1224090Sdougb/*
2262706Serwin * auth.h :  shared stuff internal to the subr library.
3224090Sdougb *
4224090Sdougb * ====================================================================
5224090Sdougb *    Licensed to the Apache Software Foundation (ASF) under one
6224090Sdougb *    or more contributor license agreements.  See the NOTICE file
7224090Sdougb *    distributed with this work for additional information
8224090Sdougb *    regarding copyright ownership.  The ASF licenses this file
9224090Sdougb *    to you under the Apache License, Version 2.0 (the
10224090Sdougb *    "License"); you may not use this file except in compliance
11224090Sdougb *    with the License.  You may obtain a copy of the License at
12224090Sdougb *
13224090Sdougb *      http://www.apache.org/licenses/LICENSE-2.0
14224090Sdougb *
15224090Sdougb *    Unless required by applicable law or agreed to in writing,
16224090Sdougb *    software distributed under the License is distributed on an
17224090Sdougb *    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
18254897Serwin *    KIND, either express or implied.  See the License for the
19224090Sdougb *    specific language governing permissions and limitations
20224090Sdougb *    under the License.
21224090Sdougb * ====================================================================
22224090Sdougb */
23224090Sdougb
24224090Sdougb#ifndef SVN_LIBSVN_SUBR_AUTH_H
25224090Sdougb#define SVN_LIBSVN_SUBR_AUTH_H
26224090Sdougb
27224090Sdougb#ifdef __cplusplus
28224090Sdougbextern "C" {
29224090Sdougb#endif /* __cplusplus */
30224090Sdougb
31224090Sdougb#include "svn_auth.h"
32224090Sdougb
33224090Sdougb/* Helper for svn_config_{read|write}_auth_data.  Return a path to a
34224090Sdougb   file within ~/.subversion/auth/ that holds CRED_KIND credentials
35224090Sdougb   within REALMSTRING.  If no path is available *PATH will be set to
36224090Sdougb   NULL. */
37224090Sdougbsvn_error_t *
38224090Sdougbsvn_auth__file_path(const char **path,
39224090Sdougb                    const char *cred_kind,
40224090Sdougb                    const char *realmstring,
41224090Sdougb                    const char *config_dir,
42224090Sdougb                    apr_pool_t *pool);
43224090Sdougb
44224090Sdougb#if (defined(WIN32) && !defined(__MINGW32__)) || defined(DOXYGEN)
45224090Sdougb/**
46224090Sdougb * Set @a *provider to an authentication provider of type @c
47224090Sdougb * svn_auth_cred_simple_t that gets/sets information from the user's
48224090Sdougb * ~/.subversion configuration directory.  Allocate @a *provider in
49224090Sdougb * @a pool.
50224090Sdougb *
51224090Sdougb * This is like svn_auth_get_simple_provider(), except that, when
52224090Sdougb * running on Window 2000 or newer (or any other Windows version that
53224090Sdougb * includes the CryptoAPI), the provider encrypts the password before
54224090Sdougb * storing it to disk. On earlier versions of Windows, the provider
55224090Sdougb * does nothing.
56224090Sdougb *
57224090Sdougb * @note This function is only available on Windows.
58224090Sdougb *
59224090Sdougb * @note An administrative password reset may invalidate the account's
60224090Sdougb * secret key. This function will detect that situation and behave as
61224090Sdougb * if the password were not cached at all.
62224090Sdougb */
63224090Sdougbvoid
64224090Sdougbsvn_auth__get_windows_simple_provider(svn_auth_provider_object_t **provider,
65224090Sdougb                                      apr_pool_t *pool);
66224090Sdougb
67224090Sdougb/**
68224090Sdougb * Set @a *provider to an authentication provider of type @c
69224090Sdougb * svn_auth_cred_ssl_client_cert_pw_t that gets/sets information from the
70224090Sdougb * user's ~/.subversion configuration directory.  Allocate @a *provider in
71224090Sdougb * @a pool.
72224090Sdougb *
73224090Sdougb * This is like svn_auth_get_ssl_client_cert_pw_file_provider(), except that
74224090Sdougb * when running on Window 2000 or newer, the provider encrypts the password
75224090Sdougb * before storing it to disk. On earlier versions of Windows, the provider
76224090Sdougb * does nothing.
77224090Sdougb *
78224090Sdougb * @note This function is only available on Windows.
79224090Sdougb *
80224090Sdougb * @note An administrative password reset may invalidate the account's
81224090Sdougb * secret key. This function will detect that situation and behave as
82224090Sdougb * if the password were not cached at all.
