| /** |
| * @copyright |
| * ==================================================================== |
| * Licensed to the Apache Software Foundation (ASF) under one |
| * or more contributor license agreements. See the NOTICE file |
| * distributed with this work for additional information |
| * regarding copyright ownership. The ASF licenses this file |
| * to you under the Apache License, Version 2.0 (the |
| * "License"); you may not use this file except in compliance |
| * with the License. You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, |
| * software distributed under the License is distributed on an |
| * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| * KIND, either express or implied. See the License for the |
| * specific language governing permissions and limitations |
| * under the License. |
| * ==================================================================== |
| * @endcopyright |
| * |
| * @file svn_auth.h |
| * @brief Subversion's authentication system |
| */ |
| |
| #ifndef SVN_AUTH_H |
| #define SVN_AUTH_H |
| |
| #include <apr.h> |
| #include <apr_pools.h> |
| #include <apr_hash.h> |
| #include <apr_tables.h> |
| |
| #include "svn_types.h" |
| #include "svn_config.h" |
| |
| #ifdef __cplusplus |
| extern "C" { |
| #endif /* __cplusplus */ |
| |
| /** Overview of the svn authentication system. |
| * |
| * We define an authentication "provider" as a module that is able to |
| * return a specific set of credentials. (e.g. username/password, |
| * certificate, etc.) Each provider implements a vtable that |
| * |
| * - can fetch initial credentials |
| * - can retry the fetch (or try to fetch something different) |
| * - can store the credentials for future use |
| * |
| * For any given type of credentials, there can exist any number of |
| * separate providers -- each provider has a different method of |
| * fetching. (i.e. from a disk store, by prompting the user, etc.) |
| * |
| * The application begins by creating an auth baton object, and |
| * "registers" some number of providers with the auth baton, in a |
| * specific order. (For example, it may first register a |
| * username/password provider that looks in disk store, then register |
| * a username/password provider that prompts the user.) |
| * |
| * Later on, when any svn library is challenged, it asks the auth |
| * baton for the specific credentials. If the initial credentials |
| * fail to authenticate, the caller keeps requesting new credentials. |
| * Under the hood, libsvn_auth effectively "walks" over each provider |
| * (in order of registry), one at a time, until all the providers have |
| * exhausted all their retry options. |
| * |
| * This system allows an application to flexibly define authentication |
| * behaviors (by changing registration order), and very easily write |
| * new authentication providers. |
| * |
| * An auth_baton also contains an internal hashtable of run-time |
| * parameters; any provider or library layer can set these run-time |
| * parameters at any time, so that the provider has access to the |
| * data. (For example, certain run-time data may not be available |
| * until an authentication challenge is made.) Each credential type |
| * must document the run-time parameters that are made available to |
| * its providers. |
| * |
| * @defgroup auth_fns Authentication functions |
| * @{ |
| */ |
| |
| |
| /** The type of a Subversion authentication object */ |
| typedef struct svn_auth_baton_t svn_auth_baton_t; |
| |
| /** The type of a Subversion authentication-iteration object */ |
| typedef struct svn_auth_iterstate_t svn_auth_iterstate_t; |
| |
| |
| /** The main authentication "provider" vtable. */ |
| typedef struct svn_auth_provider_t |
| { |
| /** The kind of credentials this provider knows how to retrieve. */ |
| const char *cred_kind; |
| |
| /** Get an initial set of credentials. |
| * |
| * Set @a *credentials to a set of valid credentials within @a |
| * realmstring, or NULL if no credentials are available. Set @a |
| * *iter_baton to context that allows a subsequent call to @c |
| * next_credentials, in case the first credentials fail to |
| * authenticate. @a provider_baton is general context for the |
| * vtable, @a parameters contains any run-time data that the |
| * provider may need, and @a realmstring comes from the |
| * svn_auth_first_credentials() call. |
| */ |
| svn_error_t * (*first_credentials)(void **credentials, |
| void **iter_baton, |
| void *provider_baton, |
| apr_hash_t *parameters, |
| const char *realmstring, |
| apr_pool_t *pool); |
| |
| /** Get a different set of credentials. |
| * |
| * Set @a *credentials to another set of valid credentials (using @a |
| * iter_baton as the context from previous call to first_credentials |
| * or next_credentials). If no more credentials are available, set |
| * @a *credentials to NULL. If the provider only has one set of |
| * credentials, this function pointer should simply be NULL. @a |
| * provider_baton is general context for the vtable, @a parameters |
| * contains any run-time data that the provider may need, and @a |
| * realmstring comes from the svn_auth_first_credentials() call. |
| */ |
| svn_error_t * (*next_credentials)(void **credentials, |
| void *iter_baton, |
| void *provider_baton, |
| apr_hash_t *parameters, |
| const char *realmstring, |
| apr_pool_t *pool); |
| |
| /** Save credentials. |
| * |
| * Store @a credentials for future use. @a provider_baton is |
| * general context for the vtable, and @a parameters contains any |
| * run-time data the provider may need. Set @a *saved to TRUE if |
| * the save happened, or FALSE if not. The provider is not required |
| * to save; if it refuses or is unable to save for non-fatal |
| * reasons, return FALSE. If the provider never saves data, then |
| * this function pointer should simply be NULL. @a realmstring comes |
| * from the svn_auth_first_credentials() call. |
| */ |
| svn_error_t * (*save_credentials)(svn_boolean_t *saved, |
| void *credentials, |
| void *provider_baton, |
| apr_hash_t *parameters, |
| const char *realmstring, |
| apr_pool_t *pool); |
| |
| } svn_auth_provider_t; |
| |
| |
| /** A provider object, ready to be put into an array and given to |
| svn_auth_open(). */ |
| typedef struct svn_auth_provider_object_t |
| { |
| const svn_auth_provider_t *vtable; |
| void *provider_baton; |
| |
| } svn_auth_provider_object_t; |
| |
