static svn_error_t * construct_auth_baton(svn_auth_baton_t **auth_baton_p, apr_pool_t *pool) { apr_array_header_t *providers; svn_auth_provider_object_t *simple_provider; svn_auth_baton_t *auth_baton; /* A bit of dancing just to pass jrandom:rayjandom. */ providers = apr_array_make(pool, 2, sizeof(svn_auth_provider_object_t *)), svn_auth_get_simple_prompt_provider(&simple_provider, aborting_simple_prompt_func, NULL, 0, pool); APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = simple_provider; svn_auth_get_username_prompt_provider(&simple_provider, aborting_username_prompt_func, NULL, 0, pool); APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = simple_provider; svn_auth_open(&auth_baton, providers, pool); svn_auth_set_parameter(auth_baton, SVN_AUTH_PARAM_DEFAULT_USERNAME, "jrandom"); svn_auth_set_parameter(auth_baton, SVN_AUTH_PARAM_DEFAULT_PASSWORD, "rayjandom"); *auth_baton_p = auth_baton; return SVN_NO_ERROR; }
SVNAuthData::SVNAuthData() : SVNBase() , m_prompt(false) { m_pool = svn_pool_create(NULL); svn_error_clear(svn_client_create_context2(&m_pctx, SVNConfig::Instance().GetConfig(m_pool), m_pool)); // set up authentication m_prompt.Init(m_pool, m_pctx); const char * path = nullptr; svn_config_get_user_config_path(&path, g_pConfigDir, NULL, m_pool); svn_auth_set_parameter(m_pctx->auth_baton, SVN_AUTH_PARAM_CONFIG_DIR, path); m_pctx->client_name = SVNHelper::GetUserAgentString(m_pool); }
svn_error_t * nmap_update_svn_cmdline_setup_auth_baton(svn_auth_baton_t **ab, svn_boolean_t non_interactive, const char *auth_username, const char *auth_password, const char *config_dir, svn_boolean_t no_auth_cache, svn_config_t *cfg, svn_cancel_func_t cancel_func, void *cancel_baton, apr_pool_t *pool) { svn_boolean_t store_password_val = TRUE; svn_auth_provider_object_t *provider; /* The whole list of registered providers */ apr_array_header_t *providers = apr_array_make(pool, 12, sizeof(svn_auth_provider_object_t *)); /* The main disk-caching auth providers, for both 'username/password' creds and 'username' creds. */ #if defined(WIN32) && !defined(__MINGW32__) svn_auth_get_windows_simple_provider(&provider, pool); APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider; #endif #ifdef SVN_HAVE_KEYCHAIN_SERVICES svn_auth_get_keychain_simple_provider(&provider, pool); APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider; #endif svn_auth_get_simple_provider(&provider, pool); APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider; svn_auth_get_username_provider(&provider, pool); APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider; /* The server-cert, client-cert, and client-cert-password providers. */ #if defined(WIN32) && !defined(__MINGW32__) svn_auth_get_windows_ssl_server_trust_provider(&provider, pool); APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider; #endif svn_auth_get_ssl_server_trust_file_provider(&provider, pool); APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider; svn_auth_get_ssl_client_cert_file_provider(&provider, pool); APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider; svn_auth_get_ssl_client_cert_pw_file_provider(&provider, pool); APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider; if (non_interactive == FALSE) { svn_cmdline_prompt_baton_t *pb = NULL; if (cancel_func) { pb = apr_palloc(pool, sizeof(*pb)); pb->cancel_func = cancel_func; pb->cancel_baton = cancel_baton; } /* Two basic prompt providers: username/password, and just username. */ nmap_update_svn_auth_get_simple_prompt_provider(&provider, svn_cmdline_auth_simple_prompt, pb, 2, /* retry limit */ pool); APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider; svn_auth_get_username_prompt_provider (&provider, svn_cmdline_auth_username_prompt, pb, 2, /* retry limit */ pool); APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider; /* Three ssl prompt providers, for server-certs, client-certs, and client-cert-passphrases. */ svn_auth_get_ssl_server_trust_prompt_provider (&provider, svn_cmdline_auth_ssl_server_trust_prompt, pb, pool); APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider; svn_auth_get_ssl_client_cert_prompt_provider (&provider, svn_cmdline_auth_ssl_client_cert_prompt, pb, 2, pool); APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider; svn_auth_get_ssl_client_cert_pw_prompt_provider (&provider, svn_cmdline_auth_ssl_client_cert_pw_prompt, pb, 2, pool); APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider; } /* Build an authentication baton to give to libsvn_client. */ svn_auth_open(ab, providers, pool); /* Place any default --username or --password credentials into the auth_baton's run-time parameter hash. */ if (auth_username) svn_auth_set_parameter(*ab, SVN_AUTH_PARAM_DEFAULT_USERNAME, auth_username); if (auth_password) svn_auth_set_parameter(*ab, SVN_AUTH_PARAM_DEFAULT_PASSWORD, auth_password); /* Same with the --non-interactive option. */ if (non_interactive) svn_auth_set_parameter(*ab, SVN_AUTH_PARAM_NON_INTERACTIVE, ""); if (config_dir) svn_auth_set_parameter(*ab, SVN_AUTH_PARAM_CONFIG_DIR, config_dir); SVN_ERR(svn_config_get_bool(cfg, &store_password_val, SVN_CONFIG_SECTION_AUTH, SVN_CONFIG_OPTION_STORE_PASSWORDS, TRUE)); if (! store_password_val) svn_auth_set_parameter(*ab, SVN_AUTH_PARAM_DONT_STORE_PASSWORDS, ""); /* There are two different ways the user can disable disk caching of credentials: either via --no-auth-cache, or in the config file ('store-auth-creds = no'). */ SVN_ERR(svn_config_get_bool(cfg, &store_password_val, SVN_CONFIG_SECTION_AUTH, SVN_CONFIG_OPTION_STORE_AUTH_CREDS, TRUE)); if (no_auth_cache || ! store_password_val) svn_auth_set_parameter(*ab, SVN_AUTH_PARAM_NO_AUTH_CACHE, ""); return SVN_NO_ERROR; }
svn_error_t *svn_ra_open4(svn_ra_session_t **session_p, const char **corrected_url_p, const char *repos_URL, const char *uuid, const svn_ra_callbacks2_t *callbacks, void *callback_baton, apr_hash_t *config, apr_pool_t *pool) { apr_pool_t *sesspool = svn_pool_create(pool); svn_ra_session_t *session; const struct ra_lib_defn *defn; const svn_ra__vtable_t *vtable = NULL; svn_config_t *servers = NULL; const char *server_group; apr_uri_t repos_URI; apr_status_t apr_err; #ifdef CHOOSABLE_DAV_MODULE const char *http_library = DEFAULT_HTTP_LIBRARY; #endif /* Auth caching parameters. */ svn_boolean_t store_passwords = SVN_CONFIG_DEFAULT_OPTION_STORE_PASSWORDS; svn_boolean_t store_auth_creds = SVN_CONFIG_DEFAULT_OPTION_STORE_AUTH_CREDS; const char *store_plaintext_passwords = SVN_CONFIG_DEFAULT_OPTION_STORE_PLAINTEXT_PASSWORDS; svn_boolean_t store_pp = SVN_CONFIG_DEFAULT_OPTION_STORE_SSL_CLIENT_CERT_PP; const char *store_pp_plaintext = SVN_CONFIG_DEFAULT_OPTION_STORE_SSL_CLIENT_CERT_PP_PLAINTEXT; const char *corrected_url; /* Initialize the return variable. */ *session_p = NULL; apr_err = apr_uri_parse(sesspool, repos_URL, &repos_URI); /* ### Should apr_uri_parse leave hostname NULL? It doesn't * for "file:///" URLs, only for bogus URLs like "bogus". * If this is the right behavior for apr_uri_parse, maybe we * should have a svn_uri_parse wrapper. */ if (apr_err != APR_SUCCESS || repos_URI.hostname == NULL) return svn_error_createf(SVN_ERR_RA_ILLEGAL_URL, NULL, _("Illegal repository URL '%s'"), repos_URL); if (callbacks->auth_baton) { /* The 'store-passwords' and 'store-auth-creds' parameters used to * live in SVN_CONFIG_CATEGORY_CONFIG. For backward compatibility, * if values for these parameters have already been set by our * callers, we use those values as defaults. * * Note that we can only catch the case where users explicitly set * "store-passwords = no" or 'store-auth-creds = no". * * However, since the default value for both these options is * currently (and has always been) "yes", users won't know * the difference if they set "store-passwords = yes" or * "store-auth-creds = yes" -- they'll get the expected behaviour. */ if (svn_auth_get_parameter(callbacks->auth_baton, SVN_AUTH_PARAM_DONT_STORE_PASSWORDS) != NULL) store_passwords = FALSE; if (svn_auth_get_parameter(callbacks->auth_baton, SVN_AUTH_PARAM_NO_AUTH_CACHE) != NULL) store_auth_creds = FALSE; } if (config) { /* Grab the 'servers' config. */ servers = apr_hash_get(config, SVN_CONFIG_CATEGORY_SERVERS, APR_HASH_KEY_STRING); if (servers) { /* First, look in the global section. */ SVN_ERR(svn_config_get_bool (servers, &store_passwords, SVN_CONFIG_SECTION_GLOBAL, SVN_CONFIG_OPTION_STORE_PASSWORDS, store_passwords)); SVN_ERR(svn_config_get_yes_no_ask (servers, &store_plaintext_passwords, SVN_CONFIG_SECTION_GLOBAL, SVN_CONFIG_OPTION_STORE_PLAINTEXT_PASSWORDS, SVN_CONFIG_DEFAULT_OPTION_STORE_PLAINTEXT_PASSWORDS)); SVN_ERR(svn_config_get_bool (servers, &store_pp, SVN_CONFIG_SECTION_GLOBAL, SVN_CONFIG_OPTION_STORE_SSL_CLIENT_CERT_PP, store_pp)); SVN_ERR(svn_config_get_yes_no_ask (servers, &store_pp_plaintext, SVN_CONFIG_SECTION_GLOBAL, SVN_CONFIG_OPTION_STORE_SSL_CLIENT_CERT_PP_PLAINTEXT, SVN_CONFIG_DEFAULT_OPTION_STORE_SSL_CLIENT_CERT_PP_PLAINTEXT)); SVN_ERR(svn_config_get_bool (servers, &store_auth_creds, SVN_CONFIG_SECTION_GLOBAL, SVN_CONFIG_OPTION_STORE_AUTH_CREDS, store_auth_creds)); /* Find out where we're about to connect to, and * try to pick a server group based on the destination. */ server_group = svn_config_find_group(servers, repos_URI.hostname, SVN_CONFIG_SECTION_GROUPS, sesspool); if (server_group) { /* Override global auth caching parameters with the ones * for the server group, if any. */ SVN_ERR(svn_config_get_bool(servers, &store_auth_creds, server_group, SVN_CONFIG_OPTION_STORE_AUTH_CREDS, store_auth_creds)); SVN_ERR(svn_config_get_bool(servers, &store_passwords, server_group, SVN_CONFIG_OPTION_STORE_PASSWORDS, store_passwords)); SVN_ERR(svn_config_get_yes_no_ask (servers, &store_plaintext_passwords, server_group, SVN_CONFIG_OPTION_STORE_PLAINTEXT_PASSWORDS, store_plaintext_passwords)); SVN_ERR(svn_config_get_bool (servers, &store_pp, server_group, SVN_CONFIG_OPTION_STORE_SSL_CLIENT_CERT_PP, store_pp)); SVN_ERR(svn_config_get_yes_no_ask (servers, &store_pp_plaintext, server_group, SVN_CONFIG_OPTION_STORE_SSL_CLIENT_CERT_PP_PLAINTEXT, store_pp_plaintext)); } #ifdef CHOOSABLE_DAV_MODULE /* Now, which DAV-based RA method do we want to use today? */ http_library = svn_config_get_server_setting(servers, server_group, /* NULL is OK */ SVN_CONFIG_OPTION_HTTP_LIBRARY, DEFAULT_HTTP_LIBRARY); if (strcmp(http_library, "neon") != 0 && strcmp(http_library, "serf") != 0) return svn_error_createf(SVN_ERR_BAD_CONFIG_VALUE, NULL, _("Invalid config: unknown HTTP library " "'%s'"), http_library); #endif } } if (callbacks->auth_baton) { /* Save auth caching parameters in the auth parameter hash. */ if (! store_passwords) svn_auth_set_parameter(callbacks->auth_baton, SVN_AUTH_PARAM_DONT_STORE_PASSWORDS, ""); svn_auth_set_parameter(callbacks->auth_baton, SVN_AUTH_PARAM_STORE_PLAINTEXT_PASSWORDS, store_plaintext_passwords); if (! store_pp) svn_auth_set_parameter(callbacks->auth_baton, SVN_AUTH_PARAM_DONT_STORE_SSL_CLIENT_CERT_PP, ""); svn_auth_set_parameter(callbacks->auth_baton, SVN_AUTH_PARAM_STORE_SSL_CLIENT_CERT_PP_PLAINTEXT, store_pp_plaintext); if (! store_auth_creds) svn_auth_set_parameter(callbacks->auth_baton, SVN_AUTH_PARAM_NO_AUTH_CACHE, ""); } /* Find the library. */ for (defn = ra_libraries; defn->ra_name != NULL; ++defn) { const char *scheme; if ((scheme = has_scheme_of(defn->schemes, repos_URL))) { svn_ra__init_func_t initfunc = defn->initfunc; #ifdef CHOOSABLE_DAV_MODULE if (defn->schemes == dav_schemes && strcmp(defn->ra_name, http_library) != 0) continue; #endif if (! initfunc) SVN_ERR(load_ra_module(&initfunc, NULL, defn->ra_name, sesspool)); if (! initfunc) /* Library not found. */ continue; SVN_ERR(initfunc(svn_ra_version(), &vtable, sesspool)); SVN_ERR(check_ra_version(vtable->get_version(), scheme)); if (! has_scheme_of(vtable->get_schemes(sesspool), repos_URL)) /* Library doesn't support the scheme at runtime. */ continue; break; } } if (vtable == NULL) return svn_error_createf(SVN_ERR_RA_ILLEGAL_URL, NULL, _("Unrecognized URL scheme for '%s'"), repos_URL); /* Create the session object. */ session = apr_pcalloc(sesspool, sizeof(*session)); session->vtable = vtable; session->pool = sesspool; /* Ask the library to open the session. */ SVN_ERR_W(vtable->open_session(session, &corrected_url, repos_URL, callbacks, callback_baton, config, sesspool), apr_psprintf(pool, "Unable to connect to a repository at URL '%s'", repos_URL)); /* If the session open stuff detected a server-provided URL correction (a 301 or 302 redirect response during the initial OPTIONS request), then kill the session so the caller can decide what to do. */ if (corrected_url_p && corrected_url) { if (! svn_path_is_url(corrected_url)) { /* RFC1945 and RFC2616 state that the Location header's value (from whence this CORRECTED_URL ultimately comes), if present, must be an absolute URI. But some Apache versions (those older than 2.2.11, it seems) transmit only the path portion of the URI. See issue #3775 for details. */ apr_uri_t corrected_URI = repos_URI; corrected_URI.path = (char *)corrected_url; corrected_url = apr_uri_unparse(pool, &corrected_URI, 0); } *corrected_url_p = svn_uri_canonicalize(corrected_url, pool); svn_pool_destroy(sesspool); return SVN_NO_ERROR; } /* Check the UUID. */ if (uuid) { const char *repository_uuid; SVN_ERR(vtable->get_uuid(session, &repository_uuid, pool)); if (strcmp(uuid, repository_uuid) != 0) { /* Duplicate the uuid as it is allocated in sesspool */ repository_uuid = apr_pstrdup(pool, repository_uuid); svn_pool_destroy(sesspool); return svn_error_createf(SVN_ERR_RA_UUID_MISMATCH, NULL, _("Repository UUID '%s' doesn't match " "expected UUID '%s'"), repository_uuid, uuid); } } *session_p = session; return SVN_NO_ERROR; }
int a_svn_commit (char *device_name, char *temp_working_dir, char *commit_as, apr_pool_t *apr_pool, apr_pool_t *svn_pool) /* * commit changed file to SVN repository * */ { svn_error_t* err; int int_err; apr_array_header_t *device_arr; svn_commit_info_t *commit_info = NULL; svn_auth_baton_t *auth_baton; svn_auth_provider_object_t *provider; svn_error_t *svn_err; char temp_svn_path[MAXPATH]; svn_client_ctx_t* context; temp_svn_path[0] = 0x0; svn_err = svn_client_create_context( &context, svn_pool ); if(svn_err){ a_logmsg("%s: svn error: %s",device_name,svn_err->message); a_debug_info2(DEBUGLVL5,"a_svn_commit: svn error: %s",svn_err->message); return -1; } device_arr = apr_array_make(apr_pool, 1, sizeof(const char*)); snprintf(temp_svn_path,MAXPATH,"%s/%s",temp_working_dir,device_name); *(const char**)apr_array_push(device_arr) = temp_svn_path; apr_array_header_t *providers = apr_array_make (apr_pool, 1, sizeof (svn_auth_provider_object_t *)); svn_auth_get_username_provider(&provider, svn_pool); APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider; svn_auth_open(&auth_baton, providers, svn_pool); svn_auth_set_parameter(auth_baton, SVN_AUTH_PARAM_DEFAULT_USERNAME, commit_as); (*context).auth_baton = auth_baton; svn_err = svn_client_commit4(&commit_info, device_arr, svn_depth_empty, FALSE, FALSE, NULL, NULL, context, svn_pool); if(svn_err) { a_logmsg("%s: svn error: %s",device_name,svn_err->message); a_debug_info2(DEBUGLVL5,"a_svn_commit: svn error: %s",svn_err->message); return -1; } return 1; }
svn_client_ctx_t * ClientContext::getContext(CommitMessage *message, SVN::Pool &in_pool) { apr_pool_t *pool = in_pool.getPool(); svn_auth_baton_t *ab; svn_client_ctx_t *ctx = m_context; /* Make a temporary copy of ctx to restore at pool cleanup to avoid leaving references to dangling pointers. Note that this allows creating a stack of context changes if the function is invoked multiple times with different pools. */ clearctx_baton_t *bt = (clearctx_baton_t *)apr_pcalloc(pool, sizeof(*bt)); bt->ctx = ctx; bt->backup = (svn_client_ctx_t*)apr_pmemdup(pool, ctx, sizeof(*ctx)); apr_pool_cleanup_register(in_pool.getPool(), bt, clear_ctx_ptrs, clear_ctx_ptrs); if (!ctx->config) { const char *configDir = m_configDir.c_str(); if (m_configDir.empty()) configDir = NULL; SVN_JNI_ERR(svn_config_get_config(&(ctx->config), configDir, m_pool->getPool()), NULL); bt->backup->config = ctx->config; } svn_config_t *config = (svn_config_t *) apr_hash_get(ctx->config, SVN_CONFIG_CATEGORY_CONFIG, APR_HASH_KEY_STRING); /* The whole list of registered providers */ apr_array_header_t *providers; /* Populate the registered providers with the platform-specific providers */ SVN_JNI_ERR(svn_auth_get_platform_specific_client_providers(&providers, config, pool), NULL); /* Use the prompter (if available) to prompt for password and cert * caching. */ svn_auth_plaintext_prompt_func_t plaintext_prompt_func = NULL; void *plaintext_prompt_baton = NULL; svn_auth_plaintext_passphrase_prompt_func_t plaintext_passphrase_prompt_func; void *plaintext_passphrase_prompt_baton = NULL; if (m_prompter != NULL) { plaintext_prompt_func = Prompter::plaintext_prompt; plaintext_prompt_baton = m_prompter; plaintext_passphrase_prompt_func = Prompter::plaintext_passphrase_prompt; plaintext_passphrase_prompt_baton = m_prompter; } /* The main disk-caching auth providers, for both * 'username/password' creds and 'username' creds. */ svn_auth_provider_object_t *provider; svn_auth_get_simple_provider2(&provider, plaintext_prompt_func, plaintext_prompt_baton, pool); APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider; svn_auth_get_username_provider(&provider, pool); APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider; /* The server-cert, client-cert, and client-cert-password providers. */ SVN_JNI_ERR(svn_auth_get_platform_specific_provider(&provider, "windows", "ssl_server_trust", pool), NULL); if (provider) APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider; svn_auth_get_ssl_server_trust_file_provider(&provider, pool); APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider; svn_auth_get_ssl_client_cert_file_provider(&provider, pool); APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider; svn_auth_get_ssl_client_cert_pw_file_provider2(&provider, plaintext_passphrase_prompt_func, plaintext_passphrase_prompt_baton, pool); APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider; if (m_prompter != NULL) { /* Two basic prompt providers: username/password, and just username.*/ provider = m_prompter->getProviderSimple(in_pool); APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider; provider = m_prompter->getProviderUsername(in_pool); APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider; /* Three ssl prompt providers, for server-certs, client-certs, * and client-cert-passphrases. */ provider = m_prompter->getProviderServerSSLTrust(in_pool); APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider; provider = m_prompter->getProviderClientSSL(in_pool); APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider; provider = m_prompter->getProviderClientSSLPassword(in_pool); APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider; } /* Build an authentication baton to give to libsvn_client. */ svn_auth_open(&ab, providers, pool); /* Place any default --username or --password credentials into the * auth_baton's run-time parameter hash. ### Same with --no-auth-cache? */ if (!m_userName.empty()) svn_auth_set_parameter(ab, SVN_AUTH_PARAM_DEFAULT_USERNAME, apr_pstrdup(in_pool.getPool(), m_userName.c_str())); if (!m_passWord.empty()) svn_auth_set_parameter(ab, SVN_AUTH_PARAM_DEFAULT_PASSWORD, apr_pstrdup(in_pool.getPool(), m_passWord.c_str())); /* Store where to retrieve authentication data? */ if (!m_configDir.empty()) svn_auth_set_parameter(ab, SVN_AUTH_PARAM_CONFIG_DIR, apr_pstrdup(in_pool.getPool(), m_configDir.c_str())); ctx->auth_baton = ab; ctx->log_msg_baton3 = message; m_cancelOperation = false; SVN_JNI_ERR(svn_wc_context_create(&ctx->wc_ctx, NULL, in_pool.getPool(), in_pool.getPool()), NULL); return ctx; }
