On Fri, Jul 18, 2008 at 03:23:17PM +0530, Senthil Kumaran S wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi Arfrever,
>
> Arfrever Frehtes Taifersar Arahesis wrote:
> > Subversion asks for confirmation to store plaintext passwords which have been
> > already stored when the '--username ${USERNAME}' option is used.
> >
> > (Stylesen said on #svn-dev that he will be working on a patch.)
>
> As promised here is a patch attached which solves this problem.
>
> [[[
> Fix unnecessary plaintext password saving prompt when username is supplied
> and password is already cached.
>
> * subversion/libsvn_subr/simple_providers.c
> (svn_auth__simple_first_creds_helper): Start with may_save FALSE, which
> helps in getting the cached results and avoids a plaintext password
> saving prompt when it is not necessary.
>
> Patch by: stylesen
> Found by: arfrever
> ]]]
Senthil,
I've reviewed this change, +1.
Here's a rewritten log message that explains better what problem
we are fixing:
[[[
Fix unnecessary plaintext password saving prompt when the username
is supplied on the command line and the password is already cached.
* subversion/libsvn_subr/simple_providers.c
(svn_auth__simple_first_creds_helper): Start out with may_save = FALSE.
The old code did set creds->may_save to TRUE whenever a username
was supplied on the command line, regardless of whether a password
was already cached or not. This unconditionally triggered the whole
auth caching logic (including the 'may I save your password in
plaintext?' prompt) to be run again, even if a password was already
cached.
Patch by: stylesen
Found by: arfrever
Approved by: stsp
]]]
Please commit if you agree with my log message.
Stefan
- application/pgp-signature attachment: stored
Received on 2008-07-18 15:20:22 CEST