Subversion
 All Data Structures Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
Data Structures | Macros | Typedefs | Functions
Authentication functions

Overview of the svn authentication system. More...

Data Structures

struct  svn_auth_provider_t
 The main authentication "provider" vtable. More...
 
struct  svn_auth_provider_object_t
 A provider object, ready to be put into an array and given to svn_auth_open(). More...
 
struct  svn_auth_cred_simple_t
 SVN_AUTH_CRED_SIMPLE credentials. More...
 
struct  svn_auth_cred_username_t
 SVN_AUTH_CRED_USERNAME credentials. More...
 
struct  svn_auth_cred_ssl_client_cert_t
 SVN_AUTH_CRED_SSL_CLIENT_CERT credentials. More...
 
struct  svn_auth_cred_ssl_client_cert_pw_t
 SVN_AUTH_CRED_SSL_CLIENT_CERT_PW credentials. More...
 
struct  svn_auth_ssl_server_cert_info_t
 SSL server certificate information used by SVN_AUTH_CRED_SSL_SERVER_TRUST providers. More...
 
struct  svn_auth_cred_ssl_server_trust_t
 SVN_AUTH_CRED_SSL_SERVER_TRUST credentials. More...
 

Macros

#define SVN_AUTH_CRED_SIMPLE   "svn.simple"
 Specific types of credentials. More...
 
#define SVN_AUTH_CRED_USERNAME   "svn.username"
 Username credential kind. More...
 
#define SVN_AUTH_CRED_SSL_CLIENT_CERT   "svn.ssl.client-cert"
 SSL client certificate credential type. More...
 
#define SVN_AUTH_CRED_SSL_CLIENT_CERT_PW   "svn.ssl.client-passphrase"
 SSL client certificate passphrase credential type. More...
 
#define SVN_AUTH_CRED_SSL_SERVER_TRUST   "svn.ssl.server"
 SSL server verification credential type. More...
 
#define SVN_AUTH_PARAM_PREFIX   "svn:auth:"
 Universal run-time parameters, made available to all providers. More...
 
#define SVN_AUTH_PARAM_NON_INTERACTIVE   SVN_AUTH_PARAM_PREFIX "non-interactive"
 The application doesn't want any providers to prompt users. More...
 
#define SVN_AUTH_PARAM_DONT_STORE_PASSWORDS
 The application doesn't want any providers to save passwords to disk. More...
 
#define SVN_AUTH_PARAM_STORE_PLAINTEXT_PASSWORDS
 Indicates whether providers may save passwords to disk in plaintext. More...
 
#define SVN_AUTH_PARAM_DONT_STORE_SSL_CLIENT_CERT_PP   SVN_AUTH_PARAM_PREFIX "dont-store-ssl-client-cert-pp"
 The application doesn't want any providers to save passphrase to disk. More...
 
#define SVN_AUTH_PARAM_STORE_SSL_CLIENT_CERT_PP_PLAINTEXT   SVN_AUTH_PARAM_PREFIX "store-ssl-client-cert-pp-plaintext"
 Indicates whether providers may save passphrase to disk in plaintext. More...
 
#define SVN_AUTH_PARAM_NO_AUTH_CACHE   SVN_AUTH_PARAM_PREFIX "no-auth-cache"
 The application doesn't want any providers to save credentials to disk. More...
 
#define SVN_AUTH_PARAM_SSL_SERVER_FAILURES
 The following property is for SSL server cert providers. More...
 
#define SVN_AUTH_PARAM_SSL_SERVER_CERT_INFO
 The following property is for SSL server cert providers. More...
 
#define SVN_AUTH_PARAM_CONFIG_CATEGORY_CONFIG
 This provides a pointer to a svn_config_t containting the config category. More...
 
#define SVN_AUTH_PARAM_CONFIG_CATEGORY_SERVERS
 This provides a pointer to a svn_config_t containting the servers category. More...
 