svn_auth_baton_t * OperationContext::getAuthBaton(SVN::Pool &in_pool) { svn_auth_baton_t *ab; apr_pool_t *pool = in_pool.getPool(); apr_hash_t * configData = getConfigData(); if (configData == NULL) { return NULL; } svn_config_t *config = static_cast<svn_config_t *>(apr_hash_get(configData, SVN_CONFIG_CATEGORY_CONFIG, APR_HASH_KEY_STRING)); const bool use_native_store = GlobalConfig::useNativeCredentialsStore(); /* The whole list of registered providers */ apr_array_header_t *providers; svn_auth_provider_object_t *provider; if (use_native_store) { /* Populate the registered providers with the platform-specific providers */ SVN_JNI_ERR( svn_auth_get_platform_specific_client_providers( &providers, config, pool), NULL); /* Use the prompter (if available) to prompt for password and cert * caching. */ svn_auth_plaintext_prompt_func_t plaintext_prompt_func; void *plaintext_prompt_baton; svn_auth_plaintext_passphrase_prompt_func_t plaintext_passphrase_prompt_func; void *plaintext_passphrase_prompt_baton; if (m_prompter.get()) { plaintext_prompt_func = Prompter::plaintext_prompt; plaintext_prompt_baton = m_prompter.get(); plaintext_passphrase_prompt_func = Prompter::plaintext_passphrase_prompt; plaintext_passphrase_prompt_baton = m_prompter.get(); } else { plaintext_prompt_func = NULL; plaintext_prompt_baton = NULL; plaintext_passphrase_prompt_func = NULL; plaintext_passphrase_prompt_baton = NULL; } /* The main disk-caching auth providers, for both * 'username/password' creds and 'username' creds. */ svn_auth_get_simple_provider2(&provider, plaintext_prompt_func, plaintext_prompt_baton, pool); APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider; svn_auth_get_username_provider(&provider, pool); APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider; svn_auth_get_ssl_server_trust_file_provider(&provider, pool); APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider; svn_auth_get_ssl_client_cert_file_provider(&provider, pool); APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider; svn_auth_get_ssl_client_cert_pw_file_provider2( &provider, plaintext_passphrase_prompt_func, plaintext_passphrase_prompt_baton, pool); APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider; } else { // Not using hte native credentials store, start with an empty // providers array. providers = apr_array_make(pool, 0, sizeof(svn_auth_provider_object_t *)); } if (m_prompter.get()) { /* Two basic prompt providers: username/password, and just username.*/ provider = m_prompter->get_provider_simple(in_pool); APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider; provider = m_prompter->get_provider_username(in_pool); APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider; /* Three ssl prompt providers, for server-certs, client-certs, * and client-cert-passphrases. */ provider = m_prompter->get_provider_server_ssl_trust(in_pool); APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider; provider = m_prompter->get_provider_client_ssl(in_pool); APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider; provider = m_prompter->get_provider_client_ssl_password(in_pool); APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider; } /* Build an authentication baton to give to libsvn_client. */ svn_auth_open(&ab, providers, pool); /* Place any default --username or --password credentials into the * auth_baton's run-time parameter hash. ### Same with --no-auth-cache? */ if (!m_userName.empty()) svn_auth_set_parameter(ab, SVN_AUTH_PARAM_DEFAULT_USERNAME, apr_pstrdup(in_pool.getPool(), m_userName.c_str())); if (!m_passWord.empty()) svn_auth_set_parameter(ab, SVN_AUTH_PARAM_DEFAULT_PASSWORD, apr_pstrdup(in_pool.getPool(), m_passWord.c_str())); /* Store where to retrieve authentication data? */ if (!m_configDir.empty()) svn_auth_set_parameter(ab, SVN_AUTH_PARAM_CONFIG_DIR, apr_pstrdup(in_pool.getPool(), m_configDir.c_str())); return ab; }
