/usr/include/subversion-1/svn_auth.h is in libsvn-dev 1.6.17dfsg-3ubuntu3.5.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640 641 642 643 644 645 646 647 648 649 650 651 652 653 654 655 656 657 658 659 660 661 662 663 664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 679 680 681 682 683 684 685 686 687 688 689 690 691 692 693 694 695 696 697 698 699 700 701 702 703 704 705 706 707 708 709 710 711 712 713 714 715 716 717 718 719 720 721 722 723 724 725 726 727 728 729 730 731 732 733 734 735 736 737 738 739 740 741 742 743 744 745 746 747 748 749 750 751 752 753 754 755 756 757 758 759 760 761 762 763 764 765 766 767 768 769 770 771 772 773 774 775 776 777 778 779 780 781 782 783 784 785 786 787 788 789 790 791 792 793 794 795 796 797 798 799 800 801 802 803 804 805 806 807 808 809 810 811 812 813 814 815 816 817 818 819 820 821 822 823 824 825 826 827 828 829 830 831 832 833 834 835 836 837 838 839 840 841 842 843 844 845 846 847 848 849 850 851 852 853 854 855 856 857 858 859 860 861 862 863 864 865 866 867 868 869 870 871 872 873 874 875 876 877 878 879 880 881 882 883 884 885 886 887 888 889 890 891 892 893 894 895 896 897 898 899 900 901 902 903 904 905 906 907 908 909 910 911 912 913 914 915 916 917 918 919 920 921 922 923 924 925 926 927 928 929 930 931 932 933 934 935 936 937 938 939 940 941 942 943 944 945 946 947 948 949 950 951 952 953 954 955 956 957 958 959 960 961 962 963 964 965 966 967 968 969 970 971 972 973 974 975 976 977 978 979 980 981 982 983 984 985 986 987 988 989 990 991 992 993 994 995 996 997 998 999 1000 1001 1002 1003 1004 1005 1006 1007 1008 1009 1010 1011 1012 1013 1014 1015 1016 1017 1018 1019 1020 1021 1022 1023 1024 1025 1026 1027 1028 1029 1030 1031 1032 1033 1034 1035 1036 1037 1038 1039 1040 1041 1042 1043 1044 1045 1046 1047 1048 1049 1050 1051 1052 1053 1054 1055 1056 1057 1058 1059 1060 1061 1062 1063 1064 1065 1066 1067 1068 1069 1070 1071 1072 1073 1074 1075 1076 1077 1078 1079 1080 1081 1082 1083 1084 1085 1086 1087 1088 1089 1090 1091 1092 1093 1094 1095 1096 1097 1098 1099 1100 1101 1102 1103 1104 1105 1106 1107 1108 1109 1110 1111 1112 1113 1114 1115 1116 1117 1118 1119 1120 1121 1122 1123 1124 1125 1126 1127 1128 1129 1130 1131 1132 1133 1134 1135 1136 1137 1138 1139 1140 1141 1142 1143 1144 1145 1146 1147 1148 1149 1150 1151 1152 1153 1154 1155 1156 1157 1158 1159 1160 1161 1162 1163 1164 1165 1166 1167 1168 1169 1170 1171 1172 1173 1174 1175 1176 1177 1178 1179 1180 1181 1182 1183 1184 1185 1186 1187 1188 1189 1190 1191 1192 1193 1194 1195 1196 1197 1198 1199 1200 1201 1202 1203 1204 1205 1206 1207 1208 1209 1210 1211 1212 1213 1214 1215 1216 1217 1218 1219 1220 | /**
* @copyright
* ====================================================================
* Copyright (c) 2002-2009 CollabNet. All rights reserved.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
* are also available at http://subversion.tigris.org/license-1.html.
* If newer versions of this license are posted there, you may use a
* newer version instead, at your option.
*
* This software consists of voluntary contributions made by many
* individuals. For exact contribution history, see the revision
* history and logs, available at http://subversion.tigris.org/.
* ====================================================================
* @endcopyright
*
* @file svn_auth.h
* @brief Subversion's authentication system
*/
#ifndef SVN_AUTH_H
#define SVN_AUTH_H
#include <apr.h>
#include <apr_pools.h>
#include <apr_hash.h>
#include <apr_tables.h>
#include "svn_types.h"
#include "svn_config.h"
#include "svn_version.h"
#ifdef __cplusplus
extern "C" {
#endif /* __cplusplus */
/** Overview of the svn authentication system.
*
* We define an authentication "provider" as a module that is able to
* return a specific set of credentials. (e.g. username/password,
* certificate, etc.) Each provider implements a vtable that
*
* - can fetch initial credentials
* - can retry the fetch (or try to fetch something different)
* - can store the credentials for future use
*
* For any given type of credentials, there can exist any number of
* separate providers -- each provider has a different method of
* fetching. (i.e. from a disk store, by prompting the user, etc.)
*
* The application begins by creating an auth baton object, and
* "registers" some number of providers with the auth baton, in a
* specific order. (For example, it may first register a
* username/password provider that looks in disk store, then register
* a username/password provider that prompts the user.)
*
* Later on, when any svn library is challenged, it asks the auth
* baton for the specific credentials. If the initial credentials
* fail to authenticate, the caller keeps requesting new credentials.
* Under the hood, libsvn_auth effectively "walks" over each provider
* (in order of registry), one at a time, until all the providers have
* exhausted all their retry options.
*
* This system allows an application to flexibly define authentication
* behaviors (by changing registration order), and very easily write
* new authentication providers.
*
* An auth_baton also contains an internal hashtable of run-time
* parameters; any provider or library layer can set these run-time
* parameters at any time, so that the provider has access to the
* data. (For example, certain run-time data may not be available
* until an authentication challenge is made.) Each credential type
* must document the run-time parameters that are made available to
* its providers.
*
* @defgroup auth_fns Authentication functions
* @{
*/
/** The type of a Subversion authentication object */
typedef struct svn_auth_baton_t svn_auth_baton_t;
/** The type of a Subversion authentication-iteration object */
typedef struct svn_auth_iterstate_t svn_auth_iterstate_t;
/** The main authentication "provider" vtable. */
typedef struct svn_auth_provider_t
{
/** The kind of credentials this provider knows how to retrieve. */
const char *cred_kind;
/** Get an initial set of credentials.
