1251881Speter/*
2251881Speter * svn_server.h :  declarations for the svn server
3251881Speter *
4251881Speter * ====================================================================
5251881Speter *    Licensed to the Apache Software Foundation (ASF) under one
6251881Speter *    or more contributor license agreements.  See the NOTICE file
7251881Speter *    distributed with this work for additional information
8251881Speter *    regarding copyright ownership.  The ASF licenses this file
9251881Speter *    to you under the Apache License, Version 2.0 (the
10251881Speter *    "License"); you may not use this file except in compliance
11251881Speter *    with the License.  You may obtain a copy of the License at
12251881Speter *
13251881Speter *      http://www.apache.org/licenses/LICENSE-2.0
14251881Speter *
15251881Speter *    Unless required by applicable law or agreed to in writing,
16251881Speter *    software distributed under the License is distributed on an
17251881Speter *    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
18251881Speter *    KIND, either express or implied.  See the License for the
19251881Speter *    specific language governing permissions and limitations
20251881Speter *    under the License.
21251881Speter * ====================================================================
22251881Speter */
23251881Speter
24251881Speter
25251881Speter
26251881Speter#ifndef SERVER_H
27251881Speter#define SERVER_H
28251881Speter
29251881Speter#include <apr_network_io.h>
30251881Speter
31251881Speter#ifdef __cplusplus
32251881Speterextern "C" {
33251881Speter#endif /* __cplusplus */
34251881Speter
35251881Speter#include "svn_config.h"
36251881Speter#include "svn_repos.h"
37251881Speter#include "svn_ra_svn.h"
38251881Speter
39251881Speterenum username_case_type { CASE_FORCE_UPPER, CASE_FORCE_LOWER, CASE_ASIS };
40251881Speter
41251881Spetertypedef struct server_baton_t {
42251881Speter  svn_repos_t *repos;
43251881Speter  const char *repos_name;  /* URI-encoded name of repository (not for authz) */
44251881Speter  svn_fs_t *fs;            /* For convenience; same as svn_repos_fs(repos) */
45251881Speter  const char *base;        /* Base directory for config files */
46251881Speter  svn_config_t *cfg;       /* Parsed repository svnserve.conf */
47251881Speter  svn_config_t *pwdb;      /* Parsed password database */
48251881Speter  svn_authz_t *authzdb;    /* Parsed authz rules */
49251881Speter  const char *authz_repos_name; /* The name of the repository for authz */
50251881Speter  const char *realm;       /* Authentication realm */
51251881Speter  const char *repos_url;   /* URL to base of repository */
52251881Speter  svn_stringbuf_t *fs_path;/* Decoded base in-repos path (w/ leading slash) */
53251881Speter  apr_hash_t *fs_config;   /* Additional FS configuration parameters */
54251881Speter  const char *user;        /* Authenticated username of the user */
55251881Speter  enum username_case_type username_case; /* Case-normalize the username? */
56251881Speter  const char *authz_user;  /* Username for authz ('user' + 'username_case') */
57251881Speter  svn_boolean_t tunnel;    /* Tunneled through login agent */
58251881Speter  const char *tunnel_user; /* Allow EXTERNAL to authenticate as this */
59251881Speter  svn_boolean_t read_only; /* Disallow write access (global flag) */
60251881Speter  svn_boolean_t use_sasl;  /* Use Cyrus SASL for authentication;
61251881Speter                              always false if SVN_HAVE_SASL not defined */
62251881Speter  apr_file_t *log_file;    /* Log filehandle. */
63251881Speter  svn_boolean_t vhost;     /* Use virtual-host-based path to repo. */
64251881Speter  apr_pool_t *pool;
65251881Speter} server_baton_t;
66251881Speter
67251881Speterenum authn_type { UNAUTHENTICATED, AUTHENTICATED };
68251881Speterenum access_type { NO_ACCESS, READ_ACCESS, WRITE_ACCESS };
69251881Speter
70251881Speterenum access_type get_access(server_baton_t *b, enum authn_type auth);
71251881Speter
72251881Spetertypedef struct serve_params_t {
73251881Speter  /* The virtual root of the repositories to serve.  The client URL
74251881Speter     path is interpreted relative to this root and is not allowed to
75251881Speter     escape it. */
76251881Speter  const char *root;
77251881Speter
78251881Speter  /* True if the connection is tunneled over an ssh-like transport,
79251881Speter     such that the client may use EXTERNAL to authenticate as the
80251881Speter     current uid's username. */
81251881Speter  svn_boolean_t tunnel;
82251881Speter
83251881Speter  /* If tunnel is true, overrides the current uid's username as the
84251881Speter     identity EXTERNAL authenticates as. */
85251881Speter  const char *tunnel_user;
86251881Speter
87251881Speter  /* True if the read-only flag was specified on the command-line,
88251881Speter     which forces all connections to be read-only. */
89251881Speter  svn_boolean_t read_only;
90251881Speter
91251881Speter  /* The base directory for any relative configuration files. */
92251881Speter  const char *base;
93251881Speter
94251881Speter  /* A parsed repository svnserve configuration file, ala
95251881Speter     svnserve.conf.  If this is NULL, then no configuration file was
96251881Speter     specified on the command line.  If this is non-NULL, then
97251881Speter     per-repository svnserve.conf are not read. */
98251881Speter  svn_config_t *cfg;
99251881Speter
100251881Speter  /* A filehandle open for writing logs to; possibly NULL. */
101251881Speter  apr_file_t *log_file;
102251881Speter
103251881Speter  /* Username case normalization style. */
104251881Speter  enum username_case_type username_case;
105251881Speter
106251881Speter  /* Enable text delta caching for all FSFS repositories. */
107251881Speter  svn_boolean_t cache_txdeltas;
108251881Speter
109251881Speter  /* Enable full-text caching for all FSFS repositories. */
110251881Speter  svn_boolean_t cache_fulltexts;
111251881Speter
112251881Speter  /* Enable revprop caching for all FSFS repositories. */
113251881Speter  svn_boolean_t cache_revprops;
114251881Speter
115251881Speter  /* Size of the in-memory cache (used by FSFS only). */
116251881Speter  apr_uint64_t memory_cache_size;
117251881Speter
118251881Speter  /* Data compression level to reduce for network traffic. If this
119251881Speter     is 0, no compression should be applied and the protocol may
120251881Speter     fall back to svndiff "version 0" bypassing zlib entirely.
