You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@subversion.apache.org by SteveKing <st...@gmx.ch> on 2003/05/15 18:34:20 UTC
[patch] ask for username if getting UID fails
Hi,
some users reported problems with authentication
on win98 systems. The reported error was "error getting UID".
See http://subversion.tigris.org/servlets/ReadMsg?list=dev&msgId=246759
for example.
The attached patch fixes this. If the UID can't be obtained then
subversion would no more exit with an error but ask for
the username instead.
Since I don't have Win98 I can't really test if that would
fix the reported problem but I think it's a good idea
anyway to ask for a username instead of erroring out.
Stefan
Re: [patch] ask for username if getting UID fails
Posted by Branko Čibej <br...@xbc.nu>.
Greg Hudson wrote:
>On Thu, 2003-05-15 at 15:57, Branko Čibej wrote:
>
>
>>I have taken a look at your patch, and I think it's wrong. Consider what
>>happens if you can't get the current UID on Unix. Currently, svn errors
>>out -- correctly. On Unix, that's a serious error. With your patch, that
>>error would be hidden.
>>
>>
>
>getuid() will never fail on Unix. So worrying about that case is a dumb
>reason to object to this patch.
>
O.K., wrong example then. It can fail on NT, for various reasons.
>If by some weird offchance it ever does
>happen, there's no reason Subversion should take responsibility for
>reporting it to the user.
>
Why not?
>getpwuid() of the result could fail. That's an error, but not a
>terribly serious one. Again, there's no reason Subversion shouldn't
>fall back to asking for a username in this case; we are a version
>control system, not a system diagnostic tool.
>
>
Again, why not? We report network errors instead of trying to reconnect.
It's not Subversion's job to try to recover from system errors.
--
Brane Čibej <br...@xbc.nu> http://www.xbc.nu/brane/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: [patch] ask for username if getting UID fails
Posted by Greg Hudson <gh...@MIT.EDU>.
On Thu, 2003-05-15 at 15:57, Branko Čibej wrote:
> I have taken a look at your patch, and I think it's wrong. Consider what
> happens if you can't get the current UID on Unix. Currently, svn errors
> out -- correctly. On Unix, that's a serious error. With your patch, that
> error would be hidden.
getuid() will never fail on Unix. So worrying about that case is a dumb
reason to object to this patch. If by some weird offchance it ever does
happen, there's no reason Subversion should take responsibility for
reporting it to the user.
getpwuid() of the result could fail. That's an error, but not a
terribly serious one. Again, there's no reason Subversion shouldn't
fall back to asking for a username in this case; we are a version
control system, not a system diagnostic tool.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: [patch] ask for username if getting UID fails
Posted by Branko Čibej <br...@xbc.nu>.
SteveKing wrote:
>Sure it's a serious error. But not a reason why subversion should error out.
>
Eh? You lost me there.
>Subversion can, even if the UID can't be retreived, just _ask_ for a
>username and proceed. That's what I'm trying to do with the patch.
>
I understand what you're trying to do, and I don't agree. I believe we
should report serious errors. Not being able to get the UID is a serious
error on all the systems I know, _except_ Win9x (when not logged into an
NT domain). So the seriousness of the error is a platform-specific
issue, and should be handled by APR.
>I'm not trying anything with caching or changing anything else about the
>whole authentication. Just make subversion _ask_ for a username if
>it can't get one from the system.
>
No, not "if it can't get one from the sytem"; rather, "if the system
does not provide one". These cases aren't the same. Hence my proposal to
teach APR to detect this case, then change your patch to not report the
error _only_ if APR says the system doesn't have that concept, _not_ if
APR says it can't retrieve the user ID even if the system _does_ have
that concept.
>I know you're trying to explain me something but I just don't get it. I
>still can't see why my patch (or what I'm trying to do with it) is bad.
>
I don't think what you're trying to do is bad, but your change is too
general. It should be narrowed down to just those systems which don't
have the concept of a user ID.
I'll concede that username caching is a separate issue.
--
Brane Čibej <br...@xbc.nu> http://www.xbc.nu/brane/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: [patch] ask for username if getting UID fails
Posted by SteveKing <st...@gmx.ch>.
----- Original Message ----- > >
> I have taken a look at your patch, and I think it's wrong. Consider what
> happens if you can't get the current UID on Unix. Currently, svn errors
> out -- correctly. On Unix, that's a serious error. With your patch, that
> error would be hidden.
Sure it's a serious error. But not a reason why subversion should error out.
Subversion can, even if the UID can't be retreived, just _ask_ for a
username
and proceed. That's what I'm trying to do with the patch.
I'm not trying anything with caching or changing anything else about the
whole authentication. Just make subversion _ask_ for a username if
it can't get one from the system.
I know you're trying to explain me something but I just don't get it. I
still
can't see why my patch (or what I'm trying to do with it) is bad.
> A potentially correct patch would be to fix apr_uid_current to return a
> well-known error code on Win98 if it couldn't get the UID; then this
> code could be conditionalized based on that return code.
