GME
13
|
Subversion's authentication system. More...
Go to the source code of this file.
Subversion's authentication system.
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. ====================================================================
Definition in file svn_auth.h.
#define SVN_AUTH_PARAM_GNOME_KEYRING_UNLOCK_PROMPT_BATON "gnome-keyring-unlock-prompt-baton" |
The baton which is passed to *SVN_AUTH_PARAM_GNOME_KEYRING_UNLOCK_PROMPT_FUNC
.
Definition at line 997 of file svn_auth.h.
#define SVN_AUTH_PARAM_GNOME_KEYRING_UNLOCK_PROMPT_FUNC "gnome-keyring-unlock-prompt-func" |
The pointer to function which prompts user for GNOME Keyring password. The type of this pointer should be svn_auth_gnome_keyring_unlock_prompt_func_t.
libsvn_auth_gnome_keyring-specific run-time parameters.
Definition at line 993 of file svn_auth.h.
typedef svn_error_t*(* svn_auth_gnome_keyring_unlock_prompt_func_t)(char **keyring_password, const char *keyring_name, void *baton, apr_pool_t *pool) |
A type of callback function for obtaining the GNOME Keyring password.
In this callback, the client should ask the user for default keyring keyring_name password.
The answer is returned in *keyring_password. baton is an implementation-specific closure. All allocations should be done in pool.
Definition at line 981 of file svn_auth.h.
void svn_auth_get_gnome_keyring_simple_provider | ( | svn_auth_provider_object_t ** | provider, |
apr_pool_t * | pool | ||
) |
Set *provider to an authentication provider of type svn_auth_cred_simple_t
that gets/sets information from the user's ~/.subversion configuration directory.
This is like svn_client_get_simple_provider(), except that the password is stored in GNOME Keyring.
If the GNOME Keyring is locked the provider calls *SVN_AUTH_PARAM_GNOME_KEYRING_UNLOCK_PROMPT_FUNC
in order to unlock the keyring.
SVN_AUTH_PARAM_GNOME_KEYRING_UNLOCK_PROMPT_BATON
is passed to *SVN_AUTH_PARAM_GNOME_KEYRING_UNLOCK_PROMPT_FUNC
.
Allocate *provider in pool.
void svn_auth_get_gnome_keyring_ssl_client_cert_pw_provider | ( | svn_auth_provider_object_t ** | provider, |
apr_pool_t * | pool | ||
) |
Set *provider to an authentication provider of type svn_auth_cred_ssl_client_cert_pw_t
that gets/sets information from the user's ~/.subversion configuration directory.
This is like svn_client_get_ssl_client_cert_pw_file_provider(), except that the password is stored in GNOME Keyring.
If the GNOME Keyring is locked the provider calls *SVN_AUTH_PARAM_GNOME_KEYRING_UNLOCK_PROMPT_FUNC
in order to unlock the keyring.
SVN_AUTH_PARAM_GNOME_KEYRING_UNLOCK_PROMPT_BATON
is passed to *SVN_AUTH_PARAM_GNOME_KEYRING_UNLOCK_PROMPT_FUNC
.
Allocate *provider in pool.
void svn_auth_get_gpg_agent_simple_provider | ( | svn_auth_provider_object_t ** | provider, |
apr_pool_t * | pool | ||
) |
Set *provider to an authentication provider of type svn_auth_cred_simple_t
that gets/sets information from the user's ~/.subversion configuration directory.
This is like svn_client_get_simple_provider(), except that the password is obtained from gpg_agent, which will keep it in a memory cache.
Allocate *provider in pool.
void svn_auth_get_kwallet_simple_provider | ( | svn_auth_provider_object_t ** | provider, |
apr_pool_t * | pool | ||
) |
Set *provider to an authentication provider of type svn_auth_cred_simple_t
that gets/sets information from the user's ~/.subversion configuration directory. Allocate *provider in pool.
This is like svn_client_get_simple_provider(), except that the password is stored in KWallet.
void svn_auth_get_kwallet_ssl_client_cert_pw_provider | ( | svn_auth_provider_object_t ** | provider, |
apr_pool_t * | pool | ||
) |
Set *provider to an authentication provider of type svn_auth_cred_ssl_client_cert_pw_t
that gets/sets information from the user's ~/.subversion configuration directory. Allocate *provider in pool.
This is like svn_client_get_ssl_client_cert_pw_file_provider(), except that the password is stored in KWallet.
svn_error_t* svn_auth_get_platform_specific_client_providers | ( | apr_array_header_t ** | providers, |
svn_config_t * | config, | ||
apr_pool_t * | pool | ||
) |
Set *providers to an array of svn_auth_provider_object_t *
objects. Only client authentication providers available for the current platform are returned. Order of the platform-specific authentication providers is determined by the 'password-stores' configuration option which is retrieved from config. config can be NULL.
