1251881Speter/** 2251881Speter * @copyright 3251881Speter * ==================================================================== 4251881Speter * Licensed to the Apache Software Foundation (ASF) under one 5251881Speter * or more contributor license agreements. See the NOTICE file 6251881Speter * distributed with this work for additional information 7251881Speter * regarding copyright ownership. The ASF licenses this file 8251881Speter * to you under the Apache License, Version 2.0 (the 9251881Speter * "License"); you may not use this file except in compliance 10251881Speter * with the License. You may obtain a copy of the License at 11251881Speter * 12251881Speter * http://www.apache.org/licenses/LICENSE-2.0 13251881Speter * 14251881Speter * Unless required by applicable law or agreed to in writing, 15251881Speter * software distributed under the License is distributed on an 16251881Speter * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 17251881Speter * KIND, either express or implied. See the License for the 18251881Speter * specific language governing permissions and limitations 19251881Speter * under the License. 20251881Speter * ==================================================================== 21251881Speter * @endcopyright 22251881Speter * 23251881Speter * @file svn_auth_private.h 24251881Speter * @brief Subversion's authentication system - Internal routines 25251881Speter */ 26251881Speter 27251881Speter#ifndef SVN_AUTH_PRIVATE_H 28251881Speter#define SVN_AUTH_PRIVATE_H 29251881Speter 30251881Speter#include <apr_pools.h> 31251881Speter#include <apr_hash.h> 32251881Speter 33251881Speter#include "svn_types.h" 34251881Speter#include "svn_error.h" 35251881Speter 36251881Speter#ifdef __cplusplus 37251881Speterextern "C" { 38251881Speter#endif /* __cplusplus */ 39251881Speter 40251881Speter/* If you add a password type for a provider which stores 41251881Speter * passwords on disk in encrypted form, remember to update 42251881Speter * svn_auth__simple_save_creds_helper. Otherwise it will be 43251881Speter * assumed that your provider stores passwords in plaintext. */ 44251881Speter#define SVN_AUTH__SIMPLE_PASSWORD_TYPE "simple" 45251881Speter#define SVN_AUTH__WINCRYPT_PASSWORD_TYPE "wincrypt" 46251881Speter#define SVN_AUTH__KEYCHAIN_PASSWORD_TYPE "keychain" 47251881Speter#define SVN_AUTH__KWALLET_PASSWORD_TYPE "kwallet" 48251881Speter#define SVN_AUTH__GNOME_KEYRING_PASSWORD_TYPE "gnome-keyring" 49251881Speter#define SVN_AUTH__GPG_AGENT_PASSWORD_TYPE "gpg-agent" 50251881Speter 51251881Speter/* A function that stores in *PASSWORD (potentially after decrypting it) 52251881Speter the user's password. It might be obtained directly from CREDS, or 53251881Speter from an external store, using REALMSTRING and USERNAME as keys. 54251881Speter (The behavior is undefined if REALMSTRING or USERNAME are NULL.) 55251881Speter If NON_INTERACTIVE is set, the user must not be involved in the 56251881Speter retrieval process. Set *DONE to TRUE if a password was stored 57251881Speter in *PASSWORD, to FALSE otherwise. POOL is used for any necessary 58251881Speter allocation. */ 59251881Spetertypedef svn_error_t * (*svn_auth__password_get_t) 60251881Speter (svn_boolean_t *done, 61251881Speter const char **password, 62251881Speter apr_hash_t *creds, 63251881Speter const char *realmstring, 64251881Speter const char *username, 65251881Speter apr_hash_t *parameters, 66251881Speter svn_boolean_t non_interactive, 67251881Speter apr_pool_t *pool); 68251881Speter 69251881Speter/* A function that stores PASSWORD (or some encrypted version thereof) 70251881Speter either directly in CREDS, or externally using REALMSTRING and USERNAME 71251881Speter as keys into the external store. If NON_INTERACTIVE is set, the user 72251881Speter must not be involved in the storage process. Set *DONE to TRUE if the 73251881Speter password was store, to FALSE otherwise. POOL is used for any necessary 74251881Speter allocation. */ 75251881Spetertypedef svn_error_t * (*svn_auth__password_set_t) 76251881Speter (svn_boolean_t *done, 77251881Speter apr_hash_t *creds, 78251881Speter const char *realmstring, 79251881Speter const char *username, 80251881Speter const char *password, 81251881Speter apr_hash_t *parameters, 82251881Speter svn_boolean_t non_interactive, 83251881Speter apr_pool_t *pool); 84251881Speter 85251881Speter/* Use PARAMETERS and REALMSTRING to set *CREDENTIALS to a set of 86251881Speter pre-cached authentication credentials pulled from the simple 87251881Speter credential cache store identified by PASSTYPE. PASSWORD_GET is 88251881Speter used to obtain the password value. Allocate *CREDENTIALS from 89251881Speter POOL. 90251881Speter 91251881Speter NOTE: This function is a common implementation of code used by 92251881Speter several of the simple credential providers (the default disk cache 93251881Speter mechanism, Windows CryptoAPI, GNOME Keyring, etc.), typically in 94251881Speter their "first_creds" implementation. */ 95251881Spetersvn_error_t * 96251881Spetersvn_auth__simple_creds_cache_get(void **credentials, 97251881Speter void **iter_baton, 98251881Speter void *provider_baton, 99251881Speter apr_hash_t *parameters, 100251881Speter const char *realmstring, 101251881Speter svn_auth__password_get_t password_get, 102251881Speter const char *passtype, 103251881Speter apr_pool_t *pool); 104251881Speter 105251881Speter/* Use PARAMETERS and REALMSTRING to save CREDENTIALS in the simple 106251881Speter credential cache store identified by PASSTYPE. PASSWORD_SET is 107251881Speter used to do the actual storage. Use POOL for necessary allocations. 