/subversion/libsvn_ra_svn/client.c?rev=1667829&r1=1667828&r2=1667829&view=diff
==============================================================================
--- subversion/branches/1.9.x/subversion/libsvn_ra_svn/client.c (original)
+++ subversion/branches/1.9.x/subversion/libsvn_ra_svn/client.c Thu Mar 19
18:23:29 2015
@@ -616,7 +616,9 @@ static svn_error_t *open_session(svn_ra_
apr_hash_t *config,
const svn_ra_callbacks2_t *callbacks,
void *callbacks_baton,
- apr_pool_t *pool)
+ svn_auth_baton_t *auth_baton,
+ apr_pool_t *result_pool,
+ apr_pool_t *scratch_pool)
{
svn_ra_svn__session_baton_t *sess;
svn_ra_svn_conn_t *conn;
@@ -624,6 +626,7 @@ static svn_error_t *open_session(svn_ra_
apr_uint64_t minver, maxver;
apr_array_header_t *mechlist, *server_caplist, *repos_caplist;
const char *client_string = NULL;
+ apr_pool_t *pool = result_pool;
sess = apr_palloc(pool, sizeof(*sess));
sess->pool = pool;
@@ -636,6 +639,7 @@ static svn_error_t *open_session(svn_ra_
sess->callbacks = callbacks;
sess->callbacks_baton = callbacks_baton;
sess->bytes_read = sess->bytes_written = 0;
+ sess->auth_baton = auth_baton;
if (config)
SVN_ERR(svn_config_copy_config(&sess->config, config, pool));
@@ -804,6 +808,7 @@ static svn_error_t *ra_svn_open(svn_ra_s
const char *url,
const svn_ra_callbacks2_t *callbacks,
void *callback_baton,
+ svn_auth_baton_t *auth_baton,
apr_hash_t *config,
apr_pool_t *result_pool,
apr_pool_t *scratch_pool)
@@ -839,32 +844,21 @@ static svn_error_t *ra_svn_open(svn_ra_s
? svn_hash_gets(config, SVN_CONFIG_CATEGORY_CONFIG)
: NULL;
cfg = config ? svn_hash_gets(config, SVN_CONFIG_CATEGORY_SERVERS) : NULL;
- svn_auth_set_parameter(callbacks->auth_baton,
+ svn_auth_set_parameter(auth_baton,
SVN_AUTH_PARAM_CONFIG_CATEGORY_CONFIG, cfg_client);
- svn_auth_set_parameter(callbacks->auth_baton,
+ svn_auth_set_parameter(auth_baton,
SVN_AUTH_PARAM_CONFIG_CATEGORY_SERVERS, cfg);
/* We open the session in a subpool so we can get rid of it if we
reparent with a server that doesn't support reparenting. */
SVN_ERR(open_session(&sess, url, &uri, tunnel, tunnel_argv, config,
- callbacks, callback_baton, sess_pool));
+ callbacks, callback_baton,
+ auth_baton, sess_pool, scratch_pool));
session->priv = sess;
return SVN_NO_ERROR;
}
-static svn_error_t *ra_svn_open_pool(svn_ra_session_t *session,
- const char **corrected_url,
- const char *url,
- const svn_ra_callbacks2_t *callbacks,
- void *callback_baton,
- apr_hash_t *config,
- apr_pool_t *pool)
-{
- return ra_svn_open(session, corrected_url, url, callbacks, callback_baton,
- config, pool, pool);
-}
-
static svn_error_t *ra_svn_dup_session(svn_ra_session_t *new_session,
svn_ra_session_t *old_session,
const char *new_session_url,
@@ -875,7 +869,7 @@ static svn_error_t *ra_svn_dup_session(s
SVN_ERR(ra_svn_open(new_session, NULL, new_session_url,
old_sess->callbacks, old_sess->callbacks_baton,
- old_sess->config,
+ old_sess->auth_baton, old_sess->config,
result_pool, scratch_pool));
return SVN_NO_ERROR;
@@ -912,7 +906,7 @@ static svn_error_t *ra_svn_reparent(svn_
if (! err)
err = open_session(&new_sess, url, &uri, sess->tunnel_name,
sess->tunnel_argv,
sess->config, sess->callbacks, sess->callbacks_baton,
- sess_pool);
+ sess->auth_baton, sess_pool, sess_pool);
/* We destroy the new session pool on error, since it is allocated in
the main session pool. */
if (err)
@@ -2872,7 +2866,7 @@ static const svn_ra__vtable_t ra_svn_vta
svn_ra_svn_version,
ra_svn_get_description,
ra_svn_get_schemes,
- ra_svn_open_pool,
+ ra_svn_open,
ra_svn_dup_session,
ra_svn_reparent,
ra_svn_get_session_url,
Modified: subversion/branches/1.9.x/subversion/libsvn_ra_svn/cyrus_auth.c
