svn_error_t*
svn_config_get_server_setting_int(svn_config_t *cfg,
const char *server_group,
const char *option_name,
apr_int64_t default_value,
apr_int64_t *result_value,
apr_pool_t *pool)
{
const char* tmp_value;
char *end_pos;
tmp_value = svn_config_get_server_setting(cfg, server_group,
option_name, NULL);
if (tmp_value == NULL)
*result_value = default_value;
else
{
/* read tmp_value as an int now */
*result_value = apr_strtoi64(tmp_value, &end_pos, 0);
if (*end_pos != 0)
{
return svn_error_createf
(SVN_ERR_BAD_CONFIG_VALUE, NULL,
_("Config error: invalid integer value '%s'"),
tmp_value);
}
}
return SVN_NO_ERROR;
}
/* retrieve and load a password for a client certificate from servers file */
static svn_error_t *
ssl_client_cert_pw_file_first_credentials(void **credentials_p,
void **iter_baton,
void *provider_baton,
apr_hash_t *parameters,
const char *realmstring,
apr_pool_t *pool)
{
svn_config_t *cfg = apr_hash_get(parameters,
SVN_AUTH_PARAM_CONFIG,
APR_HASH_KEY_STRING);
const char *server_group = apr_hash_get(parameters,
SVN_AUTH_PARAM_SERVER_GROUP,
APR_HASH_KEY_STRING);
const char *password =
svn_config_get_server_setting(cfg, server_group,
SVN_CONFIG_OPTION_SSL_CLIENT_CERT_PASSWORD,
NULL);
if (password)
{
svn_auth_cred_ssl_client_cert_pw_t *cred
= apr_palloc(pool, sizeof(*cred));
cred->password = password;
cred->may_save = FALSE;
*credentials_p = cred;
}
else *credentials_p = NULL;
*iter_baton = NULL;
return SVN_NO_ERROR;
}
svn_error_t *
svn_auth__ssl_client_cert_pw_file_first_creds_helper
(void **credentials_p,
void **iter_baton,
void *provider_baton,
apr_hash_t *parameters,
const char *realmstring,
svn_auth__password_get_t passphrase_get,
const char *passtype,
apr_pool_t *pool)
{
svn_config_t *cfg = apr_hash_get(parameters,
SVN_AUTH_PARAM_CONFIG_CATEGORY_SERVERS,
APR_HASH_KEY_STRING);
const char *server_group = apr_hash_get(parameters,
SVN_AUTH_PARAM_SERVER_GROUP,
APR_HASH_KEY_STRING);
svn_boolean_t non_interactive = apr_hash_get(parameters,
SVN_AUTH_PARAM_NON_INTERACTIVE,
APR_HASH_KEY_STRING) != NULL;
const char *password =
svn_config_get_server_setting(cfg, server_group,
SVN_CONFIG_OPTION_SSL_CLIENT_CERT_PASSWORD,
NULL);
if (! password)
{
svn_error_t *err;
apr_hash_t *creds_hash = NULL;
const char *config_dir = apr_hash_get(parameters,
SVN_AUTH_PARAM_CONFIG_DIR,
APR_HASH_KEY_STRING);
/* Try to load passphrase from the auth/ cache. */
err = svn_config_read_auth_data(&creds_hash,
SVN_AUTH_CRED_SSL_CLIENT_CERT_PW,
realmstring, config_dir, pool);
svn_error_clear(err);
if (! err && creds_hash)
{
if (!passphrase_get(&password, creds_hash, realmstring,
NULL, parameters, non_interactive, pool))
password = NULL;
}
}
if (password)
{
svn_auth_cred_ssl_client_cert_pw_t *cred
= apr_palloc(pool, sizeof(*cred));
cred->password = password;
cred->may_save = FALSE;
*credentials_p = cred;
}
else *credentials_p = NULL;
*iter_baton = NULL;
return SVN_NO_ERROR;
}
svn_error_t *
svn_config_get_server_setting_bool(svn_config_t *cfg,
svn_boolean_t *valuep,
const char *server_group,
const char *option_name,
svn_boolean_t default_value)
{
const char* tmp_value;
tmp_value = svn_config_get_server_setting(cfg, server_group,
option_name, NULL);
return get_bool(valuep, tmp_value, default_value,
server_group, option_name);
}
static svn_error_t *
