Daniel Sahlberg wrote on Sat, 15 Aug 2020 11:28 +0200:
> Den fre 14 aug. 2020 23:44Daniel Shahaf <d.s_at_daniel.shahaf.name> skrev:
>
> > Daniel Sahlberg wrote on Fri, 14 Aug 2020 23:01 +0200:
> > > Den fre 7 aug. 2020 kl 11:34 skrev Daniel Shahaf <d.s_at_daniel.shahaf.name
> > >:
> > >
> > > > It successfully adds a password to the storage, in the sense that
> > > > after running it, a subsequent `svn auth --show-passwords` shows the
> > > > password. Still, a subsequent `svn info` doesn't use the password.
> > > > Why? By source inspection, SVN_DISABLE_PLAINTEXT_PASSWORD_STORAGE
> > > > affects svn_auth__simple_creds_cache_set() but not
> > > > svn_auth__simple_creds_cache_get(),
> > > > so why doesn't the latter use the password?
> > > >
> > >
> > > It seems you also need to set passtype = simple for
> > > svn_auth__simple_creds_cache_get() to accept the password.
> > >
> >
> > Good catch.
> >
> > > Updated script, I changed to use /usr/bin/env to find zsh
> > > and explicitly set LANG to make sure svn auth return the expected
> > > text (normally I'm running sv_SE.UTF-8).
> >
> > Another good catch. Further improvements: it should set LC_ALL rather
> > than LANG, and the setting can be pushed into the $(…) subshell.
> > Furthermore, since this doesn't even try to be a POSIX script, the
> > «autoload -Uz _comp_locale; … $(_comp_locale; …)» idiom is also available.
> >
>
> That was way above my shell script comfort zone..
For completeness, I'm attaching the script again with that (trivial)
change made.
FWIW, I wouldn't usually have used zsh for code to be posted to this
list, since that language is spoken by few people here and isn't always
self-explanatory. That's one reason I described this script as
a "prototype". It should be easy to port this script to any other
language; what it does is:
1. Run `svn auth` with "LC_ALL=C" in the environment.
2. Split the output on empty lines ("\n\n"). This produces an array.
3. Remove the last element of the array (by pattern matching, but that's
the effect).
4. Prompt the user to choose an element of the array. This selects
a specific authn realm.
5. Prompt the user for the corresponding password.
6. Compute the md5 of the realm string, without a trailing newline.
7. Insert two key-value pairs to the serialized hash [see
svn_hash_write2()] in ~/.subversion/auth/ for the realm in question.
That uses ed(1) because the file format has a fixed trailer string.
This design means the script is only able to cache passwords for realms
for which a username is already cached.
Cheers,
Daniel
[[[
#!/usr/bin/env -S zsh -f
# Prompt for a realm and a password, then cache that password for that realm, in plaintext.
PS3="Enter the number of the selected option: "
creds=( "${(ps.\n\n.)"$(LC_ALL=C svn auth)"}" )
creds=( ${(M)creds:#-*} )
select m in $creds
do
realm=${(M)${(f)m}:#Authentication realm: *}
realm=${realm#*: }
IFS= read -s -r pw"?Password: "
md5=${"$(printf %s "$realm" | openssl md5)"##*= }
print -rC1 \
\$ i \
"K 8" passtype "V 6" simple \
"K 8" password "V ${#pw}" "$pw" \
"." \
"w" \
"q" \
| ed -s ~/.subversion/auth/svn.simple/$md5
echo edited $_
break
done
]]]
Received on 2020-08-16 15:16:45 CEST