2 * simple_auth.c : Simple SASL-based authentication, used in case
3 * Cyrus SASL isn't available.
5 * ====================================================================
6 * Copyright (c) 2006 CollabNet. All rights reserved.
8 * This software is licensed as described in the file COPYING, which
9 * you should have received as part of this distribution. The terms
10 * are also available at http://subversion.tigris.org/license-1.html.
11 * If newer versions of this license are posted there, you may use a
12 * newer version instead, at your option.
14 * This software consists of voluntary contributions made by many
15 * individuals. For exact contribution history, see the revision
16 * history and logs, available at http://subversion.tigris.org/.
17 * ====================================================================
20 #include "svn_private_config.h"
22 #define APR_WANT_STRFUNC
24 #include <apr_general.h>
25 #include <apr_strings.h>
27 #include "svn_types.h"
28 #include "svn_string.h"
29 #include "svn_error.h"
31 #include "svn_ra_svn.h"
35 static svn_boolean_t
find_mech(apr_array_header_t
*mechlist
, const char *mech
)
38 svn_ra_svn_item_t
*elt
;
40 for (i
= 0; i
< mechlist
->nelts
; i
++)
42 elt
= &APR_ARRAY_IDX(mechlist
, i
, svn_ra_svn_item_t
);
43 if (elt
->kind
== SVN_RA_SVN_WORD
&& strcmp(elt
->u
.word
, mech
) == 0)
49 /* Read the "success" response to ANONYMOUS or EXTERNAL authentication. */
50 static svn_error_t
*read_success(svn_ra_svn_conn_t
*conn
, apr_pool_t
*pool
)
52 const char *status
, *arg
;
54 SVN_ERR(svn_ra_svn_read_tuple(conn
, pool
, "w(?c)", &status
, &arg
));
55 if (strcmp(status
, "failure") == 0 && arg
)
56 return svn_error_createf(SVN_ERR_RA_NOT_AUTHORIZED
, NULL
,
57 _("Authentication error from server: %s"), arg
);
58 else if (strcmp(status
, "success") != 0 || arg
)
59 return svn_error_create(SVN_ERR_RA_NOT_AUTHORIZED
, NULL
,
60 _("Unexpected server response to authentication"));
65 svn_ra_svn__do_internal_auth(svn_ra_svn__session_baton_t
*sess
,
66 apr_array_header_t
*mechlist
,
67 const char *realm
, apr_pool_t
*pool
)
69 svn_ra_svn_conn_t
*conn
= sess
->conn
;
70 const char *realmstring
, *user
, *password
, *msg
;
71 svn_auth_iterstate_t
*iterstate
;
74 realmstring
= apr_psprintf(pool
, "%s %s", sess
->realm_prefix
, realm
);
76 if (sess
->is_tunneled
&& find_mech(mechlist
, "EXTERNAL"))
78 /* Ask the server to use the tunnel connection environment (on
79 * Unix, that means uid) to determine the authentication name. */
80 SVN_ERR(svn_ra_svn__auth_response(conn
, pool
, "EXTERNAL", ""));
81 return read_success(conn
, pool
);
83 else if (find_mech(mechlist
, "ANONYMOUS"))
85 SVN_ERR(svn_ra_svn__auth_response(conn
, pool
, "ANONYMOUS", ""));
86 return read_success(conn
, pool
);
88 else if (find_mech(mechlist
, "CRAM-MD5"))
90 SVN_ERR(svn_auth_first_credentials(&creds
, &iterstate
,
91 SVN_AUTH_CRED_SIMPLE
, realmstring
,
92 sess
->callbacks
->auth_baton
, pool
));
94 return svn_error_create(SVN_ERR_RA_NOT_AUTHORIZED
, NULL
,
95 _("Can't get password"));
98 user
= ((svn_auth_cred_simple_t
*) creds
)->username
;
99 password
= ((svn_auth_cred_simple_t
*) creds
)->password
;
100 SVN_ERR(svn_ra_svn__auth_response(conn
, pool
, "CRAM-MD5", NULL
));
101 SVN_ERR(svn_ra_svn__cram_client(conn
, pool
, user
, password
, &msg
));
104 SVN_ERR(svn_auth_next_credentials(&creds
, iterstate
, pool
));
107 return svn_error_createf(SVN_ERR_RA_NOT_AUTHORIZED
, NULL
,
108 _("Authentication error from server: %s"),
110 SVN_ERR(svn_auth_save_credentials(iterstate
, pool
));
114 return svn_error_create(SVN_ERR_RA_SVN_NO_MECHANISMS
, NULL
, NULL
);
