2 * ssl_client_cert_providers.c: providers for
3 * SVN_AUTH_CRED_SSL_CLIENT_CERT
5 * ====================================================================
6 * Licensed to the Apache Software Foundation (ASF) under one
7 * or more contributor license agreements. See the NOTICE file
8 * distributed with this work for additional information
9 * regarding copyright ownership. The ASF licenses this file
10 * to you under the Apache License, Version 2.0 (the
11 * "License"); you may not use this file except in compliance
12 * with the License. You may obtain a copy of the License at
14 * http://www.apache.org/licenses/LICENSE-2.0
16 * Unless required by applicable law or agreed to in writing,
17 * software distributed under the License is distributed on an
18 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
19 * KIND, either express or implied. See the License for the
20 * specific language governing permissions and limitations
22 * ====================================================================
25 /* ==================================================================== */
31 #include <apr_pools.h>
34 #include "svn_error.h"
35 #include "svn_config.h"
38 /*-----------------------------------------------------------------------*/
40 /*-----------------------------------------------------------------------*/
42 /* retrieve and load the ssl client certificate file from servers
45 ssl_client_cert_file_first_credentials(void **credentials_p,
48 apr_hash_t *parameters,
49 const char *realmstring,
52 svn_config_t *cfg = svn_hash_gets(parameters,
53 SVN_AUTH_PARAM_CONFIG_CATEGORY_SERVERS);
54 const char *server_group = svn_hash_gets(parameters,
55 SVN_AUTH_PARAM_SERVER_GROUP);
56 const char *cert_file;
59 svn_config_get_server_setting(cfg, server_group,
60 SVN_CONFIG_OPTION_SSL_CLIENT_CERT_FILE,
63 if (cert_file != NULL)
65 svn_auth_cred_ssl_client_cert_t *cred =
66 apr_palloc(pool, sizeof(*cred));
68 cred->cert_file = cert_file;
69 cred->may_save = FALSE;
70 *credentials_p = cred;
74 *credentials_p = NULL;
82 static const svn_auth_provider_t ssl_client_cert_file_provider = {
83 SVN_AUTH_CRED_SSL_CLIENT_CERT,
84 ssl_client_cert_file_first_credentials,
90 /*** Public API to SSL file providers. ***/
91 void svn_auth_get_ssl_client_cert_file_provider
92 (svn_auth_provider_object_t **provider, apr_pool_t *pool)
94 svn_auth_provider_object_t *po = apr_pcalloc(pool, sizeof(*po));
95 po->vtable = &ssl_client_cert_file_provider;
100 /*-----------------------------------------------------------------------*/
101 /* Prompt provider */
102 /*-----------------------------------------------------------------------*/
104 /* Baton type for prompting to send client ssl creds.
105 There is no iteration baton type. */
106 typedef struct ssl_client_cert_prompt_provider_baton_t
108 svn_auth_ssl_client_cert_prompt_func_t prompt_func;
111 /* how many times to re-prompt after the first one fails */
113 } ssl_client_cert_prompt_provider_baton_t;
115 /* Iteration baton. */
116 typedef struct ssl_client_cert_prompt_iter_baton_t
118 /* The original provider baton */
119 ssl_client_cert_prompt_provider_baton_t *pb;
121 /* The original realmstring */
122 const char *realmstring;
124 /* how many times we've reprompted */
126 } ssl_client_cert_prompt_iter_baton_t;
130 ssl_client_cert_prompt_first_cred(void **credentials_p,
132 void *provider_baton,
133 apr_hash_t *parameters,
134 const char *realmstring,
137 ssl_client_cert_prompt_provider_baton_t *pb = provider_baton;
138 ssl_client_cert_prompt_iter_baton_t *ib =
139 apr_pcalloc(pool, sizeof(*ib));
140 const char *no_auth_cache = svn_hash_gets(parameters,
141 SVN_AUTH_PARAM_NO_AUTH_CACHE);
143 SVN_ERR(pb->prompt_func((svn_auth_cred_ssl_client_cert_t **) credentials_p,
144 pb->prompt_baton, realmstring, ! no_auth_cache,
148 ib->realmstring = apr_pstrdup(pool, realmstring);
157 ssl_client_cert_prompt_next_cred(void **credentials_p,
159 void *provider_baton,
160 apr_hash_t *parameters,
161 const char *realmstring,
164 ssl_client_cert_prompt_iter_baton_t *ib = iter_baton;
165 const char *no_auth_cache = svn_hash_gets(parameters,
166 SVN_AUTH_PARAM_NO_AUTH_CACHE);
168 if ((ib->pb->retry_limit >= 0) && (ib->retries >= ib->pb->retry_limit))
170 /* give up, go on to next provider. */
171 *credentials_p = NULL;
176 return ib->pb->prompt_func((svn_auth_cred_ssl_client_cert_t **)
177 credentials_p, ib->pb->prompt_baton,
178 ib->realmstring, ! no_auth_cache, pool);
182 static const svn_auth_provider_t ssl_client_cert_prompt_provider = {
183 SVN_AUTH_CRED_SSL_CLIENT_CERT,
184 ssl_client_cert_prompt_first_cred,
185 ssl_client_cert_prompt_next_cred,
190 /*** Public API to SSL prompting providers. ***/
191 void svn_auth_get_ssl_client_cert_prompt_provider
192 (svn_auth_provider_object_t **provider,
193 svn_auth_ssl_client_cert_prompt_func_t prompt_func,
198 svn_auth_provider_object_t *po = apr_pcalloc(pool, sizeof(*po));
199 ssl_client_cert_prompt_provider_baton_t *pb = apr_palloc(pool, sizeof(*pb));
201 pb->prompt_func = prompt_func;
202 pb->prompt_baton = prompt_baton;
203 pb->retry_limit = retry_limit;
205 po->vtable = &ssl_client_cert_prompt_provider;
206 po->provider_baton = pb;