BrowseRefs: Fetch context menu item added.

[tortoisegit/TortoiseGitJp.git] / src / TortoiseMerge / svninclude / svn_auth.h

/**\r
 * @copyright\r
 * ====================================================================\r
 * Copyright (c) 2002-2009 CollabNet.  All rights reserved.\r
 *\r
 * This software is licensed as described in the file COPYING, which\r
 * you should have received as part of this distribution.  The terms\r
 * are also available at http://subversion.tigris.org/license-1.html.\r
 * If newer versions of this license are posted there, you may use a\r
 * newer version instead, at your option.\r
 *\r
 * This software consists of voluntary contributions made by many\r
 * individuals.  For exact contribution history, see the revision\r
 * history and logs, available at http://subversion.tigris.org/.\r
 * ====================================================================\r
 * @endcopyright\r
 *\r
 * @file svn_auth.h\r
 * @brief Subversion's authentication system\r
 */\r
\r
#ifndef SVN_AUTH_H\r
#define SVN_AUTH_H\r
\r
#include <apr.h>\r
#include <apr_pools.h>\r
#include <apr_hash.h>\r
#include <apr_tables.h>\r
\r
#include "svn_types.h"\r
#include "svn_config.h"\r
#include "svn_version.h"\r
\r
#ifdef __cplusplus\r
extern "C" {\r
#endif /* __cplusplus */\r
\r
/** Overview of the svn authentication system.\r
 *\r
 * We define an authentication "provider" as a module that is able to\r
 * return a specific set of credentials. (e.g. username/password,\r
 * certificate, etc.)  Each provider implements a vtable that\r
 *\r
 * - can fetch initial credentials\r
 * - can retry the fetch (or try to fetch something different)\r
 * - can store the credentials for future use\r
 *\r
 * For any given type of credentials, there can exist any number of\r
 * separate providers -- each provider has a different method of\r
 * fetching. (i.e. from a disk store, by prompting the user, etc.)\r
 *\r
 * The application begins by creating an auth baton object, and\r
 * "registers" some number of providers with the auth baton, in a\r
 * specific order.  (For example, it may first register a\r
 * username/password provider that looks in disk store, then register\r
 * a username/password provider that prompts the user.)\r
 *\r
 * Later on, when any svn library is challenged, it asks the auth\r
 * baton for the specific credentials.  If the initial credentials\r
 * fail to authenticate, the caller keeps requesting new credentials.\r
 * Under the hood, libsvn_auth effectively "walks" over each provider\r
 * (in order of registry), one at a time, until all the providers have\r
 * exhausted all their retry options.\r
 *\r
 * This system allows an application to flexibly define authentication\r
 * behaviors (by changing registration order), and very easily write\r
 * new authentication providers.\r
 *\r
 * An auth_baton also contains an internal hashtable of run-time\r
 * parameters; any provider or library layer can set these run-time\r
 * parameters at any time, so that the provider has access to the\r
 * data.  (For example, certain run-time data may not be available\r
 * until an authentication challenge is made.)  Each credential type\r
 * must document the run-time parameters that are made available to\r
 * its providers.\r
 *\r
 * @defgroup auth_fns Authentication functions\r
 * @{\r
 */\r
\r
\r
/** The type of a Subversion authentication object */\r
typedef struct svn_auth_baton_t svn_auth_baton_t;\r
\r
/** The type of a Subversion authentication-iteration object */\r
typedef struct svn_auth_iterstate_t svn_auth_iterstate_t;\r
\r
\r
/** The main authentication "provider" vtable. */\r
typedef struct svn_auth_provider_t\r
{\r
  /** The kind of credentials this provider knows how to retrieve. */\r
  const char *cred_kind;\r
\r
  /** Get an initial set of credentials.\r
   *\r
   * Set @a *credentials to a set of valid credentials within @a\r
   * realmstring, or NULL if no credentials are available.  Set @a\r
   * *iter_baton to context that allows a subsequent call to @c\r
   * next_credentials, in case the first credentials fail to\r
   * authenticate.  @a provider_baton is general context for the\r
   * vtable, @a parameters contains any run-time data that the\r
   * provider may need, and @a realmstring comes from the\r
   * svn_auth_first_credentials() call.\r
   */\r
  svn_error_t * (*first_credentials)(void **credentials,\r
                                     void **iter_baton,\r
                                     void *provider_baton,\r
                                     apr_hash_t *parameters,\r
                                     const char *realmstring,\r
                                     apr_pool_t *pool);\r
\r
  /** Get a different set of credentials.\r
   *\r
   * Set @a *credentials to another set of valid credentials (using @a\r
   * iter_baton as the context from previous call to first_credentials\r
   * or next_credentials).  If no more credentials are available, set\r
