Subversion
svn_auth.h
Go to the documentation of this file.
1 /**
2  * @copyright
3  * ====================================================================
4  * Licensed to the Apache Software Foundation (ASF) under one
5  * or more contributor license agreements. See the NOTICE file
6  * distributed with this work for additional information
7  * regarding copyright ownership. The ASF licenses this file
8  * to you under the Apache License, Version 2.0 (the
9  * "License"); you may not use this file except in compliance
10  * with the License. You may obtain a copy of the License at
11  *
12  * http://www.apache.org/licenses/LICENSE-2.0
13  *
14  * Unless required by applicable law or agreed to in writing,
15  * software distributed under the License is distributed on an
16  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17  * KIND, either express or implied. See the License for the
18  * specific language governing permissions and limitations
19  * under the License.
20  * ====================================================================
21  * @endcopyright
22  *
23  * @file svn_auth.h
24  * @brief Subversion's authentication system
25  */
26 
27 #ifndef SVN_AUTH_H
28 #define SVN_AUTH_H
29 
30 #include <apr.h>
31 #include <apr_pools.h>
32 #include <apr_hash.h>
33 #include <apr_tables.h>
34 
35 #include "svn_types.h"
36 #include "svn_config.h"
37 
38 #ifdef __cplusplus
39 extern "C" {
40 #endif /* __cplusplus */
41 
42 /** Overview of the svn authentication system.
43  *
44  * We define an authentication "provider" as a module that is able to
45  * return a specific set of credentials. (e.g. username/password,
46  * certificate, etc.) Each provider implements a vtable that
47  *
48  * - can fetch initial credentials
49  * - can retry the fetch (or try to fetch something different)
50  * - can store the credentials for future use
51  *
52  * For any given type of credentials, there can exist any number of
53  * separate providers -- each provider has a different method of
54  * fetching. (i.e. from a disk store, by prompting the user, etc.)
55  *
56  * The application begins by creating an auth baton object, and
57  * "registers" some number of providers with the auth baton, in a
58  * specific order. (For example, it may first register a
59  * username/password provider that looks in disk store, then register
60  * a username/password provider that prompts the user.)
61  *
62  * Later on, when any svn library is challenged, it asks the auth
63  * baton for the specific credentials. If the initial credentials
64  * fail to authenticate, the caller keeps requesting new credentials.
65  * Under the hood, libsvn_auth effectively "walks" over each provider
66  * (in order of registry), one at a time, until all the providers have
67  * exhausted all their retry options.
68  *
69  * This system allows an application to flexibly define authentication
70  * behaviors (by changing registration order), and very easily write
71  * new authentication providers.
72  *
73  * An auth_baton also contains an internal hashtable of run-time
74  * parameters; any provider or library layer can set these run-time
75  * parameters at any time, so that the provider has access to the
76  * data. (For example, certain run-time data may not be available
77  * until an authentication challenge is made.) Each credential type
78  * must document the run-time parameters that are made available to
79  * its providers.
80  *
81  * @defgroup auth_fns Authentication functions
82  * @{
83  */
84 
85 
86 /** The type of a Subversion authentication object */
88 
89 /** The type of a Subversion authentication-iteration object */
91 
92 
93 /** The main authentication "provider" vtable. */
94 typedef struct svn_auth_provider_t
95 {
96  /** The kind of credentials this provider knows how to retrieve. */
97  const char *cred_kind;
98 
99  /** Get an initial set of credentials.
100  *
101  * Set @a *credentials to a set of valid credentials within @a
102  * realmstring, or NULL if no credentials are available. Set @a
103  * *iter_baton to context that allows a subsequent call to @c
104  * next_credentials, in case the first credentials fail to
105  * authenticate. @a provider_baton is general context for the
106  * vtable, @a parameters contains any run-time data that the
107  * provider may need, and @a realmstring comes from the
108  * svn_auth_first_credentials() call.
109  */
110  svn_error_t * (*first_credentials)(void **credentials,
111  void **iter_baton,
112  void *provider_baton,
113  apr_hash_t *parameters,
114  const char *realmstring,
115  apr_pool_t *pool);
116 
117  /** Get a different set of credentials.
118  *
119  * Set @a *credentials to another set of valid credentials (using @a
120  * iter_baton as the context from previous call to first_credentials
121  * or next_credentials). If no more credentials are available, set
122  * @a *credentials to NULL. If the provider only has one set of
123  * credentials, this function pointer should simply be NULL. @a
124  * provider_baton is general context for the vtable, @a parameters
125  * contains any run-time data that the provider may need, and @a
126  * realmstring comes from the svn_auth_first_credentials() call.
127  */
128  svn_error_t * (*next_credentials)(void **credentials,
129  void *iter_baton,
130  void *provider_baton,
131  apr_hash_t *parameters,
132  const char *realmstring,
133  apr_pool_t *pool);
134 
135  /** Save credentials.
136  *
137  * Store @a credentials for future use. @a provider_baton is
138  * general context for the vtable, and @a parameters contains any
139  * run-time data the provider may need. Set @a *saved to TRUE if
140  * the save happened, or FALSE if not. The provider is not required
141  * to save; if it refuses or is unable to save for non-fatal
142  * reasons, return FALSE. If the provider never saves data, then
143  * this function pointer should simply be NULL. @a realmstring comes
144  * from the svn_auth_first_credentials() call.
145  */
146  svn_error_t * (*save_credentials)(svn_boolean_t *saved,
147  void *credentials,
148  void *provider_baton,
149  apr_hash_t *parameters,
150  const char *realmstring,
151  apr_pool_t *pool);
152 
154 
155 
156 /** A provider object, ready to be put into an array and given to
157  svn_auth_open(). */
159 {
160  const svn_auth_provider_t *vtable;
161  void *provider_baton;
162 
164 
165 /** The type of function returning authentication provider. */
167  svn_auth_provider_object_t **provider,
168  apr_pool_t *pool);
169 
170 
171 /** Specific types of credentials **/
172 
173 /** Simple username/password pair credential kind.
174  *
175  * The following auth parameters are available to the providers:
176  *
177  * - @c SVN_AUTH_PARAM_CONFIG_CATEGORY_CONFIG (@c svn_config_t*)
178  * - @c SVN_AUTH_PARAM_CONFIG_CATEGORY_SERVERS (@c svn_config_t*)
179  *
180  * The following auth parameters may be available to the providers:
181  *
182  * - @c SVN_AUTH_PARAM_NO_AUTH_CACHE (@c void*)
183  * - @c SVN_AUTH_PARAM_DEFAULT_USERNAME (@c char*)
184  * - @c SVN_AUTH_PARAM_DEFAULT_PASSWORD (@c char*)
185  */
186 #define SVN_AUTH_CRED_SIMPLE "svn.simple"
187 
188 /** @c SVN_AUTH_CRED_SIMPLE credentials. */
190 {
191  /** Username */
192  const char *username;
193  /** Password */
194  const char *password;
195  /** Indicates if the credentials may be saved (to disk). For example, a
196  * GUI prompt implementation with a remember password checkbox shall set
197  * @a may_save to TRUE if the checkbox is checked.
198  */
201 
202 
203 /** Username credential kind.
204  *
205  * The following optional auth parameters are relevant to the providers:
206  *
207  * - @c SVN_AUTH_PARAM_NO_AUTH_CACHE (@c void*)
208  * - @c SVN_AUTH_PARAM_DEFAULT_USERNAME (@c char*)
209  */
210 #define SVN_AUTH_CRED_USERNAME "svn.username"
211 
212 /** @c SVN_AUTH_CRED_USERNAME credentials. */
214 {
215  /** Username */
216  const char *username;
217  /** Indicates if the credentials may be saved (to disk). For example, a
218  * GUI prompt implementation with a remember username checkbox shall set
219  * @a may_save to TRUE if the checkbox is checked.
220  */
223 
224 
225 /** SSL client certificate credential type.
226  *
227  * The following auth parameters are available to the providers:
228  *
229  * - @c SVN_AUTH_PARAM_CONFIG_CATEGORY_SERVERS (@c svn_config_t*)
230  * - @c SVN_AUTH_PARAM_SERVER_GROUP (@c char*)
231  *
232  * The following optional auth parameters are relevant to the providers:
233  *
234  * - @c SVN_AUTH_PARAM_NO_AUTH_CACHE (@c void*)
235  */
236 #define SVN_AUTH_CRED_SSL_CLIENT_CERT "svn.ssl.client-cert"
237 
238 /** @c SVN_AUTH_CRED_SSL_CLIENT_CERT credentials. */
240 {
241  /** Absolute path to the certificate file */
242  const char *cert_file;
243  /** Indicates if the credentials may be saved (to disk). For example, a
244  * GUI prompt implementation with a remember certificate checkbox shall
245  * set @a may_save to TRUE if the checkbox is checked.
