#2 Gpg-agent caching config for pysvn

[John Snow]

Thank you so much for pysvn. It has been a lifesaver for us.

Recently we were trying to movefrom plaintext authentication to gpggagent password store.

It works when we use svn commandline with the pinentry. The gpg agent daemon is running. I've set the config file and servers file to avoid plaintext and allow storing of passwords. The password stores setting is set to gpggagent.

It works fine with svn but not through pysvn. I saw that you got it to work with gpg. Could you please provide the instructions required to get this to work? I can't find these anywhere on the web.

Thanks!

[Barry Alan Scott]

It seems that the environment of the process that is runing svn or pysvn is critical to getting this too work. I quick search found this:

https://stackoverflow.com/questions/41142125/svn-setup-with-gpg-agent-and-pinentry-ttycurses

Let me know if this helps.

[John Snow]

Thanks for the quick reply!

I tried adding the allow-preset-passphrase to ~/.gnupg/gpg-agent.conf with the same results:

$ cat ~/.gnupg/gpg-agent.conf
default-cache-ttl 900 #evict cache entry from memory after 15 minutes of inactivity
max-cache-ttl 604800 #max limit to disable cache entry after 1 week
allow-preset-passphrase

We've got an X server and pinentry dialog is showing fine, so it's not exactly the same issue as that link.

Here is the behavior I'm seeing (basically that svn commandline works with gpg-agent but pysvn does not use it):

Gpg agent is running:

$ ps -ef | grep gpg
lnxusr  7157     1  0 13:27 ?        00:00:00 gpg-agent --daemon

The first time it asks for a password inline:

(conda-env) [lnxusr@localhost pysvn]$ svn info https://svnserver:443
Authentication realm: <https://svnserver:443> VisualSVN Server
Password for 'svn_user': **********
svn: E170013: Unable to connect to a repository at URL 'https://svnserver'
svn: E175009: The XML response contains invalid XML
svn: E130003: Malformed XML: no element found

The second time it opens a Pinentry dialog asking for the password:

...instead of asking from the command line (this was reported by others too, so it's normal and acceptable for us as long as it stores it in gpg):

(conda-env) [lnxusr@localhost pysvn]$ svn info https://svnserver:443
Authentication realm: <https://svnserver:443> VisualSVN Server

svn: E170013: Unable to connect to a repository at URL 'https://svnserver'
svn: E175009: The XML response contains invalid XML
svn: E130003: Malformed XML: no element found

The third time it does not ask for a password or open a dialog, so it has stored that password successfully in gpg:

(conda-env) [lnxusr@localhost pysvn]$ svn info https://svnserver:443
svn: E170013: Unable to connect to a repository at URL 'https://svnserver'
svn: E175009: The XML response contains invalid XML
svn: E130003: Malformed XML: no element found

And it can be verified as saved in the svn.simple auth file:

(conda-env) [lnxuser@localhost svn.simple]$ cat 2a1234authfile 
K 8
passtype
V 9
gpg-agent
K 15
svn:realmstring
V 40
<https://svnserver:443> VisualSVN Server
K 8
username
V 6
svnuser

But when trying it through our python script which contains the following pysvn related snippets:

...
import pysvn
import getpass

class Pyclass(object):
    def __init__(self,  svn_repo_url, www_repo_url, debug=True, verbose=True):
        self._svn = pysvn.Client()
        self._svn.callback_ssl_server_trust_prompt = self._ssl_server_trust_prompt
        self._svn.set_auth_cache(True)
        self._svn.callback_get_log_message = self._get_log_message
        self._svn.callback_get_login = self._get_login

    def _get_login(self, realm, username, may_save):
        """Method to get a user's login credentials for the SVN server.
        """
        username = raw_input("Enter username: ")
        password = getpass.getpass()

        return(True, username, password, True)

And our ~/.subversion/config contains the following:

[auth]
password-stores = gpg-agent
store-passwords = yes
store-auth-creds = yes

And our ~/.subversion/servers contains the following:

[global]
store-plaintext-passwords = no
store-passwords = yes

The result is that it keeps calling the callback_get_login and asking for the username and password and does not store it using gpgagent like the svn commandline does.

(conda-env) [lnxusr@localhost .subversion]$ Pyclass
Enter username: svn_user
Password: 
>>> Default repository access: succeeded
(conda-env) [lnxusr@localhost .subversion]$ Pyclass
Enter username: svn_user
Password: 
>>> Default repository access: succeeded
(conda-env) [lnxusr@localhost .subversion]$ Pyclass
Enter username: ^CTraceback (most recent call last):

(conda-env) [lnxusr@localhost .subversion]$ cat ~/.subversion/auth/svn.simple/2a1234authfile
K 15
svn:realmstring
V 40
<https://svnserver:443> VisualSVN Server
K 8
username
V 6
svnuser
END

But the minute I comment the store-plaintext-passwords line in the servers file, it stores the plaintext auth and does not repeat the callback for login after storing it in plaintext inside the 2aauthfile.

$ cat 2a1234authfile 
K 8
passtype
V 6
simple
K 8
password
V 10
ACTUALPASSWORDHERE!!!
K 15
svn:realmstring
V 40
<https://svnserver:443> VisualSVN Server
K 8
username
V 6
svn_user

Sorry, I haven't dug into the pysvn source code yet for this, I'm hoping it is a simple config issue.

[Barry Alan Scott]

pysvn wraps around the svn code. pysvn has no GPG specific code in it.

It would be helpful if you could do some debugging on this.

I read a bit of svn code in subversion/libsvn_subr/gpg_agent.c to get a sense of what
might be going on. Looks like the svn code relies on the a GPG "pipentry" program.

I did see this about problems with pinentry:

https://superuser.com/questions/520980/how-to-force-gpg-to-use-console-mode-pinentry-to-prompt-for-passwords

Just a wild thought. Does your code work if you do not setup the callback_get_login?
Seeing as the pinentry reads and stores the password why would svn use the get_login
callback?

[John Snow]

Ok, it's good to know it has no GPG specific code in it. Is it possible to check which svn binary pysvn calls?

I tried reloading GPG with pinentry set in the config as mentioned in the article. It's the same behavior. I'm using GNOME and a terminal within CentOS 7.5.1804 and there don't appear to be any issues with Pinentry when using svn. It shows the dialog for Pinentry with the password input and stores it afterwards in GPG. The problem might be that when invoked through pysvn, svn does not consider GPG at all. I see why you are trying to be explicit about settings for svn and GPG.

