annotate hgext/factotum.py @ 29449:5b71a8d7f7ff

sslutil: emit warning when no CA certificates loaded If no CA certificates are loaded, that is almost certainly a/the reason certificate verification fails when connecting to a server. The modern ssl module in Python 2.7.9+ provides an API to access the list of loaded CA certificates. This patch emits a warning on modern Python when certificate verification fails and there are no loaded CA certificates. There is no way to detect the number of loaded CA certificates unless the modern ssl module is present. Hence the differences in test output depending on whether modern ssl is available. It's worth noting that a test which specifies a CA file still renders this warning. That is because the certificate it is loading is a x509 client certificate and not a CA certificate. This test could be updated if anyone is so inclined.
author Gregory Szorc <gregory.szorc@gmail.com>
date Wed, 29 Jun 2016 19:43:27 -0700
parents 2c019aac6b99
children 21b568820a3c
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
16383
f5dd179bfa4a plan9: initial support for plan 9 from bell labs
Steven Stallion <sstallion@gmail.com>
parents:
diff changeset
1 # factotum.py - Plan 9 factotum integration for Mercurial
f5dd179bfa4a plan9: initial support for plan 9 from bell labs
Steven Stallion <sstallion@gmail.com>
parents:
diff changeset
2 #
f5dd179bfa4a plan9: initial support for plan 9 from bell labs
Steven Stallion <sstallion@gmail.com>
parents:
diff changeset
3 # Copyright (C) 2012 Steven Stallion <sstallion@gmail.com>
f5dd179bfa4a plan9: initial support for plan 9 from bell labs
Steven Stallion <sstallion@gmail.com>
parents:
diff changeset
4 #
f5dd179bfa4a plan9: initial support for plan 9 from bell labs
Steven Stallion <sstallion@gmail.com>
parents:
diff changeset
5 # This program is free software; you can redistribute it and/or modify it
f5dd179bfa4a plan9: initial support for plan 9 from bell labs
Steven Stallion <sstallion@gmail.com>
parents:
diff changeset
6 # under the terms of the GNU General Public License as published by the
f5dd179bfa4a plan9: initial support for plan 9 from bell labs
Steven Stallion <sstallion@gmail.com>
parents:
diff changeset
7 # Free Software Foundation; either version 2 of the License, or (at your
f5dd179bfa4a plan9: initial support for plan 9 from bell labs
Steven Stallion <sstallion@gmail.com>
parents:
diff changeset
8 # option) any later version.
f5dd179bfa4a plan9: initial support for plan 9 from bell labs
Steven Stallion <sstallion@gmail.com>
parents:
diff changeset
9 #
f5dd179bfa4a plan9: initial support for plan 9 from bell labs
Steven Stallion <sstallion@gmail.com>
parents:
diff changeset
10 # This program is distributed in the hope that it will be useful, but
f5dd179bfa4a plan9: initial support for plan 9 from bell labs
Steven Stallion <sstallion@gmail.com>
parents:
diff changeset
11 # WITHOUT ANY WARRANTY; without even the implied warranty of
f5dd179bfa4a plan9: initial support for plan 9 from bell labs
Steven Stallion <sstallion@gmail.com>
parents:
diff changeset
12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
f5dd179bfa4a plan9: initial support for plan 9 from bell labs
Steven Stallion <sstallion@gmail.com>
parents:
diff changeset
13 # Public License for more details.