URL:
http://svn.apache.org/viewvc/subversion/branches/1.9.x/subversion/libsvn_ra_svn/cyrus_auth.c?rev=1667829&r1=1667828&r2=1667829&view=diff
==============================================================================
--- subversion/branches/1.9.x/subversion/libsvn_ra_svn/cyrus_auth.c (original)
+++ subversion/branches/1.9.x/subversion/libsvn_ra_svn/cyrus_auth.c Thu Mar 19
18:23:29 2015
@@ -867,7 +867,7 @@ svn_ra_svn__do_cyrus_auth(svn_ra_svn__se
realmstring = apr_psprintf(pool, "%s %s", sess->realm_prefix, realm);
/* Initialize the credential baton. */
- cred_baton.auth_baton = sess->callbacks->auth_baton;
+ cred_baton.auth_baton = sess->auth_baton;
cred_baton.realmstring = realmstring;
cred_baton.pool = pool;
Modified: subversion/branches/1.9.x/subversion/libsvn_ra_svn/internal_auth.c
URL:
http://svn.apache.org/viewvc/subversion/branches/1.9.x/subversion/libsvn_ra_svn/internal_auth.c?rev=1667829&r1=1667828&r2=1667829&view=diff
==============================================================================
--- subversion/branches/1.9.x/subversion/libsvn_ra_svn/internal_auth.c
(original)
+++ subversion/branches/1.9.x/subversion/libsvn_ra_svn/internal_auth.c Thu Mar
19 18:23:29 2015
@@ -95,7 +95,7 @@ svn_ra_svn__do_internal_auth(svn_ra_svn_
{
SVN_ERR(svn_auth_first_credentials(&creds, &iterstate,
SVN_AUTH_CRED_SIMPLE, realmstring,
- sess->callbacks->auth_baton, pool));
+ sess->auth_baton, pool));
if (!creds)
return svn_error_create(SVN_ERR_RA_NOT_AUTHORIZED, NULL,
_("Can't get password"));
Modified: subversion/branches/1.9.x/subversion/libsvn_ra_svn/ra_svn.h
URL:
http://svn.apache.org/viewvc/subversion/branches/1.9.x/subversion/libsvn_ra_svn/ra_svn.h?rev=1667829&r1=1667828&r2=1667829&view=diff
==============================================================================
--- subversion/branches/1.9.x/subversion/libsvn_ra_svn/ra_svn.h (original)
+++ subversion/branches/1.9.x/subversion/libsvn_ra_svn/ra_svn.h Thu Mar 19
18:23:29 2015
@@ -123,6 +123,7 @@ struct svn_ra_svn__session_baton_t {
apr_pool_t *pool;
svn_ra_svn_conn_t *conn;
svn_boolean_t is_tunneled;
+ svn_auth_baton_t *auth_baton;
const char *url;
const char *user;
const char *hostname; /* The remote hostname. */
Modified: subversion/branches/1.9.x/subversion/libsvn_subr/auth.c
URL:
http://svn.apache.org/viewvc/subversion/branches/1.9.x/subversion/libsvn_subr/auth.c?rev=1667829&r1=1667828&r2=1667829&view=diff
==============================================================================
--- subversion/branches/1.9.x/subversion/libsvn_subr/auth.c (original)
+++ subversion/branches/1.9.x/subversion/libsvn_subr/auth.c Thu Mar 19 18:23:29
2015
@@ -109,10 +109,10 @@ struct svn_auth_baton_t
/* run-time parameters needed by providers. */
apr_hash_t *parameters;
+ apr_hash_t *slave_parameters;
/* run-time credentials cache. */
apr_hash_t *creds_cache;
-
};
/* Abstracted iteration baton */
@@ -125,6 +125,7 @@ struct svn_auth_iterstate_t
const char *realmstring; /* The original realmstring passed in */
const char *cache_key; /* key to use in auth_baton's creds_cache */
svn_auth_baton_t *auth_baton; /* the original auth_baton. */
+ apr_hash_t *parameters;
};
@@ -142,6 +143,7 @@ svn_auth_open(svn_auth_baton_t **auth_ba
ab = apr_pcalloc(pool, sizeof(*ab));
ab->tables = apr_hash_make(pool);
ab->parameters = apr_hash_make(pool);
+ /* ab->slave_parameters = NULL; */
ab->creds_cache = apr_hash_make(pool);
ab->pool = pool;
@@ -170,7 +172,8 @@ svn_auth_open(svn_auth_baton_t **auth_ba
*auth_baton = ab;
}
-
+/* Magic pointer value to allow storing 'NULL' in an apr_hash_t */