Disabling the callback_get_login throws an exception "callback_get_login required". I remember trying this before too :-) The call back is supposedly thrown any time svn does not have credentials cached. But why would svn see the credentials as cached but pysvn overwrite it and not use any password store or caching? I'll try the set-auth-cache thing too with all the recent changes. Also, is there a way to check if my pysvn is using a different svn or check the commands that pysvn is running finally or enable logging or debug mode?

$ which svn
/usr/bin/svn

$ rpm -qa | grep gpg
libgpg-error-1.12-3.el7.x86_64
gpg-pubkey-f4a80eb5-53a7ff4b
libgpg-error-devel-1.12-3.el7.x86_64
pygpgme-0.3-9.el7.x86_64
gpg-pubkey-352c64e5-52ae6884
kgpg-4.10.5-4.el7.x86_64
gpgme-1.3.2-5.el7.x86_64

$ rpm -qa | grep gnupg
gnupg2-2.0.22-5.el7_5.x86_64

$ rpm -qa | grep pinentry
pinentry-0.8.1-17.el7.x86_64
pinentry-qt-0.8.1-17.el7.x86_64

All the gnupg and pinentry stuff came preinstalled in CentOS.

[Barry Alan Scott]

I'm guessing you are on a Centos 7.
What repos are you using to get svn, gnupg, pysvn, etc from?
What versions of python, pysvn and svn are you using?

pysvn does not use the svn binary it uses the svn libraries.

$ python3
>>> import pysvn
>>> import os
>>> print(os.getpid())
<pid>

Then use and look for the libsvn_XXX.so files:

$ lsof -p <pid>

[John Snow]

Thanks, yes, CentOS 7.5.1804.

svn was gotten through the Wandisco repo.
$ rpm -qa | grep subversion
subversion-1.9.12-1.x86_64
subversion-javahl-1.9.12-1.x86_64

pysvn I'm not sure as it was a part of the conda environment and already preinstalled.

$ python --version
Python 2.7.15 :: Anaconda, Inc.

>>> import pysvn
>>> pysvn.version
(1, 9, 10, 0)

$ lsof -p 20868 | grep svn
python  20868 lnxusr  mem    REG    8,2     11336   682227 /usr/lib64/libsvn_fs_util-1.so.0.0.0
python  20868 lnxusr  mem    REG    8,2     79056   665638 /usr/lib64/libsvn_delta-1.so.0.0.0
python  20868 lnxusr  mem    REG    8,2     58096   682777 /usr/lib64/libsvn_ra-1.so.0.0.0
python  20868 lnxusr  mem    REG    8,2     95472   665643 /usr/lib64/libsvn_diff-1.so.0.0.0
python  20868 lnxusr  mem    REG    8,2   1883624   683287 /usr/lib64/libsvn_subr-1.so.0.0.0
python  20868 lnxusr  mem    REG    8,2     50224   666286 /usr/lib64/libsvn_fs-1.so.0.0.0
python  20868 lnxusr  mem    REG    8,2    776464   684607 /usr/lib64/libsvn_wc-1.so.0.0.0
python  20868 lnxusr  mem    REG    8,2    234144   683277 /usr/lib64/libsvn_repos-1.so.0.0.0
python  20868 lnxusr  mem    REG    8,2    455456   665135 /usr/lib64/libsvn_client-1.so.0.0.0
python  20868 lnxusr  mem    REG   8,17   3929648 11148178 /local/proj/miniconda3/envs/proj-dev/lib/python2.7/site-packages/pysvn/_pysvn_2_7.so

[Barry Alan Scott]

Confirm that the libs are from the RPM that you expect with:

$ rpm -qf /usr/lib64/libsvn_client-1.so.0.0.0

It should tell you its the subversion-1.9.12-1.

Are you ok using gdb? Next you need to find out what svn is upto when
it needs a password frpm gpg-agent.

There are 3 entry points in the gpg_agent.c files.
simple_gpg_agent_first_creds, simple_gpg_agent_next_creds, simple_gpg_agent_save_creds.
Can you see how there operate from svn and from pysvn and find the difference?
I wonder if under python the gpg agent socket cannot be found?

[John Snow]

$ rpm -qf /usr/lib64/libsvn_client-1.so.0.0.0
subversion-1.9.12-1.x86_64

I'm not sure how I can use gdb to check on those entry points. I was looking at a tutorial here: https://web.eecs.umich.edu/~sugih/pointers/summary.html

Do I need to get the gpg_agent.c source code and compile it and run with gdb or can I use the existing .so files or directly invoke the command somehow?

[lnxusr@localhost .gnupg]$ gdb svn
GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-110.el7
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
For bug reporting instructions, please see:
http://www.gnu.org/software/gdb/bugs/...
Reading symbols from /usr/bin/svn...Reading symbols from /usr/lib/debug/usr/bin/svn.debug...done.
done.
(gdb) ^Z
[3]+ Stopped gdb svn

[John Snow]

Ok just figured out i can run with arguments inside the gdb command line. Might need more debug info packages. The below ran the first run (inline password request) and the second run (which shows pinentry dialog):

$ gdb svn
...

(gdb) run info https://svnserver:443
Starting program: /usr/bin/svn info https://svnserver:443
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Authentication realm: https://svnserver:443 VisualSVN Server
Password for 'svn_user': ****

svn: E170013: Unable to connect to a repository at URL 'https://svnserver'
svn: E175009: The XML response contains invalid XML
svn: E130003: Malformed XML: no element found
[Inferior 1 (process 3377) exited with code 01]
Missing separate debuginfos, use: debuginfo-install gssproxy-0.7.0-17.el7.x86_64 keyutils-libs-1.5.8-3.el7.x86_64 krb5-libs-1.15.1-19.el7.x86_64 libcom_err-1.42.9-12.el7_5.x86_64 libselinux-2.5-12.el7.x86_64 libuuid-2.23.2-52.el7_5.1.x86_64 nspr-4.19.0-1.el7_5.x86_64 nss-3.36.0-7.el7_5.x86_64 nss-softokn-freebl-3.36.0-5.el7_5.x86_64 nss-util-3.36.0-1.el7_5.x86_64 openldap-2.4.44-15.el7_5.x86_64 openssl-libs-1.0.2k-12.el7.x86_64 pcre-8.32-17.el7.x86_64
(gdb) run info https://svnserver:443
Starting program: /usr/bin/svn info https://svnserver:443
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
svn: E170013: Unable to connect to a repository at URL 'https://svnserver'
svn: E175009: The XML response contains invalid XML
svn: E130003: Malformed XML: no element found
[Inferior 1 (process 3383) exited with code 01]