*
* Set @a *credentials to a set of valid credentials within @a
* realmstring, or NULL if no credentials are available. Set @a
* *iter_baton to context that allows a subsequent call to @c
* next_credentials, in case the first credentials fail to
* authenticate. @a provider_baton is general context for the
* vtable, @a parameters contains any run-time data that the
* provider may need, and @a realmstring comes from the
* svn_auth_first_credentials() call.
*/
svn_error_t * (*first_credentials)(void **credentials,
void **iter_baton,
void *provider_baton,
apr_hash_t *parameters,
const char *realmstring,
apr_pool_t *pool);
/** Get a different set of credentials.
*
* Set @a *credentials to another set of valid credentials (using @a
* iter_baton as the context from previous call to first_credentials
* or next_credentials). If no more credentials are available, set
* @a *credentials to NULL. If the provider only has one set of
* credentials, this function pointer should simply be NULL. @a
* provider_baton is general context for the vtable, @a parameters
* contains any run-time data that the provider may need, and @a
* realmstring comes from the svn_auth_first_credentials() call.
*/
svn_error_t * (*next_credentials)(void **credentials,
void *iter_baton,
void *provider_baton,
apr_hash_t *parameters,
const char *realmstring,
apr_pool_t *pool);
/** Save credentials.
*
* Store @a credentials for future use. @a provider_baton is
* general context for the vtable, and @a parameters contains any
* run-time data the provider may need. Set @a *saved to TRUE if
* the save happened, or FALSE if not. The provider is not required
* to save; if it refuses or is unable to save for non-fatal
* reasons, return FALSE. If the provider never saves data, then
* this function pointer should simply be NULL. @a realmstring comes
* from the svn_auth_first_credentials() call.
*/
svn_error_t * (*save_credentials)(svn_boolean_t *saved,
void *credentials,
void *provider_baton,
apr_hash_t *parameters,
const char *realmstring,
apr_pool_t *pool);
} svn_auth_provider_t;
/** A provider object, ready to be put into an array and given to
svn_auth_open(). */
typedef struct svn_auth_provider_object_t
{
const svn_auth_provider_t *vtable;
void *provider_baton;
} svn_auth_provider_object_t;
/** The type of function returning authentication provider. */
typedef void (*svn_auth_simple_provider_func_t)
(svn_auth_provider_object_t **provider,
apr_pool_t *pool);
/** Specific types of credentials **/
/** Simple username/password pair credential kind.
*
* The following auth parameters are available to the providers:
*
* - @c SVN_AUTH_PARAM_CONFIG_CATEGORY_CONFIG (@c svn_config_t*)
* - @c SVN_AUTH_PARAM_CONFIG_CATEGORY_SERVERS (@c svn_config_t*)
*
* The following auth parameters may be available to the providers:
*
* - @c SVN_AUTH_PARAM_NO_AUTH_CACHE (@c void*)
* - @c SVN_AUTH_PARAM_DEFAULT_USERNAME (@c char*)
* - @c SVN_AUTH_PARAM_DEFAULT_PASSWORD (@c char*)
*/
#define SVN_AUTH_CRED_SIMPLE "svn.simple"
/** @c SVN_AUTH_CRED_SIMPLE credentials. */
typedef struct svn_auth_cred_simple_t
{
/** Username */
const char *username;
/** Password */
const char *password;
/** Indicates if the credentials may be saved (to disk). For example, a
* GUI prompt implementation with a remember password checkbox shall set
* @a may_save to TRUE if the checkbox is checked.
*/
svn_boolean_t may_save;
} svn_auth_cred_simple_t;
/** Username credential kind.
*
* The following optional auth parameters are relevant to the providers:
*
* - @c SVN_AUTH_PARAM_NO_AUTH_CACHE (@c void*)
* - @c SVN_AUTH_PARAM_DEFAULT_USERNAME (@c char*)
*/
#define SVN_AUTH_CRED_USERNAME "svn.username"
/** @c SVN_AUTH_CRED_USERNAME credentials. */
typedef struct svn_auth_cred_username_t
{
/** Username */
const char *username;
/** Indicates if the credentials may be saved (to disk). For example, a
* GUI prompt implementation with a remember username checkbox shall set
* @a may_save to TRUE if the checkbox is checked.
*/
svn_boolean_t may_save;
} svn_auth_cred_username_t;
/** SSL client certificate credential type.
*
* The following auth parameters are available to the providers:
*
* - @c SVN_AUTH_PARAM_CONFIG_CATEGORY_SERVERS (@c svn_config_t*)
* - @c SVN_AUTH_PARAM_SERVER_GROUP (@c char*)
*
* The following optional auth parameters are relevant to the providers:
*
* - @c SVN_AUTH_PARAM_NO_AUTH_CACHE (@c void*)
*/
#define SVN_AUTH_CRED_SSL_CLIENT_CERT "svn.ssl.client-cert"
/** @c SVN_AUTH_CRED_SSL_CLIENT_CERT credentials. */
typedef struct svn_auth_cred_ssl_client_cert_t
{
/** Absolute path to the certificate file */
const char *cert_file;
/** Indicates if the credentials may be saved (to disk). For example, a
* GUI prompt implementation with a remember certificate checkbox shall
* set @a may_save to TRUE if the checkbox is checked.
*/
svn_boolean_t may_save;
} svn_auth_cred_ssl_client_cert_t;
/** A function returning an SSL client certificate passphrase provider. */
typedef void (*svn_auth_ssl_client_cert_pw_provider_func_t)
(svn_auth_provider_object_t **provider,
apr_pool_t *pool);
/** SSL client certificate passphrase credential type.
*
* @note The realmstring used with this credential type must be a name that
* makes it possible for the user to identify the certificate.