test_text_retrieval(const svn_test_opts_t *opts,
apr_pool_t *pool)
{
svn_config_t *cfg;
int i;
const char *cfg_file;
SVN_ERR(get_config_file_path(&cfg_file, opts, pool));
SVN_ERR(svn_config_read3(&cfg, cfg_file, TRUE, FALSE, FALSE, pool));
/* Test values retrieved from our ConfigParser instance against
values retrieved using svn_config. */
for (i = 0; config_keys[i] != NULL; i++)
{
const char *key, *py_val, *c_val;
key = config_keys[i];
py_val = config_values[i];
svn_config_get(cfg, &c_val, "section1", key, "default value");
#if 0
printf("Testing expected value '%s' against '%s' for "
"option '%s'\n", py_val, c_val, key);
#endif
/* Fail iff one value is null, or the strings don't match. */
if ((c_val == NULL) != (py_val == NULL)
|| (c_val != NULL && py_val != NULL && strcmp(c_val, py_val) != 0))
return fail(pool, "Expected value '%s' not equal to '%s' for "
"option '%s'", py_val, c_val, key);
}
{
const char *value = svn_config_get_server_setting(cfg, "server group",
"setting", "default");
if (value == NULL || strcmp(value, "default") != 0)
return svn_error_create(SVN_ERR_TEST_FAILED, SVN_NO_ERROR,
"Expected a svn_config_get_server_setting()"
"to return 'default'");
}
return SVN_NO_ERROR;
}
/* retrieve and load the ssl client certificate file from servers
config */
static svn_error_t *
ssl_client_cert_file_first_credentials(void **credentials_p,
void **iter_baton,
void *provider_baton,
apr_hash_t *parameters,
const char *realmstring,
apr_pool_t *pool)
{
svn_config_t *cfg = svn_hash_gets(parameters,
SVN_AUTH_PARAM_CONFIG_CATEGORY_SERVERS);
const char *server_group = svn_hash_gets(parameters,
SVN_AUTH_PARAM_SERVER_GROUP);
const char *cert_file;
cert_file =
svn_config_get_server_setting(cfg, server_group,
SVN_CONFIG_OPTION_SSL_CLIENT_CERT_FILE,
NULL);
if (cert_file != NULL)
{
svn_auth_cred_ssl_client_cert_t *cred =
apr_palloc(pool, sizeof(*cred));
cred->cert_file = cert_file;
cred->may_save = FALSE;
*credentials_p = cred;
}
else
{
*credentials_p = NULL;
}
*iter_baton = NULL;
return SVN_NO_ERROR;
}
svn_error_t *svn_ra_open4(svn_ra_session_t **session_p,
const char **corrected_url_p,
const char *repos_URL,
const char *uuid,
const svn_ra_callbacks2_t *callbacks,
void *callback_baton,
apr_hash_t *config,
apr_pool_t *pool)
{
apr_pool_t *sesspool = svn_pool_create(pool);
svn_ra_session_t *session;
const struct ra_lib_defn *defn;
const svn_ra__vtable_t *vtable = NULL;
svn_config_t *servers = NULL;
const char *server_group;
apr_uri_t repos_URI;
apr_status_t apr_err;
#ifdef CHOOSABLE_DAV_MODULE
const char *http_library = DEFAULT_HTTP_LIBRARY;
#endif
/* Auth caching parameters. */
svn_boolean_t store_passwords = SVN_CONFIG_DEFAULT_OPTION_STORE_PASSWORDS;
svn_boolean_t store_auth_creds = SVN_CONFIG_DEFAULT_OPTION_STORE_AUTH_CREDS;
const char *store_plaintext_passwords
= SVN_CONFIG_DEFAULT_OPTION_STORE_PLAINTEXT_PASSWORDS;
svn_boolean_t store_pp = SVN_CONFIG_DEFAULT_OPTION_STORE_SSL_CLIENT_CERT_PP;
const char *store_pp_plaintext
= SVN_CONFIG_DEFAULT_OPTION_STORE_SSL_CLIENT_CERT_PP_PLAINTEXT;
const char *corrected_url;
/* Initialize the return variable. */
*session_p = NULL;
apr_err = apr_uri_parse(sesspool, repos_URL, &repos_URI);
/* ### Should apr_uri_parse leave hostname NULL? It doesn't
* for "file:///" URLs, only for bogus URLs like "bogus".
