| blob | f9cf829fe98d83cfd2e635e809f06fed2468c867 |
1 /*
2 * simple_providers.c: providers for SVN_AUTH_CRED_SIMPLE
3 *
4 * ====================================================================
5 * Copyright (c) 2000-2004 CollabNet. All rights reserved.
6 *
7 * This software is licensed as described in the file COPYING, which
8 * you should have received as part of this distribution. The terms
9 * are also available at http://subversion.tigris.org/license-1.html.
10 * If newer versions of this license are posted there, you may use a
11 * newer version instead, at your option.
12 *
13 * This software consists of voluntary contributions made by many
14 * individuals. For exact contribution history, see the revision
15 * history and logs, available at http://subversion.tigris.org/.
16 * ====================================================================
17 */
19 /* ==================================================================== */
22 \f
23 /*** Includes. ***/
25 #include <apr_pools.h>
33 \f
34 /*-----------------------------------------------------------------------*/
35 /* File provider */
36 /*-----------------------------------------------------------------------*/
38 /* The keys that will be stored on disk */
47 \f
48 /* A function that stores PASSWORD (or some encrypted version thereof)
49 either directly in CREDS, or externally using REALMSTRING and USERNAME
50 as keys into the external store. If NON_INTERACTIVE is set, the user
51 must not be involved in the storage process. POOL is used for any
52 necessary allocation. */
57 svn_boolean_t non_interactive,
60 /* A function that stores in *PASSWORD (potentially after decrypting it)
61 the user's password. It might be obtained directly from CREDS, or
62 from an external store, using REALMSTRING and USERNAME as keys.
63 If NON_INTERACTIVE is set, the user must not be involved in the
64 retrieval process. POOL is used for any necessary allocation. */
69 svn_boolean_t non_interactive,
74 /* Implementation of password_get_t that retrieves the plaintext password
75 from CREDS. */
76 static svn_boolean_t
81 svn_boolean_t non_interactive,
83 {
86 APR_HASH_KEY_STRING);
88 {
91 }
93 }
95 /* Implementation of password_set_t that store the plaintext password
96 in CREDS. */
97 static svn_boolean_t
102 svn_boolean_t non_interactive,
104 {
108 }
110 /* Common implementation for simple_first_creds and
111 windows_simple_first_creds. Uses PARAMETERS, REALMSTRING and the
112 simple auth provider's username and password cache to fill a set of
113 CREDENTIALS. PASSWORD_GET is used to obtain the password value.
114 PASSTYPE identifies the type of the cached password. CREDENTIALS are
115 allocated from POOL. */
122 password_get_t password_get,
125 {
127 SVN_AUTH_PARAM_CONFIG_DIR,
128 APR_HASH_KEY_STRING);
130 SVN_AUTH_PARAM_DEFAULT_USERNAME,
131 APR_HASH_KEY_STRING);
133 SVN_AUTH_PARAM_DEFAULT_PASSWORD,
134 APR_HASH_KEY_STRING);
136 SVN_AUTH_PARAM_NON_INTERACTIVE,
142 /* If we don't have a usename and a password yet, we try the auth cache */
144 {
147 /* Try to load credentials from a file on disk, based on the
148 realmstring. Don't throw an error, though: if something went
149 wrong reading the file, no big deal. What really matters is that
150 we failed to get the creds, so allow the auth system to try the
151 next provider. */
156 {
159 {
161 SVN_AUTH__AUTHFILE_USERNAME_KEY,
162 APR_HASH_KEY_STRING);
165 }
168 {
169 svn_boolean_t have_passtype;
170 /* The password type in the auth data must match the
171 mangler's type, otherwise the password must be
172 interpreted by another provider. */
174 SVN_AUTH__AUTHFILE_PASSTYPE_KEY,
175 APR_HASH_KEY_STRING);
180 else
181 {
186 /* If the auth data didn't contain a password type,
187 force a write to upgrade the format of the auth
188 data file. */
191 }
192 }
193 }
194 }
196 /* Ask the OS for the username if we have a password but no
197 username. */
202 {
208 }
209 else
215 }
218 /* Common implementation for simple_save_creds and
219 windows_simple_save_creds. Uses PARAMETERS and REALMSTRING to save
220 a set of CREDENTIALS to the simple auth provider's username and
221 password cache. PASSWORD_SET is used to store the password.
