what do I hash to get .subversion/auth/svn.simple file name?

[Tristan Slominski]

Hi,

I thought this was going to be easy to find out, but after hours researching this and trying different things, I still don't know how to answer the question.

I posted it on stack overflow here: http://stackoverflow.com/questions/20952004/subversion-auth-svn-simple-hash-algorithm

It boils down to this:

Given ~/.subversion/auth/svn.simple/5671adf2865e267db74f09ba6f872c28 with the contents of:

K 8
username
V 3
joe
K 8
password
V 4
blah
K 15
svn:realmstring
V 45
<https://svn.domain.com:443> Joe's repository
END

What string to I hash to get 5671adf2865e267db74f09ba6f872c28?

I tried md5 hashing a lot of strings (first one being "<https://svn.domain.com:443> Joe's repository"), and I can't find one that generates the correct hash.

Cheers,

Tristan

[Stefan Sperling]

On Mon, Jan 06, 2014 at 01:40:58PM -0600, Tristan Slominski wrote:
> Hi,
>
> I thought this was going to be easy to find out, but after hours
> researching this and trying different things, I still don't know how to
> answer the question.
>
> I posted it on stack overflow here:
> http://stackoverflow.com/questions/20952004/subversion-auth-svn-simple-hash-algorithm
>
> It boils down to this:
>
> Given ~/.subversion/auth/svn.simple/5671adf2865e267db74f09ba6f872c28 with
> the contents of:
>
> K 8
> username
> V 3
> joe
> K 8
> password
> V 4
> blah
> K 15
> svn:realmstring
> V 45
> <https://svn.domain.com:443> Joe's repository
> END
>
> What string to I hash to get 5671adf2865e267db74f09ba6f872c28?

The creds file's name is indeed the MD5 checksum of the realmstring.
This code generates the name (in subversion/libsvn_subr/config_auth.c):

/* Construct the basename of the creds file. It's just the
realmstring converted into an md5 hex string. */
SVN_ERR(svn_checksum(&checksum, svn_checksum_md5, realmstring,
strlen(realmstring), pool));
hexname = svn_checksum_to_cstring(checksum, pool);

*path = svn_dirent_join(authdir_path, hexname, pool);

> https://svn.domain.com:443> Joe's repository"), and I can't find one that
> generates the correct hash.

I'm not sure why your example doesn't work, but with a data set
of mine I get the right hash:

$ cd ~/.subversion/auth/svn.simple
$ echo -n "<https://svn.apache.org:443> ASF Committers:443> ASF Committers" | md5
d3c8a345b14f6a1b42251aef8027ab57
$ grep ASF ./d3c8a345b14f6a1b42251aef8027ab57
<https://svn.apache.org:443> ASF Committers
$

[Bert Huijben]

First: Note this is an implementation detail. We don’t promise that this format stays compatible over versions, and with a default client you would see that the password on Windows is crypted in this file.

 

In the current implementation the hash string is constructed in subversion/libsvn_subr/config_auth.c’s function svn_auth__file_path()

 

[[

svn_error_t *

svn_auth__file_path(const char **path,

                    const char *cred_kind,

                    const char *realmstring,

                    const char *config_dir,

                    apr_pool_t *pool)

{

  const char *authdir_path, *hexname;

  svn_checksum_t *checksum;

 

  /* Construct the path to the directory containing the creds files,

     e.g. "~/.subversion/auth/svn.simple".  The last component is

     simply the cred_kind.  */

  SVN_ERR(svn_config_get_user_config_path(&authdir_path, config_dir,

                                          SVN_CONFIG__AUTH_SUBDIR, pool));

  if (authdir_path)

    {

      authdir_path = svn_dirent_join(authdir_path, cred_kind, pool);

 

      /* Construct the basename of the creds file.  It's just the

         realmstring converted into an md5 hex string.  */

      SVN_ERR(svn_checksum(&checksum, svn_checksum_md5, realmstring,

                           strlen(realmstring), pool));

      hexname = svn_checksum_to_cstring(checksum, pool);

 

      *path = svn_dirent_join(authdir_path, hexname, pool);

    }

  else

    *path = NULL;

 

  return SVN_NO_ERROR;

}

]]

 

So we calculate the md5 hash over the realm string in UTF-8 form (your first guess)

 

But as noted: you should not rely on this. This format may change at any time.

Functions like svn_config_walk_auth_data() provide a stable api against future versions, while this storage will probably change at some point, and is certainly incompatible with other backends like keychains, etc.

 

                Bert

[Tristan Slominski]

My poor use of command line was at fault when diagnosing this issue. I did not use -n option when invoking echo.

Thank you very much!

[Tristan Slominski]

Thank you Bert for the explanation and the cautions. I will definitely heed them and after spending hours on this I'll probably remember the context for this decision for quite a while :)

[Ben Reser]

On 1/6/14, 11:40 AM, Tristan Slominski wrote:
> Given ~/.subversion/auth/svn.simple/5671adf2865e267db74f09ba6f872c28 with the
> contents of:
>
> K 8
> username
> V 3
> joe
> K 8
> password
> V 4
> blah
> K 15
> svn:realmstring
> V 45
> <https://svn.domain.com:443> Joe's repository
> END
>
> What string to I hash to get 5671adf2865e267db74f09ba6f872c28?
>
> I tried md5 hashing a lot of strings (first one being
> "<https://svn.domain.com:443> Joe's repository"), and I can't find one that
> generates the correct hash.

It's the value in svn:realmstring which is apparently the one you tried first
but must have made some mistake (I'd guess a trailing character if you're using
the md5sum command).

I see on StackOverflow that you figured it out. For reference the code
responsible for this is in svn_auth__file_path() which lives in
subversion/libsvn_subr/config_auth.c

Link to the code in trunk:
https://svn.apache.org/repos/asf/subversion/trunk/subversion/libsvn_subr/config_auth.c

[bosmolskate]

Complicated coding going on here, but I think it is starting to make more
sense to me



-----
http://www.seooptimizers.com
http://yourinternetmarketers.com
news blog
seo courses




--
View this message in context: http://subversion.1072662.n5.nabble.com/what-do-I-hash-to-get-subversion-auth-svn-simple-file-name-tp186470p186666.html
Sent from the Subversion Users mailing list archive at Nabble.com.