Imported from /home/lorry/working-area/delta_subversion-tarball/subversion-1.8.13.tar.gz.subversion-1.8.13

1 files changed, 135 insertions, 73 deletions

diff --git a/subversion/include/private/svn_auth_private.h b/subversion/include/private/svn_auth_private.h
index a2088e5..6c32688 100644
--- a/subversion/include/private/svn_auth_private.h
+++ b/subversion/include/private/svn_auth_private.h
@@ -37,6 +37,24 @@
 extern "C" {
 #endif /* __cplusplus */
 
+/** SSL server authority verification credential type.
+ *
+ * The followin auth parameters are available to the providers:
+ *
+ * - @c SVN_AUTH_PARAM_SSL_SERVER_FAILURES (@c apr_uint32_t*)
+ * - @c SVN_AUTH_PARAM_SSL_SERVER_CERT_INFO
+ *      (@c svn_auth_ssl_server_cert_info_t*)
+ *
+ * The following optional auth parameters are relevant to the providers:
+ *
+ * - @c SVN_AUTH_PARAM_NO_AUTH_CACHE (@c void*)
+ *
+ * @since New in 1.9.
+ */
+#define SVN_AUTH_CRED_SSL_SERVER_AUTHORITY "svn.ssl.server.authority"
+
+
+
 /* If you add a password type for a provider which stores
  * passwords on disk in encrypted form, remember to update
  * svn_auth__simple_save_creds_helper. Otherwise it will be
@@ -46,15 +64,19 @@ extern "C" {
 #define SVN_AUTH__KEYCHAIN_PASSWORD_TYPE           "keychain"
 #define SVN_AUTH__KWALLET_PASSWORD_TYPE            "kwallet"
 #define SVN_AUTH__GNOME_KEYRING_PASSWORD_TYPE      "gnome-keyring"
+#define SVN_AUTH__GPG_AGENT_PASSWORD_TYPE          "gpg-agent"
 
 /* A function that stores in *PASSWORD (potentially after decrypting it)
    the user's password.  It might be obtained directly from CREDS, or
    from an external store, using REALMSTRING and USERNAME as keys.
    (The behavior is undefined if REALMSTRING or USERNAME are NULL.)
    If NON_INTERACTIVE is set, the user must not be involved in the
-   retrieval process.  POOL is used for any necessary allocation. */
-typedef svn_boolean_t (*svn_auth__password_get_t)
-  (const char **password,
+   retrieval process.  Set *DONE to TRUE if a password was stored
+   in *PASSWORD, to FALSE otherwise. POOL is used for any necessary
+   allocation. */
+typedef svn_error_t * (*svn_auth__password_get_t)
+  (svn_boolean_t *done,
+   const char **password,
    apr_hash_t *creds,
    const char *realmstring,
    const char *username,
@@ -65,10 +87,12 @@ typedef svn_boolean_t (*svn_auth__password_get_t)
 /* A function that stores PASSWORD (or some encrypted version thereof)
    either directly in CREDS, or externally using REALMSTRING and USERNAME
    as keys into the external store.  If NON_INTERACTIVE is set, the user
-   must not be involved in the storage process.  POOL is used for any
-   necessary allocation. */
-typedef svn_boolean_t (*svn_auth__password_set_t)
-  (apr_hash_t *creds,
+   must not be involved in the storage process. Set *DONE to TRUE if the
+   password was store, to FALSE otherwise. POOL is used for any necessary
+   allocation. */
+typedef svn_error_t * (*svn_auth__password_set_t)
+  (svn_boolean_t *done,
+   apr_hash_t *creds,
    const char *realmstring,
    const char *username,
    const char *password,
@@ -76,42 +100,52 @@ typedef svn_boolean_t (*svn_auth__password_set_t)
    svn_boolean_t non_interactive,
    apr_pool_t *pool);
 
