svn commit: r1179767 - /subversion/trunk/subversion/libsvn_ra_svn/cyrus_auth.c

Thu, 06 Oct 2011 11:56:28 -0700 

Author: stsp
Date: Thu Oct  6 18:56:02 2011
New Revision: 1179767

URL: http://svn.apache.org/viewvc?rev=1179767&view=rev
Log:
Wrap error message from SASL with a prefix which makes clear that the
error message comes from SASL, not from Subversion itself.
This avoids silly error message such as "svn: generic failure".

Reported by: frantisek holop

* subversion/libsvn_ra_svn/cyrus_auth.c
  (get_sasl_error): New helper which wraps sasl_errdetail().
  (sasl_baton): Add SCRATCH_POOL so our sasl callbacks can call above helper.
  (new_sasl_ctx, try_auth, sasl_read_cb, sasl_write_cb,
   svn_ra_svn__enable_sasl_encryption): Call get_sasl_error() instead of
   calling sasl_errdetail().

Modified:
    subversion/trunk/subversion/libsvn_ra_svn/cyrus_auth.c

Modified: subversion/trunk/subversion/libsvn_ra_svn/cyrus_auth.c
URL: 
http://svn.apache.org/viewvc/subversion/trunk/subversion/libsvn_ra_svn/cyrus_auth.c?rev=1179767&r1=1179766&r2=1179767&view=diff
==============================================================================
--- subversion/trunk/subversion/libsvn_ra_svn/cyrus_auth.c (original)
+++ subversion/trunk/subversion/libsvn_ra_svn/cyrus_auth.c Thu Oct  6 18:56:02 
2011
@@ -320,6 +320,16 @@ get_password_cb(sasl_conn_t *conn, void 
   return SASL_FAIL;
 }
 
+/* Wrap an error message from SASL with a prefix that allow users
+ * to tell that the error message came from SASL. */
+static const char *
+get_sasl_error(sasl_conn_t *sasl_ctx, apr_pool_t *result_pool)
+{
+  return apr_psprintf(result_pool,
+                      _("SASL authentication error: %s"),
+                      sasl_errdetail(sasl_ctx));
+}
+
 /* Create a new SASL context. */
 static svn_error_t *new_sasl_ctx(sasl_conn_t **sasl_ctx,
                                  svn_boolean_t is_tunneled,
@@ -354,7 +364,7 @@ static svn_error_t *new_sasl_ctx(sasl_co
                             SASL_AUTH_EXTERNAL, " ");
       if (result != SASL_OK)
         return svn_error_create(SVN_ERR_RA_NOT_AUTHORIZED, NULL,
-                                sasl_errdetail(*sasl_ctx));
+                                get_sasl_error(*sasl_ctx, pool));
     }
 
   /* Set security properties. */
@@ -400,7 +410,7 @@ static svn_error_t *try_auth(svn_ra_svn_
           case SASL_NOMEM:
             /* Fatal error.  Fail the authentication. */
             return svn_error_create(SVN_ERR_RA_NOT_AUTHORIZED, NULL,
-                                    sasl_errdetail(sasl_ctx));
+                                    get_sasl_error(sasl_ctx, pool));
           default:
             /* For anything else, delete the mech from the list
                and try again. */
@@ -461,7 +471,7 @@ static svn_error_t *try_auth(svn_ra_svn_
 
       if (result != SASL_OK && result != SASL_CONTINUE)
         return svn_error_create(SVN_ERR_RA_NOT_AUTHORIZED, NULL,
-                                sasl_errdetail(sasl_ctx));
+                                get_sasl_error(sasl_ctx, pool));
 
       /* If the server thinks we're done, then don't send any response. */
       if (strcmp(status, "success") == 0)
@@ -517,6 +527,7 @@ typedef struct sasl_baton {
   unsigned int read_len;        /* Its current length. */
   const char *write_buf;        /* The buffer returned by sasl_encode. */
   unsigned int write_len;       /* Its length. */
+  apr_pool_t *scratch_pool;
 } sasl_baton_t;
 
 /* Functions to implement a SASL encrypted svn_ra_svn__stream_t. */
@@ -544,7 +555,8 @@ static svn_error_t *sasl_read_cb(void *b
                            &sasl_baton->read_len);
       if (result != SASL_OK)
         return svn_error_create(SVN_ERR_RA_NOT_AUTHORIZED, NULL,
-                                sasl_errdetail(sasl_baton->ctx));
+                                get_sasl_error(sasl_baton->ctx,
+                                               sasl_baton->scratch_pool));
     }
 
   /* The buffer returned by sasl_decode might be larger than what the
@@ -585,7 +597,8 @@ sasl_write_cb(void *baton, const char *b
 
       if (result != SASL_OK)
         return svn_error_create(SVN_ERR_RA_NOT_AUTHORIZED, NULL,
-                                sasl_errdetail(sasl_baton->ctx));
+                                get_sasl_error(sasl_baton->ctx,
+                                               sasl_baton->scratch_pool));
     }
 
   do
@@ -641,7 +654,7 @@ svn_error_t *svn_ra_svn__enable_sasl_enc
       result = sasl_getprop(sasl_ctx, SASL_SSF, (void*) &ssfp);
       if (result != SASL_OK)
         return svn_error_create(SVN_ERR_RA_NOT_AUTHORIZED, NULL,
-                                sasl_errdetail(sasl_ctx));
+                                get_sasl_error(sasl_ctx, pool));
 
       if (*ssfp > 0)
         {
@@ -654,12 +667,13 @@ svn_error_t *svn_ra_svn__enable_sasl_enc
           /* Create and initialize the stream baton. */
           sasl_baton = apr_pcalloc(conn->pool, sizeof(*sasl_baton));
           sasl_baton->ctx = sasl_ctx;
+          sasl_baton->scratch_pool = conn->pool;
 
           /* Find out the maximum input size for sasl_encode. */
           result = sasl_getprop(sasl_ctx, SASL_MAXOUTBUF, &maxsize);
           if (result != SASL_OK)
             return svn_error_create(SVN_ERR_RA_NOT_AUTHORIZED, NULL,
-                                    sasl_errdetail(sasl_ctx));
+                                    get_sasl_error(sasl_ctx, pool));
           sasl_baton->maxsize = *((const unsigned int *) maxsize);
 
           /* If there is any data left in the read buffer at this point,
@@ -672,7 +686,7 @@ svn_error_t *svn_ra_svn__enable_sasl_enc
                                    &sasl_baton->read_len);
               if (result != SASL_OK)
                 return svn_error_create(SVN_ERR_RA_NOT_AUTHORIZED, NULL,
-                                        sasl_errdetail(sasl_ctx));
+                                        get_sasl_error(sasl_ctx, pool));
               conn->read_end = conn->read_ptr;
             }

Reply via email to