246  */
249 
250 
251 /** A function returning an SSL client certificate passphrase provider. */
253  svn_auth_provider_object_t **provider,
254  apr_pool_t *pool);
255 
256 /** SSL client certificate passphrase credential type.
257  *
258  * @note The realmstring used with this credential type must be a name that
259  * makes it possible for the user to identify the certificate.
260  *
261  * The following auth parameters are available to the providers:
262  *
263  * - @c SVN_AUTH_PARAM_CONFIG_CATEGORY_CONFIG (@c svn_config_t*)
264  * - @c SVN_AUTH_PARAM_CONFIG_CATEGORY_SERVERS (@c svn_config_t*)
265  * - @c SVN_AUTH_PARAM_SERVER_GROUP (@c char*)
266  *
267  * The following optional auth parameters are relevant to the providers:
268  *
269  * - @c SVN_AUTH_PARAM_NO_AUTH_CACHE (@c void*)
270  */
271 #define SVN_AUTH_CRED_SSL_CLIENT_CERT_PW "svn.ssl.client-passphrase"
272 
273 /** @c SVN_AUTH_CRED_SSL_CLIENT_CERT_PW credentials. */
275 {
276  /** Certificate password */
277  const char *password;
278  /** Indicates if the credentials may be saved (to disk). For example, a
279  * GUI prompt implementation with a remember password checkbox shall set
280  * @a may_save to TRUE if the checkbox is checked.
281  */
284 
285 
286 /** SSL server verification credential type.
287  *
288  * The following auth parameters are available to the providers:
289  *
290  * - @c SVN_AUTH_PARAM_CONFIG_CATEGORY_SERVERS (@c svn_config_t*)
291  * - @c SVN_AUTH_PARAM_SERVER_GROUP (@c char*)
292  * - @c SVN_AUTH_PARAM_SSL_SERVER_FAILURES (@c apr_uint32_t*)
293  * - @c SVN_AUTH_PARAM_SSL_SERVER_CERT_INFO
294  * (@c svn_auth_ssl_server_cert_info_t*)
295  *
296  * The following optional auth parameters are relevant to the providers:
297  *
298  * - @c SVN_AUTH_PARAM_NO_AUTH_CACHE (@c void*)
299  */
300 #define SVN_AUTH_CRED_SSL_SERVER_TRUST "svn.ssl.server"
301 
302 /** SSL server certificate information used by @c
303  * SVN_AUTH_CRED_SSL_SERVER_TRUST providers.
304  */
306 {
307  /** Primary CN */
308  const char *hostname;
309  /** ASCII fingerprint */
310  const char *fingerprint;
311  /** ASCII date from which the certificate is valid */
312  const char *valid_from;
313  /** ASCII date until which the certificate is valid */
314  const char *valid_until;
315  /** DN of the certificate issuer */
316  const char *issuer_dname;
317  /** Base-64 encoded DER certificate representation */
318  const char *ascii_cert;
320 
321 /**
322  * Return a deep copy of @a info, allocated in @a pool.
323  *
324  * @since New in 1.3.
325  */
328  apr_pool_t *pool);
329 
330 /** @c SVN_AUTH_CRED_SSL_SERVER_TRUST credentials. */
332 {
333  /** Indicates if the credentials may be saved (to disk). For example, a
334  * GUI prompt implementation with a checkbox to accept the certificate
335  * permanently shall set @a may_save to TRUE if the checkbox is checked.
336  */
338  /** Bit mask of the accepted failures */
339  apr_uint32_t accepted_failures;
341 
342 
343 
344 /** Credential-constructing prompt functions. **/
345 
346 /** These exist so that different client applications can use
347  * different prompt mechanisms to supply the same credentials. For
348  * example, if authentication requires a username and password, a
349  * command-line client's prompting function might prompt first for the
350  * username and then for the password, whereas a GUI client's would
351  * present a single dialog box asking for both, and a telepathic
352  * client's would read all the information directly from the user's
353  * mind. All these prompting functions return the same type of
354  * credential, but the information used to construct the credential is
355  * gathered in an interface-specific way in each case.
356  */
357 
358 /** Set @a *cred by prompting the user, allocating @a *cred in @a pool.
359  * @a baton is an implementation-specific closure.
360  *
361  * If @a realm is non-NULL, maybe use it in the prompt string.
362  *
363  * If @a username is non-NULL, then the user might be prompted only
364  * for a password, but @a *cred would still be filled with both
365  * username and password. For example, a typical usage would be to
366  * pass @a username on the first call, but then leave it NULL for
367  * subsequent calls, on the theory that if credentials failed, it's
368  * as likely to be due to incorrect username as incorrect password.
369  *
370  * If @a may_save is FALSE, the auth system does not allow the credentials
371  * to be saved (to disk). A prompt function shall not ask the user if the
372  * credentials shall be saved if @a may_save is FALSE. For example, a GUI
373  * client with a remember password checkbox would grey out the checkbox if
374  * @a may_save is FALSE.
375  */
376 typedef svn_error_t *(*svn_auth_simple_prompt_func_t)(
377  svn_auth_cred_simple_t **cred,
378  void *baton,
379  const char *realm,
380  const char *username,
381  svn_boolean_t may_save,
382  apr_pool_t *pool);
383 
384 
385 /** Set @a *cred by prompting the user, allocating @a *cred in @a pool.
386  * @a baton is an implementation-specific closure.
387  *
388  * If @a realm is non-NULL, maybe use it in the prompt string.
389  *
390  * If @a may_save is FALSE, the auth system does not allow the credentials
391  * to be saved (to disk). A prompt function shall not ask the user if the
392  * credentials shall be saved if @a may_save is FALSE. For example, a GUI
393  * client with a remember username checkbox would grey out the checkbox if
394  * @a may_save is FALSE.
395  */
396 typedef svn_error_t *(*svn_auth_username_prompt_func_t)(
398  void *baton,
399  const char *realm,
400  svn_boolean_t may_save,
401  apr_pool_t *pool);
402 
403 
404 /** @name SSL server certificate failure bits
405  *
406  * @note These values are stored in the on disk auth cache by the SSL
407  * server certificate auth provider, so the meaning of these bits must
408  * not be changed.
409  * @{
410  */
411 /** Certificate is not yet valid. */
412 #define SVN_AUTH_SSL_NOTYETVALID 0x00000001
413 /** Certificate has expired. */
414 #define SVN_AUTH_SSL_EXPIRED 0x00000002
415 /** Certificate's CN (hostname) does not match the remote hostname. */
416 #define SVN_AUTH_SSL_CNMISMATCH 0x00000004
417 /** @brief Certificate authority is unknown (i.e. not trusted) */
418 #define SVN_AUTH_SSL_UNKNOWNCA 0x00000008
419 /** @brief Other failure. This can happen if an unknown failure occurs
420  * that we do not handle yet. */
421 #define SVN_AUTH_SSL_OTHER 0x40000000
422 /** @} */
423 
424 /** Set @a *cred by prompting the user, allocating @a *cred in @a pool.
425  * @a baton is an implementation-specific closure.
426  *
427  * @a cert_info is a structure describing the server cert that was
428  * presented to the client, and @a failures is a bitmask that
429  * describes exactly why the cert could not be automatically validated,
430  * composed from the constants SVN_AUTH_SSL_* (@c SVN_AUTH_SSL_NOTYETVALID
431  * etc.). @a realm is a string that can be used in the prompt string.
432  *
433  * If @a may_save is FALSE, the auth system does not allow the credentials
434  * to be saved (to disk). A prompt function shall not ask the user if the
435  * credentials shall be saved if @a may_save is FALSE. For example, a GUI
436  * client with a trust permanently checkbox would grey out the checkbox if
437  * @a may_save is FALSE.