(gdb) run info https://svnserver:443
Starting program: /usr/bin/svn info https://svnserver:443
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Authentication realm: https://svnserver:443 VisualSVN Server
Password for 'svn_user': ****

svn: E170013: Unable to connect to a repository at URL 'https://svnserver'
svn: E175009: The XML response contains invalid XML
svn: E130003: Malformed XML: no element found
[Inferior 1 (process 3377) exited with code 01]
Missing separate debuginfos, use: debuginfo-install gssproxy-0.7.0-17.el7.x86_64 keyutils-libs-1.5.8-3.el7.x86_64 krb5-libs-1.15.1-19.el7.x86_64 libcom_err-1.42.9-12.el7_5.x86_64 libselinux-2.5-12.el7.x86_64 libuuid-2.23.2-52.el7_5.1.x86_64 nspr-4.19.0-1.el7_5.x86_64 nss-3.36.0-7.el7_5.x86_64 nss-softokn-freebl-3.36.0-5.el7_5.x86_64 nss-util-3.36.0-1.el7_5.x86_64 openldap-2.4.44-15.el7_5.x86_64 openssl-libs-1.0.2k-12.el7.x86_64 pcre-8.32-17.el7.x86_64
(gdb) run info https://svnserver:443
Starting program: /usr/bin/svn info https://svnserver:443
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
svn: E170013: Unable to connect to a repository at URL 'https://svnserver'
svn: E175009: The XML response contains invalid XML
svn: E130003: Malformed XML: no element found
[Inferior 1 (process 3383) exited with code 01]

[John Snow]

I'm running that debuginfos command right now and it's getting those packages. I'll run gdb with the above svn command again and run it with pysvn next (might get tricky with a conda environment so I'll do a test without conda first)

[John Snow]

Here's a python gdb output which is also high level like the previous one:

$ cat svntest.py
import pysvn
import getpass

client = pysvn.Client()

def _get_login(realm,username,may_save):
    username=raw_input("Enter usernam: ")
    password = getpass.getpass()
    return (True, username, password, True)

client.callback_get_login = _get_login

client.checkout('https://svnserver/svn/path/trunk','~/pysvn')

GDB is only showing high level thread info. I'm looking into how I can get it to show more details?

$ gdb python
GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-110.el7
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /usr/bin/python2.7...Reading symbols from /usr/lib/debug/usr/bin/python2.7.debug...done.
done.
(gdb) run svntest.py 
Starting program: /usr/bin/python svntest.py
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Enter usernam: svn_user
Password: 
[Inferior 1 (process 4210) exited normally]
(gdb) 

[Barry Alan Scott]

I'm guessing your new to gdb. What you need to do is the following (untested):

$ gdb python
...
(gdb) b simple_gpg_agent_first_creds
Function "simple_gpg_agent_first_creds" not defined.
Make breakpoint pending on future shared library load? (y or [n]) y

and repeat for the other two entry points.

(gdb) run ...

When it hits the break point there are some useful command.

list - show you the sources where you stopped
step - execute one line of code going into any subroutines
next - execute one line of code going over any subroutines
print - display variables
continue - run until the next break point is hit

Now watch the flow of the logic and where it changes between the svn and pysvn cases.

Thanks for doing this.

[John Snow]

Thanks, yes new to gdb. This is right after doing the pinentry through svn

Breakpoint 1, simple_gpg_agent_save_creds (saved=0x7fffffffbca4, credentials=0x7a39f0, 
    provider_baton=0x0, parameters=0x684418, 
    realmstring=0x684668 "<https://svnserver:443> VisualSVN Server", pool=0x669a38)
    at subversion/libsvn_subr/gpg_agent.c:712
712 {
(gdb) list
707                             void *credentials,
708                             void *provider_baton,
709                             apr_hash_t *parameters,
710                             const char *realmstring,
711                             apr_pool_t *pool)
712 {
713   return svn_auth__simple_creds_cache_set(saved, credentials,
714                                           provider_baton, parameters,
715                                           realmstring, password_set_gpg_agent,
716                                           SVN_AUTH__GPG_AGENT_PASSWORD_TYPE,
(gdb) step
svn_auth__simple_creds_cache_set (saved=0x7fffffffbca4, credentials=0x7a39f0, provider_baton=0x0, 
    parameters=0x684418, realmstring=0x684668 "<https://svnserver:443> VisualSVN Server", 
    password_set=password_set@entry=0x7ffff6f11e20 <password_set_gpg_agent>, 
    passtype=passtype@entry=0x7ffff6fc1078 "gpg-agent", pool=0x669a38)
    at subversion/libsvn_subr/simple_providers.c:304
304 {
(gdb) step
315     (! creds->may_save) || (svn_hash_gets(parameters,
(gdb) step
304 {
(gdb) step
310     svn_hash_gets(parameters, SVN_AUTH_PARAM_DONT_STORE_PASSWORDS) != NULL;
(gdb) step
304 {
(gdb) step
310     svn_hash_gets(parameters, SVN_AUTH_PARAM_DONT_STORE_PASSWORDS) != NULL;
(gdb) step
304 {
(gdb) step
310     svn_hash_gets(parameters, SVN_AUTH_PARAM_DONT_STORE_PASSWORDS) != NULL;
(gdb) step
304 {
(gdb) step
310     svn_hash_gets(parameters, SVN_AUTH_PARAM_DONT_STORE_PASSWORDS) != NULL;
(gdb) step
apr_hash_get (ht=ht@entry=0x684418, key=key@entry=0x7ffff6fb392e, klen=klen@entry=-1)
    at tables/apr_hash.c:342
342 {
(gdb) step
apr_hash_get (ht=ht@entry=0x684418, key=key@entry=0x7ffff6fb392e, klen=klen@entry=-1)
    at tables/apr_hash.c:342
342 {
(gdb) step
344     he = *find_entry(ht, key, klen, NULL);
(gdb) step
find_entry (ht=ht@entry=0x684418, key=key@entry=0x7ffff6fb392e, klen=klen@entry=-1, val=val@entry=0x0)
    at tables/apr_hash.c:266
266 {
(gdb) step
270     if (ht->hash_func)
(gdb) step
266 {
(gdb) step
270     if (ht->hash_func)
(gdb) continue
Continuing.
svn: E170013: Unable to connect to a repository at URL 'https://svnserver'
svn: E175009: The XML response contains invalid XML
svn: E130003: Malformed XML: no element found
[Inferior 1 (process 9712) exited with code 01]
(gdb) quit

[John Snow]

Definitely not the same when running it through python. I can't see a single breakpoint get called through python.

