Rev 6546: (gz) Add Base64CredentialStore for authentication.conf password obfuscation in file:///srv/pqm.bazaar-vcs.org/archives/thelove/bzr/%2Btrunk/

Patch Queue Manager pqm at pqm.ubuntu.com
Sat Jul 28 15:55:41 UTC 2012 

At file:///srv/pqm.bazaar-vcs.org/archives/thelove/bzr/%2Btrunk/

------------------------------------------------------------
revno: 6546 [merge]
revision-id: pqm at pqm.ubuntu.com-20120728155541-d860rcyc2q82nhnj
parent: pqm at pqm.ubuntu.com-20120728151639-ryaymw3kp1yqrrdx
parent: gzlist at googlemail.com-20120728152622-wkjruul7dtg6c0ts
committer: Patch Queue Manager <pqm at pqm.ubuntu.com>
branch nick: +trunk
timestamp: Sat 2012-07-28 15:55:41 +0000
message:
  (gz) Add Base64CredentialStore for authentication.conf password obfuscation
   (Martin Packman)
modified:
  bzrlib/config.py               config.py-20051011043216-070c74f4e9e338e8
  bzrlib/tests/test_config.py    testconfig.py-20051011041908-742d0c15d8d8c8eb
  doc/developers/authentication-ring.txt authring.txt-20070718200437-q5tdik0ne6lor86d-1
  doc/en/release-notes/bzr-2.6.txt bzr2.6.txt-20120116134316-8w1xxom1c7vcu1t5-1
=== modified file 'bzrlib/config.py'
--- a/bzrlib/config.py	2012-07-20 15:46:59 +0000
+++ b/bzrlib/config.py	2012-07-28 15:19:25 +0000
@@ -81,6 +81,7 @@
 from bzrlib.decorators import needs_write_lock
 from bzrlib.lazy_import import lazy_import
 lazy_import(globals(), """
+import base64
 import fnmatch
 import re
 
@@ -2131,6 +2132,19 @@
 credential_store_registry.default_key = 'plain'
 
 
+class Base64CredentialStore(CredentialStore):
+    __doc__ = """Base64 credential store for the authentication.conf file"""
+    
+    def decode_password(self, credentials):
+        """See CredentialStore.decode_password."""
+        # GZ 2012-07-28: Will raise binascii.Error if password is not base64,
+        #                should probably propogate as something more useful.
+        return base64.decodestring(credentials['password'])
+
+credential_store_registry.register('base64', Base64CredentialStore,
+                                   help=Base64CredentialStore.__doc__)
+
+
 class BzrDirConfig(object):
 
     def __init__(self, bzrdir):

=== modified file 'bzrlib/tests/test_config.py'
--- a/bzrlib/tests/test_config.py	2012-07-21 02:00:58 +0000
+++ b/bzrlib/tests/test_config.py	2012-07-28 15:19:25 +0000
@@ -15,17 +15,16 @@
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
 
 """Tests for finding and reading the bzr config file[s]."""
-# import system imports here
+
+import base64
 from cStringIO import StringIO
 from textwrap import dedent
 import os
 import sys
 import threading
 
-
 from testtools import matchers
 
-#import bzrlib specific imports here
 from bzrlib import (
     branch,
     config,
@@ -4842,6 +4841,15 @@
         self.assertEquals('secret', decoded)
 
 
+class TestBase64CredentialStore(tests.TestCase):
+
+    def test_decode_password(self):
+        r = config.credential_store_registry
+        plain_text = r.get_credential_store('base64')
+        decoded = plain_text.decode_password(dict(password='c2VjcmV0'))
+        self.assertEquals('secret', decoded)
+
+
 # FIXME: Once we have a way to declare authentication to all test servers, we
 # can implement generic tests.
 # test_user_password_in_url

=== modified file 'doc/developers/authentication-ring.txt'
--- a/doc/developers/authentication-ring.txt	2010-11-12 22:46:28 +0000
+++ b/doc/developers/authentication-ring.txt	2012-04-03 14:49:22 +0000
@@ -158,7 +158,7 @@
 
 Encoding passwords in ``base64``, while weak, provides protection against
 accidental reading (if an administrator have to look into the file, he will not
-see the passwords in clear).(Not implemented yet).
+see the passwords in clear).
 
 This specification intends to ease the authentication providing, not to secure
 it in the best possible way.
@@ -266,6 +266,7 @@
         scheme=https
         host=home.net
         user=joe
+        # Obtain the base64 encoded password by running 'echo -n "secret-pass" | base64'
         password='c2VjcmV0LXBhc3M='
         password_encoding=base64
         verify_certificates=no # Still searching a free certificate provider

=== modified file 'doc/en/release-notes/bzr-2.6.txt'
--- a/doc/en/release-notes/bzr-2.6.txt	2012-07-28 14:46:45 +0000
+++ b/doc/en/release-notes/bzr-2.6.txt	2012-07-28 15:55:41 +0000
@@ -28,6 +28,9 @@
 specified, not the branch you use.  This was enabled by a new API call in
 Launchpad's web service.  (Aaron Bentley)
 
+* Implement authentication.conf password obfuscation, the password_encoding
+  option can now be set to base64. (Florian Dorn)
+
 Bug Fixes
 *********

More information about the bazaar-commits mailing list