438  */
439 typedef svn_error_t *(*svn_auth_ssl_server_trust_prompt_func_t)(
441  void *baton,
442  const char *realm,
443  apr_uint32_t failures,
444  const svn_auth_ssl_server_cert_info_t *cert_info,
445  svn_boolean_t may_save,
446  apr_pool_t *pool);
447 
448 
449 /** Set @a *cred by prompting the user, allocating @a *cred in @a pool.
450  * @a baton is an implementation-specific closure. @a realm is a string
451  * that can be used in the prompt string.
452  *
453  * If @a may_save is FALSE, the auth system does not allow the credentials
454  * to be saved (to disk). A prompt function shall not ask the user if the
455  * credentials shall be saved if @a may_save is FALSE. For example, a GUI
456  * client with a remember certificate checkbox would grey out the checkbox
457  * if @a may_save is FALSE.
458  */
459 typedef svn_error_t *(*svn_auth_ssl_client_cert_prompt_func_t)(
461  void *baton,
462  const char *realm,
463  svn_boolean_t may_save,
464  apr_pool_t *pool);
465 
466 
467 /** Set @a *cred by prompting the user, allocating @a *cred in @a pool.
468  * @a baton is an implementation-specific closure. @a realm is a string
469  * identifying the certificate, and can be used in the prompt string.
470  *
471  * If @a may_save is FALSE, the auth system does not allow the credentials
472  * to be saved (to disk). A prompt function shall not ask the user if the
473  * credentials shall be saved if @a may_save is FALSE. For example, a GUI
474  * client with a remember password checkbox would grey out the checkbox if
475  * @a may_save is FALSE.
476  */
477 typedef svn_error_t *(*svn_auth_ssl_client_cert_pw_prompt_func_t)(
479  void *baton,
480  const char *realm,
481  svn_boolean_t may_save,
482  apr_pool_t *pool);
483 
484 /** A type of callback function for asking whether storing a password to
485  * disk in plaintext is allowed.
486  *
487  * In this callback, the client should ask the user whether storing
488  * a password for the realm identified by @a realmstring to disk
489  * in plaintext is allowed.
490  *
491  * The answer is returned in @a *may_save_plaintext.
492  * @a baton is an implementation-specific closure.
493  * All allocations should be done in @a pool.
494  *
495  * @since New in 1.6
496  */
497 typedef svn_error_t *(*svn_auth_plaintext_prompt_func_t)(
498  svn_boolean_t *may_save_plaintext,
499  const char *realmstring,
500  void *baton,
501  apr_pool_t *pool);
502 
503 /** A type of callback function for asking whether storing a passphrase to
504  * disk in plaintext is allowed.
505  *
506  * In this callback, the client should ask the user whether storing
507  * a passphrase for the realm identified by @a realmstring to disk
508  * in plaintext is allowed.
509  *
510  * The answer is returned in @a *may_save_plaintext.
511  * @a baton is an implementation-specific closure.
512  * All allocations should be done in @a pool.
513  *
514  * @since New in 1.6
515  */
516 typedef svn_error_t *(*svn_auth_plaintext_passphrase_prompt_func_t)(
517  svn_boolean_t *may_save_plaintext,
518  const char *realmstring,
519  void *baton,
520  apr_pool_t *pool);
521 
522 
523 /** Initialize an authentication system.
524  *
525  * Return an authentication object in @a *auth_baton (allocated in @a
526  * pool) that represents a particular instance of the svn
527  * authentication system. @a providers is an array of @c
528  * svn_auth_provider_object_t pointers, already allocated in @a pool
529  * and intentionally ordered. These pointers will be stored within @a
530  * *auth_baton, grouped by credential type, and searched in this exact
531  * order.
532  */
533 void
534 svn_auth_open(svn_auth_baton_t **auth_baton,
535  const apr_array_header_t *providers,
536  apr_pool_t *pool);
537 
538 /** Set an authentication run-time parameter.
539  *
540  * Store @a name / @a value pair as a run-time parameter in @a
541  * auth_baton, making the data accessible to all providers. @a name
542  * and @a value will NOT be duplicated into the auth_baton's pool.
543  * To delete a run-time parameter, pass NULL for @a value.
544  */
545 void
547  const char *name,
548  const void *value);
549 
550 /** Get an authentication run-time parameter.
551  *
552  * Return a value for run-time parameter @a name from @a auth_baton.
553  * Return NULL if the parameter doesn't exist.
554  */
555 const void *
557  const char *name);
558 
559 /** Universal run-time parameters, made available to all providers.
560 
561  If you are writing a new provider, then to be a "good citizen",
562  you should notice these global parameters! Note that these
563  run-time params should be treated as read-only by providers; the
564  application is responsible for placing them into the auth_baton
565  hash. */
566 
567 /** The auth-hash prefix indicating that the parameter is global. */
568 #define SVN_AUTH_PARAM_PREFIX "svn:auth:"
569 
570 /**
571  * @name Default credentials defines
572  * Property values are const char *.
573  * @{ */
574 /** Default username provided by the application itself (e.g. --username) */
575 #define SVN_AUTH_PARAM_DEFAULT_USERNAME SVN_AUTH_PARAM_PREFIX "username"
576 /** Default password provided by the application itself (e.g. --password) */
577 #define SVN_AUTH_PARAM_DEFAULT_PASSWORD SVN_AUTH_PARAM_PREFIX "password"
578 /** @} */
579 
580 /** @brief The application doesn't want any providers to prompt
581  * users. Property value is irrelevant; only property's existence
582  * matters. */
583 #define SVN_AUTH_PARAM_NON_INTERACTIVE SVN_AUTH_PARAM_PREFIX "non-interactive"
584 
585 /** @brief The application doesn't want any providers to save passwords
586  * to disk. Property value is irrelevant; only property's existence
587  * matters. */
588 #define SVN_AUTH_PARAM_DONT_STORE_PASSWORDS SVN_AUTH_PARAM_PREFIX \
589  "dont-store-passwords"
590 
591 /** @brief Indicates whether providers may save passwords to disk in
592  * plaintext. Property value can be either SVN_CONFIG_TRUE,
593  * SVN_CONFIG_FALSE, or SVN_CONFIG_ASK.
594  * @since New in 1.6.
595  */
596 #define SVN_AUTH_PARAM_STORE_PLAINTEXT_PASSWORDS SVN_AUTH_PARAM_PREFIX \
597  "store-plaintext-passwords"
598 
599 /** @brief The application doesn't want any providers to save passphrase
600  * to disk. Property value is irrelevant; only property's existence
601  * matters.
602  * @since New in 1.6.
603  */
604 #define SVN_AUTH_PARAM_DONT_STORE_SSL_CLIENT_CERT_PP \
605  SVN_AUTH_PARAM_PREFIX "dont-store-ssl-client-cert-pp"
606 
607 /** @brief Indicates whether providers may save passphrase to disk in
608  * plaintext. Property value can be either SVN_CONFIG_TRUE,
609  * SVN_CONFIG_FALSE, or SVN_CONFIG_ASK.
610  * @since New in 1.6.
611  */
612 #define SVN_AUTH_PARAM_STORE_SSL_CLIENT_CERT_PP_PLAINTEXT \
613  SVN_AUTH_PARAM_PREFIX "store-ssl-client-cert-pp-plaintext"
614 
615 /** @brief The application doesn't want any providers to save credentials
616  * to disk. Property value is irrelevant; only property's existence
617  * matters. */
618 #define SVN_AUTH_PARAM_NO_AUTH_CACHE SVN_AUTH_PARAM_PREFIX "no-auth-cache"
619 
620 /** @brief The following property is for SSL server cert providers. This
621  * provides a pointer to an @c apr_uint32_t containing the failures
622  * detected by the certificate validator. */
623 #define SVN_AUTH_PARAM_SSL_SERVER_FAILURES SVN_AUTH_PARAM_PREFIX \
624  "ssl:failures"
625 
626 /** @brief The following property is for SSL server cert providers. This
627  * provides the cert info (svn_auth_ssl_server_cert_info_t). */
628 #define SVN_AUTH_PARAM_SSL_SERVER_CERT_INFO SVN_AUTH_PARAM_PREFIX \
629  "ssl:cert-info"
630 
631 /** This provides a pointer to a @c svn_config_t containting the config
632  * category. */
633 #define SVN_AUTH_PARAM_CONFIG_CATEGORY_CONFIG SVN_AUTH_PARAM_PREFIX \
634  "config-category-config"
635 
636 /** This provides a pointer to a @c svn_config_t containting the servers
637  * category. */
638 #define SVN_AUTH_PARAM_CONFIG_CATEGORY_SERVERS SVN_AUTH_PARAM_PREFIX \
639  "config-category-servers"
640 
641 /** @deprecated Provided for backward compatibility with the 1.5 API. */
642 #define SVN_AUTH_PARAM_CONFIG SVN_AUTH_PARAM_CONFIG_CATEGORY_SERVERS
643 
644 /** The current server group. */
645 #define SVN_AUTH_PARAM_SERVER_GROUP SVN_AUTH_PARAM_PREFIX "server-group"
646 
647 /** @brief A configuration directory that overrides the default
648  * ~/.subversion. */
649 #define SVN_AUTH_PARAM_CONFIG_DIR SVN_AUTH_PARAM_PREFIX "config-dir"
650 
651 /** Get an initial set of credentials.
