contrib/subversion/subversion/libsvn_subr/ssl_client_cert_providers.c

   1 /*
   2  * ssl_client_cert_providers.c: providers for
   3  * SVN_AUTH_CRED_SSL_CLIENT_CERT
   4  *
   5  * ====================================================================
   6  *    Licensed to the Apache Software Foundation (ASF) under one
   7  *    or more contributor license agreements.  See the NOTICE file
   8  *    distributed with this work for additional information
   9  *    regarding copyright ownership.  The ASF licenses this file
  10  *    to you under the Apache License, Version 2.0 (the
  11  *    "License"); you may not use this file except in compliance
  12  *    with the License.  You may obtain a copy of the License at
  13  *
  14  *      http://www.apache.org/licenses/LICENSE-2.0
  15  *
  16  *    Unless required by applicable law or agreed to in writing,
  17  *    software distributed under the License is distributed on an
  18  *    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  19  *    KIND, either express or implied.  See the License for the
  20  *    specific language governing permissions and limitations
  21  *    under the License.
  22  * ====================================================================
  23  */
  24
  25 /* ==================================================================== */
  26
  27
  28 \f
  29 /*** Includes. ***/
  30
  31 #include <apr_pools.h>
  32 #include "svn_hash.h"
  33 #include "svn_auth.h"
  34 #include "svn_error.h"
  35 #include "svn_config.h"
  36
  37 \f
  38 /*-----------------------------------------------------------------------*/
  39 /* File provider                                                         */
  40 /*-----------------------------------------------------------------------*/
  41
  42 /* retrieve and load the ssl client certificate file from servers
  43    config */
  44 static svn_error_t *
  45 ssl_client_cert_file_first_credentials(void **credentials_p,
  46                                        void **iter_baton,
  47                                        void *provider_baton,
  48                                        apr_hash_t *parameters,
  49                                        const char *realmstring,
  50                                        apr_pool_t *pool)
  51 {
  52   svn_config_t *cfg = svn_hash_gets(parameters,
  53                                     SVN_AUTH_PARAM_CONFIG_CATEGORY_SERVERS);
  54   const char *server_group = svn_hash_gets(parameters,
  55                                            SVN_AUTH_PARAM_SERVER_GROUP);
  56   const char *cert_file;
  57
  58   cert_file =
  59     svn_config_get_server_setting(cfg, server_group,
  60                                   SVN_CONFIG_OPTION_SSL_CLIENT_CERT_FILE,
  61                                   NULL);
  62
  63   if (cert_file != NULL)
  64     {
  65       svn_auth_cred_ssl_client_cert_t *cred =
  66         apr_palloc(pool, sizeof(*cred));
  67
  68       cred->cert_file = cert_file;
  69       cred->may_save = FALSE;
  70       *credentials_p = cred;
  71     }
  72   else
  73     {
  74       *credentials_p = NULL;
  75     }
  76
  77   *iter_baton = NULL;
  78   return SVN_NO_ERROR;
  79 }
  80
  81
  82 static const svn_auth_provider_t ssl_client_cert_file_provider =
  83   {
  84     SVN_AUTH_CRED_SSL_CLIENT_CERT,
  85     ssl_client_cert_file_first_credentials,
  86     NULL,
  87     NULL
  88   };
  89
  90
  91 /*** Public API to SSL file providers. ***/
  92 void svn_auth_get_ssl_client_cert_file_provider
  93   (svn_auth_provider_object_t **provider, apr_pool_t *pool)
  94 {
  95   svn_auth_provider_object_t *po = apr_pcalloc(pool, sizeof(*po));
  96   po->vtable = &ssl_client_cert_file_provider;
  97   *provider = po;
  98 }
  99
 100 \f
 101 /*-----------------------------------------------------------------------*/
 102 /* Prompt provider                                                       */
 103 /*-----------------------------------------------------------------------*/
 104
 105 /* Baton type for prompting to send client ssl creds.
