GSSAPI/Kerberos libraries to be part of TortoiseSVN installation

[Marek Manukjan]

Hello,

it appears that gssapi(32/64).dll and their dependencies aren't part of TortoiseSVN distribution. These files are needed for Kerberos authentication to work when using svn:// protocol.

http(s):// protocol handled by serf library seems to be using different code path for Kerberos authentication and it works there without any additional dependencies.

Unforatunately svn:// authentication for Kerberos goes through

<tortoise_source_root>\ext\gssapi\gssapi.cpp:159

where

#ifdef _WIN64

#define GSSAPI_DLL "gssapi64.dll"

#else

#define GSSAPI_DLL "gssapi32.dll"

#endif

static HINSTANCE hinstLib = LoadLibrary(TEXT(GSSAPI_DLL)); // Will let Windows automatically call FreeLibrary. This is for speed-sake

the LoadLibrary call will fail, because the DLL isn't part of standard Windows intallation, neither part of TortoiseSVN installation. Error message in such case doesn't really help with identifying where the problem is, if I didn't debug the program I'd still be in the blind, as it gives a generic "Cannot negotiate authentication mechanism." error message when the DLLs are missing.

The DLLs can be obtained by installing Heimdal from https://www.secure-endpoints.com/heimdal/.

Since TortoiseSVN is not only GUI for SVN, but also the primary source of Subversion binaries and their dependencies for Windows users, I'd argue that GSSAPI libraries belong to the TortoiseSVN distribution as well.

Thank You for reading and considering this proposal.

Marek