mirrors/git-annex
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

Revert "S3, Glacier, WebDAV: Fix bug that prevented accessing the creds when the repository was configured with encryption=shared embedcreds=yes."

Browse source 
This reverts commit fbdeeeed5f.

I can find no basis for that commit and think that I made it in error.
setRemoteCredPair always encrypts using the cipher from remoteCipher,
even when the cipher is shared.
This commit is contained in:
Joey Hess 2014-09-18 15:18:52 -04:00
parent 2d99b6b931
commit d84eab8a8a
4 changed files with 13 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
Creds.hs
View file

@ -23,7 +23,7 @@ import Annex.Perms
import Utility.FileMode import Utility.FileMode
import Crypto import Crypto
import Types.Remote (RemoteConfig, RemoteConfigKey) import Types.Remote (RemoteConfig, RemoteConfigKey)
import Remote.Helper.Encryptable (remoteCipher, remoteCipher', embedCreds) import Remote.Helper.Encryptable (remoteCipher, embedCreds)
import Utility.Env (getEnv) import Utility.Env (getEnv)
import qualified Data.ByteString.Lazy.Char8 as L import qualified Data.ByteString.Lazy.Char8 as L
@ -85,19 +85,15 @@ getRemoteCredPair c storage = maybe fromcache (return . Just) =<< fromenv
fromcache = maybe fromconfig (return . Just) =<< readCacheCredPair storage fromcache = maybe fromconfig (return . Just) =<< readCacheCredPair storage
fromconfig = case credPairRemoteKey storage of fromconfig = case credPairRemoteKey storage of
Just key -> do Just key -> do
mcipher <- remoteCipher' c mcipher <- remoteCipher c
case (mcipher, M.lookup key c) of case (M.lookup key c, mcipher) of
(_, Nothing) -> return Nothing (Nothing, _) -> return Nothing
(Just (_cipher, SharedCipher {}), Just bcreds) -> (Just enccreds, Just cipher) -> do
-- When using a shared cipher, the
-- creds are not stored encrypted.
fromcreds $ fromB64 bcreds
(Just (cipher, _), Just enccreds) -> do
creds <- liftIO $ decrypt cipher creds <- liftIO $ decrypt cipher
(feedBytes $ L.pack $ fromB64 enccreds) (feedBytes $ L.pack $ fromB64 enccreds)
(readBytes $ return . L.unpack) (readBytes $ return . L.unpack)
fromcreds creds fromcreds creds
(Nothing, Just bcreds) -> (Just bcreds, Nothing) ->
fromcreds $ fromB64 bcreds fromcreds $ fromB64 bcreds
Nothing -> return Nothing Nothing -> return Nothing
fromcreds creds = case decodeCredPair creds of fromcreds creds = case decodeCredPair creds of

9
Remote/Helper/Encryptable.hs
View file

@ -71,21 +71,18 @@ encryptionSetup c = maybe genCipher updateCipher $ extractCipher c
{- Gets encryption Cipher. The decrypted Ciphers are cached in the Annex {- Gets encryption Cipher. The decrypted Ciphers are cached in the Annex
- state. -} - state. -}
remoteCipher :: RemoteConfig -> Annex (Maybe Cipher) remoteCipher :: RemoteConfig -> Annex (Maybe Cipher)
remoteCipher = fmap fst <$$> remoteCipher' remoteCipher c = go $ extractCipher c
remoteCipher' :: RemoteConfig -> Annex (Maybe (Cipher, StorableCipher))
remoteCipher' c = go $ extractCipher c
where where
go Nothing = return Nothing go Nothing = return Nothing
go (Just encipher) = do go (Just encipher) = do
cache <- Annex.getState Annex.ciphers cache <- Annex.getState Annex.ciphers
case M.lookup encipher cache of case M.lookup encipher cache of
Just cipher -> return $ Just (cipher, encipher) Just cipher -> return $ Just cipher
Nothing -> do Nothing -> do
showNote "gpg" showNote "gpg"
cipher <- liftIO $ decryptCipher encipher cipher <- liftIO $ decryptCipher encipher
Annex.changeState (\s -> s { Annex.ciphers = M.insert encipher cipher cache }) Annex.changeState (\s -> s { Annex.ciphers = M.insert encipher cipher cache })
return $ Just (cipher, encipher) return $ Just cipher
{- Checks if the remote's config allows storing creds in the remote's config. {- Checks if the remote's config allows storing creds in the remote's config.
- -

2
debian/changelog vendored
View file

@ -8,6 +8,8 @@ git-annex (5.20140916) UNRELEASED; urgency=medium
(Bug introduced in version 5.20140817.) (Bug introduced in version 5.20140817.)
* add: In direct mode, adding an annex symlink will check it into git, * add: In direct mode, adding an annex symlink will check it into git,
as was already done in indirect mode. as was already done in indirect mode.
* Fix reversion in handling creds with encryption=shared embedcreds=yes
introduced in 5.20140817.
-- Joey Hess <joeyh@debian.org> Mon, 15 Sep 2014 14:39:17 -0400 -- Joey Hess <joeyh@debian.org> Mon, 15 Sep 2014 14:39:17 -0400

2
doc/bugs/box.com.mdwn
View file

@ -31,3 +31,5 @@ Mac OS X 10.9.4
# End of transcript or log. # End of transcript or log.
"""]] """]]
> [[fixed|done]] --[[Joey]]