See below:

Here's the svntest.py that I executed:

import pysvn
import getpass

client = pysvn.Client()

def _get_login(realm,username,may_save):
    username=raw_input("Enter usernam: ")
    password = getpass.getpass()
    return (True, username, password, True)

client.callback_get_login = _get_login

client.checkout('https://svnserver/svn/path_to_module/trunk','~/pysvn')

(conda-env) [lnxusr@localhost ~]$ gdb python
GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-110.el7
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /pathenvs/conda-env/bin/python2.7...done.
(gdb) b simple_gpg_agent_first_creds
Function "simple_gpg_agent_first_creds" not defined.
Make breakpoint pending on future shared library load? (y or [n]) y

Breakpoint 1 (simple_gpg_agent_first_creds) pending.
(gdb) b simple_gpg_agent_next_creds
Function "simple_gpg_agent_next_creds" not defined.
Make breakpoint pending on future shared library load? (y or [n]) y

Breakpoint 2 (simple_gpg_agent_next_creds) pending.
(gdb) b simple_gpg_agent_save_creds
Function "simple_gpg_agent_save_creds" not defined.
Make breakpoint pending on future shared library load? (y or [n]) y

Breakpoint 3 (simple_gpg_agent_save_creds) pending.
(gdb) run svntest.py 
Starting program: /pathenvs/conda-env/bin/python svntest.py
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Enter usernam: svn_user
Password: 
[Inferior 1 (process 10526) exited normally]
(gdb) run svntest.py
Starting program: /pathenvs/conda-env/bin/python svntest.py
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Enter usernam: svn_user
Password: 
[Inferior 1 (process 10530) exited normally]

[John Snow]

The pysvn code looks to be written mostly in C. I have no idea how to gdb or modify the pysvn library and determine the svn command or library its invoking. I don't really have much more to add at this point. If you have some ideas, please let me know and I will try those too.

[Barry Alan Scott]

If the config used is differnce between svn and pysvn then that would explain things.

When you create the pysvn.Client() you can pass in the config like this:

c = pysvn.Client( config_dir )

Can you try that and see if that makes things work?

[John Snow]

Same exact behavior with the config_dir set. I found something that looked bleak for pysvn caching:

It looks like pysvn calls "svn_client_cat2()" from libsvn and this function does not cache username/passwd between invoking even for the same url and same realms.
https://stackoverflow.com/questions/3325489/how-to-cache-username-and-passwd-in-pysvn

Is this true? Has anyone ever gotten this to work?

[John Snow]

I just confirmed that the gnome keyring password store also results in identical behavior (works through svn but not through pysvn):

(conda-env) [lnxuser@localhost ~]$ svn info https://svnserver:port
Authentication realm: <https://svnserver:port> VisualSVN Server
Password for 'svn_user': **********

Password for 'login' GNOME keyring: *********

(conda-env) [lnxuser3@localhost ~]$ sandbox test
innew sandbox
Enter username: svn_user
Password: 
>>> Default repository access: succeeded
(conda-env) [lnxuser3@localhost ~]$ sandbox test
innew sandbox
Enter username: svn_user
Password: 
>>> Default repository access: succeeded

The 2a auth file never has a password entry in it through pysvn unless it's a plaintext password.

[John Snow]

It would be very beneficial for us if this worked.

I looked into other keyring solutions, but can't use other keyring solutions because that would require handing over the password in plaintext to pysvn

[John Snow]

From gpg_agent.c:

• • Unlike GNOME Keyring or KDE Wallet, the user is not prompted for
• permission if another program attempts to access the password.
  *
• Therefore, while the gpg-agent is running and has the password cached,
• this provider is no more secure than a file storing the password in
• plaintext.

I'm gonna focus my efforts on using GNOME Keyring now. GPG does not look to be a secure method

[John Snow]

In this bug it appears you got it to work through GPG!
http://pysvn.tigris.org/issues/show_bug.cgi?id=149

Do you remember how?

[John Snow]

Looking at pysvn_svnenv.cpp where the providers get populated, it seems that maybe it's using the provider setting from 1.6
Specifically this line:
if defined( PYSVN_HAS_AUTH_GET_SIMPLE_PROVIDER2 )?

pysvn_svnenv.hpp
// SVN 1.6 or later
#if (SVN_VER_MAJOR == 1 && SVN_VER_MINOR >= 6) || SVN_VER_MAJOR > 1
#define PYSVN_HAS_SVN_1_6
#define PYSVN_HAS_CLIENT_COPY5
#define PYSVN_HAS_IO_OPEN_UNIQUE_FILE3
#define PYSVN_HAS_CLIENT_LOG5
#define PYSVN_HAS_CLIENT_REVPROP_SET2 1
#define PYSVN_HAS_CLIENT_STATUS4
#define PYSVN_HAS_AUTH_GET_SIMPLE_PROVIDER2
#define PYSVN_HAS_AUTH_GET_SSL_CLIENT_CERT_PW_FILE_PROVIDER2
#define PYSVN_HAS_SVN_CLIENT_CTX_T__CONFLICT_FUNC_1_6
#define PYSVN_HAS_SVN_WC_OPERATION_T
#define PYSVN_HAS_SVN_WC_CONFLICT_RESULT_T__SAVE_MERGED

pysvn_svnenv.cpp
SvnContext::SvnContext( const std::string &config_dir_str )
: m_pool( NULL )
, m_context( NULL )
, m_config_dir( NULL )
{
    memset( &m_context, 0, sizeof( m_context ) );

    apr_pool_create( &m_pool, NULL );

#if defined( PYSVN_HAS_CLIENT_CREATE_CONTEXT2 )
    svn_client_create_context2( &m_context, NULL, m_pool );
#else
    svn_client_create_context( &m_context, m_pool );
#endif

    if( !config_dir_str.empty() )
    {
        m_config_dir = svn_dirent_canonicalize( config_dir_str.c_str(), m_pool );
    }

    svn_config_ensure( m_config_dir, m_pool );

#if defined( PYSVN_HAS_SVN_AUTH_PROVIDERS )
    apr_array_header_t *providers = apr_array_make( m_pool, 11, sizeof( svn_auth_provider_object_t * ) );