| /** The type of function returning authentication provider. */ |
| typedef void (*svn_auth_simple_provider_func_t)( |
| svn_auth_provider_object_t **provider, |
| apr_pool_t *pool); |
| |
| |
| /** Specific types of credentials **/ |
| |
| /** Simple username/password pair credential kind. |
| * |
| * The following auth parameters are available to the providers: |
| * |
| * - @c SVN_AUTH_PARAM_CONFIG_CATEGORY_CONFIG (@c svn_config_t*) |
| * - @c SVN_AUTH_PARAM_CONFIG_CATEGORY_SERVERS (@c svn_config_t*) |
| * |
| * The following auth parameters may be available to the providers: |
| * |
| * - @c SVN_AUTH_PARAM_NO_AUTH_CACHE (@c void*) |
| * - @c SVN_AUTH_PARAM_DEFAULT_USERNAME (@c char*) |
| * - @c SVN_AUTH_PARAM_DEFAULT_PASSWORD (@c char*) |
| */ |
| #define SVN_AUTH_CRED_SIMPLE "svn.simple" |
| |
| /** @c SVN_AUTH_CRED_SIMPLE credentials. */ |
| typedef struct svn_auth_cred_simple_t |
| { |
| /** Username */ |
| const char *username; |
| /** Password */ |
| const char *password; |
| /** Indicates if the credentials may be saved (to disk). For example, a |
| * GUI prompt implementation with a remember password checkbox shall set |
| * @a may_save to TRUE if the checkbox is checked. |
| */ |
| svn_boolean_t may_save; |
| } svn_auth_cred_simple_t; |
| |
| |
| /** Username credential kind. |
| * |
| * The following optional auth parameters are relevant to the providers: |
| * |
| * - @c SVN_AUTH_PARAM_NO_AUTH_CACHE (@c void*) |
| * - @c SVN_AUTH_PARAM_DEFAULT_USERNAME (@c char*) |
| */ |
| #define SVN_AUTH_CRED_USERNAME "svn.username" |
| |
| /** @c SVN_AUTH_CRED_USERNAME credentials. */ |
| typedef struct svn_auth_cred_username_t |
| { |
| /** Username */ |
| const char *username; |
| /** Indicates if the credentials may be saved (to disk). For example, a |
| * GUI prompt implementation with a remember username checkbox shall set |
| * @a may_save to TRUE if the checkbox is checked. |
| */ |
| svn_boolean_t may_save; |
| } svn_auth_cred_username_t; |
| |
| |
| /** SSL client certificate credential type. |
| * |
| * The following auth parameters are available to the providers: |
| * |
| * - @c SVN_AUTH_PARAM_CONFIG_CATEGORY_SERVERS (@c svn_config_t*) |
| * - @c SVN_AUTH_PARAM_SERVER_GROUP (@c char*) |
| * |
| * The following optional auth parameters are relevant to the providers: |
| * |
| * - @c SVN_AUTH_PARAM_NO_AUTH_CACHE (@c void*) |
| */ |
| #define SVN_AUTH_CRED_SSL_CLIENT_CERT "svn.ssl.client-cert" |
| |
| /** @c SVN_AUTH_CRED_SSL_CLIENT_CERT credentials. */ |
| typedef struct svn_auth_cred_ssl_client_cert_t |
| { |
| /** Absolute path to the certificate file */ |
| const char *cert_file; |
| /** Indicates if the credentials may be saved (to disk). For example, a |
| * GUI prompt implementation with a remember certificate checkbox shall |
| * set @a may_save to TRUE if the checkbox is checked. |
| */ |
| svn_boolean_t may_save; |
| } svn_auth_cred_ssl_client_cert_t; |
| |
| |
| /** A function returning an SSL client certificate passphrase provider. */ |
| typedef void (*svn_auth_ssl_client_cert_pw_provider_func_t)( |
| svn_auth_provider_object_t **provider, |
| apr_pool_t *pool); |
| |
| /** SSL client certificate passphrase credential type. |
| * |
| * @note The realmstring used with this credential type must be a name that |
| * makes it possible for the user to identify the certificate. |
| * |
| * The following auth parameters are available to the providers: |
| * |
| * - @c SVN_AUTH_PARAM_CONFIG_CATEGORY_CONFIG (@c svn_config_t*) |
| * - @c SVN_AUTH_PARAM_CONFIG_CATEGORY_SERVERS (@c svn_config_t*) |
| * - @c SVN_AUTH_PARAM_SERVER_GROUP (@c char*) |
| * |
| * The following optional auth parameters are relevant to the providers: |
| * |
| * - @c SVN_AUTH_PARAM_NO_AUTH_CACHE (@c void*) |
| */ |
| #define SVN_AUTH_CRED_SSL_CLIENT_CERT_PW "svn.ssl.client-passphrase" |
| |
| /** @c SVN_AUTH_CRED_SSL_CLIENT_CERT_PW credentials. */ |
| typedef struct svn_auth_cred_ssl_client_cert_pw_t |
| { |
| /** Certificate password */ |
| const char *password; |
| /** Indicates if the credentials may be saved (to disk). For example, a |
| * GUI prompt implementation with a remember password checkbox shall set |
| * @a may_save to TRUE if the checkbox is checked. |
| */ |
| svn_boolean_t may_save; |
| } svn_auth_cred_ssl_client_cert_pw_t; |
| |
| |
| /** SSL server verification credential type. |
| * |
| * The following auth parameters are available to the providers: |
| * |
| * - @c SVN_AUTH_PARAM_CONFIG_CATEGORY_SERVERS (@c svn_config_t*) |
| * - @c SVN_AUTH_PARAM_SERVER_GROUP (@c char*) |
| * - @c SVN_AUTH_PARAM_SSL_SERVER_FAILURES (@c apr_uint32_t*) |
| * - @c SVN_AUTH_PARAM_SSL_SERVER_CERT_INFO |
| * (@c svn_auth_ssl_server_cert_info_t*) |
| * |
| * The following optional auth parameters are relevant to the providers: |
| * |
| * - @c SVN_AUTH_PARAM_NO_AUTH_CACHE (@c void*) |
| */ |
| #define SVN_AUTH_CRED_SSL_SERVER_TRUST "svn.ssl.server" |
| |
| /** SSL server certificate information used by @c |
| * SVN_AUTH_CRED_SSL_SERVER_TRUST providers. |
| */ |
| typedef struct svn_auth_ssl_server_cert_info_t |
| { |
| /** Primary CN */ |
| const char *hostname; |
| /** ASCII fingerprint */ |
| const char *fingerprint; |
| /** ASCII date from which the certificate is valid */ |
| const char *valid_from; |
| /** ASCII date until which the certificate is valid */ |
| const char *valid_until; |
| /** DN of the certificate issuer */ |
| const char *issuer_dname; |
| /** Base-64 encoded DER certificate representation */ |
| const char *ascii_cert; |
| } svn_auth_ssl_server_cert_info_t; |
| |
| /** |
| * Return a deep copy of @a info, allocated in @a pool. |
| * |
| * @since New in 1.3. |
| */ |
| svn_auth_ssl_server_cert_info_t * |
| svn_auth_ssl_server_cert_info_dup(const svn_auth_ssl_server_cert_info_t *info, |
| apr_pool_t *pool); |
| |
| /** @c SVN_AUTH_CRED_SSL_SERVER_TRUST credentials. */ |
| typedef struct svn_auth_cred_ssl_server_trust_t |
| { |
| /** Indicates if the credentials may be saved (to disk). For example, a |
| * GUI prompt implementation with a checkbox to accept the certificate |
| * permanently shall set @a may_save to TRUE if the checkbox is checked. |
| */ |
| svn_boolean_t may_save; |
| /** Bit mask of the accepted failures */ |
| apr_uint32_t accepted_failures; |
| } svn_auth_cred_ssl_server_trust_t; |
| |
| |
| |
| /** Credential-constructing prompt functions. **/ |
| |
| /** These exist so that different client applications can use |