#define SVN_AUTH_PARAM_CONFIG   SVN_AUTH_PARAM_CONFIG_CATEGORY_SERVERS
 
#define SVN_AUTH_PARAM_SERVER_GROUP   SVN_AUTH_PARAM_PREFIX "server-group"
 The current server group. More...
 
#define SVN_AUTH_PARAM_CONFIG_DIR   SVN_AUTH_PARAM_PREFIX "config-dir"
 A configuration directory that overrides the default ~/.subversion. More...
 

Typedefs

typedef struct svn_auth_baton_t svn_auth_baton_t
 The type of a Subversion authentication object.
 
typedef struct svn_auth_iterstate_t svn_auth_iterstate_t
 The type of a Subversion authentication-iteration object.
 
typedef struct svn_auth_provider_t svn_auth_provider_t
 The main authentication "provider" vtable. More...
 
typedef struct
svn_auth_provider_object_t 
svn_auth_provider_object_t
 A provider object, ready to be put into an array and given to svn_auth_open(). More...
 
typedef void(* svn_auth_simple_provider_func_t )(svn_auth_provider_object_t **provider, apr_pool_t *pool)
 The type of function returning authentication provider. More...
 
typedef struct
svn_auth_cred_simple_t 
svn_auth_cred_simple_t
 SVN_AUTH_CRED_SIMPLE credentials. More...
 
typedef struct
svn_auth_cred_username_t 
svn_auth_cred_username_t
 SVN_AUTH_CRED_USERNAME credentials. More...
 
typedef struct
svn_auth_cred_ssl_client_cert_t 
svn_auth_cred_ssl_client_cert_t
 SVN_AUTH_CRED_SSL_CLIENT_CERT credentials. More...
 
typedef void(* svn_auth_ssl_client_cert_pw_provider_func_t )(svn_auth_provider_object_t **provider, apr_pool_t *pool)
 A function returning an SSL client certificate passphrase provider. More...
 
typedef struct
svn_auth_cred_ssl_client_cert_pw_t 
svn_auth_cred_ssl_client_cert_pw_t
 SVN_AUTH_CRED_SSL_CLIENT_CERT_PW credentials. More...
 
typedef struct
svn_auth_ssl_server_cert_info_t 
svn_auth_ssl_server_cert_info_t
 SSL server certificate information used by SVN_AUTH_CRED_SSL_SERVER_TRUST providers.
 
typedef struct
svn_auth_cred_ssl_server_trust_t 
svn_auth_cred_ssl_server_trust_t
 SVN_AUTH_CRED_SSL_SERVER_TRUST credentials. More...
 
typedef svn_error_t *(* svn_auth_simple_prompt_func_t )(svn_auth_cred_simple_t **cred, void *baton, const char *realm, const char *username, svn_boolean_t may_save, apr_pool_t *pool)
 Credential-constructing prompt functions. More...
 
typedef svn_error_t *(* svn_auth_username_prompt_func_t )(svn_auth_cred_username_t **cred, void *baton, const char *realm, svn_boolean_t may_save, apr_pool_t *pool)
 Set *cred by prompting the user, allocating *cred in pool. More...
 
typedef svn_error_t *(* svn_auth_ssl_server_trust_prompt_func_t )(svn_auth_cred_ssl_server_trust_t **cred, void *baton, const char *realm, apr_uint32_t failures, const svn_auth_ssl_server_cert_info_t *cert_info, svn_boolean_t may_save, apr_pool_t *pool)
 Set *cred by prompting the user, allocating *cred in pool. More...
 
typedef svn_error_t *(* svn_auth_ssl_client_cert_prompt_func_t )(svn_auth_cred_ssl_client_cert_t **cred, void *baton, const char *realm, svn_boolean_t may_save, apr_pool_t *pool)
 Set *cred by prompting the user, allocating *cred in pool. More...
 
typedef svn_error_t *(* svn_auth_ssl_client_cert_pw_prompt_func_t )(svn_auth_cred_ssl_client_cert_pw_t **cred, void *baton, const char *realm, svn_boolean_t may_save, apr_pool_t *pool)
 Set *cred by prompting the user, allocating *cred in pool. More...
 