f5dd179bfa4a plan9: initial support for plan 9 from bell labs
Steven Stallion <sstallion@gmail.com>
parents:
diff changeset
14 #
f5dd179bfa4a plan9: initial support for plan 9 from bell labs
Steven Stallion <sstallion@gmail.com>
parents:
diff changeset
15 # You should have received a copy of the GNU General Public License along
f5dd179bfa4a plan9: initial support for plan 9 from bell labs
Steven Stallion <sstallion@gmail.com>
parents:
diff changeset
16 # with this program; if not, write to the Free Software Foundation, Inc.,
f5dd179bfa4a plan9: initial support for plan 9 from bell labs
Steven Stallion <sstallion@gmail.com>
parents:
diff changeset
17 # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
f5dd179bfa4a plan9: initial support for plan 9 from bell labs
Steven Stallion <sstallion@gmail.com>
parents:
diff changeset
18
f5dd179bfa4a plan9: initial support for plan 9 from bell labs
Steven Stallion <sstallion@gmail.com>
parents:
diff changeset
19 '''http authentication with factotum
f5dd179bfa4a plan9: initial support for plan 9 from bell labs
Steven Stallion <sstallion@gmail.com>
parents:
diff changeset
20
16582
cbb916e2d7c5 factotum: add man reference to help output
Steven Stallion <sstallion@gmail.com>
parents: 16463
diff changeset
21 This extension allows the factotum(4) facility on Plan 9 from Bell Labs
cbb916e2d7c5 factotum: add man reference to help output
Steven Stallion <sstallion@gmail.com>
parents: 16463
diff changeset
22 platforms to provide authentication information for HTTP access. Configuration
cbb916e2d7c5 factotum: add man reference to help output
Steven Stallion <sstallion@gmail.com>
parents: 16463
diff changeset
23 entries specified in the auth section as well as authentication information
cbb916e2d7c5 factotum: add man reference to help output
Steven Stallion <sstallion@gmail.com>
parents: 16463
diff changeset
24 provided in the repository URL are fully supported. If no prefix is specified,
cbb916e2d7c5 factotum: add man reference to help output
Steven Stallion <sstallion@gmail.com>
parents: 16463
diff changeset
25 a value of "*" will be assumed.
16383
f5dd179bfa4a plan9: initial support for plan 9 from bell labs
Steven Stallion <sstallion@gmail.com>
parents:
diff changeset
26
f5dd179bfa4a plan9: initial support for plan 9 from bell labs
Steven Stallion <sstallion@gmail.com>
parents:
diff changeset
27 By default, keys are specified as::
f5dd179bfa4a plan9: initial support for plan 9 from bell labs
Steven Stallion <sstallion@gmail.com>
parents:
diff changeset
28
f5dd179bfa4a plan9: initial support for plan 9 from bell labs
Steven Stallion <sstallion@gmail.com>
parents:
diff changeset
29 proto=pass service=hg prefix=<prefix> user=<username> !password=<password>
f5dd179bfa4a plan9: initial support for plan 9 from bell labs
Steven Stallion <sstallion@gmail.com>
parents:
diff changeset
30
f5dd179bfa4a plan9: initial support for plan 9 from bell labs
Steven Stallion <sstallion@gmail.com>
parents:
diff changeset
31 If the factotum extension is unable to read the required key, one will be
f5dd179bfa4a plan9: initial support for plan 9 from bell labs
Steven Stallion <sstallion@gmail.com>
parents:
diff changeset
32 requested interactively.
f5dd179bfa4a plan9: initial support for plan 9 from bell labs
Steven Stallion <sstallion@gmail.com>
parents:
diff changeset
33
f5dd179bfa4a plan9: initial support for plan 9 from bell labs
Steven Stallion <sstallion@gmail.com>
parents:
diff changeset
34 A configuration section is available to customize runtime behavior. By
f5dd179bfa4a plan9: initial support for plan 9 from bell labs
Steven Stallion <sstallion@gmail.com>
parents:
diff changeset
35 default, these entries are::
f5dd179bfa4a plan9: initial support for plan 9 from bell labs
Steven Stallion <sstallion@gmail.com>
parents:
diff changeset
36
f5dd179bfa4a plan9: initial support for plan 9 from bell labs
Steven Stallion <sstallion@gmail.com>
parents:
diff changeset
37 [factotum]
16463
cef755f86d5c factotum: rename mount and path configuration entries
Steven Stallion <sstallion@gmail.com>
parents: 16383
diff changeset
38 executable = /bin/auth/factotum
cef755f86d5c factotum: rename mount and path configuration entries
Steven Stallion <sstallion@gmail.com>
parents: 16383
diff changeset
39 mountpoint = /mnt/factotum
16383
f5dd179bfa4a plan9: initial support for plan 9 from bell labs
Steven Stallion <sstallion@gmail.com>
parents:
diff changeset
40 service = hg
f5dd179bfa4a plan9: initial support for plan 9 from bell labs
Steven Stallion <sstallion@gmail.com>
parents:
diff changeset
41
16463
cef755f86d5c factotum: rename mount and path configuration entries
Steven Stallion <sstallion@gmail.com>
parents: 16383
diff changeset
42 The executable entry defines the full path to the factotum binary. The
cef755f86d5c factotum: rename mount and path configuration entries
Steven Stallion <sstallion@gmail.com>
parents: 16383
diff changeset
43 mountpoint entry defines the path to the factotum file service. Lastly, the
cef755f86d5c factotum: rename mount and path configuration entries
Steven Stallion <sstallion@gmail.com>
parents: 16383
diff changeset
44 service entry controls the service name used when reading keys.
