Re: Options for how ra_svn client authenticates

From: mark benedetto king <mbk_at_lowlatency.com>
Date: 2003-10-17 16:14:54 CEST

On Thu, Oct 16, 2003 at 11:02:58PM -0400, Greg Hudson wrote:
>
> This is tough because ra_svn is a stateless protocol. However,
> we can cut down on the toughness with the following
> observations:

I think you meant "stateful". :-)

What if, when the server decides it needs credentials from the client,
it sends back a special tuple, for example:

(CHALLENGE (CRAM-MD5 DIGEST-MD5 ...))

ra_svn is stateful, yes, but AFAIK, the client is always blocked inside
svn_ra_svn_read_tuple() when waiting on the server.

Since we know control will be in svn_ra_svn_read_tuple(), we can
take a peek at the first string of the tuple.

If the first string is CHALLENGE, read_tuple() invokes the new and magical
conn->challenge() callback that gets the creds, and then read_tuple() takes
those results and writes them back to the server. Obviously, svnserve's
conn->challenge would be NULL.

--ben

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Fri Oct 17 16:15:54 2003

This message: [ Message body ]
Next message: Julian Foad: "empty_props_p: behaviour is OK so "###" is not needed?"
Previous message: Ben Collins-Sussman: "Re: svn merge segfaults"
In reply to: Greg Hudson: "Options for how ra_svn client authenticates"
Next in thread: Greg Hudson: "Re: Options for how ra_svn client authenticates"
Reply: Greg Hudson: "Re: Options for how ra_svn client authenticates"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]