Author: philip
Date: Fri Jan 27 11:05:10 2012
New Revision: 1236630
URL: http://svn.apache.org/viewvc?rev=1236630&view=rev
Log:
On 1.7.x-r1236343 branch. Merge 1179776, 1222628, 1222644, 1222699,
1236283, 1236343 from trunk and resolve conflicts in 1236343.
Modified:
subversion/branches/1.7.x-r1236343/ (props changed)
subversion/branches/1.7.x-r1236343/subversion/libsvn_ra_svn/cyrus_auth.c
Propchange: subversion/branches/1.7.x-r1236343/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Fri Jan 27 11:05:10 2012
@@ -72,4 +72,4 @@
/subversion/branches/tree-conflicts:868291-873154
/subversion/branches/tree-conflicts-notify:873926-874008
/subversion/branches/uris-as-urls:1060426-1064427
-/subversion/trunk:1146013,1146121,1146219,1146222,1146274,1146492,1146555,1146606,1146620,1146684,1146781,1146832,1146834,1146870,1146899,1146904,1147293,1147299,1147309,1147882,1148071,1148083,1148094,1148131,1148374,1148424,1148566,1148588,1148652,1148662,1148699,1148853,1148877,1148882,1148936,1149103,1149105,1149135,1149141,1149160,1149228,1149240,1149343,1149371-1149372,1149377,1149398,1149401,1149539,1149572,1149627,1149675,1149701,1149713,1150242,1150254,1150260-1150261,1150266,1150302,1150327,1150344,1150368,1150372,1150441,1150506,1150812,1150853,1151036,1151177,1151610,1151854,1151906,1151911,1152129,1152140,1152189-1152190,1152267,1152282,1152286,1152726,1152809,1153138,1153141,1153416,1153540,1153566,1153799,1153807,1153968,1154009,1154023,1154115,1154119,1154121,1154144,1154155,1154159,1154165,1154215,1154225,1154273,1154278,1154379,1154382,1154461,1154717-1154718,1154733,1154908,1154982,1155015,1155044,1155124,1155131,1155160,1155313,1155334,1155391,1155404,115
6085,1156098,1156216,1156218,1156312,1156527,1156717,1156721,1156750,1156827,1156838,1157416,1158187,1158193-1158194,1158196,1158201,1158207,1158209-1158210,1158217,1158285,1158288,1158303,1158309,1158407,1158419,1158421,1158436,1158455,1158616-1158617,1158634,1158854,1158875,1158886,1158893,1158896,1158919,1158923-1158924,1158929,1158963,1159093,1159098,1159101,1159132,1159136,1159148,1159230,1159275,1159400,1159686,1159760,1159772,1160605,1160671,1160682,1160704-1160705,1160756,1161063,1161080,1161185,1161210,1161683,1161721,1162024,1162033,1162201,1162516,1162880,1162974,1162995,1163243,1163372,1163383,1163557,1163792,1163953,1164027,1164386,1164426,1164517,1164535,1164554,1164580,1164614,1164645,1164760,1164765,1166267,1166500,1166555,1166678,1167062,1167173,1167209,1167269,1167503,1167659,1167681,1169524,1169531,1169650,1171708,1173111,1173425,1173639,1174051,1174060,1174652,1174761,1174797-1174798,1174806,1175888,1176915,1176949,1177001,1177492,1177732,1178280,1178282,
1178942,1179680,1179767,1180154,1181090,1181110,1181155,1181215,1181609,1181666,1182115,1182527,1182771,1182904,1182909,1183054,1183263,1183347,1185222,1185242,1185280,1185282,1185730,1185738,1185746,1185763,1185768,1185886,1185911,1185918,1186059,1186092,1186101,1186107,1186109,1186121,1186231,1186240,1186422,1186434,1186732,1186755,1186784,1186815,1186928,1186944,1186981,1186983,1187311,1187676,1187695,1188609,1188652,1188677,1188762,1188774,1189190,1189261,1189395,1189580,1189665,1195480,1197135,1197998,1199876,1199950,1200837,1201002,1201824,1202135,1202187,1202630,1202807,1203546,1203651,1203653,1204167,1204478,1204610,1204673,1205193,1205726,1205839,1205848,1206523,1206533,1206576,1206718-1206719,1206724,1206741,1206748,1207656,1207663,1207823,1207858,1207949,1208840,1209631,1209654,1210195,1211483,1211859,1211885,1212476,1212482,1212484,1213331,1213673,1213681,1213690,1213711,1213716,1214139,1215260,1215288,1215374-1215375,1215379,1220742,1220750,1221793,1222521,12226
93,1226597,1227146,1228340,1229252,1229303,1229677,1229833,1229980,1231944-1231945,1235264,1235296,1235302,1235736,1236163
