RE: Re: subversion issue: ignore server invaild certificate in linux

2016-10-21 Thread Bert Huijben 


> -Original Message-
> From: Stefan Sperling [mailto:s...@elego.de]
> Sent: vrijdag 21 oktober 2016 14:14
> To: yuan lixin <woo...@126.com>
> Cc: users@subversion.apache.org
> Subject: Re: Re: subversion issue: ignore server invaild certificate in
linux
> 
> On Fri, Oct 21, 2016 at 07:41:18PM +0800, yuan lixin wrote:
> > but in the interface "svn_auth_ssl_server_trust_prompt_func_t",
> > the actual parameter is "failures", not "*failures".  so it can not
change
> > the svn's failures in linux, then can not ignore certificate.
> > could you look at my code for a solution.
> >
> > Thank you
> > --woodsp
> 
> libsvn_subr gets 'failures' from the 'parameters' hash:

Code shouldn't touch the failures value; they should change the
accepted_failures in the credentials value. 

/** @c SVN_AUTH_CRED_SSL_SERVER_TRUST credentials. */
typedef struct svn_auth_cred_ssl_server_trust_t
{
  /** Indicates if the credentials may be saved (to disk). For example, a
   * GUI prompt implementation with a checkbox to accept the certificate
   * permanently shall set @a may_save to TRUE if the checkbox is checked.
   */
  svn_boolean_t may_save;
  /** Bit mask of the accepted failures */
  apr_uint32_t accepted_failures;
} svn_auth_cred_ssl_server_trust_t;


If svn uses a different way to change a value in the caller that is a bug
that should be fixed there.

Bert

Re: Re: subversion issue: ignore server invaild certificate in linux

2016-10-21 Thread Stefan Sperling 
On Fri, Oct 21, 2016 at 07:41:18PM +0800, yuan lixin wrote:
> but in the interface "svn_auth_ssl_server_trust_prompt_func_t",
> the actual parameter is "failures", not "*failures".  so it can not change
> the svn's failures in linux, then can not ignore certificate.
> could you look at my code for a solution.
> 
> Thank you
> --woodsp

libsvn_subr gets 'failures' from the 'parameters' hash:

https://svn.apache.org/repos/asf/subversion/trunk/subversion/libsvn_subr/ssl_server_trust_providers.c

/* retrieve ssl server CA failure overrides (if any) from servers
   config */
static svn_error_t *
ssl_server_trust_file_first_credentials(void **credentials,
void **iter_baton,
void *provider_baton,
apr_hash_t *parameters,
const char *realmstring,
apr_pool_t *pool)
{
  apr_uint32_t *failures = svn_hash_gets(parameters,
 SVN_AUTH_PARAM_SSL_SERVER_FAILURES);
  const svn_auth_ssl_server_cert_info_t *cert_info =
svn_hash_gets(parameters, SVN_AUTH_PARAM_SSL_SERVER_CERT_INFO);
  apr_hash_t *creds_hash = NULL;
  const char *config_dir;
  svn_error_t *error = SVN_NO_ERROR;

  *credentials = NULL;
  *iter_baton = NULL;

  /* Check if this is a permanently accepted certificate */
  config_dir = svn_hash_gets(parameters, SVN_AUTH_PARAM_CONFIG_DIR);
  error =
svn_config_read_auth_data(_hash, SVN_AUTH_CRED_SSL_SERVER_TRUST,
  realmstring, config_dir, pool);
  svn_error_clear(error);
  if (! error && creds_hash)
{
  svn_string_t *trusted_cert, *this_cert, *failstr;
  apr_uint32_t last_failures = 0;

  trusted_cert = svn_hash_gets(creds_hash, SVN_CONFIG_AUTHN_ASCII_CERT_KEY);
  this_cert = svn_string_create(cert_info->ascii_cert, pool);
  failstr = svn_hash_gets(creds_hash, SVN_CONFIG_AUTHN_FAILURES_KEY);

  if (failstr)
SVN_ERR(svn_cstring_atoui(_failures, failstr->data));

  /* If the cert is trusted and there are no new failures, we
   * accept it by clearing all failures. */
  if (trusted_cert &&
  svn_string_compare(this_cert, trusted_cert) &&
  (*failures & ~last_failures) == 0)
{
  *failures = 0;
}
}

  /* If all failures are cleared now, we return the creds */
  if (! *failures)
{
  svn_auth_cred_ssl_server_trust_t *creds =
apr_pcalloc(pool, sizeof(*creds));
  creds->may_save = FALSE; /* No need to save it again... */
  *credentials = creds;
}

  return SVN_NO_ERROR;
}

[...]

static const svn_auth_provider_t ssl_server_trust_file_provider = {
  SVN_AUTH_CRED_SSL_SERVER_TRUST,
  ssl_server_trust_file_first_credentials,
  NULL,
  ssl_server_trust_file_save_credentials,
};

So I believe you can create an svn_auth_provider_t with your own
implementation of ssl_server_trust_file_first_credentials:

static svn_error_t *
my_own_server_trust_file_first_credentials(void **credentials,
void **iter_baton,
void *provider_baton,
apr_hash_t *parameters,
const char *realmstring,
apr_pool_t *pool)
{
  apr_uint32_t *failures = svn_hash_gets(parameters,
 SVN_AUTH_PARAM_SSL_SERVER_FAILURES);
  svn_auth_cred_ssl_server_trust_t *creds =
apr_pcalloc(pool, sizeof(*creds));
  creds->may_save = FALSE;
  *credentials = creds;

  *failures = 0;

  return SVN_NO_ERROR;
}


And create your own provider:

static const svn_auth_provider_t my_own_server_trust_file_provider = {
  SVN_AUTH_CRED_SSL_SERVER_TRUST,
  my_own_server_trust_file_first_credentials,
  NULL,
  NULL,
};

And somehow register this provider when svn_auth_open() is called.

I don't know if my idea will really work, but I have no idea what else
you could try.