subversion-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From br...@apache.org
Subject svn commit: r1423955 - in /subversion/trunk/subversion: libsvn_subr/opt.c svn/help-cmd.c
Date Wed, 19 Dec 2012 17:05:16 GMT
Author: brane
Date: Wed Dec 19 17:05:16 2012
New Revision: 1423955

URL: http://svn.apache.org/viewvc?rev=1423955&view=rev
Log:
Make "svn --version"'s warning about enabled plaintext passwords depend on
configuration file settings, not just compile-time options.

* subversion/libsvn_subr/opt.c (svn_opt__print_version_info): Remove the code
   that emitted the warning about enabled plaintext password storage.
* subversion/svn/help-cmd.c (svn_cl__help): Depending on configuration
   settings and compile-time options, prepend the warning to the version
   footer when calling svn_opt_print_help4.

Modified:
    subversion/trunk/subversion/libsvn_subr/opt.c
    subversion/trunk/subversion/svn/help-cmd.c

Modified: subversion/trunk/subversion/libsvn_subr/opt.c
URL: http://svn.apache.org/viewvc/subversion/trunk/subversion/libsvn_subr/opt.c?rev=1423955&r1=1423954&r2=1423955&view=diff
==============================================================================
--- subversion/trunk/subversion/libsvn_subr/opt.c (original)
+++ subversion/trunk/subversion/libsvn_subr/opt.c Wed Dec 19 17:05:16 2012
@@ -1121,17 +1121,6 @@ svn_opt__print_version_info(const char *
                              svn_version_ext_build_host(info)));
   SVN_ERR(svn_cmdline_printf(pool, "%s\n", svn_version_ext_copyright(info)));
 
-#if !defined(SVN_DISABLE_PLAINTEXT_PASSWORD_STORAGE) && !defined(WIN32)
-  /* FIXME: Checking this config variable is the wrong thing to do,
-            since it apparently means that the simple auth provider is
-            disabled, not that plaintext password storage is disabled.
-            So in either the configure option is misnamed, or its
-            implementation is too simplistic. */
-  SVN_ERR(svn_cmdline_fputs(
-              _("WARNING: Plaintext password storage is enabled!\n\n"),
-              stdout, pool));
-#endif /* SVN_DISABLE_PLAINTEXT_PASSWORD_STORAGE && !WIN32 */
-
   if (footer)
     {
       SVN_ERR(svn_cmdline_printf(pool, "%s\n", footer));

Modified: subversion/trunk/subversion/svn/help-cmd.c
URL: http://svn.apache.org/viewvc/subversion/trunk/subversion/svn/help-cmd.c?rev=1423955&r1=1423954&r2=1423955&view=diff
==============================================================================
--- subversion/trunk/subversion/svn/help-cmd.c (original)
+++ subversion/trunk/subversion/svn/help-cmd.c Wed Dec 19 17:05:16 2012
@@ -28,6 +28,7 @@
 /*** Includes. ***/
 
 #include "svn_string.h"
+#include "svn_config.h"
 #include "svn_error.h"
 #include "svn_version.h"
 #include "cl.h"
@@ -43,7 +44,8 @@ svn_cl__help(apr_getopt_t *os,
              void *baton,
              apr_pool_t *pool)
 {
-  svn_cl__opt_state_t *opt_state;
+  svn_cl__opt_state_t *opt_state = NULL;
+  svn_stringbuf_t *version_footer = NULL;
 
   /* xgettext: the %s is for SVN_VER_NUMBER. */
   char help_header_template[] =
@@ -69,14 +71,73 @@ svn_cl__help(apr_getopt_t *os,
   const char *ra_desc_start
     = _("The following repository access (RA) modules are available:\n\n");
 
-  svn_stringbuf_t *version_footer;
-
   if (baton)
-    opt_state = ((svn_cl__cmd_baton_t *) baton)->opt_state;
-  else
-    opt_state = NULL;
+    {
+      svn_cl__cmd_baton_t *const cmd_baton = baton;
+      opt_state = cmd_baton->opt_state;
+
+#ifndef SVN_DISABLE_PLAINTEXT_PASSWORD_STORAGE
+      /* Windows never actually stores plaintext passwords, it
+         encrypts the contents using CryptoAPI. ...
+
+         ... If CryptoAPI is available ... but it should be on all
+         versions of Windows that are even remotely interesting two
+         days before the scheduled end of the world, when this comment
+         is being written. */
+#  ifndef WIN32
+
+      svn_boolean_t store_auth_creds =
+        SVN_CONFIG_DEFAULT_OPTION_STORE_AUTH_CREDS;
+      svn_boolean_t store_passwords =
+        SVN_CONFIG_DEFAULT_OPTION_STORE_PASSWORDS;
+      svn_boolean_t store_plaintext_passwords = FALSE;
+      svn_config_t *cfg;
+
+      if (cmd_baton->ctx->config)
+        {
+          cfg = apr_hash_get(cmd_baton->ctx->config,
+                             SVN_CONFIG_CATEGORY_CONFIG,
+                             APR_HASH_KEY_STRING);
+          if (cfg)
+            {
+              SVN_ERR(svn_config_get_bool(cfg, &store_auth_creds,
+                                          SVN_CONFIG_SECTION_AUTH,
+                                          SVN_CONFIG_OPTION_STORE_AUTH_CREDS,
+                                          store_auth_creds));
+              SVN_ERR(svn_config_get_bool(cfg, &store_passwords,
+                                          SVN_CONFIG_SECTION_AUTH,
+                                          SVN_CONFIG_OPTION_STORE_PASSWORDS,
+                                          store_passwords));
+            }
+          cfg = apr_hash_get(cmd_baton->ctx->config,
+                             SVN_CONFIG_CATEGORY_SERVERS,
+                             APR_HASH_KEY_STRING);
+          if (cfg)
+            {
+              const char *value;
+              SVN_ERR(svn_config_get_yes_no_ask
+                      (cfg, &value,
+                       SVN_CONFIG_SECTION_GLOBAL,
+                       SVN_CONFIG_OPTION_STORE_PLAINTEXT_PASSWORDS,
+                       SVN_CONFIG_DEFAULT_OPTION_STORE_PLAINTEXT_PASSWORDS));
+              if (0 == svn_cstring_casecmp(value, SVN_CONFIG_TRUE))
+                store_plaintext_passwords = TRUE;
+            }
+        }
+
+      if (store_plaintext_passwords && store_auth_creds && store_passwords)
+        {
+          version_footer = svn_stringbuf_create(
+              _("WARNING: Plaintext password storage is enabled!\n\n"),
+              pool);
+          svn_stringbuf_appendcstr(version_footer, ra_desc_start);
+        }
+#  endif /* !WIN32 */
+#endif /* !SVN_DISABLE_PLAINTEXT_PASSWORD_STORAGE */
+    }
 
-  version_footer = svn_stringbuf_create(ra_desc_start, pool);
+  if (!version_footer)
+    version_footer = svn_stringbuf_create(ra_desc_start, pool);
   SVN_ERR(svn_ra_print_modules(version_footer, pool));
 
   return svn_opt_print_help4(os,



Mime
View raw message