[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: auth cache (was: svn commit: rev 5006 ...)

From: Ben Collins-Sussman <sussman_at_collab.net>
Date: 2003-02-24 17:26:34 CET

Philip Martin <philip@codematters.co.uk> writes:

> I'm looking at the interface in svn_auth.h and I don't understand why
> svn_auth_first_credentials and svn_auth_next_credentials don't take an
> some sort of context/realm parameter, something that will identify the
> URL for which credentials are required.
>
> Does the current system ask for credentials without any reference to
> the URL? Is this information supposed to be transferred through the
> run-time hash?

The auth_baton's 'runtime parameter' hash isn't heavily used yet. No
auth provider is looking for a URL at runtime.

  wc-provider: looks for a wc-dir/access-baton in the hash
  all providers: look for --username, --password, --non-interactive,
                  --no-auth-cache in the hash.

I'm guessing that someday, the client-certs provider will look for
some kind of specific server-challenge data in the hash.

Furthermore, someday the wc-provider will instead become a
~./subversion/ provider, and data *will* be keyed off of UUID.

> It's not just a problem in the security case above, or for
> TortoiseSVN, it seems to be more fundamental. Consider external
> modules. At present I get prompted for a password on initial
> checkout, as a user I can reasonably guess that I need to supply one
> to match the top level URL I supplied. What then happens if there are
> multiple external modules from other repositories? I get further
> prompts for passwords and I appear to have no way to determine the URL
> for which I have to provide credentials.

Ouch! Good point! At a minimum, our prompt provider needs to know
the exact URL which is issuing the challenge, and tell the user. Wow.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Mon Feb 24 15:27:35 2003

This is an archived mail posted to the Subversion Dev mailing list.