| * different prompt mechanisms to supply the same credentials. For |
| * example, if authentication requires a username and password, a |
| * command-line client's prompting function might prompt first for the |
| * username and then for the password, whereas a GUI client's would |
| * present a single dialog box asking for both, and a telepathic |
| * client's would read all the information directly from the user's |
| * mind. All these prompting functions return the same type of |
| * credential, but the information used to construct the credential is |
| * gathered in an interface-specific way in each case. |
| */ |
| |
| /** Set @a *cred by prompting the user, allocating @a *cred in @a pool. |
| * @a baton is an implementation-specific closure. |
| * |
| * If @a realm is non-NULL, maybe use it in the prompt string. |
| * |
| * If @a username is non-NULL, then the user might be prompted only |
| * for a password, but @a *cred would still be filled with both |
| * username and password. For example, a typical usage would be to |
| * pass @a username on the first call, but then leave it NULL for |
| * subsequent calls, on the theory that if credentials failed, it's |
| * as likely to be due to incorrect username as incorrect password. |
| * |
| * If @a may_save is FALSE, the auth system does not allow the credentials |
| * to be saved (to disk). A prompt function shall not ask the user if the |
| * credentials shall be saved if @a may_save is FALSE. For example, a GUI |
| * client with a remember password checkbox would grey out the checkbox if |
| * @a may_save is FALSE. |
| */ |
| typedef svn_error_t *(*svn_auth_simple_prompt_func_t)( |
| svn_auth_cred_simple_t **cred, |
| void *baton, |
| const char *realm, |
| const char *username, |
| svn_boolean_t may_save, |
| apr_pool_t *pool); |
| |
| |
| /** Set @a *cred by prompting the user, allocating @a *cred in @a pool. |
| * @a baton is an implementation-specific closure. |
| * |
| * If @a realm is non-NULL, maybe use it in the prompt string. |
| * |
| * If @a may_save is FALSE, the auth system does not allow the credentials |
| * to be saved (to disk). A prompt function shall not ask the user if the |
| * credentials shall be saved if @a may_save is FALSE. For example, a GUI |
| * client with a remember username checkbox would grey out the checkbox if |
| * @a may_save is FALSE. |
| */ |
| typedef svn_error_t *(*svn_auth_username_prompt_func_t)( |
| svn_auth_cred_username_t **cred, |
| void *baton, |
| const char *realm, |
| svn_boolean_t may_save, |
| apr_pool_t *pool); |
| |
| |
| /** @name SSL server certificate failure bits |
| * |
| * @note These values are stored in the on disk auth cache by the SSL |
| * server certificate auth provider, so the meaning of these bits must |
| * not be changed. |
| * @{ |
| */ |
| /** Certificate is not yet valid. */ |
| #define SVN_AUTH_SSL_NOTYETVALID 0x00000001 |
| /** Certificate has expired. */ |
| #define SVN_AUTH_SSL_EXPIRED 0x00000002 |
| /** Certificate's CN (hostname) does not match the remote hostname. */ |
| #define SVN_AUTH_SSL_CNMISMATCH 0x00000004 |
| /** @brief Certificate authority is unknown (i.e. not trusted) */ |
| #define SVN_AUTH_SSL_UNKNOWNCA 0x00000008 |
| /** @brief Other failure. This can happen if an unknown failure occurs |
| * that we do not handle yet. */ |
| #define SVN_AUTH_SSL_OTHER 0x40000000 |
| /** @} */ |
| |
| /** Set @a *cred by prompting the user, allocating @a *cred in @a pool. |
| * @a baton is an implementation-specific closure. |
| * |
| * @a cert_info is a structure describing the server cert that was |
| * presented to the client, and @a failures is a bitmask that |
| * describes exactly why the cert could not be automatically validated, |
| * composed from the constants SVN_AUTH_SSL_* (@c SVN_AUTH_SSL_NOTYETVALID |
| * etc.). @a realm is a string that can be used in the prompt string. |
| * |
| * If @a may_save is FALSE, the auth system does not allow the credentials |
| * to be saved (to disk). A prompt function shall not ask the user if the |
| * credentials shall be saved if @a may_save is FALSE. For example, a GUI |
| * client with a trust permanently checkbox would grey out the checkbox if |
| * @a may_save is FALSE. |
| */ |
| typedef svn_error_t *(*svn_auth_ssl_server_trust_prompt_func_t)( |
| svn_auth_cred_ssl_server_trust_t **cred, |
| void *baton, |
| const char *realm, |
| apr_uint32_t failures, |
| const svn_auth_ssl_server_cert_info_t *cert_info, |
| svn_boolean_t may_save, |
| apr_pool_t *pool); |
| |
| |
| /** Set @a *cred by prompting the user, allocating @a *cred in @a pool. |
| * @a baton is an implementation-specific closure. @a realm is a string |
| * that can be used in the prompt string. |
| * |
| * If @a may_save is FALSE, the auth system does not allow the credentials |
| * to be saved (to disk). A prompt function shall not ask the user if the |
| * credentials shall be saved if @a may_save is FALSE. For example, a GUI |
| * client with a remember certificate checkbox would grey out the checkbox |
| * if @a may_save is FALSE. |
| */ |
| typedef svn_error_t *(*svn_auth_ssl_client_cert_prompt_func_t)( |
| svn_auth_cred_ssl_client_cert_t **cred, |
| void *baton, |
| const char *realm, |
| svn_boolean_t may_save, |
| apr_pool_t *pool); |
| |
| |
| /** Set @a *cred by prompting the user, allocating @a *cred in @a pool. |
| * @a baton is an implementation-specific closure. @a realm is a string |
| * identifying the certificate, and can be used in the prompt string. |
| * |
| * If @a may_save is FALSE, the auth system does not allow the credentials |
| * to be saved (to disk). A prompt function shall not ask the user if the |
| * credentials shall be saved if @a may_save is FALSE. For example, a GUI |
| * client with a remember password checkbox would grey out the checkbox if |
| * @a may_save is FALSE. |
| */ |
| typedef svn_error_t *(*svn_auth_ssl_client_cert_pw_prompt_func_t)( |
| svn_auth_cred_ssl_client_cert_pw_t **cred, |
| void *baton, |
| const char *realm, |
| svn_boolean_t may_save, |
| apr_pool_t *pool); |
| |
| /** A type of callback function for asking whether storing a password to |
| * disk in plaintext is allowed. |
| * |
| * In this callback, the client should ask the user whether storing |
| * a password for the realm identified by @a realmstring to disk |
| * in plaintext is allowed. |
| * |
| * The answer is returned in @a *may_save_plaintext. |
