simple_providers.c

subversion-1.4.3-1.tar.gz 配置svn的源码

/*
 * simple_providers.c: providers for SVN_AUTH_CRED_SIMPLE
 *
 * ====================================================================
 * Copyright (c) 2000-2004 CollabNet.  All rights reserved.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution.  The terms
 * are also available at http://subversion.tigris.org/license-1.html.
 * If newer versions of this license are posted there, you may use a
 * newer version instead, at your option.
 *
 * This software consists of voluntary contributions made by many
 * individuals.  For exact contribution history, see the revision
 * history and logs, available at http://subversion.tigris.org/.
 * ====================================================================
 */

/* ==================================================================== */



/*** Includes. ***/

#include <apr_pools.h>
#include "svn_auth.h"
#include "svn_error.h"
#include "svn_utf.h"
#include "svn_config.h"
#include "svn_user.h"

#include "svn_private_config.h"

/*-----------------------------------------------------------------------*/
/* File provider                                                         */
/*-----------------------------------------------------------------------*/

/* The keys that will be stored on disk */
#define SVN_AUTH__AUTHFILE_USERNAME_KEY            "username"
#define SVN_AUTH__AUTHFILE_PASSWORD_KEY            "password"
#define SVN_AUTH__AUTHFILE_PASSTYPE_KEY            "passtype"

#define SVN_AUTH__SIMPLE_PASSWORD_TYPE             "simple"
#define SVN_AUTH__WINCRYPT_PASSWORD_TYPE           "wincrypt"
#define SVN_AUTH__KEYCHAIN_PASSWORD_TYPE           "keychain"


/* A function that stores PASSWORD (or some encrypted version thereof)
   either directly in CREDS, or externally using REALMSTRING and USERNAME
   as keys into the external store.  If NON_INTERACTIVE is set, the user
   must not be involved in the storage process.  POOL is used for any
   necessary allocation. */
typedef svn_boolean_t (*password_set_t)(apr_hash_t *creds,
                                        const char *realmstring,
                                        const char *username,
                                        const char *password,
                                        svn_boolean_t non_interactive,
                                        apr_pool_t *pool);

/* A function that stores in *PASSWORD (potentially after decrypting it)
   the user's password.  It might be obtained directly from CREDS, or
   from an external store, using REALMSTRING and USERNAME as keys.
   If NON_INTERACTIVE is set, the user must not be involved in the
   retrieval process.  POOL is used for any necessary allocation. */
typedef svn_boolean_t (*password_get_t)(const char **password,
                                        apr_hash_t *creds,
                                        const char *realmstring,
                                        const char *username,
                                        svn_boolean_t non_interactive,
                                        apr_pool_t *pool);



/* Implementation of password_get_t that retrieves the plaintext password
   from CREDS. */
static svn_boolean_t
simple_password_get(const char **password,
                    apr_hash_t *creds,
                    const char *realmstring,
                    const char *username,
                    svn_boolean_t non_interactive,
                    apr_pool_t *pool)
{
  svn_string_t *str;
  str = apr_hash_get(creds, SVN_AUTH__AUTHFILE_PASSWORD_KEY,
                     APR_HASH_KEY_STRING);
  if (str && str->data)
    {
      *password = str->data;
      return TRUE;
    }
  return FALSE;
}

/* Implementation of password_set_t that store the plaintext password
   in CREDS. */
static svn_boolean_t
simple_password_set(apr_hash_t *creds,
                    const char *realmstring,
                    const char *username,
                    const char *password,
                    svn_boolean_t non_interactive,
                    apr_pool_t *pool)
{
  apr_hash_set(creds, SVN_AUTH__AUTHFILE_PASSWORD_KEY, APR_HASH_KEY_STRING,
               svn_string_create(password, pool));
  return TRUE;
}

/* Common implementation for simple_first_creds and
   windows_simple_first_creds. Uses PARAMETERS, REALMSTRING and the
   simple auth provider's username and password cache to fill a set of
   CREDENTIALS. PASSWORD_GET is used to obtain the password value.
   PASSTYPE identifies the type of the cached password. CREDENTIALS are
   allocated from POOL. */
static svn_error_t *
simple_first_creds_helper(void **credentials,
                          void **iter_baton,
                          void *provider_baton,
                          apr_hash_t *parameters,
                          const char *realmstring,
                          password_get_t password_get,
                          const char *passtype,
                          apr_pool_t *pool)
{
  const char *config_dir = apr_hash_get(parameters,
                                        SVN_AUTH_PARAM_CONFIG_DIR,
                                        APR_HASH_KEY_STRING);
  const char *username = apr_hash_get(parameters,
                                      SVN_AUTH_PARAM_DEFAULT_USERNAME,
                                      APR_HASH_KEY_STRING);
  const char *password = apr_hash_get(parameters,
                                      SVN_AUTH_PARAM_DEFAULT_PASSWORD,
                                      APR_HASH_KEY_STRING);
  svn_boolean_t non_interactive = apr_hash_get(parameters,
                                               SVN_AUTH_PARAM_NON_INTERACTIVE,
                                               APR_HASH_KEY_STRING) != NULL;

  svn_boolean_t may_save = username || password;
  svn_error_t *err;

