From cc54ff9e49260cd94f938e69e926a273e231ef4e Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Tue, 12 Aug 2014 15:35:29 -0400 Subject: S3, Glacier, WebDAV: Fix bug that prevented accessing the creds when the repository was configured with encryption=shared embedcreds=yes. Since encryption=shared, the encryption key is stored in the git repo, so there is no point at all in encrypting the creds, also stored in the git repo with that key. So `initremote` doesn't. The creds are simply stored base-64 encoded. However, it then tried to always decrypt creds when encryption was used.. --- Creds.hs | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) (limited to 'Creds.hs') diff --git a/Creds.hs b/Creds.hs index 7273ed966..73d631ff7 100644 --- a/Creds.hs +++ b/Creds.hs @@ -23,7 +23,7 @@ import Annex.Perms import Utility.FileMode import Crypto import Types.Remote (RemoteConfig, RemoteConfigKey) -import Remote.Helper.Encryptable (remoteCipher, embedCreds) +import Remote.Helper.Encryptable (remoteCipher, remoteCipher', embedCreds) import Utility.Env (getEnv) import qualified Data.ByteString.Lazy.Char8 as L @@ -85,15 +85,19 @@ getRemoteCredPair c storage = maybe fromcache (return . Just) =<< fromenv fromcache = maybe fromconfig (return . Just) =<< readCacheCredPair storage fromconfig = case credPairRemoteKey storage of Just key -> do - mcipher <- remoteCipher c - case (M.lookup key c, mcipher) of - (Nothing, _) -> return Nothing - (Just enccreds, Just cipher) -> do + mcipher <- remoteCipher' c + case (mcipher, M.lookup key c) of + (_, Nothing) -> return Nothing + (Just (_cipher, SharedCipher {}), Just bcreds) -> + -- When using a shared cipher, the + -- creds are not stored encrypted. + fromcreds $ fromB64 bcreds + (Just (cipher, _), Just enccreds) -> do creds <- liftIO $ decrypt cipher (feedBytes $ L.pack $ fromB64 enccreds) (readBytes $ return . L.unpack) fromcreds creds - (Just bcreds, Nothing) -> + (Nothing, Just bcreds) -> fromcreds $ fromB64 bcreds Nothing -> return Nothing fromcreds creds = case decodeCredPair creds of -- cgit v1.2.3