svn_auth_private.h revision 251886
1/** 2 * @copyright 3 * ==================================================================== 4 * Licensed to the Apache Software Foundation (ASF) under one 5 * or more contributor license agreements. See the NOTICE file 6 * distributed with this work for additional information 7 * regarding copyright ownership. The ASF licenses this file 8 * to you under the Apache License, Version 2.0 (the 9 * "License"); you may not use this file except in compliance 10 * with the License. You may obtain a copy of the License at 11 * 12 * http://www.apache.org/licenses/LICENSE-2.0 13 * 14 * Unless required by applicable law or agreed to in writing, 15 * software distributed under the License is distributed on an 16 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 17 * KIND, either express or implied. See the License for the 18 * specific language governing permissions and limitations 19 * under the License. 20 * ==================================================================== 21 * @endcopyright 22 * 23 * @file svn_auth_private.h 24 * @brief Subversion's authentication system - Internal routines 25 */ 26 27#ifndef SVN_AUTH_PRIVATE_H 28#define SVN_AUTH_PRIVATE_H 29 30#include <apr_pools.h> 31#include <apr_hash.h> 32 33#include "svn_types.h" 34#include "svn_error.h" 35 36#ifdef __cplusplus 37extern "C" { 38#endif /* __cplusplus */ 39 40/* If you add a password type for a provider which stores 41 * passwords on disk in encrypted form, remember to update 42 * svn_auth__simple_save_creds_helper. Otherwise it will be 43 * assumed that your provider stores passwords in plaintext. */ 44#define SVN_AUTH__SIMPLE_PASSWORD_TYPE "simple" 45#define SVN_AUTH__WINCRYPT_PASSWORD_TYPE "wincrypt" 46#define SVN_AUTH__KEYCHAIN_PASSWORD_TYPE "keychain" 47#define SVN_AUTH__KWALLET_PASSWORD_TYPE "kwallet" 48#define SVN_AUTH__GNOME_KEYRING_PASSWORD_TYPE "gnome-keyring" 49#define SVN_AUTH__GPG_AGENT_PASSWORD_TYPE "gpg-agent" 50 51/* A function that stores in *PASSWORD (potentially after decrypting it) 52 the user's password. It might be obtained directly from CREDS, or 53 from an external store, using REALMSTRING and USERNAME as keys. 54 (The behavior is undefined if REALMSTRING or USERNAME are NULL.) 55 If NON_INTERACTIVE is set, the user must not be involved in the 56 retrieval process. Set *DONE to TRUE if a password was stored 57 in *PASSWORD, to FALSE otherwise. POOL is used for any necessary 58 allocation. */ 59typedef svn_error_t * (*svn_auth__password_get_t) 60 (svn_boolean_t *done, 61 const char **password, 62 apr_hash_t *creds, 63 const char *realmstring, 64 const char *username, 65 apr_hash_t *parameters, 66 svn_boolean_t non_interactive, 67 apr_pool_t *pool); 68 69/* A function that stores PASSWORD (or some encrypted version thereof) 70 either directly in CREDS, or externally using REALMSTRING and USERNAME 71 as keys into the external store. If NON_INTERACTIVE is set, the user 72 must not be involved in the storage process. Set *DONE to TRUE if the 73 password was store, to FALSE otherwise. POOL is used for any necessary 74 allocation. */ 75typedef svn_error_t * (*svn_auth__password_set_t) 76 (svn_boolean_t *done, 77 apr_hash_t *creds, 78 const char *realmstring, 79 const char *username, 80 const char *password, 81 apr_hash_t *parameters, 82 svn_boolean_t non_interactive, 83 apr_pool_t *pool); 84 85/* Use PARAMETERS and REALMSTRING to set *CREDENTIALS to a set of 86 pre-cached authentication credentials pulled from the simple 87 credential cache store identified by PASSTYPE. PASSWORD_GET is 88 used to obtain the password value. Allocate *CREDENTIALS from 89 POOL. 90 91 NOTE: This function is a common implementation of code used by 92 several of the simple credential providers (the default disk cache 93 mechanism, Windows CryptoAPI, GNOME Keyring, etc.), typically in 94 their "first_creds" implementation. */ 95svn_error_t * 96svn_auth__simple_creds_cache_get(void **credentials, 97 void **iter_baton, 98 void *provider_baton, 99 apr_hash_t *parameters, 100 const char *realmstring, 101 svn_auth__password_get_t password_get, 102 const char *passtype, 103 apr_pool_t *pool); 104 105/* Use PARAMETERS and REALMSTRING to save CREDENTIALS in the simple 106 credential cache store identified by PASSTYPE. PASSWORD_SET is 107 used to do the actual storage. Use POOL for necessary allocations. 