652  *
653  * Ask @a auth_baton to set @a *credentials to a set of credentials
654  * defined by @a cred_kind and valid within @a realmstring, or NULL if
655  * no credentials are available. Otherwise, return an iteration state
656  * in @a *state, so that the caller can call
657  * svn_auth_next_credentials(), in case the first set of credentials
658  * fails to authenticate.
659  *
660  * Use @a pool to allocate @a *state, and for temporary allocation.
661  * Note that @a *credentials will be allocated in @a auth_baton's pool.
662  */
663 svn_error_t *
664 svn_auth_first_credentials(void **credentials,
665  svn_auth_iterstate_t **state,
666  const char *cred_kind,
667  const char *realmstring,
668  svn_auth_baton_t *auth_baton,
669  apr_pool_t *pool);
670 
671 /** Get another set of credentials, assuming previous ones failed to
672  * authenticate.
673  *
674  * Use @a state to fetch a different set of @a *credentials, as a
675  * follow-up to svn_auth_first_credentials() or
676  * svn_auth_next_credentials(). If no more credentials are available,
677  * set @a *credentials to NULL.
678  *
679  * Note that @a *credentials will be allocated in @c auth_baton's pool.
680  */
681 svn_error_t *
682 svn_auth_next_credentials(void **credentials,
683  svn_auth_iterstate_t *state,
684  apr_pool_t *pool);
685 
686 /** Save a set of credentials.
687  *
688  * Ask @a state to store the most recently returned credentials,
689  * presumably because they successfully authenticated.
690  * All allocations should be done in @a pool.
691  *
692  * If no credentials were ever returned, do nothing.
693  */
694 svn_error_t *
696  apr_pool_t *pool);
697 
698 /** Forget a set (or all) memory-cached credentials.
699  *
700  * Remove references (if any) in @a auth_baton to credentials cached
701  * therein. If @a cred_kind and @a realmstring are non-NULL, forget
702  * only the credentials associated with those credential types and
703  * realm. Otherwise @a cred_kind and @a realmstring must both be
704  * NULL, and this function will forget all credentials cached within
705  * @a auth_baton.
706  *
707  * @note This function does not affect persisted authentication
708  * credential storage at all. It is merely a way to cause Subversion
709  * to forget about credentials already fetched from a provider,
710  * forcing them to be fetched again later should they be required.
711  *
712  * @since New in 1.8.
713  */
714 svn_error_t *
716  const char *cred_kind,
717  const char *realmstring,
718  apr_pool_t *pool);
719 
720 /** @} */
721 
722 /** Set @a *provider to an authentication provider of type
723  * svn_auth_cred_simple_t that gets information by prompting the user
724  * with @a prompt_func and @a prompt_baton. Allocate @a *provider in
725  * @a pool.
726  *
727  * If both @c SVN_AUTH_PARAM_DEFAULT_USERNAME and
728  * @c SVN_AUTH_PARAM_DEFAULT_PASSWORD are defined as runtime
729  * parameters in the @c auth_baton, then @a *provider will return the
730  * default arguments when svn_auth_first_credentials() is called. If
731  * svn_auth_first_credentials() fails, then @a *provider will
732  * re-prompt @a retry_limit times (via svn_auth_next_credentials()).
733  * For infinite retries, set @a retry_limit to value less than 0.
734  *
735  * @since New in 1.4.
736  */
737 void
739  svn_auth_simple_prompt_func_t prompt_func,
740  void *prompt_baton,
741  int retry_limit,
742  apr_pool_t *pool);
743 
744 
745 /** Set @a *provider to an authentication provider of type @c
746  * svn_auth_cred_username_t that gets information by prompting the
747  * user with @a prompt_func and @a prompt_baton. Allocate @a *provider
748  * in @a pool.
749  *
750  * If @c SVN_AUTH_PARAM_DEFAULT_USERNAME is defined as a runtime
751  * parameter in the @c auth_baton, then @a *provider will return the
752  * default argument when svn_auth_first_credentials() is called. If
753  * svn_auth_first_credentials() fails, then @a *provider will
754  * re-prompt @a retry_limit times (via svn_auth_next_credentials()).
755  * For infinite retries, set @a retry_limit to value less than 0.
756  *
757  * @since New in 1.4.
758  */
759 void
761  svn_auth_provider_object_t **provider,
763  void *prompt_baton,
764  int retry_limit,
765  apr_pool_t *pool);
766 
767 
768 /** Set @a *provider to an authentication provider of type @c
769  * svn_auth_cred_simple_t that gets/sets information from the user's
770  * ~/.subversion configuration directory.
771  *
772  * If the provider is going to save the password unencrypted, it calls @a
773  * plaintext_prompt_func, passing @a prompt_baton, before saving the
774  * password.
775  *
776  * If @a plaintext_prompt_func is NULL it is not called and the answer is
777  * assumed to be TRUE. This matches the deprecated behaviour of storing
778  * unencrypted passwords by default, and is only done this way for backward
779  * compatibility reasons.
780  * Client developers are highly encouraged to provide this callback
781  * to ensure their users are made aware of the fact that their password
782  * is going to be stored unencrypted. In the future, providers may
783  * default to not storing the password unencrypted if this callback is NULL.
784  *
785  * Clients can however set the callback to NULL and set
786  * SVN_AUTH_PARAM_STORE_PLAINTEXT_PASSWORDS to SVN_CONFIG_FALSE or
787  * SVN_CONFIG_TRUE to enforce a certain behaviour.
788  *
789  * Allocate @a *provider in @a pool.
790  *
791  * If a default username or password is available, @a *provider will
792  * honor them as well, and return them when
793  * svn_auth_first_credentials() is called. (see @c
794  * SVN_AUTH_PARAM_DEFAULT_USERNAME and @c
795  * SVN_AUTH_PARAM_DEFAULT_PASSWORD).
796  *
797  * @since New in 1.6.
798  */
799 void
801  svn_auth_provider_object_t **provider,
802  svn_auth_plaintext_prompt_func_t plaintext_prompt_func,
803  void *prompt_baton,
804  apr_pool_t *pool);
805 
806 /** Like svn_auth_get_simple_provider2, but without the ability to
807  * call the svn_auth_plaintext_prompt_func_t callback, and the provider
808  * always assumes that it is allowed to store the password in plaintext.
809  *
810  * @deprecated Provided for backwards compatibility with the 1.5 API.
811  * @since New in 1.4.
812  */
814 void
816  apr_pool_t *pool);
817 
818 /** Set @a *provider to an authentication provider of type @c
819  * svn_auth_provider_object_t, or return @c NULL if the provider is not
820  * available for the requested platform or the requested provider is unknown.
821  *
822  * Valid @a provider_name values are: "gnome_keyring", "keychain", "kwallet",
823  * "gpg_agent", and "windows".
824  *
825  * Valid @a provider_type values are: "simple", "ssl_client_cert_pw" and
826  * "ssl_server_trust".
827  *
828  * Allocate @a *provider in @a pool.
829  *
830  * What actually happens is we invoke the appropriate provider function to
831  * supply the @a provider, like so:
832  *
833  * svn_auth_get_<name>_<type>_provider(@a provider, @a pool);
834  *
835  * @since New in 1.6.
836  */
837 svn_error_t *
839  svn_auth_provider_object_t **provider,
840  const char *provider_name,
841  const char *provider_type,
842  apr_pool_t *pool);
843 
844 /** Set @a *providers to an array of <tt>svn_auth_provider_object_t *</tt>
845  * objects.