typedef svn_error_t *(* svn_auth_plaintext_prompt_func_t )(svn_boolean_t *may_save_plaintext, const char *realmstring, void *baton, apr_pool_t *pool)
 A type of callback function for asking whether storing a password to disk in plaintext is allowed. More...
 
typedef svn_error_t *(* svn_auth_plaintext_passphrase_prompt_func_t )(svn_boolean_t *may_save_plaintext, const char *realmstring, void *baton, apr_pool_t *pool)
 A type of callback function for asking whether storing a passphrase to disk in plaintext is allowed. More...
 

Functions

svn_auth_ssl_server_cert_info_tsvn_auth_ssl_server_cert_info_dup (const svn_auth_ssl_server_cert_info_t *info, apr_pool_t *pool)
 Return a deep copy of info, allocated in pool. More...
 
void svn_auth_open (svn_auth_baton_t **auth_baton, const apr_array_header_t *providers, apr_pool_t *pool)
 Initialize an authentication system. More...
 
void svn_auth_set_parameter (svn_auth_baton_t *auth_baton, const char *name, const void *value)
 Set an authentication run-time parameter. More...
 
const void * svn_auth_get_parameter (svn_auth_baton_t *auth_baton, const char *name)
 Get an authentication run-time parameter. More...
 
svn_error_tsvn_auth_first_credentials (void **credentials, svn_auth_iterstate_t **state, const char *cred_kind, const char *realmstring, svn_auth_baton_t *auth_baton, apr_pool_t *pool)
 Get an initial set of credentials. More...
 
svn_error_tsvn_auth_next_credentials (void **credentials, svn_auth_iterstate_t *state, apr_pool_t *pool)
 Get another set of credentials, assuming previous ones failed to authenticate. More...
 
svn_error_tsvn_auth_save_credentials (svn_auth_iterstate_t *state, apr_pool_t *pool)
 Save a set of credentials. More...
 
svn_error_tsvn_auth_forget_credentials (svn_auth_baton_t *auth_baton, const char *cred_kind, const char *realmstring, apr_pool_t *pool)
 Forget a set (or all) memory-cached credentials. More...
 

SSL server certificate failure bits

Note
These values are stored in the on disk auth cache by the SSL server certificate auth provider, so the meaning of these bits must not be changed.
#define SVN_AUTH_SSL_NOTYETVALID   0x00000001
 Certificate is not yet valid. More...
 
#define SVN_AUTH_SSL_EXPIRED   0x00000002
 Certificate has expired. More...
 
#define SVN_AUTH_SSL_CNMISMATCH   0x00000004
 Certificate's CN (hostname) does not match the remote hostname. More...
 
#define SVN_AUTH_SSL_UNKNOWNCA   0x00000008
 Certificate authority is unknown (i.e. More...
 
#define SVN_AUTH_SSL_OTHER   0x40000000
 Other failure. More...
 

Default credentials defines

Property values are const char *.

#define SVN_AUTH_PARAM_DEFAULT_USERNAME   SVN_AUTH_PARAM_PREFIX "username"
 Default username provided by the application itself (e.g. More...
 
#define SVN_AUTH_PARAM_DEFAULT_PASSWORD   SVN_AUTH_PARAM_PREFIX "password"
 Default password provided by the application itself (e.g. More...
 

Detailed Description

Overview of the svn authentication system.

We define an authentication "provider" as a module that is able to return a specific set of credentials. (e.g. username/password, certificate, etc.) Each provider implements a vtable that

For any given type of credentials, there can exist any number of separate providers – each provider has a different method of fetching. (i.e. from a disk store, by prompting the user, etc.)

The application begins by creating an auth baton object, and "registers" some number of providers with the auth baton, in a specific order. (For example, it may first register a username/password provider that looks in disk store, then register a username/password provider that prompts the user.)