| * @a baton is an implementation-specific closure. |
| * All allocations should be done in @a pool. |
| * |
| * @since New in 1.6 |
| */ |
| typedef svn_error_t *(*svn_auth_plaintext_prompt_func_t)( |
| svn_boolean_t *may_save_plaintext, |
| const char *realmstring, |
| void *baton, |
| apr_pool_t *pool); |
| |
| /** A type of callback function for asking whether storing a passphrase to |
| * disk in plaintext is allowed. |
| * |
| * In this callback, the client should ask the user whether storing |
| * a passphrase for the realm identified by @a realmstring to disk |
| * in plaintext is allowed. |
| * |
| * The answer is returned in @a *may_save_plaintext. |
| * @a baton is an implementation-specific closure. |
| * All allocations should be done in @a pool. |
| * |
| * @since New in 1.6 |
| */ |
| typedef svn_error_t *(*svn_auth_plaintext_passphrase_prompt_func_t)( |
| svn_boolean_t *may_save_plaintext, |
| const char *realmstring, |
| void *baton, |
| apr_pool_t *pool); |
| |
| |
| /** Initialize an authentication system. |
| * |
| * Return an authentication object in @a *auth_baton (allocated in @a |
| * pool) that represents a particular instance of the svn |
| * authentication system. @a providers is an array of @c |
| * svn_auth_provider_object_t pointers, already allocated in @a pool |
| * and intentionally ordered. These pointers will be stored within @a |
| * *auth_baton, grouped by credential type, and searched in this exact |
| * order. |
| */ |
| void |
| svn_auth_open(svn_auth_baton_t **auth_baton, |
| const apr_array_header_t *providers, |
| apr_pool_t *pool); |
| |
| /** Set an authentication run-time parameter. |
| * |
| * Store @a name / @a value pair as a run-time parameter in @a |
| * auth_baton, making the data accessible to all providers. @a name |
| * and @a value will NOT be duplicated into the auth_baton's pool. |
| * To delete a run-time parameter, pass NULL for @a value. |
| */ |
| void |
| svn_auth_set_parameter(svn_auth_baton_t *auth_baton, |
| const char *name, |
| const void *value); |
| |
| /** Get an authentication run-time parameter. |
| * |
| * Return a value for run-time parameter @a name from @a auth_baton. |
| * Return NULL if the parameter doesn't exist. |
| */ |
| const void * |
| svn_auth_get_parameter(svn_auth_baton_t *auth_baton, |
| const char *name); |
| |
| /** Universal run-time parameters, made available to all providers. |
| |
| If you are writing a new provider, then to be a "good citizen", |
| you should notice these global parameters! Note that these |
| run-time params should be treated as read-only by providers; the |
| application is responsible for placing them into the auth_baton |
| hash. */ |
| |
| /** The auth-hash prefix indicating that the parameter is global. */ |
| #define SVN_AUTH_PARAM_PREFIX "svn:auth:" |
| |
| /** |
| * @name Default credentials defines |
| * Property values are const char *. |
| * @{ */ |
| /** Default username provided by the application itself (e.g. --username) */ |
| #define SVN_AUTH_PARAM_DEFAULT_USERNAME SVN_AUTH_PARAM_PREFIX "username" |
| /** Default password provided by the application itself (e.g. --password) */ |
| #define SVN_AUTH_PARAM_DEFAULT_PASSWORD SVN_AUTH_PARAM_PREFIX "password" |
| /** @} */ |
| |
| /** @brief The application doesn't want any providers to prompt |
| * users. Property value is irrelevant; only property's existence |
| * matters. */ |
| #define SVN_AUTH_PARAM_NON_INTERACTIVE SVN_AUTH_PARAM_PREFIX "non-interactive" |
| |
| /** @brief The application doesn't want any providers to save passwords |
| * to disk. Property value is irrelevant; only property's existence |
| * matters. */ |
| #define SVN_AUTH_PARAM_DONT_STORE_PASSWORDS SVN_AUTH_PARAM_PREFIX \ |
| "dont-store-passwords" |
| |
| /** @brief Indicates whether providers may save passwords to disk in |
| * plaintext. Property value can be either SVN_CONFIG_TRUE, |
| * SVN_CONFIG_FALSE, or SVN_CONFIG_ASK. |
| * @since New in 1.6. |
| */ |
| #define SVN_AUTH_PARAM_STORE_PLAINTEXT_PASSWORDS SVN_AUTH_PARAM_PREFIX \ |
| "store-plaintext-passwords" |
| |
| /** @brief The application doesn't want any providers to save passphrase |
| * to disk. Property value is irrelevant; only property's existence |
| * matters. |
| * @since New in 1.6. |
| */ |
| #define SVN_AUTH_PARAM_DONT_STORE_SSL_CLIENT_CERT_PP \ |
| SVN_AUTH_PARAM_PREFIX "dont-store-ssl-client-cert-pp" |
| |
| /** @brief Indicates whether providers may save passphrase to disk in |
| * plaintext. Property value can be either SVN_CONFIG_TRUE, |
| * SVN_CONFIG_FALSE, or SVN_CONFIG_ASK. |
| * @since New in 1.6. |
| */ |
| #define SVN_AUTH_PARAM_STORE_SSL_CLIENT_CERT_PP_PLAINTEXT \ |
| SVN_AUTH_PARAM_PREFIX "store-ssl-client-cert-pp-plaintext" |
| |
| /** @brief The application doesn't want any providers to save credentials |
| * to disk. Property value is irrelevant; only property's existence |
| * matters. */ |
| #define SVN_AUTH_PARAM_NO_AUTH_CACHE SVN_AUTH_PARAM_PREFIX "no-auth-cache" |
| |
| /** @brief The following property is for SSL server cert providers. This |
| * provides a pointer to an @c apr_uint32_t containing the failures |
| * detected by the certificate validator. */ |
| #define SVN_AUTH_PARAM_SSL_SERVER_FAILURES SVN_AUTH_PARAM_PREFIX \ |
| "ssl:failures" |
| |
| /** @brief The following property is for SSL server cert providers. This |
| * provides the cert info (svn_auth_ssl_server_cert_info_t). */ |
| #define SVN_AUTH_PARAM_SSL_SERVER_CERT_INFO SVN_AUTH_PARAM_PREFIX \ |
| "ssl:cert-info" |
| |
| /** This provides a pointer to a @c svn_config_t containing the config |
| * category. */ |
| #define SVN_AUTH_PARAM_CONFIG_CATEGORY_CONFIG SVN_AUTH_PARAM_PREFIX \ |
| "config-category-config" |
| |
| /** This provides a pointer to a @c svn_config_t containing the servers |
| * category. */ |
| #define SVN_AUTH_PARAM_CONFIG_CATEGORY_SERVERS SVN_AUTH_PARAM_PREFIX \ |
| "config-category-servers" |
| |
| /** @deprecated Provided for backward compatibility with the 1.5 API. */ |
| #define SVN_AUTH_PARAM_CONFIG SVN_AUTH_PARAM_CONFIG_CATEGORY_SERVERS |
| |
| /** The current server group. */ |
| #define SVN_AUTH_PARAM_SERVER_GROUP SVN_AUTH_PARAM_PREFIX "server-group" |
| |
| /** @brief A configuration directory that overrides the default |
| * ~/.subversion. */ |
| #define SVN_AUTH_PARAM_CONFIG_DIR SVN_AUTH_PARAM_PREFIX "config-dir" |
| |
| /** Get an initial set of credentials. |
