1/* 2 * svn_server.h : declarations for the svn server 3 * 4 * ==================================================================== 5 * Licensed to the Apache Software Foundation (ASF) under one 6 * or more contributor license agreements. See the NOTICE file 7 * distributed with this work for additional information 8 * regarding copyright ownership. The ASF licenses this file 9 * to you under the Apache License, Version 2.0 (the 10 * "License"); you may not use this file except in compliance 11 * with the License. You may obtain a copy of the License at 12 * 13 * http://www.apache.org/licenses/LICENSE-2.0 14 * 15 * Unless required by applicable law or agreed to in writing, 16 * software distributed under the License is distributed on an 17 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 18 * KIND, either express or implied. See the License for the 19 * specific language governing permissions and limitations 20 * under the License. 21 * ==================================================================== 22 */ 23 24 25 26#ifndef SERVER_H 27#define SERVER_H 28 29#include <apr_network_io.h> 30 31#ifdef __cplusplus 32extern "C" { 33#endif /* __cplusplus */ 34 35#include "svn_config.h" 36#include "svn_repos.h" 37#include "svn_ra_svn.h" 38 39enum username_case_type { CASE_FORCE_UPPER, CASE_FORCE_LOWER, CASE_ASIS }; 40 41typedef struct server_baton_t { 42 svn_repos_t *repos; 43 const char *repos_name; /* URI-encoded name of repository (not for authz) */ 44 svn_fs_t *fs; /* For convenience; same as svn_repos_fs(repos) */ 45 const char *base; /* Base directory for config files */ 46 svn_config_t *cfg; /* Parsed repository svnserve.conf */ 47 svn_config_t *pwdb; /* Parsed password database */ 48 svn_authz_t *authzdb; /* Parsed authz rules */ 49 const char *authz_repos_name; /* The name of the repository for authz */ 50 const char *realm; /* Authentication realm */ 51 const char *repos_url; /* URL to base of repository */ 52 svn_stringbuf_t *fs_path;/* Decoded base in-repos path (w/ leading slash) */ 53 apr_hash_t *fs_config; /* Additional FS configuration parameters */ 54 const char *user; /* Authenticated username of the user */ 55 enum username_case_type username_case; /* Case-normalize the username? */ 56 const char *authz_user; /* Username for authz ('user' + 'username_case') */ 57 svn_boolean_t tunnel; /* Tunneled through login agent */ 58 const char *tunnel_user; /* Allow EXTERNAL to authenticate as this */ 59 svn_boolean_t read_only; /* Disallow write access (global flag) */ 60 svn_boolean_t use_sasl; /* Use Cyrus SASL for authentication; 61 always false if SVN_HAVE_SASL not defined */ 62 apr_file_t *log_file; /* Log filehandle. */ 63 svn_boolean_t vhost; /* Use virtual-host-based path to repo. */ 64 apr_pool_t *pool; 65} server_baton_t; 66 67enum authn_type { UNAUTHENTICATED, AUTHENTICATED }; 68enum access_type { NO_ACCESS, READ_ACCESS, WRITE_ACCESS }; 69 70enum access_type get_access(server_baton_t *b, enum authn_type auth); 71 72typedef struct serve_params_t { 73 /* The virtual root of the repositories to serve. The client URL 74 path is interpreted relative to this root and is not allowed to 75 escape it. */ 76 const char *root; 77 78 /* True if the connection is tunneled over an ssh-like transport, 79 such that the client may use EXTERNAL to authenticate as the 80 current uid's username. */ 81 svn_boolean_t tunnel; 82 83 /* If tunnel is true, overrides the current uid's username as the 84 identity EXTERNAL authenticates as. */ 85 const char *tunnel_user; 86 87 /* True if the read-only flag was specified on the command-line, 88 which forces all connections to be read-only. */ 