1251881Speter/**
2251881Speter * @copyright
3251881Speter * ====================================================================
4251881Speter *    Licensed to the Apache Software Foundation (ASF) under one
5251881Speter *    or more contributor license agreements.  See the NOTICE file
6251881Speter *    distributed with this work for additional information
7251881Speter *    regarding copyright ownership.  The ASF licenses this file
8251881Speter *    to you under the Apache License, Version 2.0 (the
9251881Speter *    "License"); you may not use this file except in compliance
10251881Speter *    with the License.  You may obtain a copy of the License at
11251881Speter *
12251881Speter *      http://www.apache.org/licenses/LICENSE-2.0
13251881Speter *
14251881Speter *    Unless required by applicable law or agreed to in writing,
15251881Speter *    software distributed under the License is distributed on an
16251881Speter *    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17251881Speter *    KIND, either express or implied.  See the License for the
18251881Speter *    specific language governing permissions and limitations
19251881Speter *    under the License.
20251881Speter * ====================================================================
21251881Speter * @endcopyright
22251881Speter *
23251881Speter * @file svn_auth_private.h
24251881Speter * @brief Subversion's authentication system - Internal routines
25251881Speter */
26251881Speter
27251881Speter#ifndef SVN_AUTH_PRIVATE_H
28251881Speter#define SVN_AUTH_PRIVATE_H
29251881Speter
30251881Speter#include <apr_pools.h>
31251881Speter#include <apr_hash.h>
32251881Speter
33251881Speter#include "svn_types.h"
34251881Speter#include "svn_error.h"
35251881Speter
36251881Speter#ifdef __cplusplus
37251881Speterextern "C" {
38251881Speter#endif /* __cplusplus */
39251881Speter
40251881Speter/* If you add a password type for a provider which stores
41251881Speter * passwords on disk in encrypted form, remember to update
42251881Speter * svn_auth__simple_save_creds_helper. Otherwise it will be
43251881Speter * assumed that your provider stores passwords in plaintext. */
44251881Speter#define SVN_AUTH__SIMPLE_PASSWORD_TYPE             "simple"
45251881Speter#define SVN_AUTH__WINCRYPT_PASSWORD_TYPE           "wincrypt"
46251881Speter#define SVN_AUTH__KEYCHAIN_PASSWORD_TYPE           "keychain"
47251881Speter#define SVN_AUTH__KWALLET_PASSWORD_TYPE            "kwallet"
48251881Speter#define SVN_AUTH__GNOME_KEYRING_PASSWORD_TYPE      "gnome-keyring"
49251881Speter#define SVN_AUTH__GPG_AGENT_PASSWORD_TYPE          "gpg-agent"
50251881Speter
51251881Speter/* A function that stores in *PASSWORD (potentially after decrypting it)
52251881Speter   the user's password.  It might be obtained directly from CREDS, or
53251881Speter   from an external store, using REALMSTRING and USERNAME as keys.
54251881Speter   (The behavior is undefined if REALMSTRING or USERNAME are NULL.)
55251881Speter   If NON_INTERACTIVE is set, the user must not be involved in the
56251881Speter   retrieval process.  Set *DONE to TRUE if a password was stored
57251881Speter   in *PASSWORD, to FALSE otherwise. POOL is used for any necessary
58251881Speter   allocation. */
59251881Spetertypedef svn_error_t * (*svn_auth__password_get_t)
60251881Speter  (svn_boolean_t *done,
61251881Speter   const char **password,
62251881Speter   apr_hash_t *creds,
63251881Speter   const char *realmstring,
64251881Speter   const char *username,
65251881Speter   apr_hash_t *parameters,
66251881Speter   svn_boolean_t non_interactive,
67251881Speter   apr_pool_t *pool);
68251881Speter
69251881Speter/* A function that stores PASSWORD (or some encrypted version thereof)
70251881Speter   either directly in CREDS, or externally using REALMSTRING and USERNAME
71251881Speter   as keys into the external store.  If NON_INTERACTIVE is set, the user
72251881Speter   must not be involved in the storage process. Set *DONE to TRUE if the
73251881Speter   password was store, to FALSE otherwise. POOL is used for any necessary
74251881Speter   allocation. */
75251881Spetertypedef svn_error_t * (*svn_auth__password_set_t)
76251881Speter  (svn_boolean_t *done,
77251881Speter   apr_hash_t *creds,
78251881Speter   const char *realmstring,
79251881Speter   const char *username,
80251881Speter   const char *password,
81251881Speter   apr_hash_t *parameters,
82251881Speter   svn_boolean_t non_interactive,
83251881Speter   apr_pool_t *pool);
84251881Speter
85251881Speter/* Use PARAMETERS and REALMSTRING to set *CREDENTIALS to a set of
86251881Speter   pre-cached authentication credentials pulled from the simple
87251881Speter   credential cache store identified by PASSTYPE.  PASSWORD_GET is
88251881Speter   used to obtain the password value.  Allocate *CREDENTIALS from
89251881Speter   POOL.