222 PASSTYPE identifies the type of the cached password. Allocates from POOL. */
229 password_set_t password_set,
232 {
237 svn_boolean_t dont_store_passwords =
239 SVN_AUTH_PARAM_DONT_STORE_PASSWORDS,
242 SVN_AUTH_PARAM_NON_INTERACTIVE,
244 svn_boolean_t no_auth_cache =
246 SVN_AUTH_PARAM_NO_AUTH_CACHE,
258 SVN_AUTH_PARAM_CONFIG_DIR,
259 APR_HASH_KEY_STRING);
261 /* Put the credentials in a hash and save it to disk */
264 /* Maybe cache the username. */
266 {
268 APR_HASH_KEY_STRING,
271 }
273 /* Maybe cache the password. */
275 {
279 {
280 /* Store the password type with the auth data, so that we
281 know which provider owns the password. */
283 {
285 APR_HASH_KEY_STRING,
287 }
288 }
289 else
291 }
293 /* If we cached anything, write it to disk. */
295 {
300 }
303 }
305 /* Get cached (unencrypted) credentials from the simple provider's cache. */
313 {
317 simple_password_get,
318 SVN_AUTH__SIMPLE_PASSWORD_TYPE,
319 pool);
320 }
322 /* Save (unencrypted) credentials to the simple provider's cache. */
330 {
333 simple_password_set,
334 SVN_AUTH__SIMPLE_PASSWORD_TYPE,
335 pool);
336 }
339 SVN_AUTH_CRED_SIMPLE,
340 simple_first_creds,
341 NULL,
342 simple_save_creds
343 };
346 /* Public API */
347 void
350 {
355 }
357 \f
358 /*-----------------------------------------------------------------------*/
359 /* Prompt provider */
360 /*-----------------------------------------------------------------------*/
362 /* Baton type for username/password prompting. */
364 {
365 svn_auth_simple_prompt_func_t prompt_func;
368 /* how many times to re-prompt after the first one fails */
373 /* Iteration baton type for username/password prompting. */
375 {
376 /* how many times we've reprompted */
381 \f
382 /*** Helper Functions ***/
388 svn_boolean_t first_time,
389 svn_boolean_t may_save,
391 {
396 /* If we're allowed to check for default usernames and passwords, do
397 so. */
399 {
401 SVN_AUTH_PARAM_DEFAULT_USERNAME,
402 APR_HASH_KEY_STRING);
404 /* No default username? Try the auth cache. */
406 {
408 SVN_AUTH_PARAM_CONFIG_DIR,
409 APR_HASH_KEY_STRING);
418 {
420 SVN_AUTH__AUTHFILE_USERNAME_KEY,
421 APR_HASH_KEY_STRING);
424 }
425 }
427 /* Still no default username? Try the UID. */
432 SVN_AUTH_PARAM_DEFAULT_PASSWORD,
433 APR_HASH_KEY_STRING);
434 }
436 /* If we have defaults, just build the cred here and return it.
437 *
438 * ### I do wonder why this is here instead of in a separate
439 * ### 'defaults' provider that would run before the prompt
440 * ### provider... Hmmm.
441 */
443 {
448 }
449 else
450 {
453 }
456 }
459 /* Our first attempt will use any default username/password passed
460 in, and prompt for the remaining stuff. */
468 {
472 SVN_AUTH_PARAM_NO_AUTH_CACHE,
473 APR_HASH_KEY_STRING);
483 }
486 /* Subsequent attempts to fetch will ignore the default values, and
487 simply re-prompt for both, up to a maximum of ib->pb->retry_limit. */
495 {
499 SVN_AUTH_PARAM_NO_AUTH_CACHE,
500 APR_HASH_KEY_STRING);
503 {
504 /* give up, go on to next provider. */
507 }
515 }
519 SVN_AUTH_CRED_SIMPLE,
520 simple_prompt_first_creds,
521 simple_prompt_next_creds,
522 NULL,
523 };
526 /* Public API */
527 void
528 svn_auth_get_simple_prompt_provider
530 svn_auth_simple_prompt_func_t prompt_func,
534 {
545 }
548 \f
549 /*-----------------------------------------------------------------------*/
550 /* Windows simple provider, encrypts the password on Win2k and later. */
551 /*-----------------------------------------------------------------------*/
553 #if defined(WIN32) && !defined(__MINGW32__)
554 #include <wincrypt.h>
555 #include <apr_base64.h>
557 /* The description string that's combined with unencrypted data by the
558 Windows CryptoAPI. Used during decryption to verify that the
