svn_error_t* svn_config_get_server_setting_int(svn_config_t *cfg, const char *server_group, const char *option_name, apr_int64_t default_value, apr_int64_t *result_value, apr_pool_t *pool) { const char* tmp_value; char *end_pos; tmp_value = svn_config_get_server_setting(cfg, server_group, option_name, NULL); if (tmp_value == NULL) *result_value = default_value; else { /* read tmp_value as an int now */ *result_value = apr_strtoi64(tmp_value, &end_pos, 0); if (*end_pos != 0) { return svn_error_createf (SVN_ERR_BAD_CONFIG_VALUE, NULL, _("Config error: invalid integer value '%s'"), tmp_value); } } return SVN_NO_ERROR; }
/* retrieve and load a password for a client certificate from servers file */ static svn_error_t * ssl_client_cert_pw_file_first_credentials(void **credentials_p, void **iter_baton, void *provider_baton, apr_hash_t *parameters, const char *realmstring, apr_pool_t *pool) { svn_config_t *cfg = apr_hash_get(parameters, SVN_AUTH_PARAM_CONFIG, APR_HASH_KEY_STRING); const char *server_group = apr_hash_get(parameters, SVN_AUTH_PARAM_SERVER_GROUP, APR_HASH_KEY_STRING); const char *password = svn_config_get_server_setting(cfg, server_group, SVN_CONFIG_OPTION_SSL_CLIENT_CERT_PASSWORD, NULL); if (password) { svn_auth_cred_ssl_client_cert_pw_t *cred = apr_palloc(pool, sizeof(*cred)); cred->password = password; cred->may_save = FALSE; *credentials_p = cred; } else *credentials_p = NULL; *iter_baton = NULL; return SVN_NO_ERROR; }
svn_error_t * svn_auth__ssl_client_cert_pw_file_first_creds_helper (void **credentials_p, void **iter_baton, void *provider_baton, apr_hash_t *parameters, const char *realmstring, svn_auth__password_get_t passphrase_get, const char *passtype, apr_pool_t *pool) { svn_config_t *cfg = apr_hash_get(parameters, SVN_AUTH_PARAM_CONFIG_CATEGORY_SERVERS, APR_HASH_KEY_STRING); const char *server_group = apr_hash_get(parameters, SVN_AUTH_PARAM_SERVER_GROUP, APR_HASH_KEY_STRING); svn_boolean_t non_interactive = apr_hash_get(parameters, SVN_AUTH_PARAM_NON_INTERACTIVE, APR_HASH_KEY_STRING) != NULL; const char *password = svn_config_get_server_setting(cfg, server_group, SVN_CONFIG_OPTION_SSL_CLIENT_CERT_PASSWORD, NULL); if (! password) { svn_error_t *err; apr_hash_t *creds_hash = NULL; const char *config_dir = apr_hash_get(parameters, SVN_AUTH_PARAM_CONFIG_DIR, APR_HASH_KEY_STRING); /* Try to load passphrase from the auth/ cache. */ err = svn_config_read_auth_data(&creds_hash, SVN_AUTH_CRED_SSL_CLIENT_CERT_PW, realmstring, config_dir, pool); svn_error_clear(err); if (! err && creds_hash) { if (!passphrase_get(&password, creds_hash, realmstring, NULL, parameters, non_interactive, pool)) password = NULL; } } if (password) { svn_auth_cred_ssl_client_cert_pw_t *cred = apr_palloc(pool, sizeof(*cred)); cred->password = password; cred->may_save = FALSE; *credentials_p = cred; } else *credentials_p = NULL; *iter_baton = NULL; return SVN_NO_ERROR; }
svn_error_t * svn_config_get_server_setting_bool(svn_config_t *cfg, svn_boolean_t *valuep, const char *server_group, const char *option_name, svn_boolean_t default_value) { const char* tmp_value; tmp_value = svn_config_get_server_setting(cfg, server_group, option_name, NULL); return get_bool(valuep, tmp_value, default_value, server_group, option_name); }