89 svn_boolean_t read_only; 90 91 /* The base directory for any relative configuration files. */ 92 const char *base; 93 94 /* A parsed repository svnserve configuration file, ala 95 svnserve.conf. If this is NULL, then no configuration file was 96 specified on the command line. If this is non-NULL, then 97 per-repository svnserve.conf are not read. */ 98 svn_config_t *cfg; 99 100 /* A filehandle open for writing logs to; possibly NULL. */ 101 apr_file_t *log_file; 102 103 /* Username case normalization style. */ 104 enum username_case_type username_case; 105 106 /* Enable text delta caching for all FSFS repositories. */ 107 svn_boolean_t cache_txdeltas; 108 109 /* Enable full-text caching for all FSFS repositories. */ 110 svn_boolean_t cache_fulltexts; 111 112 /* Enable revprop caching for all FSFS repositories. */ 113 svn_boolean_t cache_revprops; 114 115 /* Size of the in-memory cache (used by FSFS only). */ 116 apr_uint64_t memory_cache_size; 117 118 /* Data compression level to reduce for network traffic. If this 119 is 0, no compression should be applied and the protocol may 120 fall back to svndiff "version 0" bypassing zlib entirely. 121 Defaults to SVN_DELTA_COMPRESSION_LEVEL_DEFAULT. */ 122 int compression_level; 123 124 /* Item size up to which we use the zero-copy code path to transmit 125 them over the network. 0 disables that code path. */ 126 apr_size_t zero_copy_limit; 127 128 /* Amount of data to send between checks for cancellation requests 129 coming in from the client. */ 130 apr_size_t error_check_interval; 131 132 /* Use virtual-host-based path to repo. */ 133 svn_boolean_t vhost; 134} serve_params_t; 135 136/* Serve the connection CONN according to the parameters PARAMS. */ 137svn_error_t *serve(svn_ra_svn_conn_t *conn, serve_params_t *params, 138 apr_pool_t *pool); 139 140/* Load the password database for the listening server based on the 141 entries in the SERVER struct. 142 143 SERVER and CONN must not be NULL. The real errors will be logged with 144 SERVER and CONN but return generic errors to the client. */ 145svn_error_t *load_pwdb_config(server_baton_t *server, 146 svn_ra_svn_conn_t *conn, 147 apr_pool_t *pool); 148 149/* Load the authz database for the listening server based on the 150 entries in the SERVER struct. 151 152 SERVER and CONN must not be NULL. The real errors will be logged with 153 SERVER and CONN but return generic errors to the client. */ 154svn_error_t *load_authz_config(server_baton_t *server, 155 svn_ra_svn_conn_t *conn, 156 const char *repos_root, 157 apr_pool_t *pool); 158 159/* Initialize the Cyrus SASL library. POOL is used for allocations. */ 160svn_error_t *cyrus_init(apr_pool_t *pool); 161 162/* Authenticate using Cyrus SASL. */ 163svn_error_t *cyrus_auth_request(svn_ra_svn_conn_t *conn, 164 apr_pool_t *pool, 165 server_baton_t *b, 166 enum access_type required, 167 svn_boolean_t needs_username); 168 169/* Escape SOURCE into DEST where SOURCE is null-terminated and DEST is 170 size BUFLEN DEST will be null-terminated. Returns number of bytes 171 written, including terminating null byte. */ 172apr_size_t escape_errorlog_item(char *dest, const char *source, 173 apr_size_t buflen); 174 175/* Log ERR to LOG_FILE if LOG_FILE is not NULL. Include REMOTE_HOST, 176 USER, and REPOS in the log if they are not NULL. Allocate temporary 177 char buffers in POOL (which caller can then clear or dispose of). */ 178void 179log_error(svn_error_t *err, apr_file_t *log_file, const char *remote_host, 180 const char *user, const char *repos, apr_pool_t *pool); 181 182#ifdef __cplusplus 183} 184#endif /* __cplusplus */ 185 186#endif /* SERVER_H */ 187