16383
f5dd179bfa4a plan9: initial support for plan 9 from bell labs
Steven Stallion <sstallion@gmail.com>
parents:
diff changeset
45
f5dd179bfa4a plan9: initial support for plan 9 from bell labs
Steven Stallion <sstallion@gmail.com>
parents:
diff changeset
46 '''
f5dd179bfa4a plan9: initial support for plan 9 from bell labs
Steven Stallion <sstallion@gmail.com>
parents:
diff changeset
47
28971
bacca31f4835 py3: make factotum use absolute_import
Pulkit Goyal <7895pulkit@gmail.com>
parents: 26587
diff changeset
48 from __future__ import absolute_import
bacca31f4835 py3: make factotum use absolute_import
Pulkit Goyal <7895pulkit@gmail.com>
parents: 26587
diff changeset
49
bacca31f4835 py3: make factotum use absolute_import
Pulkit Goyal <7895pulkit@gmail.com>
parents: 26587
diff changeset
50 import os
16383
f5dd179bfa4a plan9: initial support for plan 9 from bell labs
Steven Stallion <sstallion@gmail.com>
parents:
diff changeset
51 from mercurial.i18n import _
28971
bacca31f4835 py3: make factotum use absolute_import
Pulkit Goyal <7895pulkit@gmail.com>
parents: 26587
diff changeset
52 from mercurial import (
bacca31f4835 py3: make factotum use absolute_import
Pulkit Goyal <7895pulkit@gmail.com>
parents: 26587
diff changeset
53 error,
bacca31f4835 py3: make factotum use absolute_import
Pulkit Goyal <7895pulkit@gmail.com>
parents: 26587
diff changeset
54 httpconnection,
bacca31f4835 py3: make factotum use absolute_import
Pulkit Goyal <7895pulkit@gmail.com>
parents: 26587
diff changeset
55 url,
bacca31f4835 py3: make factotum use absolute_import
Pulkit Goyal <7895pulkit@gmail.com>
parents: 26587
diff changeset
56 util,
bacca31f4835 py3: make factotum use absolute_import
Pulkit Goyal <7895pulkit@gmail.com>
parents: 26587
diff changeset
57 )
bacca31f4835 py3: make factotum use absolute_import
Pulkit Goyal <7895pulkit@gmail.com>
parents: 26587
diff changeset
58
bacca31f4835 py3: make factotum use absolute_import
Pulkit Goyal <7895pulkit@gmail.com>
parents: 26587
diff changeset
59 urlreq = util.urlreq
bacca31f4835 py3: make factotum use absolute_import
Pulkit Goyal <7895pulkit@gmail.com>
parents: 26587
diff changeset
60 passwordmgr = url.passwordmgr
16383
f5dd179bfa4a plan9: initial support for plan 9 from bell labs
Steven Stallion <sstallion@gmail.com>
parents:
diff changeset
61
f5dd179bfa4a plan9: initial support for plan 9 from bell labs
Steven Stallion <sstallion@gmail.com>
parents:
diff changeset
62 ERRMAX = 128
f5dd179bfa4a plan9: initial support for plan 9 from bell labs
Steven Stallion <sstallion@gmail.com>
parents:
diff changeset
63
21228
be561a622100 factotum: initialize global variables to suppress pyflakes warning
Yuya Nishihara <yuya@tcha.org>
parents: 19614
diff changeset
64 _executable = _mountpoint = _service = None
be561a622100 factotum: initialize global variables to suppress pyflakes warning
Yuya Nishihara <yuya@tcha.org>
parents: 19614
diff changeset
65
16383
f5dd179bfa4a plan9: initial support for plan 9 from bell labs
Steven Stallion <sstallion@gmail.com>
parents:
diff changeset
66 def auth_getkey(self, params):
f5dd179bfa4a plan9: initial support for plan 9 from bell labs
Steven Stallion <sstallion@gmail.com>
parents:
diff changeset
67 if not self.ui.interactive():
26587
56b2bcea2529 error: get Abort from 'error' instead of 'util'
Pierre-Yves David <pierre-yves.david@fb.com>
parents: 25078
diff changeset
68 raise error.Abort(_('factotum not interactive'))