    // simple providers
    svn_auth_provider_object_t *provider = NULL;
#if defined( WIN32 )
    svn_auth_get_windows_simple_provider(&provider, m_pool);
    *(svn_auth_provider_object_t **)apr_array_push( providers ) = provider;
#endif
#if defined( DARWIN )
    svn_auth_get_keychain_simple_provider(&provider, m_pool);
    *(svn_auth_provider_object_t **)apr_array_push( providers ) = provider;
#endif
**#if defined( PYSVN_HAS_AUTH_GET_SIMPLE_PROVIDER2 )**
    svn_auth_get_simple_provider2( &provider, NULL, NULL, m_pool );
#else
    svn_auth_get_simple_provider( &provider, m_pool );
#endif
    *(svn_auth_provider_object_t **)apr_array_push( providers ) = provider;

    svn_auth_get_username_provider( &provider, m_pool );
    *(svn_auth_provider_object_t **)apr_array_push( providers ) = provider;

    svn_auth_get_simple_prompt_provider( &provider, handlerSimplePrompt, this, 1000000, m_pool );
    *(svn_auth_provider_object_t **)apr_array_push( providers ) = provider;

    // ssl providers

[John Snow]

I just ran a GDB and it does hit the svn_auth_get_simple_provider2 which is meant for SVN v1.6 and greater. I guess it was just an upgrade to the way this function worked after 1.6, never mind!

(conda-env) [lnxuser@localhost ~]$ gdb python
GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-110.el7
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /envs/conda-env/bin/python2.7...done.
(gdb) b svn_auth_get_simple_provider2
Function "svn_auth_get_simple_provider2" not defined.
Make breakpoint pending on future shared library load? (y or [n]) y
Breakpoint 1 (svn_auth_get_simple_provider2) pending.
(gdb) run svnorig.py 
Starting program: /envs/conda-env/bin/python svnorig.py
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".

Breakpoint 1, svn_auth_get_simple_provider2 (provider=0x7fffffffba70, plaintext_prompt_func=0x0, prompt_baton=0x0, pool=0x555555811cf8) at subversion/libsvn_subr/simple_providers.c:524
524 {
(gdb) 

[John Snow]

A lot of plaintext stuff in the gdb though, so it's justnot picking the right simple provider (baton?) for a keyring:

A lot of plaintext stuff in the gdb though, so it's justnot picking the right simple provider (baton?) for a keyring:

(gdb) run svnorig.py 
Starting program: /envs/conda-env/bin/python svnorig.py
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".

Breakpoint 1, svn_auth_get_simple_provider2 (provider=0x7fffffffba70, plaintext_prompt_func=0x0, prompt_baton=0x0, pool=0x555555811cf8) at subversion/libsvn_subr/simple_providers.c:524
524 {
(gdb) list
519 svn_auth_get_simple_provider2
520   (svn_auth_provider_object_t **provider,
521    svn_auth_plaintext_prompt_func_t plaintext_prompt_func,
522    void* prompt_baton,
523    apr_pool_t *pool)
524 {
525   svn_auth_provider_object_t *po = apr_pcalloc(pool, sizeof(*po));
526   simple_provider_baton_t *pb = apr_pcalloc(pool, sizeof(*pb));
527 
528   pb->plaintext_prompt_func = plaintext_prompt_func;
(gdb) next
525   svn_auth_provider_object_t *po = apr_pcalloc(pool, sizeof(*po));
(gdb) print pool
$1 = (apr_pool_t *) 0x555555811cf8
(gdb) print apr_pool_t
Attempt to use a type name as an expression
(gdb) print *
A syntax error in expression, near `'.
(gdb) next
524 {
(gdb) next
525   svn_auth_provider_object_t *po = apr_pcalloc(pool, sizeof(*po));
(gdb) next
524 {
(gdb) next
525   svn_auth_provider_object_t *po = apr_pcalloc(pool, sizeof(*po));
(gdb) next
526   simple_provider_baton_t *pb = apr_pcalloc(pool, sizeof(*pb));
(gdb) pb /s pb
Undefined command: "pb".  Try "help".
(gdb) pb /s p
Undefined command: "pb".  Try "help".
(gdb) p /s pb
$2 = <optimized out>
(gdb) next
525   svn_auth_provider_object_t *po = apr_pcalloc(pool, sizeof(*po));
(gdb) pb /s po
Undefined command: "pb".  Try "help".
(gdb) next
526   simple_provider_baton_t *pb = apr_pcalloc(pool, sizeof(*pb));
(gdb) next
530   pb->plaintext_answers = apr_hash_make(pool);
(gdb) next
526   simple_provider_baton_t *pb = apr_pcalloc(pool, sizeof(*pb));
(gdb) next
528   pb->plaintext_prompt_func = plaintext_prompt_func;
(gdb) next
529   pb->prompt_baton = prompt_baton;
(gdb) pb /s pb
Undefined command: "pb".  Try "help".
(gdb) p /s pb
$3 = <optimized out>
(gdb) p /s pb->prompt_baton
value has been optimized out
(gdb) print prompt_baton
$4 = (void *) 0x0
(gdb) next
526   simple_provider_baton_t *pb = apr_pcalloc(pool, sizeof(*pb));
(gdb) next
530   pb->plaintext_answers = apr_hash_make(pool);
(gdb) next
532   po->vtable = &simple_provider;
(gdb) next
533   po->provider_baton = pb;
(gdb) next
532   po->vtable = &simple_provider;
(gdb) next
534   *provider = po;
(gdb) next
535 }
(gdb) next
0x00007ffff02b2fac in SvnContext::SvnContext(std::string const&) () from /envs/conda-env/lib/python2.7/site-packages/pysvn/_pysvn_2_7.so
(gdb) next
Single stepping until exit from function _ZN10SvnContextC2ERKSs,
which has no line number information.
0x00007ffff024ef5a in pysvn_context::pysvn_context(std::string const&) () from /envs/conda-env/lib/python2.7/site-packages/pysvn/_pysvn_2_7.so
(gdb) next
Single stepping until exit from function _ZN13pysvn_contextC2ERKSs,
which has no line number information.
0x00007ffff0255b72 in pysvn_client::pysvn_client(pysvn_module&, std::string const&, Py::Dict) () from /envs/conda-env/lib/python2.7/site-packages/pysvn/_pysvn_2_7.so
(gdb) next
Single stepping until exit from function _ZN12pysvn_clientC2ER12pysvn_moduleRKSsN2Py4DictE,
which has no line number information.
0x00007ffff0215e4f in pysvn_module::new_client(Py::Tuple const&, Py::Dict const&) () from /envs/conda-env/lib/python2.7/site-packages/pysvn/_pysvn_2_7.so
(gdb) next
Single stepping until exit from function _ZN12pysvn_module10new_clientERKN2Py5TupleERKNS0_4DictE,
which has no line number information.
0x00007ffff021c134 in Py::ExtensionModule<pysvn_module>::invoke_method_keyword(void*, Py::Tuple const&, Py::Dict const&) ()
   from /envs/conda-env/lib/python2.7/site-packages/pysvn/_pysvn_2_7.so
(gdb) next
Single stepping until exit from function _ZN2Py15ExtensionModuleI12pysvn_moduleE21invoke_method_keywordEPvRKNS_5TupleERKNS_4DictE,
which has no line number information.
0x00007ffff02ba539 in method_keyword_call_handler () from /envs/conda-env/lib/python2.7/site-packages/pysvn/_pysvn_2_7.so
(gdb) 
Single stepping until exit from function method_keyword_call_handler,
which has no line number information.
0x00007ffff7adefc7 in PyEval_EvalFrameEx () from /envs/conda-env/bin/../lib/libpython2.7.so.1.0
(gdb) next
Single stepping until exit from function PyEval_EvalFrameEx,
which has no line number information.
0x00007ffff7ae14e9 in PyEval_EvalCodeEx () from /envs/conda-env/bin/../lib/libpython2.7.so.1.0
(gdb) next
Single stepping until exit from function PyEval_EvalCodeEx,
which has no line number information.
0x00007ffff7ade9b8 in PyEval_EvalFrameEx () from /envs/conda-env/bin/../lib/libpython2.7.so.1.0
(gdb) next
Single stepping until exit from function PyEval_EvalFrameEx,
which has no line number information.
^[[A
Enter username: Password: 