static svn_error_t * load_config(svn_ra_serf__session_t *session, apr_hash_t *config_hash, apr_pool_t *pool) { svn_config_t *config, *config_client; const char *server_group; const char *proxy_host = NULL; const char *port_str = NULL; const char *timeout_str = NULL; const char *exceptions; apr_port_t proxy_port; svn_tristate_t chunked_requests; #if SERF_VERSION_AT_LEAST(1, 4, 0) && !defined(SVN_SERF_NO_LOGGING) apr_int64_t log_components; apr_int64_t log_level; #endif if (config_hash) { config = svn_hash_gets(config_hash, SVN_CONFIG_CATEGORY_SERVERS); config_client = svn_hash_gets(config_hash, SVN_CONFIG_CATEGORY_CONFIG); } else { config = NULL; config_client = NULL; } SVN_ERR(svn_config_get_bool(config, &session->using_compression, SVN_CONFIG_SECTION_GLOBAL, SVN_CONFIG_OPTION_HTTP_COMPRESSION, TRUE)); svn_config_get(config, &timeout_str, SVN_CONFIG_SECTION_GLOBAL, SVN_CONFIG_OPTION_HTTP_TIMEOUT, NULL); if (session->auth_baton) { if (config_client) { svn_auth_set_parameter(session->auth_baton, SVN_AUTH_PARAM_CONFIG_CATEGORY_CONFIG, config_client); } if (config) { svn_auth_set_parameter(session->auth_baton, SVN_AUTH_PARAM_CONFIG_CATEGORY_SERVERS, config); } } /* Use the default proxy-specific settings if and only if "http-proxy-exceptions" is not set to exclude this host. */ svn_config_get(config, &exceptions, SVN_CONFIG_SECTION_GLOBAL, SVN_CONFIG_OPTION_HTTP_PROXY_EXCEPTIONS, ""); if (! svn_cstring_match_glob_list(session->session_url.hostname, svn_cstring_split(exceptions, ",", TRUE, pool))) { svn_config_get(config, &proxy_host, SVN_CONFIG_SECTION_GLOBAL, SVN_CONFIG_OPTION_HTTP_PROXY_HOST, NULL); svn_config_get(config, &port_str, SVN_CONFIG_SECTION_GLOBAL, SVN_CONFIG_OPTION_HTTP_PROXY_PORT, NULL); svn_config_get(config, &session->proxy_username, SVN_CONFIG_SECTION_GLOBAL, SVN_CONFIG_OPTION_HTTP_PROXY_USERNAME, NULL); svn_config_get(config, &session->proxy_password, SVN_CONFIG_SECTION_GLOBAL, SVN_CONFIG_OPTION_HTTP_PROXY_PASSWORD, NULL); } /* Load the global ssl settings, if set. */ SVN_ERR(svn_config_get_bool(config, &session->trust_default_ca, SVN_CONFIG_SECTION_GLOBAL, SVN_CONFIG_OPTION_SSL_TRUST_DEFAULT_CA, TRUE)); svn_config_get(config, &session->ssl_authorities, SVN_CONFIG_SECTION_GLOBAL, SVN_CONFIG_OPTION_SSL_AUTHORITY_FILES, NULL); /* If set, read the flag that tells us to do bulk updates or not. Defaults to skelta updates. */ SVN_ERR(svn_config_get_tristate(config, &session->bulk_updates, SVN_CONFIG_SECTION_GLOBAL, SVN_CONFIG_OPTION_HTTP_BULK_UPDATES, "auto", svn_tristate_unknown)); /* Load the maximum number of parallel session connections. */ SVN_ERR(svn_config_get_int64(config, &session->max_connections, SVN_CONFIG_SECTION_GLOBAL, SVN_CONFIG_OPTION_HTTP_MAX_CONNECTIONS, SVN_CONFIG_DEFAULT_OPTION_HTTP_MAX_CONNECTIONS)); /* Should we use chunked transfer encoding. */ SVN_ERR(svn_config_get_tristate(config, &chunked_requests, SVN_CONFIG_SECTION_GLOBAL, SVN_CONFIG_OPTION_HTTP_CHUNKED_REQUESTS, "auto", svn_tristate_unknown)); #if SERF_VERSION_AT_LEAST(1, 4, 0) && !defined(SVN_SERF_NO_LOGGING) SVN_ERR(svn_config_get_int64(config, &log_components, SVN_CONFIG_SECTION_GLOBAL, SVN_CONFIG_OPTION_SERF_LOG_COMPONENTS, SERF_LOGCOMP_NONE)); SVN_ERR(svn_config_get_int64(config, &log_level, SVN_CONFIG_SECTION_GLOBAL, SVN_CONFIG_OPTION_SERF_LOG_LEVEL, SERF_LOG_INFO)); #endif server_group = svn_auth_get_parameter(session->auth_baton, SVN_AUTH_PARAM_SERVER_GROUP); if (server_group) { SVN_ERR(svn_config_get_bool(config, &session->using_compression, server_group, SVN_CONFIG_OPTION_HTTP_COMPRESSION, session->using_compression)); svn_config_get(config, &timeout_str, server_group, SVN_CONFIG_OPTION_HTTP_TIMEOUT, timeout_str); /* Load the group proxy server settings, overriding global settings. We intentionally ignore 'http-proxy-exceptions' here because, well, if this site was an exception, why is there a per-server proxy configuration for it? */ svn_config_get(config, &proxy_host, server_group, SVN_CONFIG_OPTION_HTTP_PROXY_HOST, proxy_host); svn_config_get(config, &port_str, server_group, SVN_CONFIG_OPTION_HTTP_PROXY_PORT, port_str); svn_config_get(config, &session->proxy_username, server_group, SVN_CONFIG_OPTION_HTTP_PROXY_USERNAME, session->proxy_username); svn_config_get(config, &session->proxy_password, server_group, SVN_CONFIG_OPTION_HTTP_PROXY_PASSWORD, session->proxy_password); /* Load the group ssl settings. */ SVN_ERR(svn_config_get_bool(config, &session->trust_default_ca, server_group, SVN_CONFIG_OPTION_SSL_TRUST_DEFAULT_CA, session->trust_default_ca)); svn_config_get(config, &session->ssl_authorities, server_group, SVN_CONFIG_OPTION_SSL_AUTHORITY_FILES, session->ssl_authorities); /* Load