RE: [PATCH]: credentials are not saved if username differs from cached version but password does not

[Bert Huijben <be...@qqmail.nl>]

> -----Original Message-----
> From: Dmitry Pavlenko [mailto:pavlenko@tmatesoft.com]
> Sent: woensdag 20 juni 2012 18:15
> To: dev@subversion.apache.org
> Subject: [PATCH]: credentials are not saved if username differs from
cached
> version but password does not
> 
> simple_providers.c (svn_auth__simple_creds_cache_get): I propose to drop
> all assignments
> "need_to_save = FALSE" except the initial one; otherwise assignment to
> FALSE may override existing
> TRUE value. This may happen if default_username!=username and
> default_password==password: in this
> case need_to_save will be FALSE. Not very popular case, I guess, but
> anyway.
> 
> http://colabti.org/irclogger/irclogger_log/svn-dev?date=2012-06-20#l76
> 
> I also propose there (not covered by the patch)
>  * either not to use 'have_passtype' at all
>  * or always save credentials if have_passtype == FALSE
> 
> Currently if have_passtype == FALSE (i.e. passsword encryption format has
> been changed) new
> credentials are saved only if old username differs from new username
> (whatever old and new passwords
> are).
> 
> What do you think?
> 
> [[[
> Fix potential situation in which credentials are not saved to cache.
> 
> If cached username and new username differ but passwords are the same,
> 'need_to_save' flag
> will be overwritten to FALSE, and new credentials fill not be saved.
> 
> * subversion/libsvn_subr/simple_providers.c
> (svn_auth__simple_creds_cache_get): drop "need_to_save = FALSE"
> assignments.
> ]]]

Patch applied in r1361123.

Thanks for pinging on irc.

	Bert