/* * simple_providers.c: providers for SVN_AUTH_CRED_SIMPLE * * ==================================================================== * Copyright (c) 2003-2006, 2008 CollabNet. All rights reserved. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms * are also available at http://subversion.tigris.org/license-1.html. * If newer versions of this license are posted there, you may use a * newer version instead, at your option. * * This software consists of voluntary contributions made by many * individuals. For exact contribution history, see the revision * history and logs, available at http://subversion.tigris.org/. * ==================================================================== */ /* ==================================================================== */ /*** Includes. ***/ #include #include "svn_auth.h" #include "svn_error.h" #include "svn_utf.h" #include "svn_config.h" #include "svn_user.h" #include "private/svn_auth_private.h" #include "svn_private_config.h" /*-----------------------------------------------------------------------*/ /* File provider */ /*-----------------------------------------------------------------------*/ /* The keys that will be stored on disk. These serve the same role as similar constants in other providers. */ #define AUTHN_USERNAME_KEY "username" #define AUTHN_PASSWORD_KEY "password" #define AUTHN_PASSTYPE_KEY "passtype" /* Baton type for the simple provider. */ typedef struct { svn_auth_plaintext_prompt_func_t plaintext_prompt_func; void *prompt_baton; /* We cache the user's answer to the plaintext prompt, keyed * by realm, in case we'll be called multiple times for the * same realm. */ apr_hash_t *plaintext_answers; } simple_provider_baton_t; /* Implementation of svn_auth__password_get_t that retrieves the plaintext password from CREDS. */ svn_boolean_t svn_auth__simple_password_get(const char **password, apr_hash_t *creds, const char *realmstring, const char *username, apr_hash_t *parameters, svn_boolean_t non_interactive, apr_pool_t *pool) { svn_string_t *str; str = apr_hash_get(creds, AUTHN_USERNAME_KEY, APR_HASH_KEY_STRING); if (str && username && strcmp(str->data, username) == 0) { str = apr_hash_get(creds, AUTHN_PASSWORD_KEY, APR_HASH_KEY_STRING); if (str && str->data) { *password = str->data; return TRUE; } } return FALSE; } /* Implementation of svn_auth__password_set_t that stores the plaintext password in CREDS. */ svn_boolean_t svn_auth__simple_password_set(apr_hash_t *creds, const char *realmstring, const char *username, const char *password, apr_hash_t *parameters, svn_boolean_t non_interactive, apr_pool_t *pool) { apr_hash_set(creds, AUTHN_PASSWORD_KEY, APR_HASH_KEY_STRING, svn_string_create(password, pool)); return TRUE; } /* Set **USERNAME to the username retrieved from CREDS; ignore other parameters. *USERNAME will have the same lifetime as CREDS. */ static svn_boolean_t simple_username_get(const char **username, apr_hash_t *creds, const char *realmstring, svn_boolean_t non_interactive) { svn_string_t *str; str = apr_hash_get(creds, AUTHN_USERNAME_KEY, APR_HASH_KEY_STRING); if (str && str->data) { *username = str->data; return TRUE; } return FALSE; } /* Common implementation for simple_first_creds. Uses PARAMETERS, REALMSTRING and the simple auth provider's username and password cache to fill a set of CREDENTIALS. PASSWORD_GET is used to obtain the password value. PASSTYPE identifies the type of the cached password. CREDENTIALS are allocated from POOL. */ svn_error_t * svn_auth__simple_first_creds_helper(void **credentials, void **iter_baton, void *provider_baton, apr_hash_t *parameters, const char *realmstring, svn_auth__password_get_t password_get, const char *passtype, apr_pool_t *pool) { const char *config_dir = apr_hash_get(parameters, SVN_AUTH_PARAM_CONFIG_DIR, APR_HASH_KEY_STRING); svn_config_t *cfg = apr_hash_get(parameters, SVN_AUTH_PARAM_CONFIG_CATEGORY_SERVERS, APR_HASH_KEY_STRING); const char *server_group = apr_hash_get(parameters, SVN_AUTH_PARAM_SERVER_GROUP, APR_HASH_KEY_STRING); const char *username = apr_hash_get(parameters, SVN_AUTH_PARAM_DEFAULT_USERNAME, APR_HASH_KEY_STRING); const char *password = apr_hash_get(parameters, SVN_AUTH_PARAM_DEFAULT_PASSWORD, APR_HASH_KEY_STRING); svn_boolean_t non_interactive = apr_hash_get(parameters, SVN_AUTH_PARAM_NON_INTERACTIVE, APR_HASH_KEY_STRING) != NULL; const char *default_username = NULL; /* Default username from cache. */ const char *default_password = NULL; /* Default password from cache. */ /* This checks if we should save the CREDS, iff saving the credentials is allowed by the run-time configuration. */ svn_boolean_t need_to_save = FALSE; apr_hash_t *creds_hash = NULL; svn_error_t *err; svn_string_t *str; svn_boolean_t have_passtype = FALSE; /* Try to load credentials from a file on disk, based on the realmstring. Don't throw an error, though: if something went wrong reading the file, no big deal. What really matters is that we failed to get the creds, so allow the auth system to try the next provider. */ err = svn_config_read_auth_data(&creds_hash, SVN_AUTH_CRED_SIMPLE, realmstring, config_dir, pool); if (err) { svn_error_clear(err); err = NULL; } else if (creds_hash) { /* We have something in the auth cache for this realm. */ /* The password type in the auth data must match the mangler's type, otherwise the password must be interpreted by another provider. */ str = apr_hash_get(creds_hash, AUTHN_PASSTYPE_KEY, APR_HASH_KEY_STRING); if (str && str->data) if (passtype && (0 == strcmp(str->data, passtype))) have_passtype = TRUE; /* See if we need to save this username if it is not present in auth cache. */ if (username) { if (!simple_username_get(&default_username, creds_hash, realmstring, non_interactive)) { need_to_save = TRUE; } else { if (0 == strcmp(default_username, username)) need_to_save = FALSE; else need_to_save = TRUE; } } /* See if we need to save this password if it is not present in auth cache. */ if (password) { if (have_passtype) { if (!password_get(&default_password, creds_hash, realmstring, username, parameters, non_interactive, pool)) { need_to_save = TRUE; } else { if (0 == strcmp(default_password, password)) need_to_save = FALSE; else need_to_save = TRUE; } } } /* If we don't have a username and a password yet, we try the auth cache */ if (! (username && password)) { if (! username) if (!simple_username_get(&username, creds_hash, realmstring, non_interactive)) username = NULL; if (username && ! password) { if (! have_passtype) password = NULL; else { if (!password_get(&password, creds_hash, realmstring, username, parameters, non_interactive, pool)) password = NULL; /* If the auth data didn't contain a password type, force a write to upgrade the format of the auth data file. */ if (password && ! have_passtype) need_to_save = TRUE; } } } } else { /* Nothing was present in the auth cache, so indicate that these credentials should be saved. */ need_to_save = TRUE; } /* If we don't have a username yet, check the 'servers' file */ if (! username) { username = svn_config_get_server_setting(cfg, server_group, SVN_CONFIG_OPTION_USERNAME, NULL); } /* Ask the OS for the username if we have a password but no username. */ if (password && ! username) username = svn_user_get_name(pool); if (username && password) { svn_auth_cred_simple_t *creds = apr_pcalloc(pool, sizeof(*creds)); creds->username = username; creds->password = password; creds->may_save = need_to_save; *credentials = creds; } else *credentials = NULL; *iter_baton = NULL; return SVN_NO_ERROR; } /* Common implementation for simple_save_creds. Uses PARAMETERS and REALMSTRING to save a set of CREDENTIALS to the simple auth provider's username and password