[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Subversion sometimes needlessly asks for confirmation to store already stored plaintext passwords

From: Daniel Shahaf <d.s_at_daniel.shahaf.name>
Date: Fri, 18 Jul 2008 17:20:59 +0300 (Jerusalem Daylight Time)

Stefan Sperling wrote on Fri, 18 Jul 2008 at 15:20 +0200:
> On Fri, Jul 18, 2008 at 03:23:17PM +0530, Senthil Kumaran S wrote:
> > Arfrever Frehtes Taifersar Arahesis wrote:
> > > Subversion asks for confirmation to store plaintext passwords which have been
> > > already stored when the '--username ${USERNAME}' option is used.
> > >
> > > (Stylesen said on #svn-dev that he will be working on a patch.)
> >
> > As promised here is a patch attached which solves this problem.
> >
> > [[[
> > Fix unnecessary plaintext password saving prompt when username is supplied
> > and password is already cached.
> >
> > * subversion/libsvn_subr/simple_providers.c
> > (svn_auth__simple_first_creds_helper): Start with may_save FALSE, which
> > helps in getting the cached results and avoids a plaintext password
> > saving prompt when it is not necessary.
> >
> > Patch by: stylesen
> > Found by: arfrever
> > ]]]
>
> Senthil,
>
> I've reviewed this change, +1.
>
> Here's a rewritten log message that explains better what problem
> we are fixing:
>
> [[[
> Fix unnecessary plaintext password saving prompt when the username
> is supplied on the command line and the password is already cached.
>
> * subversion/libsvn_subr/simple_providers.c
> (svn_auth__simple_first_creds_helper): Start out with may_save = FALSE.
> The old code did set creds->may_save to TRUE whenever a username
> was supplied on the command line, regardless of whether a password
> was already cached or not. This unconditionally triggered the whole
> auth caching logic (including the 'may I save your password in
> plaintext?' prompt) to be run again, even if a password was already
> cached.
>
> Patch by: stylesen
> Found by: arfrever
> Approved by: stsp
> ]]]
>
> Please commit if you agree with my log message.
>

After this patch, svn_auth__simple_first_creds_helper() will never set
'may_save' to TRUE except when the auth cache exists and is of a older
format that contains a password but not a passtype:

                  /* If the auth data didn't contain a password type,
                     force a write to upgrade the format of the auth
                     data file. */
                  if (password && passtype && !have_passtype)
                    may_save = TRUE;

Don't we need to set may_save to 'TRUE' in some cases as well?

Daniel
(who didn't reply in the morning, because he thinks he's missing
something obvious, again)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: dev-help_at_subversion.tigris.org
Received on 2008-07-18 16:21:17 CEST

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.