[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

[PATCH] Fix implementation of auth mechs selection in svnserve

From: David Anderson <david.anderson_at_calixo.net>
Date: 2005-07-25 03:30:31 CEST

While reading through the source code of svnserve, I came across what I
believe to be an implementation omission.

send_mechs (), ad subversion/svnserve/serve.c:126 has a parameter
needs_username, documented in the preceding docstring. Looking at the
rest of the code, it is used to force svnserve to require authentication
(rather than allow anonymous access if sufficient) when locks come into
play, either during commit or during the lock operation itself.

However, needs_username is not used at all in the implementation of
send_mechs (), which opens the door to strange failures if locks are
used with anonymous write access (granted, a rare enough case).

The attached (trivial) patch fixes this by actually using needs_username :-)

- Dave.

[[[
Fix an implementation bug in svnserve that could cause failures with
locks and svnserve if anonymous write access to the repository is
granted.

* subversion/svnserve/serve.c
   (send_mechs): Use the needs_username parameter to force a
     non-anonymous authentication mechanism if required.
]]]

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

Received on Mon Jul 25 03:31:29 2005

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.