[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [PATCH] Server-side Cyrus SASL support

From: Vlad Georgescu <vgeorgescu_at_gmail.com>
Date: 2006-09-01 22:41:19 CEST

On 8/29/06, Garrett Rooney <rooneg@electricjellyfish.net> wrote:
> On 8/29/06, Vlad Georgescu <vgeorgescu@gmail.com> wrote:
> > Ouch. I don't know if it's related to the crash or not, but I noticed
> > I forgot to do any error-checking when calling sasl_init() in main. So
> > SASL might not have been initialized.
> That could certainly be an issue.

I figured out why your initialization failed. Turns out that once we
added those if statements to the mutex callbacks they could no longer
be used by the server because the server doesn't initialize
sasl_status (The reason it worked for me when testing those changes is
 that I didn't bother to restart the server after recompiling). So I
made sasl_status public (see the log message) and changed svnserve's
sasl_init() to call svn_atomic_init_once().

I also fixed a client-side bug where the value of the 'creds' variable
wasn't checked as early as it should have been (see the second log

Add Cyrus SASL support to svnserve.

* subversion/libsvn_ra_svn/sasl_auth.c:
  (svn_ra_svn__sasl_status): Rename from sasl_status, change all uses and drop
  the 'static' qualifier.

* subversion/libsvn_ra_svn/ra_svn_sasl.h
  (svn_ra_svn__sasl_status): New declaration.

* subversion/include/svn_config.h

* subversion/libsvn_repos/repos.c
  (create_conf): Document the new option.

* subversion/svnserve/sasl_auth.c: New file.

* subversion/svnserve/main.c
  (main): Call sasl_init().

* subversion/svnserve/serve.c:
  (server_baton_t, authn_type, authz_type, get_access): Moved to server.h.
  (simple_auth_request): Contains the code that was prieviously in auth_request.
  (auth_request): Call sasl_auth_request() or simple_auth_request().
  (must_have_access): Consider the value of b->use_sasl when
  determining whether authentication should be performed.
  (find_repos): Read the value of the use-sasl option into b->use_sasl.
  Use that value when determining whether access is allowed to the repository.

* subversion/svnserve/server.h
  (server_baton_t): Moved here from serve.c. Has a new member 'use_sasl'
  (authn_type, authz_type, get_access): Moved here from serve.c.
  (sasl_init, sasl_auth_request): New declarations.

Check that the credentials are valid as early as possible.

* subversion/libsvn_ra_svn/sasl_auth.c:
  (handle_interact): Don't check that the 'creds' variable is non-NULL here.
  (svn_ra_svn__do_auth): Instead do it here, right after the call to


To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

Received on Fri Sep 1 22:43:26 2006

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.