[John Snow]

Never mind, the difference is somewhere else. SVN also calls plaintext.

Here is the gdb for svn (first run without a stored password and 2nd run with a stored pw):

(gdb) run info https://svnserver:port
Starting program: /usr/bin/svn info https://svnserver:port
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".

Breakpoint 1, svn_auth_get_simple_provider2 (provider=provider@entry=0x7fffffffc558, plaintext_prompt_func=0x7ffff6f26ac0 <svn_cmdline_auth_plaintext_prompt>, prompt_baton=prompt_baton@entry=0x662f78, 
    pool=0x652248) at subversion/libsvn_subr/simple_providers.c:524
524 {
(gdb) next
525   svn_auth_provider_object_t *po = apr_pcalloc(pool, sizeof(*po));
(gdb) next
524 {
(gdb) next
525   svn_auth_provider_object_t *po = apr_pcalloc(pool, sizeof(*po));
(gdb) next
524 {
(gdb) next
525   svn_auth_provider_object_t *po = apr_pcalloc(pool, sizeof(*po));
(gdb) next
526   simple_provider_baton_t *pb = apr_pcalloc(pool, sizeof(*pb));
(gdb) next
525   svn_auth_provider_object_t *po = apr_pcalloc(pool, sizeof(*po));
(gdb) next
526   simple_provider_baton_t *pb = apr_pcalloc(pool, sizeof(*pb));
(gdb) next
530   pb->plaintext_answers = apr_hash_make(pool);
(gdb) next
526   simple_provider_baton_t *pb = apr_pcalloc(pool, sizeof(*pb));
(gdb) next
528   pb->plaintext_prompt_func = plaintext_prompt_func;
(gdb) next
529   pb->prompt_baton = prompt_baton;
(gdb) next
526   simple_provider_baton_t *pb = apr_pcalloc(pool, sizeof(*pb));
(gdb) next
530   pb->plaintext_answers = apr_hash_make(pool);
(gdb) next
532   po->vtable = &simple_provider;
(gdb) next
533   po->provider_baton = pb;
(gdb) next
532   po->vtable = &simple_provider;
(gdb) next
534   *provider = po;
(gdb) next
535 }
(gdb) next
svn_cmdline_create_auth_baton2 (ab=ab@entry=0x7fffffffc6b0, non_interactive=0, auth_username=0x0, auth_password=0x0, config_dir=0x0, no_auth_cache=0, trust_server_cert_unknown_ca=0, 
    trust_server_cert_cn_mismatch=0, trust_server_cert_expired=0, trust_server_cert_not_yet_valid=0, trust_server_cert_other_failure=0, cfg=cfg@entry=0x653958, cancel_func=0x41cc10 <svn_cl__check_cancel>, 
    cancel_baton=0x0, pool=pool@entry=0x652248) at subversion/libsvn_subr/cmdline.c:617
617   APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider;
(gdb) next
618   svn_auth_get_username_provider(&provider, pool);
(gdb) next
617   APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider;
(gdb) next
618   svn_auth_get_username_provider(&provider, pool);
(gdb) next
619   APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider;
(gdb) next
621   svn_auth_get_ssl_server_trust_file_provider(&provider, pool);
(gdb) next
619   APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider;
(gdb) next
621   svn_auth_get_ssl_server_trust_file_provider(&provider, pool);
(gdb) next
622   APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider;
(gdb) next
623   svn_auth_get_ssl_client_cert_file_provider(&provider, pool);
(gdb) next
622   APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider;
(gdb) next
623   svn_auth_get_ssl_client_cert_file_provider(&provider, pool);
(gdb) next
624   APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider;
(gdb) next
626   if (!non_interactive)
(gdb) next
631         (&provider, svn_cmdline_auth_plaintext_passphrase_prompt,
(gdb) next
624   APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider;
(gdb) next
626   if (!non_interactive)
(gdb) next
631         (&provider, svn_cmdline_auth_plaintext_passphrase_prompt,
(gdb) next
639   APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider;
(gdb) next
645       SVN_ERR(svn_config_get_bool(cfg, &ssl_client_cert_file_prompt,
(gdb) next
639   APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider;
(gdb) next
645       SVN_ERR(svn_config_get_bool(cfg, &ssl_client_cert_file_prompt,
(gdb) next
651       svn_auth_get_simple_prompt_provider(&provider,
(gdb) next
656       APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider;
(gdb) next
659         (&provider, svn_cmdline_auth_username_prompt, pb,
(gdb) next
656       APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider;
(gdb) next
659         (&provider, svn_cmdline_auth_username_prompt, pb,
(gdb) next
661       APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider;
(gdb) next
665         (&provider, svn_cmdline_auth_ssl_server_trust_prompt, pb, pool);
(gdb) next
661       APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider;
(gdb) next
665         (&provider, svn_cmdline_auth_ssl_server_trust_prompt, pb, pool);
(gdb) next
666       APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider;
(gdb) next
669         (&provider, svn_cmdline_auth_ssl_client_cert_pw_prompt, pb, 2, pool);
(gdb) next
666       APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider;
(gdb) next
669         (&provider, svn_cmdline_auth_ssl_client_cert_pw_prompt, pb, 2, pool);
(gdb) next
670       APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider;
(gdb) next
674       if (ssl_client_cert_file_prompt)
(gdb) next
701   svn_auth_open(ab, providers, pool);
(gdb) next
705   if (auth_username)
(gdb) next
708   if (auth_password)
(gdb) next
713   if (non_interactive)
(gdb) next
716   if (config_dir)
(gdb) next
724   SVN_ERR(svn_config_get_bool(cfg, &store_password_val,
(gdb) next
729   if (! store_password_val)
(gdb) next
736   SVN_ERR(svn_config_get_bool(cfg, &store_auth_creds_val,
(gdb) next
741   if (no_auth_cache || ! store_auth_creds_val)
(gdb) next
745   svn_auth_set_parameter(*ab, SVN_AUTH_PARAM_GNOME_KEYRING_UNLOCK_PROMPT_FUNC,
(gdb) next
749   return SVN_NO_ERROR;
(gdb) next
750 }
(gdb) next
sub_main (exit_code=exit_code@entry=0x7fffffffc984, argc=argc@entry=3, argv=argv@entry=0x7fffffffca88, pool=pool@entry=0x652248) at subversion/svn/svn.c:2982
2982      if (opt_state.non_interactive)
(gdb) next
2980      ctx->auth_baton = ab;
(gdb) next
2982      if (opt_state.non_interactive)
(gdb) next
3008      SVN_ERR(svn_config_get_bool(cfg_config, &interactive_conflicts,
(gdb) next
3012      if (!interactive_conflicts)
(gdb) next
3028        ctx->conflict_func = NULL;
(gdb) next
3031        ctx->conflict_func2 = svn_cl__conflict_func_interactive;
(gdb) next
3032        SVN_ERR(svn_cl__get_conflict_func_interactive_baton(
(gdb) next
3031        ctx->conflict_func2 = svn_cl__conflict_func_interactive;
(gdb) next
3028        ctx->conflict_func = NULL;
(gdb) next
3029        ctx->conflict_baton = NULL;
(gdb) next
3032        SVN_ERR(svn_cl__get_conflict_func_interactive_baton(
(gdb) next
3037        ctx->conflict_baton2 = b;
(gdb) next
3041      err = (*subcommand->cmd_func)(os, &command_baton, pool);
(gdb) next
3037        ctx->conflict_baton2 = b;
(gdb) next
3041      err = (*subcommand->cmd_func)(os, &command_baton, pool);
(gdb) next
^[[AAuthentication realm: <https://svnserver:port> VisualSVN Server
Password for 'svn_user': 