 106    There is no iteration baton type. */
 107 typedef struct ssl_client_cert_prompt_provider_baton_t
 108 {
 109   svn_auth_ssl_client_cert_prompt_func_t prompt_func;
 110   void *prompt_baton;
 111
 112   /* how many times to re-prompt after the first one fails */
 113   int retry_limit;
 114 } ssl_client_cert_prompt_provider_baton_t;
 115
 116 /* Iteration baton. */
 117 typedef struct ssl_client_cert_prompt_iter_baton_t
 118 {
 119   /* The original provider baton */
 120   ssl_client_cert_prompt_provider_baton_t *pb;
 121
 122   /* The original realmstring */
 123   const char *realmstring;
 124
 125   /* how many times we've reprompted */
 126   int retries;
 127 } ssl_client_cert_prompt_iter_baton_t;
 128
 129
 130 static svn_error_t *
 131 ssl_client_cert_prompt_first_cred(void **credentials_p,
 132                                   void **iter_baton,
 133                                   void *provider_baton,
 134                                   apr_hash_t *parameters,
 135                                   const char *realmstring,
 136                                   apr_pool_t *pool)
 137 {
 138   ssl_client_cert_prompt_provider_baton_t *pb = provider_baton;
 139   ssl_client_cert_prompt_iter_baton_t *ib =
 140     apr_pcalloc(pool, sizeof(*ib));
 141   const char *no_auth_cache = svn_hash_gets(parameters,
 142                                             SVN_AUTH_PARAM_NO_AUTH_CACHE);
 143
 144   SVN_ERR(pb->prompt_func((svn_auth_cred_ssl_client_cert_t **) credentials_p,
 145                           pb->prompt_baton, realmstring, ! no_auth_cache,
 146                           pool));
 147
 148   ib->pb = pb;
 149   ib->realmstring = apr_pstrdup(pool, realmstring);
 150   ib->retries = 0;
 151   *iter_baton = ib;
 152
 153   return SVN_NO_ERROR;
 154 }
 155
 156
 157 static svn_error_t *
 158 ssl_client_cert_prompt_next_cred(void **credentials_p,
 159                                  void *iter_baton,
 160                                  void *provider_baton,
 161                                  apr_hash_t *parameters,
 162                                  const char *realmstring,
 163                                  apr_pool_t *pool)
 164 {
 165   ssl_client_cert_prompt_iter_baton_t *ib = iter_baton;
 166   const char *no_auth_cache = svn_hash_gets(parameters,
 167                                             SVN_AUTH_PARAM_NO_AUTH_CACHE);
 168
 169   if ((ib->pb->retry_limit >= 0) && (ib->retries >= ib->pb->retry_limit))
 170     {
 171       /* give up, go on to next provider. */
 172       *credentials_p = NULL;
 173       return SVN_NO_ERROR;
 174     }
 175   ib->retries++;
 176
 177   return ib->pb->prompt_func((svn_auth_cred_ssl_client_cert_t **)
 178                              credentials_p, ib->pb->prompt_baton,
 179                              ib->realmstring, ! no_auth_cache, pool);
 180 }
 181
 182
 183 static const svn_auth_provider_t ssl_client_cert_prompt_provider = {
 184   SVN_AUTH_CRED_SSL_CLIENT_CERT,
 185   ssl_client_cert_prompt_first_cred,
 186   ssl_client_cert_prompt_next_cred,
 187   NULL
 188 };
 189
 190
 191 /*** Public API to SSL prompting providers. ***/
 192 void svn_auth_get_ssl_client_cert_prompt_provider
 193   (svn_auth_provider_object_t **provider,
 194    svn_auth_ssl_client_cert_prompt_func_t prompt_func,
 195    void *prompt_baton,
 196    int retry_limit,
 197    apr_pool_t *pool)
 198 {
 199   svn_auth_provider_object_t *po = apr_pcalloc(pool, sizeof(*po));
 200   ssl_client_cert_prompt_provider_baton_t *pb = apr_palloc(pool, sizeof(*pb));
 201
 202   pb->prompt_func = prompt_func;
 203   pb->prompt_baton = prompt_baton;
 204   pb->retry_limit = retry_limit;
 205
 206   po->vtable = &ssl_client_cert_prompt_provider;
 207   po->provider_baton = pb;
 208   *provider = po;
 209 }