That would be necessary if there are multiple occasions where
apr_uid_current()
could break. But right now I can't see _any_ reason which would force
subversion to error out. Whatever makes apr_uid_current() fail won't
prevent subversion to ask for a username instead.
Maybe I'm not clear enough about what I'm trying to do. I'll try to
explain better:
- the user doesn't pass --username
- subversion detects that authentication is necessary
- subversion tries first to get a default username with apr_uid_current()
- apr_uid_current() fails, subversion exits.
--- or
- apr_uid_current() succeeds,
---- now subversion has a username
- subversion asks for a password
- authentication fails (e.g. the default username is wrong)
- subversion _now_ asks for a username, then for a password
now I want to change that to:
- the user doesn't pass --username
- subversion detects that authentication is necessary
- subversion tries first to get a default username with apr_uid_current()
- apr_uid_current() fails, subversion asks for a username
---- now subversion has a username
- proceed as above
I really don't wanna mess around with creds, saving/storing/caching
those or change something else.
It's like "if getting the UID fails, try getting it by asking the user".
Stefan
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: [patch] ask for username if getting UID fails
Posted by Branko Čibej <br...@xbc.nu>.
SteveKing wrote:
>pass --username is a wonderful option. But not all clients implement
>that. You're talking here about the command line client but there
>are other clients too.
>
Other clients pass the username directly to the API. Your patch isn't
going to help them.
>Please have a look at my patch. It's only a few lines long and
>you'll understand better what I'm trying to do here.
>
>
I have taken a look at your patch, and I think it's wrong. Consider what
happens if you can't get the current UID on Unix. Currently, svn errors
out -- correctly. On Unix, that's a serious error. With your patch, that
error would be hidden.
A potentially correct patch would be to fix apr_uid_current to return a
well-known error code on Win98 if it couldn't get the UID; then this
code could be conditionalized based on that return code.
--
Brane Čibej <br...@xbc.nu> http://www.xbc.nu/brane/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: [patch] ask for username if getting UID fails
Posted by SteveKing <st...@gmx.ch>.
----- Original Message -----
From: "Branko Čibej" <br...@xbc.nu>
> Actually, I believe it is, independent of Win98 quirks. If you're logged
> onto your machine as "stefan", but your username on the Subversion
> server is "steve", you'd expect to be able to
>
> svn co http://svn.collab.net/repos/svn/trunk --username=steve
>
> and, from then on, Subversion would send "steve" for all operations that
> are started from that working copy. If the username isn't cached, you'll
> have to keep passing the --username flag.
My patch won't break this. But for those cases were anonymous
login isn't possible and the user doesn't give the --username flag
on win98, subversion errors out instead of just asking for
a username (like on every other system).
Even if (like on every other system) subversion is able to
get the UID (login name of the user) it will behave as always.
My patch is _only_ for the case where it's not possible
to obtain the UID.
> If usernames were cached, you'd just have to pass --username to svn
> once, and that would end your problems. I think that's a better and more
> general solution than having svn start asking for usernames in addition
> to passwords.
pass --username is a wonderful option. But not all clients implement
that. You're talking here about the command line client but there
are other clients too.
Please have a look at my patch. It's only a few lines long and
you'll understand better what I'm trying to do here.
Stefan
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: [patch] ask for username if getting UID fails
Posted by SteveKing <st...@gmx.ch>.
----- Original Message -----
From: "Branko Čibej" <br...@xbc.nu>
> >>What do people think? Should we cache usernames with passwords? The
> >>cache should be updated whenever the --username option is passed on the
> >>command line, of course.
> >
> >I think it makes a lot of sense (in fact, I thought we were doing it!)
> >
> So did I, and I'm confused by Steve's assertion that we don't.
>
Now I'm confused. I never said that subversion doesn't. Did I?
Stefan
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: [patch] ask for username if getting UID fails
Posted by Ben Collins-Sussman <su...@collab.net>.
Branko Čibej <br...@xbc.nu> writes:
> >>What do people think? Should we cache usernames with passwords? The
> >>cache should be updated whenever the --username option is passed on the
> >>command line, of course.
> >>
> >>
> >
> >I think it makes a lot of sense (in fact, I thought we were doing it!)
> >
> >
> So did I, and I'm confused by Steve's assertion that we don't.
Allow me to clarify:
At the moment, if you pass --username or --password on the
commandline, the svn_client_ctx parameter merely remembers them *in
case* an authentication challenge happens. If the server never issues
a challenge, then those values are lost forever when the client exits.
They aren't saved (cached) to disk by any auth provider.
If a challenge *does* happen, the values are used, and some provider's
save_creds() function ends up saving them to disk.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: [patch] ask for username if getting UID fails
Posted by Branko Čibej <br...@xbc.nu>.
kfogel@collab.net wrote:
>Branko Čibej <br...@xbc.nu> writes:
>
>
>>If usernames were cached, you'd just have to pass --username to svn
>>once, and that would end your problems. I think that's a better and more
>>general solution than having svn start asking for usernames in addition
>>to passwords.
>>
>>What do people think? Should we cache usernames with passwords? The
>>cache should be updated whenever the --username option is passed on the
>>command line, of course.