| * |
| * Ask @a auth_baton to set @a *credentials to a set of credentials |
| * defined by @a cred_kind and valid within @a realmstring, or NULL if |
| * no credentials are available. Otherwise, return an iteration state |
| * in @a *state, so that the caller can call |
| * svn_auth_next_credentials(), in case the first set of credentials |
| * fails to authenticate. |
| * |
| * Use @a pool to allocate @a *state, and for temporary allocation. |
| * Note that @a *credentials will be allocated in @a auth_baton's pool. |
| */ |
| svn_error_t * |
| svn_auth_first_credentials(void **credentials, |
| svn_auth_iterstate_t **state, |
| const char *cred_kind, |
| const char *realmstring, |
| svn_auth_baton_t *auth_baton, |
| apr_pool_t *pool); |
| |
| /** Get another set of credentials, assuming previous ones failed to |
| * authenticate. |
| * |
| * Use @a state to fetch a different set of @a *credentials, as a |
| * follow-up to svn_auth_first_credentials() or |
| * svn_auth_next_credentials(). If no more credentials are available, |
| * set @a *credentials to NULL. |
| * |
| * Note that @a *credentials will be allocated in @c auth_baton's pool. |
| */ |
| svn_error_t * |
| svn_auth_next_credentials(void **credentials, |
| svn_auth_iterstate_t *state, |
| apr_pool_t *pool); |
| |
| /** Save a set of credentials. |
| * |
| * Ask @a state to store the most recently returned credentials, |
| * presumably because they successfully authenticated. |
| * All allocations should be done in @a pool. |
| * |
| * If no credentials were ever returned, do nothing. |
| */ |
| svn_error_t * |
| svn_auth_save_credentials(svn_auth_iterstate_t *state, |
| apr_pool_t *pool); |
| |
| /** Forget a set (or all) memory-cached credentials. |
| * |
| * Remove references (if any) in @a auth_baton to credentials cached |
| * therein. If @a cred_kind and @a realmstring are non-NULL, forget |
| * only the credentials associated with those credential types and |
| * realm. Otherwise @a cred_kind and @a realmstring must both be |
| * NULL, and this function will forget all credentials cached within |
| * @a auth_baton. |
| * |
| * @note This function does not affect persisted authentication |
| * credential storage at all. It is merely a way to cause Subversion |
| * to forget about credentials already fetched from a provider, |
| * forcing them to be fetched again later should they be required. |
| * |
| * @since New in 1.8. |
| */ |
| svn_error_t * |
| svn_auth_forget_credentials(svn_auth_baton_t *auth_baton, |
| const char *cred_kind, |
| const char *realmstring, |
| apr_pool_t *pool); |
| |
| /** @} */ |
| |
| /** Set @a *provider to an authentication provider of type |
| * svn_auth_cred_simple_t that gets information by prompting the user |
| * with @a prompt_func and @a prompt_baton. Allocate @a *provider in |
| * @a pool. |
| * |
| * If both @c SVN_AUTH_PARAM_DEFAULT_USERNAME and |
| * @c SVN_AUTH_PARAM_DEFAULT_PASSWORD are defined as runtime |
| * parameters in the @c auth_baton, then @a *provider will return the |
| * default arguments when svn_auth_first_credentials() is called. If |
| * svn_auth_first_credentials() fails, then @a *provider will |
| * re-prompt @a retry_limit times (via svn_auth_next_credentials()). |
| * For infinite retries, set @a retry_limit to value less than 0. |
| * |
| * @since New in 1.4. |
| */ |
| void |
| svn_auth_get_simple_prompt_provider(svn_auth_provider_object_t **provider, |
| svn_auth_simple_prompt_func_t prompt_func, |
| void *prompt_baton, |
| int retry_limit, |
| apr_pool_t *pool); |
| |
| |
| /** Set @a *provider to an authentication provider of type @c |
| * svn_auth_cred_username_t that gets information by prompting the |
| * user with @a prompt_func and @a prompt_baton. Allocate @a *provider |
| * in @a pool. |
| * |
| * If @c SVN_AUTH_PARAM_DEFAULT_USERNAME is defined as a runtime |
| * parameter in the @c auth_baton, then @a *provider will return the |
| * default argument when svn_auth_first_credentials() is called. If |
| * svn_auth_first_credentials() fails, then @a *provider will |
| * re-prompt @a retry_limit times (via svn_auth_next_credentials()). |
| * For infinite retries, set @a retry_limit to value less than 0. |
| * |
| * @since New in 1.4. |
| */ |
| void |
| svn_auth_get_username_prompt_provider( |
| svn_auth_provider_object_t **provider, |
| svn_auth_username_prompt_func_t prompt_func, |
| void *prompt_baton, |
| int retry_limit, |
| apr_pool_t *pool); |
| |
| |
| /** Set @a *provider to an authentication provider of type @c |
| * svn_auth_cred_simple_t that gets/sets information from the user's |
| * ~/.subversion configuration directory. |
| * |
| * If the provider is going to save the password unencrypted, it calls @a |
| * plaintext_prompt_func, passing @a prompt_baton, before saving the |
| * password. |
| * |
| * If @a plaintext_prompt_func is NULL it is not called and the answer is |
| * assumed to be TRUE. This matches the deprecated behaviour of storing |
| * unencrypted passwords by default, and is only done this way for backward |
| * compatibility reasons. |
| * Client developers are highly encouraged to provide this callback |
| * to ensure their users are made aware of the fact that their password |
| * is going to be stored unencrypted. In the future, providers may |
| * default to not storing the password unencrypted if this callback is NULL. |
| * |
| * Clients can however set the callback to NULL and set |
| * SVN_AUTH_PARAM_STORE_PLAINTEXT_PASSWORDS to SVN_CONFIG_FALSE or |
| * SVN_CONFIG_TRUE to enforce a certain behaviour. |
| * |
| * Allocate @a *provider in @a pool. |
| * |
| * If a default username or password is available, @a *provider will |
| * honor them as well, and return them when |
| * svn_auth_first_credentials() is called. (see @c |
| * SVN_AUTH_PARAM_DEFAULT_USERNAME and @c |
| * SVN_AUTH_PARAM_DEFAULT_PASSWORD). |
| * |
| * @since New in 1.6. |
| */ |
| void |
| svn_auth_get_simple_provider2( |
| svn_auth_provider_object_t **provider, |
| svn_auth_plaintext_prompt_func_t plaintext_prompt_func, |
| void *prompt_baton, |
| apr_pool_t *pool); |
| |
| /** Like svn_auth_get_simple_provider2, but without the ability to |
| * call the svn_auth_plaintext_prompt_func_t callback, and the provider |
| * always assumes that it is allowed to store the password in plaintext. |
| * |
| * @deprecated Provided for backwards compatibility with the 1.5 API. |