*
* The following auth parameters are available to the providers:
*
* - @c SVN_AUTH_PARAM_CONFIG_CATEGORY_CONFIG (@c svn_config_t*)
* - @c SVN_AUTH_PARAM_CONFIG_CATEGORY_SERVERS (@c svn_config_t*)
* - @c SVN_AUTH_PARAM_SERVER_GROUP (@c char*)
*
* The following optional auth parameters are relevant to the providers:
*
* - @c SVN_AUTH_PARAM_NO_AUTH_CACHE (@c void*)
*/
#define SVN_AUTH_CRED_SSL_CLIENT_CERT_PW "svn.ssl.client-passphrase"
/** @c SVN_AUTH_CRED_SSL_CLIENT_CERT_PW credentials. */
typedef struct svn_auth_cred_ssl_client_cert_pw_t
{
/** Certificate password */
const char *password;
/** Indicates if the credentials may be saved (to disk). For example, a
* GUI prompt implementation with a remember password checkbox shall set
* @a may_save to TRUE if the checkbox is checked.
*/
svn_boolean_t may_save;
} svn_auth_cred_ssl_client_cert_pw_t;
/** SSL server verification credential type.
*
* The following auth parameters are available to the providers:
*
* - @c SVN_AUTH_PARAM_CONFIG_CATEGORY_SERVERS (@c svn_config_t*)
* - @c SVN_AUTH_PARAM_SERVER_GROUP (@c char*)
* - @c SVN_AUTH_PARAM_SSL_SERVER_FAILURES (@c apr_uint32_t*)
* - @c SVN_AUTH_PARAM_SSL_SERVER_CERT_INFO
* (@c svn_auth_ssl_server_cert_info_t*)
*
* The following optional auth parameters are relevant to the providers:
*
* - @c SVN_AUTH_PARAM_NO_AUTH_CACHE (@c void*)
*/
#define SVN_AUTH_CRED_SSL_SERVER_TRUST "svn.ssl.server"
/** SSL server certificate information used by @c
* SVN_AUTH_CRED_SSL_SERVER_TRUST providers.
*/
typedef struct svn_auth_ssl_server_cert_info_t
{
/** Primary CN */
const char *hostname;
/** ASCII fingerprint */
const char *fingerprint;
/** ASCII date from which the certificate is valid */
const char *valid_from;
/** ASCII date until which the certificate is valid */
const char *valid_until;
/** DN of the certificate issuer */
const char *issuer_dname;
/** Base-64 encoded DER certificate representation */
const char *ascii_cert;
} svn_auth_ssl_server_cert_info_t;
/**
* Return a deep copy of @a info, allocated in @a pool.
*
* @since New in 1.3.
*/
svn_auth_ssl_server_cert_info_t *
svn_auth_ssl_server_cert_info_dup(const svn_auth_ssl_server_cert_info_t *info,
apr_pool_t *pool);
/** @c SVN_AUTH_CRED_SSL_SERVER_TRUST credentials. */
typedef struct svn_auth_cred_ssl_server_trust_t
{
/** Indicates if the credentials may be saved (to disk). For example, a
* GUI prompt implementation with a checkbox to accept the certificate
* permanently shall set @a may_save to TRUE if the checkbox is checked.
*/
svn_boolean_t may_save;
/** Bit mask of the accepted failures */
apr_uint32_t accepted_failures;
} svn_auth_cred_ssl_server_trust_t;
/** Credential-constructing prompt functions. **/
/** These exist so that different client applications can use
* different prompt mechanisms to supply the same credentials. For
* example, if authentication requires a username and password, a
* command-line client's prompting function might prompt first for the
* username and then for the password, whereas a GUI client's would
* present a single dialog box asking for both, and a telepathic
* client's would read all the information directly from the user's
* mind. All these prompting functions return the same type of
* credential, but the information used to construct the credential is
* gathered in an interface-specific way in each case.
*/
/** Set @a *cred by prompting the user, allocating @a *cred in @a pool.
* @a baton is an implementation-specific closure.
*
* If @a realm is non-NULL, maybe use it in the prompt string.
*
* If @a username is non-NULL, then the user might be prompted only
* for a password, but @a *cred would still be filled with both
* username and password. For example, a typical usage would be to
* pass @a username on the first call, but then leave it NULL for
* subsequent calls, on the theory that if credentials failed, it's
* as likely to be due to incorrect username as incorrect password.
*
* If @a may_save is FALSE, the auth system does not allow the credentials
* to be saved (to disk). A prompt function shall not ask the user if the
* credentials shall be saved if @a may_save is FALSE. For example, a GUI
* client with a remember password checkbox would grey out the checkbox if
* @a may_save is FALSE.
*/
typedef svn_error_t *(*svn_auth_simple_prompt_func_t)
(svn_auth_cred_simple_t **cred,
void *baton,
const char *realm,
const char *username,
svn_boolean_t may_save,
apr_pool_t *pool);
/** Set @a *cred by prompting the user, allocating @a *cred in @a pool.
* @a baton is an implementation-specific closure.
*
* If @a realm is non-NULL, maybe use it in the prompt string.
*
* If @a may_save is FALSE, the auth system does not allow the credentials
* to be saved (to disk). A prompt function shall not ask the user if the
* credentials shall be saved if @a may_save is FALSE. For example, a GUI
* client with a remember username checkbox would grey out the checkbox if
* @a may_save is FALSE.
*/
typedef svn_error_t *(*svn_auth_username_prompt_func_t)
(svn_auth_cred_username_t **cred,
void *baton,
const char *realm,
svn_boolean_t may_save,
apr_pool_t *pool);
/** @name SSL server certificate failure bits
*
* @note These values are stored in the on disk auth cache by the SSL
* server certificate auth provider, so the meaning of these bits must
* not be changed.
* @{
*/
/** Certificate is not yet valid. */
#define SVN_AUTH_SSL_NOTYETVALID 0x00000001
/** Certificate has expired. */
#define SVN_AUTH_SSL_EXPIRED 0x00000002
/** Certificate's CN (hostname) does not match the remote hostname. */
#define SVN_AUTH_SSL_CNMISMATCH 0x00000004
/** @brief Certificate authority is unknown (i.e. not trusted) */
#define SVN_AUTH_SSL_UNKNOWNCA 0x00000008
/** @brief Other failure. This can happen if neon has introduced a new
* failure bit that we do not handle yet. */
#define SVN_AUTH_SSL_OTHER 0x40000000
/** @} */
/** Set @a *cred by prompting the user, allocating @a *cred in @a pool.
