[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Options for how ra_svn client authenticates

From: mark benedetto king <mbk_at_lowlatency.com>
Date: 2003-10-18 23:15:32 CEST

On Fri, Oct 17, 2003 at 11:27:03PM -0400, Greg Hudson wrote:
> > What if, when the server decides it needs credentials from the client,
> > it sends back a special tuple, for example:
> >
> > (CHALLENGE (CRAM-MD5 DIGEST-MD5 ...))
> >
> > ra_svn is stateful, yes, but AFAIK, the client is always blocked inside
> > svn_ra_svn_read_tuple() when waiting on the server.
>
> I think read_tuple() is too deep of a level to be adding this
> functionality; it would be a little like hooking a major control
> subsystem into strcpy(). If we're going to take this route, I'm

I agree, but the comparison to strcpy is somewhat hyperbolic. Zillions
of lines of code that we do not control depend on the semantics currently
provided by strcpy. That is not the case with read_tuple().

> thinking we should do it by adding a protocol capability which inserts
> authentication challenge points into the protocol at key places (always
> at the top level of control, not the middle of an edit or report). At
> these points, the server can say "go" or "I need credentials with foo
> nature" or "ha, not a chance".

I'm not certain that these places exist. If they do, great.

--ben

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Sat Oct 18 23:16:10 2003

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.