108 Set *SAVED according to whether or not the credentials were 109 successfully stored. 110 111 NOTE: This function is a common implementation of code used by 112 several of the simple credential providers (the default disk cache 113 mechanism, Windows CryptoAPI, GNOME Keyring, etc.) typically in 114 their "save_creds" implementation. */ 115svn_error_t * 116svn_auth__simple_creds_cache_set(svn_boolean_t *saved, 117 void *credentials, 118 void *provider_baton, 119 apr_hash_t *parameters, 120 const char *realmstring, 121 svn_auth__password_set_t password_set, 122 const char *passtype, 123 apr_pool_t *pool); 124 125/* Implementation of svn_auth__password_get_t that retrieves 126 the plaintext password from CREDS when USERNAME matches the stored 127 credentials. */ 128svn_error_t * 129svn_auth__simple_password_get(svn_boolean_t *done, 130 const char **password, 131 apr_hash_t *creds, 132 const char *realmstring, 133 const char *username, 134 apr_hash_t *parameters, 135 svn_boolean_t non_interactive, 136 apr_pool_t *pool); 137 138/* Implementation of svn_auth__password_set_t that stores 139 the plaintext password in CREDS. */ 140svn_error_t * 141svn_auth__simple_password_set(svn_boolean_t *done, 142 apr_hash_t *creds, 143 const char *realmstring, 144 const char *username, 145 const char *password, 146 apr_hash_t *parameters, 147 svn_boolean_t non_interactive, 148 apr_pool_t *pool); 149 150 151/* Use PARAMETERS and REALMSTRING to set *CREDENTIALS to a set of 152 pre-cached authentication credentials pulled from the SSL client 153 certificate passphrase credential cache store identified by 154 PASSTYPE. PASSPHRASE_GET is used to obtain the passphrase value. 155 Allocate *CREDENTIALS from POOL. 156 157 NOTE: This function is a common implementation of code used by 158 several of the ssl client passphrase credential providers (the 159 default disk cache mechanism, Windows CryptoAPI, GNOME Keyring, 160 etc.), typically in their "first_creds" implementation. */ 161svn_error_t * 162svn_auth__ssl_client_cert_pw_cache_get(void **credentials, 163 void **iter_baton, 164 void *provider_baton, 165 apr_hash_t *parameters, 166 const char *realmstring, 167 svn_auth__password_get_t passphrase_get, 168 const char *passtype, 169 apr_pool_t *pool); 170 171/* Use PARAMETERS and REALMSTRING to save CREDENTIALS in the SSL 172 client certificate passphrase credential cache store identified by 173 PASSTYPE. PASSPHRASE_SET is used to do the actual storage. Use 174 POOL for necessary allocations. Set *SAVED according to whether or 175 not the credentials were successfully stored. 176 177 NOTE: This function is a common implementation of code used by 178 several of the simple credential providers (the default disk cache 179 mechanism, Windows CryptoAPI, GNOME Keyring, etc.) typically in 180 their "save_creds" implementation. */ 181svn_error_t * 182svn_auth__ssl_client_cert_pw_cache_set(svn_boolean_t *saved, 183 void *credentials, 184 void *provider_baton, 185 apr_hash_t *parameters, 186 const char *realmstring, 187 svn_auth__password_set_t passphrase_set, 188 const char *passtype, 189 apr_pool_t *pool); 190 191/* This implements the svn_auth__password_get_t interface. 192 Set **PASSPHRASE to the plaintext passphrase retrieved from CREDS; 193 ignore other parameters. */ 194svn_error_t * 195svn_auth__ssl_client_cert_pw_get(svn_boolean_t *done, 196 const char **passphrase, 197 apr_hash_t *creds, 198 const char *realmstring, 199 const char *username, 200 apr_hash_t *parameters, 201 svn_boolean_t non_interactive, 202 apr_pool_t *pool); 203 204/* This implements the svn_auth__password_set_t interface. 205 Store PASSPHRASE in CREDS; ignore other parameters. */ 206svn_error_t * 207svn_auth__ssl_client_cert_pw_set(svn_boolean_t *done, 208 apr_hash_t *creds, 209 const char *realmstring, 210 const char *username, 211 const char *passphrase, 212 apr_hash_t *parameters, 213 svn_boolean_t non_interactive, 214 apr_pool_t *pool); 215 216#ifdef __cplusplus 217} 218#endif /* __cplusplus */ 219 220#endif /* SVN_AUTH_PRIVATE_H */ 221