121251881Speter     Defaults to SVN_DELTA_COMPRESSION_LEVEL_DEFAULT. */
122251881Speter  int compression_level;
123251881Speter
124251881Speter  /* Item size up to which we use the zero-copy code path to transmit
125251881Speter     them over the network.  0 disables that code path. */
126251881Speter  apr_size_t zero_copy_limit;
127251881Speter
128251881Speter  /* Amount of data to send between checks for cancellation requests
129251881Speter     coming in from the client. */
130251881Speter  apr_size_t error_check_interval;
131251881Speter
132251881Speter  /* Use virtual-host-based path to repo. */
133251881Speter  svn_boolean_t vhost;
134251881Speter} serve_params_t;
135251881Speter
136251881Speter/* Serve the connection CONN according to the parameters PARAMS. */
137251881Spetersvn_error_t *serve(svn_ra_svn_conn_t *conn, serve_params_t *params,
138251881Speter                   apr_pool_t *pool);
139251881Speter
140251881Speter/* Load the password database for the listening server based on the
141251881Speter   entries in the SERVER struct.
142251881Speter
143251881Speter   SERVER and CONN must not be NULL. The real errors will be logged with
144251881Speter   SERVER and CONN but return generic errors to the client. */
145251881Spetersvn_error_t *load_pwdb_config(server_baton_t *server,
146251881Speter                              svn_ra_svn_conn_t *conn,
147251881Speter                              apr_pool_t *pool);
148251881Speter
149251881Speter/* Load the authz database for the listening server based on the
150251881Speter   entries in the SERVER struct.
151251881Speter
152251881Speter   SERVER and CONN must not be NULL. The real errors will be logged with
153251881Speter   SERVER and CONN but return generic errors to the client. */
154251881Spetersvn_error_t *load_authz_config(server_baton_t *server,
155251881Speter                               svn_ra_svn_conn_t *conn,
156251881Speter                               const char *repos_root,
157251881Speter                               apr_pool_t *pool);
158251881Speter
159251881Speter/* Initialize the Cyrus SASL library. POOL is used for allocations. */
160251881Spetersvn_error_t *cyrus_init(apr_pool_t *pool);
161251881Speter
162251881Speter/* Authenticate using Cyrus SASL. */
163251881Spetersvn_error_t *cyrus_auth_request(svn_ra_svn_conn_t *conn,
164251881Speter                                apr_pool_t *pool,
165251881Speter                                server_baton_t *b,
166251881Speter                                enum access_type required,
167251881Speter                                svn_boolean_t needs_username);
168251881Speter
169251881Speter/* Escape SOURCE into DEST where SOURCE is null-terminated and DEST is
170251881Speter   size BUFLEN DEST will be null-terminated.  Returns number of bytes
171251881Speter   written, including terminating null byte. */
172251881Speterapr_size_t escape_errorlog_item(char *dest, const char *source,
173251881Speter                                apr_size_t buflen);
174251881Speter
175251881Speter/* Log ERR to LOG_FILE if LOG_FILE is not NULL.  Include REMOTE_HOST,
176251881Speter   USER, and REPOS in the log if they are not NULL.  Allocate temporary
177251881Speter   char buffers in POOL (which caller can then clear or dispose of). */
178251881Spetervoid
179251881Speterlog_error(svn_error_t *err, apr_file_t *log_file, const char *remote_host,
180251881Speter          const char *user, const char *repos, apr_pool_t *pool);
181251881Speter
182251881Speter#ifdef __cplusplus
183251881Speter}
184251881Speter#endif /* __cplusplus */
185251881Speter
186251881Speter#endif  /* SERVER_H */
187