static svn_error_t * test_text_retrieval(const svn_test_opts_t *opts, apr_pool_t *pool) { svn_config_t *cfg; int i; const char *cfg_file; SVN_ERR(get_config_file_path(&cfg_file, opts, pool)); SVN_ERR(svn_config_read3(&cfg, cfg_file, TRUE, FALSE, FALSE, pool)); /* Test values retrieved from our ConfigParser instance against values retrieved using svn_config. */ for (i = 0; config_keys[i] != NULL; i++) { const char *key, *py_val, *c_val; key = config_keys[i]; py_val = config_values[i]; svn_config_get(cfg, &c_val, "section1", key, "default value"); #if 0 printf("Testing expected value '%s' against '%s' for " "option '%s'\n", py_val, c_val, key); #endif /* Fail iff one value is null, or the strings don't match. */ if ((c_val == NULL) != (py_val == NULL) || (c_val != NULL && py_val != NULL && strcmp(c_val, py_val) != 0)) return fail(pool, "Expected value '%s' not equal to '%s' for " "option '%s'", py_val, c_val, key); } { const char *value = svn_config_get_server_setting(cfg, "server group", "setting", "default"); if (value == NULL || strcmp(value, "default") != 0) return svn_error_create(SVN_ERR_TEST_FAILED, SVN_NO_ERROR, "Expected a svn_config_get_server_setting()" "to return 'default'"); } return SVN_NO_ERROR; }
/* retrieve and load the ssl client certificate file from servers config */ static svn_error_t * ssl_client_cert_file_first_credentials(void **credentials_p, void **iter_baton, void *provider_baton, apr_hash_t *parameters, const char *realmstring, apr_pool_t *pool) { svn_config_t *cfg = svn_hash_gets(parameters, SVN_AUTH_PARAM_CONFIG_CATEGORY_SERVERS); const char *server_group = svn_hash_gets(parameters, SVN_AUTH_PARAM_SERVER_GROUP); const char *cert_file; cert_file = svn_config_get_server_setting(cfg, server_group, SVN_CONFIG_OPTION_SSL_CLIENT_CERT_FILE, NULL); if (cert_file != NULL) { svn_auth_cred_ssl_client_cert_t *cred = apr_palloc(pool, sizeof(*cred)); cred->cert_file = cert_file; cred->may_save = FALSE; *credentials_p = cred; } else { *credentials_p = NULL; } *iter_baton = NULL; return SVN_NO_ERROR; }
svn_error_t *svn_ra_open4(svn_ra_session_t **session_p, const char **corrected_url_p, const char *repos_URL, const char *uuid, const svn_ra_callbacks2_t *callbacks, void *callback_baton, apr_hash_t *config, apr_pool_t *pool) { apr_pool_t *sesspool = svn_pool_create(pool); svn_ra_session_t *session; const struct ra_lib_defn *defn; const svn_ra__vtable_t *vtable = NULL; svn_config_t *servers = NULL; const char *server_group; apr_uri_t repos_URI; apr_status_t apr_err; #ifdef CHOOSABLE_DAV_MODULE const char *http_library = DEFAULT_HTTP_LIBRARY; #endif /* Auth caching parameters. */ svn_boolean_t store_passwords = SVN_CONFIG_DEFAULT_OPTION_STORE_PASSWORDS; svn_boolean_t store_auth_creds = SVN_CONFIG_DEFAULT_OPTION_STORE_AUTH_CREDS; const char *store_plaintext_passwords = SVN_CONFIG_DEFAULT_OPTION_STORE_PLAINTEXT_PASSWORDS; svn_boolean_t store_pp = SVN_CONFIG_DEFAULT_OPTION_STORE_SSL_CLIENT_CERT_PP; const char *store_pp_plaintext = SVN_CONFIG_DEFAULT_OPTION_STORE_SSL_CLIENT_CERT_PP_PLAINTEXT; const char *corrected_url; /* Initialize the return variable. */ *session_p = NULL; apr_err = apr_uri_parse(sesspool, repos_URL, &repos_URI); /* ### Should apr_uri_parse leave hostname NULL? It doesn't * for "file:///" URLs, only for bogus URLs like "bogus". * If this is the right behavior for apr_uri_parse, maybe we * should have a svn_uri_parse wrapper. */ if (apr_err != APR_SUCCESS || repos_URI.hostname == NULL) return svn_error_createf(SVN_ERR_RA_ILLEGAL_URL, NULL, _("Illegal repository URL '%s'"), repos_URL); if (callbacks->auth_baton) { /* The 'store-passwords' and 'store-auth-creds' parameters used to * live in SVN_CONFIG_CATEGORY_CONFIG. For backward compatibility, * if values for these parameters have already been set by our * callers, we use those values as defaults. * * Note that we can only catch the case where users explicitly set * "store-passwords = no" or 'store-auth-creds = no". * * However, since the default value for both these options is * currently (and has always been) "yes", users won't know * the difference if they set "store-passwords = yes" or * "store-auth-creds = yes" -- they'll get the expected behaviour. */ if (svn_auth_get_parameter(callbacks->auth_baton, SVN_AUTH_PARAM_DONT_STORE_PASSWORDS) != NULL) store_passwords = FALSE; if (svn_auth_get_parameter(callbacks->auth_baton, SVN_AUTH_PARAM_NO_AUTH_CACHE) != NULL) store_auth_creds = FALSE; } if (config) { /* Grab the 'servers' config. */ servers = apr_hash_get(config, SVN_CONFIG_CATEGORY_SERVERS, APR_HASH_KEY_STRING); if (servers) { /* First, look in the global section. */ SVN_ERR(svn_config_get_bool (servers, &store_passwords, SVN_CONFIG_SECTION_GLOBAL, SVN_CONFIG_OPTION_STORE_PASSWORDS, store_passwords)); SVN_ERR(svn_config_get_yes_no_ask (servers, &store_plaintext_passwords, SVN_CONFIG_SECTION_GLOBAL, SVN_CONFIG_OPTION_STORE_PLAINTEXT_PASSWORDS, SVN_CONFIG_DEFAULT_OPTION_STORE_PLAINTEXT_PASSWORDS)); SVN_ERR(svn_config_get_bool (servers, &store_pp, SVN_CONFIG_SECTION_GLOBAL, SVN_CONFIG_OPTION_STORE_SSL_CLIENT_CERT_PP, store_pp)); SVN_ERR(svn_config_get_yes_no_ask (servers, &store_pp_plaintext, SVN_CONFIG_SECTION_GLOBAL, SVN_CONFIG_OPTION_STORE_SSL_CLIENT_CERT_PP_PLAINTEXT, SVN_CONFIG_DEFAULT_OPTION_STORE_SSL_CLIENT_CERT_PP_PLAINTEXT)); SVN_ERR(svn_config_get_bool (servers, &store_auth_creds, SVN_CONFIG_SECTION_GLOBAL, SVN_CONFIG_OPTION_STORE_AUTH_CREDS, store_auth_creds)); /* Find out where we're about to connect to, and * try to pick a server group based on the destination. */ server_group = svn_config_find_group(servers, repos_URI.hostname, SVN_CONFIG_SECTION_GROUPS, sesspool); if (server_group) { /* Override global auth caching parameters with the ones * for the server group, if any. */ SVN_ERR(svn_config_get_bool(servers, &store_auth_creds, server_group, SVN_CONFIG_OPTION_STORE_AUTH_CREDS, store_auth_creds)); SVN_ERR(svn_config_get_bool(servers, &store_passwords, server_group, SVN_CONFIG_OPTION_STORE_PASSWORDS, store_passwords)); SVN_ERR(svn_config_get_yes_no_ask (servers, &store_plaintext_passwords, server_group, SVN_CONFIG_OPTION_STORE_PLAINTEXT_PASSWORDS, store_plaintext_passwords)); SVN_ERR(svn_config_get_bool (servers, &store_pp, server_group, SVN_CONFIG_OPTION_STORE_SSL_CLIENT_CERT_PP, store_pp)); SVN_ERR(svn_config_get_yes_no_ask (servers, &store_pp_plaintext, server_group, SVN_CONFIG_OPTION_STORE_SSL_CLIENT_CERT_PP_PLAINTEXT, store_pp_plaintext)); } #ifdef CHOOSABLE_DAV_MODULE /* Now, which DAV-based RA method do we want to use today? */ http_library = svn_config_get_server_setting(servers, server_group, /* NULL is OK */ SVN_CONFIG_OPTION_HTTP_LIBRARY, DEFAULT_HTTP_LIBRARY); if (strcmp(http_library, "neon") != 0 && strcmp(http_library, "serf") != 