Later on, when any svn library is challenged, it asks the auth baton for the specific credentials. If the initial credentials fail to authenticate, the caller keeps requesting new credentials. Under the hood, libsvn_auth effectively "walks" over each provider (in order of registry), one at a time, until all the providers have exhausted all their retry options.

This system allows an application to flexibly define authentication behaviors (by changing registration order), and very easily write new authentication providers.

An auth_baton also contains an internal hashtable of run-time parameters; any provider or library layer can set these run-time parameters at any time, so that the provider has access to the data. (For example, certain run-time data may not be available until an authentication challenge is made.) Each credential type must document the run-time parameters that are made available to its providers.

Macro Definition Documentation

#define SVN_AUTH_CRED_SIMPLE   "svn.simple"

Specific types of credentials.

Simple username/password pair credential kind.

The following auth parameters are available to the providers:

  • SVN_AUTH_PARAM_CONFIG_CATEGORY_CONFIG (svn_config_t*)
  • SVN_AUTH_PARAM_CONFIG_CATEGORY_SERVERS (svn_config_t*)

The following auth parameters may be available to the providers:

  • SVN_AUTH_PARAM_NO_AUTH_CACHE (void*)
  • SVN_AUTH_PARAM_DEFAULT_USERNAME (char*)
  • SVN_AUTH_PARAM_DEFAULT_PASSWORD (char*)

Definition at line 186 of file svn_auth.h.

#define SVN_AUTH_CRED_SSL_CLIENT_CERT   "svn.ssl.client-cert"

SSL client certificate credential type.

The following auth parameters are available to the providers:

  • SVN_AUTH_PARAM_CONFIG_CATEGORY_SERVERS (svn_config_t*)
  • SVN_AUTH_PARAM_SERVER_GROUP (char*)

The following optional auth parameters are relevant to the providers:

  • SVN_AUTH_PARAM_NO_AUTH_CACHE (void*)

Definition at line 236 of file svn_auth.h.

#define SVN_AUTH_CRED_SSL_CLIENT_CERT_PW   "svn.ssl.client-passphrase"

SSL client certificate passphrase credential type.

Note
The realmstring used with this credential type must be a name that makes it possible for the user to identify the certificate.

The following auth parameters are available to the providers:

  • SVN_AUTH_PARAM_CONFIG_CATEGORY_CONFIG (svn_config_t*)
  • SVN_AUTH_PARAM_CONFIG_CATEGORY_SERVERS (svn_config_t*)
  • SVN_AUTH_PARAM_SERVER_GROUP (char*)

The following optional auth parameters are relevant to the providers:

  • SVN_AUTH_PARAM_NO_AUTH_CACHE (void*)

Definition at line 271 of file svn_auth.h.

#define SVN_AUTH_CRED_SSL_SERVER_TRUST   "svn.ssl.server"

SSL server verification credential type.

The following auth parameters are available to the providers:

  • SVN_AUTH_PARAM_CONFIG_CATEGORY_SERVERS (svn_config_t*)
  • SVN_AUTH_PARAM_SERVER_GROUP (char*)
  • SVN_AUTH_PARAM_SSL_SERVER_FAILURES (apr_uint32_t*)
  • SVN_AUTH_PARAM_SSL_SERVER_CERT_INFO (svn_auth_ssl_server_cert_info_t*)

The following optional auth parameters are relevant to the providers:

  • SVN_AUTH_PARAM_NO_AUTH_CACHE (void*)

Definition at line 300 of file svn_auth.h.

#define SVN_AUTH_CRED_USERNAME   "svn.username"

Username credential kind.

The following optional auth parameters are relevant to the providers:

  • SVN_AUTH_PARAM_NO_AUTH_CACHE (void*)
  • SVN_AUTH_PARAM_DEFAULT_USERNAME (char*)

Definition at line 210 of file svn_auth.h.

#define SVN_AUTH_PARAM_CONFIG   SVN_AUTH_PARAM_CONFIG_CATEGORY_SERVERS
Deprecated:
Provided for backward compatibility with the 1.5 API.

