[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [PATCH]: credentials are not saved if username differs from cached version but password does not

From: C. Michael Pilato <cmpilato_at_collab.net>
Date: Thu, 21 Jun 2012 09:32:50 -0400

On 06/20/2012 10:22 PM, kmradke_at_rockwellcollins.com wrote:
> Dmitry Pavlenko <pavlenko_at_tmatesoft.com> wrote on 06/20/2012 11:14:58 AM:
>> simple_providers.c (svn_auth__simple_creds_cache_get): I propose to
>> drop all assignments
>> "need_to_save = FALSE" except the initial one; otherwise assignment
>> to FALSE may override existing
>> TRUE value. This may happen if default_username!=username and
>> default_password==password: in this
>> case need_to_save will be FALSE. Not very popular case, I guess, but anyway.
>>
>> http://colabti.org/irclogger/irclogger_log/svn-dev?date=2012-06-20#l76
>>
>> I also propose there (not covered by the patch)
>> * either not to use 'have_passtype' at all
>> * or always save credentials if have_passtype == FALSE
>>
>> Currently if have_passtype == FALSE (i.e. passsword encryption
>> format has been changed) new
>> credentials are saved only if old username differs from new username
>> (whatever old and new passwords are).
>
> Somehow I've also seen password cache files without a passtype.

My recollection is that "passtype" isn't a required field, and is in fact
only used when storage of passwords has been offloaded to a third-party
keyring such as Gnome Keyring or KDE Wallet. Lack of a passtype field
indicates (again, IIRC) that the password should be stored directly in the
cache file. If, however, you have disabled plaintext password storage in
your runtime configuration, of course Subversion will honor that. The
result is that your password never gets cached.

-- 
C. Michael Pilato <cmpilato_at_collab.net>
CollabNet   <>   www.collab.net   <>   Enterprise Cloud Development

Received on 2012-06-21 15:33:24 CEST

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.