0) return svn_error_createf(SVN_ERR_BAD_CONFIG_VALUE, NULL, _("Invalid config: unknown HTTP library " "'%s'"), http_library); #endif } } if (callbacks->auth_baton) { /* Save auth caching parameters in the auth parameter hash. */ if (! store_passwords) svn_auth_set_parameter(callbacks->auth_baton, SVN_AUTH_PARAM_DONT_STORE_PASSWORDS, ""); svn_auth_set_parameter(callbacks->auth_baton, SVN_AUTH_PARAM_STORE_PLAINTEXT_PASSWORDS, store_plaintext_passwords); if (! store_pp) svn_auth_set_parameter(callbacks->auth_baton, SVN_AUTH_PARAM_DONT_STORE_SSL_CLIENT_CERT_PP, ""); svn_auth_set_parameter(callbacks->auth_baton, SVN_AUTH_PARAM_STORE_SSL_CLIENT_CERT_PP_PLAINTEXT, store_pp_plaintext); if (! store_auth_creds) svn_auth_set_parameter(callbacks->auth_baton, SVN_AUTH_PARAM_NO_AUTH_CACHE, ""); } /* Find the library. */ for (defn = ra_libraries; defn->ra_name != NULL; ++defn) { const char *scheme; if ((scheme = has_scheme_of(defn->schemes, repos_URL))) { svn_ra__init_func_t initfunc = defn->initfunc; #ifdef CHOOSABLE_DAV_MODULE if (defn->schemes == dav_schemes && strcmp(defn->ra_name, http_library) != 0) continue; #endif if (! initfunc) SVN_ERR(load_ra_module(&initfunc, NULL, defn->ra_name, sesspool)); if (! initfunc) /* Library not found. */ continue; SVN_ERR(initfunc(svn_ra_version(), &vtable, sesspool)); SVN_ERR(check_ra_version(vtable->get_version(), scheme)); if (! has_scheme_of(vtable->get_schemes(sesspool), repos_URL)) /* Library doesn't support the scheme at runtime. */ continue; break; } } if (vtable == NULL) return svn_error_createf(SVN_ERR_RA_ILLEGAL_URL, NULL, _("Unrecognized URL scheme for '%s'"), repos_URL); /* Create the session object. */ session = apr_pcalloc(sesspool, sizeof(*session)); session->vtable = vtable; session->pool = sesspool; /* Ask the library to open the session. */ SVN_ERR_W(vtable->open_session(session, &corrected_url, repos_URL, callbacks, callback_baton, config, sesspool), apr_psprintf(pool, "Unable to connect to a repository at URL '%s'", repos_URL)); /* If the session open stuff detected a server-provided URL correction (a 301 or 302 redirect response during the initial OPTIONS request), then kill the session so the caller can decide what to do. */ if (corrected_url_p && corrected_url) { if (! svn_path_is_url(corrected_url)) { /* RFC1945 and RFC2616 state that the Location header's value (from whence this CORRECTED_URL ultimately comes), if present, must be an absolute URI. But some Apache versions (those older than 2.2.11, it seems) transmit only the path portion of the URI. See issue #3775 for details. */ apr_uri_t corrected_URI = repos_URI; corrected_URI.path = (char *)corrected_url; corrected_url = apr_uri_unparse(pool, &corrected_URI, 0); } *corrected_url_p = svn_uri_canonicalize(corrected_url, pool); svn_pool_destroy(sesspool); return SVN_NO_ERROR; } /* Check the UUID. */ if (uuid) { const char *repository_uuid; SVN_ERR(vtable->get_uuid(session, &repository_uuid, pool)); if (strcmp(uuid, repository_uuid) != 0) { /* Duplicate the uuid as it is allocated in sesspool */ repository_uuid = apr_pstrdup(pool, repository_uuid); svn_pool_destroy(sesspool); return svn_error_createf(SVN_ERR_RA_UUID_MISMATCH, NULL, _("Repository UUID '%s' doesn't match " "expected UUID '%s'"), repository_uuid, uuid); } } *session_p = session; return SVN_NO_ERROR; }