* If this is the right behavior for apr_uri_parse, maybe we
* should have a svn_uri_parse wrapper. */
if (apr_err != APR_SUCCESS || repos_URI.hostname == NULL)
return svn_error_createf(SVN_ERR_RA_ILLEGAL_URL, NULL,
_("Illegal repository URL '%s'"),
repos_URL);
if (callbacks->auth_baton)
{
/* The 'store-passwords' and 'store-auth-creds' parameters used to
* live in SVN_CONFIG_CATEGORY_CONFIG. For backward compatibility,
* if values for these parameters have already been set by our
* callers, we use those values as defaults.
*
* Note that we can only catch the case where users explicitly set
* "store-passwords = no" or 'store-auth-creds = no".
*
* However, since the default value for both these options is
* currently (and has always been) "yes", users won't know
* the difference if they set "store-passwords = yes" or
* "store-auth-creds = yes" -- they'll get the expected behaviour.
*/
if (svn_auth_get_parameter(callbacks->auth_baton,
SVN_AUTH_PARAM_DONT_STORE_PASSWORDS) != NULL)
store_passwords = FALSE;
if (svn_auth_get_parameter(callbacks->auth_baton,
SVN_AUTH_PARAM_NO_AUTH_CACHE) != NULL)
store_auth_creds = FALSE;
}
if (config)
{
/* Grab the 'servers' config. */
servers = apr_hash_get(config, SVN_CONFIG_CATEGORY_SERVERS,
APR_HASH_KEY_STRING);
if (servers)
{
/* First, look in the global section. */
SVN_ERR(svn_config_get_bool
(servers, &store_passwords, SVN_CONFIG_SECTION_GLOBAL,
SVN_CONFIG_OPTION_STORE_PASSWORDS,
store_passwords));
SVN_ERR(svn_config_get_yes_no_ask
(servers, &store_plaintext_passwords, SVN_CONFIG_SECTION_GLOBAL,
SVN_CONFIG_OPTION_STORE_PLAINTEXT_PASSWORDS,
SVN_CONFIG_DEFAULT_OPTION_STORE_PLAINTEXT_PASSWORDS));
SVN_ERR(svn_config_get_bool
(servers, &store_pp, SVN_CONFIG_SECTION_GLOBAL,
SVN_CONFIG_OPTION_STORE_SSL_CLIENT_CERT_PP,
store_pp));
SVN_ERR(svn_config_get_yes_no_ask
(servers, &store_pp_plaintext,
SVN_CONFIG_SECTION_GLOBAL,
SVN_CONFIG_OPTION_STORE_SSL_CLIENT_CERT_PP_PLAINTEXT,
SVN_CONFIG_DEFAULT_OPTION_STORE_SSL_CLIENT_CERT_PP_PLAINTEXT));
SVN_ERR(svn_config_get_bool
(servers, &store_auth_creds, SVN_CONFIG_SECTION_GLOBAL,
SVN_CONFIG_OPTION_STORE_AUTH_CREDS,
store_auth_creds));
/* Find out where we're about to connect to, and
* try to pick a server group based on the destination. */
server_group = svn_config_find_group(servers, repos_URI.hostname,
SVN_CONFIG_SECTION_GROUPS,
sesspool);
if (server_group)
{
/* Override global auth caching parameters with the ones
* for the server group, if any. */
SVN_ERR(svn_config_get_bool(servers, &store_auth_creds,
server_group,
SVN_CONFIG_OPTION_STORE_AUTH_CREDS,
store_auth_creds));
SVN_ERR(svn_config_get_bool(servers, &store_passwords,
server_group,
SVN_CONFIG_OPTION_STORE_PASSWORDS,
store_passwords));
SVN_ERR(svn_config_get_yes_no_ask
(servers, &store_plaintext_passwords, server_group,
SVN_CONFIG_OPTION_STORE_PLAINTEXT_PASSWORDS,
store_plaintext_passwords));
SVN_ERR(svn_config_get_bool
(servers, &store_pp,
server_group, SVN_CONFIG_OPTION_STORE_SSL_CLIENT_CERT_PP,
store_pp));
SVN_ERR(svn_config_get_yes_no_ask
(servers, &store_pp_plaintext, server_group,
SVN_CONFIG_OPTION_STORE_SSL_CLIENT_CERT_PP_PLAINTEXT,
store_pp_plaintext));
}
#ifdef CHOOSABLE_DAV_MODULE
/* Now, which DAV-based RA method do we want to use today? */
http_library
= svn_config_get_server_setting(servers,
server_group, /* NULL is OK */
SVN_CONFIG_OPTION_HTTP_LIBRARY,
DEFAULT_HTTP_LIBRARY);