846  * Only client authentication providers available for the current platform are
847  * returned. Order of the platform-specific authentication providers is
848  * determined by the 'password-stores' configuration option which is retrieved
849  * from @a config. @a config can be NULL.
850  *
851  * Create and allocate @a *providers in @a pool.
852  *
853  * Default order of the platform-specific authentication providers:
854  * 1. gnome-keyring
855  * 2. kwallet
856  * 3. keychain
857  * 4. gpg-agent
858  * 5. windows-cryptoapi
859  *
860  * @since New in 1.6.
861  */
862 svn_error_t *
864  apr_array_header_t **providers,
865  svn_config_t *config,
866  apr_pool_t *pool);
867 
868 #if (defined(WIN32) && !defined(__MINGW32__)) || defined(DOXYGEN)
869 /**
870  * Set @a *provider to an authentication provider of type @c
871  * svn_auth_cred_simple_t that gets/sets information from the user's
872  * ~/.subversion configuration directory. Allocate @a *provider in
873  * @a pool.
874  *
875  * This is like svn_auth_get_simple_provider(), except that, when
876  * running on Window 2000 or newer (or any other Windows version that
877  * includes the CryptoAPI), the provider encrypts the password before
878  * storing it to disk. On earlier versions of Windows, the provider
879  * does nothing.
880  *
881  * @since New in 1.4.
882  * @note This function is only available on Windows.
883  *
884  * @note An administrative password reset may invalidate the account's
885  * secret key. This function will detect that situation and behave as
886  * if the password were not cached at all.
887  * @deprecated Provided for backwards compatibility with the 1.8 API. Use
888  * svn_auth_get_platform_specific_provider with provider_name of "windows"
889  * and provider_type of "simple".
890  */
892 void
894  apr_pool_t *pool);
895 
896 /**
897  * Set @a *provider to an authentication provider of type @c
898  * svn_auth_cred_ssl_client_cert_pw_t that gets/sets information from the
899  * user's ~/.subversion configuration directory. Allocate @a *provider in
900  * @a pool.
901  *
902  * This is like svn_auth_get_ssl_client_cert_pw_file_provider(), except that
903  * when running on Window 2000 or newer, the provider encrypts the password
904  * before storing it to disk. On earlier versions of Windows, the provider
905  * does nothing.
906  *
907  * @since New in 1.6
908  * @note This function is only available on Windows.
909  *
910  * @note An administrative password reset may invalidate the account's
911  * secret key. This function will detect that situation and behave as
912  * if the password were not cached at all.
913  * @deprecated Provided for backwards compatibility with the 1.8 API.
914  * Use svn_auth_get_platform_specific_provider with provider_name
915  * of "windows" and provider_type of "ssl_client_cert_pw".
916  */
918 void
920  svn_auth_provider_object_t **provider,
921  apr_pool_t *pool);
922 
923 /**
924  * Set @a *provider to an authentication provider of type @c
925  * svn_auth_cred_ssl_server_trust_t, allocated in @a pool.
926  *
927  * This provider automatically validates ssl server certificates with
928  * the CryptoApi, like Internet Explorer and the Windows network API do.
929  * This allows the rollout of root certificates via Windows Domain
930  * policies, instead of Subversion specific configuration.
931  *
932  * @since New in 1.5.
933  * @note This function is only available on Windows.
934  * @deprecated Provided for backwards compatibility with the 1.8 API.
935  * Use svn_auth_get_platform_specific_provider with provider_name
936  * of "windows" and provider_type of "ssl_server_trust".
937  */
939 void
941  svn_auth_provider_object_t **provider,
942  apr_pool_t *pool);
943 
944 #endif /* WIN32 && !__MINGW32__ || DOXYGEN */
945 
946 #if defined(DARWIN) || defined(DOXYGEN)
947 /**
948  * Set @a *provider to an authentication provider of type @c
949  * svn_auth_cred_simple_t that gets/sets information from the user's
950  * ~/.subversion configuration directory. Allocate @a *provider in
951  * @a pool.
952  *
953  * This is like svn_auth_get_simple_provider(), except that the
954  * password is stored in the Mac OS KeyChain.
955  *
956  * @since New in 1.4
957  * @note This function is only available on Mac OS 10.2 and higher.
958  * @deprecated Provided for backwards compatibility with the 1.8 API.
959  * Use svn_auth_get_platform_specific_provider with provider_name
960  * of "keychain" and provider_type of "simple".
961  */
963 void
965  apr_pool_t *pool);
966 
967 /**
968  * Set @a *provider to an authentication provider of type @c
969  * svn_auth_cred_ssl_client_cert_pw_t that gets/sets information from the
970  * user's ~/.subversion configuration directory. Allocate @a *provider in
971  * @a pool.
972  *
973  * This is like svn_auth_get_ssl_client_cert_pw_file_provider(), except
974  * that the password is stored in the Mac OS KeyChain.
975  *
976  * @since New in 1.6
977  * @note This function is only available on Mac OS 10.2 and higher.
978  * @deprecated Provided for backwards compatibility with the 1.8 API.
979  * Use svn_auth_get_platform_specific_provider with provider_name
980  * of "keychain" and provider_type of "ssl_client_cert_pw".
981  */
983 void
985  svn_auth_provider_object_t **provider,
986  apr_pool_t *pool);
987 #endif /* DARWIN || DOXYGEN */
988 
989 /* Note that the gnome keyring unlock prompt related items below must be
990  * declared for all platforms in order to allow SWIG interfaces to be
991  * used regardless of the platform. */
992 
993 /** A type of callback function for obtaining the GNOME Keyring password.
994  *
995  * In this callback, the client should ask the user for default keyring
996  * @a keyring_name password.
997  *
998  * The answer is returned in @a *keyring_password.
999  * @a baton is an implementation-specific closure.
1000  * All allocations should be done in @a pool.
1001  *
1002  * @since New in 1.6
1003  */
1004 typedef svn_error_t *(*svn_auth_gnome_keyring_unlock_prompt_func_t)(
1005  char **keyring_password,
1006  const char *keyring_name,
1007  void *baton,
1008  apr_pool_t *pool);
1009 
1010 
1011 /** libsvn_auth_gnome_keyring-specific run-time parameters. */
1012 
1013 /** @brief The pointer to function which prompts user for GNOME Keyring
1014  * password.
1015  * The type of this pointer should be svn_auth_gnome_keyring_unlock_prompt_func_t.
1016  * @deprecated Only used by old libgnome-keyring implementation. */
1017 #define SVN_AUTH_PARAM_GNOME_KEYRING_UNLOCK_PROMPT_FUNC "gnome-keyring-unlock-prompt-func"
1018 
1019 /** @brief The baton which is passed to
1020  * @c *SVN_AUTH_PARAM_GNOME_KEYRING_UNLOCK_PROMPT_FUNC.
1021  * @deprecated Only used by old libgnome-keyring implementation. */
1022 #define SVN_AUTH_PARAM_GNOME_KEYRING_UNLOCK_PROMPT_BATON "gnome-keyring-unlock-prompt-baton"
1023 
1024 #if (!defined(DARWIN) && !defined(WIN32)) || defined(DOXYGEN)
1025 /**
1026  * Get libsvn_auth_gnome_keyring version information.
1027  *
1028  * @since New in 1.6
1029  */
1030 const svn_version_t *
1032 
1033 
1034 /**
1035  * Set @a *provider to an authentication provider of type @c
1036  * svn_auth_cred_simple_t that gets/sets information from the user's
1037  * ~/.subversion configuration directory.
1038  *
1039  * This is like svn_client_get_simple_provider(), except that the
1040  * password is stored in GNOME Keyring.
1041  *
1042  * If the GNOME Keyring is locked the old libgnome-keyring provider calls
1043  * @c *SVN_AUTH_PARAM_GNOME_KEYRING_UNLOCK_PROMPT_FUNC in order to unlock
1044  * the keyring.
1045  *
1046  * @c SVN_AUTH_PARAM_GNOME_KEYRING_UNLOCK_PROMPT_BATON is passed to
1047  * @c *SVN_AUTH_PARAM_GNOME_KEYRING_UNLOCK_PROMPT_FUNC.
1048  *
1049  * Allocate @a *provider in @a pool.
1050  *
1051  * @since New in 1.6
1052  * @note This function actually works only on systems with
1053  * libsvn_auth_gnome_keyring and GNOME Keyring installed.