| * @since New in 1.4. |
| */ |
| SVN_DEPRECATED |
| void |
| svn_auth_get_simple_provider(svn_auth_provider_object_t **provider, |
| apr_pool_t *pool); |
| |
| /** Set @a *provider to an authentication provider of type @c |
| * svn_auth_provider_object_t, or return @c NULL if the provider is not |
| * available for the requested platform or the requested provider is unknown. |
| * |
| * Valid @a provider_name values are: "gnome_keyring", "keychain", "kwallet", |
| * "gpg_agent", and "windows". |
| * |
| * Valid @a provider_type values are: "simple", "ssl_client_cert_pw" and |
| * "ssl_server_trust". |
| * |
| * Allocate @a *provider in @a pool. |
| * |
| * What actually happens is we invoke the appropriate provider function to |
| * supply the @a provider, like so: |
| * |
| * svn_auth_get_<name>_<type>_provider(@a provider, @a pool); |
| * |
| * @since New in 1.6. |
| */ |
| svn_error_t * |
| svn_auth_get_platform_specific_provider( |
| svn_auth_provider_object_t **provider, |
| const char *provider_name, |
| const char *provider_type, |
| apr_pool_t *pool); |
| |
| /** Set @a *providers to an array of <tt>svn_auth_provider_object_t *</tt> |
| * objects. |
| * Only client authentication providers available for the current platform are |
| * returned. Order of the platform-specific authentication providers is |
| * determined by the 'password-stores' configuration option which is retrieved |
| * from @a config. @a config can be NULL. |
| * |
| * Create and allocate @a *providers in @a pool. |
| * |
| * Default order of the platform-specific authentication providers: |
| * 1. gnome-keyring |
| * 2. kwallet |
| * 3. keychain |
| * 4. gpg-agent |
| * 5. windows-cryptoapi |
| * |
| * @since New in 1.6. |
| */ |
| svn_error_t * |
| svn_auth_get_platform_specific_client_providers( |
| apr_array_header_t **providers, |
| svn_config_t *config, |
| apr_pool_t *pool); |
| |
| #if (defined(WIN32) && !defined(__MINGW32__)) || defined(DOXYGEN) |
| /** |
| * Set @a *provider to an authentication provider of type @c |
| * svn_auth_cred_simple_t that gets/sets information from the user's |
| * ~/.subversion configuration directory. Allocate @a *provider in |
| * @a pool. |
| * |
| * This is like svn_auth_get_simple_provider(), except that, when |
| * running on Window 2000 or newer (or any other Windows version that |
| * includes the CryptoAPI), the provider encrypts the password before |
| * storing it to disk. On earlier versions of Windows, the provider |
| * does nothing. |
| * |
| * @since New in 1.4. |
| * @note This function is only available on Windows. |
| * |
| * @note An administrative password reset may invalidate the account's |
| * secret key. This function will detect that situation and behave as |
| * if the password were not cached at all. |
| * @deprecated Provided for backwards compatibility with the 1.8 API. Use |
| * svn_auth_get_platform_specific_provider with provider_name of "windows" |
| * and provider_type of "simple". |
| */ |
| SVN_DEPRECATED |
| void |
| svn_auth_get_windows_simple_provider(svn_auth_provider_object_t **provider, |
| apr_pool_t *pool); |
| |
| /** |
| * Set @a *provider to an authentication provider of type @c |
| * svn_auth_cred_ssl_client_cert_pw_t that gets/sets information from the |
| * user's ~/.subversion configuration directory. Allocate @a *provider in |
| * @a pool. |
| * |
| * This is like svn_auth_get_ssl_client_cert_pw_file_provider(), except that |
| * when running on Window 2000 or newer, the provider encrypts the password |
| * before storing it to disk. On earlier versions of Windows, the provider |
| * does nothing. |
| * |
| * @since New in 1.6 |
| * @note This function is only available on Windows. |
| * |
| * @note An administrative password reset may invalidate the account's |
| * secret key. This function will detect that situation and behave as |
| * if the password were not cached at all. |
| * @deprecated Provided for backwards compatibility with the 1.8 API. |
| * Use svn_auth_get_platform_specific_provider with provider_name |
| * of "windows" and provider_type of "ssl_client_cert_pw". |
| */ |
| SVN_DEPRECATED |
| void |
| svn_auth_get_windows_ssl_client_cert_pw_provider( |
| svn_auth_provider_object_t **provider, |
| apr_pool_t *pool); |
| |
| /** |
| * Set @a *provider to an authentication provider of type @c |
| * svn_auth_cred_ssl_server_trust_t, allocated in @a pool. |
| * |
| * This provider automatically validates ssl server certificates with |
| * the CryptoApi, like Internet Explorer and the Windows network API do. |
| * This allows the rollout of root certificates via Windows Domain |
| * policies, instead of Subversion specific configuration. |
| * |
| * @since New in 1.5. |
| * @note This function is only available on Windows. |
| * @deprecated Provided for backwards compatibility with the 1.8 API. |
| * Use svn_auth_get_platform_specific_provider with provider_name |
| * of "windows" and provider_type of "ssl_server_trust". |
| */ |
| SVN_DEPRECATED |
| void |
| svn_auth_get_windows_ssl_server_trust_provider( |
| svn_auth_provider_object_t **provider, |
| apr_pool_t *pool); |
| |
| #endif /* WIN32 && !__MINGW32__ || DOXYGEN */ |
| |
| #if defined(DARWIN) || defined(DOXYGEN) |
| /** |
| * Set @a *provider to an authentication provider of type @c |
| * svn_auth_cred_simple_t that gets/sets information from the user's |
| * ~/.subversion configuration directory. Allocate @a *provider in |
| * @a pool. |
| * |
| * This is like svn_auth_get_simple_provider(), except that the |
| * password is stored in the Mac OS KeyChain. |
| * |
| * @since New in 1.4 |
| * @note This function is only available on Mac OS 10.2 and higher. |
| * @deprecated Provided for backwards compatibility with the 1.8 API. |
| * Use svn_auth_get_platform_specific_provider with provider_name |
| * of "keychain" and provider_type of "simple". |
| */ |
| SVN_DEPRECATED |
| void |
| svn_auth_get_keychain_simple_provider(svn_auth_provider_object_t **provider, |
| apr_pool_t *pool); |
| |
| /** |
| * Set @a *provider to an authentication provider of type @c |
| * svn_auth_cred_ssl_client_cert_pw_t that gets/sets information from the |
| * user's ~/.subversion configuration directory. Allocate @a *provider in |
| * @a pool. |
| * |
| * This is like svn_auth_get_ssl_client_cert_pw_file_provider(), except |
| * that the password is stored in the Mac OS KeyChain. |
| * |
| * @since New in 1.6 |