Definition at line 642 of file svn_auth.h.

#define SVN_AUTH_PARAM_CONFIG_CATEGORY_CONFIG
Value:
"config-category-config"
#define SVN_AUTH_PARAM_PREFIX
Universal run-time parameters, made available to all providers.
Definition: svn_auth.h:568

This provides a pointer to a svn_config_t containting the config category.

Definition at line 633 of file svn_auth.h.

#define SVN_AUTH_PARAM_CONFIG_CATEGORY_SERVERS
Value:
"config-category-servers"
#define SVN_AUTH_PARAM_PREFIX
Universal run-time parameters, made available to all providers.
Definition: svn_auth.h:568

This provides a pointer to a svn_config_t containting the servers category.

Definition at line 638 of file svn_auth.h.

#define SVN_AUTH_PARAM_CONFIG_DIR   SVN_AUTH_PARAM_PREFIX "config-dir"

A configuration directory that overrides the default ~/.subversion.

Definition at line 649 of file svn_auth.h.

#define SVN_AUTH_PARAM_DEFAULT_PASSWORD   SVN_AUTH_PARAM_PREFIX "password"

Default password provided by the application itself (e.g.

–password)

Definition at line 577 of file svn_auth.h.

#define SVN_AUTH_PARAM_DEFAULT_USERNAME   SVN_AUTH_PARAM_PREFIX "username"

Default username provided by the application itself (e.g.

–username)

Definition at line 575 of file svn_auth.h.

#define SVN_AUTH_PARAM_DONT_STORE_PASSWORDS
Value:
"dont-store-passwords"
#define SVN_AUTH_PARAM_PREFIX
Universal run-time parameters, made available to all providers.
Definition: svn_auth.h:568

The application doesn't want any providers to save passwords to disk.

Property value is irrelevant; only property's existence matters.

Definition at line 588 of file svn_auth.h.

#define SVN_AUTH_PARAM_DONT_STORE_SSL_CLIENT_CERT_PP   SVN_AUTH_PARAM_PREFIX "dont-store-ssl-client-cert-pp"

The application doesn't want any providers to save passphrase to disk.

Property value is irrelevant; only property's existence matters.

Since
New in 1.6.

Definition at line 604 of file svn_auth.h.

#define SVN_AUTH_PARAM_NO_AUTH_CACHE   SVN_AUTH_PARAM_PREFIX "no-auth-cache"

The application doesn't want any providers to save credentials to disk.

Property value is irrelevant; only property's existence matters.

Definition at line 618 of file svn_auth.h.

#define SVN_AUTH_PARAM_NON_INTERACTIVE   SVN_AUTH_PARAM_PREFIX "non-interactive"

The application doesn't want any providers to prompt users.

Property value is irrelevant; only property's existence matters.

Definition at line 583 of file svn_auth.h.

#define SVN_AUTH_PARAM_PREFIX   "svn:auth:"

Universal run-time parameters, made available to all providers.

If you are writing a new provider, then to be a "good citizen", you should notice these global parameters! Note that these run-time params should be treated as read-only by providers; the application is responsible for placing them into the auth_baton hash. The auth-hash prefix indicating that the parameter is global.

Definition at line 568 of file svn_auth.h.

#define SVN_AUTH_PARAM_SERVER_GROUP   SVN_AUTH_PARAM_PREFIX "server-group"

The current server group.

Definition at line 645 of file svn_auth.h.

#define SVN_AUTH_PARAM_SSL_SERVER_CERT_INFO
Value:
"ssl:cert-info"
#define SVN_AUTH_PARAM_PREFIX
Universal run-time parameters, made available to all providers.
Definition: svn_auth.h:568

The following property is for SSL server cert providers.

This provides the cert info (svn_auth_ssl_server_cert_info_t).

Definition at line 628 of file svn_auth.h.

#define SVN_AUTH_PARAM_SSL_SERVER_FAILURES
Value:
"ssl:failures"
#define SVN_AUTH_PARAM_PREFIX
Universal run-time parameters, made available to all providers.
Definition: svn_auth.h:568

The following property is for SSL server cert providers.