1054  * @deprecated Provided for backwards compatibility with the 1.8 API.
1055  * Use svn_auth_get_platform_specific_provider with provider_name
1056  * of "gnome_keyring" and provider_type of "simple".
1057  */
1059 void
1061  svn_auth_provider_object_t **provider,
1062  apr_pool_t *pool);
1063 
1064 
1065 /**
1066  * Set @a *provider to an authentication provider of type @c
1067  * svn_auth_cred_ssl_client_cert_pw_t that gets/sets information from the
1068  * user's ~/.subversion configuration directory.
1069  *
1070  * This is like svn_client_get_ssl_client_cert_pw_file_provider(), except
1071  * that the password is stored in GNOME Keyring.
1072  *
1073  * If the GNOME Keyring is locked the provider calls
1074  * @c *SVN_AUTH_PARAM_GNOME_KEYRING_UNLOCK_PROMPT_FUNC in order to unlock
1075  * the keyring.
1076  *
1077  * @c SVN_AUTH_PARAM_GNOME_KEYRING_UNLOCK_PROMPT_BATON is passed to
1078  * @c *SVN_AUTH_PARAM_GNOME_KEYRING_UNLOCK_PROMPT_FUNC.
1079  *
1080  * Allocate @a *provider in @a pool.
1081  *
1082  * @since New in 1.6
1083  * @note This function actually works only on systems with
1084  * libsvn_auth_gnome_keyring and GNOME Keyring installed.
1085  * @deprecated Provided for backwards compatibility with the 1.8 API.
1086  * Use svn_auth_get_platform_specific_provider with provider_name
1087  * of "gnome_keyring" and provider_type of "ssl_client_cert_pw".
1088  */
1090 void
1092  svn_auth_provider_object_t **provider,
1093  apr_pool_t *pool);
1094 
1095 
1096 /**
1097  * Get libsvn_auth_kwallet version information.
1098  *
1099  * @since New in 1.6
1100  */
1101 const svn_version_t *
1103 
1104 
1105 /**
1106  * Set @a *provider to an authentication provider of type @c
1107  * svn_auth_cred_simple_t that gets/sets information from the user's
1108  * ~/.subversion configuration directory. Allocate @a *provider in
1109  * @a pool.
1110  *
1111  * This is like svn_client_get_simple_provider(), except that the
1112  * password is stored in KWallet.
1113  *
1114  * @since New in 1.6
1115  * @note This function actually works only on systems with libsvn_auth_kwallet
1116  * and KWallet installed.
1117  * @deprecated Provided for backwards compatibility with the 1.8 API.
1118  * Use svn_auth_get_platform_specific_provider with provider_name
1119  * of "kwallet" and provider_type of "simple".
1120  */
1122 void
1124  apr_pool_t *pool);
1125 
1126 
1127 /**
1128  * Set @a *provider to an authentication provider of type @c
1129  * svn_auth_cred_ssl_client_cert_pw_t that gets/sets information from the
1130  * user's ~/.subversion configuration directory. Allocate @a *provider in
1131  * @a pool.
1132  *
1133  * This is like svn_client_get_ssl_client_cert_pw_file_provider(), except
1134  * that the password is stored in KWallet.
1135  *
1136  * @since New in 1.6
1137  * @note This function actually works only on systems with libsvn_auth_kwallet
1138  * and KWallet installed.
1139  * @deprecated Provided for backwards compatibility with the 1.8 API.
1140  * Use svn_auth_get_platform_specific_provider with provider_name
1141  * of "kwallet" and provider_type of "ssl_client_cert_pw".
1142  */
1144 void
1146  svn_auth_provider_object_t **provider,
1147  apr_pool_t *pool);
1148 #endif /* (!DARWIN && !WIN32) || DOXYGEN */
1149 
1150 #if !defined(WIN32) || defined(DOXYGEN)
1151 /**
1152  * Set @a *provider to an authentication provider of type @c
1153  * svn_auth_cred_simple_t that gets/sets information from the user's
1154  * ~/.subversion configuration directory.
1155  *
1156  * This is like svn_client_get_simple_provider(), except that the
1157  * password is obtained from gpg_agent, which will keep it in
1158  * a memory cache.
1159  *
1160  * Allocate @a *provider in @a pool.
1161  *
1162  * @since New in 1.8
1163  * @note This function actually works only on systems with
1164  * GNU Privacy Guard installed.
1165  * @deprecated Provided for backwards compatibility with the 1.8 API.
1166  * Use svn_auth_get_platform_specific_provider with provider_name
1167  * of "gpg_agent" and provider_type of "simple".
1168  */
1170 void
1172  (svn_auth_provider_object_t **provider,
1173  apr_pool_t *pool);
1174 #endif /* !defined(WIN32) || defined(DOXYGEN) */
1175 
1176 
1177 /** Set @a *provider to an authentication provider of type @c
1178  * svn_auth_cred_username_t that gets/sets information from a user's
1179  * ~/.subversion configuration directory. Allocate @a *provider in
1180  * @a pool.
1181  *
1182  * If a default username is available, @a *provider will honor it,
1183  * and return it when svn_auth_first_credentials() is called. (See
1184  * @c SVN_AUTH_PARAM_DEFAULT_USERNAME.)
1185  *
1186  * @since New in 1.4.
1187  */
1188 void
1190  apr_pool_t *pool);
1191 
1192 
1193 /** Set @a *provider to an authentication provider of type @c
1194  * svn_auth_cred_ssl_server_trust_t, allocated in @a pool.
1195  *
1196  * @a *provider retrieves its credentials from the configuration
1197  * mechanism. The returned credential is used to override SSL
1198  * security on an error.
1199  *
1200  * @since New in 1.4.
1201  */
1202 void
1204  svn_auth_provider_object_t **provider,
1205  apr_pool_t *pool);
1206 
1207 /** Set @a *provider to an authentication provider of type @c
1208  * svn_auth_cred_ssl_client_cert_t, allocated in @a pool.
1209  *
1210  * @a *provider retrieves its credentials from the configuration
1211  * mechanism. The returned credential is used to load the appropriate
1212  * client certificate for authentication when requested by a server.
1213  *
1214  * @since New in 1.4.
1215  */
1216 void
1218  svn_auth_provider_object_t **provider,
1219  apr_pool_t *pool);
1220 
1221 
1222 /** Set @a *provider to an authentication provider of type @c
1223  * svn_auth_cred_ssl_client_cert_pw_t that gets/sets information from the user's
1224  * ~/.subversion configuration directory.
1225  *
1226  * If the provider is going to save the passphrase unencrypted,
1227  * it calls @a plaintext_passphrase_prompt_func, passing @a
1228  * prompt_baton, before saving the passphrase.
1229  *
1230  * If @a plaintext_passphrase_prompt_func is NULL it is not called
1231  * and the passphrase is not stored in plaintext.
1232  * Client developers are highly encouraged to provide this callback
1233  * to ensure their users are made aware of the fact that their passphrase
1234  * is going to be stored unencrypted.
1235  *
1236  * Clients can however set the callback to NULL and set
1237  * SVN_AUTH_PARAM_STORE_SSL_CLIENT_CERT_PP_PLAINTEXT to SVN_CONFIG_FALSE or
1238  * SVN_CONFIG_TRUE to enforce a certain behaviour.
1239  *
1240  * Allocate @a *provider in @a pool.
1241  *
1242  * @since New in 1.6.
1243  */
1244 void
1246  svn_auth_provider_object_t **provider,
1247  svn_auth_plaintext_passphrase_prompt_func_t plaintext_passphrase_prompt_func,
1248  void *prompt_baton,
1249  apr_pool_t *pool);
1250 
1251 /** Like svn_auth_get_ssl_client_cert_pw_file_provider2, but without
1252  * the ability to call the svn_auth_plaintext_passphrase_prompt_func_t
1253  * callback, and the provider always assumes that it is not allowed
1254  * to store the passphrase in plaintext.
1255  *
1256  * @deprecated Provided for backwards compatibility with the 1.5 API.
1257  * @since New in 1.4.
1258  */
1260 void
1262  svn_auth_provider_object_t **provider,
1263  apr_pool_t *pool);
1264 
1265 
1266 /** Set @a *provider to an authentication provider of type @c
1267  * svn_auth_cred_ssl_server_trust_t, allocated in @a pool.
