contrib/subversion/subversion/libsvn_subr/config_auth.c

   1 /*
   2  * config_auth.c :  authentication files in the user config area
   3  *
   4  * ====================================================================
   5  *    Licensed to the Apache Software Foundation (ASF) under one
   6  *    or more contributor license agreements.  See the NOTICE file
   7  *    distributed with this work for additional information
   8  *    regarding copyright ownership.  The ASF licenses this file
   9  *    to you under the Apache License, Version 2.0 (the
  10  *    "License"); you may not use this file except in compliance
  11  *    with the License.  You may obtain a copy of the License at
  12  *
  13  *      http://www.apache.org/licenses/LICENSE-2.0
  14  *
  15  *    Unless required by applicable law or agreed to in writing,
  16  *    software distributed under the License is distributed on an
  17  *    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  18  *    KIND, either express or implied.  See the License for the
  19  *    specific language governing permissions and limitations
  20  *    under the License.
  21  * ====================================================================
  22  */
  23
  24
  25 \f
  26 #include "svn_dirent_uri.h"
  27 #include "svn_hash.h"
  28 #include "svn_io.h"
  29 #include "svn_pools.h"
  30 #include "config_impl.h"
  31
  32 #include "auth.h"
  33
  34 #include "svn_private_config.h"
  35
  36 #include "private/svn_auth_private.h"
  37
  38 /* Helper for svn_config_{read|write}_auth_data.  Return a path to a
  39    file within ~/.subversion/auth/ that holds CRED_KIND credentials
  40    within REALMSTRING.  If no path is available *PATH will be set to
  41    NULL. */
  42 svn_error_t *
  43 svn_auth__file_path(const char **path,
  44                     const char *cred_kind,
  45                     const char *realmstring,
  46                     const char *config_dir,
  47                     apr_pool_t *pool)
  48 {
  49   const char *authdir_path, *hexname;
  50   svn_checksum_t *checksum;
  51
  52   /* Construct the path to the directory containing the creds files,
  53      e.g. "~/.subversion/auth/svn.simple".  The last component is
  54      simply the cred_kind.  */
  55   SVN_ERR(svn_config_get_user_config_path(&authdir_path, config_dir,
  56                                           SVN_CONFIG__AUTH_SUBDIR, pool));
  57   if (authdir_path)
  58     {
  59       authdir_path = svn_dirent_join(authdir_path, cred_kind, pool);
  60
  61       /* Construct the basename of the creds file.  It's just the
  62          realmstring converted into an md5 hex string.  */
  63       SVN_ERR(svn_checksum(&checksum, svn_checksum_md5, realmstring,
  64                            strlen(realmstring), pool));
  65       hexname = svn_checksum_to_cstring(checksum, pool);
  66
  67       *path = svn_dirent_join(authdir_path, hexname, pool);
  68     }
  69   else
  70     *path = NULL;
  71
  72   return SVN_NO_ERROR;
  73 }
  74
  75
  76 svn_error_t *
  77 svn_config_read_auth_data(apr_hash_t **hash,
  78                           const char *cred_kind,
  79                           const char *realmstring,
  80                           const char *config_dir,
  81                           apr_pool_t *pool)
  82 {
  83   svn_node_kind_t kind;
  84   const char *auth_path;
  85
  86   *hash = NULL;
  87
  88   SVN_ERR(svn_auth__file_path(&auth_path, cred_kind, realmstring, config_dir,
  89                               pool));
  90   if (! auth_path)
  91     return SVN_NO_ERROR;
  92
  93   SVN_ERR(svn_io_check_path(auth_path, &kind, pool));
  94   if (kind == svn_node_file)
  95     {
  96       svn_stream_t *stream;
  97
  98       SVN_ERR_W(svn_stream_open_readonly(&stream, auth_path, pool, pool),
  99                 _("Unable to open auth file for reading"));
 100
 101       *hash = apr_hash_make(pool);
 102
 103       SVN_ERR_W(svn_hash_read2(*hash, stream, SVN_HASH_TERMINATOR, pool),
 104                 apr_psprintf(pool, _("Error parsing '%s'"),
 105                              svn_dirent_local_style(auth_path, pool)));
 106
 107       SVN_ERR(svn_stream_close(stream));
 108     }
 109
 110   return SVN_NO_ERROR;
 111 }
 112
 113
 114 svn_error_t *
 115 svn_config_write_auth_data(apr_hash_t *hash,
 116                            const char *cred_kind,
 117                            const char *realmstring,
 118                            const char *config_dir,
 119                            apr_pool_t *pool)
 120 {
 121   apr_file_t *authfile = NULL;
 122   svn_stream_t *stream;
 123   const char *auth_path;
 124
 125   SVN_ERR(svn_auth__file_path(&auth_path, cred_kind, realmstring, config_dir,
 126                               pool));
 127   if (! auth_path)
 128     return svn_error_create(SVN_ERR_NO_AUTH_FILE_PATH, NULL,
 129                             _("Unable to locate auth file"));
 130
 131   /* Add the realmstring to the hash, so programs (or users) can