+/subversion/trunk:1146013,1146121,1146219,1146222,1146274,1146492,1146555,1146606,1146620,1146684,1146781,1146832,1146834,1146870,1146899,1146904,1147293,1147299,1147309,1147882,1148071,1148083,1148094,1148131,1148374,1148424,1148566,1148588,1148652,1148662,1148699,1148853,1148877,1148882,1148936,1149103,1149105,1149135,1149141,1149160,1149228,1149240,1149343,1149371-1149372,1149377,1149398,1149401,1149539,1149572,1149627,1149675,1149701,1149713,1150242,1150254,1150260-1150261,1150266,1150302,1150327,1150344,1150368,1150372,1150441,1150506,1150812,1150853,1151036,1151177,1151610,1151854,1151906,1151911,1152129,1152140,1152189-1152190,1152267,1152282,1152286,1152726,1152809,1153138,1153141,1153416,1153540,1153566,1153799,1153807,1153968,1154009,1154023,1154115,1154119,1154121,1154144,1154155,1154159,1154165,1154215,1154225,1154273,1154278,1154379,1154382,1154461,1154717-1154718,1154733,1154908,1154982,1155015,1155044,1155124,1155131,1155160,1155313,1155334,1155391,1155404,115
6085,1156098,1156216,1156218,1156312,1156527,1156717,1156721,1156750,1156827,1156838,1157416,1158187,1158193-1158194,1158196,1158201,1158207,1158209-1158210,1158217,1158285,1158288,1158303,1158309,1158407,1158419,1158421,1158436,1158455,1158616-1158617,1158634,1158854,1158875,1158886,1158893,1158896,1158919,1158923-1158924,1158929,1158963,1159093,1159098,1159101,1159132,1159136,1159148,1159230,1159275,1159400,1159686,1159760,1159772,1160605,1160671,1160682,1160704-1160705,1160756,1161063,1161080,1161185,1161210,1161683,1161721,1162024,1162033,1162201,1162516,1162880,1162974,1162995,1163243,1163372,1163383,1163557,1163792,1163953,1164027,1164386,1164426,1164517,1164535,1164554,1164580,1164614,1164645,1164760,1164765,1166267,1166500,1166555,1166678,1167062,1167173,1167209,1167269,1167503,1167659,1167681,1169524,1169531,1169650,1171708,1173111,1173425,1173639,1174051,1174060,1174652,1174761,1174797-1174798,1174806,1175888,1176915,1176949,1177001,1177492,1177732,1178280,1178282,
1178942,1179680,1179767,1179776,1180154,1181090,1181110,1181155,1181215,1181609,1181666,1182115,1182527,1182771,1182904,1182909,1183054,1183263,1183347,1185222,1185242,1185280,1185282,1185730,1185738,1185746,1185763,1185768,1185886,1185911,1185918,1186059,1186092,1186101,1186107,1186109,1186121,1186231,1186240,1186422,1186434,1186732,1186755,1186784,1186815,1186928,1186944,1186981,1186983,1187311,1187676,1187695,1188609,1188652,1188677,1188762,1188774,1189190,1189261,1189395,1189580,1189665,1195480,1197135,1197998,1199876,1199950,1200837,1201002,1201824,1202135,1202187,1202630,1202807,1203546,1203651,1203653,1204167,1204478,1204610,1204673,1205193,1205726,1205839,1205848,1206523,1206533,1206576,1206718-1206719,1206724,1206741,1206748,1207656,1207663,1207823,1207858,1207949,1208840,1209631,1209654,1210195,1211483,1211859,1211885,1212476,1212482,1212484,1213331,1213673,1213681,1213690,1213711,1213716,1214139,1215260,1215288,1215374-1215375,1215379,1220742,1220750,1221793,12225
21,1222628,1222644,1222693,1222699,1226597,1227146,1228340,1229252,1229303,1229677,1229833,1229980,1231944-1231945,1235264,1235296,1235302,1235736,1236163,1236283,1236343
Modified:
subversion/branches/1.7.x-r1236343/subversion/libsvn_ra_svn/cyrus_auth.c
URL:
http://svn.apache.org/viewvc/subversion/branches/1.7.x-r1236343/subversion/libsvn_ra_svn/cyrus_auth.c?rev=1236630&r1=1236629&r2=1236630&view=diff
==============================================================================
--- subversion/branches/1.7.x-r1236343/subversion/libsvn_ra_svn/cyrus_auth.c
(original)
+++ subversion/branches/1.7.x-r1236343/subversion/libsvn_ra_svn/cyrus_auth.c
Fri Jan 27 11:05:10 2012
@@ -169,12 +169,66 @@ apr_status_t svn_ra_svn__sasl_common_ini
return apr_err;
}
+/* We are going to look at errno when we get SASL_FAIL but we don't
+ know for sure whether SASL always sets errno. Clearing errno
+ before calling SASL functions helps in cases where SASL does
+ nothing to set errno. */
+#ifdef apr_set_os_error
+#define clear_sasl_errno() apr_set_os_error(APR_SUCCESS)
+#else
+#define clear_sasl_errno() (void)0
+#endif
+
+/* Sometimes SASL returns SASL_FAIL as RESULT and sets errno.