* @a baton is an implementation-specific closure.
*
* @a cert_info is a structure describing the server cert that was
* presented to the client, and @a failures is a bitmask that
* describes exactly why the cert could not be automatically validated,
* composed from the constants SVN_AUTH_SSL_* (@c SVN_AUTH_SSL_NOTYETVALID
* etc.). @a realm is a string that can be used in the prompt string.
*
* If @a may_save is FALSE, the auth system does not allow the credentials
* to be saved (to disk). A prompt function shall not ask the user if the
* credentials shall be saved if @a may_save is FALSE. For example, a GUI
* client with a trust permanently checkbox would grey out the checkbox if
* @a may_save is FALSE.
*/
typedef svn_error_t *(*svn_auth_ssl_server_trust_prompt_func_t)
(svn_auth_cred_ssl_server_trust_t **cred,
void *baton,
const char *realm,
apr_uint32_t failures,
const svn_auth_ssl_server_cert_info_t *cert_info,
svn_boolean_t may_save,
apr_pool_t *pool);
/** Set @a *cred by prompting the user, allocating @a *cred in @a pool.
* @a baton is an implementation-specific closure. @a realm is a string
* that can be used in the prompt string.
*
* If @a may_save is FALSE, the auth system does not allow the credentials
* to be saved (to disk). A prompt function shall not ask the user if the
* credentials shall be saved if @a may_save is FALSE. For example, a GUI
* client with a remember certificate checkbox would grey out the checkbox
* if @a may_save is FALSE.
*/
typedef svn_error_t *(*svn_auth_ssl_client_cert_prompt_func_t)
(svn_auth_cred_ssl_client_cert_t **cred,
void *baton,
const char *realm,
svn_boolean_t may_save,
apr_pool_t *pool);
/** Set @a *cred by prompting the user, allocating @a *cred in @a pool.
* @a baton is an implementation-specific closure. @a realm is a string
* identifying the certificate, and can be used in the prompt string.
*
* If @a may_save is FALSE, the auth system does not allow the credentials
* to be saved (to disk). A prompt function shall not ask the user if the
* credentials shall be saved if @a may_save is FALSE. For example, a GUI
* client with a remember password checkbox would grey out the checkbox if
* @a may_save is FALSE.
*/
typedef svn_error_t *(*svn_auth_ssl_client_cert_pw_prompt_func_t)
(svn_auth_cred_ssl_client_cert_pw_t **cred,
void *baton,
const char *realm,
svn_boolean_t may_save,
apr_pool_t *pool);
/** A type of callback function for asking whether storing a password to
* disk in plaintext is allowed.
*
* In this callback, the client should ask the user whether storing
* a password for the realm identified by @a realmstring to disk
* in plaintext is allowed.
*
* The answer is returned in @a *may_save_plaintext.
* @a baton is an implementation-specific closure.
* All allocations should be done in @a pool.
*
* @since New in 1.6
*/
typedef svn_error_t *(*svn_auth_plaintext_prompt_func_t)
(svn_boolean_t *may_save_plaintext,
const char *realmstring,
void *baton,
apr_pool_t *pool);
/** A type of callback function for asking whether storing a passphrase to
* disk in plaintext is allowed.
*
* In this callback, the client should ask the user whether storing
* a passphrase for the realm identified by @a realmstring to disk
* in plaintext is allowed.
*
* The answer is returned in @a *may_save_plaintext.
* @a baton is an implementation-specific closure.
* All allocations should be done in @a pool.
*
* @since New in 1.6
*/
typedef svn_error_t *(*svn_auth_plaintext_passphrase_prompt_func_t)
(svn_boolean_t *may_save_plaintext,
const char *realmstring,
void *baton,
apr_pool_t *pool);
/** Initialize an authentication system.
*
* Return an authentication object in @a *auth_baton (allocated in @a
* pool) that represents a particular instance of the svn
* authentication system. @a providers is an array of @c
* svn_auth_provider_object_t pointers, already allocated in @a pool
* and intentionally ordered. These pointers will be stored within @a
* *auth_baton, grouped by credential type, and searched in this exact
* order.
*/
void
svn_auth_open(svn_auth_baton_t **auth_baton,
apr_array_header_t *providers,
apr_pool_t *pool);
/** Set an authentication run-time parameter.
*
* Store @a name / @a value pair as a run-time parameter in @a
* auth_baton, making the data accessible to all providers. @a name
* and @a value will NOT be duplicated into the auth_baton's pool.
* To delete a run-time parameter, pass NULL for @a value.
*/
void
svn_auth_set_parameter(svn_auth_baton_t *auth_baton,
const char *name,
const void *value);
/** Get an authentication run-time parameter.
*
* Return a value for run-time parameter @a name from @a auth_baton.
* Return NULL if the parameter doesn't exist.
*/
const void *
svn_auth_get_parameter(svn_auth_baton_t *auth_baton,
const char *name);
/** Universal run-time parameters, made available to all providers.
If you are writing a new provider, then to be a "good citizen",
you should notice these global parameters! Note that these
run-time params should be treated as read-only by providers; the
application is responsible for placing them into the auth_baton
hash. */
/** The auth-hash prefix indicating that the parameter is global. */
#define SVN_AUTH_PARAM_PREFIX "svn:auth:"
/**
* @name Default credentials defines
* Any 'default' credentials that came in through the application itself,
* (e.g. --username and --password options). Property values are
* const char *.
