📄 svn_auth.h
字号:
/**
* @copyright
* ====================================================================
* Copyright (c) 2000-2004 CollabNet. All rights reserved.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
* are also available at http://subversion.tigris.org/license-1.html.
* If newer versions of this license are posted there, you may use a
* newer version instead, at your option.
*
* This software consists of voluntary contributions made by many
* individuals. For exact contribution history, see the revision
* history and logs, available at http://subversion.tigris.org/.
* ====================================================================
* @endcopyright
*
* @file svn_auth.h
* @brief Interface to Subversion authentication system
*/
#ifndef SVN_AUTH_H
#define SVN_AUTH_H
#include <apr_pools.h>
#include "svn_types.h"
#ifdef __cplusplus
extern "C" {
#endif /* __cplusplus */
/** Overview of the svn authentication system.
*
* We define an authentication "provider" as a module that is able to
* return a specific set of credentials. (e.g. username/password,
* certificate, etc.) Each provider implements a vtable that
*
* - can fetch initial credentials
* - can retry the fetch (or try to fetch something different)
* - can store the credentials for future use
*
* For any given type of credentials, there can exist any number of
* separate providers -- each provider has a different method of
* fetching. (i.e. from a disk store, by prompting the user, etc.)
*
* The application begins by creating an auth baton object, and
* "registers" some number of providers with the auth baton, in a
* specific order. (For example, it may first register a
* username/password provider that looks in disk store, then register
* a username/password provider that prompts the user.)
*
* Later on, when any svn library is challenged, it asks the auth
* baton for the specific credentials. If the initial credentials
* fail to authenticate, the caller keeps requesting new credentials.
* Under the hood, libsvn_auth effectively "walks" over each provider
* (in order of registry), one at a time, until all the providers have
* exhausted all their retry options.
*
* This system allows an application to flexibly define authentication
* behaviors (by changing registration order), and very easily write
* new authentication providers.
*
* An auth_baton also contains an internal hashtable of run-time
* parameters; any provider or library layer can set these run-time
* parameters at any time, so that the provider has access to the
* data. (For example, certain run-time data may not be available
* until an authentication challenge is made.) Each credential type
* must document the run-time parameters that are made available to
* its providers.
*
* @defgroup auth_fns authentication functions
* @{
*/
/** The type of a Subversion authentication object */
typedef struct svn_auth_baton_t svn_auth_baton_t;
/** The type of a Subversion authentication-iteration object */
typedef struct svn_auth_iterstate_t svn_auth_iterstate_t;
/** The main authentication "provider" vtable. */
typedef struct svn_auth_provider_t
{
/** The kind of credentials this provider knows how to retrieve. */
const char *cred_kind;
/** Get an initial set of credentials.
*
* Set @a *credentials to a set of valid credentials within @a
* realmstring, or NULL if no credentials are available. Set @a
* *iter_baton to context that allows a subsequent call to @c
* next_credentials, in case the first credentials fail to
* authenticate. @a provider_baton is general context for the
* vtable, @a parameters contains any run-time data that the
* provider may need, and @a realmstring comes from the @c
* svn_auth_first_credentials call.
*/
svn_error_t * (*first_credentials) (void **credentials,
void **iter_baton,
void *provider_baton,
apr_hash_t *parameters,
const char *realmstring,
apr_pool_t *pool);
/** Get a different set of credentials.
*
* Set @a *credentials to another set of valid credentials, (using
* @a iter_baton as the context from previous call to first_credentials
* or next_credentials). If no more credentials are available, set
* @a **credentials to NULL. If the provider only has one set of
* credentials, this function pointer should simply be NULL. @a
* provider_baton is general context for the vtable, @a parameters
* contains any run-time data that the provider may need, and @a
* realmstring comes from the @c svn_auth_first_credentials call.
*/
svn_error_t * (*next_credentials) (void **credentials,
void *iter_baton,
void *provider_baton,
apr_hash_t *parameters,
const char *realmstring,
apr_pool_t *pool);
/** Save credentials.
*
* Store @a credentials for future use. @a provider_baton is
* general context for the vtable, and @a parameters contains any
* run-time data the provider may need. Set @a *saved to true if
* the save happened, or false if not. The provider is not required
* to save; if it refuses or is unable to save for non-fatal
* reasons, return false. If the provider never saves data, then
* this function pointer should simply be NULL. @a realmstring comes
* from the @c svn_auth_first_credentials call.
*/
svn_error_t * (*save_credentials) (svn_boolean_t *saved,
void *credentials,
void *provider_baton,
apr_hash_t *parameters,
const char *realmstring,
apr_pool_t *pool);
} svn_auth_provider_t;
/** A provider object, ready to be put into an array and given to
@c svn_auth_open. */
typedef struct svn_auth_provider_object_t
{
const svn_auth_provider_t *vtable;
void *provider_baton;
} svn_auth_provider_object_t;
/** Specific types of credentials **/
/** Simple username/password pair credential kind.
