contrib/subversion/subversion/libsvn_subr/config_auth.c

   1 /*
   2  * config_auth.c :  authentication files in the user config area
   3  *
   4  * ====================================================================
   5  *    Licensed to the Apache Software Foundation (ASF) under one
   6  *    or more contributor license agreements.  See the NOTICE file
   7  *    distributed with this work for additional information
   8  *    regarding copyright ownership.  The ASF licenses this file
   9  *    to you under the Apache License, Version 2.0 (the
  10  *    "License"); you may not use this file except in compliance
  11  *    with the License.  You may obtain a copy of the License at
  12  *
  13  *      http://www.apache.org/licenses/LICENSE-2.0
  14  *
  15  *    Unless required by applicable law or agreed to in writing,
  16  *    software distributed under the License is distributed on an
  17  *    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  18  *    KIND, either express or implied.  See the License for the
  19  *    specific language governing permissions and limitations
  20  *    under the License.
  21  * ====================================================================
  22  */
  23
  24
  25 \f
  26 #include "svn_dirent_uri.h"
  27 #include "svn_hash.h"
  28 #include "svn_io.h"
  29 #include "svn_pools.h"
  30 #include "config_impl.h"
  31
  32 #include "auth.h"
  33
  34 #include "svn_private_config.h"
  35
  36 #include "private/svn_auth_private.h"
  37
  38 /* Helper for svn_config_{read|write}_auth_data.  Return a path to a
  39    file within ~/.subversion/auth/ that holds CRED_KIND credentials
  40    within REALMSTRING.  If no path is available *PATH will be set to
  41    NULL. */
  42 svn_error_t *
  43 svn_auth__file_path(const char **path,
  44                     const char *cred_kind,
  45                     const char *realmstring,
  46                     const char *config_dir,
  47                     apr_pool_t *pool)
  48 {
  49   const char *authdir_path, *hexname;
  50   svn_checksum_t *checksum;
  51
  52   /* Construct the path to the directory containing the creds files,
  53      e.g. "~/.subversion/auth/svn.simple".  The last component is
  54      simply the cred_kind.  */
  55   SVN_ERR(svn_config_get_user_config_path(&authdir_path, config_dir,
  56                                           SVN_CONFIG__AUTH_SUBDIR, pool));
  57   if (authdir_path)
  58     {
  59       authdir_path = svn_dirent_join(authdir_path, cred_kind, pool);
  60
  61       /* Construct the basename of the creds file.  It's just the
  62          realmstring converted into an md5 hex string.  */
  63       SVN_ERR(svn_checksum(&checksum, svn_checksum_md5, realmstring,
  64                            strlen(realmstring), pool));
  65       hexname = svn_checksum_to_cstring(checksum, pool);
  66
  67       *path = svn_dirent_join(authdir_path, hexname, pool);
  68     }
  69   else
  70     *path = NULL;
  71
  72   return SVN_NO_ERROR;
  73 }
  74
  75
  76 svn_error_t *
  77 svn_config_read_auth_data(apr_hash_t **hash,
  78                           const char *cred_kind,
  79                           const char *realmstring,
  80                           const char *config_dir,
  81                           apr_pool_t *pool)
  82 {
  83   svn_node_kind_t kind;
  84   const char *auth_path;
  85
  86   *hash = NULL;
  87
  88   SVN_ERR(svn_auth__file_path(&auth_path, cred_kind, realmstring, config_dir,
  89                               pool));
  90   if (! auth_path)
  91     return SVN_NO_ERROR;
  92
  93   SVN_ERR(svn_io_check_path(auth_path, &kind, pool));
  94   if (kind == svn_node_file)
  95     {
  96       svn_stream_t *stream;
  97
  98       SVN_ERR_W(svn_stream_open_readonly(&stream, auth_path, pool, pool),
  99                 _("Unable to open auth file for reading"));
 100
 101       *hash = apr_hash_make(pool);
 102
 103       SVN_ERR_W(svn_hash_read2(*hash, stream, SVN_HASH_TERMINATOR, pool),
 104                 apr_psprintf(pool, _("Error parsing '%s'"),
 105                              svn_dirent_local_style(auth_path, pool)));
 106
 107       SVN_ERR(svn_stream_close(stream));
 108     }
 109
 110   return SVN_NO_ERROR;
 111 }
 112
 113
 114 svn_error_t *
 115 svn_config_write_auth_data(apr_hash_t *hash,
 116                            const char *cred_kind,
 117                            const char *realmstring,
 118                            const char *config_dir,
 119                            apr_pool_t *pool)
 120 {
 121   apr_file_t *authfile = NULL;
 122   svn_stream_t *stream;
 123   const char *auth_path;
 124
 125   SVN_ERR(svn_auth__file_path(&auth_path, cred_kind, realmstring, config_dir,
 126                               pool));
 127   if (! auth_path)
 128     return svn_error_create(SVN_ERR_NO_AUTH_FILE_PATH, NULL,
 129                             _("Unable to locate auth file"));
 130
 131   /* Add the realmstring to the hash, so programs (or users) can
 132      verify exactly which set of credentials this file holds.  */