This provides a pointer to an apr_uint32_t containing the failures detected by the certificate validator.

Definition at line 623 of file svn_auth.h.

#define SVN_AUTH_PARAM_STORE_PLAINTEXT_PASSWORDS
Value:
"store-plaintext-passwords"
#define SVN_AUTH_PARAM_PREFIX
Universal run-time parameters, made available to all providers.
Definition: svn_auth.h:568

Indicates whether providers may save passwords to disk in plaintext.

Property value can be either SVN_CONFIG_TRUE, SVN_CONFIG_FALSE, or SVN_CONFIG_ASK.

Since
New in 1.6.

Definition at line 596 of file svn_auth.h.

#define SVN_AUTH_PARAM_STORE_SSL_CLIENT_CERT_PP_PLAINTEXT   SVN_AUTH_PARAM_PREFIX "store-ssl-client-cert-pp-plaintext"

Indicates whether providers may save passphrase to disk in plaintext.

Property value can be either SVN_CONFIG_TRUE, SVN_CONFIG_FALSE, or SVN_CONFIG_ASK.

Since
New in 1.6.

Definition at line 612 of file svn_auth.h.

#define SVN_AUTH_SSL_CNMISMATCH   0x00000004

Certificate's CN (hostname) does not match the remote hostname.

Definition at line 416 of file svn_auth.h.

#define SVN_AUTH_SSL_EXPIRED   0x00000002

Certificate has expired.

Definition at line 414 of file svn_auth.h.

#define SVN_AUTH_SSL_NOTYETVALID   0x00000001

Certificate is not yet valid.

Definition at line 412 of file svn_auth.h.

#define SVN_AUTH_SSL_OTHER   0x40000000

Other failure.

This can happen if an unknown failure occurs that we do not handle yet.

Definition at line 421 of file svn_auth.h.

#define SVN_AUTH_SSL_UNKNOWNCA   0x00000008

Certificate authority is unknown (i.e.

not trusted)

Definition at line 418 of file svn_auth.h.

Typedef Documentation

SVN_AUTH_CRED_SIMPLE credentials.

SVN_AUTH_CRED_SSL_CLIENT_CERT_PW credentials.

SVN_AUTH_CRED_SSL_CLIENT_CERT credentials.

SVN_AUTH_CRED_SSL_SERVER_TRUST credentials.

SVN_AUTH_CRED_USERNAME credentials.

typedef svn_error_t*(* svn_auth_plaintext_passphrase_prompt_func_t)(svn_boolean_t *may_save_plaintext, const char *realmstring, void *baton, apr_pool_t *pool)

A type of callback function for asking whether storing a passphrase to disk in plaintext is allowed.

In this callback, the client should ask the user whether storing a passphrase for the realm identified by realmstring to disk in plaintext is allowed.

The answer is returned in *may_save_plaintext. baton is an implementation-specific closure. All allocations should be done in pool.

Since
New in 1.6

Definition at line 516 of file svn_auth.h.

typedef svn_error_t*(* svn_auth_plaintext_prompt_func_t)(svn_boolean_t *may_save_plaintext, const char *realmstring, void *baton, apr_pool_t *pool)

A type of callback function for asking whether storing a password to disk in plaintext is allowed.

In this callback, the client should ask the user whether storing a password for the realm identified by realmstring to disk in plaintext is allowed.

The answer is returned in *may_save_plaintext. baton is an implementation-specific closure. All allocations should be done in pool.

Since
New in 1.6

Definition at line 497 of file svn_auth.h.

A provider object, ready to be put into an array and given to svn_auth_open().

The main authentication "provider" vtable.

typedef svn_error_t*(* svn_auth_simple_prompt_func_t)(svn_auth_cred_simple_t **cred, void *baton, const char *realm, const char *username, svn_boolean_t may_save, apr_pool_t *pool)

Credential-constructing prompt functions.

