3 * ====================================================================
4 * Licensed to the Apache Software Foundation (ASF) under one
5 * or more contributor license agreements. See the NOTICE file
6 * distributed with this work for additional information
7 * regarding copyright ownership. The ASF licenses this file
8 * to you under the Apache License, Version 2.0 (the
9 * "License"); you may not use this file except in compliance
10 * with the License. You may obtain a copy of the License at
12 * http://www.apache.org/licenses/LICENSE-2.0
14 * Unless required by applicable law or agreed to in writing,
15 * software distributed under the License is distributed on an
16 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17 * KIND, either express or implied. See the License for the
18 * specific language governing permissions and limitations
20 * ====================================================================
23 * @file svn_auth_private.h
24 * @brief Subversion's authentication system - Internal routines
27 #ifndef SVN_AUTH_PRIVATE_H
28 #define SVN_AUTH_PRIVATE_H
30 #include <apr_pools.h>
33 #include "svn_types.h"
34 #include "svn_error.h"
38 #endif /* __cplusplus */
40 /* If you add a password type for a provider which stores
41 * passwords on disk in encrypted form, remember to update
42 * svn_auth__simple_save_creds_helper. Otherwise it will be
43 * assumed that your provider stores passwords in plaintext. */
44 #define SVN_AUTH__SIMPLE_PASSWORD_TYPE "simple"
45 #define SVN_AUTH__WINCRYPT_PASSWORD_TYPE "wincrypt"
46 #define SVN_AUTH__KEYCHAIN_PASSWORD_TYPE "keychain"
47 #define SVN_AUTH__KWALLET_PASSWORD_TYPE "kwallet"
48 #define SVN_AUTH__GNOME_KEYRING_PASSWORD_TYPE "gnome-keyring"
49 #define SVN_AUTH__GPG_AGENT_PASSWORD_TYPE "gpg-agent"
51 /* A function that stores in *PASSWORD (potentially after decrypting it)
52 the user's password. It might be obtained directly from CREDS, or
53 from an external store, using REALMSTRING and USERNAME as keys.
54 (The behavior is undefined if REALMSTRING or USERNAME are NULL.)
55 If NON_INTERACTIVE is set, the user must not be involved in the
56 retrieval process. Set *DONE to TRUE if a password was stored
57 in *PASSWORD, to FALSE otherwise. POOL is used for any necessary
59 typedef svn_error_t * (*svn_auth__password_get_t)
61 const char **password,
63 const char *realmstring,
65 apr_hash_t *parameters,
66 svn_boolean_t non_interactive,
69 /* A function that stores PASSWORD (or some encrypted version thereof)
70 either directly in CREDS, or externally using REALMSTRING and USERNAME
71 as keys into the external store. If NON_INTERACTIVE is set, the user
72 must not be involved in the storage process. Set *DONE to TRUE if the
73 password was store, to FALSE otherwise. POOL is used for any necessary
75 typedef svn_error_t * (*svn_auth__password_set_t)
78 const char *realmstring,
81 apr_hash_t *parameters,
82 svn_boolean_t non_interactive,
85 /* Use PARAMETERS and REALMSTRING to set *CREDENTIALS to a set of
86 pre-cached authentication credentials pulled from the simple
87 credential cache store identified by PASSTYPE. PASSWORD_GET is
88 used to obtain the password value. Allocate *CREDENTIALS from
91 NOTE: This function is a common implementation of code used by
92 several of the simple credential providers (the default disk cache
93 mechanism, Windows CryptoAPI, GNOME Keyring, etc.), typically in
94 their "first_creds" implementation. */
96 svn_auth__simple_creds_cache_get(void **credentials,
99 apr_hash_t *parameters,
100 const char *realmstring,
101 svn_auth__password_get_t password_get,
102 const char *passtype,
105 /* Use PARAMETERS and REALMSTRING to save CREDENTIALS in the simple
106 credential cache store identified by PASSTYPE. PASSWORD_SET is
107 used to do the actual storage. Use POOL for necessary allocations.
108 Set *SAVED according to whether or not the credentials were
111 NOTE: This function is a common implementation of code used by
112 several of the simple credential providers (the default disk cache
113 mechanism, Windows CryptoAPI, GNOME Keyring, etc.) typically in
114 their "save_creds" implementation. */
116 svn_auth__simple_creds_cache_set(svn_boolean_t *saved,
118 void *provider_baton,
119 apr_hash_t *parameters,
120 const char *realmstring,
121 svn_auth__password_set_t password_set,
122 const char *passtype,
125 /* Implementation of svn_auth__password_get_t that retrieves
126 the plaintext password from CREDS when USERNAME matches the stored
129 svn_auth__simple_password_get(svn_boolean_t *done,
130 const char **password,
132 const char *realmstring,
133 const char *username,
134 apr_hash_t *parameters,
135 svn_boolean_t non_interactive,
138 /* Implementation of svn_auth__password_set_t that stores
139 the plaintext password in CREDS. */
141 svn_auth__simple_password_set(svn_boolean_t *done,
143 const char *realmstring,
144 const char *username,
145 const char *password,
146 apr_hash_t *parameters,
147 svn_boolean_t non_interactive,
151 /* Use PARAMETERS and REALMSTRING to set *CREDENTIALS to a set of
152 pre-cached authentication credentials pulled from the SSL client
153 certificate passphrase credential cache store identified by
154 PASSTYPE. PASSPHRASE_GET is used to obtain the passphrase value.
155 Allocate *CREDENTIALS from POOL.
157 NOTE: This function is a common implementation of code used by
158 several of the ssl client passphrase credential providers (the
159 default disk cache mechanism, Windows CryptoAPI, GNOME Keyring,
160 etc.), typically in their "first_creds" implementation. */
162 svn_auth__ssl_client_cert_pw_cache_get(void **credentials,
164 void *provider_baton,
165 apr_hash_t *parameters,
166 const char *realmstring,
167 svn_auth__password_get_t passphrase_get,
168 const char *passtype,
171 /* Use PARAMETERS and REALMSTRING to save CREDENTIALS in the SSL
172 client certificate passphrase credential cache store identified by
173 PASSTYPE. PASSPHRASE_SET is used to do the actual storage. Use
174 POOL for necessary allocations. Set *SAVED according to whether or
175 not the credentials were successfully stored.
177 NOTE: This function is a common implementation of code used by
178 several of the simple credential providers (the default disk cache
179 mechanism, Windows CryptoAPI, GNOME Keyring, etc.) typically in
180 their "save_creds" implementation. */
182 svn_auth__ssl_client_cert_pw_cache_set(svn_boolean_t *saved,
184 void *provider_baton,
185 apr_hash_t *parameters,
186 const char *realmstring,
187 svn_auth__password_set_t passphrase_set,
188 const char *passtype,
191 /* This implements the svn_auth__password_get_t interface.
192 Set **PASSPHRASE to the plaintext passphrase retrieved from CREDS;
193 ignore other parameters. */
195 svn_auth__ssl_client_cert_pw_get(svn_boolean_t *done,
196 const char **passphrase,
198 const char *realmstring,
199 const char *username,
200 apr_hash_t *parameters,
201 svn_boolean_t non_interactive,
204 /* This implements the svn_auth__password_set_t interface.
205 Store PASSPHRASE in CREDS; ignore other parameters. */
207 svn_auth__ssl_client_cert_pw_set(svn_boolean_t *done,
209 const char *realmstring,
210 const char *username,
211 const char *passphrase,
212 apr_hash_t *parameters,
213 svn_boolean_t non_interactive,
218 #endif /* __cplusplus */
220 #endif /* SVN_AUTH_PRIVATE_H */