Authentication realm: <https://svnserver:port> VisualSVN Server
Username: [A
Password for '[A': **

Authentication realm: <https://svnserver:port> VisualSVN Server
Username: svn_user 
Password for 'svn_user': **********

3042      if (err)
(gdb) run info https://svnserver:port
The program being debugged has been started already.
Start it from the beginning? (y or n) y
Starting program: /usr/bin/svn info https://svnserver:port
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".

Breakpoint 1, svn_auth_get_simple_provider2 (provider=provider@entry=0x7fffffffc558, plaintext_prompt_func=0x7ffff6f26ac0 <svn_cmdline_auth_plaintext_prompt>, prompt_baton=prompt_baton@entry=0x662f58, 
    pool=0x652248) at subversion/libsvn_subr/simple_providers.c:524
524 {
(gdb) next
525   svn_auth_provider_object_t *po = apr_pcalloc(pool, sizeof(*po));
(gdb) next
524 {
(gdb) next
525   svn_auth_provider_object_t *po = apr_pcalloc(pool, sizeof(*po));
(gdb) next
524 {
(gdb) next
525   svn_auth_provider_object_t *po = apr_pcalloc(pool, sizeof(*po));
(gdb) next
526   simple_provider_baton_t *pb = apr_pcalloc(pool, sizeof(*pb));
(gdb) next
525   svn_auth_provider_object_t *po = apr_pcalloc(pool, sizeof(*po));
(gdb) next
526   simple_provider_baton_t *pb = apr_pcalloc(pool, sizeof(*pb));
(gdb) next
530   pb->plaintext_answers = apr_hash_make(pool);
(gdb) next
526   simple_provider_baton_t *pb = apr_pcalloc(pool, sizeof(*pb));
(gdb) next
528   pb->plaintext_prompt_func = plaintext_prompt_func;
(gdb) next
529   pb->prompt_baton = prompt_baton;
(gdb) next
526   simple_provider_baton_t *pb = apr_pcalloc(pool, sizeof(*pb));
(gdb) next
530   pb->plaintext_answers = apr_hash_make(pool);
(gdb) next
532   po->vtable = &simple_provider;
(gdb) next
533   po->provider_baton = pb;
(gdb) next
532   po->vtable = &simple_provider;
(gdb) next
534   *provider = po;
(gdb) next
535 }
(gdb) next
svn_cmdline_create_auth_baton2 (ab=ab@entry=0x7fffffffc6b0, non_interactive=0, auth_username=0x0, auth_password=0x0, config_dir=0x0, no_auth_cache=0, trust_server_cert_unknown_ca=0, 
    trust_server_cert_cn_mismatch=0, trust_server_cert_expired=0, trust_server_cert_not_yet_valid=0, trust_server_cert_other_failure=0, cfg=cfg@entry=0x653958, cancel_func=0x41cc10 <svn_cl__check_cancel>, 
    cancel_baton=0x0, pool=pool@entry=0x652248) at subversion/libsvn_subr/cmdline.c:617
617   APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider;
(gdb) next
618   svn_auth_get_username_provider(&provider, pool);
(gdb) next
617   APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider;
(gdb) next
618   svn_auth_get_username_provider(&provider, pool);
(gdb) next
619   APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider;
(gdb) next
621   svn_auth_get_ssl_server_trust_file_provider(&provider, pool);
(gdb) next
619   APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider;
(gdb) next
621   svn_auth_get_ssl_server_trust_file_provider(&provider, pool);
(gdb) next
622   APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider;
(gdb) next
623   svn_auth_get_ssl_client_cert_file_provider(&provider, pool);
(gdb) next
622   APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider;
(gdb) next
623   svn_auth_get_ssl_client_cert_file_provider(&provider, pool);
(gdb) next
624   APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider;
(gdb) next
626   if (!non_interactive)
(gdb) next
631         (&provider, svn_cmdline_auth_plaintext_passphrase_prompt,
(gdb) next
624   APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider;
(gdb) next
626   if (!non_interactive)
(gdb) next
631         (&provider, svn_cmdline_auth_plaintext_passphrase_prompt,
(gdb) next
639   APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider;
(gdb) next
645       SVN_ERR(svn_config_get_bool(cfg, &ssl_client_cert_file_prompt,
(gdb) next
639   APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider;
(gdb) next
645       SVN_ERR(svn_config_get_bool(cfg, &ssl_client_cert_file_prompt,
(gdb) next
651       svn_auth_get_simple_prompt_provider(&provider,
(gdb) next
656       APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider;