+static const void *auth_NULL = NULL;
void
svn_auth_set_parameter(svn_auth_baton_t *auth_baton,
@@ -178,17 +181,36 @@ svn_auth_set_parameter(svn_auth_baton_t
const void *value)
{
if (auth_baton)
- svn_hash_sets(auth_baton->parameters, name, value);
+ {
+ if (auth_baton->slave_parameters)
+ {
+ if (!value)
+ value = &auth_NULL;
+
+ svn_hash_sets(auth_baton->slave_parameters, name, value);
+ }
+ else
+ svn_hash_sets(auth_baton->parameters, name, value);
+ }
}
const void *
svn_auth_get_parameter(svn_auth_baton_t *auth_baton,
const char *name)
{
- if (auth_baton)
- return svn_hash_gets(auth_baton->parameters, name);
- else
+ const void *value;
+ if (!auth_baton)
return NULL;
+ else if (!auth_baton->slave_parameters)
+ return svn_hash_gets(auth_baton->parameters, name);
+
+ value = svn_hash_gets(auth_baton->slave_parameters, name);
+
+ if (value)
+ return (value == &auth_NULL) ? NULL
+ : value;
+
+ return svn_hash_gets(auth_baton->parameters, name);
}
@@ -218,6 +240,7 @@ svn_auth_first_credentials(void **creden
svn_boolean_t got_first = FALSE;
svn_auth_iterstate_t *iterstate;
const char *cache_key;
+ apr_hash_t *parameters;
if (! auth_baton)
return svn_error_create(SVN_ERR_AUTHN_NO_PROVIDER, NULL,
@@ -230,6 +253,26 @@ svn_auth_first_credentials(void **creden
_("No provider registered for '%s' credentials"),
cred_kind);
+ if (auth_baton->slave_parameters)
+ {
+ apr_hash_index_t *hi;
+ parameters = apr_hash_copy(pool, auth_baton->parameters);
+
+ for (hi = apr_hash_first(pool, auth_baton->slave_parameters);
+ hi;
+ hi = apr_hash_next(hi))
+ {
+ const void *value = apr_hash_this_val(hi);
+
+ if (value == &auth_NULL)
+ value = NULL;
+
+ svn_hash_sets(parameters, apr_hash_this_key(hi), value);
+ }
+ }
+ else
+ parameters = auth_baton->parameters;
+
/* First, see if we have cached creds in the auth_baton. */
cache_key = make_cache_key(cred_kind, realmstring, pool);
creds = svn_hash_gets(auth_baton->creds_cache, cache_key);
@@ -247,7 +290,7 @@ svn_auth_first_credentials(void **creden
svn_auth_provider_object_t *);
SVN_ERR(provider->vtable->first_credentials(&creds, &iter_baton,
provider->provider_baton,
- auth_baton->parameters,
+ parameters,
realmstring,
auth_baton->pool));
@@ -274,6 +317,7 @@ svn_auth_first_credentials(void **creden
iterstate->realmstring = apr_pstrdup(pool, realmstring);
iterstate->cache_key = cache_key;
iterstate->auth_baton = auth_baton;
+ iterstate->parameters = parameters;
*state = iterstate;
/* Put the creds in the cache */
@@ -310,7 +354,7 @@ svn_auth_next_credentials(void **credent
{
SVN_ERR(provider->vtable->first_credentials(
&creds, &(state->provider_iter_baton),
- provider->provider_baton, auth_baton->parameters,
+ provider->provider_baton, state->parameters,
state->realmstring, auth_baton->pool));
state->got_first = TRUE;
}
@@ -319,7 +363,7 @@ svn_auth_next_credentials(void **credent
SVN_ERR(provider->vtable->next_credentials(&creds,
state->provider_iter_baton,
provider->provider_baton,
- auth_baton->parameters,
+ state->parameters,
state->realmstring,
auth_baton->pool));
}
@@ -360,7 +404,7 @@ svn_auth_save_credentials(svn_auth_iters
return SVN_NO_ERROR;
/* Do not save the creds if SVN_AUTH_PARAM_NO_AUTH_CACHE is set */
- no_auth_cache = svn_hash_gets(auth_baton->parameters,
+ no_auth_cache = svn_hash_gets(state->parameters,
SVN_AUTH_PARAM_NO_AUTH_CACHE);
if (no_auth_cache)
return SVN_NO_ERROR;
@@ -373,7 +417,7 @@ svn_auth_save_credentials(svn_auth_iters
SVN_ERR(provider->vtable->save_credentials(&save_succeeded,
creds,
provider->provider_baton,
- auth_baton->parameters,
+ state->parameters,
state->realmstring,
pool));
if (save_succeeded)
