[PATCH] Fix implementation of auth mechs selection in svnserve

From: David Anderson <david.anderson_at_calixo.net>
Date: 2005-07-25 03:30:31 CEST

While reading through the source code of svnserve, I came across what I
believe to be an implementation omission.

send_mechs (), ad subversion/svnserve/serve.c:126 has a parameter
needs_username, documented in the preceding docstring. Looking at the
rest of the code, it is used to force svnserve to require authentication
(rather than allow anonymous access if sufficient) when locks come into
play, either during commit or during the lock operation itself.

However, needs_username is not used at all in the implementation of
send_mechs (), which opens the door to strange failures if locks are
used with anonymous write access (granted, a rare enough case).

The attached (trivial) patch fixes this by actually using needs_username :-)

- Dave.

[[[
Fix an implementation bug in svnserve that could cause failures with
locks and svnserve if anonymous write access to the repository is
granted.

* subversion/svnserve/serve.c
(send_mechs): Use the needs_username parameter to force a
non-anonymous authentication mechanism if required.
]]]

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

text/x-patch attachment: svnserve_auth_mechs_and_locks_bug.patch

Received on Mon Jul 25 03:31:29 2005

This message: [ Message body ]
Next message: Mark Phippard: "Re: [PATCH] Issue 1628"
Previous message: David James: "Re: [PROPOSAL] Safe Memory Management for the Python/SWIG bindings"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]