 133   svn_hash_sets(hash, SVN_CONFIG_REALMSTRING_KEY,
 134                 svn_string_create(realmstring, pool));
 135
 136   SVN_ERR_W(svn_io_file_open(&authfile, auth_path,
 137                              (APR_WRITE | APR_CREATE | APR_TRUNCATE
 138                               | APR_BUFFERED),
 139                              APR_OS_DEFAULT, pool),
 140             _("Unable to open auth file for writing"));
 141
 142   stream = svn_stream_from_aprfile2(authfile, FALSE, pool);
 143   SVN_ERR_W(svn_hash_write2(hash, stream, SVN_HASH_TERMINATOR, pool),
 144             apr_psprintf(pool, _("Error writing hash to '%s'"),
 145                          svn_dirent_local_style(auth_path, pool)));
 146
 147   SVN_ERR(svn_stream_close(stream));
 148
 149   /* To be nice, remove the realmstring from the hash again, just in
 150      case the caller wants their hash unchanged. */
 151   svn_hash_sets(hash, SVN_CONFIG_REALMSTRING_KEY, NULL);
 152
 153   return SVN_NO_ERROR;
 154 }
 155
 156
 157 svn_error_t *
 158 svn_config_walk_auth_data(const char *config_dir,
 159                           svn_config_auth_walk_func_t walk_func,
 160                           void *walk_baton,
 161                           apr_pool_t *scratch_pool)
 162 {
 163   int i;
 164   apr_pool_t *iterpool;
 165   svn_boolean_t finished = FALSE;
 166   const char *cred_kinds[] =
 167     {
 168       SVN_AUTH_CRED_SIMPLE,
 169       SVN_AUTH_CRED_USERNAME,
 170       SVN_AUTH_CRED_SSL_CLIENT_CERT,
 171       SVN_AUTH_CRED_SSL_CLIENT_CERT_PW,
 172       SVN_AUTH_CRED_SSL_SERVER_TRUST,
 173       NULL
 174     };
 175
 176   if (! config_dir)
 177     {
 178       /* Can't locate the cache to clear */
 179       return SVN_NO_ERROR;
 180     }
 181
 182   iterpool = svn_pool_create(scratch_pool);
 183   for (i = 0; cred_kinds[i]; i++)
 184     {
 185       const char *item_path;
 186       const char *dir_path;
 187       apr_hash_t *nodes;
 188       svn_error_t *err;
 189       apr_pool_t *itempool;
 190       apr_hash_index_t *hi;
 191
 192       svn_pool_clear(iterpool);
 193
 194       if (finished)
 195         break;
 196
 197       SVN_ERR(svn_auth__file_path(&item_path, cred_kinds[i], "!", config_dir,
 198                                   iterpool));
 199
 200       dir_path = svn_dirent_dirname(item_path, iterpool);
 201
 202       err = svn_io_get_dirents3(&nodes, dir_path, TRUE, iterpool, iterpool);
 203       if (err)
 204         {
 205           if (!APR_STATUS_IS_ENOENT(err->apr_err)
 206               && !SVN__APR_STATUS_IS_ENOTDIR(err->apr_err))
 207             return svn_error_trace(err);
 208
 209           svn_error_clear(err);
 210           continue;
 211         }
 212
 213       itempool = svn_pool_create(iterpool);
 214       for (hi = apr_hash_first(iterpool, nodes); hi; hi = apr_hash_next(hi))
 215         {
 216           svn_io_dirent2_t *dirent = svn__apr_hash_index_val(hi);
 217           svn_stream_t *stream;
 218           apr_hash_t *creds_hash;
 219           const svn_string_t *realm;
 220           svn_boolean_t delete_file = FALSE;
 221
 222           if (finished)
 223             break;
 224
 225           if (dirent->kind != svn_node_file)
 226             continue;
 227
 228           svn_pool_clear(itempool);
 229
 230           item_path = svn_dirent_join(dir_path, svn__apr_hash_index_key(hi),
 231                                       itempool);
 232
 233           err = svn_stream_open_readonly(&stream, item_path,
 234                                          itempool, itempool);
 235           if (err)
 236             {
 237               /* Ignore this file. There are no credentials in it anyway */
 238               svn_error_clear(err);
 239               continue;
 240             }
 241
 242           creds_hash = apr_hash_make(itempool);
 243           err = svn_hash_read2(creds_hash, stream,
 244                                SVN_HASH_TERMINATOR, itempool);
 245           err = svn_error_compose_create(err, svn_stream_close(stream));
 246           if (err)
 247             {
 248               /* Ignore this file. There are no credentials in it anyway */
 249               svn_error_clear(err);
 250               continue;
 251             }
 252
 253           realm = svn_hash_gets(creds_hash, SVN_CONFIG_REALMSTRING_KEY);
 254           if (! realm)
 255             continue; /* Not an auth file */
 256
 257           err = walk_func(&delete_file, walk_baton, cred_kinds[i],
 258                           realm->data, creds_hash, itempool);
 259           if (err && err->apr_err == SVN_ERR_CEASE_INVOCATION)
 260             {
 261               svn_error_clear(err);
 262               err = SVN_NO_ERROR;
 263               finished = TRUE;
 264             }
 265           SVN_ERR(err);
 266
 267           if (delete_file)
 268             {
 269               /* Delete the file on disk */
 270               SVN_ERR(svn_io_remove_file2(item_path, TRUE, itempool));
 271             }
 272         }
 273     }
 274
 275   svn_pool_destroy(iterpool);
 276   return SVN_NO_ERROR;
 277 }