16383
f5dd179bfa4a plan9: initial support for plan 9 from bell labs
Steven Stallion <sstallion@gmail.com>
parents:
diff changeset
69 if 'user=' not in params:
f5dd179bfa4a plan9: initial support for plan 9 from bell labs
Steven Stallion <sstallion@gmail.com>
parents:
diff changeset
70 params = '%s user?' % params
f5dd179bfa4a plan9: initial support for plan 9 from bell labs
Steven Stallion <sstallion@gmail.com>
parents:
diff changeset
71 params = '%s !password?' % params
16463
cef755f86d5c factotum: rename mount and path configuration entries
Steven Stallion <sstallion@gmail.com>
parents: 16383
diff changeset
72 os.system("%s -g '%s'" % (_executable, params))
16383
f5dd179bfa4a plan9: initial support for plan 9 from bell labs
Steven Stallion <sstallion@gmail.com>
parents:
diff changeset
73
f5dd179bfa4a plan9: initial support for plan 9 from bell labs
Steven Stallion <sstallion@gmail.com>
parents:
diff changeset
74 def auth_getuserpasswd(self, getkey, params):
f5dd179bfa4a plan9: initial support for plan 9 from bell labs
Steven Stallion <sstallion@gmail.com>
parents:
diff changeset
75 params = 'proto=pass %s' % params
f5dd179bfa4a plan9: initial support for plan 9 from bell labs
Steven Stallion <sstallion@gmail.com>
parents:
diff changeset
76 while True:
16463
cef755f86d5c factotum: rename mount and path configuration entries
Steven Stallion <sstallion@gmail.com>
parents: 16383
diff changeset
77 fd = os.open('%s/rpc' % _mountpoint, os.O_RDWR)
16383
f5dd179bfa4a plan9: initial support for plan 9 from bell labs
Steven Stallion <sstallion@gmail.com>
parents:
diff changeset
78 try:
25078
e8348f1cc228 factotum: use try/except/finally
Matt Mackall <mpm@selenic.com>
parents: 23393
diff changeset
79 os.write(fd, 'start %s' % params)
e8348f1cc228 factotum: use try/except/finally
Matt Mackall <mpm@selenic.com>
parents: 23393
diff changeset
80 l = os.read(fd, ERRMAX).split()
e8348f1cc228 factotum: use try/except/finally
Matt Mackall <mpm@selenic.com>
parents: 23393
diff changeset
81 if l[0] == 'ok':
e8348f1cc228 factotum: use try/except/finally
Matt Mackall <mpm@selenic.com>
parents: 23393
diff changeset
82 os.write(fd, 'read')
e8348f1cc228 factotum: use try/except/finally
Matt Mackall <mpm@selenic.com>
parents: 23393
diff changeset
83 status, user, passwd = os.read(fd, ERRMAX).split(None, 2)
e8348f1cc228 factotum: use try/except/finally
Matt Mackall <mpm@selenic.com>
parents: 23393
diff changeset
84 if status == 'ok':
e8348f1cc228 factotum: use try/except/finally
Matt Mackall <mpm@selenic.com>
parents: 23393
diff changeset
85 if passwd.startswith("'"):
e8348f1cc228 factotum: use try/except/finally
Matt Mackall <mpm@selenic.com>
parents: 23393
diff changeset
86 if passwd.endswith("'"):
e8348f1cc228 factotum: use try/except/finally
Matt Mackall <mpm@selenic.com>
parents: 23393
diff changeset
87 passwd = passwd[1:-1].replace("''", "'")
e8348f1cc228 factotum: use try/except/finally
Matt Mackall <mpm@selenic.com>
parents: 23393
diff changeset
88 else:
26587
56b2bcea2529 error: get Abort from 'error' instead of 'util'
Pierre-Yves David <pierre-yves.david@fb.com>
parents: 25078
diff changeset
89 raise error.Abort(_('malformed password string'))
25078
e8348f1cc228 factotum: use try/except/finally
Matt Mackall <mpm@selenic.com>
parents: 23393
diff changeset
90 return (user, passwd)
e8348f1cc228 factotum: use try/except/finally
Matt Mackall <mpm@selenic.com>
parents: 23393
diff changeset