>>
>>
>
>I think it makes a lot of sense (in fact, I thought we were doing it!)
>
>
So did I, and I'm confused by Steve's assertion that we don't.
--
Brane Čibej <br...@xbc.nu> http://www.xbc.nu/brane/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: [patch] ask for username if getting UID fails
Posted by cm...@collab.net.
kfogel@collab.net writes:
> Branko Čibej <br...@xbc.nu> writes:
> > If usernames were cached, you'd just have to pass --username to svn
> > once, and that would end your problems. I think that's a better and more
> > general solution than having svn start asking for usernames in addition
> > to passwords.
> >
> > What do people think? Should we cache usernames with passwords? The
> > cache should be updated whenever the --username option is passed on the
> > command line, of course.
>
> I think it makes a lot of sense (in fact, I thought we were doing it!)
Long ago, Ben and I had the following exchange:
CMP> Then I thought, what if each provider's "save" function accepted a
CMP> flag that dictated the amount of data to save:
CMP>
CMP> 'none' - store no creds (but the system would call the function
CMP> anyway in case the provider needs to do some kind of cleanup or
CMP> admin task).
CMP>
CMP> 'username' - store a username only.
CMP>
CMP> 'all' - store all the creds.
CMP>
CMP> Then, we would change the config option to "auth-cache-type" (and the
CMP> valid values would be 'none', 'username', or 'all', defaulting to
CMP> 'username') and then change the command-line argument to
CMP> "--auth-cache-type" with the same three valid values.
BCS> +1 on this idea, provided it's not a flag to every single save_creds()
BCS> implementation. Instead, it should be a simple runtime parameter in
BCS> the auth_baton hash. It can either be specific to the wc provider, or
BCS> global to all providers that might want to care.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: [patch] ask for username if getting UID fails
Posted by kf...@collab.net.
Branko Čibej <br...@xbc.nu> writes:
> If usernames were cached, you'd just have to pass --username to svn
> once, and that would end your problems. I think that's a better and more
> general solution than having svn start asking for usernames in addition
> to passwords.
>
> What do people think? Should we cache usernames with passwords? The
> cache should be updated whenever the --username option is passed on the
> command line, of course.
I think it makes a lot of sense (in fact, I thought we were doing it!)
-K
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: [patch] ask for username if getting UID fails
Posted by Branko Čibej <br...@xbc.nu>.
SteveKing wrote:
>----- Original Message -----
>From: "Branko Čibej" <br...@xbc.nu>
>
>
>>Doesn't that mean svn on Win98 will ask for a username on every
>>operation that requires authentication? We don't cache the usernames any
>>more. Or do we? Anyone?
>>
>>
>
>The username isn't cached. But that's not the problem.
>
Actually, I believe it is, independent of Win98 quirks. If you're logged
onto your machine as "stefan", but your username on the Subversion
server is "steve", you'd expect to be able to
svn co http://svn.collab.net/repos/svn/trunk --username=steve
and, from then on, Subversion would send "steve" for all operations that
are started from that working copy. If the username isn't cached, you'll
have to keep passing the --username flag.
> If subversion
>doesn't have a username it tries to get one from the OS (the User ID).
>And if that fails it just exits with an error instead of then asking
>for a username.
>
>
If usernames were cached, you'd just have to pass --username to svn
once, and that would end your problems. I think that's a better and more
general solution than having svn start asking for usernames in addition
to passwords.
What do people think? Should we cache usernames with passwords? The
cache should be updated whenever the --username option is passed on the
command line, of course.
--
Brane Čibej <br...@xbc.nu> http://www.xbc.nu/brane/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: [patch] ask for username if getting UID fails
Posted by SteveKing <st...@gmx.ch>.
----- Original Message -----
From: "Branko Čibej" <br...@xbc.nu>
> Doesn't that mean svn on Win98 will ask for a username on every
> operation that requires authentication? We don't cache the usernames any
> more. Or do we? Anyone?
The username isn't cached. But that's not the problem. If subversion
doesn't have a username it tries to get one from the OS (the User ID).
And if that fails it just exits with an error instead of then asking
for a username.
Stefan
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: [patch] ask for username if getting UID fails
Posted by Branko Čibej <br...@xbc.nu>.
SteveKing wrote:
> Hi,
>
> some users reported problems with authentication
> on win98 systems. The reported error was "error getting UID".
> See
> http://subversion.tigris.org/servlets/ReadMsg?list=dev&msgId=246759
> <http://subversion.tigris.org/servlets/ReadMsg?list=dev&msgId=246759>
> for example.
>
> The attached patch fixes this. If the UID can't be obtained then
> subversion would no more exit with an error but ask for
> the username instead.
> Since I don't have Win98 I can't really test if that would
> fix the reported problem but I think it's a good idea
> anyway to ask for a username instead of erroring out.
Doesn't that mean svn on Win98 will ask for a username on every
operation that requires authentication? We don't cache the usernames any
more. Or do we? Anyone?
--
Brane Čibej <br...@xbc.nu> http://www.xbc.nu/brane/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org