cache. PASSWORD_SET is used to store the password. PASSTYPE identifies the type of the cached password. Allocates from POOL. */ svn_error_t * svn_auth__simple_save_creds_helper(svn_boolean_t *saved, void *credentials, void *provider_baton, apr_hash_t *parameters, const char *realmstring, svn_auth__password_set_t password_set, const char *passtype, apr_pool_t *pool) { svn_auth_cred_simple_t *creds = credentials; apr_hash_t *creds_hash = NULL; const char *config_dir; svn_error_t *err; svn_boolean_t dont_store_passwords = apr_hash_get(parameters, SVN_AUTH_PARAM_DONT_STORE_PASSWORDS, APR_HASH_KEY_STRING) != NULL; const char *store_plaintext_passwords = apr_hash_get(parameters, SVN_AUTH_PARAM_STORE_PLAINTEXT_PASSWORDS, APR_HASH_KEY_STRING); svn_boolean_t non_interactive = apr_hash_get(parameters, SVN_AUTH_PARAM_NON_INTERACTIVE, APR_HASH_KEY_STRING) != NULL; simple_provider_baton_t *b = (simple_provider_baton_t *)provider_baton; svn_boolean_t no_auth_cache = (! creds->may_save) || (apr_hash_get(parameters, SVN_AUTH_PARAM_NO_AUTH_CACHE, APR_HASH_KEY_STRING) != NULL); /* Make sure we've been passed a passtype. */ SVN_ERR_ASSERT(passtype != NULL); *saved = FALSE; if (no_auth_cache) return SVN_NO_ERROR; config_dir = apr_hash_get(parameters, SVN_AUTH_PARAM_CONFIG_DIR, APR_HASH_KEY_STRING); /* Put the username into the credentials hash. */ creds_hash = apr_hash_make(pool); apr_hash_set(creds_hash, AUTHN_USERNAME_KEY, APR_HASH_KEY_STRING, svn_string_create(creds->username, pool)); /* Don't store passwords in any form if the user has told * us not to do so. */ if (! dont_store_passwords) { svn_boolean_t may_save_password = FALSE; /* If the password is going to be stored encrypted, go right * ahead and store it to disk. Else determine whether saving * in plaintext is OK. */ if (passtype && (strcmp(passtype, SVN_AUTH__WINCRYPT_PASSWORD_TYPE) == 0 || strcmp(passtype, SVN_AUTH__KEYCHAIN_PASSWORD_TYPE) == 0 || strcmp(passtype, SVN_AUTH__KWALLET_PASSWORD_TYPE) == 0 || strcmp(passtype, SVN_AUTH__GNOME_KEYRING_PASSWORD_TYPE) == 0) ) { may_save_password = TRUE; } else { if (svn_cstring_casecmp(store_plaintext_passwords, SVN_CONFIG_ASK) == 0) { if (non_interactive) /* In non-interactive mode, the default behaviour is * to not store the password, because it is usually * passed on the command line. */ may_save_password = FALSE; else if (b->plaintext_prompt_func) { /* We're interactive, and the client provided a * prompt callback. So we can ask the user. * * Check for a cached answer before prompting. */ svn_boolean_t *cached_answer; cached_answer = apr_hash_get(b->plaintext_answers, realmstring, APR_HASH_KEY_STRING); if (cached_answer != NULL) may_save_password = *cached_answer; else { apr_pool_t *cached_answer_pool; /* Nothing cached for this realm, prompt the user. */ SVN_ERR((*b->plaintext_prompt_func)(&may_save_password, realmstring, b->prompt_baton, pool)); /* Cache the user's answer in case we're called again * for the same realm. * * We allocate the answer cache in the hash table's pool * to make sure that is has the same life time as the * hash table itself. This means that the answer will * survive across RA sessions -- which is important, * because otherwise we'd prompt users once per RA session. */ cached_answer_pool = apr_hash_pool_get(b->plaintext_answers); cached_answer = apr_palloc(cached_answer_pool, sizeof(svn_boolean_t)); *cached_answer = may_save_password; apr_hash_set(b->plaintext_answers, realmstring, APR_HASH_KEY_STRING, cached_answer); } } else { /* TODO: We might want to default to not storing if the * prompt callback is NULL, i.e. have may_save_password * default to FALSE here, in order to force clients to * implement the callback. * * This would change the semantics of old API though. * * So for now, clients that don't implement the callback * and provide no explicit value