Return-Path: X-Original-To: apmail-subversion-commits-archive@minotaur.apache.org Delivered-To: apmail-subversion-commits-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id C2942E865 for ; Wed, 19 Dec 2012 17:05:40 +0000 (UTC) Received: (qmail 76408 invoked by uid 500); 19 Dec 2012 17:05:40 -0000 Delivered-To: apmail-subversion-commits-archive@subversion.apache.org Received: (qmail 76352 invoked by uid 500); 19 Dec 2012 17:05:40 -0000 Mailing-List: contact commits-help@subversion.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@subversion.apache.org Delivered-To: mailing list commits@subversion.apache.org Received: (qmail 76344 invoked by uid 99); 19 Dec 2012 17:05:40 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 19 Dec 2012 17:05:40 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 19 Dec 2012 17:05:37 +0000 Received: from eris.apache.org (localhost [127.0.0.1]) by eris.apache.org (Postfix) with ESMTP id 7E17023889D7; Wed, 19 Dec 2012 17:05:16 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1423955 - in /subversion/trunk/subversion: libsvn_subr/opt.c svn/help-cmd.c Date: Wed, 19 Dec 2012 17:05:16 -0000 To: commits@subversion.apache.org From: brane@apache.org X-Mailer: svnmailer-1.0.8-patched Message-Id: <20121219170516.7E17023889D7@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: brane Date: Wed Dec 19 17:05:16 2012 New Revision: 1423955 URL: http://svn.apache.org/viewvc?rev=1423955&view=rev Log: Make "svn --version"'s warning about enabled plaintext passwords depend on configuration file settings, not just compile-time options. * subversion/libsvn_subr/opt.c (svn_opt__print_version_info): Remove the code that emitted the warning about enabled plaintext password storage. * subversion/svn/help-cmd.c (svn_cl__help): Depending on configuration settings and compile-time options, prepend the warning to the version footer when calling svn_opt_print_help4. Modified: subversion/trunk/subversion/libsvn_subr/opt.c subversion/trunk/subversion/svn/help-cmd.c Modified: subversion/trunk/subversion/libsvn_subr/opt.c URL: http://svn.apache.org/viewvc/subversion/trunk/subversion/libsvn_subr/opt.c?rev=1423955&r1=1423954&r2=1423955&view=diff ============================================================================== --- subversion/trunk/subversion/libsvn_subr/opt.c (original) +++ subversion/trunk/subversion/libsvn_subr/opt.c Wed Dec 19 17:05:16 2012 @@ -1121,17 +1121,6 @@ svn_opt__print_version_info(const char * svn_version_ext_build_host(info))); SVN_ERR(svn_cmdline_printf(pool, "%s\n", svn_version_ext_copyright(info))); -#if !defined(SVN_DISABLE_PLAINTEXT_PASSWORD_STORAGE) && !defined(WIN32) - /* FIXME: Checking this config variable is the wrong thing to do, - since it apparently means that the simple auth provider is - disabled, not that plaintext password storage is disabled. - So in either the configure option is misnamed, or its - implementation is too simplistic. */ - SVN_ERR(svn_cmdline_fputs( - _("WARNING: Plaintext password storage is enabled!\n\n"), - stdout, pool)); -#endif /* SVN_DISABLE_PLAINTEXT_PASSWORD_STORAGE && !WIN32 */ - if (footer) { SVN_ERR(svn_cmdline_printf(pool, "%s\n", footer)); Modified: subversion/trunk/subversion/svn/help-cmd.c URL: http://svn.apache.org/viewvc/subversion/trunk/subversion/svn/help-cmd.c?rev=1423955&r1=1423954&r2=1423955&view=diff ============================================================================== --- subversion/trunk/subversion/svn/help-cmd.c (original) +++ subversion/trunk/subversion/svn/help-cmd.c Wed Dec 19 17:05:16 2012 @@ -28,6 +28,7 @@ /*** Includes. ***/ #include "svn_string.h" +#include "svn_config.h" #include "svn_error.h" #include "svn_version.h" #include "cl.h" @@ -43,7 +44,8 @@ svn_cl__help(apr_getopt_t *os, void *baton, apr_pool_t *pool) { - svn_cl__opt_state_t *opt_state; + svn_cl__opt_state_t *opt_state = NULL; + svn_stringbuf_t *version_footer = NULL; /* xgettext: the %s is for SVN_VER_NUMBER. */ char help_header_template[] = @@ -69,14 +71,73 @@ svn_cl__help(apr_getopt_t *os, const char *ra_desc_start = _("The following repository access (RA) modules are available:\n\n"); - svn_stringbuf_t *version_footer; - if (baton) - opt_state = ((svn_cl__cmd_baton_t *) baton)->opt_state; - else - opt_state = NULL; + { + svn_cl__cmd_baton_t *const cmd_baton = baton; + opt_state = cmd_baton->opt_state; + +#ifndef SVN_DISABLE_PLAINTEXT_PASSWORD_STORAGE + /* Windows never actually stores plaintext passwords, it + encrypts the contents using CryptoAPI. ... + + ... If CryptoAPI is available ... but it should be on all + versions of Windows that are even remotely interesting two + days before the scheduled end of the world, when this comment + is being written. */ +# ifndef WIN32 + + svn_boolean_t store_auth_creds = + SVN_CONFIG_DEFAULT_OPTION_STORE_AUTH_CREDS; + svn_boolean_t store_passwords = + SVN_CONFIG_DEFAULT_OPTION_STORE_PASSWORDS; + svn_boolean_t store_plaintext_passwords = FALSE; + svn_config_t *cfg; + + if (cmd_baton->ctx->config) + { + cfg = apr_hash_get(cmd_baton->ctx->config, + SVN_CONFIG_CATEGORY_CONFIG, + APR_HASH_KEY_STRING); + if (cfg) + { + SVN_ERR(svn_config_get_bool(cfg, &store_auth_creds, + SVN_CONFIG_SECTION_AUTH, + SVN_CONFIG_OPTION_STORE_AUTH_CREDS, + store_auth_creds)); + SVN_ERR(svn_config_get_bool(cfg, &store_passwords, + SVN_CONFIG_SECTION_AUTH, + SVN_CONFIG_OPTION_STORE_PASSWORDS, + store_passwords)); + } + cfg = apr_hash_get(cmd_baton->ctx->config, + SVN_CONFIG_CATEGORY_SERVERS, + APR_HASH_KEY_STRING); + if (cfg) + { + const char *value; + SVN_ERR(svn_config_get_yes_no_ask + (cfg, &value, + SVN_CONFIG_SECTION_GLOBAL, + SVN_CONFIG_OPTION_STORE_PLAINTEXT_PASSWORDS, + SVN_CONFIG_DEFAULT_OPTION_STORE_PLAINTEXT_PASSWORDS)); + if (0 == svn_cstring_casecmp(value, SVN_CONFIG_TRUE)) + store_plaintext_passwords = TRUE; + } + } + + if (store_plaintext_passwords && store_auth_creds && store_passwords) + { + version_footer = svn_stringbuf_create( + _("WARNING: Plaintext password storage is enabled!\n\n"), + pool); + svn_stringbuf_appendcstr(version_footer, ra_desc_start); + } +# endif /* !WIN32 */ +#endif /* !SVN_DISABLE_PLAINTEXT_PASSWORD_STORAGE */ + } - version_footer = svn_stringbuf_create(ra_desc_start, pool); + if (!version_footer) + version_footer = svn_stringbuf_create(ra_desc_start, pool); SVN_ERR(svn_ra_print_modules(version_footer, pool)); return svn_opt_print_help4(os,