  /* If we don't have a usename and a password yet, we try the auth cache */
  if (! (username && password))
    {
      apr_hash_t *creds_hash = NULL;

      /* Try to load credentials from a file on disk, based on the
         realmstring.  Don't throw an error, though: if something went
         wrong reading the file, no big deal.  What really matters is that
         we failed to get the creds, so allow the auth system to try the
         next provider. */
      err = svn_config_read_auth_data(&creds_hash, SVN_AUTH_CRED_SIMPLE,
                                      realmstring, config_dir, pool);
      svn_error_clear(err);
      if (! err && creds_hash)
        {
          svn_string_t *str;
          if (! username)
            {
              str = apr_hash_get(creds_hash,
                                 SVN_AUTH__AUTHFILE_USERNAME_KEY,
                                 APR_HASH_KEY_STRING);
              if (str && str->data)
                username = str->data;
            }

          if (! password)
            {
              svn_boolean_t have_passtype;
              /* The password type in the auth data must match the
                 mangler's type, otherwise the password must be
                 interpreted by another provider. */
              str = apr_hash_get(creds_hash,
                                 SVN_AUTH__AUTHFILE_PASSTYPE_KEY,
                                 APR_HASH_KEY_STRING);
              have_passtype = (str && str->data);
              if (have_passtype && passtype
                  && 0 != strcmp(str->data, passtype))
                password = NULL;
              else
                {
                  if (!password_get(&password, creds_hash, realmstring,
                                    username, non_interactive, pool))
                    password = NULL;

                  /* If the auth data didn't contain a password type,
                     force a write to upgrade the format of the auth
                     data file. */
                  if (password && passtype && !have_passtype)
                    may_save = TRUE;
                }
            }
        }
    }

  /* Ask the OS for the username if we have a password but no
     username. */
  if (password && ! username)
    username = svn_user_get_name(pool);

  if (username && password)
    {
      svn_auth_cred_simple_t *creds = apr_pcalloc(pool, sizeof(*creds));
      creds->username = username;
      creds->password = password;
      creds->may_save = may_save;
      *credentials = creds;
    }
  else
    *credentials = NULL;

  *iter_baton = NULL;

  return SVN_NO_ERROR;
}


/* Common implementation for simple_save_creds and
   windows_simple_save_creds. Uses PARAMETERS and REALMSTRING to save
   a set of CREDENTIALS to the simple auth provider's username and
   password cache. PASSWORD_SET is used to store the password.
   PASSTYPE identifies the type of the cached password. Allocates from POOL. */
static svn_error_t *
simple_save_creds_helper(svn_boolean_t *saved,
                         void *credentials,
                         void *provider_baton,
                         apr_hash_t *parameters,
                         const char *realmstring,
                         password_set_t password_set,
                         const char *passtype,
                         apr_pool_t *pool)
{
  svn_auth_cred_simple_t *creds = credentials;
  apr_hash_t *creds_hash = NULL;
  const char *config_dir;
  svn_error_t *err;
  const char *dont_store_passwords =
    apr_hash_get(parameters,
                 SVN_AUTH_PARAM_DONT_STORE_PASSWORDS,
                 APR_HASH_KEY_STRING);
  svn_boolean_t non_interactive = apr_hash_get(parameters,
                                               SVN_AUTH_PARAM_NON_INTERACTIVE,
                                               APR_HASH_KEY_STRING) != NULL;
  svn_boolean_t password_stored = TRUE;

  *saved = FALSE;

  if (! creds->may_save)
    return SVN_NO_ERROR;

  config_dir = apr_hash_get(parameters,
                            SVN_AUTH_PARAM_CONFIG_DIR,
                            APR_HASH_KEY_STRING);

  /* Put the credentials in a hash and save it to disk */
  creds_hash = apr_hash_make(pool);
  apr_hash_set(creds_hash, SVN_AUTH__AUTHFILE_USERNAME_KEY,
               APR_HASH_KEY_STRING,
               svn_string_create(creds->username, pool));
  if (! dont_store_passwords)
    {
      password_stored = password_set(creds_hash, realmstring, creds->username,
                                     creds->password, non_interactive, pool);
      if (password_stored)
        {
          /* Store the password type with the auth data, so that we
             know which provider owns the password. */
          if (passtype)
            {
              apr_hash_set(creds_hash, SVN_AUTH__AUTHFILE_PASSTYPE_KEY,
                           APR_HASH_KEY_STRING,
                           svn_string_create(passtype, pool));
            }
        }
      else
        *saved = FALSE;
    }

  if (password_stored)
    {
      err = svn_config_write_auth_data(creds_hash, SVN_AUTH_CRED_SIMPLE,
                                       realmstring, config_dir, pool);
      svn_error_clear(err);
      *saved = ! err;
    }

  return SVN_NO_ERROR;
}

/* Get cached (unencrypted) credentials from the simple provider's cache. */
static svn_error_t *
simple_first_creds(void **credentials,
                   void **iter_baton,
                   void *provider_baton,