1224090Sdougb/* 2262706Serwin * auth.h : shared stuff internal to the subr library. 3224090Sdougb * 4224090Sdougb * ==================================================================== 5224090Sdougb * Licensed to the Apache Software Foundation (ASF) under one 6224090Sdougb * or more contributor license agreements. See the NOTICE file 7224090Sdougb * distributed with this work for additional information 8224090Sdougb * regarding copyright ownership. The ASF licenses this file 9224090Sdougb * to you under the Apache License, Version 2.0 (the 10224090Sdougb * "License"); you may not use this file except in compliance 11224090Sdougb * with the License. You may obtain a copy of the License at 12224090Sdougb * 13224090Sdougb * http://www.apache.org/licenses/LICENSE-2.0 14224090Sdougb * 15224090Sdougb * Unless required by applicable law or agreed to in writing, 16224090Sdougb * software distributed under the License is distributed on an 17224090Sdougb * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 18254897Serwin * KIND, either express or implied. See the License for the 19224090Sdougb * specific language governing permissions and limitations 20224090Sdougb * under the License. 21224090Sdougb * ==================================================================== 22224090Sdougb */ 23224090Sdougb 24224090Sdougb#ifndef SVN_LIBSVN_SUBR_AUTH_H 25224090Sdougb#define SVN_LIBSVN_SUBR_AUTH_H 26224090Sdougb 27224090Sdougb#ifdef __cplusplus 28224090Sdougbextern "C" { 29224090Sdougb#endif /* __cplusplus */ 30224090Sdougb 31224090Sdougb#include "svn_auth.h" 32224090Sdougb 33224090Sdougb/* Helper for svn_config_{read|write}_auth_data. Return a path to a 34224090Sdougb file within ~/.subversion/auth/ that holds CRED_KIND credentials 35224090Sdougb within REALMSTRING. If no path is available *PATH will be set to 36224090Sdougb NULL. */ 37224090Sdougbsvn_error_t * 38224090Sdougbsvn_auth__file_path(const char **path, 39224090Sdougb const char *cred_kind, 40224090Sdougb const char *realmstring, 41224090Sdougb const char *config_dir, 42224090Sdougb apr_pool_t *pool); 43224090Sdougb 44224090Sdougb#if (defined(WIN32) && !defined(__MINGW32__)) || defined(DOXYGEN) 45224090Sdougb/** 46224090Sdougb * Set @a *provider to an authentication provider of type @c 47224090Sdougb * svn_auth_cred_simple_t that gets/sets information from the user's 48224090Sdougb * ~/.subversion configuration directory. Allocate @a *provider in 49224090Sdougb * @a pool. 50224090Sdougb * 51224090Sdougb * This is like svn_auth_get_simple_provider(), except that, when 52224090Sdougb * running on Window 2000 or newer (or any other Windows version that 53224090Sdougb * includes the CryptoAPI), the provider encrypts the password before 54224090Sdougb * storing it to disk. On earlier versions of Windows, the provider 55224090Sdougb * does nothing. 56224090Sdougb * 57224090Sdougb * @note This function is only available on Windows. 58224090Sdougb * 59224090Sdougb * @note An administrative password reset may invalidate the account's 60224090Sdougb * secret key. This function will detect that situation and behave as 61224090Sdougb * if the password were not cached at all. 62224090Sdougb */ 63224090Sdougbvoid 64224090Sdougbsvn_auth__get_windows_simple_provider(svn_auth_provider_object_t **provider, 65224090Sdougb apr_pool_t *pool); 66224090Sdougb 67224090Sdougb/** 68224090Sdougb * Set @a *provider to an authentication provider of type @c 69224090Sdougb * svn_auth_cred_ssl_client_cert_pw_t that gets/sets information from the 70224090Sdougb * user's ~/.subversion configuration directory. Allocate @a *provider in 71224090Sdougb * @a pool. 72224090Sdougb * 73224090Sdougb * This is like svn_auth_get_ssl_client_cert_pw_file_provider(), except that 74224090Sdougb * when running on Window 2000 or newer, the provider encrypts the password 75224090Sdougb * before storing it to disk. On earlier versions of Windows, the provider 76224090Sdougb * does nothing. 77224090Sdougb * 78224090Sdougb * @note This function is only available on Windows. 