559 encrypted data were valid. */
562 /* Dynamically load the address of function NAME in PDLL into
563 PFN. Return TRUE if the function name was found, otherwise
564 FALSE. Equivalent to dlsym(). */
565 static svn_boolean_t
567 {
568 /* In case anyone wonders why we use LoadLibraryA here: This will
569 always work on Win9x/Me, whilst LoadLibraryW may not. */
572 {
575 {
579 }
581 }
583 }
585 /* Implementation of password_set_t that encrypts the incoming
586 password using the Windows CryptoAPI. */
587 static svn_boolean_t
592 svn_boolean_t non_interactive,
594 {
604 HINSTANCE dll;
605 FARPROC fn;
606 encrypt_fn_t encrypt;
607 DATA_BLOB blobin;
608 DATA_BLOB blobout;
609 svn_boolean_t crypted;
620 {
626 }
630 }
632 /* Implementation of password_get_t that decrypts the incoming
633 password using the Windows CryptoAPI and verifies its validity. */
634 static svn_boolean_t
639 svn_boolean_t non_interactive,
641 {
651 HINSTANCE dll;
652 FARPROC fn;
653 DATA_BLOB blobin;
654 DATA_BLOB blobout;
655 LPWSTR descr;
656 decrypt_fn_t decrypt;
657 svn_boolean_t decrypted;
674 {
677 else
680 }
684 }
686 /* Get cached encrypted credentials from the simple provider's cache. */
694 {
698 windows_password_decrypter,
699 SVN_AUTH__WINCRYPT_PASSWORD_TYPE,
700 pool);
701 }
703 /* Save encrypted credentials to the simple provider's cache. */
711 {
714 windows_password_encrypter,
715 SVN_AUTH__WINCRYPT_PASSWORD_TYPE,
716 pool);
717 }
720 SVN_AUTH_CRED_SIMPLE,
721 windows_simple_first_creds,
722 NULL,
723 windows_simple_save_creds
724 };
727 /* Public API */
728 void
731 {
736 }
739 \f
740 /*-----------------------------------------------------------------------*/
741 /* keychain simple provider, puts passwords in the KeyChain */
742 /*-----------------------------------------------------------------------*/
744 #ifdef SVN_HAVE_KEYCHAIN_SERVICES
745 #include <Security/Security.h>
747 /*
748 * XXX (2005-12-07): If no GUI is available (e.g. over a SSH session),
749 * you won't be prompted for credentials with which to unlock your
750 * keychain. Apple recognizes lack of TTY prompting as a known
751 * problem.
752 *
753 *
754 * XXX (2005-12-07): SecKeychainSetUserInteractionAllowed(FALSE) does
755 * not appear to actually prevent all user interaction. Specifically,
756 * if the executable changes (for example, if it is rebuilt), the
757 * system prompts the user to okay the use of the new executable.
758 *
759 * Worse than that, the interactivity setting is global per app (not
760 * process/thread), meaning that there is a race condition in the
761 * implementation below between calls to
762 * SecKeychainSetUserInteractionAllowed() when multiple instances of
763 * the same Subversion auth provider-based app run concurrently.
764 */
766 /* Implementation of password_set_t that stores the password
767 in the OS X KeyChain. */
768 static svn_boolean_t
773 svn_boolean_t non_interactive,
775 {
776 OSStatus status;
777 SecKeychainItemRef item;
786 {
792 }
793 else
794 {
797 password);
799 }
805 }
807 /* Implementation of password_get_t that retrieves the password
808 from the OS X KeyChain. */
809 static svn_boolean_t
814 svn_boolean_t non_interactive,
816 {
817 OSStatus status;
818 UInt32 length;
837 }
839 /* Get cached encrypted credentials from the simple provider's cache. */
847 {
851 keychain_password_get,
852 SVN_AUTH__KEYCHAIN_PASSWORD_TYPE,
853 pool);
854 }
856 /* Save encrypted credentials to the simple provider's cache. */
864 {
867 keychain_password_set,
868 SVN_AUTH__KEYCHAIN_PASSWORD_TYPE,
869 pool);
870 }
873 SVN_AUTH_CRED_SIMPLE,
874 keychain_simple_first_creds,
875 NULL,
876 keychain_simple_save_creds
877 };
879 /* Public API */
880 void
883 {
888 }