/* * ssl_client_cert_providers.c: providers for * SVN_AUTH_CRED_SSL_CLIENT_CERT * * ==================================================================== * Licensed to the Apache Software Foundation (ASF) under one * or more contributor license agreements. See the NOTICE file * distributed with this work for additional information * regarding copyright ownership. The ASF licenses this file * to you under the Apache License, Version 2.0 (the * "License"); you may not use this file except in compliance * with the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License. * ==================================================================== */ /* ==================================================================== */ /*** Includes. ***/ #include #include "svn_hash.h" #include "svn_auth.h" #include "svn_error.h" #include "svn_config.h" /*-----------------------------------------------------------------------*/ /* File provider */ /*-----------------------------------------------------------------------*/ /* retrieve and load the ssl client certificate file from servers config */ static svn_error_t * ssl_client_cert_file_first_credentials(void **credentials_p, void **iter_baton, void *provider_baton, apr_hash_t *parameters, const char *realmstring, apr_pool_t *pool) { svn_config_t *cfg = svn_hash_gets(parameters, SVN_AUTH_PARAM_CONFIG_CATEGORY_SERVERS); const char *server_group = svn_hash_gets(parameters, SVN_AUTH_PARAM_SERVER_GROUP); const char *cert_file; cert_file = svn_config_get_server_setting(cfg, server_group, SVN_CONFIG_OPTION_SSL_CLIENT_CERT_FILE, NULL); if (cert_file != NULL) { svn_auth_cred_ssl_client_cert_t *cred = apr_palloc(pool, sizeof(*cred)); cred->cert_file = cert_file; cred->may_save = FALSE; *credentials_p = cred; } else { *credentials_p = NULL; } *iter_baton = NULL; return SVN_NO_ERROR; } static const svn_auth_provider_t ssl_client_cert_file_provider = { SVN_AUTH_CRED_SSL_CLIENT_CERT, ssl_client_cert_file_first_credentials, NULL, NULL }; /*** Public API to SSL file providers. ***/ void svn_auth_get_ssl_client_cert_file_provider (svn_auth_provider_object_t **provider, apr_pool_t *pool) { svn_auth_provider_object_t *po = apr_pcalloc(pool, sizeof(*po)); po->vtable = &ssl_client_cert_file_provider; *provider = po; } /*-----------------------------------------------------------------------*/ /* Prompt provider */ /*-----------------------------------------------------------------------*/ /* Baton type for prompting to send client ssl creds. There is no iteration baton type. */ typedef struct ssl_client_cert_prompt_provider_baton_t { svn_auth_ssl_client_cert_prompt_func_t prompt_func; void *prompt_baton; /* how many times to re-prompt after the first one fails */ int retry_limit; } ssl_client_cert_prompt_provider_baton_t; /* Iteration baton. */ typedef struct ssl_client_cert_prompt_iter_baton_t { /* The original provider baton */ ssl_client_cert_prompt_provider_baton_t *pb; /* The original realmstring */ const char *realmstring; /* how many times we've reprompted */ int retries; } ssl_client_cert_prompt_iter_baton_t; static svn_error_t * ssl_client_cert_prompt_first_cred(void **credentials_p, void **iter_baton, void *provider_baton, apr_hash_t *parameters, const char *realmstring, apr_pool_t *pool) { ssl_client_cert_prompt_provider_baton_t *pb = provider_baton; ssl_client_cert_prompt_iter_baton_t *ib = apr_pcalloc(pool, sizeof(*ib)); const char *no_auth_cache = svn_hash_gets(parameters, SVN_AUTH_PARAM_NO_AUTH_CACHE); SVN_ERR(pb->prompt_func((svn_auth_cred_ssl_client_cert_t **) credentials_p, pb->prompt_baton, realmstring, ! no_auth_cache, pool)); ib->pb = pb; ib->realmstring = apr_pstrdup(pool, realmstring); ib->retries = 0; *iter_baton = ib; return SVN_NO_ERROR; } static svn_error_t * ssl_client_cert_prompt_next_cred(void **credentials_p, void *iter_baton, void *provider_baton, apr_hash_t *parameters, const char *realmstring, apr_pool_t *pool) { ssl_client_cert_prompt_iter_baton_t *ib = iter_baton; const char *no_auth_cache = svn_hash_gets(parameters, SVN_AUTH_PARAM_NO_AUTH_CACHE); if ((ib->pb->retry_limit >= 0) && (ib->retries >= ib->pb->retry_limit)) { /* give up, go on to next provider. */ *credentials_p = NULL; return SVN_NO_ERROR; } ib->retries++; return ib->pb->prompt_func((svn_auth_cred_ssl_client_cert_t **) credentials_p, ib->pb->prompt_baton, ib->realmstring, ! no_auth_cache, pool); } static const svn_auth_provider_t ssl_client_cert_prompt_provider = { SVN_AUTH_CRED_SSL_CLIENT_CERT, ssl_client_cert_prompt_first_cred, ssl_client_cert_prompt_next_cred, NULL }; /*** Public API to SSL prompting providers. ***/ void svn_auth_get_ssl_client_cert_prompt_provider (svn_auth_provider_object_t **provider, svn_auth_ssl_client_cert_prompt_func_t prompt_func, void *prompt_baton, int retry_limit, apr_pool_t *pool) { svn_auth_provider_object_t *po = apr_pcalloc(pool, sizeof(*po)); ssl_client_cert_prompt_provider_baton_t *pb = apr_palloc(pool, sizeof(*pb)); pb->prompt_func = prompt_func; pb->prompt_baton = prompt_baton; pb->retry_limit = retry_limit; po->vtable = &ssl_client_cert_prompt_provider; po->provider_baton = pb; *provider = po; }