for * SVN_AUTH_PARAM_STORE_PLAINTEXT_PASSWORDS * cause unencrypted passwords to be stored by default. * Needless to say, our own client is sane, but who knows * what other clients are doing. */ may_save_password = TRUE; } } else if (svn_cstring_casecmp(store_plaintext_passwords, SVN_CONFIG_FALSE) == 0) { may_save_password = FALSE; } else if (svn_cstring_casecmp(store_plaintext_passwords, SVN_CONFIG_TRUE) == 0) { may_save_password = TRUE; } else { return svn_error_createf (SVN_ERR_BAD_CONFIG_VALUE, NULL, _("Config error: invalid value '%s' for option '%s'"), store_plaintext_passwords, SVN_AUTH_PARAM_STORE_PLAINTEXT_PASSWORDS); } } if (may_save_password) { *saved = password_set(creds_hash, realmstring, creds->username, creds->password, parameters, non_interactive, pool); if (*saved && passtype) /* Store the password type with the auth data, so that we know which provider owns the password. */ apr_hash_set(creds_hash, AUTHN_PASSTYPE_KEY, APR_HASH_KEY_STRING, svn_string_create(passtype, pool)); } } /* Save credentials to disk. */ err = svn_config_write_auth_data(creds_hash, SVN_AUTH_CRED_SIMPLE, realmstring, config_dir, pool); svn_error_clear(err); return SVN_NO_ERROR; } /* Get cached (unencrypted) credentials from the simple provider's cache. */ static svn_error_t * simple_first_creds(void **credentials, void **iter_baton, void *provider_baton, apr_hash_t *parameters, const char *realmstring, apr_pool_t *pool) { return svn_auth__simple_first_creds_helper(credentials, iter_baton, provider_baton, parameters, realmstring, svn_auth__simple_password_get, SVN_AUTH__SIMPLE_PASSWORD_TYPE, pool); } /* Save (unencrypted) credentials to the simple provider's cache. */ static svn_error_t * simple_save_creds(svn_boolean_t *saved, void *credentials, void *provider_baton, apr_hash_t *parameters, const char *realmstring, apr_pool_t *pool) { return svn_auth__simple_save_creds_helper(saved, credentials, provider_baton, parameters, realmstring, svn_auth__simple_password_set, SVN_AUTH__SIMPLE_PASSWORD_TYPE, pool); } static const svn_auth_provider_t simple_provider = { SVN_AUTH_CRED_SIMPLE, simple_first_creds, NULL, simple_save_creds }; /* Public API */ void svn_auth_get_simple_provider2 (svn_auth_provider_object_t **provider, svn_auth_plaintext_prompt_func_t plaintext_prompt_func, void* prompt_baton, apr_pool_t *pool) { svn_auth_provider_object_t *po = apr_pcalloc(pool, sizeof(*po)); simple_provider_baton_t *pb = apr_pcalloc(pool, sizeof(*pb)); pb->plaintext_prompt_func = plaintext_prompt_func; pb->prompt_baton = prompt_baton; pb->plaintext_answers = apr_hash_make(pool); po->vtable = &simple_provider; po->provider_baton = pb; *provider = po; } /*-----------------------------------------------------------------------*/ /* Prompt provider */ /*-----------------------------------------------------------------------*/ /* Baton type for username/password prompting. */ typedef struct { svn_auth_simple_prompt_func_t prompt_func; void *prompt_baton; /* how many times to re-prompt after the first one fails */ int retry_limit; } simple_prompt_provider_baton_t; /* Iteration baton type for username/password prompting. */ typedef struct { /* how many times we've reprompted */ int retries; } simple_prompt_iter_baton_t; /*** Helper Functions ***/ static svn_error_t * prompt_for_simple_creds(svn_auth_cred_simple_t **cred_p, simple_prompt_provider_baton_t *pb, apr_hash_t *parameters, const char *realmstring, svn_boolean_t first_time, svn_boolean_t may_save, apr_pool_t *pool) { const char *default_username = NULL; const char *default_password = NULL; *cred_p = NULL; /* If we're allowed to check for default usernames and passwords, do so. */ if (first_time) { default_username = apr_hash_get(parameters, SVN_AUTH_PARAM_DEFAULT_USERNAME, APR_HASH_KEY_STRING); /* No default username? Try the auth cache. */ if (! default_username) { const char *config_dir = apr_hash_get(parameters, SVN_AUTH_PARAM_CONFIG_DIR, APR_HASH_KEY_STRING); apr_hash_t *creds_hash = NULL; svn_string_t *str; svn_error_t *err; err = svn_config_read_auth_data(&creds_hash, SVN_AUTH_CRED_SIMPLE, realmstring, config_dir, pool); svn_error_clear(err); if (! err && creds_hash) { str = apr_hash_get(creds_hash, AUTHN_USERNAME_KEY, APR_HASH_KEY_STRING); if (str && str->data) default_username = str->data; } } /* Still no default username? Try the 'servers' file. */ if (! default_username) { svn_config_t *cfg = apr_hash_get(parameters, SVN_AUTH_PARAM_CONFIG_CATEGORY_SERVERS, APR_HASH_KEY_STRING); const char *server_group = apr_hash_get(parameters, SVN_AUTH_PARAM_SERVER_GROUP, APR_HASH_KEY_STRING); default_username = svn_config_get_server_setting(cfg, server_group, SVN_CONFIG_OPTION_USERNAME, NULL); } /* Still no default username? Try the UID. */ if (! default_username) default_username = svn_user_get_name(pool); default_password = apr_hash_get(parameters, SVN_AUTH_PARAM_DEFAULT_PASSWORD, APR_HASH_KEY_STRING); } /* If we have defaults, just build the cred here and return it. * * ### I do wonder why this is here instead of in a separate * ### 'defaults' provider that would run before the prompt * ### provider... Hmmm. */ if (default_username && default_password) { *cred_p = apr_palloc(pool, sizeof(**cred_p)); (*cred_p)->username = apr_pstrdup(pool, default_username); (*cred_p)->password = apr_pstrdup(pool, default_password); (*cred_p)->may_save = TRUE; } else { SVN_ERR(pb->prompt_func(cred_p, pb->prompt_baton, realmstring, default_username, may_save, pool)); } return SVN_NO_ERROR; } /* Our first attempt will use any default username/password passed in, and prompt for the remaining stuff. */ static svn_error_t * simple_prompt_first_creds(void **credentials_p, void **iter_baton, void *provider_baton, apr_hash_t *parameters, const char *realmstring, apr_pool_t *pool) { simple_prompt_provider_baton_t *pb = provider_baton; simple_prompt_iter_baton_t *ibaton = apr_pcalloc(pool, sizeof(*ibaton)); const char *no_auth_cache = apr_hash_get(parameters, SVN_AUTH_PARAM_NO_AUTH_CACHE, APR_HASH_KEY_STRING); SVN_ERR(prompt_for_simple_creds((svn_auth_cred_simple_t **) credentials_p, pb, parameters, realmstring, TRUE, ! no_auth_cache, pool)); ibaton->retries = 0; *iter_baton = ibaton; return SVN_NO_ERROR; } /* Subsequent attempts to fetch will ignore the default values, and simply re-prompt for both, up to a maximum of ib->pb->retry_limit. */ static svn_error_t * simple_prompt_next_creds(void **credentials_p, void *iter_baton, void *provider_baton, apr_hash_t *parameters, const char *realmstring, apr_pool_t *pool) { simple_prompt_iter_baton_t *ib = iter_baton; simple_prompt_provider_baton_t *pb = provider_baton; const char *no_auth_cache = apr_hash_get(parameters, SVN_AUTH_PARAM_NO_AUTH_CACHE, APR_HASH_KEY_STRING); if ((pb->retry_limit >= 0) && (ib->retries >= pb->retry_limit)) { /* give up, go on to next provider. */ *credentials_p = NULL; return SVN_NO_ERROR; } ib->retries++; return prompt_for_simple_creds((svn_auth_cred_simple_t **) credentials_p, pb, parameters, realmstring, FALSE, ! no_auth_cache, pool); } static const svn_auth_provider_t simple_prompt_provider = { SVN_AUTH_CRED_SIMPLE, simple_prompt_first_creds, simple_prompt_next_creds, NULL, }; /* Public API */ void svn_auth_get_simple_prompt_provider (svn_auth_provider_object_t **provider, svn_auth_simple_prompt_func_t prompt_func, void *prompt_baton, int retry_limit, apr_pool_t *pool) { svn_auth_provider_object_t *po = apr_pcalloc(pool, sizeof(*po)); simple_prompt_provider_baton_t *pb = apr_pcalloc(pool, sizeof(*pb)); pb->prompt_func = prompt_func; pb->prompt_baton = prompt_baton; pb->retry_limit = retry_limit; po->vtable = &simple_prompt_provider; po->provider_baton = pb; *provider = po; }