Author: cmpilato
Date: Thu Apr 5 19:36:04 2012
New Revision: 1310031
URL: http://svn.apache.org/viewvc?rev=1310031&view=rev
Log:
Some logic abstraction / API isolation.
Reviewed by: pburba
* subversion/libsvn_subr/win32_crypto.c
(encrypt_data, decrypt_data): New helper functions which isolate the
actual interaction with the Win32 Crypto API, abstracted from ...
(windows_password_encrypter, windows_ssl_client_cert_pw_encrypter,
windows_password_decrypter, windows_ssl_client_cert_pw_decrypter):
... these functions, which now defer to the new helpers.
Modified:
subversion/trunk/subversion/libsvn_subr/win32_crypto.c
Modified: subversion/trunk/subversion/libsvn_subr/win32_crypto.c
URL:
http://svn.apache.org/viewvc/subversion/trunk/subversion/libsvn_subr/win32_crypto.c?rev=1310031&r1=1310030&r2=1310031&view=diff
==============================================================================
--- subversion/trunk/subversion/libsvn_subr/win32_crypto.c (original)
+++ subversion/trunk/subversion/libsvn_subr/win32_crypto.c Thu Apr 5 19:36:04
2012
@@ -28,28 +28,77 @@
/*** Includes. ***/
#include <apr_pools.h>
+#include <apr_base64.h>
#include "svn_auth.h"
#include "svn_error.h"
#include "svn_utf.h"
#include "svn_config.h"
#include "svn_user.h"
+#include "svn_base64.h"
#include "private/svn_auth_private.h"
#include "svn_private_config.h"
#include <wincrypt.h>
-#include <apr_base64.h>
-�
-/*-----------------------------------------------------------------------*/
-/* Windows simple provider, encrypts the password on Win2k and later. */
-/*-----------------------------------------------------------------------*/
+�
/* The description string that's combined with unencrypted data by the
Windows CryptoAPI. Used during decryption to verify that the
encrypted data were valid. */
static const WCHAR description[] = L"auth_svn.simple.wincrypt";
+
+/* Return a copy of ORIG, encrypted using the Windows CryptoAPI and
+ allocated from POOL. */
+const svn_string_t *
+encrypt_data(const svn_string_t *orig,
+ apr_pool_t *pool)
+{
+ DATA_BLOB blobin;
+ DATA_BLOB blobout;
+ const svn_string_t *crypted = NULL;
+
+ blobin.cbData = orig->len;
+ blobin.pbData = (BYTE *)orig->data;
+ if (CryptProtectData(&blobin, description, NULL, NULL, NULL,
+ CRYPTPROTECT_UI_FORBIDDEN, &blobout))
+ {
+ crypted = svn_string_ncreate(blobout.pbData, blobout.cbData, pool);
+ LocalFree(blobout.pbData);
+ }
+ return crypted;
+}
+
+/* Return a copy of CRYPTED, decrypted using the Windows CryptoAPI and
+ allocated from POOL. */
+const svn_string_t *
+decrypt_data(const svn_string_t *crypted,
+ apr_pool_t *pool)
+{
+ DATA_BLOB blobin;
+ DATA_BLOB blobout;
+ LPWSTR descr;
+ const svn_string_t *orig = NULL;
+
+ blobin.cbData = crypted->len;
+ blobin.pbData = (BYTE *)crypted->data;
+ if (CryptUnprotectData(&blobin, &descr, NULL, NULL, NULL,
+ CRYPTPROTECT_UI_FORBIDDEN, &blobout))
+ {
+ if (0 == lstrcmpW(descr, description))
+ orig = svn_string_ncreate(blobout.pbData, blobout.cbData, pool);
+ LocalFree(blobout.pbData);
+ LocalFree(descr);
+ }
+ return orig;
+}
+
+�
+/*-----------------------------------------------------------------------*/
+/* Windows simple provider, encrypts the password on Win2k and later. */
+/*-----------------------------------------------------------------------*/
+
/* Implementation of svn_auth__password_set_t that encrypts
the incoming password using the Windows CryptoAPI. */
static svn_error_t *
@@ -62,22 +111,15 @@ windows_password_encrypter(svn_boolean_t
svn_boolean_t non_interactive,
apr_pool_t *pool)
{
- DATA_BLOB blobin;
- DATA_BLOB blobout;
- svn_boolean_t crypted;
+ const svn_string_t *coded;
- blobin.cbData = strlen(in);
- blobin.pbData = (BYTE*) in;