* @{ */
#define SVN_AUTH_PARAM_DEFAULT_USERNAME SVN_AUTH_PARAM_PREFIX "username"
#define SVN_AUTH_PARAM_DEFAULT_PASSWORD SVN_AUTH_PARAM_PREFIX "password"
/** @} */
/** @brief The application doesn't want any providers to prompt
* users. Property value is irrelevant; only property's existence
* matters. */
#define SVN_AUTH_PARAM_NON_INTERACTIVE SVN_AUTH_PARAM_PREFIX "non-interactive"
/** @brief The application doesn't want any providers to save passwords
* to disk. Property value is irrelevant; only property's existence
* matters. */
#define SVN_AUTH_PARAM_DONT_STORE_PASSWORDS SVN_AUTH_PARAM_PREFIX \
"dont-store-passwords"
/** @brief Indicates whether providers may save passwords to disk in
* plaintext. Property value can be either SVN_CONFIG_TRUE,
* SVN_CONFIG_FALSE, or SVN_CONFIG_ASK. */
#define SVN_AUTH_PARAM_STORE_PLAINTEXT_PASSWORDS SVN_AUTH_PARAM_PREFIX \
"store-plaintext-passwords"
/** @brief The application doesn't want any providers to save passphrase
* to disk. Property value is irrelevant; only property's existence
* matters. */
#define SVN_AUTH_PARAM_DONT_STORE_SSL_CLIENT_CERT_PP \
SVN_AUTH_PARAM_PREFIX "dont-store-ssl-client-cert-pp"
/** @brief Indicates whether providers may save passphrase to disk in
* plaintext. Property value can be either SVN_CONFIG_TRUE,
* SVN_CONFIG_FALSE, or SVN_CONFIG_ASK. */
#define SVN_AUTH_PARAM_STORE_SSL_CLIENT_CERT_PP_PLAINTEXT \
SVN_AUTH_PARAM_PREFIX "store-ssl-client-cert-pp-plaintext"
/** @brief The application doesn't want any providers to save credentials
* to disk. Property value is irrelevant; only property's existence
* matters. */
#define SVN_AUTH_PARAM_NO_AUTH_CACHE SVN_AUTH_PARAM_PREFIX "no-auth-cache"
/** @brief The following property is for SSL server cert providers. This
* provides a pointer to an @c apr_uint32_t containing the failures
* detected by the certificate validator. */
#define SVN_AUTH_PARAM_SSL_SERVER_FAILURES SVN_AUTH_PARAM_PREFIX \
"ssl:failures"
/** @brief The following property is for SSL server cert providers. This
* provides the cert info (svn_auth_ssl_server_cert_info_t). */
#define SVN_AUTH_PARAM_SSL_SERVER_CERT_INFO SVN_AUTH_PARAM_PREFIX \
"ssl:cert-info"
/** Some providers need access to the @c svn_config_t configuration. */
#define SVN_AUTH_PARAM_CONFIG_CATEGORY_CONFIG SVN_AUTH_PARAM_PREFIX "config-category-config"
#define SVN_AUTH_PARAM_CONFIG_CATEGORY_SERVERS SVN_AUTH_PARAM_PREFIX "config-category-servers"
/** @deprecated Provided for backward compatibility with the 1.5 API. */
#define SVN_AUTH_PARAM_CONFIG SVN_AUTH_PARAM_CONFIG_CATEGORY_SERVERS
/** The current server group. */
#define SVN_AUTH_PARAM_SERVER_GROUP SVN_AUTH_PARAM_PREFIX "server-group"
/** @brief A configuration directory that overrides the default
* ~/.subversion. */
#define SVN_AUTH_PARAM_CONFIG_DIR SVN_AUTH_PARAM_PREFIX "config-dir"
/** Get an initial set of credentials.
*
* Ask @a auth_baton to set @a *credentials to a set of credentials
* defined by @a cred_kind and valid within @a realmstring, or NULL if
* no credentials are available. Otherwise, return an iteration state
* in @a *state, so that the caller can call
* svn_auth_next_credentials(), in case the first set of credentials
* fails to authenticate.
*
* Use @a pool to allocate @a *state, and for temporary allocation.
* Note that @a *credentials will be allocated in @a auth_baton's pool.
*/
svn_error_t *
svn_auth_first_credentials(void **credentials,
svn_auth_iterstate_t **state,
const char *cred_kind,
const char *realmstring,
svn_auth_baton_t *auth_baton,
apr_pool_t *pool);
/** Get another set of credentials, assuming previous ones failed to
* authenticate.
*
* Use @a state to fetch a different set of @a *credentials, as a
* follow-up to svn_auth_first_credentials() or
* svn_auth_next_credentials(). If no more credentials are available,
* set @a *credentials to NULL.
*
* Note that @a *credentials will be allocated in @c auth_baton's pool.
*/
svn_error_t *
svn_auth_next_credentials(void **credentials,
svn_auth_iterstate_t *state,
apr_pool_t *pool);
/** Save a set of credentials.
*
* Ask @a state to store the most recently returned credentials,
* presumably because they successfully authenticated.
* All allocations should be done in @a pool.
*
* If no credentials were ever returned, do nothing.
*/
svn_error_t *
svn_auth_save_credentials(svn_auth_iterstate_t *state,
apr_pool_t *pool);
/** @} */
/** Set @a *provider to an authentication provider of type
* svn_auth_cred_simple_t that gets information by prompting the user
* with @a prompt_func and @a prompt_baton. Allocate @a *provider in
* @a pool.
*
* If both @c SVN_AUTH_PARAM_DEFAULT_USERNAME and
* @c SVN_AUTH_PARAM_DEFAULT_PASSWORD are defined as runtime
* parameters in the @c auth_baton, then @a *provider will return the
* default arguments when svn_auth_first_credentials() is called. If
* svn_auth_first_credentials() fails, then @a *provider will
* re-prompt @a retry_limit times (via svn_auth_next_credentials()).
* For infinite retries, set @a retry_limit to value less than 0.
*
* @since New in 1.4.
*/
void
svn_auth_get_simple_prompt_provider(svn_auth_provider_object_t **provider,
svn_auth_simple_prompt_func_t prompt_func,
void *prompt_baton,
int retry_limit,
apr_pool_t *pool);
/** Set @a *provider to an authentication provider of type @c
* svn_auth_cred_username_t that gets information by prompting the
* user with @a prompt_func and @a prompt_baton. Allocate @a *provider
* in @a pool.
