/* retrieve ssl server CA failure overrides (if any) from servers
config */
static svn_error_t *
ssl_server_trust_file_first_credentials(void **credentials,
void **iter_baton,
void *provider_baton,
apr_hash_t *parameters,
const char *realmstring,
apr_pool_t *pool)
{
apr_uint32_t *failures = svn_hash_gets(parameters,
SVN_AUTH_PARAM_SSL_SERVER_FAILURES);
const svn_auth_ssl_server_cert_info_t *cert_info =
svn_hash_gets(parameters, SVN_AUTH_PARAM_SSL_SERVER_CERT_INFO);
apr_hash_t *creds_hash = NULL;
const char *config_dir;
svn_error_t *error = SVN_NO_ERROR;
*credentials = NULL;
*iter_baton = NULL;
/* Check if this is a permanently accepted certificate */
config_dir = svn_hash_gets(parameters, SVN_AUTH_PARAM_CONFIG_DIR);
error =
svn_config_read_auth_data(&creds_hash, SVN_AUTH_CRED_SSL_SERVER_TRUST,
realmstring, config_dir, pool);
svn_error_clear(error);
if (! error && creds_hash)
{
svn_string_t *trusted_cert, *this_cert, *failstr;
apr_uint32_t last_failures = 0;
trusted_cert = svn_hash_gets(creds_hash, SVN_CONFIG_AUTHN_ASCII_CERT_KEY);
this_cert = svn_string_create(cert_info->ascii_cert, pool);
failstr = svn_hash_gets(creds_hash, SVN_CONFIG_AUTHN_FAILURES_KEY);
if (failstr)
SVN_ERR(svn_cstring_atoui(&last_failures, failstr->data));
/* If the cert is trusted and there are no new failures, we
* accept it by clearing all failures. */
if (trusted_cert &&
svn_string_compare(this_cert, trusted_cert) &&
(*failures & ~last_failures) == 0)
{
*failures = 0;
}
}
/* If all failures are cleared now, we return the creds */
if (! *failures)
{
svn_auth_cred_ssl_server_trust_t *creds =
apr_pcalloc(pool, sizeof(*creds));
creds->may_save = FALSE; /* No need to save it again... */
*credentials = creds;
}
return SVN_NO_ERROR;
}
svn_error_t *
svn_auth__ssl_client_cert_pw_file_first_creds_helper
(void **credentials_p,
void **iter_baton,
void *provider_baton,
apr_hash_t *parameters,
const char *realmstring,
svn_auth__password_get_t passphrase_get,
const char *passtype,
apr_pool_t *pool)
{
svn_config_t *cfg = apr_hash_get(parameters,
SVN_AUTH_PARAM_CONFIG_CATEGORY_SERVERS,
APR_HASH_KEY_STRING);
const char *server_group = apr_hash_get(parameters,
SVN_AUTH_PARAM_SERVER_GROUP,
APR_HASH_KEY_STRING);
svn_boolean_t non_interactive = apr_hash_get(parameters,
SVN_AUTH_PARAM_NON_INTERACTIVE,
APR_HASH_KEY_STRING) != NULL;
const char *password =
svn_config_get_server_setting(cfg, server_group,
SVN_CONFIG_OPTION_SSL_CLIENT_CERT_PASSWORD,
NULL);
if (! password)
{
svn_error_t *err;
apr_hash_t *creds_hash = NULL;
const char *config_dir = apr_hash_get(parameters,
SVN_AUTH_PARAM_CONFIG_DIR,
APR_HASH_KEY_STRING);
/* Try to load passphrase from the auth/ cache. */
err = svn_config_read_auth_data(&creds_hash,
SVN_AUTH_CRED_SSL_CLIENT_CERT_PW,
realmstring, config_dir, pool);
svn_error_clear(err);
if (! err && creds_hash)
{
if (!passphrase_get(&password, creds_hash, realmstring,
NULL, parameters, non_interactive, pool))
password = NULL;
}
}
if (password)
{
svn_auth_cred_ssl_client_cert_pw_t *cred
= apr_palloc(pool, sizeof(*cred));
cred->password = password;
cred->may_save = FALSE;
*credentials_p = cred;
}
else *credentials_p = NULL;
*iter_baton = NULL;
return SVN_NO_ERROR;
}
/*** Helper Functions ***/
static svn_error_t *
prompt_for_simple_creds(svn_auth_cred_simple_t **cred_p,
simple_prompt_provider_baton_t *pb,
apr_hash_t *parameters,
const char *realmstring,
svn_boolean_t first_time,
svn_boolean_t may_save,
apr_pool_t *pool)
{
const char *def_username = NULL, *def_password = NULL;
*cred_p = NULL;
/* If we're allowed to check for default usernames and passwords, do
so. */
if (first_time)
{
def_username = apr_hash_get(parameters,
SVN_AUTH_PARAM_DEFAULT_USERNAME,
APR_HASH_KEY_STRING);
/* No default username? Try the auth cache. */
if (! def_username)
{
const char *config_dir = apr_hash_get(parameters,
SVN_AUTH_PARAM_CONFIG_DIR,
APR_HASH_KEY_STRING);
apr_hash_t *creds_hash = NULL;
svn_string_t *str;
svn_error_t *err;
err = svn_config_read_auth_data(&creds_hash, SVN_AUTH_CRED_SIMPLE,
realmstring, config_dir, pool);
svn_error_clear(err);
if (! err && creds_hash)
{
str = apr_hash_get(creds_hash,
SVN_AUTH__AUTHFILE_USERNAME_KEY,
APR_HASH_KEY_STRING);
if (str && str->data)
def_username = str->data;
}
}
#if 0
/* Still no default username? Try the UID. */
if (! def_username)
def_username = svn_user_get_name(pool);
#endif
def_password = apr_hash_get(parameters,
SVN_AUTH_PARAM_DEFAULT_PASSWORD,
APR_HASH_KEY_STRING);
}
/* If we have defaults, just build the cred here and return it.
*
* ### I do wonder why this is here instead of in a separate
* ### 'defaults' provider that would run before the prompt
* ### provider... Hmmm.
*/
if (def_username && def_password)
{
*cred_p = apr_palloc(pool, sizeof(**cred_p));
(*cred_p)->username = apr_pstrdup(pool, def_username);
(*cred_p)->password = apr_pstrdup(pool, def_password);
(*cred_p)->may_save = TRUE;
}
else
{
SVN_ERR(pb->prompt_func(cred_p, pb->prompt_baton, realmstring,
def_username, may_save, pool));
}
return SVN_NO_ERROR;
}
