internal_auth.c revision 362181 
1/*
2 * simple_auth.c :  Simple SASL-based authentication, used in case
3 * Cyrus SASL isn't available.
4 *
5 * ====================================================================
6 *    Licensed to the Apache Software Foundation (ASF) under one
7 *    or more contributor license agreements.  See the NOTICE file
8 *    distributed with this work for additional information
9 *    regarding copyright ownership.  The ASF licenses this file
10 *    to you under the Apache License, Version 2.0 (the
11 *    "License"); you may not use this file except in compliance
12 *    with the License.  You may obtain a copy of the License at
13 *
14 *      http://www.apache.org/licenses/LICENSE-2.0
15 *
16 *    Unless required by applicable law or agreed to in writing,
17 *    software distributed under the License is distributed on an
18 *    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
19 *    KIND, either express or implied.  See the License for the
20 *    specific language governing permissions and limitations
21 *    under the License.
22 * ====================================================================
23 */
24
25#include "svn_private_config.h"
26
27#define APR_WANT_STRFUNC
28#include <apr_want.h>
29#include <apr_general.h>
30#include <apr_strings.h>
31
32#include "svn_types.h"
33#include "svn_string.h"
34#include "svn_error.h"
35#include "svn_ra.h"
36#include "svn_ra_svn.h"
37
38#include "ra_svn.h"
39
40svn_boolean_t svn_ra_svn__find_mech(const svn_ra_svn__list_t *mechlist,
41                                    const char *mech)
42{
43  int i;
44  svn_ra_svn__item_t *elt;
45
46  for (i = 0; i < mechlist->nelts; i++)
47    {
48      elt = &SVN_RA_SVN__LIST_ITEM(mechlist, i);
49      if (elt->kind == SVN_RA_SVN_WORD && strcmp(elt->u.word.data, mech) == 0)
50        return TRUE;
51    }
52  return FALSE;
53}
54
55/* Read the "success" response to ANONYMOUS or EXTERNAL authentication. */
56static svn_error_t *read_success(svn_ra_svn_conn_t *conn, apr_pool_t *pool)
57{
58  const char *status, *arg;
59
60  SVN_ERR(svn_ra_svn__read_tuple(conn, pool, "w(?c)", &status, &arg));
61  if (strcmp(status, "failure") == 0 && arg)
62    return svn_error_createf(SVN_ERR_RA_NOT_AUTHORIZED, NULL,
63                             _("Authentication error from server: %s"), arg);
64  else if (strcmp(status, "success") != 0 || arg)
65    return svn_error_create(SVN_ERR_RA_NOT_AUTHORIZED, NULL,
66                            _("Unexpected server response to authentication"));
67  return SVN_NO_ERROR;
68}
69
70svn_error_t *
71svn_ra_svn__do_internal_auth(svn_ra_svn__session_baton_t *sess,
72                             const svn_ra_svn__list_t *mechlist,
73                             const char *realm, apr_pool_t *pool)
74{
75  svn_ra_svn_conn_t *conn = sess->conn;
76  const char *realmstring, *user, *password, *msg;
77  svn_auth_iterstate_t *iterstate;
78  void *creds;
79
80  realmstring = apr_psprintf(pool, "%s %s", sess->realm_prefix, realm);
81
82  if (sess->is_tunneled && svn_ra_svn__find_mech(mechlist, "EXTERNAL"))
83    {
84        /* Ask the server to use the tunnel connection environment (on
85        * Unix, that means uid) to determine the authentication name. */
86      SVN_ERR(svn_ra_svn__auth_response(conn, pool, "EXTERNAL", ""));
87      return read_success(conn, pool);
88    }
89  else if (svn_ra_svn__find_mech(mechlist, "ANONYMOUS"))
90    {
91      SVN_ERR(svn_ra_svn__auth_response(conn, pool, "ANONYMOUS", ""));
92      return read_success(conn, pool);
93    }
94  else if (svn_ra_svn__find_mech(mechlist, "CRAM-MD5"))
95    {
96      SVN_ERR(svn_auth_first_credentials(&creds, &iterstate,
97                                         SVN_AUTH_CRED_SIMPLE, realmstring,
98                                         sess->auth_baton, pool));
99      if (!creds)
100        return svn_error_create(SVN_ERR_RA_NOT_AUTHORIZED, NULL,
101                                _("Can't get password"));
102      while (creds)
103        {
104          user = ((svn_auth_cred_simple_t *) creds)->username;
105          password = ((svn_auth_cred_simple_t *) creds)->password;
106          SVN_ERR(svn_ra_svn__auth_response(conn, pool, "CRAM-MD5", NULL));
107          SVN_ERR(svn_ra_svn__cram_client(conn, pool, user, password, &msg));
108          if (!msg)
109            break;
110          SVN_ERR(svn_auth_next_credentials(&creds, iterstate, pool));
111        }
112      if (!creds)
113        return svn_error_createf(SVN_ERR_RA_NOT_AUTHORIZED, NULL,
114                                _("Authentication error from server: %s"),
115                                msg);
116      SVN_ERR(svn_auth_save_credentials(iterstate, pool));
117      return SVN_NO_ERROR;
118    }
119  else
120    return svn_error_create(SVN_ERR_RA_SVN_NO_MECHANISMS, NULL, NULL);
121}
122