Create and allocate *providers in pool.
Default order of the platform-specific authentication providers: 1. gnome-keyring 2. kwallet 3. keychain 4. gpg-agent 5. windows-cryptoapi
svn_error_t* svn_auth_get_platform_specific_provider | ( | svn_auth_provider_object_t ** | provider, |
const char * | provider_name, | ||
const char * | provider_type, | ||
apr_pool_t * | pool | ||
) |
Set *provider to an authentication provider of type svn_auth_provider_object_t
, or return NULL
if the provider is not available for the requested platform or the requested provider is unknown.
Valid provider_name values are: "gnome_keyring", "keychain", "kwallet", "gpg_agent", and "windows".
Valid provider_type values are: "simple", "ssl_client_cert_pw" and "ssl_server_trust".
Allocate *provider in pool.
What actually happens is we invoke the appropriate provider function to supply the provider, like so:
svn_auth_get_<name>_<type>_provider(provider, pool);
void svn_auth_get_simple_prompt_provider | ( | svn_auth_provider_object_t ** | provider, |
svn_auth_simple_prompt_func_t | prompt_func, | ||
void * | prompt_baton, | ||
int | retry_limit, | ||
apr_pool_t * | pool | ||
) |
Set *provider to an authentication provider of type svn_auth_cred_simple_t that gets information by prompting the user with prompt_func and prompt_baton. Allocate *provider in pool.
If both SVN_AUTH_PARAM_DEFAULT_USERNAME
and SVN_AUTH_PARAM_DEFAULT_PASSWORD
are defined as runtime parameters in the auth_baton
, then *provider will return the default arguments when svn_auth_first_credentials() is called. If svn_auth_first_credentials() fails, then *provider will re-prompt retry_limit times (via svn_auth_next_credentials()). For infinite retries, set retry_limit to value less than 0.
SVN_DEPRECATED void svn_auth_get_simple_provider | ( | svn_auth_provider_object_t ** | provider, |
apr_pool_t * | pool | ||
) |
Like svn_auth_get_simple_provider2, but without the ability to call the svn_auth_plaintext_prompt_func_t callback, and the provider always assumes that it is allowed to store the password in plaintext.
void svn_auth_get_simple_provider2 | ( | svn_auth_provider_object_t ** | provider, |
svn_auth_plaintext_prompt_func_t | plaintext_prompt_func, | ||
void * | prompt_baton, | ||
apr_pool_t * | pool | ||
) |
Set *provider to an authentication provider of type svn_auth_cred_simple_t
that gets/sets information from the user's ~/.subversion configuration directory.
If the provider is going to save the password unencrypted, it calls plaintext_prompt_func, passing prompt_baton, before saving the password.
If plaintext_prompt_func is NULL it is not called and the answer is assumed to be TRUE. This matches the deprecated behaviour of storing unencrypted passwords by default, and is only done this way for backward compatibility reasons. Client developers are highly encouraged to provide this callback to ensure their users are made aware of the fact that their password is going to be stored unencrypted. In the future, providers may default to not storing the password unencrypted if this callback is NULL.
Clients can however set the callback to NULL and set SVN_AUTH_PARAM_STORE_PLAINTEXT_PASSWORDS to SVN_CONFIG_FALSE or SVN_CONFIG_TRUE to enforce a certain behaviour.
Allocate *provider in pool.
If a default username or password is available, *provider will honor them as well, and return them when svn_auth_first_credentials() is called. (see SVN_AUTH_PARAM_DEFAULT_USERNAME
and SVN_AUTH_PARAM_DEFAULT_PASSWORD
).
void svn_auth_get_ssl_client_cert_file_provider | ( | svn_auth_provider_object_t ** | provider, |
apr_pool_t * | pool | ||
) |
Set *provider to an authentication provider of type svn_auth_cred_ssl_client_cert_t
, allocated in pool.
*provider retrieves its credentials from the configuration mechanism. The returned credential is used to load the appropriate client certificate for authentication when requested by a server.
void svn_auth_get_ssl_client_cert_prompt_provider | ( | svn_auth_provider_object_t ** | provider, |
svn_auth_ssl_client_cert_prompt_func_t | prompt_func, | ||
void * | prompt_baton, | ||
int | retry_limit, | ||
apr_pool_t * | pool | ||
) |
Set *provider to an authentication provider of type svn_auth_cred_ssl_client_cert_t
, allocated in pool.
*provider retrieves its credentials by using the prompt_func and prompt_baton. The returned credential is used to load the appropriate client certificate for authentication when requested by a server. The prompt will be retried retry_limit times. For infinite retries, set retry_limit to value less than 0.
