internal_auth.c revision 299742
1/* 2 * simple_auth.c : Simple SASL-based authentication, used in case 3 * Cyrus SASL isn't available. 4 * 5 * ==================================================================== 6 * Licensed to the Apache Software Foundation (ASF) under one 7 * or more contributor license agreements. See the NOTICE file 8 * distributed with this work for additional information 9 * regarding copyright ownership. The ASF licenses this file 10 * to you under the Apache License, Version 2.0 (the 11 * "License"); you may not use this file except in compliance 12 * with the License. You may obtain a copy of the License at 13 * 14 * http://www.apache.org/licenses/LICENSE-2.0 15 * 16 * Unless required by applicable law or agreed to in writing, 17 * software distributed under the License is distributed on an 18 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 19 * KIND, either express or implied. See the License for the 20 * specific language governing permissions and limitations 21 * under the License. 22 * ==================================================================== 23 */ 24 25#include "svn_private_config.h" 26 27#define APR_WANT_STRFUNC 28#include <apr_want.h> 29#include <apr_general.h> 30#include <apr_strings.h> 31 32#include "svn_types.h" 33#include "svn_string.h" 34#include "svn_error.h" 35#include "svn_ra.h" 36#include "svn_ra_svn.h" 37 38#include "ra_svn.h" 39 40svn_boolean_t svn_ra_svn__find_mech(const apr_array_header_t *mechlist, 41 const char *mech) 42{ 43 int i; 44 svn_ra_svn_item_t *elt; 45 46 for (i = 0; i < mechlist->nelts; i++) 47 { 48 elt = &APR_ARRAY_IDX(mechlist, i, svn_ra_svn_item_t); 49 if (elt->kind == SVN_RA_SVN_WORD && strcmp(elt->u.word, mech) == 0) 50 return TRUE; 51 } 52 return FALSE; 53} 54 55/* Read the "success" response to ANONYMOUS or EXTERNAL authentication. */ 56static svn_error_t *read_success(svn_ra_svn_conn_t *conn, apr_pool_t *pool) 57{ 58 const char *status, *arg; 59 60 SVN_ERR(svn_ra_svn__read_tuple(conn, pool, "w(?c)", &status, &arg)); 61 if (strcmp(status, "failure") == 0 && arg) 62 return svn_error_createf(SVN_ERR_RA_NOT_AUTHORIZED, NULL, 63 _("Authentication error from server: %s"), arg); 64 else if (strcmp(status, "success") != 0 || arg) 65 return svn_error_create(SVN_ERR_RA_NOT_AUTHORIZED, NULL, 66 _("Unexpected server response to authentication")); 67 return SVN_NO_ERROR; 68} 69 70svn_error_t * 71svn_ra_svn__do_internal_auth(svn_ra_svn__session_baton_t *sess, 72 const apr_array_header_t *mechlist, 73 const char *realm, apr_pool_t *pool) 74{ 75 svn_ra_svn_conn_t *conn = sess->conn; 76 const char *realmstring, *user, *password, *msg; 77 svn_auth_iterstate_t *iterstate; 78 void *creds; 79 80 realmstring = apr_psprintf(pool, "%s %s", sess->realm_prefix, realm); 81 82 if (sess->is_tunneled && svn_ra_svn__find_mech(mechlist, "EXTERNAL")) 83 { 84 /* Ask the server to use the tunnel connection environment (on 85 * Unix, that means uid) to determine the authentication name. */ 86 SVN_ERR(svn_ra_svn__auth_response(conn, pool, "EXTERNAL", "")); 87 return read_success(conn, pool); 88 } 89 else if (svn_ra_svn__find_mech(mechlist, "ANONYMOUS")) 90 { 91 SVN_ERR(svn_ra_svn__auth_response(conn, pool, "ANONYMOUS", "")); 92 return read_success(conn, pool); 93 } 94 else if (svn_ra_svn__find_mech(mechlist, "CRAM-MD5")) 95 { 96 SVN_ERR(svn_auth_first_credentials(&creds, &iterstate, 97 SVN_AUTH_CRED_SIMPLE, realmstring, 98 sess->auth_baton, pool)); 99 if (!creds) 100 return svn_error_create(SVN_ERR_RA_NOT_AUTHORIZED, NULL, 101 _("Can't get password")); 102 while (creds) 103 { 104 user = ((svn_auth_cred_simple_t *) creds)->username; 105 password = ((svn_auth_cred_simple_t *) creds)->password; 106 SVN_ERR(svn_ra_svn__auth_response(conn, pool, "CRAM-MD5", NULL)); 107 SVN_ERR(svn_ra_svn__cram_client(conn, pool, user, password, &msg)); 108 if (!msg) 109 break; 110 SVN_ERR(svn_auth_next_credentials(&creds, iterstate, pool)); 111 } 112 if (!creds) 113 return svn_error_createf(SVN_ERR_RA_NOT_AUTHORIZED, NULL, 114 _("Authentication error from server: %s"), 115 msg); 116 SVN_ERR(svn_auth_save_credentials(iterstate, pool)); 117 return SVN_NO_ERROR; 118 } 119 else 120 return svn_error_create(SVN_ERR_RA_SVN_NO_MECHANISMS, NULL, NULL); 121} 122