*
* The following auth parameters may be available to the providers:
*
* - @c SVN_AUTH_PARAM_NO_AUTH_CACHE (@c void*)
* - @c SVN_AUTH_PARAM_DEFAULT_USERNAME (@c char*)
* - @c SVN_AUTH_PARAM_DEFAULT_PASSWORD (@c char*)
*/
#define SVN_AUTH_CRED_SIMPLE "svn.simple"
/** @c SVN_AUTH_CRED_SIMPLE credentials. */
typedef struct svn_auth_cred_simple_t
{
/** Username */
const char *username;
/** Password */
const char *password;
/** Indicates if the credentials may be saved (to disk). For example, a
* GUI prompt implementation with a remember password checkbox shall set
* @a may_save to TRUE if the checkbox is checked.
*/
svn_boolean_t may_save;
} svn_auth_cred_simple_t;
/** Username credential kind.
*
* The following optional auth parameters are relevant to the providers:
*
* - @c SVN_AUTH_PARAM_NO_AUTH_CACHE (@c void*)
* - @c SVN_AUTH_PARAM_DEFAULT_USERNAME (@c char*)
*/
#define SVN_AUTH_CRED_USERNAME "svn.username"
/** @c SVN_AUTH_CRED_USERNAME credentials. */
typedef struct svn_auth_cred_username_t
{
/** Username */
const char *username;
/** Indicates if the credentials may be saved (to disk). For example, a
* GUI prompt implementation with a remember username checkbox shall set
* @a may_save to TRUE if the checkbox is checked.
*/
svn_boolean_t may_save;
} svn_auth_cred_username_t;
/** SSL client certificate credential type.
*
* The following auth parameters are available to the providers:
*
* - @c SVN_AUTH_PARAM_CONFIG (@c svn_config_t*)
* - @c SVN_AUTH_PARAM_SERVER_GROUP (@c char*)
*
* The following optional auth parameters are relevant to the providers:
*
* - @c SVN_AUTH_PARAM_NO_AUTH_CACHE (@c void*)
*/
#define SVN_AUTH_CRED_SSL_CLIENT_CERT "svn.ssl.client-cert"
/** @c SVN_AUTH_CRED_SSL_CLIENT_CERT credentials. */
typedef struct svn_auth_cred_ssl_client_cert_t
{
/** Full paths to the certificate file */
const char *cert_file;
/** Indicates if the credentials may be saved (to disk). For example, a
* GUI prompt implementation with a remember certificate checkbox shall
* set @a may_save to TRUE if the checkbox is checked.
*/
svn_boolean_t may_save;
} svn_auth_cred_ssl_client_cert_t;
/** SSL client certificate passphrase credential type.
*
* @note The realmstring used with this credential type must be a name that
* makes it possible for the user to identify the certificate.
*
* The following auth parameters are available to the providers:
*
* - @c SVN_AUTH_PARAM_CONFIG (@c svn_config_t*)
* - @c SVN_AUTH_PARAM_SERVER_GROUP (@c char*)
*
* The following optional auth parameters are relevant to the providers:
*
* - @c SVN_AUTH_PARAM_NO_AUTH_CACHE (@c void*)
*/
#define SVN_AUTH_CRED_SSL_CLIENT_CERT_PW "svn.ssl.client-passphrase"
/** @c SVN_AUTH_CRED_SSL_CLIENT_CERT_PW crentials. */
typedef struct svn_auth_cred_ssl_client_cert_pw_t
{
/** Certificate password */
const char *password;
/** Indicates if the credentials may be saved (to disk). For example, a
* GUI prompt implementation with a remember password checkbox shall set
* @a may_save to TRUE if the checkbox is checked.
*/
svn_boolean_t may_save;
} svn_auth_cred_ssl_client_cert_pw_t;
/** SSL server verification credential type.
*
* The following auth parameters are available to the providers:
*
* - @c SVN_AUTH_PARAM_CONFIG (@c svn_config_t*)
* - @c SVN_AUTH_PARAM_SERVER_GROUP (@c char*)
* - @c SVN_AUTH_PARAM_SSL_SERVER_FAILURES (@c apr_uint32_t*)
* - @c SVN_AUTH_PARAM_SSL_SERVER_CERT_INFO
* (@c svn_auth_ssl_server_cert_info_t*)
*
* The following optional auth parameters are relevant to the providers:
*
* - @c SVN_AUTH_PARAM_NO_AUTH_CACHE (@c void*)
*/
#define SVN_AUTH_CRED_SSL_SERVER_TRUST "svn.ssl.server"
/** SSL server certificate information used by @c
* SVN_AUTH_CRED_SSL_SERVER_TRUST providers.
*/
typedef struct svn_auth_ssl_server_cert_info_t
{
/** Primary CN */
const char *hostname;
/** ASCII fingerprint */
const char *fingerprint;
/** ASCII date from which the certificate is valid */
const char *valid_from;
/** ASCII date until which the certificate is valid */
const char *valid_until;
/** DN of the certificate issuer */
const char *issuer_dname;
/** Base-64 encoded DER certificate representation */
const char *ascii_cert;
} svn_auth_ssl_server_cert_info_t;
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -