views:

146

answers:

4

Is there a way to move a saved login/password for TortoiseSVN to a network repository from machine to machine? Just got a new machine, know my username but don't recall my login to the repository.

I know TortoiseSVN saves some auth info on the directories at %appdata%\Subversion\auth

Moved over the file I found at svn.simple; I see my user name in it in clear text but the password is encrypted. I also see "wincrypt" in the file so that's the crypto functionality invoked.

Ordinarily I'd just have the SVN admin reset it for me but he is out on vacation until next week as is the other admin for SVN.

I can dive into the source for TortoiseSVN and see how authentication is being accomplished but there's got to be an easier way. I can run Wireshark on the successful authentication from the old machines if that would be useful.

+2  A: 

According to the help file, TortoiseSVN stores credentials in sub-folders of %appdata%\Subversion\auth:

  • svn.simple contains credentials for basic authentication (username/password).
  • svn.ssl.server contains SSL server certificates.
  • svn.username contains credentials for username-only authentication (no password needed).

I guess you could just try and copy these folders the other machine.

M4N
Yes I tried that already and it didn't work. Also copied over the registry keys from 3 locations (2 HKCU + 1 HKLM); the whole %programfiles%\TortoiseSVN folder and the 2 %appdata% folders (Subversion and TortoiseSVN). Still prompting for a password.
dr3x
A: 

I would think you would want this not to be possible since it would mean anyone could copy over some files and be able to make changes using your SVN account. Perhaps it is best that this isn't possible and that things are more secure.

Instead, you should develop a better policy internally about password management so that you don't depend on certain people being around for this kind of thing (i.e. the bus factor).

Bernard
+1  A: 

The credentials are encrypted with the windows encryption APIs, using the data from the logged on user. This means the encryption is based on your Windows logon account, and therefore can't be copied to another machine, even if you set up a user with the same username and password there.

Stefan
Do you know what information is used to encrypt the credentials? DPAPICK didn't work using the master keys from the old machine; may be another encryption method.
dr3x
CryptProtectData(), see the svn source: http://svn.apache.org/repos/asf/subversion/trunk/subversion/libsvn_subr/win32_crypto.c
Stefan
+1  A: 

Solved! Turns out it was pretty simple to resolve.

Wireshark was the answer. Did a capture of the communication between my old machine and the repository host, launched the repo browser from TortoiseSVN. Then I ran "Follow TCP Stream" on the conversation, and found this line:

Authorization: Basic ZHIzeDppc0F3ZXNvbWU=

Here's the Powershell script to decode it:
$basic = "ZHIzeDppc0F3ZXNvbWU="
[System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String($basic))

Returns plain text: uname:pwd

dr3x