[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

[PATCH]: credentials are not saved if username differs from cached version but password does not

From: Dmitry Pavlenko <pavlenko_at_tmatesoft.com>
Date: Wed, 20 Jun 2012 18:14:58 +0200

simple_providers.c (svn_auth__simple_creds_cache_get): I propose to drop all assignments
"need_to_save = FALSE" except the initial one; otherwise assignment to FALSE may override existing
TRUE value. This may happen if default_username!=username and default_password==password: in this
case need_to_save will be FALSE. Not very popular case, I guess, but anyway.

http://colabti.org/irclogger/irclogger_log/svn-dev?date=2012-06-20#l76

I also propose there (not covered by the patch)
 * either not to use 'have_passtype' at all
 * or always save credentials if have_passtype == FALSE

Currently if have_passtype == FALSE (i.e. passsword encryption format has been changed) new
credentials are saved only if old username differs from new username (whatever old and new passwords
are).

What do you think?

[[[
Fix potential situation in which credentials are not saved to cache.

If cached username and new username differ but passwords are the same, 'need_to_save' flag
will be overwritten to FALSE, and new credentials fill not be saved.

* subversion/libsvn_subr/simple_providers.c
(svn_auth__simple_creds_cache_get): drop "need_to_save = FALSE" assignments.
]]]
[[[
Index: subversion/libsvn_subr/simple_providers.c
===================================================================
--- subversion/libsvn_subr/simple_providers.c (revision 1352172)
+++ subversion/libsvn_subr/simple_providers.c (working copy)
@@ -202,9 +202,7 @@ svn_auth__simple_creds_cache_get(void **credential
             }
           else
             {
- if (0 == strcmp(default_username, username))
- need_to_save = FALSE;
- else
+ if (0 != strcmp(default_username, username))
                 need_to_save = TRUE;
             }
         }
@@ -226,9 +224,7 @@ svn_auth__simple_creds_cache_get(void **credential
                 }
               else
                 {
- if (0 == strcmp(default_password, password))
- need_to_save = FALSE;
- else
+ if (0 != strcmp(default_password, password))
                     need_to_save = TRUE;
                 }
             }
]]]
Received on 2012-06-20 18:16:34 CEST

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.