*
* If @c SVN_AUTH_PARAM_DEFAULT_USERNAME is defined as a runtime
* parameter in the @c auth_baton, then @a *provider will return the
* default argument when svn_auth_first_credentials() is called. If
* svn_auth_first_credentials() fails, then @a *provider will
* re-prompt @a retry_limit times (via svn_auth_next_credentials()).
* For infinite retries, set @a retry_limit to value less than 0.
*
* @since New in 1.4.
*/
void
svn_auth_get_username_prompt_provider
(svn_auth_provider_object_t **provider,
svn_auth_username_prompt_func_t prompt_func,
void *prompt_baton,
int retry_limit,
apr_pool_t *pool);
/** Set @a *provider to an authentication provider of type @c
* svn_auth_cred_simple_t that gets/sets information from the user's
* ~/.subversion configuration directory.
*
* If the provider is going to save the password unencrypted, it calls @a
* plaintext_prompt_func, passing @a prompt_baton, before saving the
* password.
*
* If @a plaintext_prompt_func is NULL it is not called and the answer is
* assumed to be TRUE. This matches the deprecated behaviour of storing
* unencrypted passwords by default, and is only done this way for backward
* compatibility reasons.
* Client developers are highly encouraged to provide this callback
* to ensure their users are made aware of the fact that their password
* is going to be stored unencrypted. In the future, providers may
* default to not storing the password unencrypted if this callback is NULL.
*
* Clients can however set the callback to NULL and set
* SVN_AUTH_PARAM_STORE_PLAINTEXT_PASSWORDS to SVN_CONFIG_FALSE or
* SVN_CONFIG_TRUE to enforce a certain behaviour.
*
* Allocate @a *provider in @a pool.
*
* If a default username or password is available, @a *provider will
* honor them as well, and return them when
* svn_auth_first_credentials() is called. (see @c
* SVN_AUTH_PARAM_DEFAULT_USERNAME and @c
* SVN_AUTH_PARAM_DEFAULT_PASSWORD).
*
* @since New in 1.6.
*/
void
svn_auth_get_simple_provider2
(svn_auth_provider_object_t **provider,
svn_auth_plaintext_prompt_func_t plaintext_prompt_func,
void *prompt_baton,
apr_pool_t *pool);
/** Like svn_auth_get_simple_provider2, but without the ability to
* call the svn_auth_plaintext_prompt_func_t callback, and the provider
* always assumes that it is allowed to store the password in plaintext.
*
* @deprecated Provided for backwards compatibility with the 1.5 API.
* @since New in 1.4.
*/
SVN_DEPRECATED
void
svn_auth_get_simple_provider(svn_auth_provider_object_t **provider,
apr_pool_t *pool);
/** Set @a *provider to an authentication provider of type @c
* svn_auth_provider_object_t, or return @a NULL if the provider is not
* available for the requested platform or the requested provider is unknown.
*
* Valid @a provider_name values are: "gnome_keyring", "keychain", "kwallet"
* and "windows".
*
* Valid @a provider_type values are: "simple", "ssl_client_cert_pw" and
* "ssl_server_trust".
*
* Allocate @a *provider in @a pool.
*
* What actually happens is we invoke the appropriate provider function to
* supply the @a provider, like so:
*
* svn_auth_get_<name>_<type>_provider(@a provider, @a pool);
*
* @since New in 1.6.
*/
svn_error_t *
svn_auth_get_platform_specific_provider
(svn_auth_provider_object_t **provider,
const char *provider_name,
const char *provider_type,
apr_pool_t *pool);
/** Set @a *providers to an array of <tt>svn_auth_provider_object_t *</tt>
* objects.
* Only client authentication providers available for the current platform are
* returned. Order of the platform-specific authentication providers is
* determined by the 'password-stores' configuration option which is retrieved
* from @a config. @a config can be NULL.
*
* Create and allocate @a *providers in @a pool.
*
* Default order of the platform-specific authentication providers:
* 1. gnome-keyring
* 2. kwallet
* 3. keychain
* 4. windows-cryptoapi
*
* @since New in 1.6.
*/
svn_error_t *
svn_auth_get_platform_specific_client_providers
(apr_array_header_t **providers,
svn_config_t *config,
apr_pool_t *pool);
#if (defined(WIN32) && !defined(__MINGW32__)) || defined(DOXYGEN)
/**
* Set @a *provider to an authentication provider of type @c
* svn_auth_cred_simple_t that gets/sets information from the user's
* ~/.subversion configuration directory. Allocate @a *provider in
* @a pool.
*
* This is like svn_auth_get_simple_provider(), except that, when
* running on Window 2000 or newer (or any other Windows version that
* includes the CryptoAPI), the provider encrypts the password before
* storing it to disk. On earlier versions of Windows, the provider
* does nothing.
*
* @since New in 1.4.
* @note This function is only available on Windows.
*
* @note An administrative password reset may invalidate the account's
* secret key. This function will detect that situation and behave as
* if the password were not cached at all.
*/
void
svn_auth_get_windows_simple_provider(svn_auth_provider_object_t **provider,
apr_pool_t *pool);
/**
* Set @a *provider to an authentication provider of type @c
* svn_auth_cred_ssl_client_cert_pw_t that gets/sets information from the
* user's ~/.subversion configuration directory. Allocate @a *provider in
* @a pool.
*
* This is like svn_auth_get_ssl_client_cert_pw_file_provider(), except that
* when running on Window 2000 or newer, the provider encrypts the password
* before storing it to disk. On earlier versions of Windows, the provider
* does nothing.
*
* @since New in 1.6
* @note This function is only available on Windows.
*
* @note An administrative password reset may invalidate the account's
* secret key. This function will detect that situation and behave as
* if the password were not cached at all.
*/
void
svn_auth_get_windows_ssl_client_cert_pw_provider
(svn_auth_provider_object_t **provider,
apr_pool_t *pool);
/**
* Set @a *provider to an authentication provider of type @c
* svn_auth_cred_ssl_server_trust_t, allocated in @a pool.