SVN_DEPRECATED void svn_auth_get_ssl_client_cert_pw_file_provider | ( | svn_auth_provider_object_t ** | provider, |
apr_pool_t * | pool | ||
) |
Like svn_auth_get_ssl_client_cert_pw_file_provider2, but without the ability to call the svn_auth_plaintext_passphrase_prompt_func_t callback, and the provider always assumes that it is not allowed to store the passphrase in plaintext.
void svn_auth_get_ssl_client_cert_pw_file_provider2 | ( | svn_auth_provider_object_t ** | provider, |
svn_auth_plaintext_passphrase_prompt_func_t | plaintext_passphrase_prompt_func, | ||
void * | prompt_baton, | ||
apr_pool_t * | pool | ||
) |
Set *provider to an authentication provider of type svn_auth_cred_ssl_client_cert_pw_t
that gets/sets information from the user's ~/.subversion configuration directory.
If the provider is going to save the passphrase unencrypted, it calls plaintext_passphrase_prompt_func, passing prompt_baton, before saving the passphrase.
If plaintext_passphrase_prompt_func is NULL it is not called and the passphrase is not stored in plaintext. Client developers are highly encouraged to provide this callback to ensure their users are made aware of the fact that their passphrase is going to be stored unencrypted.
Clients can however set the callback to NULL and set SVN_AUTH_PARAM_STORE_SSL_CLIENT_CERT_PP_PLAINTEXT to SVN_CONFIG_FALSE or SVN_CONFIG_TRUE to enforce a certain behaviour.
Allocate *provider in pool.
void svn_auth_get_ssl_client_cert_pw_prompt_provider | ( | svn_auth_provider_object_t ** | provider, |
svn_auth_ssl_client_cert_pw_prompt_func_t | prompt_func, | ||
void * | prompt_baton, | ||
int | retry_limit, | ||
apr_pool_t * | pool | ||
) |
Set *provider to an authentication provider of type svn_auth_cred_ssl_client_cert_pw_t
, allocated in pool.
*provider retrieves its credentials by using the prompt_func and prompt_baton. The returned credential is used when a loaded client certificate is protected by a passphrase. The prompt will be retried retry_limit times. For infinite retries, set retry_limit to value less than 0.
void svn_auth_get_ssl_server_trust_file_provider | ( | svn_auth_provider_object_t ** | provider, |
apr_pool_t * | pool | ||
) |
Set *provider to an authentication provider of type svn_auth_cred_ssl_server_trust_t
, allocated in pool.
*provider retrieves its credentials from the configuration mechanism. The returned credential is used to override SSL security on an error.
void svn_auth_get_ssl_server_trust_prompt_provider | ( | svn_auth_provider_object_t ** | provider, |
svn_auth_ssl_server_trust_prompt_func_t | prompt_func, | ||
void * | prompt_baton, | ||
apr_pool_t * | pool | ||
) |
Set *provider to an authentication provider of type svn_auth_cred_ssl_server_trust_t
, allocated in pool.
*provider retrieves its credentials by using the prompt_func and prompt_baton. The returned credential is used to override SSL security on an error.
void svn_auth_get_username_prompt_provider | ( | svn_auth_provider_object_t ** | provider, |
svn_auth_username_prompt_func_t | prompt_func, | ||
void * | prompt_baton, | ||
int | retry_limit, | ||
apr_pool_t * | pool | ||
) |
Set *provider to an authentication provider of type svn_auth_cred_username_t
that gets information by prompting the user with prompt_func and prompt_baton. Allocate *provider in pool.
If SVN_AUTH_PARAM_DEFAULT_USERNAME
is defined as a runtime parameter in the auth_baton
, then *provider will return the default argument when svn_auth_first_credentials() is called. If svn_auth_first_credentials() fails, then *provider will re-prompt retry_limit times (via svn_auth_next_credentials()). For infinite retries, set retry_limit to value less than 0.
void svn_auth_get_username_provider | ( | svn_auth_provider_object_t ** | provider, |
apr_pool_t * | pool | ||
) |
Set *provider to an authentication provider of type svn_auth_cred_username_t
that gets/sets information from a user's ~/.subversion configuration directory. Allocate *provider in pool.
If a default username is available, *provider will honor it, and return it when svn_auth_first_credentials() is called. (See SVN_AUTH_PARAM_DEFAULT_USERNAME
.)
const svn_version_t* svn_auth_gnome_keyring_version | ( | void | ) |
Get libsvn_auth_gnome_keyring version information.
const svn_version_t* svn_auth_kwallet_version | ( | void | ) |
Get libsvn_auth_kwallet version information.