+ * SASL_FAIL translates to "generic error" which is quite unhelpful.
+ * Try to append a more informative error message based on errno so
+ * should be called before doing anything that may change errno. */
+static const char *
+get_sasl_errno_msg(int result, apr_pool_t *result_pool)
+{
+#ifdef apr_get_os_error
+ char buf[1024];
+
+ if (result == SASL_FAIL && apr_get_os_error() != 0)
+ return apr_psprintf(result_pool, ": %s",
+ svn_strerror(apr_get_os_error(), buf, sizeof(buf)));
+#endif
+ return "";
+}
+
+/* Wrap an error message from SASL with a prefix that allows users
+ * to tell that the error message came from SASL. Queries errno and
+ * so should be called before doing anything that may change errno. */
+static const char *
+get_sasl_error(sasl_conn_t *sasl_ctx, int result, apr_pool_t *result_pool)
+{
+ const char *sasl_errno_msg = get_sasl_errno_msg(result, result_pool);
+
+ return apr_psprintf(result_pool,
+ _("SASL authentication error: %s%s"),
+ sasl_errdetail(sasl_ctx), sasl_errno_msg);
+}
+
static svn_error_t *sasl_init_cb(void *baton, apr_pool_t *pool)
{
- if (svn_ra_svn__sasl_common_init(pool) != APR_SUCCESS
- || sasl_client_init(NULL) != SASL_OK)
+ int result;
+
+ if (svn_ra_svn__sasl_common_init(pool) != APR_SUCCESS)
return svn_error_create(SVN_ERR_RA_NOT_AUTHORIZED, NULL,
_("Could not initialize the SASL library"));
+ clear_sasl_errno();
+ result = sasl_client_init(NULL);
+ if (result != SASL_OK)
+ {
+ const char *sasl_errno_msg = get_sasl_errno_msg(result, pool);
+
+ return svn_error_createf
+ (SVN_ERR_RA_NOT_AUTHORIZED, NULL,
+ _("Could not initialized the SASL library: %s%s"),
+ sasl_errstring(result, NULL, NULL),
+ sasl_errno_msg);
+ }
+
return SVN_NO_ERROR;
}
@@ -321,16 +375,6 @@ get_password_cb(sasl_conn_t *conn, void
return SASL_FAIL;
}
-/* Wrap an error message from SASL with a prefix that allow users
- * to tell that the error message came from SASL. */
-static const char *
-get_sasl_error(sasl_conn_t *sasl_ctx, apr_pool_t *result_pool)
-{
- return apr_psprintf(result_pool,
- _("SASL authentication error: %s"),
- sasl_errdetail(sasl_ctx));
-}
-
/* Create a new SASL context. */
static svn_error_t *new_sasl_ctx(sasl_conn_t **sasl_ctx,
svn_boolean_t is_tunneled,
@@ -343,14 +387,20 @@ static svn_error_t *new_sasl_ctx(sasl_co
sasl_security_properties_t secprops;
int result;
+ clear_sasl_errno();
result = sasl_client_new(SVN_RA_SVN_SASL_NAME,
hostname, local_addrport, remote_addrport,
callbacks, SASL_SUCCESS_DATA,
sasl_ctx);
if (result != SASL_OK)
- return svn_error_create(SVN_ERR_RA_NOT_AUTHORIZED, NULL,
- sasl_errstring(result, NULL, NULL));
+ {
+ const char *sasl_errno_msg = get_sasl_errno_msg(result, pool);
+ return svn_error_createf(SVN_ERR_RA_NOT_AUTHORIZED, NULL,
+ _("Could not create SASL context: %s%s"),
+ sasl_errstring(result, NULL, NULL),
+ sasl_errno_msg);
+ }
svn_atomic_inc(&sasl_ctx_count);
apr_pool_cleanup_register(pool, *sasl_ctx, sasl_dispose_cb,
apr_pool_cleanup_null);
@@ -361,11 +411,12 @@ static svn_error_t *new_sasl_ctx(sasl_co
otherwise it will ignore EXTERNAL. The third parameter
should be the username, but since SASL doesn't seem
to use it on the client side, any non-empty string will do. */
+ clear_sasl_errno();
result = sasl_setprop(*sasl_ctx,
SASL_AUTH_EXTERNAL, " ");
if (result != SASL_OK)
return svn_error_create(SVN_ERR_RA_NOT_AUTHORIZED, NULL,