*
* This provider automatically validates ssl server certificates with
* the CryptoApi, like Internet Explorer and the Windows network API do.
* This allows the rollout of root certificates via Windows Domain
* policies, instead of Subversion specific configuration.
*
* @since New in 1.5.
* @note This function is only available on Windows.
*/
void
svn_auth_get_windows_ssl_server_trust_provider
(svn_auth_provider_object_t **provider,
apr_pool_t *pool);
#endif /* WIN32 && !__MINGW32__ || DOXYGEN */
#if defined(DARWIN) || defined(DOXYGEN)
/**
* Set @a *provider to an authentication provider of type @c
* svn_auth_cred_simple_t that gets/sets information from the user's
* ~/.subversion configuration directory. Allocate @a *provider in
* @a pool.
*
* This is like svn_auth_get_simple_provider(), except that the
* password is stored in the Mac OS KeyChain.
*
* @since New in 1.4
* @note This function is only available on Mac OS 10.2 and higher.
*/
void
svn_auth_get_keychain_simple_provider(svn_auth_provider_object_t **provider,
apr_pool_t *pool);
/**
* Set @a *provider to an authentication provider of type @c
* svn_auth_cred_ssl_client_cert_pw_t that gets/sets information from the
* user's ~/.subversion configuration directory. Allocate @a *provider in
* @a pool.
*
* This is like svn_auth_get_ssl_client_cert_pw_file_provider(), except
* that the password is stored in the Mac OS KeyChain.
*
* @since New in 1.6
* @note This function is only available on Mac OS 10.2 and higher.
*/
void
svn_auth_get_keychain_ssl_client_cert_pw_provider
(svn_auth_provider_object_t **provider,
apr_pool_t *pool);
#endif /* DARWIN || DOXYGEN */
#if (!defined(DARWIN) && !defined(WIN32)) || defined(DOXYGEN)
/** A type of callback function for obtaining the GNOME Keyring password.
*
* In this callback, the client should ask the user for default keyring
* @a keyring_name password.
*
* The answer is returned in @a *keyring_password.
* @a baton is an implementation-specific closure.
* All allocations should be done in @a pool.
*
* @since New in 1.6
*/
typedef svn_error_t *(*svn_auth_gnome_keyring_unlock_prompt_func_t)
(char **keyring_password,
const char *keyring_name,
void *baton,
apr_pool_t *pool);
/** libsvn_auth_gnome_keyring-specific run-time parameters. */
/** @brief The pointer to function which prompts user for GNOME Keyring
* password.
* The type of this pointer should be svn_auth_gnome_keyring_unlock_prompt_func_t. */
#define SVN_AUTH_PARAM_GNOME_KEYRING_UNLOCK_PROMPT_FUNC "gnome-keyring-unlock-prompt-func"
/** @brief The baton which is passed to
* @c *SVN_AUTH_PARAM_GNOME_KEYRING_UNLOCK_PROMPT_FUNC. */
#define SVN_AUTH_PARAM_GNOME_KEYRING_UNLOCK_PROMPT_BATON "gnome-keyring-unlock-prompt-baton"
/**
* Get libsvn_auth_gnome_keyring version information.
*
* @since New in 1.6
*/
const svn_version_t *
svn_auth_gnome_keyring_version(void);
/**
* Set @a *provider to an authentication provider of type @c
* svn_auth_cred_simple_t that gets/sets information from the user's
* ~/.subversion configuration directory.
*
* This is like svn_client_get_simple_provider(), except that the
* password is stored in GNOME Keyring.
*
* If the GNOME Keyring is locked the provider calls
* @c *SVN_AUTH_PARAM_GNOME_KEYRING_UNLOCK_PROMPT_FUNC in order to unlock
* the keyring.
*
* @c SVN_AUTH_PARAM_GNOME_KEYRING_UNLOCK_PROMPT_BATON is passed to
* @c *SVN_AUTH_PARAM_GNOME_KEYRING_UNLOCK_PROMPT_FUNC.
*
* Allocate @a *provider in @a pool.
*
* @since New in 1.6
* @note This function actually works only on systems with
* libsvn_auth_gnome_keyring and GNOME Keyring installed.
*/
void
svn_auth_get_gnome_keyring_simple_provider
(svn_auth_provider_object_t **provider,
apr_pool_t *pool);
/**
* Set @a *provider to an authentication provider of type @c
* svn_auth_cred_ssl_client_cert_pw_t that gets/sets information from the
* user's ~/.subversion configuration directory.
*
* This is like svn_client_get_ssl_client_cert_pw_file_provider(), except
* that the password is stored in GNOME Keyring.
*
* If the GNOME Keyring is locked the provider calls
* @c *SVN_AUTH_PARAM_GNOME_KEYRING_UNLOCK_PROMPT_FUNC in order to unlock
* the keyring.
*
* @c SVN_AUTH_PARAM_GNOME_KEYRING_UNLOCK_PROMPT_BATON is passed to
* @c *SVN_AUTH_PARAM_GNOME_KEYRING_UNLOCK_PROMPT_FUNC.
*
* Allocate @a *provider in @a pool.
*
* @since New in 1.6
* @note This function actually works only on systems with
* libsvn_auth_gnome_keyring and GNOME Keyring installed.
*/
void
svn_auth_get_gnome_keyring_ssl_client_cert_pw_provider
(svn_auth_provider_object_t **provider,
apr_pool_t *pool);
/**
* Get libsvn_auth_kwallet version information.
*
* @since New in 1.6
*/
const svn_version_t *
svn_auth_kwallet_version(void);
/**
* Set @a *provider to an authentication provider of type @c
* svn_auth_cred_simple_t that gets/sets information from the user's
* ~/.subversion configuration directory. Allocate @a *provider in
* @a pool.
*
* This is like svn_client_get_simple_provider(), except that the
* password is stored in KWallet.
*
* @since New in 1.6
* @note This function actually works only on systems with libsvn_auth_kwallet
* and KWallet installed.