- crypted = CryptProtectData(&blobin, description, NULL, NULL, NULL,
- CRYPTPROTECT_UI_FORBIDDEN, &blobout);
- if (crypted)
+ coded = encrypt_data(svn_string_create(in, pool), pool);
+ if (coded)
{
- char *coded = apr_palloc(pool, apr_base64_encode_len(blobout.cbData));
- apr_base64_encode(coded, (const char*)blobout.pbData, blobout.cbData);
+ coded = svn_base64_encode_string2(coded, FALSE, pool);
SVN_ERR(svn_auth__simple_password_set(done, creds, realmstring, username,
- coded, parameters,
+ coded->data, parameters,
non_interactive, pool));
- LocalFree(blobout.pbData);
}
return SVN_NO_ERROR;
@@ -96,33 +138,25 @@ windows_password_decrypter(svn_boolean_t
svn_boolean_t non_interactive,
apr_pool_t *pool)
{
- DATA_BLOB blobin;
- DATA_BLOB blobout;
- LPWSTR descr;
- svn_boolean_t decrypted;
- char *in;
+ const svn_string_t *orig;
+ const char *in;
SVN_ERR(svn_auth__simple_password_get(done, &in, creds, realmstring,
username,
parameters, non_interactive, pool));
if (!done)
return SVN_NO_ERROR;
- blobin.cbData = strlen(in);
- blobin.pbData = apr_palloc(pool, apr_base64_decode_len(in));
- apr_base64_decode((char*)blobin.pbData, in);
- decrypted = CryptUnprotectData(&blobin, &descr, NULL, NULL, NULL,
- CRYPTPROTECT_UI_FORBIDDEN, &blobout);
- if (decrypted)
+ orig = svn_base64_decode_string(svn_string_create(in, pool), pool);
+ orig = decrypt_data(orig, pool);
+ if (orig)
{
- if (0 == lstrcmpW(descr, description))
- *out = apr_pstrndup(pool, (const char*)blobout.pbData, blobout.cbData);
- else
- decrypted = FALSE;
- LocalFree(blobout.pbData);
- LocalFree(descr);
+ *out = orig->data;
+ *done = TRUE;
+ }
+ else
+ {
+ *done = FALSE;
}
-
- *done = decrypted;
return SVN_NO_ERROR;
}
@@ -200,22 +234,16 @@ windows_ssl_client_cert_pw_encrypter(svn
svn_boolean_t non_interactive,
apr_pool_t *pool)
{
- DATA_BLOB blobin;
- DATA_BLOB blobout;
- svn_boolean_t crypted;
+ const svn_string_t *coded;
- blobin.cbData = strlen(in);
- blobin.pbData = (BYTE*) in;
- crypted = CryptProtectData(&blobin, description, NULL, NULL, NULL,
- CRYPTPROTECT_UI_FORBIDDEN, &blobout);
- if (crypted)
+ coded = encrypt_data(svn_string_create(in, pool), pool);
+ if (coded)
{
- char *coded = apr_palloc(pool, apr_base64_encode_len(blobout.cbData));
- apr_base64_encode(coded, (const char*)blobout.pbData, blobout.cbData);
+ coded = svn_base64_encode_string2(coded, FALSE, pool);
SVN_ERR(svn_auth__ssl_client_cert_pw_set(done, creds, realmstring,
- username, coded, parameters,
- non_interactive, pool));
- LocalFree(blobout.pbData);
+ username, coded->data,
+ parameters, non_interactive,
+ pool));
}
return SVN_NO_ERROR;
@@ -234,11 +262,8 @@ windows_ssl_client_cert_pw_decrypter(svn
svn_boolean_t non_interactive,
apr_pool_t *pool)
{
- DATA_BLOB blobin;
- DATA_BLOB blobout;
- LPWSTR descr;
- svn_boolean_t decrypted;
- char *in;
+ const svn_string_t *orig;
+ const char *in;
SVN_ERR(svn_auth__ssl_client_cert_pw_get(done, &in, creds, realmstring,
username, parameters,
@@ -246,22 +271,17 @@ windows_ssl_client_cert_pw_decrypter(svn
if (!done)
return SVN_NO_ERROR;
- blobin.cbData = strlen(in);
- blobin.pbData = apr_palloc(pool, apr_base64_decode_len(in));
- apr_base64_decode((char*)blobin.pbData, in);
- decrypted = CryptUnprotectData(&blobin, &descr, NULL, NULL, NULL,
- CRYPTPROTECT_UI_FORBIDDEN, &blobout);
- if (decrypted)
+ orig = svn_base64_decode_string(svn_string_create(in, pool), pool);
+ orig = decrypt_data(orig, pool);
+ if (orig)
{
- if (0 == lstrcmpW(descr, description))
- *out = apr_pstrndup(pool, (const char*)blobout.pbData, blobout.cbData);
- else
- decrypted = FALSE;
- LocalFree(blobout.pbData);
- LocalFree(descr);
+ *out = orig->data;
+ *done = TRUE;
+ }
+ else
+ {
+ *done = FALSE;
}
-
- *done = decrypted;
return SVN_NO_ERROR;
}