91 except (OSError, IOError):
26587
56b2bcea2529 error: get Abort from 'error' instead of 'util'
Pierre-Yves David <pierre-yves.david@fb.com>
parents: 25078
diff changeset
92 raise error.Abort(_('factotum not responding'))
16383
f5dd179bfa4a plan9: initial support for plan 9 from bell labs
Steven Stallion <sstallion@gmail.com>
parents:
diff changeset
93 finally:
f5dd179bfa4a plan9: initial support for plan 9 from bell labs
Steven Stallion <sstallion@gmail.com>
parents:
diff changeset
94 os.close(fd)
f5dd179bfa4a plan9: initial support for plan 9 from bell labs
Steven Stallion <sstallion@gmail.com>
parents:
diff changeset
95 getkey(self, params)
f5dd179bfa4a plan9: initial support for plan 9 from bell labs
Steven Stallion <sstallion@gmail.com>
parents:
diff changeset
96
f5dd179bfa4a plan9: initial support for plan 9 from bell labs
Steven Stallion <sstallion@gmail.com>
parents:
diff changeset
97 def monkeypatch_method(cls):
f5dd179bfa4a plan9: initial support for plan 9 from bell labs
Steven Stallion <sstallion@gmail.com>
parents:
diff changeset
98 def decorator(func):
f5dd179bfa4a plan9: initial support for plan 9 from bell labs
Steven Stallion <sstallion@gmail.com>
parents:
diff changeset
99 setattr(cls, func.__name__, func)
f5dd179bfa4a plan9: initial support for plan 9 from bell labs
Steven Stallion <sstallion@gmail.com>
parents:
diff changeset
100 return func
f5dd179bfa4a plan9: initial support for plan 9 from bell labs
Steven Stallion <sstallion@gmail.com>
parents:
diff changeset
101 return decorator
f5dd179bfa4a plan9: initial support for plan 9 from bell labs
Steven Stallion <sstallion@gmail.com>
parents:
diff changeset
102
f5dd179bfa4a plan9: initial support for plan 9 from bell labs
Steven Stallion <sstallion@gmail.com>
parents:
diff changeset
103 @monkeypatch_method(passwordmgr)
f5dd179bfa4a plan9: initial support for plan 9 from bell labs
Steven Stallion <sstallion@gmail.com>
parents:
diff changeset
104 def find_user_password(self, realm, authuri):
29377
2c019aac6b99 url: extract password database from password manager
liscju <piotr.listkiewicz@gmail.com>
parents: 28971
diff changeset
105 user, passwd = self.passwddb.find_user_password(realm, authuri)
16383
f5dd179bfa4a plan9: initial support for plan 9 from bell labs
Steven Stallion <sstallion@gmail.com>
parents:
diff changeset
106 if user and passwd:
f5dd179bfa4a plan9: initial support for plan 9 from bell labs
Steven Stallion <sstallion@gmail.com>
parents:
diff changeset
107 self._writedebug(user, passwd)
f5dd179bfa4a plan9: initial support for plan 9 from bell labs
Steven Stallion <sstallion@gmail.com>
parents:
diff changeset
108 return (user, passwd)
f5dd179bfa4a plan9: initial support for plan 9 from bell labs
Steven Stallion <sstallion@gmail.com>
parents:
diff changeset
109
f5dd179bfa4a plan9: initial support for plan 9 from bell labs
Steven Stallion <sstallion@gmail.com>
parents:
diff changeset
110 prefix = ''
f5dd179bfa4a plan9: initial support for plan 9 from bell labs
Steven Stallion <sstallion@gmail.com>
parents:
diff changeset
111 res = httpconnection.readauthforuri(self.ui, authuri, user)
f5dd179bfa4a plan9: initial support for plan 9 from bell labs
Steven Stallion <sstallion@gmail.com>
parents:
diff changeset
112 if res:
f5dd179bfa4a plan9: initial support for plan 9 from bell labs
Steven Stallion <sstallion@gmail.com>
parents:
diff changeset
113 _, auth = res
f5dd179bfa4a plan9: initial support for plan 9 from bell labs