79224090Sdougb * 80224090Sdougb * @note An administrative password reset may invalidate the account's 81224090Sdougb * secret key. This function will detect that situation and behave as 82224090Sdougb * if the password were not cached at all. 83224090Sdougb */ 84224090Sdougbvoid 85224090Sdougbsvn_auth__get_windows_ssl_client_cert_pw_provider( 86224090Sdougb svn_auth_provider_object_t **provider, 87224090Sdougb apr_pool_t *pool); 88224090Sdougb 89224090Sdougb/** 90224090Sdougb * Set @a *provider to an authentication provider of type @c 91224090Sdougb * svn_auth_cred_ssl_server_trust_t, allocated in @a pool. 92224090Sdougb * 93224090Sdougb * This provider automatically validates ssl server certificates with 94224090Sdougb * the CryptoApi, like Internet Explorer and the Windows network API do. 95224090Sdougb * This allows the rollout of root certificates via Windows Domain 96224090Sdougb * policies, instead of Subversion specific configuration. 97224090Sdougb * 98224090Sdougb * @note This function is only available on Windows. 99224090Sdougb */ 100224090Sdougbvoid 101224090Sdougbsvn_auth__get_windows_ssl_server_trust_provider( 102224090Sdougb svn_auth_provider_object_t **provider, 103224090Sdougb apr_pool_t *pool); 104224090Sdougb#endif /* WIN32 && !__MINGW32__ || DOXYGEN */ 105224090Sdougb 106224090Sdougb#if defined(DARWIN) || defined(DOXYGEN) 107224090Sdougb/** 108224090Sdougb * Set @a *provider to an authentication provider of type @c 109224090Sdougb * svn_auth_cred_simple_t that gets/sets information from the user's 110224090Sdougb * ~/.subversion configuration directory. Allocate @a *provider in 111224090Sdougb * @a pool. 112224090Sdougb * 113224090Sdougb * This is like svn_auth_get_simple_provider(), except that the 114224090Sdougb * password is stored in the Mac OS KeyChain. 115224090Sdougb * 116224090Sdougb * @note This function is only available on Mac OS 10.2 and higher. 117224090Sdougb */ 118224090Sdougbvoid 119224090Sdougbsvn_auth__get_keychain_simple_provider(svn_auth_provider_object_t **provider, 120224090Sdougb apr_pool_t *pool); 121224090Sdougb 122224090Sdougb/** 123262706Serwin * Set @a *provider to an authentication provider of type @c 124224090Sdougb * svn_auth_cred_ssl_client_cert_pw_t that gets/sets information from the 125224090Sdougb * user's ~/.subversion configuration directory. Allocate @a *provider in 126224090Sdougb * @a pool. 127224090Sdougb * 128224090Sdougb * This is like svn_auth_get_ssl_client_cert_pw_file_provider(), except 129224090Sdougb * that the password is stored in the Mac OS KeyChain. 130224090Sdougb * 131224090Sdougb * @note This function is only available on Mac OS 10.2 and higher. 132224090Sdougb */ 133224090Sdougbvoid 134224090Sdougbsvn_auth__get_keychain_ssl_client_cert_pw_provider( 135224090Sdougb svn_auth_provider_object_t **provider, 136224090Sdougb apr_pool_t *pool); 137224090Sdougb#endif /* DARWIN || DOXYGEN */ 138224090Sdougb 139224090Sdougb#if !defined(WIN32) || defined(DOXYGEN) 140224090Sdougb/** 141224090Sdougb * Set @a *provider to an authentication provider of type @c 142224090Sdougb * svn_auth_cred_simple_t that gets/sets information from the user's 143224090Sdougb * ~/.subversion configuration directory. 144224090Sdougb * 145224090Sdougb * This is like svn_client_get_simple_provider(), except that the 146224090Sdougb * password is obtained from gpg_agent, which will keep it in 147224090Sdougb * a memory cache. 148224090Sdougb * 149224090Sdougb * Allocate @a *provider in @a pool. 150224090Sdougb * 151224090Sdougb * @note This function actually works only on systems with 152224090Sdougb * GNU Privacy Guard installed. 153224090Sdougb */ 154224090Sdougbvoid 155224090Sdougbsvn_auth__get_gpg_agent_simple_provider 156224090Sdougb (svn_auth_provider_object_t **provider, 157224090Sdougb apr_pool_t *pool); 158224090Sdougb#endif /* !defined(WIN32) || defined(DOXYGEN) */ 159224090Sdougb 160224090Sdougb/** 161224090Sdougb * Set @a *provider to a dummy provider of type @c 162224090Sdougb * svn_auth_cred_simple_t that never returns or stores any 163224090Sdougb * credentials. 164224090Sdougb */ 165224090Sdougbvoid 166224090Sdougbsvn_auth__get_dummmy_simple_provider(svn_auth_provider_object_t **provider, 167224090Sdougb apr_pool_t *pool); 168224090Sdougb 169224090Sdougb#ifdef __cplusplus 170224090Sdougb} 171224090Sdougb#endif /* __cplusplus */ 172224090Sdougb 173224090Sdougb#endif /* SVN_LIBSVN_SUBR_AUTH_H */ 174224090Sdougb