These exist so that different client applications can use different prompt mechanisms to supply the same credentials. For example, if authentication requires a username and password, a command-line client's prompting function might prompt first for the username and then for the password, whereas a GUI client's would present a single dialog box asking for both, and a telepathic client's would read all the information directly from the user's mind. All these prompting functions return the same type of credential, but the information used to construct the credential is gathered in an interface-specific way in each case. Set *cred by prompting the user, allocating *cred in pool. baton is an implementation-specific closure.

If realm is non-NULL, maybe use it in the prompt string.

If username is non-NULL, then the user might be prompted only for a password, but *cred would still be filled with both username and password. For example, a typical usage would be to pass username on the first call, but then leave it NULL for subsequent calls, on the theory that if credentials failed, it's as likely to be due to incorrect username as incorrect password.

If may_save is FALSE, the auth system does not allow the credentials to be saved (to disk). A prompt function shall not ask the user if the credentials shall be saved if may_save is FALSE. For example, a GUI client with a remember password checkbox would grey out the checkbox if may_save is FALSE.

Definition at line 376 of file svn_auth.h.

typedef void(* svn_auth_simple_provider_func_t)(svn_auth_provider_object_t **provider, apr_pool_t *pool)

The type of function returning authentication provider.

Definition at line 166 of file svn_auth.h.

typedef svn_error_t*(* svn_auth_ssl_client_cert_prompt_func_t)(svn_auth_cred_ssl_client_cert_t **cred, void *baton, const char *realm, svn_boolean_t may_save, apr_pool_t *pool)

Set *cred by prompting the user, allocating *cred in pool.

baton is an implementation-specific closure. realm is a string that can be used in the prompt string.

If may_save is FALSE, the auth system does not allow the credentials to be saved (to disk). A prompt function shall not ask the user if the credentials shall be saved if may_save is FALSE. For example, a GUI client with a remember certificate checkbox would grey out the checkbox if may_save is FALSE.

Definition at line 459 of file svn_auth.h.

typedef svn_error_t*(* svn_auth_ssl_client_cert_pw_prompt_func_t)(svn_auth_cred_ssl_client_cert_pw_t **cred, void *baton, const char *realm, svn_boolean_t may_save, apr_pool_t *pool)

Set *cred by prompting the user, allocating *cred in pool.

baton is an implementation-specific closure. realm is a string identifying the certificate, and can be used in the prompt string.

If may_save is FALSE, the auth system does not allow the credentials to be saved (to disk). A prompt function shall not ask the user if the credentials shall be saved if may_save is FALSE. For example, a GUI client with a remember password checkbox would grey out the checkbox if may_save is FALSE.

Definition at line 477 of file svn_auth.h.

typedef void(* svn_auth_ssl_client_cert_pw_provider_func_t)(svn_auth_provider_object_t **provider, apr_pool_t *pool)

A function returning an SSL client certificate passphrase provider.

Definition at line 252 of file svn_auth.h.

typedef svn_error_t*(* svn_auth_ssl_server_trust_prompt_func_t)(svn_auth_cred_ssl_server_trust_t **cred, void *baton, const char *realm, apr_uint32_t failures, const svn_auth_ssl_server_cert_info_t *cert_info, svn_boolean_t may_save, apr_pool_t *pool)

Set *cred by prompting the user, allocating *cred in pool.

baton is an implementation-specific closure.

cert_info is a structure describing the server cert that was presented to the client, and failures is a bitmask that describes exactly why the cert could not be automatically validated, composed from the constants SVN_AUTH_SSL_* (SVN_AUTH_SSL_NOTYETVALID etc.). realm is a string that can be used in the prompt string.

If may_save is FALSE, the auth system does not allow the credentials to be saved (to disk). A prompt function shall not ask the user if the credentials shall be saved if may_save is FALSE. For example, a GUI client with a trust permanently checkbox would grey out the checkbox if may_save is FALSE.

