subversion/libsvn_subr/ssl_client_cert_pw_providers.c

   1 /*
   2  * ssl_client_cert_pw_providers.c: providers for
   3  * SVN_AUTH_CRED_SSL_CLIENT_CERT_PW
   4  *
   5  * ====================================================================
   6  * Copyright (c) 2000-2004 CollabNet.  All rights reserved.
   7  *
   8  * This software is licensed as described in the file COPYING, which
   9  * you should have received as part of this distribution.  The terms
  10  * are also available at http://subversion.tigris.org/license-1.html.
  11  * If newer versions of this license are posted there, you may use a
  12  * newer version instead, at your option.
  13  *
  14  * This software consists of voluntary contributions made by many
  15  * individuals.  For exact contribution history, see the revision
  16  * history and logs, available at http://subversion.tigris.org/.
  17  * ====================================================================
  18  */
  19
  20 /* ==================================================================== */
  21
  22
  23 \f
  24 /*** Includes. ***/
  25
  26 #include <apr_pools.h>
  27 #include "svn_auth.h"
  28 #include "svn_error.h"
  29 #include "svn_config.h"
  30
  31 \f
  32 /*-----------------------------------------------------------------------*/
  33 /* File provider                                                         */
  34 /*-----------------------------------------------------------------------*/
  35
  36 /* retrieve and load a password for a client certificate from servers file */
  37 static svn_error_t *
  38 ssl_client_cert_pw_file_first_credentials(void **credentials_p,
  39                                           void **iter_baton,
  40                                           void *provider_baton,
  41                                           apr_hash_t *parameters,
  42                                           const char *realmstring,
  43                                           apr_pool_t *pool)
  44 {
  45   svn_config_t *cfg = apr_hash_get(parameters,
  46                                    SVN_AUTH_PARAM_CONFIG,
  47                                    APR_HASH_KEY_STRING);
  48   const char *server_group = apr_hash_get(parameters,
  49                                           SVN_AUTH_PARAM_SERVER_GROUP,
  50                                           APR_HASH_KEY_STRING);
  51
  52   const char *password =
  53     svn_config_get_server_setting(cfg, server_group,
  54                                   SVN_CONFIG_OPTION_SSL_CLIENT_CERT_PASSWORD,
  55                                   NULL);
  56   if (password)
  57     {
  58       svn_auth_cred_ssl_client_cert_pw_t *cred
  59         = apr_palloc(pool, sizeof(*cred));
  60       cred->password = password;
  61       cred->may_save = FALSE;
  62       *credentials_p = cred;
  63     }
  64   else *credentials_p = NULL;
  65   *iter_baton = NULL;
  66   return SVN_NO_ERROR;
  67 }
  68
  69
  70 static const svn_auth_provider_t ssl_client_cert_pw_file_provider = {
  71   SVN_AUTH_CRED_SSL_CLIENT_CERT_PW,
  72   ssl_client_cert_pw_file_first_credentials,
  73   NULL,
  74   NULL
  75 };
  76
  77
  78 /*** Public API to SSL file providers. ***/
  79 void svn_auth_get_ssl_client_cert_pw_file_provider
  80   (svn_auth_provider_object_t **provider, apr_pool_t *pool)
  81 {
  82   svn_auth_provider_object_t *po = apr_pcalloc(pool, sizeof(*po));
  83   po->vtable = &ssl_client_cert_pw_file_provider;
  84   *provider = po;
  85 }
  86
  87 \f
  88 /*-----------------------------------------------------------------------*/
  89 /* Prompt provider                                                       */
  90 /*-----------------------------------------------------------------------*/
  91
  92 /* Baton type for client passphrase prompting.
