subversion/libsvn_subr/ssl_client_cert_providers.c

   1 /*
   2  * ssl_client_cert_providers.c: providers for
   3  * SVN_AUTH_CRED_SSL_CLIENT_CERT
   4  *
   5  * ====================================================================
   6  * Copyright (c) 2000-2004 CollabNet.  All rights reserved.
   7  *
   8  * This software is licensed as described in the file COPYING, which
   9  * you should have received as part of this distribution.  The terms
  10  * are also available at http://subversion.tigris.org/license-1.html.
  11  * If newer versions of this license are posted there, you may use a
  12  * newer version instead, at your option.
  13  *
  14  * This software consists of voluntary contributions made by many
  15  * individuals.  For exact contribution history, see the revision
  16  * history and logs, available at http://subversion.tigris.org/.
  17  * ====================================================================
  18  */
  19
  20 /* ==================================================================== */
  21
  22
  23 \f
  24 /*** Includes. ***/
  25
  26 #include <apr_pools.h>
  27 #include "svn_auth.h"
  28 #include "svn_error.h"
  29 #include "svn_config.h"
  30
  31 \f
  32 /*-----------------------------------------------------------------------*/
  33 /* File provider                                                         */
  34 /*-----------------------------------------------------------------------*/
  35
  36 /* retrieve and load the ssl client certificate file from servers
  37    config */
  38 static svn_error_t *
  39 ssl_client_cert_file_first_credentials(void **credentials_p,
  40                                        void **iter_baton,
  41                                        void *provider_baton,
  42                                        apr_hash_t *parameters,
  43                                        const char *realmstring,
  44                                        apr_pool_t *pool)
  45 {
  46   svn_config_t *cfg = apr_hash_get(parameters,
  47                                    SVN_AUTH_PARAM_CONFIG,
  48                                    APR_HASH_KEY_STRING);
  49   const char *server_group = apr_hash_get(parameters,
  50                                           SVN_AUTH_PARAM_SERVER_GROUP,
  51                                           APR_HASH_KEY_STRING);
  52   const char *cert_file;
  53
  54   cert_file =
  55     svn_config_get_server_setting(cfg, server_group,
  56                                   SVN_CONFIG_OPTION_SSL_CLIENT_CERT_FILE,
  57                                   NULL);
  58
  59   if (cert_file != NULL)
  60     {
  61       svn_auth_cred_ssl_client_cert_t *cred =
  62         apr_palloc(pool, sizeof(*cred));
  63
  64       cred->cert_file = cert_file;
  65       cred->may_save = FALSE;
  66       *credentials_p = cred;
  67     }
  68   else
  69     {
  70       *credentials_p = NULL;
  71     }
  72
  73   *iter_baton = NULL;
  74   return SVN_NO_ERROR;
  75 }
  76
  77
  78 static const svn_auth_provider_t ssl_client_cert_file_provider =
  79   {
  80     SVN_AUTH_CRED_SSL_CLIENT_CERT,
  81     ssl_client_cert_file_first_credentials,
  82     NULL,
  83     NULL
  84   };
  85
  86
  87 /*** Public API to SSL file providers. ***/
  88 void svn_auth_get_ssl_client_cert_file_provider
  89   (svn_auth_provider_object_t **provider, apr_pool_t *pool)
  90 {
  91   svn_auth_provider_object_t *po = apr_pcalloc(pool, sizeof(*po));
  92   po->vtable = &ssl_client_cert_file_provider;
  93   *provider = po;
  94 }
  95
  96 \f
  97 /*-----------------------------------------------------------------------*/
  98 /* Prompt provider                                                       */
  99 /*-----------------------------------------------------------------------*/
 100
 101 /* Baton type for prompting to send client ssl creds.