Steven Stallion <sstallion@gmail.com>
parents:
diff changeset
114 prefix = auth.get('prefix')
f5dd179bfa4a plan9: initial support for plan 9 from bell labs
Steven Stallion <sstallion@gmail.com>
parents:
diff changeset
115 user, passwd = auth.get('username'), auth.get('password')
f5dd179bfa4a plan9: initial support for plan 9 from bell labs
Steven Stallion <sstallion@gmail.com>
parents:
diff changeset
116 if not user or not passwd:
f5dd179bfa4a plan9: initial support for plan 9 from bell labs
Steven Stallion <sstallion@gmail.com>
parents:
diff changeset
117 if not prefix:
19614
1d50c69c1f0a factotum: clean up keychain for multiple hg repository authentication
Jeff Sickel <jas@corpus-callosum.com>
parents: 18647
diff changeset
118 prefix = realm.split(' ')[0].lower()
16383
f5dd179bfa4a plan9: initial support for plan 9 from bell labs
Steven Stallion <sstallion@gmail.com>
parents:
diff changeset
119 params = 'service=%s prefix=%s' % (_service, prefix)
f5dd179bfa4a plan9: initial support for plan 9 from bell labs
Steven Stallion <sstallion@gmail.com>
parents:
diff changeset
120 if user:
f5dd179bfa4a plan9: initial support for plan 9 from bell labs
Steven Stallion <sstallion@gmail.com>
parents:
diff changeset
121 params = '%s user=%s' % (params, user)
f5dd179bfa4a plan9: initial support for plan 9 from bell labs
Steven Stallion <sstallion@gmail.com>
parents:
diff changeset
122 user, passwd = auth_getuserpasswd(self, auth_getkey, params)
f5dd179bfa4a plan9: initial support for plan 9 from bell labs
Steven Stallion <sstallion@gmail.com>
parents:
diff changeset
123
f5dd179bfa4a plan9: initial support for plan 9 from bell labs
Steven Stallion <sstallion@gmail.com>
parents:
diff changeset
124 self.add_password(realm, authuri, user, passwd)
f5dd179bfa4a plan9: initial support for plan 9 from bell labs
Steven Stallion <sstallion@gmail.com>
parents:
diff changeset
125 self._writedebug(user, passwd)
f5dd179bfa4a plan9: initial support for plan 9 from bell labs
Steven Stallion <sstallion@gmail.com>
parents:
diff changeset
126 return (user, passwd)
f5dd179bfa4a plan9: initial support for plan 9 from bell labs
Steven Stallion <sstallion@gmail.com>
parents:
diff changeset
127
f5dd179bfa4a plan9: initial support for plan 9 from bell labs
Steven Stallion <sstallion@gmail.com>
parents:
diff changeset
128 def uisetup(ui):
16463
cef755f86d5c factotum: rename mount and path configuration entries
Steven Stallion <sstallion@gmail.com>
parents: 16383
diff changeset
129 global _executable
cef755f86d5c factotum: rename mount and path configuration entries
Steven Stallion <sstallion@gmail.com>
parents: 16383
diff changeset
130 _executable = ui.config('factotum', 'executable', '/bin/auth/factotum')
cef755f86d5c factotum: rename mount and path configuration entries
Steven Stallion <sstallion@gmail.com>
parents: 16383
diff changeset
131 global _mountpoint
cef755f86d5c factotum: rename mount and path configuration entries
Steven Stallion <sstallion@gmail.com>
parents: 16383
diff changeset
132 _mountpoint = ui.config('factotum', 'mountpoint', '/mnt/factotum')
16383
f5dd179bfa4a plan9: initial support for plan 9 from bell labs
Steven Stallion <sstallion@gmail.com>
parents:
diff changeset
133 global _service
f5dd179bfa4a plan9: initial support for plan 9 from bell labs
Steven Stallion <sstallion@gmail.com>
parents:
diff changeset
134 _service = ui.config('factotum', 'service', 'hg')