if (strcmp(http_library, "neon") != 0 &&
strcmp(http_library, "serf") != 0)
return svn_error_createf(SVN_ERR_BAD_CONFIG_VALUE, NULL,
_("Invalid config: unknown HTTP library "
"'%s'"),
http_library);
#endif
}
}
if (callbacks->auth_baton)
{
/* Save auth caching parameters in the auth parameter hash. */
if (! store_passwords)
svn_auth_set_parameter(callbacks->auth_baton,
SVN_AUTH_PARAM_DONT_STORE_PASSWORDS, "");
svn_auth_set_parameter(callbacks->auth_baton,
SVN_AUTH_PARAM_STORE_PLAINTEXT_PASSWORDS,
store_plaintext_passwords);
if (! store_pp)
svn_auth_set_parameter(callbacks->auth_baton,
SVN_AUTH_PARAM_DONT_STORE_SSL_CLIENT_CERT_PP,
"");
svn_auth_set_parameter(callbacks->auth_baton,
SVN_AUTH_PARAM_STORE_SSL_CLIENT_CERT_PP_PLAINTEXT,
store_pp_plaintext);
if (! store_auth_creds)
svn_auth_set_parameter(callbacks->auth_baton,
SVN_AUTH_PARAM_NO_AUTH_CACHE, "");
}
/* Find the library. */
for (defn = ra_libraries; defn->ra_name != NULL; ++defn)
{
const char *scheme;
if ((scheme = has_scheme_of(defn->schemes, repos_URL)))
{
svn_ra__init_func_t initfunc = defn->initfunc;
#ifdef CHOOSABLE_DAV_MODULE
if (defn->schemes == dav_schemes
&& strcmp(defn->ra_name, http_library) != 0)
continue;
#endif
if (! initfunc)
SVN_ERR(load_ra_module(&initfunc, NULL, defn->ra_name,
sesspool));
if (! initfunc)
/* Library not found. */
continue;
SVN_ERR(initfunc(svn_ra_version(), &vtable, sesspool));
SVN_ERR(check_ra_version(vtable->get_version(), scheme));
if (! has_scheme_of(vtable->get_schemes(sesspool), repos_URL))
/* Library doesn't support the scheme at runtime. */
continue;
break;
}
}
if (vtable == NULL)
return svn_error_createf(SVN_ERR_RA_ILLEGAL_URL, NULL,
_("Unrecognized URL scheme for '%s'"),
repos_URL);
/* Create the session object. */
session = apr_pcalloc(sesspool, sizeof(*session));
session->vtable = vtable;
session->pool = sesspool;
/* Ask the library to open the session. */
SVN_ERR_W(vtable->open_session(session, &corrected_url, repos_URL,
callbacks, callback_baton, config, sesspool),
apr_psprintf(pool, "Unable to connect to a repository at URL '%s'",
repos_URL));
/* If the session open stuff detected a server-provided URL
correction (a 301 or 302 redirect response during the initial
OPTIONS request), then kill the session so the caller can decide
what to do. */
if (corrected_url_p && corrected_url)
{
if (! svn_path_is_url(corrected_url))
{
/* RFC1945 and RFC2616 state that the Location header's
value (from whence this CORRECTED_URL ultimately comes),
if present, must be an absolute URI. But some Apache
versions (those older than 2.2.11, it seems) transmit
only the path portion of the URI. See issue #3775 for
details. */
apr_uri_t corrected_URI = repos_URI;
corrected_URI.path = (char *)corrected_url;
corrected_url = apr_uri_unparse(pool, &corrected_URI, 0);
}
*corrected_url_p = svn_uri_canonicalize(corrected_url, pool);
svn_pool_destroy(sesspool);
return SVN_NO_ERROR;
}
/* Check the UUID. */
if (uuid)
{
const char *repository_uuid;
SVN_ERR(vtable->get_uuid(session, &repository_uuid, pool));
if (strcmp(uuid, repository_uuid) != 0)
{
/* Duplicate the uuid as it is allocated in sesspool */
repository_uuid = apr_pstrdup(pool, repository_uuid);
svn_pool_destroy(sesspool);
return svn_error_createf(SVN_ERR_RA_UUID_MISMATCH, NULL,
_("Repository UUID '%s' doesn't match "
"expected UUID '%s'"),
repository_uuid, uuid);
}
}
*session_p = session;
return SVN_NO_ERROR;
}