- get_sasl_error(*sasl_ctx, pool));
+ get_sasl_error(*sasl_ctx, result, pool));
}
/* Set security properties. */
@@ -393,6 +444,7 @@ static svn_error_t *try_auth(svn_ra_svn_
do
{
again = FALSE;
+ clear_sasl_errno();
result = sasl_client_start(sasl_ctx,
mechstring,
&client_interact,
@@ -411,7 +463,7 @@ static svn_error_t *try_auth(svn_ra_svn_
case SASL_NOMEM:
/* Fatal error. Fail the authentication. */
return svn_error_create(SVN_ERR_RA_NOT_AUTHORIZED, NULL,
- get_sasl_error(sasl_ctx, pool));
+ get_sasl_error(sasl_ctx, result, pool));
default:
/* For anything else, delete the mech from the list
and try again. */
@@ -463,6 +515,7 @@ static svn_error_t *try_auth(svn_ra_svn_
if (strcmp(mech, "CRAM-MD5") != 0)
in = svn_base64_decode_string(in, pool);
+ clear_sasl_errno();
result = sasl_client_step(sasl_ctx,
in->data,
in->len,
@@ -472,7 +525,7 @@ static svn_error_t *try_auth(svn_ra_svn_
if (result != SASL_OK && result != SASL_CONTINUE)
return svn_error_create(SVN_ERR_RA_NOT_AUTHORIZED, NULL,
- get_sasl_error(sasl_ctx, pool));
+ get_sasl_error(sasl_ctx, result, pool));
/* If the server thinks we're done, then don't send any response. */
if (strcmp(status, "success") == 0)
@@ -551,12 +604,13 @@ static svn_error_t *sasl_read_cb(void *b
*len = 0;
return SVN_NO_ERROR;
}
+ clear_sasl_errno();
result = sasl_decode(sasl_baton->ctx, buffer, len2,
&sasl_baton->read_buf,
&sasl_baton->read_len);
if (result != SASL_OK)
return svn_error_create(SVN_ERR_RA_NOT_AUTHORIZED, NULL,
- get_sasl_error(sasl_baton->ctx,
+ get_sasl_error(sasl_baton->ctx, result,
sasl_baton->scratch_pool));
}
@@ -592,13 +646,14 @@ sasl_write_cb(void *baton, const char *b
{
/* Make sure we don't write too much. */
*len = (*len > sasl_baton->maxsize) ? sasl_baton->maxsize : *len;
+ clear_sasl_errno();
result = sasl_encode(sasl_baton->ctx, buffer, *len,
&sasl_baton->write_buf,
&sasl_baton->write_len);
if (result != SASL_OK)
return svn_error_create(SVN_ERR_RA_NOT_AUTHORIZED, NULL,
- get_sasl_error(sasl_baton->ctx,
+ get_sasl_error(sasl_baton->ctx, result,
sasl_baton->scratch_pool));
}
@@ -652,10 +707,11 @@ svn_error_t *svn_ra_svn__enable_sasl_enc
int result;
/* Get the strength of the security layer. */
+ clear_sasl_errno();
result = sasl_getprop(sasl_ctx, SASL_SSF, (void*) &ssfp);
if (result != SASL_OK)
return svn_error_create(SVN_ERR_RA_NOT_AUTHORIZED, NULL,
- get_sasl_error(sasl_ctx, pool));
+ get_sasl_error(sasl_ctx, result, pool));
if (*ssfp > 0)
{
@@ -671,23 +727,25 @@ svn_error_t *svn_ra_svn__enable_sasl_enc
sasl_baton->scratch_pool = conn->pool;
/* Find out the maximum input size for sasl_encode. */
+ clear_sasl_errno();
result = sasl_getprop(sasl_ctx, SASL_MAXOUTBUF, &maxsize);
if (result != SASL_OK)
return svn_error_create(SVN_ERR_RA_NOT_AUTHORIZED, NULL,
- get_sasl_error(sasl_ctx, pool));
+ get_sasl_error(sasl_ctx, result, pool));
sasl_baton->maxsize = *((const unsigned int *) maxsize);
/* If there is any data left in the read buffer at this point,
we need to decrypt it. */
if (conn->read_end > conn->read_ptr)
{
+ clear_sasl_errno();
result = sasl_decode(sasl_ctx, conn->read_ptr,
conn->read_end - conn->read_ptr,
&sasl_baton->read_buf,
&sasl_baton->read_len);
if (result != SASL_OK)
return svn_error_create(SVN_ERR_RA_NOT_AUTHORIZED, NULL,
- get_sasl_error(sasl_ctx, pool));
+ get_sasl_error(sasl_ctx, result,
pool));
conn->read_end = conn->read_ptr;
}