90251881Speter
91251881Speter   NOTE:  This function is a common implementation of code used by
92251881Speter   several of the simple credential providers (the default disk cache
93251881Speter   mechanism, Windows CryptoAPI, GNOME Keyring, etc.), typically in
94251881Speter   their "first_creds" implementation.  */
95251881Spetersvn_error_t *
96251881Spetersvn_auth__simple_creds_cache_get(void **credentials,
97251881Speter                                 void **iter_baton,
98251881Speter                                 void *provider_baton,
99251881Speter                                 apr_hash_t *parameters,
100251881Speter                                 const char *realmstring,
101251881Speter                                 svn_auth__password_get_t password_get,
102251881Speter                                 const char *passtype,
103251881Speter                                 apr_pool_t *pool);
104251881Speter
105251881Speter/* Use PARAMETERS and REALMSTRING to save CREDENTIALS in the simple
106251881Speter   credential cache store identified by PASSTYPE.  PASSWORD_SET is
107251881Speter   used to do the actual storage.  Use POOL for necessary allocations.
108251881Speter   Set *SAVED according to whether or not the credentials were
109251881Speter   successfully stored.
110251881Speter
111251881Speter   NOTE:  This function is a common implementation of code used by
112251881Speter   several of the simple credential providers (the default disk cache
113251881Speter   mechanism, Windows CryptoAPI, GNOME Keyring, etc.) typically in
114251881Speter   their "save_creds" implementation.  */
115251881Spetersvn_error_t *
116251881Spetersvn_auth__simple_creds_cache_set(svn_boolean_t *saved,
117251881Speter                                 void *credentials,
118251881Speter                                 void *provider_baton,
119251881Speter                                 apr_hash_t *parameters,
120251881Speter                                 const char *realmstring,
121251881Speter                                 svn_auth__password_set_t password_set,
122251881Speter                                 const char *passtype,
123251881Speter                                 apr_pool_t *pool);
124251881Speter
125251881Speter/* Implementation of svn_auth__password_get_t that retrieves
126251881Speter   the plaintext password from CREDS when USERNAME matches the stored
127251881Speter   credentials. */
128251881Spetersvn_error_t *
129251881Spetersvn_auth__simple_password_get(svn_boolean_t *done,
130251881Speter                              const char **password,
131251881Speter                              apr_hash_t *creds,
132251881Speter                              const char *realmstring,
133251881Speter                              const char *username,
134251881Speter                              apr_hash_t *parameters,
135251881Speter                              svn_boolean_t non_interactive,
136251881Speter                              apr_pool_t *pool);
137251881Speter
138251881Speter/* Implementation of svn_auth__password_set_t that stores
139251881Speter   the plaintext password in CREDS. */
140251881Spetersvn_error_t *
141251881Spetersvn_auth__simple_password_set(svn_boolean_t *done,
142251881Speter                              apr_hash_t *creds,
143251881Speter                              const char *realmstring,
144251881Speter                              const char *username,
145251881Speter                              const char *password,
146251881Speter                              apr_hash_t *parameters,
147251881Speter                              svn_boolean_t non_interactive,
148251881Speter                              apr_pool_t *pool);
149251881Speter
150251881Speter
151251881Speter/* Use PARAMETERS and REALMSTRING to set *CREDENTIALS to a set of
152251881Speter   pre-cached authentication credentials pulled from the SSL client
153251881Speter   certificate passphrase credential cache store identified by
154251881Speter   PASSTYPE.  PASSPHRASE_GET is used to obtain the passphrase value.