-/* Common implementation for simple_first_creds and
-   windows_simple_first_creds. Uses PARAMETERS, REALMSTRING and the
-   simple auth provider's username and password cache to fill a set of
-   CREDENTIALS. PASSWORD_GET is used to obtain the password value.
-   PASSTYPE identifies the type of the cached password. CREDENTIALS are
-   allocated from POOL. */
+/* Use PARAMETERS and REALMSTRING to set *CREDENTIALS to a set of
+   pre-cached authentication credentials pulled from the simple
+   credential cache store identified by PASSTYPE.  PASSWORD_GET is
+   used to obtain the password value.  Allocate *CREDENTIALS from
+   POOL.
+
+   NOTE:  This function is a common implementation of code used by
+   several of the simple credential providers (the default disk cache
+   mechanism, Windows CryptoAPI, GNOME Keyring, etc.), typically in
+   their "first_creds" implementation.  */
 svn_error_t *
-svn_auth__simple_first_creds_helper(void **credentials,
-                                    void **iter_baton,
-                                    void *provider_baton,
-                                    apr_hash_t *parameters,
-                                    const char *realmstring,
-                                    svn_auth__password_get_t password_get,
-                                    const char *passtype,
-                                    apr_pool_t *pool);
-
-/* Common implementation for simple_save_creds and
-   windows_simple_save_creds. Uses PARAMETERS and REALMSTRING to save
-   a set of CREDENTIALS to the simple auth provider's username and
-   password cache. PASSWORD_SET is used to store the password.
-   PASSTYPE identifies the type of the cached password. Allocates from POOL. */
+svn_auth__simple_creds_cache_get(void **credentials,
+                                 void **iter_baton,
+                                 void *provider_baton,
+                                 apr_hash_t *parameters,
+                                 const char *realmstring,
+                                 svn_auth__password_get_t password_get,
+                                 const char *passtype,
+                                 apr_pool_t *pool);
+
+/* Use PARAMETERS and REALMSTRING to save CREDENTIALS in the simple
+   credential cache store identified by PASSTYPE.  PASSWORD_SET is
+   used to do the actual storage.  Use POOL for necessary allocations.
+   Set *SAVED according to whether or not the credentials were
+   successfully stored.
+
+   NOTE:  This function is a common implementation of code used by
+   several of the simple credential providers (the default disk cache
+   mechanism, Windows CryptoAPI, GNOME Keyring, etc.) typically in
+   their "save_creds" implementation.  */
 svn_error_t *
-svn_auth__simple_save_creds_helper(svn_boolean_t *saved,
-                                   void *credentials,
-                                   void *provider_baton,
-                                   apr_hash_t *parameters,
-                                   const char *realmstring,
-                                   svn_auth__password_set_t password_set,
-                                   const char *passtype,
-                                   apr_pool_t *pool);
+svn_auth__simple_creds_cache_set(svn_boolean_t *saved,
+                                 void *credentials,
+                                 void *provider_baton,
+                                 apr_hash_t *parameters,
+                                 const char *realmstring,
+                                 svn_auth__password_set_t password_set,
+                                 const char *passtype,
+                                 apr_pool_t *pool);
 
 /* Implementation of svn_auth__password_get_t that retrieves
    the plaintext password from CREDS when USERNAME matches the stored
    credentials. */
-svn_boolean_t
-svn_auth__simple_password_get(const char **password,
+svn_error_t *
+svn_auth__simple_password_get(svn_boolean_t *done,
+                              const char **password,
                               apr_hash_t *creds,
                               const char *realmstring,
                               const char *username,
@@ -121,8 +155,9 @@ svn_auth__simple_password_get(const char **password,
 
 /* Implementation of svn_auth__password_set_t that stores
    the plaintext password in CREDS. */
-svn_boolean_t
-svn_auth__simple_password_set(apr_hash_t *creds,
+svn_error_t *
+svn_auth__simple_password_set(svn_boolean_t *done,
+                              apr_hash_t *creds,
                               const char *realmstring,
                               const char *username,
                               const char *password,
@@ -131,45 +166,52 @@ svn_auth__simple_password_set(apr_hash_t *creds,
                               apr_pool_t *pool);
 
 
-/* Common implementation for ssl_client_cert_pw_file_first_credentials.
-   Uses PARAMETERS, REALMSTRING and the ssl client passphrase auth provider's
-   passphrase cache to fill the CREDENTIALS. PASSPHRASE_GET is used to obtain
-   the passphrase value. PASSTYPE identifies the type of the cached passphrase.
-   CREDENTIALS are allocated from POOL. */
-svn_error_t *
-svn_auth__ssl_client_cert_pw_file_first_creds_helper
-  (void **credentials,
-   void **iter_baton,
-   void *provider_baton,
-   apr_hash_t *parameters,
-   const char *realmstring,
-   svn_auth__password_get_t passphrase_get,
-   const char *passtype,
-   apr_pool_t *pool);
+/* Use PARAMETERS and REALMSTRING to set *CREDENTIALS to a set of
+   pre-cached authentication credentials pulled from the SSL client
+   certificate passphrase credential cache store identified by
+   PASSTYPE.  PASSPHRASE_GET is used to obtain the passphrase value.
+   Allocate *CREDENTIALS from POOL.
 