(gdb) next
659         (&provider, svn_cmdline_auth_username_prompt, pb,
(gdb) next
656       APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider;
(gdb) next
659         (&provider, svn_cmdline_auth_username_prompt, pb,
(gdb) next
661       APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider;
(gdb) next
665         (&provider, svn_cmdline_auth_ssl_server_trust_prompt, pb, pool);
(gdb) next
661       APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider;
(gdb) next
665         (&provider, svn_cmdline_auth_ssl_server_trust_prompt, pb, pool);
(gdb) next
666       APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider;
(gdb) next
669         (&provider, svn_cmdline_auth_ssl_client_cert_pw_prompt, pb, 2, pool);
(gdb) next
666       APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider;
(gdb) next
669         (&provider, svn_cmdline_auth_ssl_client_cert_pw_prompt, pb, 2, pool);
(gdb) next
670       APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider;
(gdb) next
674       if (ssl_client_cert_file_prompt)
(gdb) next
701   svn_auth_open(ab, providers, pool);
(gdb) next
705   if (auth_username)
(gdb) next
708   if (auth_password)
(gdb) next
713   if (non_interactive)
(gdb) next
716   if (config_dir)
(gdb) next
724   SVN_ERR(svn_config_get_bool(cfg, &store_password_val,
(gdb) next
729   if (! store_password_val)
(gdb) next
736   SVN_ERR(svn_config_get_bool(cfg, &store_auth_creds_val,
(gdb) next
741   if (no_auth_cache || ! store_auth_creds_val)
(gdb) next
745   svn_auth_set_parameter(*ab, SVN_AUTH_PARAM_GNOME_KEYRING_UNLOCK_PROMPT_FUNC,
(gdb) next
749   return SVN_NO_ERROR;
(gdb) next
750 }
(gdb) next
sub_main (exit_code=exit_code@entry=0x7fffffffc984, argc=argc@entry=3, argv=argv@entry=0x7fffffffca88, pool=pool@entry=0x652248) at subversion/svn/svn.c:2982
2982      if (opt_state.non_interactive)
(gdb) next
2980      ctx->auth_baton = ab;
(gdb) next
2982      if (opt_state.non_interactive)
(gdb) next
3008      SVN_ERR(svn_config_get_bool(cfg_config, &interactive_conflicts,
(gdb) next
3012      if (!interactive_conflicts)
(gdb) next
3028        ctx->conflict_func = NULL;
(gdb) next
3031        ctx->conflict_func2 = svn_cl__conflict_func_interactive;
(gdb) next
3032        SVN_ERR(svn_cl__get_conflict_func_interactive_baton(
(gdb) next
3031        ctx->conflict_func2 = svn_cl__conflict_func_interactive;
(gdb) next
3028        ctx->conflict_func = NULL;
(gdb) next
3029        ctx->conflict_baton = NULL;
(gdb) next
3032        SVN_ERR(svn_cl__get_conflict_func_interactive_baton(
(gdb) next
3037        ctx->conflict_baton2 = b;
(gdb) next
3041      err = (*subcommand->cmd_func)(os, &command_baton, pool);
(gdb) next
3037        ctx->conflict_baton2 = b;
(gdb) next
3041      err = (*subcommand->cmd_func)(os, &command_baton, pool);
(gdb) next
^[[A3042      if (err)
(gdb) next
3041      err = (*subcommand->cmd_func)(os, &command_baton, pool);
(gdb) next
3042      if (err)
(gdb) next
3047              || err->apr_err == SVN_ERR_CL_ARG_PARSING_ERROR)
(gdb) next
3046          if (err->apr_err == SVN_ERR_CL_INSUFFICIENT_ARGS
(gdb) next
3053          if (err->apr_err == SVN_ERR_WC_UPGRADE_REQUIRED)
(gdb) next
3059          if (err->apr_err == SVN_ERR_AUTHN_FAILED && opt_state.non_interactive)
(gdb) next
3075          if (svn_error_find_cause(err, SVN_ERR_WC_LOCKED))
(gdb) next
3082          if (err->apr_err == SVN_ERR_SQLITE_BUSY)
(gdb) next
3094          if (svn_error_find_cause(err, SVN_ERR_RA_CANNOT_CREATE_TUNNEL) &&
(gdb) next
3108    }
(gdb) next
main (argc=<optimized out>, argv=0x7fffffffca88) at subversion/svn/svn.c:3130
3130      err = svn_error_compose_create(err, svn_cmdline_fflush(stdout));
(gdb) next
3132      if (err)
(gdb) next
3135          svn_cmdline_handle_exit_error(err, NULL, "svn: ");
(gdb) next
3134          exit_code = EXIT_FAILURE;
(gdb) next
3135          svn_cmdline_handle_exit_error(err, NULL, "svn: ");
(gdb) next
svn: E170013: Unable to connect to a repository at URL 'https://svnserver'
svn: E175009: The XML response contains invalid XML
svn: E130003: Malformed XML: no element found
3138      svn_pool_destroy(pool);