the group bulk updates flag. */ SVN_ERR(svn_config_get_tristate(config, &session->bulk_updates, server_group, SVN_CONFIG_OPTION_HTTP_BULK_UPDATES, "auto", session->bulk_updates)); /* Load the maximum number of parallel session connections, overriding global values. */ SVN_ERR(svn_config_get_int64(config, &session->max_connections, server_group, SVN_CONFIG_OPTION_HTTP_MAX_CONNECTIONS, session->max_connections)); /* Should we use chunked transfer encoding. */ SVN_ERR(svn_config_get_tristate(config, &chunked_requests, server_group, SVN_CONFIG_OPTION_HTTP_CHUNKED_REQUESTS, "auto", chunked_requests)); #if SERF_VERSION_AT_LEAST(1, 4, 0) && !defined(SVN_SERF_NO_LOGGING) SVN_ERR(svn_config_get_int64(config, &log_components, server_group, SVN_CONFIG_OPTION_SERF_LOG_COMPONENTS, log_components)); SVN_ERR(svn_config_get_int64(config, &log_level, server_group, SVN_CONFIG_OPTION_SERF_LOG_LEVEL, log_level)); #endif } #if SERF_VERSION_AT_LEAST(1, 4, 0) && !defined(SVN_SERF_NO_LOGGING) if (log_components != SERF_LOGCOMP_NONE) { serf_log_output_t *output; apr_status_t status; status = serf_logging_create_stream_output(&output, session->context, (apr_uint32_t)log_level, (apr_uint32_t)log_components, SERF_LOG_DEFAULT_LAYOUT, stderr, pool); if (!status) serf_logging_add_output(session->context, output); } #endif /* Don't allow the http-max-connections value to be larger than our compiled-in limit, or to be too small to operate. Broken functionality and angry administrators are equally undesirable. */ if (session->max_connections > SVN_RA_SERF__MAX_CONNECTIONS_LIMIT) session->max_connections = SVN_RA_SERF__MAX_CONNECTIONS_LIMIT; if (session->max_connections < 2) session->max_connections = 2; /* Parse the connection timeout value, if any. */ session->timeout = apr_time_from_sec(DEFAULT_HTTP_TIMEOUT); if (timeout_str) { char *endstr; const long int timeout = strtol(timeout_str, &endstr, 10); if (*endstr) return svn_error_create(SVN_ERR_BAD_CONFIG_VALUE, NULL, _("Invalid config: illegal character in " "timeout value")); if (timeout < 0) return svn_error_create(SVN_ERR_BAD_CONFIG_VALUE, NULL, _("Invalid config: negative timeout value")); session->timeout = apr_time_from_sec(timeout); } SVN_ERR_ASSERT(session->timeout >= 0); /* Convert the proxy port value, if any. */ if (port_str) { char *endstr; const long int port = strtol(port_str, &endstr, 10); if (*endstr) return svn_error_create(SVN_ERR_RA_ILLEGAL_URL, NULL, _("Invalid URL: illegal character in proxy " "port number")); if (port < 0) return svn_error_create(SVN_ERR_RA_ILLEGAL_URL, NULL, _("Invalid URL: negative proxy port number")); if (port > 65535) return svn_error_create(SVN_ERR_RA_ILLEGAL_URL, NULL, _("Invalid URL: proxy port number greater " "than maximum TCP port number 65535")); proxy_port = (apr_port_t) port; } else { proxy_port = 80; } if (proxy_host) { apr_sockaddr_t *proxy_addr; apr_status_t status; status = apr_sockaddr_info_get(&proxy_addr, proxy_host, APR_UNSPEC, proxy_port, 0, session->pool); if (status) { return svn_ra_serf__wrap_err( status, _("Could not resolve proxy server '%s'"), proxy_host); } session->using_proxy = TRUE; serf_config_proxy(session->context, proxy_addr); } else { session->using_proxy = FALSE; } /* Setup detect_chunking and using_chunked_requests based on * the chunked_requests tristate */ if (chunked_requests == svn_tristate_unknown) { session->detect_chunking = TRUE; session->using_chunked_requests = TRUE; } else if (chunked_requests == svn_tristate_true) { session->detect_chunking = FALSE; session->using_chunked_requests = TRUE; } else /* chunked_requests == svn_tristate_false */ { session->detect_chunking = FALSE; session->using_chunked_requests = FALSE; } /* Setup authentication. */ SVN_ERR(load_http_auth_types(pool, config, server_group, &session->authn_types)); serf_config_authn_types(session->context, session->authn_types); serf_config_credentials_callback(session->context, svn_ra_serf__credentials_callback); return SVN_NO_ERROR; }