1268  *
1269  * @a *provider retrieves its credentials by using the @a prompt_func
1270  * and @a prompt_baton. The returned credential is used to override
1271  * SSL security on an error.
1272  *
1273  * @since New in 1.4.
1274  */
1275 void
1277  svn_auth_provider_object_t **provider,
1279  void *prompt_baton,
1280  apr_pool_t *pool);
1281 
1282 
1283 /** Set @a *provider to an authentication provider of type @c
1284  * svn_auth_cred_ssl_client_cert_t, allocated in @a pool.
1285  *
1286  * @a *provider retrieves its credentials by using the @a prompt_func
1287  * and @a prompt_baton. The returned credential is used to load the
1288  * appropriate client certificate for authentication when requested by
1289  * a server. The prompt will be retried @a retry_limit times. For
1290  * infinite retries, set @a retry_limit to value less than 0.
1291  *
1292  * @since New in 1.4.
1293  */
1294 void
1296  svn_auth_provider_object_t **provider,
1298  void *prompt_baton,
1299  int retry_limit,
1300  apr_pool_t *pool);
1301 
1302 
1303 /** Set @a *provider to an authentication provider of type @c
1304  * svn_auth_cred_ssl_client_cert_pw_t, allocated in @a pool.
1305  *
1306  * @a *provider retrieves its credentials by using the @a prompt_func
1307  * and @a prompt_baton. The returned credential is used when a loaded
1308  * client certificate is protected by a passphrase. The prompt will
1309  * be retried @a retry_limit times. For infinite retries, set
1310  * @a retry_limit to value less than 0.
1311  *
1312  * @since New in 1.4.
1313  */
1314 void
1316  svn_auth_provider_object_t **provider,
1318  void *prompt_baton,
1319  int retry_limit,
1320  apr_pool_t *pool);
1321 
1322 
1323 #ifdef __cplusplus
1324 }
1325 #endif /* __cplusplus */
1326 
1327 #endif /* SVN_AUTH_H */
svn_error_t *(* svn_auth_ssl_server_trust_prompt_func_t)(svn_auth_cred_ssl_server_trust_t **cred, void *baton, const char *realm, apr_uint32_t failures, const svn_auth_ssl_server_cert_info_t *cert_info, svn_boolean_t may_save, apr_pool_t *pool)
Set *cred by prompting the user, allocating *cred in pool.
Definition: svn_auth.h:439
svn_boolean_t may_save
Indicates if the credentials may be saved (to disk).
Definition: svn_auth.h:199
const char * password
Password.
Definition: svn_auth.h:194
svn_error_t * svn_auth_get_platform_specific_client_providers(apr_array_header_t **providers, svn_config_t *config, apr_pool_t *pool)
Set *providers to an array of svn_auth_provider_object_t * objects.
void svn_auth_get_windows_ssl_client_cert_pw_provider(svn_auth_provider_object_t **provider, apr_pool_t *pool)
Set *provider to an authentication provider of type svn_auth_cred_ssl_client_cert_pw_t that gets/sets...
void svn_auth_get_gnome_keyring_ssl_client_cert_pw_provider(svn_auth_provider_object_t **provider, apr_pool_t *pool)
Set *provider to an authentication provider of type svn_auth_cred_ssl_client_cert_pw_t that gets/sets...
const char * valid_until
ASCII date until which the certificate is valid.
Definition: svn_auth.h:314
The main authentication "provider" vtable.
Definition: svn_auth.h:94
A provider object, ready to be put into an array and given to svn_auth_open().
Definition: svn_auth.h:158
SSL server certificate information used by SVN_AUTH_CRED_SSL_SERVER_TRUST providers.
Definition: svn_auth.h:305
void svn_auth_get_keychain_ssl_client_cert_pw_provider(svn_auth_provider_object_t **provider, apr_pool_t *pool)
Set *provider to an authentication provider of type svn_auth_cred_ssl_client_cert_pw_t that gets/sets...
void(* svn_auth_simple_provider_func_t)(svn_auth_provider_object_t **provider, apr_pool_t *pool)
The type of function returning authentication provider.
Definition: svn_auth.h:166
svn_error_t *(* svn_auth_ssl_client_cert_prompt_func_t)(svn_auth_cred_ssl_client_cert_t **cred, void *baton, const char *realm, svn_boolean_t may_save, apr_pool_t *pool)
Set *cred by prompting the user, allocating *cred in pool.
Definition: svn_auth.h:459
svn_error_t * svn_auth_next_credentials(void **credentials, svn_auth_iterstate_t *state, apr_pool_t *pool)
Get another set of credentials, assuming previous ones failed to authenticate.
const char * cert_file
Absolute path to the certificate file.
Definition: svn_auth.h:242
void(* svn_auth_ssl_client_cert_pw_provider_func_t)(svn_auth_provider_object_t **provider, apr_pool_t *pool)
A function returning an SSL client certificate passphrase provider.
Definition: svn_auth.h:252
const char * cred_kind
The kind of credentials this provider knows how to retrieve.
Definition: svn_auth.h:97
svn_error_t *(* svn_auth_plaintext_passphrase_prompt_func_t)(svn_boolean_t *may_save_plaintext, const char *realmstring, void *baton, apr_pool_t *pool)
A type of callback function for asking whether storing a passphrase to disk in plaintext is allowed...
Definition: svn_auth.h:516
const char * password
Certificate password.
Definition: svn_auth.h:277
void svn_auth_get_username_provider(svn_auth_provider_object_t **provider, apr_pool_t *pool)
Set *provider to an authentication provider of type svn_auth_cred_username_t that gets/sets informati...
const svn_version_t * svn_auth_gnome_keyring_version(void)
Get libsvn_auth_gnome_keyring version information.
svn_boolean_t may_save
Indicates if the credentials may be saved (to disk).
Definition: svn_auth.h:247
void svn_auth_get_simple_prompt_provider(svn_auth_provider_object_t **provider, svn_auth_simple_prompt_func_t prompt_func, void *prompt_baton, int retry_limit, apr_pool_t *pool)
Set *provider to an authentication provider of type svn_auth_cred_simple_t that gets information by p...
SVN_AUTH_CRED_SSL_CLIENT_CERT credentials.
Definition: svn_auth.h:239
struct svn_auth_cred_ssl_client_cert_t svn_auth_cred_ssl_client_cert_t
SVN_AUTH_CRED_SSL_CLIENT_CERT credentials.
void svn_auth_get_ssl_client_cert_file_provider(svn_auth_provider_object_t **provider, apr_pool_t *pool)
Set *provider to an authentication provider of type svn_auth_cred_ssl_client_cert_t, allocated in pool.
void svn_auth_get_gnome_keyring_simple_provider(svn_auth_provider_object_t **provider, apr_pool_t *pool)
Set *provider to an authentication provider of type svn_auth_cred_simple_t that gets/sets information...
svn_error_t *(* svn_auth_plaintext_prompt_func_t)(svn_boolean_t *may_save_plaintext, const char *realmstring, void *baton, apr_pool_t *pool)
A type of callback function for asking whether storing a password to disk in plaintext is allowed...
Definition: svn_auth.h:497
const char * valid_from
ASCII date from which the certificate is valid.
Definition: svn_auth.h:312
void svn_auth_get_keychain_simple_provider(svn_auth_provider_object_t **provider, apr_pool_t *pool)
Set *provider to an authentication provider of type svn_auth_cred_simple_t that gets/sets information...
svn_error_t *(* svn_auth_username_prompt_func_t)(svn_auth_cred_username_t **cred, void *baton, const char *realm, svn_boolean_t may_save, apr_pool_t *pool)
Set *cred by prompting the user, allocating *cred in pool.
Definition: svn_auth.h:396
struct svn_auth_cred_ssl_client_cert_pw_t svn_auth_cred_ssl_client_cert_pw_t
SVN_AUTH_CRED_SSL_CLIENT_CERT_PW credentials.
SVN_AUTH_CRED_SSL_SERVER_TRUST credentials.
Definition: svn_auth.h:331
struct svn_auth_iterstate_t svn_auth_iterstate_t
The type of a Subversion authentication-iteration object.
Definition: svn_auth.h:90
const char * issuer_dname
DN of the certificate issuer.
Definition: svn_auth.h:316
void svn_auth_get_kwallet_ssl_client_cert_pw_provider(svn_auth_provider_object_t **provider, apr_pool_t *pool)
Set *provider to an authentication provider of type svn_auth_cred_ssl_client_cert_pw_t that gets/sets...