-/* Common implementation for ssl_client_cert_pw_file_save_credentials and
-   windows_ssl_client_cert_pw_file_save_credentials. Uses PARAMETERS and
-   REALMSTRING to save a set of CREDENTIALS to the ssl client cert auth
-   provider's passphrase cache. PASSPHRASE_SET is used to store the
-   passphrase. PASSTYPE identifies the type of the cached passphrase.
-   Allocates from POOL. */
+   NOTE:  This function is a common implementation of code used by
+   several of the ssl client passphrase credential providers (the
+   default disk cache mechanism, Windows CryptoAPI, GNOME Keyring,
+   etc.), typically in their "first_creds" implementation.  */
 svn_error_t *
-svn_auth__ssl_client_cert_pw_file_save_creds_helper
-  (svn_boolean_t *saved,
-   void *credentials,
-   void *provider_baton,
-   apr_hash_t *parameters,
-   const char *realmstring,
-   svn_auth__password_set_t passphrase_set,
-   const char *passtype,
-   apr_pool_t *pool);
+svn_auth__ssl_client_cert_pw_cache_get(void **credentials,
+                                       void **iter_baton,
+                                       void *provider_baton,
+                                       apr_hash_t *parameters,
+                                       const char *realmstring,
+                                       svn_auth__password_get_t passphrase_get,
+                                       const char *passtype,
+                                       apr_pool_t *pool);
+
+/* Use PARAMETERS and REALMSTRING to save CREDENTIALS in the SSL
+   client certificate passphrase credential cache store identified by
+   PASSTYPE.  PASSPHRASE_SET is used to do the actual storage.  Use
+   POOL for necessary allocations.  Set *SAVED according to whether or
+   not the credentials were successfully stored.
 
+   NOTE:  This function is a common implementation of code used by
+   several of the simple credential providers (the default disk cache
+   mechanism, Windows CryptoAPI, GNOME Keyring, etc.) typically in
+   their "save_creds" implementation.  */
+svn_error_t *
+svn_auth__ssl_client_cert_pw_cache_set(svn_boolean_t *saved,
+                                       void *credentials,
+                                       void *provider_baton,
+                                       apr_hash_t *parameters,
+                                       const char *realmstring,
+                                       svn_auth__password_set_t passphrase_set,
+                                       const char *passtype,
+                                       apr_pool_t *pool);
 
 /* This implements the svn_auth__password_get_t interface.
    Set **PASSPHRASE to the plaintext passphrase retrieved from CREDS;
    ignore other parameters. */
-svn_boolean_t
-svn_auth__ssl_client_cert_pw_get(const char **passphrase,
+svn_error_t *
+svn_auth__ssl_client_cert_pw_get(svn_boolean_t *done,
+                                 const char **passphrase,
                                  apr_hash_t *creds,
                                  const char *realmstring,
                                  const char *username,
@@ -179,8 +221,9 @@ svn_auth__ssl_client_cert_pw_get(const char **passphrase,
 
 /* This implements the svn_auth__password_set_t interface.
    Store PASSPHRASE in CREDS; ignore other parameters. */
-svn_boolean_t
-svn_auth__ssl_client_cert_pw_set(apr_hash_t *creds,
+svn_error_t *
+svn_auth__ssl_client_cert_pw_set(svn_boolean_t *done,
+                                 apr_hash_t *creds,
                                  const char *realmstring,
                                  const char *username,
                                  const char *passphrase,
@@ -188,6 +231,25 @@ svn_auth__ssl_client_cert_pw_set(apr_hash_t *creds,
                                  svn_boolean_t non_interactive,
                                  apr_pool_t *pool);
 
+#if (defined(WIN32) && !defined(__MINGW32__)) || defined(DOXYGEN)
+/**
+ * Set @a *provider to an authentication provider that implements
+ * ssl authority verification via the Windows CryptoApi.
+ *
+ * This provider automatically validates authority certificates with
+ * the CryptoApi, like Internet Explorer and the Windows network API do.
+ * This allows the rollout of root certificates via Windows Domain
+ * policies, instead of Subversion specific configuration.
+ *
+ * @note This function is only available on Windows.
+ */
+void
+svn_auth__get_windows_ssl_server_authority_provider(
+                            svn_auth_provider_object_t **provider,
+                            apr_pool_t *pool);
+#endif
+
+
 #ifdef __cplusplus
 }
 #endif /* __cplusplus */