 132      verify exactly which set of credentials this file holds.  */
 133   svn_hash_sets(hash, SVN_CONFIG_REALMSTRING_KEY,
 134                 svn_string_create(realmstring, pool));
 135
 136   SVN_ERR_W(svn_io_file_open(&authfile, auth_path,
 137                              (APR_WRITE | APR_CREATE | APR_TRUNCATE
 138                               | APR_BUFFERED),
 139                              APR_OS_DEFAULT, pool),
 140             _("Unable to open auth file for writing"));
 141
 142   stream = svn_stream_from_aprfile2(authfile, FALSE, pool);
 143   SVN_ERR_W(svn_hash_write2(hash, stream, SVN_HASH_TERMINATOR, pool),
 144             apr_psprintf(pool, _("Error writing hash to '%s'"),
 145                          svn_dirent_local_style(auth_path, pool)));
 146
 147   SVN_ERR(svn_stream_close(stream));
 148
 149   /* To be nice, remove the realmstring from the hash again, just in
 150      case the caller wants their hash unchanged. */
 151   svn_hash_sets(hash, SVN_CONFIG_REALMSTRING_KEY, NULL);
 152
 153   return SVN_NO_ERROR;
 154 }
 155
 156
 157 svn_error_t *
 158 svn_config_walk_auth_data(const char *config_dir,
 159                           svn_config_auth_walk_func_t walk_func,
 160                           void *walk_baton,
 161                           apr_pool_t *scratch_pool)
 162 {
 163   int i;
 164   apr_pool_t *iterpool;
 165   svn_boolean_t finished = FALSE;
 166   const char *cred_kinds[] =
 167     {
 168       SVN_AUTH_CRED_SIMPLE,
 169       SVN_AUTH_CRED_USERNAME,
 170       SVN_AUTH_CRED_SSL_CLIENT_CERT,
 171       SVN_AUTH_CRED_SSL_CLIENT_CERT_PW,
 172       SVN_AUTH_CRED_SSL_SERVER_TRUST,
 173       NULL
 174     };
 175
 176   iterpool = svn_pool_create(scratch_pool);
 177   for (i = 0; cred_kinds[i]; i++)
 178     {
 179       const char *item_path;
 180       const char *dir_path;
 181       apr_hash_t *nodes;
 182       svn_error_t *err;
 183       apr_pool_t *itempool;
 184       apr_hash_index_t *hi;
 185
 186       svn_pool_clear(iterpool);
 187
 188       if (finished)
 189         break;
 190
 191       SVN_ERR(svn_auth__file_path(&item_path, cred_kinds[i], "!", config_dir,
 192                                   iterpool));
 193
 194       dir_path = svn_dirent_dirname(item_path, iterpool);
 195
 196       err = svn_io_get_dirents3(&nodes, dir_path, TRUE, iterpool, iterpool);
 197       if (err)
 198         {
 199           if (!APR_STATUS_IS_ENOENT(err->apr_err)
 200               && !SVN__APR_STATUS_IS_ENOTDIR(err->apr_err))
 201             return svn_error_trace(err);
 202
 203           svn_error_clear(err);
 204           continue;
 205         }
 206
 207       itempool = svn_pool_create(iterpool);
 208       for (hi = apr_hash_first(iterpool, nodes); hi; hi = apr_hash_next(hi))
 209         {
 210           svn_io_dirent2_t *dirent = svn__apr_hash_index_val(hi);
 211           svn_stream_t *stream;
 212           apr_hash_t *creds_hash;
 213           const svn_string_t *realm;
 214           svn_boolean_t delete_file = FALSE;
 215
 216           if (finished)
 217             break;
 218
 219           if (dirent->kind != svn_node_file)
 220             continue;
 221
 222           svn_pool_clear(itempool);
 223
 224           item_path = svn_dirent_join(dir_path, svn__apr_hash_index_key(hi),
 225                                       itempool);
 226
 227           err = svn_stream_open_readonly(&stream, item_path,
 228                                          itempool, itempool);
 229           if (err)
 230             {
 231               /* Ignore this file. There are no credentials in it anyway */
 232               svn_error_clear(err);
 233               continue;
 234             }
 235
 236           creds_hash = apr_hash_make(itempool);
 237           err = svn_hash_read2(creds_hash, stream,
 238                                SVN_HASH_TERMINATOR, itempool);
 239           err = svn_error_compose_create(err, svn_stream_close(stream));
 240           if (err)
 241             {
 242               /* Ignore this file. There are no credentials in it anyway */
 243               svn_error_clear(err);
 244               continue;
 245             }
 246
 247           realm = svn_hash_gets(creds_hash, SVN_CONFIG_REALMSTRING_KEY);
 248           if (! realm)
 249             continue; /* Not an auth file */
 250
 251           err = walk_func(&delete_file, walk_baton, cred_kinds[i],
 252                           realm->data, creds_hash, itempool);
 253           if (err && err->apr_err == SVN_ERR_CEASE_INVOCATION)
 254             {
 255               svn_error_clear(err);
 256               err = SVN_NO_ERROR;
 257               finished = TRUE;
 258             }
 259           SVN_ERR(err);
 260
 261           if (delete_file)
 262             {
 263               /* Delete the file on disk */
 264               SVN_ERR(svn_io_remove_file2(item_path, TRUE, itempool));
 265             }
 266         }
 267     }
 268
 269   svn_pool_destroy(iterpool);
 270   return SVN_NO_ERROR;
 271 }