| * @note This function is only available on Mac OS 10.2 and higher. |
| * @deprecated Provided for backwards compatibility with the 1.8 API. |
| * Use svn_auth_get_platform_specific_provider with provider_name |
| * of "keychain" and provider_type of "ssl_client_cert_pw". |
| */ |
| SVN_DEPRECATED |
| void |
| svn_auth_get_keychain_ssl_client_cert_pw_provider( |
| svn_auth_provider_object_t **provider, |
| apr_pool_t *pool); |
| #endif /* DARWIN || DOXYGEN */ |
| |
| /* Note that the gnome keyring unlock prompt related items below must be |
| * declared for all platforms in order to allow SWIG interfaces to be |
| * used regardless of the platform. */ |
| |
| /** A type of callback function for obtaining the GNOME Keyring password. |
| * |
| * In this callback, the client should ask the user for default keyring |
| * @a keyring_name password. |
| * |
| * The answer is returned in @a *keyring_password. |
| * @a baton is an implementation-specific closure. |
| * All allocations should be done in @a pool. |
| * |
| * @since New in 1.6 |
| */ |
| typedef svn_error_t *(*svn_auth_gnome_keyring_unlock_prompt_func_t)( |
| char **keyring_password, |
| const char *keyring_name, |
| void *baton, |
| apr_pool_t *pool); |
| |
| |
| /** libsvn_auth_gnome_keyring-specific run-time parameters. */ |
| |
| /** @brief The pointer to function which prompts user for GNOME Keyring |
| * password. |
| * The type of this pointer should be svn_auth_gnome_keyring_unlock_prompt_func_t. |
| * @deprecated Only used by old libgnome-keyring implementation. */ |
| #define SVN_AUTH_PARAM_GNOME_KEYRING_UNLOCK_PROMPT_FUNC "gnome-keyring-unlock-prompt-func" |
| |
| /** @brief The baton which is passed to |
| * @c *SVN_AUTH_PARAM_GNOME_KEYRING_UNLOCK_PROMPT_FUNC. |
| * @deprecated Only used by old libgnome-keyring implementation. */ |
| #define SVN_AUTH_PARAM_GNOME_KEYRING_UNLOCK_PROMPT_BATON "gnome-keyring-unlock-prompt-baton" |
| |
| #if (!defined(DARWIN) && !defined(WIN32)) || defined(DOXYGEN) |
| /** |
| * Get libsvn_auth_gnome_keyring version information. |
| * |
| * @since New in 1.6 |
| */ |
| const svn_version_t * |
| svn_auth_gnome_keyring_version(void); |
| |
| |
| /** |
| * Set @a *provider to an authentication provider of type @c |
| * svn_auth_cred_simple_t that gets/sets information from the user's |
| * ~/.subversion configuration directory. |
| * |
| * This is like svn_client_get_simple_provider(), except that the |
| * password is stored in GNOME Keyring. |
| * |
| * If the GNOME Keyring is locked the old libgnome-keyring provider calls |
| * @c *SVN_AUTH_PARAM_GNOME_KEYRING_UNLOCK_PROMPT_FUNC in order to unlock |
| * the keyring. |
| * |
| * @c SVN_AUTH_PARAM_GNOME_KEYRING_UNLOCK_PROMPT_BATON is passed to |
| * @c *SVN_AUTH_PARAM_GNOME_KEYRING_UNLOCK_PROMPT_FUNC. |
| * |
| * Allocate @a *provider in @a pool. |
| * |
| * @since New in 1.6 |
| * @note This function actually works only on systems with |
| * libsvn_auth_gnome_keyring and GNOME Keyring installed. |
| * @deprecated Provided for backwards compatibility with the 1.8 API. |
| * Use svn_auth_get_platform_specific_provider with provider_name |
| * of "gnome_keyring" and provider_type of "simple". |
| */ |
| SVN_DEPRECATED |
| void |
| svn_auth_get_gnome_keyring_simple_provider( |
| svn_auth_provider_object_t **provider, |
| apr_pool_t *pool); |
| |
| |
| /** |
| * Set @a *provider to an authentication provider of type @c |
| * svn_auth_cred_ssl_client_cert_pw_t that gets/sets information from the |
| * user's ~/.subversion configuration directory. |
| * |
| * This is like svn_client_get_ssl_client_cert_pw_file_provider(), except |
| * that the password is stored in GNOME Keyring. |
| * |
| * If the GNOME Keyring is locked the provider calls |
| * @c *SVN_AUTH_PARAM_GNOME_KEYRING_UNLOCK_PROMPT_FUNC in order to unlock |
| * the keyring. |
| * |
| * @c SVN_AUTH_PARAM_GNOME_KEYRING_UNLOCK_PROMPT_BATON is passed to |
| * @c *SVN_AUTH_PARAM_GNOME_KEYRING_UNLOCK_PROMPT_FUNC. |
| * |
| * Allocate @a *provider in @a pool. |
| * |
| * @since New in 1.6 |
| * @note This function actually works only on systems with |
| * libsvn_auth_gnome_keyring and GNOME Keyring installed. |
| * @deprecated Provided for backwards compatibility with the 1.8 API. |
| * Use svn_auth_get_platform_specific_provider with provider_name |
| * of "gnome_keyring" and provider_type of "ssl_client_cert_pw". |
| */ |
| SVN_DEPRECATED |
| void |
| svn_auth_get_gnome_keyring_ssl_client_cert_pw_provider( |
| svn_auth_provider_object_t **provider, |
| apr_pool_t *pool); |
| |
| |
| /** |
| * Get libsvn_auth_kwallet version information. |
| * |
| * @since New in 1.6 |
| */ |
| const svn_version_t * |
| svn_auth_kwallet_version(void); |
| |
| |
| /** |
| * Set @a *provider to an authentication provider of type @c |
| * svn_auth_cred_simple_t that gets/sets information from the user's |
| * ~/.subversion configuration directory. Allocate @a *provider in |
| * @a pool. |
| * |
| * This is like svn_client_get_simple_provider(), except that the |
| * password is stored in KWallet. |
| * |
| * @since New in 1.6 |
| * @note This function actually works only on systems with libsvn_auth_kwallet |
| * and KWallet installed. |
| * @deprecated Provided for backwards compatibility with the 1.8 API. |
| * Use svn_auth_get_platform_specific_provider with provider_name |
| * of "kwallet" and provider_type of "simple". |
| */ |
| SVN_DEPRECATED |
| void |
| svn_auth_get_kwallet_simple_provider(svn_auth_provider_object_t **provider, |
| apr_pool_t *pool); |
| |
| |
| /** |
| * Set @a *provider to an authentication provider of type @c |
| * svn_auth_cred_ssl_client_cert_pw_t that gets/sets information from the |
| * user's ~/.subversion configuration directory. Allocate @a *provider in |
| * @a pool. |
| * |
| * This is like svn_client_get_ssl_client_cert_pw_file_provider(), except |
| * that the password is stored in KWallet. |
| * |
| * @since New in 1.6 |
| * @note This function actually works only on systems with libsvn_auth_kwallet |
| * and KWallet installed. |
| * @deprecated Provided for backwards compatibility with the 1.8 API. |
| * Use svn_auth_get_platform_specific_provider with provider_name |
| * of "kwallet" and provider_type of "ssl_client_cert_pw". |
| */ |
| SVN_DEPRECATED |
| void |
| svn_auth_get_kwallet_ssl_client_cert_pw_provider( |
| svn_auth_provider_object_t **provider, |
| apr_pool_t *pool); |
