static svn_error_t * ssl_server_trust_file_save_credentials(svn_boolean_t *saved, void *credentials, void *provider_baton, apr_hash_t *parameters, const char *realmstring, apr_pool_t *pool) { svn_auth_cred_ssl_server_trust_t *creds = credentials; const svn_auth_ssl_server_cert_info_t *cert_info; apr_hash_t *creds_hash = NULL; const char *config_dir; if (! creds->may_save) return SVN_NO_ERROR; config_dir = svn_hash_gets(parameters, SVN_AUTH_PARAM_CONFIG_DIR); cert_info = svn_hash_gets(parameters, SVN_AUTH_PARAM_SSL_SERVER_CERT_INFO); creds_hash = apr_hash_make(pool); svn_hash_sets(creds_hash, SVN_CONFIG_AUTHN_ASCII_CERT_KEY, svn_string_create(cert_info->ascii_cert, pool)); svn_hash_sets(creds_hash, SVN_CONFIG_AUTHN_FAILURES_KEY, svn_string_createf(pool, "%lu", (unsigned long)creds->accepted_failures)); SVN_ERR(svn_config_write_auth_data(creds_hash, SVN_AUTH_CRED_SSL_SERVER_TRUST, realmstring, config_dir, pool)); *saved = TRUE; return SVN_NO_ERROR; }
svn_error_t * svn_auth__ssl_client_cert_pw_cache_set(svn_boolean_t *saved, void *credentials, void *provider_baton, apr_hash_t *parameters, const char *realmstring, svn_auth__password_set_t passphrase_set, const char *passtype, apr_pool_t *pool) { svn_auth_cred_ssl_client_cert_pw_t *creds = credentials; apr_hash_t *creds_hash = NULL; const char *config_dir; svn_error_t *err; svn_boolean_t dont_store_passphrase = svn_hash_gets(parameters, SVN_AUTH_PARAM_DONT_STORE_SSL_CLIENT_CERT_PP) != NULL; svn_boolean_t non_interactive = svn_hash_gets(parameters, SVN_AUTH_PARAM_NON_INTERACTIVE) != NULL; svn_boolean_t no_auth_cache = (! creds->may_save) || (svn_hash_gets(parameters, SVN_AUTH_PARAM_NO_AUTH_CACHE) != NULL); *saved = FALSE; if (no_auth_cache) return SVN_NO_ERROR; config_dir = svn_hash_gets(parameters, SVN_AUTH_PARAM_CONFIG_DIR); creds_hash = apr_hash_make(pool); /* Don't store passphrase in any form if the user has told us not to do so. */ if (! dont_store_passphrase) { svn_boolean_t may_save_passphrase = FALSE; /* If the passphrase is going to be stored encrypted, go right ahead and store it to disk. Else determine whether saving in plaintext is OK. */ if (strcmp(passtype, SVN_AUTH__WINCRYPT_PASSWORD_TYPE) == 0 || strcmp(passtype, SVN_AUTH__KWALLET_PASSWORD_TYPE) == 0 || strcmp(passtype, SVN_AUTH__GNOME_KEYRING_PASSWORD_TYPE) == 0 || strcmp(passtype, SVN_AUTH__KEYCHAIN_PASSWORD_TYPE) == 0) { may_save_passphrase = TRUE; } else { #ifdef SVN_DISABLE_PLAINTEXT_PASSWORD_STORAGE may_save_passphrase = FALSE; #else const char *store_ssl_client_cert_pp_plaintext = svn_hash_gets(parameters, SVN_AUTH_PARAM_STORE_SSL_CLIENT_CERT_PP_PLAINTEXT); ssl_client_cert_pw_file_provider_baton_t *b = (ssl_client_cert_pw_file_provider_baton_t *)provider_baton; if (svn_cstring_casecmp(store_ssl_client_cert_pp_plaintext, SVN_CONFIG_ASK) == 0) { if (non_interactive) { /* In non-interactive mode, the default behaviour is to not store the passphrase */ may_save_passphrase = FALSE; } else if (b->plaintext_passphrase_prompt_func) { /* We're interactive, and the client provided a prompt callback. So we can ask the user. Check for a cached answer before prompting. This is a pointer-to-boolean, rather than just a boolean, because we must distinguish between "cached answer is no" and "no answer has been cached yet". */ svn_boolean_t *cached_answer = svn_hash_gets(b->plaintext_answers, realmstring); if (cached_answer != NULL) { may_save_passphrase = *cached_answer; } else { apr_pool_t *cached_answer_pool; /* Nothing cached for this realm, prompt the user. */ SVN_ERR((*b->plaintext_passphrase_prompt_func)( &may_save_passphrase, realmstring, b->prompt_baton, pool)); /* Cache the user's answer in case we're called again * for the same realm. * * We allocate the answer cache in the hash table's pool * to make sure that is has the same life time as the * hash table itself. This means that the answer will * survive across RA sessions -- which is important, * because otherwise we'd prompt users once per RA session. */ cached_answer_pool = apr_hash_pool_get(b->plaintext_answers); cached_answer = apr_palloc(cached_answer_pool, sizeof(*cached_answer)); *cached_answer = may_save_passphrase; svn_hash_sets(b->plaintext_answers, realmstring, cached_answer); } } else { may_save_passphrase = FALSE; } } else if (svn_cstring_casecmp(store_ssl_client_cert_pp_plaintext, SVN_CONFIG_FALSE) == 0) { may_save_passphrase = FALSE; } else if (svn_cstring_casecmp(store_ssl_client_cert_pp_plaintext, SVN_CONFIG_TRUE) == 0) { may_save_passphrase = TRUE; } else { return svn_error_createf (SVN_ERR_RA_DAV_INVALID_CONFIG_VALUE, NULL, _("Config error: invalid value '%s' for option '%s'"), store_ssl_client_cert_pp_plaintext, SVN_AUTH_PARAM_STORE_SSL_CLIENT_CERT_PP_PLAINTEXT); } #endif } if (may_save_passphrase) { SVN_ERR(passphrase_set(saved, creds_hash, realmstring, NULL, creds->password, parameters, non_interactive, pool)); if (*saved && passtype) { svn_hash_sets(creds_hash, AUTHN_PASSTYPE_KEY, svn_string_create(passtype, pool)); } /* Save credentials to disk. */ err = svn_config_write_auth_data(creds_hash, SVN_AUTH_CRED_SSL_CLIENT_CERT_PW, realmstring, config_dir, pool); svn_error_clear(err); *saved = ! err; } } return SVN_NO_ERROR; }