@@ -389,7 +433,7 @@ svn_auth_save_credentials(svn_auth_iters
if (provider->vtable->save_credentials)
SVN_ERR(provider->vtable->save_credentials(&save_succeeded, creds,
provider->provider_baton,
- auth_baton->parameters,
+ state->parameters,
state->realmstring,
pool));
@@ -687,10 +731,12 @@ svn_auth_get_platform_specific_client_pr
}
svn_error_t *
-svn_auth__apply_config_for_server(svn_auth_baton_t *auth_baton,
- apr_hash_t *config,
- const char *server_name,
- apr_pool_t *scratch_pool)
+svn_auth__make_session_auth(svn_auth_baton_t **session_auth_baton,
+ const svn_auth_baton_t *auth_baton,
+ apr_hash_t *config,
+ const char *server_name,
+ apr_pool_t *result_pool,
+ apr_pool_t *scratch_pool)
{
svn_boolean_t store_passwords = SVN_CONFIG_DEFAULT_OPTION_STORE_PASSWORDS;
svn_boolean_t store_auth_creds = SVN_CONFIG_DEFAULT_OPTION_STORE_AUTH_CREDS;
@@ -702,6 +748,12 @@ svn_auth__apply_config_for_server(svn_au
svn_config_t *servers = NULL;
const char *server_group = NULL;
+ struct svn_auth_baton_t *ab;
+
+ ab = apr_pmemdup(result_pool, auth_baton, sizeof(*ab));
+
+ ab->slave_parameters = apr_hash_make(result_pool);
+
/* The 'store-passwords' and 'store-auth-creds' parameters used to
* live in SVN_CONFIG_CATEGORY_CONFIG. For backward compatibility,
* if values for these parameters have already been set by our
@@ -716,11 +768,11 @@ svn_auth__apply_config_for_server(svn_au
* "store-auth-creds = yes" -- they'll get the expected behaviour.
*/
- if (svn_auth_get_parameter(auth_baton,
+ if (svn_auth_get_parameter(ab,
SVN_AUTH_PARAM_DONT_STORE_PASSWORDS) != NULL)
store_passwords = FALSE;
- if (svn_auth_get_parameter(auth_baton,
+ if (svn_auth_get_parameter(ab,
SVN_AUTH_PARAM_NO_AUTH_CACHE) != NULL)
store_auth_creds = FALSE;
@@ -806,46 +858,32 @@ svn_auth__apply_config_for_server(svn_au
/* Save auth caching parameters in the auth parameter hash. */
if (! store_passwords)
- svn_auth_set_parameter(auth_baton,
+ svn_auth_set_parameter(ab,
SVN_AUTH_PARAM_DONT_STORE_PASSWORDS, "");
- svn_auth_set_parameter(auth_baton,
+ svn_auth_set_parameter(ab,
SVN_AUTH_PARAM_STORE_PLAINTEXT_PASSWORDS,
store_plaintext_passwords);
if (! store_pp)
- svn_auth_set_parameter(auth_baton,
+ svn_auth_set_parameter(ab,
SVN_AUTH_PARAM_DONT_STORE_SSL_CLIENT_CERT_PP,
"");
- svn_auth_set_parameter(auth_baton,
+ svn_auth_set_parameter(ab,
SVN_AUTH_PARAM_STORE_SSL_CLIENT_CERT_PP_PLAINTEXT,
store_pp_plaintext);
if (! store_auth_creds)
- svn_auth_set_parameter(auth_baton,
- SVN_AUTH_PARAM_NO_AUTH_CACHE, "");
+ svn_auth_set_parameter(ab,
+ SVN_AUTH_PARAM_NO_AUTH_CACHE, "");
- /* ### This setting may have huge side-effects when the auth baton is shared
- ### between different ra sessions, as it will change which server settings
- ### will be used for all future auth requests.
- ###
- ### E.g. when you connect using a ssl client cert that is specified in the
- ### config file, you might have it when you first connect... but if you
- ### then connect to another repository, you might not see the same
- ### settings when the SSL connection is built up again later on.
- ###
- ### Most current usages should probably have been keyed on the realm
- ### string instead of this magic flag that changes when multiple
repositories
- ### are used.
- ###
- ### This especially affects long living ra sessions, such as those on the
- ### reuse-ra-session branch.
- */
if (server_group)
- svn_auth_set_parameter(auth_baton,
+ svn_auth_set_parameter(ab,
SVN_AUTH_PARAM_SERVER_GROUP,
- apr_pstrdup(auth_baton->pool, server_group));
+ apr_pstrdup(ab->pool, server_group));
+
+ *session_auth_baton = ab;
return SVN_NO_ERROR;
}
