You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@subversion.apache.org by Karl Fogel <kf...@red-bean.com> on 2008/06/10 21:44:57 UTC
Re: svn commit: r31619 - trunk/subversion/libsvn_ra_serf
lgo@tigris.org writes:
> Log:
> ra_serf: fix TSVN crash where the authentication prompt is canceled, and
> another crash when the user provides 3 times an incorrect user/password at
> the prompt.
>
> * subversion/libsvn_ra_serf/auth.c
> (handle_basic_auth): cache the last error, raise it when we tried all
> authorization methods.
> (svn_ra_serf__handle_auth): fix apr_strtok call to use the next header to
> avoind endless looping over the same authz header. Check auth_state to
> decide whether to use svn_auth_first_credentials. A previous call might
> not have set auth_state, eg. when the user canceled the username prompt
> in TortoiseSVN. This avoids a stacktrace in svn_auth_next_credentials.
Comparing the code change with the log message, it looks to me like some
of the log message might be more useful as code comments?
-Karl
> Modified:
> trunk/subversion/libsvn_ra_serf/auth.c
>
> Modified: trunk/subversion/libsvn_ra_serf/auth.c
> URL: http://svn.collab.net/viewvc/svn/trunk/subversion/libsvn_ra_serf/auth.c?pathrev=31619&r1=31618&r2=31619
> ==============================================================================
> --- trunk/subversion/libsvn_ra_serf/auth.c Fri Jun 6 23:35:27 2008 (r31618)
> +++ trunk/subversion/libsvn_ra_serf/auth.c Sat Jun 7 02:03:06 2008 (r31619)
> @@ -141,6 +141,7 @@ svn_ra_serf__handle_auth(int code,
> serf_bucket_t *hdrs;
> const svn_ra_serf__auth_protocol_t *prot;
> char *auth_name, *auth_attr, *auth_hdr, *header, *header_attr;
> + svn_error_t *cached_err;
>
> hdrs = serf_bucket_response_get_headers(response);
> if (code == 401)
> @@ -167,6 +168,8 @@ svn_ra_serf__handle_auth(int code,
> svn_boolean_t proto_found = FALSE;
> auth_name = apr_strtok(header, " ", &auth_attr);
>
> + cached_err = SVN_NO_ERROR;
> +
> /* Find the matching authentication handler.
> Note that we don't reuse the auth protocol stored in the session,
> as that may have changed. (ex. fallback from ntlm to basic.) */
> @@ -205,10 +208,13 @@ svn_ra_serf__handle_auth(int code,
> }
> if (err)
> {
> - /* If authentication fails, just try the next available
> - scheme. */
> - svn_error_clear(err);
> + /* If authentication fails, cache the error for now. Try the
> + next available scheme. If there's none raise the error. */
> proto_found = FALSE;
> + prot = NULL;
> + if (cached_err)
> + svn_error_clear(cached_err);
> + cached_err = err;
> }
>
> break;
> @@ -217,10 +223,13 @@ svn_ra_serf__handle_auth(int code,
> if (proto_found)
> break;
>
> - header = apr_strtok(auth_hdr, ",", &header_attr);
> + /* Try the next Authentication header. */
> + header = apr_strtok(NULL, ",", &header_attr);
> }
>
> - if (prot->auth_name == NULL)
> + SVN_ERR(cached_err);
> +
> + if (!prot || prot->auth_name == NULL)
> {
> /* Support more authentication mechanisms. */
> return svn_error_createf(SVN_ERR_AUTHN_FAILED, NULL,
> @@ -295,7 +304,10 @@ handle_basic_auth(svn_ra_serf__session_t
> session->repos_url.hostname,
> port,
> realm_name);
> + }
>
> + if (!session->auth_state)
> + {
> SVN_ERR(svn_auth_first_credentials(&creds,
> &session->auth_state,
> SVN_AUTH_CRED_SIMPLE,
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: svn-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: svn-help@subversion.tigris.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org