/* Fetch a username for use with SESS. */ static svn_error_t * get_username(svn_ra_session_t *session, apr_pool_t *pool) { svn_ra_local__session_baton_t *sess = session->priv; svn_auth_iterstate_t *iterstate; svn_fs_access_t *access_ctx; /* If we've already found the username don't ask for it again. */ if (! sess->username) { /* Get a username somehow, so we have some svn:author property to attach to a commit. */ if (sess->callbacks->auth_baton) { void *creds; svn_auth_cred_username_t *username_creds; SVN_ERR(svn_auth_first_credentials(&creds, &iterstate, SVN_AUTH_CRED_USERNAME, sess->uuid, /* realmstring */ sess->callbacks->auth_baton, pool)); /* No point in calling next_creds(), since that assumes that the first_creds() somehow failed to authenticate. But there's no challenge going on, so we use whatever creds we get back on the first try. */ username_creds = creds; if (username_creds && username_creds->username) { sess->username = apr_pstrdup(session->pool, username_creds->username); svn_error_clear(svn_auth_save_credentials(iterstate, pool)); } else sess->username = ""; } else sess->username = ""; } /* If we have a real username, attach it to the filesystem so that it can be used to validate locks. Even if there already is a user context associated, it may contain irrelevant lock tokens, so always create a new. */ if (*sess->username) { SVN_ERR(svn_fs_create_access(&access_ctx, sess->username, pool)); SVN_ERR(svn_fs_set_access(sess->fs, access_ctx)); /* Make sure this context is disassociated when the pool gets destroyed. */ apr_pool_cleanup_register(pool, sess->fs, cleanup_access, apr_pool_cleanup_null); } return SVN_NO_ERROR; }
svn_error_t * svn_ra_neon__maybe_store_auth_info(svn_ra_neon__session_t *ras, apr_pool_t *pool) { /* No auth_baton? Never mind. */ if (! ras->callbacks->auth_baton) return SVN_NO_ERROR; /* If we ever got credentials, ask the iter_baton to save them. */ return svn_auth_save_credentials(ras->auth_iterstate, pool); }
svn_error_t * svn_ra_svn__do_internal_auth(svn_ra_svn__session_baton_t *sess, const apr_array_header_t *mechlist, const char *realm, apr_pool_t *pool) { svn_ra_svn_conn_t *conn = sess->conn; const char *realmstring, *user, *password, *msg; svn_auth_iterstate_t *iterstate; void *creds; realmstring = apr_psprintf(pool, "%s %s", sess->realm_prefix, realm); if (sess->is_tunneled && svn_ra_svn__find_mech(mechlist, "EXTERNAL")) { /* Ask the server to use the tunnel connection environment (on * Unix, that means uid) to determine the authentication name. */ SVN_ERR(svn_ra_svn__auth_response(conn, pool, "EXTERNAL", "")); return read_success(conn, pool); } else if (svn_ra_svn__find_mech(mechlist, "ANONYMOUS")) { SVN_ERR(svn_ra_svn__auth_response(conn, pool, "ANONYMOUS", "")); return read_success(conn, pool); } else if (svn_ra_svn__find_mech(mechlist, "CRAM-MD5")) { SVN_ERR(svn_auth_first_credentials(&creds, &iterstate, SVN_AUTH_CRED_SIMPLE, realmstring, sess->callbacks->auth_baton, pool)); if (!creds) return svn_error_create(SVN_ERR_RA_NOT_AUTHORIZED, NULL, _("Can't get password")); while (creds) { user = ((svn_auth_cred_simple_t *) creds)->username; password = ((svn_auth_cred_simple_t *) creds)->password; SVN_ERR(svn_ra_svn__auth_response(conn, pool, "CRAM-MD5", NULL)); SVN_ERR(svn_ra_svn__cram_client(conn, pool, user, password, &msg)); if (!msg) break; SVN_ERR(svn_auth_next_credentials(&creds, iterstate, pool)); } if (!creds) return svn_error_createf(SVN_ERR_RA_NOT_AUTHORIZED, NULL, _("Authentication error from server: %s"), msg); SVN_ERR(svn_auth_save_credentials(iterstate, pool)); return SVN_NO_ERROR; } else return svn_error_create(SVN_ERR_RA_SVN_NO_MECHANISMS, NULL, NULL); }