2 * ssl_client_cert_providers.c: providers for
3 * SVN_AUTH_CRED_SSL_CLIENT_CERT
5 * ====================================================================
6 * Licensed to the Apache Software Foundation (ASF) under one
7 * or more contributor license agreements. See the NOTICE file
8 * distributed with this work for additional information
9 * regarding copyright ownership. The ASF licenses this file
10 * to you under the Apache License, Version 2.0 (the
11 * "License"); you may not use this file except in compliance
12 * with the License. You may obtain a copy of the License at
14 * http://www.apache.org/licenses/LICENSE-2.0
16 * Unless required by applicable law or agreed to in writing,
17 * software distributed under the License is distributed on an
18 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
19 * KIND, either express or implied. See the License for the
20 * specific language governing permissions and limitations
22 * ====================================================================
25 /* ==================================================================== */
31 #include <apr_pools.h>
34 #include "svn_error.h"
35 #include "svn_config.h"
38 /*-----------------------------------------------------------------------*/
40 /*-----------------------------------------------------------------------*/
42 /* retrieve and load the ssl client certificate file from servers
45 ssl_client_cert_file_first_credentials(void **credentials_p,
48 apr_hash_t *parameters,
49 const char *realmstring,
52 svn_config_t *cfg = svn_hash_gets(parameters,
53 SVN_AUTH_PARAM_CONFIG_CATEGORY_SERVERS);
54 const char *server_group = svn_hash_gets(parameters,
55 SVN_AUTH_PARAM_SERVER_GROUP);
56 const char *cert_file;
59 svn_config_get_server_setting(cfg, server_group,
60 SVN_CONFIG_OPTION_SSL_CLIENT_CERT_FILE,
63 if (cert_file != NULL)
65 svn_auth_cred_ssl_client_cert_t *cred =
66 apr_palloc(pool, sizeof(*cred));
68 cred->cert_file = cert_file;
69 cred->may_save = FALSE;
70 *credentials_p = cred;
74 *credentials_p = NULL;
82 static const svn_auth_provider_t ssl_client_cert_file_provider =
84 SVN_AUTH_CRED_SSL_CLIENT_CERT,
85 ssl_client_cert_file_first_credentials,
91 /*** Public API to SSL file providers. ***/
92 void svn_auth_get_ssl_client_cert_file_provider
93 (svn_auth_provider_object_t **provider, apr_pool_t *pool)
95 svn_auth_provider_object_t *po = apr_pcalloc(pool, sizeof(*po));
96 po->vtable = &ssl_client_cert_file_provider;
101 /*-----------------------------------------------------------------------*/
102 /* Prompt provider */
103 /*-----------------------------------------------------------------------*/
105 /* Baton type for prompting to send client ssl creds.
106 There is no iteration baton type. */
107 typedef struct ssl_client_cert_prompt_provider_baton_t
109 svn_auth_ssl_client_cert_prompt_func_t prompt_func;
112 /* how many times to re-prompt after the first one fails */
114 } ssl_client_cert_prompt_provider_baton_t;
116 /* Iteration baton. */
117 typedef struct ssl_client_cert_prompt_iter_baton_t
119 /* The original provider baton */
120 ssl_client_cert_prompt_provider_baton_t *pb;
122 /* The original realmstring */
123 const char *realmstring;
125 /* how many times we've reprompted */
127 } ssl_client_cert_prompt_iter_baton_t;
131 ssl_client_cert_prompt_first_cred(void **credentials_p,
133 void *provider_baton,
134 apr_hash_t *parameters,
135 const char *realmstring,
138 ssl_client_cert_prompt_provider_baton_t *pb = provider_baton;
139 ssl_client_cert_prompt_iter_baton_t *ib =
140 apr_pcalloc(pool, sizeof(*ib));
141 const char *no_auth_cache = svn_hash_gets(parameters,
142 SVN_AUTH_PARAM_NO_AUTH_CACHE);
144 SVN_ERR(pb->prompt_func((svn_auth_cred_ssl_client_cert_t **) credentials_p,
145 pb->prompt_baton, realmstring, ! no_auth_cache,
149 ib->realmstring = apr_pstrdup(pool, realmstring);
158 ssl_client_cert_prompt_next_cred(void **credentials_p,
160 void *provider_baton,
161 apr_hash_t *parameters,
162 const char *realmstring,
165 ssl_client_cert_prompt_iter_baton_t *ib = iter_baton;
166 const char *no_auth_cache = svn_hash_gets(parameters,
167 SVN_AUTH_PARAM_NO_AUTH_CACHE);
169 if ((ib->pb->retry_limit >= 0) && (ib->retries >= ib->pb->retry_limit))
171 /* give up, go on to next provider. */
172 *credentials_p = NULL;
177 return ib->pb->prompt_func((svn_auth_cred_ssl_client_cert_t **)
178 credentials_p, ib->pb->prompt_baton,
179 ib->realmstring, ! no_auth_cache, pool);
183 static const svn_auth_provider_t ssl_client_cert_prompt_provider = {
184 SVN_AUTH_CRED_SSL_CLIENT_CERT,
185 ssl_client_cert_prompt_first_cred,
186 ssl_client_cert_prompt_next_cred,
191 /*** Public API to SSL prompting providers. ***/
192 void svn_auth_get_ssl_client_cert_prompt_provider
193 (svn_auth_provider_object_t **provider,
194 svn_auth_ssl_client_cert_prompt_func_t prompt_func,
199 svn_auth_provider_object_t *po = apr_pcalloc(pool, sizeof(*po));
200 ssl_client_cert_prompt_provider_baton_t *pb = apr_palloc(pool, sizeof(*pb));
202 pb->prompt_func = prompt_func;
203 pb->prompt_baton = prompt_baton;
204 pb->retry_limit = retry_limit;
206 po->vtable = &ssl_client_cert_prompt_provider;
207 po->provider_baton = pb;