108251881Speter Set *SAVED according to whether or not the credentials were 109251881Speter successfully stored. 110251881Speter 111251881Speter NOTE: This function is a common implementation of code used by 112251881Speter several of the simple credential providers (the default disk cache 113251881Speter mechanism, Windows CryptoAPI, GNOME Keyring, etc.) typically in 114251881Speter their "save_creds" implementation. */ 115251881Spetersvn_error_t * 116251881Spetersvn_auth__simple_creds_cache_set(svn_boolean_t *saved, 117251881Speter void *credentials, 118251881Speter void *provider_baton, 119251881Speter apr_hash_t *parameters, 120251881Speter const char *realmstring, 121251881Speter svn_auth__password_set_t password_set, 122251881Speter const char *passtype, 123251881Speter apr_pool_t *pool); 124251881Speter 125251881Speter/* Implementation of svn_auth__password_get_t that retrieves 126251881Speter the plaintext password from CREDS when USERNAME matches the stored 127251881Speter credentials. */ 128251881Spetersvn_error_t * 129251881Spetersvn_auth__simple_password_get(svn_boolean_t *done, 130251881Speter const char **password, 131251881Speter apr_hash_t *creds, 132251881Speter const char *realmstring, 133251881Speter const char *username, 134251881Speter apr_hash_t *parameters, 135251881Speter svn_boolean_t non_interactive, 136251881Speter apr_pool_t *pool); 137251881Speter 138251881Speter/* Implementation of svn_auth__password_set_t that stores 139251881Speter the plaintext password in CREDS. */ 140251881Spetersvn_error_t * 141251881Spetersvn_auth__simple_password_set(svn_boolean_t *done, 142251881Speter apr_hash_t *creds, 143251881Speter const char *realmstring, 144251881Speter const char *username, 145251881Speter const char *password, 146251881Speter apr_hash_t *parameters, 147251881Speter svn_boolean_t non_interactive, 148251881Speter apr_pool_t *pool); 149251881Speter 150251881Speter 151251881Speter/* Use PARAMETERS and REALMSTRING to set *CREDENTIALS to a set of 152251881Speter pre-cached authentication credentials pulled from the SSL client 153251881Speter certificate passphrase credential cache store identified by 154251881Speter PASSTYPE. PASSPHRASE_GET is used to obtain the passphrase value. 155251881Speter Allocate *CREDENTIALS from POOL. 156251881Speter 157251881Speter NOTE: This function is a common implementation of code used by 158251881Speter several of the ssl client passphrase credential providers (the 159251881Speter default disk cache mechanism, Windows CryptoAPI, GNOME Keyring, 160251881Speter etc.), typically in their "first_creds" implementation. */ 161251881Spetersvn_error_t * 162251881Spetersvn_auth__ssl_client_cert_pw_cache_get(void **credentials, 163251881Speter void **iter_baton, 164251881Speter void *provider_baton, 165251881Speter apr_hash_t *parameters, 166251881Speter const char *realmstring, 167251881Speter svn_auth__password_get_t passphrase_get, 168251881Speter const char *passtype, 169251881Speter apr_pool_t *pool); 170251881Speter 171251881Speter/* Use PARAMETERS and REALMSTRING to save CREDENTIALS in the SSL 172251881Speter client certificate passphrase credential cache store identified by 173251881Speter PASSTYPE. PASSPHRASE_SET is used to do the actual storage. Use 174251881Speter POOL for necessary allocations. Set *SAVED according to whether or 175251881Speter not the credentials were successfully stored. 176251881Speter 177251881Speter NOTE: This function is a common implementation of code used by 178251881Speter several of the simple credential providers (the default disk cache 179251881Speter mechanism, Windows CryptoAPI, GNOME Keyring, etc.) typically in 180251881Speter their "save_creds" implementation. */ 181251881Spetersvn_error_t * 182251881Spetersvn_auth__ssl_client_cert_pw_cache_set(svn_boolean_t *saved, 183251881Speter void *credentials, 184251881Speter void *provider_baton, 185251881Speter apr_hash_t *parameters, 186251881Speter const char *realmstring, 187251881Speter svn_auth__password_set_t passphrase_set, 188251881Speter const char *passtype, 189251881Speter apr_pool_t *pool); 190251881Speter 191251881Speter/* This implements the svn_auth__password_get_t interface. 192251881Speter Set **PASSPHRASE to the plaintext passphrase retrieved from CREDS; 193251881Speter ignore other parameters. */ 194251881Spetersvn_error_t * 195251881Spetersvn_auth__ssl_client_cert_pw_get(svn_boolean_t *done, 196251881Speter const char **passphrase, 197251881Speter apr_hash_t *creds, 198251881Speter const char *realmstring, 199251881Speter const char *username, 200251881Speter apr_hash_t *parameters, 201251881Speter svn_boolean_t non_interactive, 202251881Speter apr_pool_t *pool); 203251881Speter 204251881Speter/* This implements the svn_auth__password_set_t interface. 205251881Speter Store PASSPHRASE in CREDS; ignore other parameters. */ 206251881Spetersvn_error_t * 207251881Spetersvn_auth__ssl_client_cert_pw_set(svn_boolean_t *done, 208251881Speter apr_hash_t *creds, 209251881Speter const char *realmstring, 210251881Speter const char *username, 211251881Speter const char *passphrase, 212251881Speter apr_hash_t *parameters, 213251881Speter svn_boolean_t non_interactive, 214251881Speter apr_pool_t *pool); 215251881Speter 216251881Speter#ifdef __cplusplus 217251881Speter} 218251881Speter#endif /* __cplusplus */ 219251881Speter 220251881Speter#endif /* SVN_AUTH_PRIVATE_H */ 221