In the command-line client, forbid
[svn.git] / subversion / libsvn_subr / ssl_client_cert_providers.c
blob23647da97a47bf443b393bf54d2d8ed8803c9152
1 /*
2 * ssl_client_cert_providers.c: providers for
3 * SVN_AUTH_CRED_SSL_CLIENT_CERT
5 * ====================================================================
6 * Copyright (c) 2000-2004 CollabNet. All rights reserved.
8 * This software is licensed as described in the file COPYING, which
9 * you should have received as part of this distribution. The terms
10 * are also available at http://subversion.tigris.org/license-1.html.
11 * If newer versions of this license are posted there, you may use a
12 * newer version instead, at your option.
14 * This software consists of voluntary contributions made by many
15 * individuals. For exact contribution history, see the revision
16 * history and logs, available at http://subversion.tigris.org/.
17 * ====================================================================
20 /* ==================================================================== */
24 /*** Includes. ***/
26 #include <apr_pools.h>
27 #include "svn_auth.h"
28 #include "svn_error.h"
29 #include "svn_config.h"
32 /*-----------------------------------------------------------------------*/
33 /* File provider */
34 /*-----------------------------------------------------------------------*/
36 /* retrieve and load the ssl client certificate file from servers
37 config */
38 static svn_error_t *
39 ssl_client_cert_file_first_credentials(void **credentials_p,
40 void **iter_baton,
41 void *provider_baton,
42 apr_hash_t *parameters,
43 const char *realmstring,
44 apr_pool_t *pool)
46 svn_config_t *cfg = apr_hash_get(parameters,
47 SVN_AUTH_PARAM_CONFIG,
48 APR_HASH_KEY_STRING);
49 const char *server_group = apr_hash_get(parameters,
50 SVN_AUTH_PARAM_SERVER_GROUP,
51 APR_HASH_KEY_STRING);
52 const char *cert_file;
54 cert_file =
55 svn_config_get_server_setting(cfg, server_group,
56 SVN_CONFIG_OPTION_SSL_CLIENT_CERT_FILE,
57 NULL);
59 if (cert_file != NULL)
61 svn_auth_cred_ssl_client_cert_t *cred =
62 apr_palloc(pool, sizeof(*cred));
64 cred->cert_file = cert_file;
65 cred->may_save = FALSE;
66 *credentials_p = cred;
68 else
70 *credentials_p = NULL;
73 *iter_baton = NULL;
74 return SVN_NO_ERROR;
78 static const svn_auth_provider_t ssl_client_cert_file_provider =
80 SVN_AUTH_CRED_SSL_CLIENT_CERT,
81 ssl_client_cert_file_first_credentials,
82 NULL,
83 NULL
87 /*** Public API to SSL file providers. ***/
88 void svn_auth_get_ssl_client_cert_file_provider
89 (svn_auth_provider_object_t **provider, apr_pool_t *pool)
91 svn_auth_provider_object_t *po = apr_pcalloc(pool, sizeof(*po));
92 po->vtable = &ssl_client_cert_file_provider;
93 *provider = po;
97 /*-----------------------------------------------------------------------*/
98 /* Prompt provider */
99 /*-----------------------------------------------------------------------*/
101 /* Baton type for prompting to send client ssl creds.
102 There is no iteration baton type. */
103 typedef struct
105 svn_auth_ssl_client_cert_prompt_func_t prompt_func;
106 void *prompt_baton;
108 /* how many times to re-prompt after the first one fails */
109 int retry_limit;
110 } ssl_client_cert_prompt_provider_baton_t;
112 /* Iteration baton. */
113 typedef struct
115 /* The original provider baton */
116 ssl_client_cert_prompt_provider_baton_t *pb;
118 /* The original realmstring */
119 const char *realmstring;
121 /* how many times we've reprompted */
122 int retries;
123 } ssl_client_cert_prompt_iter_baton_t;
126 static svn_error_t *
127 ssl_client_cert_prompt_first_cred(void **credentials_p,
128 void **iter_baton,
129 void *provider_baton,
130 apr_hash_t *parameters,
131 const char *realmstring,
132 apr_pool_t *pool)
134 ssl_client_cert_prompt_provider_baton_t *pb = provider_baton;
135 ssl_client_cert_prompt_iter_baton_t *ib =
136 apr_pcalloc(pool, sizeof(*ib));
137 const char *no_auth_cache = apr_hash_get(parameters,
138 SVN_AUTH_PARAM_NO_AUTH_CACHE,
139 APR_HASH_KEY_STRING);
141 SVN_ERR(pb->prompt_func((svn_auth_cred_ssl_client_cert_t **) credentials_p,
142 pb->prompt_baton, realmstring, ! no_auth_cache,
143 pool));
145 ib->pb = pb;
146 ib->realmstring = apr_pstrdup(pool, realmstring);
147 ib->retries = 0;
148 *iter_baton = ib;
150 return SVN_NO_ERROR;
154 static svn_error_t *
155 ssl_client_cert_prompt_next_cred(void **credentials_p,
156 void *iter_baton,
157 void *provider_baton,
158 apr_hash_t *parameters,
159 const char *realmstring,
160 apr_pool_t *pool)
162 ssl_client_cert_prompt_iter_baton_t *ib = iter_baton;
163 const char *no_auth_cache = apr_hash_get(parameters,
164 SVN_AUTH_PARAM_NO_AUTH_CACHE,
165 APR_HASH_KEY_STRING);
167 if (ib->retries >= ib->pb->retry_limit)
169 /* give up, go on to next provider. */
170 *credentials_p = NULL;
171 return SVN_NO_ERROR;
173 ib->retries++;
175 SVN_ERR(ib->pb->prompt_func((svn_auth_cred_ssl_client_cert_t **)
176 credentials_p, ib->pb->prompt_baton,
177 ib->realmstring, ! no_auth_cache, pool));
179 return SVN_NO_ERROR;
183 static const svn_auth_provider_t ssl_client_cert_prompt_provider = {
184 SVN_AUTH_CRED_SSL_CLIENT_CERT,
185 ssl_client_cert_prompt_first_cred,
186 ssl_client_cert_prompt_next_cred,
187 NULL
191 /*** Public API to SSL prompting providers. ***/
192 void svn_auth_get_ssl_client_cert_prompt_provider
193 (svn_auth_provider_object_t **provider,
194 svn_auth_ssl_client_cert_prompt_func_t prompt_func,
195 void *prompt_baton,
196 int retry_limit,
197 apr_pool_t *pool)
199 svn_auth_provider_object_t *po = apr_pcalloc(pool, sizeof(*po));
200 ssl_client_cert_prompt_provider_baton_t *pb = apr_palloc(pool, sizeof(*pb));
202 pb->prompt_func = prompt_func;
203 pb->prompt_baton = prompt_baton;
204 pb->retry_limit = retry_limit;
206 po->vtable = &ssl_client_cert_prompt_provider;
207 po->provider_baton = pb;
208 *provider = po;