Definition at line 439 of file svn_auth.h.

typedef svn_error_t*(* svn_auth_username_prompt_func_t)(svn_auth_cred_username_t **cred, void *baton, const char *realm, svn_boolean_t may_save, apr_pool_t *pool)

Set *cred by prompting the user, allocating *cred in pool.

baton is an implementation-specific closure.

If realm is non-NULL, maybe use it in the prompt string.

If may_save is FALSE, the auth system does not allow the credentials to be saved (to disk). A prompt function shall not ask the user if the credentials shall be saved if may_save is FALSE. For example, a GUI client with a remember username checkbox would grey out the checkbox if may_save is FALSE.

Definition at line 396 of file svn_auth.h.

Function Documentation

svn_error_t* svn_auth_first_credentials ( void **  credentials,
svn_auth_iterstate_t **  state,
const char *  cred_kind,
const char *  realmstring,
svn_auth_baton_t auth_baton,
apr_pool_t *  pool 
)

Get an initial set of credentials.

Ask auth_baton to set *credentials to a set of credentials defined by cred_kind and valid within realmstring, or NULL if no credentials are available. Otherwise, return an iteration state in *state, so that the caller can call svn_auth_next_credentials(), in case the first set of credentials fails to authenticate.

Use pool to allocate *state, and for temporary allocation. Note that *credentials will be allocated in auth_baton's pool.

svn_error_t* svn_auth_forget_credentials ( svn_auth_baton_t auth_baton,
const char *  cred_kind,
const char *  realmstring,
apr_pool_t *  pool 
)

Forget a set (or all) memory-cached credentials.

Remove references (if any) in auth_baton to credentials cached therein. If cred_kind and realmstring are non-NULL, forget only the credentials associated with those credential types and realm. Otherwise cred_kind and realmstring must both be NULL, and this function will forget all credentials cached within auth_baton.

Note
This function does not affect persisted authentication credential storage at all. It is merely a way to cause Subversion to forget about credentials already fetched from a provider, forcing them to be fetched again later should they be required.
Since
New in 1.8.
const void* svn_auth_get_parameter ( svn_auth_baton_t auth_baton,
const char *  name 
)

Get an authentication run-time parameter.

Return a value for run-time parameter name from auth_baton. Return NULL if the parameter doesn't exist.

svn_error_t* svn_auth_next_credentials ( void **  credentials,
svn_auth_iterstate_t state,
apr_pool_t *  pool 
)

Get another set of credentials, assuming previous ones failed to authenticate.

Use state to fetch a different set of *credentials, as a follow-up to svn_auth_first_credentials() or svn_auth_next_credentials(). If no more credentials are available, set *credentials to NULL.

Note that *credentials will be allocated in auth_baton's pool.

void svn_auth_open ( svn_auth_baton_t **  auth_baton,
const apr_array_header_t *  providers,
apr_pool_t *  pool 
)

Initialize an authentication system.

Return an authentication object in *auth_baton (allocated in pool) that represents a particular instance of the svn authentication system. providers is an array of svn_auth_provider_object_t pointers, already allocated in pool and intentionally ordered. These pointers will be stored within *auth_baton, grouped by credential type, and searched in this exact order.

svn_error_t* svn_auth_save_credentials ( svn_auth_iterstate_t state,
apr_pool_t *  pool 
)

Save a set of credentials.

Ask state to store the most recently returned credentials, presumably because they successfully authenticated. All allocations should be done in pool.

If no credentials were ever returned, do nothing.

void svn_auth_set_parameter ( svn_auth_baton_t auth_baton,
const char *  name,
const void *  value 
)

Set an authentication run-time parameter.

Store name / value pair as a run-time parameter in auth_baton, making the data accessible to all providers. name and value will NOT be duplicated into the auth_baton's pool. To delete a run-time parameter, pass NULL for value.

svn_auth_ssl_server_cert_info_t* svn_auth_ssl_server_cert_info_dup ( const svn_auth_ssl_server_cert_info_t info,
apr_pool_t *  pool 
)

Return a deep copy of info, allocated in pool.

Since
New in 1.3.