Subversion error object.
Definition: svn_types.h:178
void svn_auth_get_gpg_agent_simple_provider(svn_auth_provider_object_t **provider, apr_pool_t *pool)
Set *provider to an authentication provider of type svn_auth_cred_simple_t that gets/sets information...
const char * hostname
Primary CN.
Definition: svn_auth.h:308
svn_error_t *(* svn_auth_ssl_client_cert_pw_prompt_func_t)(svn_auth_cred_ssl_client_cert_pw_t **cred, void *baton, const char *realm, svn_boolean_t may_save, apr_pool_t *pool)
Set *cred by prompting the user, allocating *cred in pool.
Definition: svn_auth.h:477
struct svn_config_t svn_config_t
Opaque structure describing a set of configuration options.
Definition: svn_config.h:54
svn_error_t * svn_auth_forget_credentials(svn_auth_baton_t *auth_baton, const char *cred_kind, const char *realmstring, apr_pool_t *pool)
Forget a set (or all) memory-cached credentials.
SVN_AUTH_CRED_SSL_CLIENT_CERT_PW credentials.
Definition: svn_auth.h:274
struct svn_auth_ssl_server_cert_info_t svn_auth_ssl_server_cert_info_t
SSL server certificate information used by SVN_AUTH_CRED_SSL_SERVER_TRUST providers.
void svn_auth_get_ssl_server_trust_prompt_provider(svn_auth_provider_object_t **provider, svn_auth_ssl_server_trust_prompt_func_t prompt_func, void *prompt_baton, apr_pool_t *pool)
Set *provider to an authentication provider of type svn_auth_cred_ssl_server_trust_t, allocated in pool.
svn_error_t * svn_auth_save_credentials(svn_auth_iterstate_t *state, apr_pool_t *pool)
Save a set of credentials.
void svn_auth_get_ssl_client_cert_pw_file_provider(svn_auth_provider_object_t **provider, apr_pool_t *pool)
Like svn_auth_get_ssl_client_cert_pw_file_provider2, but without the ability to call the svn_auth_pla...
void svn_auth_get_ssl_server_trust_file_provider(svn_auth_provider_object_t **provider, apr_pool_t *pool)
Set *provider to an authentication provider of type svn_auth_cred_ssl_server_trust_t, allocated in pool.
svn_error_t *(* svn_auth_simple_prompt_func_t)(svn_auth_cred_simple_t **cred, void *baton, const char *realm, const char *username, svn_boolean_t may_save, apr_pool_t *pool)
Credential-constructing prompt functions.
Definition: svn_auth.h:376
void svn_auth_get_ssl_client_cert_prompt_provider(svn_auth_provider_object_t **provider, svn_auth_ssl_client_cert_prompt_func_t prompt_func, void *prompt_baton, int retry_limit, apr_pool_t *pool)
Set *provider to an authentication provider of type svn_auth_cred_ssl_client_cert_t, allocated in pool.
Version information.
Definition: svn_version.h:147
SVN_AUTH_CRED_SIMPLE credentials.
Definition: svn_auth.h:189
svn_error_t * svn_auth_first_credentials(void **credentials, svn_auth_iterstate_t **state, const char *cred_kind, const char *realmstring, svn_auth_baton_t *auth_baton, apr_pool_t *pool)
Get an initial set of credentials.
struct svn_auth_provider_object_t svn_auth_provider_object_t
A provider object, ready to be put into an array and given to svn_auth_open().
Subversion&#39;s data types.
void svn_auth_set_parameter(svn_auth_baton_t *auth_baton, const char *name, const void *value)
Set an authentication run-time parameter.
struct svn_auth_baton_t svn_auth_baton_t
The type of a Subversion authentication object.
Definition: svn_auth.h:87
void svn_auth_get_ssl_client_cert_pw_prompt_provider(svn_auth_provider_object_t **provider, svn_auth_ssl_client_cert_pw_prompt_func_t prompt_func, void *prompt_baton, int retry_limit, apr_pool_t *pool)
Set *provider to an authentication provider of type svn_auth_cred_ssl_client_cert_pw_t, allocated in pool.
const char * fingerprint
ASCII fingerprint.
Definition: svn_auth.h:310
struct svn_auth_cred_simple_t svn_auth_cred_simple_t
SVN_AUTH_CRED_SIMPLE credentials.
void svn_auth_open(svn_auth_baton_t **auth_baton, const apr_array_header_t *providers, apr_pool_t *pool)
Initialize an authentication system.
svn_auth_ssl_server_cert_info_t * svn_auth_ssl_server_cert_info_dup(const svn_auth_ssl_server_cert_info_t *info, apr_pool_t *pool)
Return a deep copy of info, allocated in pool.
#define SVN_DEPRECATED
Macro used to mark deprecated functions.
Definition: svn_types.h:60
void svn_auth_get_username_prompt_provider(svn_auth_provider_object_t **provider, svn_auth_username_prompt_func_t prompt_func, void *prompt_baton, int retry_limit, apr_pool_t *pool)
Set *provider to an authentication provider of type svn_auth_cred_username_t that gets information by...
apr_uint32_t accepted_failures
Bit mask of the accepted failures.
Definition: svn_auth.h:339
const char * username
Username.
Definition: svn_auth.h:216
void svn_auth_get_simple_provider(svn_auth_provider_object_t **provider, apr_pool_t *pool)
Like svn_auth_get_simple_provider2, but without the ability to call the svn_auth_plaintext_prompt_fun...
const void * svn_auth_get_parameter(svn_auth_baton_t *auth_baton, const char *name)
Get an authentication run-time parameter.
struct svn_auth_cred_username_t svn_auth_cred_username_t
SVN_AUTH_CRED_USERNAME credentials.
void svn_auth_get_windows_ssl_server_trust_provider(svn_auth_provider_object_t **provider, apr_pool_t *pool)
Set *provider to an authentication provider of type svn_auth_cred_ssl_server_trust_t, allocated in pool.
const svn_version_t * svn_auth_kwallet_version(void)
Get libsvn_auth_kwallet version information.
svn_boolean_t may_save
Indicates if the credentials may be saved (to disk).
Definition: svn_auth.h:337
void svn_auth_get_ssl_client_cert_pw_file_provider2(svn_auth_provider_object_t **provider, svn_auth_plaintext_passphrase_prompt_func_t plaintext_passphrase_prompt_func, void *prompt_baton, apr_pool_t *pool)
Set *provider to an authentication provider of type svn_auth_cred_ssl_client_cert_pw_t that gets/sets...
Accessing SVN configuration files.
void svn_auth_get_windows_simple_provider(svn_auth_provider_object_t **provider, apr_pool_t *pool)
Set *provider to an authentication provider of type svn_auth_cred_simple_t that gets/sets information...
const char * username
Username.
Definition: svn_auth.h:192
struct svn_auth_provider_t svn_auth_provider_t
The main authentication "provider" vtable.
int svn_boolean_t
YABT: Yet Another Boolean Type.
Definition: svn_types.h:139
svn_boolean_t may_save
Indicates if the credentials may be saved (to disk).
Definition: svn_auth.h:282
const char * ascii_cert
Base-64 encoded DER certificate representation.
Definition: svn_auth.h:318
struct svn_auth_cred_ssl_server_trust_t svn_auth_cred_ssl_server_trust_t
SVN_AUTH_CRED_SSL_SERVER_TRUST credentials.
SVN_AUTH_CRED_USERNAME credentials.
Definition: svn_auth.h:213
svn_error_t * svn_auth_get_platform_specific_provider(svn_auth_provider_object_t **provider, const char *provider_name, const char *provider_type, apr_pool_t *pool)
Set *provider to an authentication provider of type svn_auth_provider_object_t, or return NULL if the...
void svn_auth_get_simple_provider2(svn_auth_provider_object_t **provider, svn_auth_plaintext_prompt_func_t plaintext_prompt_func, void *prompt_baton, apr_pool_t *pool)
Set *provider to an authentication provider of type svn_auth_cred_simple_t that gets/sets information...
void svn_auth_get_kwallet_simple_provider(svn_auth_provider_object_t **provider, apr_pool_t *pool)
Set *provider to an authentication provider of type svn_auth_cred_simple_t that gets/sets information...
svn_boolean_t may_save
Indicates if the credentials may be saved (to disk).
Definition: svn_auth.h:221