83224090Sdougb */
84224090Sdougbvoid
85224090Sdougbsvn_auth__get_windows_ssl_client_cert_pw_provider(
86224090Sdougb  svn_auth_provider_object_t **provider,
87224090Sdougb  apr_pool_t *pool);
88224090Sdougb
89224090Sdougb/**
90224090Sdougb * Set @a *provider to an authentication provider of type @c
91224090Sdougb * svn_auth_cred_ssl_server_trust_t, allocated in @a pool.
92224090Sdougb *
93224090Sdougb * This provider automatically validates ssl server certificates with
94224090Sdougb * the CryptoApi, like Internet Explorer and the Windows network API do.
95224090Sdougb * This allows the rollout of root certificates via Windows Domain
96224090Sdougb * policies, instead of Subversion specific configuration.
97224090Sdougb *
98224090Sdougb * @note This function is only available on Windows.
99224090Sdougb */
100224090Sdougbvoid
101224090Sdougbsvn_auth__get_windows_ssl_server_trust_provider(
102224090Sdougb  svn_auth_provider_object_t **provider,
103224090Sdougb  apr_pool_t *pool);
104224090Sdougb#endif /* WIN32 && !__MINGW32__ || DOXYGEN */
105224090Sdougb
106224090Sdougb#if defined(DARWIN) || defined(DOXYGEN)
107224090Sdougb/**
108224090Sdougb * Set @a *provider to an authentication provider of type @c
109224090Sdougb * svn_auth_cred_simple_t that gets/sets information from the user's
110224090Sdougb * ~/.subversion configuration directory.  Allocate @a *provider in
111224090Sdougb * @a pool.
112224090Sdougb *
113224090Sdougb * This is like svn_auth_get_simple_provider(), except that the
114224090Sdougb * password is stored in the Mac OS KeyChain.
115224090Sdougb *
116224090Sdougb * @note This function is only available on Mac OS 10.2 and higher.
117224090Sdougb */
118224090Sdougbvoid
119224090Sdougbsvn_auth__get_keychain_simple_provider(svn_auth_provider_object_t **provider,
120224090Sdougb                                      apr_pool_t *pool);
121224090Sdougb
122224090Sdougb/**
123262706Serwin * Set @a *provider to an authentication provider of type @c
124224090Sdougb * svn_auth_cred_ssl_client_cert_pw_t that gets/sets information from the
125224090Sdougb * user's ~/.subversion configuration directory.  Allocate @a *provider in
126224090Sdougb * @a pool.
127224090Sdougb *
128224090Sdougb * This is like svn_auth_get_ssl_client_cert_pw_file_provider(), except
129224090Sdougb * that the password is stored in the Mac OS KeyChain.
130224090Sdougb *
131224090Sdougb * @note This function is only available on Mac OS 10.2 and higher.
132224090Sdougb */
133224090Sdougbvoid
134224090Sdougbsvn_auth__get_keychain_ssl_client_cert_pw_provider(
135224090Sdougb  svn_auth_provider_object_t **provider,
136224090Sdougb  apr_pool_t *pool);
137224090Sdougb#endif /* DARWIN || DOXYGEN */
138224090Sdougb
139224090Sdougb#if !defined(WIN32) || defined(DOXYGEN)
140224090Sdougb/**
141224090Sdougb * Set @a *provider to an authentication provider of type @c
142224090Sdougb * svn_auth_cred_simple_t that gets/sets information from the user's
143224090Sdougb * ~/.subversion configuration directory.
144224090Sdougb *
145224090Sdougb * This is like svn_client_get_simple_provider(), except that the
146224090Sdougb * password is obtained from gpg_agent, which will keep it in
147224090Sdougb * a memory cache.
148224090Sdougb *
149224090Sdougb * Allocate @a *provider in @a pool.
150224090Sdougb *
151224090Sdougb * @note This function actually works only on systems with
152224090Sdougb * GNU Privacy Guard installed.
153224090Sdougb */
154224090Sdougbvoid
155224090Sdougbsvn_auth__get_gpg_agent_simple_provider
156224090Sdougb    (svn_auth_provider_object_t **provider,
157224090Sdougb     apr_pool_t *pool);
158224090Sdougb#endif /* !defined(WIN32) || defined(DOXYGEN) */
159224090Sdougb
160224090Sdougb/**
161224090Sdougb * Set @a *provider to a dummy provider of type @c
162224090Sdougb * svn_auth_cred_simple_t that never returns or stores any
163224090Sdougb * credentials.
164224090Sdougb */
165224090Sdougbvoid
166224090Sdougbsvn_auth__get_dummmy_simple_provider(svn_auth_provider_object_t **provider,
167224090Sdougb                                     apr_pool_t *pool);
168224090Sdougb
169224090Sdougb#ifdef __cplusplus
170224090Sdougb}
171224090Sdougb#endif /* __cplusplus */
172224090Sdougb
173224090Sdougb#endif /* SVN_LIBSVN_SUBR_AUTH_H */
174224090Sdougb