/* * simple_auth.c : Simple SASL-based authentication, used in case * Cyrus SASL isn't available. * * ==================================================================== * Licensed to the Apache Software Foundation (ASF) under one * or more contributor license agreements. See the NOTICE file * distributed with this work for additional information * regarding copyright ownership. The ASF licenses this file * to you under the Apache License, Version 2.0 (the * "License"); you may not use this file except in compliance * with the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License. * ==================================================================== */ #include "svn_private_config.h" #define APR_WANT_STRFUNC #include #include #include #include "svn_types.h" #include "svn_string.h" #include "svn_error.h" #include "svn_ra.h" #include "svn_ra_svn.h" #include "ra_svn.h" svn_boolean_t svn_ra_svn__find_mech(const apr_array_header_t *mechlist, const char *mech) { int i; svn_ra_svn_item_t *elt; for (i = 0; i < mechlist->nelts; i++) { elt = &APR_ARRAY_IDX(mechlist, i, svn_ra_svn_item_t); if (elt->kind == SVN_RA_SVN_WORD && strcmp(elt->u.word, mech) == 0) return TRUE; } return FALSE; } /* Read the "success" response to ANONYMOUS or EXTERNAL authentication. */ static svn_error_t *read_success(svn_ra_svn_conn_t *conn, apr_pool_t *pool) { const char *status, *arg; SVN_ERR(svn_ra_svn__read_tuple(conn, pool, "w(?c)", &status, &arg)); if (strcmp(status, "failure") == 0 && arg) return svn_error_createf(SVN_ERR_RA_NOT_AUTHORIZED, NULL, _("Authentication error from server: %s"), arg); else if (strcmp(status, "success") != 0 || arg) return svn_error_create(SVN_ERR_RA_NOT_AUTHORIZED, NULL, _("Unexpected server response to authentication")); return SVN_NO_ERROR; } svn_error_t * svn_ra_svn__do_internal_auth(svn_ra_svn__session_baton_t *sess, const apr_array_header_t *mechlist, const char *realm, apr_pool_t *pool) { svn_ra_svn_conn_t *conn = sess->conn; const char *realmstring, *user, *password, *msg; svn_auth_iterstate_t *iterstate; void *creds; realmstring = apr_psprintf(pool, "%s %s", sess->realm_prefix, realm); if (sess->is_tunneled && svn_ra_svn__find_mech(mechlist, "EXTERNAL")) { /* Ask the server to use the tunnel connection environment (on * Unix, that means uid) to determine the authentication name. */ SVN_ERR(svn_ra_svn__auth_response(conn, pool, "EXTERNAL", "")); return read_success(conn, pool); } else if (svn_ra_svn__find_mech(mechlist, "ANONYMOUS")) { SVN_ERR(svn_ra_svn__auth_response(conn, pool, "ANONYMOUS", "")); return read_success(conn, pool); } else if (svn_ra_svn__find_mech(mechlist, "CRAM-MD5")) { SVN_ERR(svn_auth_first_credentials(&creds, &iterstate, SVN_AUTH_CRED_SIMPLE, realmstring, sess->callbacks->auth_baton, pool)); if (!creds) return svn_error_create(SVN_ERR_RA_NOT_AUTHORIZED, NULL, _("Can't get password")); while (creds) { user = ((svn_auth_cred_simple_t *) creds)->username; password = ((svn_auth_cred_simple_t *) creds)->password; SVN_ERR(svn_ra_svn__auth_response(conn, pool, "CRAM-MD5", NULL)); SVN_ERR(svn_ra_svn__cram_client(conn, pool, user, password, &msg)); if (!msg) break; SVN_ERR(svn_auth_next_credentials(&creds, iterstate, pool)); } if (!creds) return svn_error_createf(SVN_ERR_RA_NOT_AUTHORIZED, NULL, _("Authentication error from server: %s"), msg); SVN_ERR(svn_auth_save_credentials(iterstate, pool)); return SVN_NO_ERROR; } else return svn_error_create(SVN_ERR_RA_SVN_NO_MECHANISMS, NULL, NULL); }