| #endif /* (!DARWIN && !WIN32) || DOXYGEN */ |
| |
| #if !defined(WIN32) || defined(DOXYGEN) |
| /** |
| * Set @a *provider to an authentication provider of type @c |
| * svn_auth_cred_simple_t that gets/sets information from the user's |
| * ~/.subversion configuration directory. |
| * |
| * This is like svn_client_get_simple_provider(), except that the |
| * password is obtained from gpg_agent, which will keep it in |
| * a memory cache. |
| * |
| * Allocate @a *provider in @a pool. |
| * |
| * @since New in 1.8 |
| * @note This function actually works only on systems with |
| * GNU Privacy Guard installed. |
| * @deprecated Provided for backwards compatibility with the 1.8 API. |
| * Use svn_auth_get_platform_specific_provider with provider_name |
| * of "gpg_agent" and provider_type of "simple". |
| */ |
| SVN_DEPRECATED |
| void |
| svn_auth_get_gpg_agent_simple_provider |
| (svn_auth_provider_object_t **provider, |
| apr_pool_t *pool); |
| #endif /* !defined(WIN32) || defined(DOXYGEN) */ |
| |
| |
| /** Set @a *provider to an authentication provider of type @c |
| * svn_auth_cred_username_t that gets/sets information from a user's |
| * ~/.subversion configuration directory. Allocate @a *provider in |
| * @a pool. |
| * |
| * If a default username is available, @a *provider will honor it, |
| * and return it when svn_auth_first_credentials() is called. (See |
| * @c SVN_AUTH_PARAM_DEFAULT_USERNAME.) |
| * |
| * @since New in 1.4. |
| */ |
| void |
| svn_auth_get_username_provider(svn_auth_provider_object_t **provider, |
| apr_pool_t *pool); |
| |
| |
| /** Set @a *provider to an authentication provider of type @c |
| * svn_auth_cred_ssl_server_trust_t, allocated in @a pool. |
| * |
| * @a *provider retrieves its credentials from the configuration |
| * mechanism. The returned credential is used to override SSL |
| * security on an error. |
| * |
| * @since New in 1.4. |
| */ |
| void |
| svn_auth_get_ssl_server_trust_file_provider( |
| svn_auth_provider_object_t **provider, |
| apr_pool_t *pool); |
| |
| /** Set @a *provider to an authentication provider of type @c |
| * svn_auth_cred_ssl_client_cert_t, allocated in @a pool. |
| * |
| * @a *provider retrieves its credentials from the configuration |
| * mechanism. The returned credential is used to load the appropriate |
| * client certificate for authentication when requested by a server. |
| * |
| * @since New in 1.4. |
| */ |
| void |
| svn_auth_get_ssl_client_cert_file_provider( |
| svn_auth_provider_object_t **provider, |
| apr_pool_t *pool); |
| |
| |
| /** Set @a *provider to an authentication provider of type @c |
| * svn_auth_cred_ssl_client_cert_pw_t that gets/sets information from the user's |
| * ~/.subversion configuration directory. |
| * |
| * If the provider is going to save the passphrase unencrypted, |
| * it calls @a plaintext_passphrase_prompt_func, passing @a |
| * prompt_baton, before saving the passphrase. |
| * |
| * If @a plaintext_passphrase_prompt_func is NULL it is not called |
| * and the passphrase is not stored in plaintext. |
| * Client developers are highly encouraged to provide this callback |
| * to ensure their users are made aware of the fact that their passphrase |
| * is going to be stored unencrypted. |
| * |
| * Clients can however set the callback to NULL and set |
| * SVN_AUTH_PARAM_STORE_SSL_CLIENT_CERT_PP_PLAINTEXT to SVN_CONFIG_FALSE or |
| * SVN_CONFIG_TRUE to enforce a certain behaviour. |
| * |
| * Allocate @a *provider in @a pool. |
| * |
| * @since New in 1.6. |
| */ |
| void |
| svn_auth_get_ssl_client_cert_pw_file_provider2( |
| svn_auth_provider_object_t **provider, |
| svn_auth_plaintext_passphrase_prompt_func_t plaintext_passphrase_prompt_func, |
| void *prompt_baton, |
| apr_pool_t *pool); |
| |
| /** Like svn_auth_get_ssl_client_cert_pw_file_provider2, but without |
| * the ability to call the svn_auth_plaintext_passphrase_prompt_func_t |
| * callback, and the provider always assumes that it is not allowed |
| * to store the passphrase in plaintext. |
| * |
| * @deprecated Provided for backwards compatibility with the 1.5 API. |
| * @since New in 1.4. |
| */ |
| SVN_DEPRECATED |
| void |
| svn_auth_get_ssl_client_cert_pw_file_provider( |
| svn_auth_provider_object_t **provider, |
| apr_pool_t *pool); |
| |
| |
| /** Set @a *provider to an authentication provider of type @c |
| * svn_auth_cred_ssl_server_trust_t, allocated in @a pool. |
| * |
| * @a *provider retrieves its credentials by using the @a prompt_func |
| * and @a prompt_baton. The returned credential is used to override |
| * SSL security on an error. |
| * |
| * @since New in 1.4. |
| */ |
| void |
| svn_auth_get_ssl_server_trust_prompt_provider( |
| svn_auth_provider_object_t **provider, |
| svn_auth_ssl_server_trust_prompt_func_t prompt_func, |
| void *prompt_baton, |
| apr_pool_t *pool); |
| |
| |
| /** Set @a *provider to an authentication provider of type @c |
| * svn_auth_cred_ssl_client_cert_t, allocated in @a pool. |
| * |
| * @a *provider retrieves its credentials by using the @a prompt_func |
| * and @a prompt_baton. The returned credential is used to load the |
| * appropriate client certificate for authentication when requested by |
| * a server. The prompt will be retried @a retry_limit times. For |
| * infinite retries, set @a retry_limit to value less than 0. |
| * |
| * @since New in 1.4. |
| */ |
| void |
| svn_auth_get_ssl_client_cert_prompt_provider( |
| svn_auth_provider_object_t **provider, |
| svn_auth_ssl_client_cert_prompt_func_t prompt_func, |
| void *prompt_baton, |
| int retry_limit, |
| apr_pool_t *pool); |
| |
| |
| /** Set @a *provider to an authentication provider of type @c |
| * svn_auth_cred_ssl_client_cert_pw_t, allocated in @a pool. |
| * |
| * @a *provider retrieves its credentials by using the @a prompt_func |
| * and @a prompt_baton. The returned credential is used when a loaded |
| * client certificate is protected by a passphrase. The prompt will |
| * be retried @a retry_limit times. For infinite retries, set |
| * @a retry_limit to value less than 0. |
| * |
| * @since New in 1.4. |
| */ |
| void |
| svn_auth_get_ssl_client_cert_pw_prompt_provider( |
| svn_auth_provider_object_t **provider, |
| svn_auth_ssl_client_cert_pw_prompt_func_t prompt_func, |
| void *prompt_baton, |
| int retry_limit, |
| apr_pool_t *pool); |
| |
| |
| #ifdef __cplusplus |
| } |
| #endif /* __cplusplus */ |
| |
| #endif /* SVN_AUTH_H */ |