155251881Speter   Allocate *CREDENTIALS from POOL.
156251881Speter
157251881Speter   NOTE:  This function is a common implementation of code used by
158251881Speter   several of the ssl client passphrase credential providers (the
159251881Speter   default disk cache mechanism, Windows CryptoAPI, GNOME Keyring,
160251881Speter   etc.), typically in their "first_creds" implementation.  */
161251881Spetersvn_error_t *
162251881Spetersvn_auth__ssl_client_cert_pw_cache_get(void **credentials,
163251881Speter                                       void **iter_baton,
164251881Speter                                       void *provider_baton,
165251881Speter                                       apr_hash_t *parameters,
166251881Speter                                       const char *realmstring,
167251881Speter                                       svn_auth__password_get_t passphrase_get,
168251881Speter                                       const char *passtype,
169251881Speter                                       apr_pool_t *pool);
170251881Speter
171251881Speter/* Use PARAMETERS and REALMSTRING to save CREDENTIALS in the SSL
172251881Speter   client certificate passphrase credential cache store identified by
173251881Speter   PASSTYPE.  PASSPHRASE_SET is used to do the actual storage.  Use
174251881Speter   POOL for necessary allocations.  Set *SAVED according to whether or
175251881Speter   not the credentials were successfully stored.
176251881Speter
177251881Speter   NOTE:  This function is a common implementation of code used by
178251881Speter   several of the simple credential providers (the default disk cache
179251881Speter   mechanism, Windows CryptoAPI, GNOME Keyring, etc.) typically in
180251881Speter   their "save_creds" implementation.  */
181251881Spetersvn_error_t *
182251881Spetersvn_auth__ssl_client_cert_pw_cache_set(svn_boolean_t *saved,
183251881Speter                                       void *credentials,
184251881Speter                                       void *provider_baton,
185251881Speter                                       apr_hash_t *parameters,
186251881Speter                                       const char *realmstring,
187251881Speter                                       svn_auth__password_set_t passphrase_set,
188251881Speter                                       const char *passtype,
189251881Speter                                       apr_pool_t *pool);
190251881Speter
191251881Speter/* This implements the svn_auth__password_get_t interface.
192251881Speter   Set **PASSPHRASE to the plaintext passphrase retrieved from CREDS;
193251881Speter   ignore other parameters. */
194251881Spetersvn_error_t *
195251881Spetersvn_auth__ssl_client_cert_pw_get(svn_boolean_t *done,
196251881Speter                                 const char **passphrase,
197251881Speter                                 apr_hash_t *creds,
198251881Speter                                 const char *realmstring,
199251881Speter                                 const char *username,
200251881Speter                                 apr_hash_t *parameters,
201251881Speter                                 svn_boolean_t non_interactive,
202251881Speter                                 apr_pool_t *pool);
203251881Speter
204251881Speter/* This implements the svn_auth__password_set_t interface.
205251881Speter   Store PASSPHRASE in CREDS; ignore other parameters. */
206251881Spetersvn_error_t *
207251881Spetersvn_auth__ssl_client_cert_pw_set(svn_boolean_t *done,
208251881Speter                                 apr_hash_t *creds,
209251881Speter                                 const char *realmstring,
210251881Speter                                 const char *username,
211251881Speter                                 const char *passphrase,
212251881Speter                                 apr_hash_t *parameters,
213251881Speter                                 svn_boolean_t non_interactive,
214251881Speter                                 apr_pool_t *pool);
215251881Speter
216251881Speter#ifdef __cplusplus
217251881Speter}
218251881Speter#endif /* __cplusplus */
219251881Speter
220251881Speter#endif /* SVN_AUTH_PRIVATE_H */
221