 102    There is no iteration baton type. */
 103 typedef struct
 104 {
 105   svn_auth_ssl_client_cert_prompt_func_t prompt_func;
 106   void *prompt_baton;
 107
 108   /* how many times to re-prompt after the first one fails */
 109   int retry_limit;
 110 } ssl_client_cert_prompt_provider_baton_t;
 111
 112 /* Iteration baton. */
 113 typedef struct
 114 {
 115   /* The original provider baton */
 116   ssl_client_cert_prompt_provider_baton_t *pb;
 117
 118   /* The original realmstring */
 119   const char *realmstring;
 120
 121   /* how many times we've reprompted */
 122   int retries;
 123 } ssl_client_cert_prompt_iter_baton_t;
 124
 125
 126 static svn_error_t *
 127 ssl_client_cert_prompt_first_cred(void **credentials_p,
 128                                   void **iter_baton,
 129                                   void *provider_baton,
 130                                   apr_hash_t *parameters,
 131                                   const char *realmstring,
 132                                   apr_pool_t *pool)
 133 {
 134   ssl_client_cert_prompt_provider_baton_t *pb = provider_baton;
 135   ssl_client_cert_prompt_iter_baton_t *ib =
 136     apr_pcalloc(pool, sizeof(*ib));
 137   const char *no_auth_cache = apr_hash_get(parameters,
 138                                            SVN_AUTH_PARAM_NO_AUTH_CACHE,
 139                                            APR_HASH_KEY_STRING);
 140
 141   SVN_ERR(pb->prompt_func((svn_auth_cred_ssl_client_cert_t **) credentials_p,
 142                           pb->prompt_baton, realmstring, ! no_auth_cache,
 143                           pool));
 144
 145   ib->pb = pb;
 146   ib->realmstring = apr_pstrdup(pool, realmstring);
 147   ib->retries = 0;
 148   *iter_baton = ib;
 149
 150   return SVN_NO_ERROR;
 151 }
 152
 153
 154 static svn_error_t *
 155 ssl_client_cert_prompt_next_cred(void **credentials_p,
 156                                  void *iter_baton,
 157                                  void *provider_baton,
 158                                  apr_hash_t *parameters,
 159                                  const char *realmstring,
 160                                  apr_pool_t *pool)
 161 {
 162   ssl_client_cert_prompt_iter_baton_t *ib = iter_baton;
 163   const char *no_auth_cache = apr_hash_get(parameters,
 164                                            SVN_AUTH_PARAM_NO_AUTH_CACHE,
 165                                            APR_HASH_KEY_STRING);
 166
 167   if (ib->retries >= ib->pb->retry_limit)
 168     {
 169       /* give up, go on to next provider. */
 170       *credentials_p = NULL;
 171       return SVN_NO_ERROR;
 172     }
 173   ib->retries++;
 174
 175   SVN_ERR(ib->pb->prompt_func((svn_auth_cred_ssl_client_cert_t **)
 176                               credentials_p, ib->pb->prompt_baton,
 177                               ib->realmstring, ! no_auth_cache, pool));
 178
 179   return SVN_NO_ERROR;
 180 }
 181
 182
 183 static const svn_auth_provider_t ssl_client_cert_prompt_provider = {
 184   SVN_AUTH_CRED_SSL_CLIENT_CERT,
 185   ssl_client_cert_prompt_first_cred,
 186   ssl_client_cert_prompt_next_cred,
 187   NULL
 188 };
 189
 190
 191 /*** Public API to SSL prompting providers. ***/
 192 void svn_auth_get_ssl_client_cert_prompt_provider
 193   (svn_auth_provider_object_t **provider,
 194    svn_auth_ssl_client_cert_prompt_func_t prompt_func,
 195    void *prompt_baton,
 196    int retry_limit,
 197    apr_pool_t *pool)
 198 {
 199   svn_auth_provider_object_t *po = apr_pcalloc(pool, sizeof(*po));
 200   ssl_client_cert_prompt_provider_baton_t *pb = apr_palloc(pool, sizeof(*pb));
 201
 202   pb->prompt_func = prompt_func;
 203   pb->prompt_baton = prompt_baton;
 204   pb->retry_limit = retry_limit;
 205
 206   po->vtable = &ssl_client_cert_prompt_provider;
 207   po->provider_baton = pb;
 208   *provider = po;
 209 }