summaryrefslogtreecommitdiff
path: root/Creds.hs
diff options
context:
space:
mode:
authorGravatar Joey Hess <joey@kitenet.net>2014-08-12 15:35:29 -0400
committerGravatar Joey Hess <joey@kitenet.net>2014-08-12 15:35:29 -0400
commitcc54ff9e49260cd94f938e69e926a273e231ef4e (patch)
tree18bac6a6b81d29d36999c2ae0f5f58156941671b /Creds.hs
parent5e8092f5ef4e835cce437954c8313079f0df0baa (diff)
S3, Glacier, WebDAV: Fix bug that prevented accessing the creds when the repository was configured with encryption=shared embedcreds=yes.
Since encryption=shared, the encryption key is stored in the git repo, so there is no point at all in encrypting the creds, also stored in the git repo with that key. So `initremote` doesn't. The creds are simply stored base-64 encoded. However, it then tried to always decrypt creds when encryption was used..
Diffstat (limited to 'Creds.hs')
-rw-r--r--Creds.hs16
1 files changed, 10 insertions, 6 deletions
diff --git a/Creds.hs b/Creds.hs
index 7273ed966..73d631ff7 100644
--- a/Creds.hs
+++ b/Creds.hs
@@ -23,7 +23,7 @@ import Annex.Perms
import Utility.FileMode
import Crypto
import Types.Remote (RemoteConfig, RemoteConfigKey)
-import Remote.Helper.Encryptable (remoteCipher, embedCreds)
+import Remote.Helper.Encryptable (remoteCipher, remoteCipher', embedCreds)
import Utility.Env (getEnv)
import qualified Data.ByteString.Lazy.Char8 as L
@@ -85,15 +85,19 @@ getRemoteCredPair c storage = maybe fromcache (return . Just) =<< fromenv
fromcache = maybe fromconfig (return . Just) =<< readCacheCredPair storage
fromconfig = case credPairRemoteKey storage of
Just key -> do
- mcipher <- remoteCipher c
- case (M.lookup key c, mcipher) of
- (Nothing, _) -> return Nothing
- (Just enccreds, Just cipher) -> do
+ mcipher <- remoteCipher' c
+ case (mcipher, M.lookup key c) of
+ (_, Nothing) -> return Nothing
+ (Just (_cipher, SharedCipher {}), Just bcreds) ->
+ -- When using a shared cipher, the
+ -- creds are not stored encrypted.
+ fromcreds $ fromB64 bcreds
+ (Just (cipher, _), Just enccreds) -> do
creds <- liftIO $ decrypt cipher
(feedBytes $ L.pack $ fromB64 enccreds)
(readBytes $ return . L.unpack)
fromcreds creds
- (Just bcreds, Nothing) ->
+ (Nothing, Just bcreds) ->
fromcreds $ fromB64 bcreds
Nothing -> return Nothing
fromcreds creds = case decodeCredPair creds of