  93    There is no iteration baton type. */
  94 typedef struct
  95 {
  96   svn_auth_ssl_client_cert_pw_prompt_func_t prompt_func;
  97   void *prompt_baton;
  98
  99   /* how many times to re-prompt after the first one fails */
 100   int retry_limit;
 101 } ssl_client_cert_pw_prompt_provider_baton_t;
 102
 103 /* Iteration baton. */
 104 typedef struct
 105 {
 106   /* The original provider baton */
 107   ssl_client_cert_pw_prompt_provider_baton_t *pb;
 108
 109   /* The original realmstring */
 110   const char *realmstring;
 111
 112   /* how many times we've reprompted */
 113   int retries;
 114 } ssl_client_cert_pw_prompt_iter_baton_t;
 115
 116
 117 static svn_error_t *
 118 ssl_client_cert_pw_prompt_first_cred(void **credentials_p,
 119                                      void **iter_baton,
 120                                      void *provider_baton,
 121                                      apr_hash_t *parameters,
 122                                      const char *realmstring,
 123                                      apr_pool_t *pool)
 124 {
 125   ssl_client_cert_pw_prompt_provider_baton_t *pb = provider_baton;
 126   ssl_client_cert_pw_prompt_iter_baton_t *ib =
 127     apr_pcalloc(pool, sizeof(*ib));
 128   const char *no_auth_cache = apr_hash_get(parameters,
 129                                            SVN_AUTH_PARAM_NO_AUTH_CACHE,
 130                                            APR_HASH_KEY_STRING);
 131
 132   SVN_ERR(pb->prompt_func((svn_auth_cred_ssl_client_cert_pw_t **)
 133                           credentials_p, pb->prompt_baton, realmstring,
 134                           ! no_auth_cache, pool));
 135
 136   ib->pb = pb;
 137   ib->realmstring = apr_pstrdup(pool, realmstring);
 138   ib->retries = 0;
 139   *iter_baton = ib;
 140
 141   return SVN_NO_ERROR;
 142 }
 143
 144
 145 static svn_error_t *
 146 ssl_client_cert_pw_prompt_next_cred(void **credentials_p,
 147                                     void *iter_baton,
 148                                     void *provider_baton,
 149                                     apr_hash_t *parameters,
 150                                     const char *realmstring,
 151                                     apr_pool_t *pool)
 152 {
 153   ssl_client_cert_pw_prompt_iter_baton_t *ib = iter_baton;
 154   const char *no_auth_cache = apr_hash_get(parameters,
 155                                            SVN_AUTH_PARAM_NO_AUTH_CACHE,
 156                                            APR_HASH_KEY_STRING);
 157
 158   if (ib->retries >= ib->pb->retry_limit)
 159     {
 160       /* give up, go on to next provider. */
 161       *credentials_p = NULL;
 162       return SVN_NO_ERROR;
 163     }
 164   ib->retries++;
 165
 166   SVN_ERR(ib->pb->prompt_func((svn_auth_cred_ssl_client_cert_pw_t **)
 167                               credentials_p, ib->pb->prompt_baton,
 168                               ib->realmstring, ! no_auth_cache, pool));
 169
 170   return SVN_NO_ERROR;
 171 }
 172
 173
 174 static const svn_auth_provider_t client_cert_pw_prompt_provider = {
 175   SVN_AUTH_CRED_SSL_CLIENT_CERT_PW,
 176   ssl_client_cert_pw_prompt_first_cred,
 177   ssl_client_cert_pw_prompt_next_cred,
 178   NULL
 179 };
 180
 181
 182 void svn_auth_get_ssl_client_cert_pw_prompt_provider
 183   (svn_auth_provider_object_t **provider,
 184    svn_auth_ssl_client_cert_pw_prompt_func_t prompt_func,
 185    void *prompt_baton,
 186    int retry_limit,
 187    apr_pool_t *pool)
 188 {
 189   svn_auth_provider_object_t *po = apr_pcalloc(pool, sizeof(*po));
 190   ssl_client_cert_pw_prompt_provider_baton_t *pb =
 191     apr_palloc(pool, sizeof(*pb));
 192
 193   pb->prompt_func = prompt_func;
 194   pb->prompt_baton = prompt_baton;
 195   pb->retry_limit = retry_limit;
 196
 197   po->vtable = &client_cert_pw_prompt_provider;
 198   po->provider_baton = pb;
 199   *provider = po;
 200 }