*/
void
svn_auth_get_kwallet_simple_provider(svn_auth_provider_object_t **provider,
apr_pool_t *pool);
/**
* Set @a *provider to an authentication provider of type @c
* svn_auth_cred_ssl_client_cert_pw_t that gets/sets information from the
* user's ~/.subversion configuration directory. Allocate @a *provider in
* @a pool.
*
* This is like svn_client_get_ssl_client_cert_pw_file_provider(), except
* that the password is stored in KWallet.
*
* @since New in 1.6
* @note This function actually works only on systems with libsvn_auth_kwallet
* and KWallet installed.
*/
void
svn_auth_get_kwallet_ssl_client_cert_pw_provider
(svn_auth_provider_object_t **provider,
apr_pool_t *pool);
#endif /* (!DARWIN && !WIN32) || DOXYGEN */
/** Set @a *provider to an authentication provider of type @c
* svn_auth_cred_username_t that gets/sets information from a user's
* ~/.subversion configuration directory. Allocate @a *provider in
* @a pool.
*
* If a default username is available, @a *provider will honor it,
* and return it when svn_auth_first_credentials() is called. (See
* @c SVN_AUTH_PARAM_DEFAULT_USERNAME.)
*
* @since New in 1.4.
*/
void
svn_auth_get_username_provider(svn_auth_provider_object_t **provider,
apr_pool_t *pool);
/** Set @a *provider to an authentication provider of type @c
* svn_auth_cred_ssl_server_trust_t, allocated in @a pool.
*
* @a *provider retrieves its credentials from the configuration
* mechanism. The returned credential is used to override SSL
* security on an error.
*
* @since New in 1.4.
*/
void
svn_auth_get_ssl_server_trust_file_provider
(svn_auth_provider_object_t **provider,
apr_pool_t *pool);
/** Set @a *provider to an authentication provider of type @c
* svn_auth_cred_ssl_client_cert_t, allocated in @a pool.
*
* @a *provider retrieves its credentials from the configuration
* mechanism. The returned credential is used to load the appropriate
* client certificate for authentication when requested by a server.
*
* @since New in 1.4.
*/
void
svn_auth_get_ssl_client_cert_file_provider
(svn_auth_provider_object_t **provider,
apr_pool_t *pool);
/** Set @a *provider to an authentication provider of type @c
* svn_auth_cred_ssl_client_cert_pw_t that gets/sets information from the user's
* ~/.subversion configuration directory.
*
* If the provider is going to save the passphrase unencrypted,
* it calls @a plaintext_passphrase_prompt_func, passing @a
* prompt_baton, before saving the passphrase.
*
* If @a plaintext_passphrase_prompt_func is NULL it is not called
* and the passphrase is not stored in plaintext.
* Client developers are highly encouraged to provide this callback
* to ensure their users are made aware of the fact that their passphrase
* is going to be stored unencrypted.
*
* Clients can however set the callback to NULL and set
* SVN_AUTH_PARAM_STORE_SSL_CLIENT_CERT_PP_PLAINTEXT to SVN_CONFIG_FALSE or
* SVN_CONFIG_TRUE to enforce a certain behaviour.
*
* Allocate @a *provider in @a pool.
*
* @since New in 1.6.
*/
void
svn_auth_get_ssl_client_cert_pw_file_provider2
(svn_auth_provider_object_t **provider,
svn_auth_plaintext_passphrase_prompt_func_t plaintext_passphrase_prompt_func,
void *prompt_baton,
apr_pool_t *pool);
/** Like svn_auth_get_ssl_client_cert_pw_file_provider2, but without
* the ability to call the svn_auth_plaintext_passphrase_prompt_func_t
* callback, and the provider always assumes that it is not allowed
* to store the passphrase in plaintext.
*
* @deprecated Provided for backwards compatibility with the 1.5 API.
* @since New in 1.4.
*/
SVN_DEPRECATED
void
svn_auth_get_ssl_client_cert_pw_file_provider
(svn_auth_provider_object_t **provider,
apr_pool_t *pool);
/** Set @a *provider to an authentication provider of type @c
* svn_auth_cred_ssl_server_trust_t, allocated in @a pool.
*
* @a *provider retrieves its credentials by using the @a prompt_func
* and @a prompt_baton. The returned credential is used to override
* SSL security on an error.
*
* @since New in 1.4.
*/
void
svn_auth_get_ssl_server_trust_prompt_provider
(svn_auth_provider_object_t **provider,
svn_auth_ssl_server_trust_prompt_func_t prompt_func,
void *prompt_baton,
apr_pool_t *pool);
/** Set @a *provider to an authentication provider of type @c
* svn_auth_cred_ssl_client_cert_t, allocated in @a pool.
*
* @a *provider retrieves its credentials by using the @a prompt_func
* and @a prompt_baton. The returned credential is used to load the
* appropriate client certificate for authentication when requested by
* a server. The prompt will be retried @a retry_limit times. For
* infinite retries, set @a retry_limit to value less than 0.
*
* @since New in 1.4.
*/
void
svn_auth_get_ssl_client_cert_prompt_provider
(svn_auth_provider_object_t **provider,
svn_auth_ssl_client_cert_prompt_func_t prompt_func,
void *prompt_baton,
int retry_limit,
apr_pool_t *pool);
/** Set @a *provider to an authentication provider of type @c
* svn_auth_cred_ssl_client_cert_pw_t, allocated in @a pool.
*
* @a *provider retrieves its credentials by using the @a prompt_func
* and @a prompt_baton. The returned credential is used when a loaded
* client certificate is protected by a passphrase. The prompt will
* be retried @a retry_limit times. For infinite retries, set
* @a retry_limit to value less than 0.
*
* @since New in 1.4.
*/
void
svn_auth_get_ssl_client_cert_pw_prompt_provider
(svn_auth_provider_object_t **provider,
svn_auth_ssl_client_cert_pw_prompt_func_t prompt_func,
void *prompt_baton,
int retry_limit,
apr_pool_t *pool);
#ifdef __cplusplus
}
#endif /* __cplusplus */
#endif /* SVN_AUTH_H */
|