   * @a *credentials to NULL.  If the provider only has one set of\r
   * credentials, this function pointer should simply be NULL. @a\r
   * provider_baton is general context for the vtable, @a parameters\r
   * contains any run-time data that the provider may need, and @a\r
   * realmstring comes from the svn_auth_first_credentials() call.\r
   */\r
  svn_error_t * (*next_credentials)(void **credentials,\r
                                    void *iter_baton,\r
                                    void *provider_baton,\r
                                    apr_hash_t *parameters,\r
                                    const char *realmstring,\r
                                    apr_pool_t *pool);\r
\r
  /** Save credentials.\r
   *\r
   * Store @a credentials for future use.  @a provider_baton is\r
   * general context for the vtable, and @a parameters contains any\r
   * run-time data the provider may need.  Set @a *saved to TRUE if\r
   * the save happened, or FALSE if not.  The provider is not required\r
   * to save; if it refuses or is unable to save for non-fatal\r
   * reasons, return FALSE.  If the provider never saves data, then\r
   * this function pointer should simply be NULL. @a realmstring comes\r
   * from the svn_auth_first_credentials() call.\r
   */\r
  svn_error_t * (*save_credentials)(svn_boolean_t *saved,\r
                                    void *credentials,\r
                                    void *provider_baton,\r
                                    apr_hash_t *parameters,\r
                                    const char *realmstring,\r
                                    apr_pool_t *pool);\r
\r
} svn_auth_provider_t;\r
\r
\r
/** A provider object, ready to be put into an array and given to\r
    svn_auth_open(). */\r
typedef struct svn_auth_provider_object_t\r
{\r
  const svn_auth_provider_t *vtable;\r
  void *provider_baton;\r
\r
} svn_auth_provider_object_t;\r
\r
/** The type of function returning authentication provider. */\r
typedef void (*svn_auth_simple_provider_func_t)\r
  (svn_auth_provider_object_t **provider,\r
   apr_pool_t *pool);\r
\r
\f\r
/** Specific types of credentials **/\r
\r
/** Simple username/password pair credential kind.\r
 *\r
 * The following auth parameters are available to the providers:\r
 *\r
 * - @c SVN_AUTH_PARAM_CONFIG_CATEGORY_CONFIG (@c svn_config_t*)\r
 * - @c SVN_AUTH_PARAM_CONFIG_CATEGORY_SERVERS (@c svn_config_t*)\r
 *\r
 * The following auth parameters may be available to the providers:\r
 *\r
 * - @c SVN_AUTH_PARAM_NO_AUTH_CACHE (@c void*)\r
 * - @c SVN_AUTH_PARAM_DEFAULT_USERNAME (@c char*)\r
 * - @c SVN_AUTH_PARAM_DEFAULT_PASSWORD (@c char*)\r
 */\r
#define SVN_AUTH_CRED_SIMPLE "svn.simple"\r
\r
/** @c SVN_AUTH_CRED_SIMPLE credentials. */\r
typedef struct svn_auth_cred_simple_t\r
{\r
  /** Username */\r
  const char *username;\r
  /** Password */\r
  const char *password;\r
  /** Indicates if the credentials may be saved (to disk). For example, a\r
   * GUI prompt implementation with a remember password checkbox shall set\r
   * @a may_save to TRUE if the checkbox is checked.\r
   */\r
  svn_boolean_t may_save;\r
} svn_auth_cred_simple_t;\r
\r
\r
/** Username credential kind.\r
 *\r
 * The following optional auth parameters are relevant to the providers:\r
 *\r
 * - @c SVN_AUTH_PARAM_NO_AUTH_CACHE (@c void*)\r
 * - @c SVN_AUTH_PARAM_DEFAULT_USERNAME (@c char*)\r
 */\r
#define SVN_AUTH_CRED_USERNAME "svn.username"\r
\r
/** @c SVN_AUTH_CRED_USERNAME credentials. */\r
typedef struct svn_auth_cred_username_t\r
{\r
  /** Username */\r
  const char *username;\r
  /** Indicates if the credentials may be saved (to disk). For example, a\r
   * GUI prompt implementation with a remember username checkbox shall set\r
   * @a may_save to TRUE if the checkbox is checked.\r
   */\r
  svn_boolean_t may_save;\r
} svn_auth_cred_username_t;\r
\r
\r
/** SSL client certificate credential type.\r
 *\r
 * The following auth parameters are available to the providers:\r
 *\r
 * - @c SVN_AUTH_PARAM_CONFIG_CATEGORY_SERVERS (@c svn_config_t*)\r
 * - @c SVN_AUTH_PARAM_SERVER_GROUP (@c char*)\r
 *\r
 * The following optional auth parameters are relevant to the providers:\r
 *\r
 * - @c SVN_AUTH_PARAM_NO_AUTH_CACHE (@c void*)\r
 */\r
#define SVN_AUTH_CRED_SSL_CLIENT_CERT "svn.ssl.client-cert"\r
\r
/** @c SVN_AUTH_CRED_SSL_CLIENT_CERT credentials. */\r
typedef struct svn_auth_cred_ssl_client_cert_t\r
{\r
  /** Absolute path to the certificate file */\r
  const char *cert_file;\r
  /** Indicates if the credentials may be saved (to disk). For example, a\r
   * GUI prompt implementation with a remember certificate checkbox shall\r
   * set @a may_save to TRUE if the checkbox is checked.\r
   */\r
  svn_boolean_t may_save;\r
} svn_auth_cred_ssl_client_cert_t;\r
\r
\r
/** A function returning an SSL client certificate passphrase provider. */\r
typedef void (*svn_auth_ssl_client_cert_pw_provider_func_t)\r
  (svn_auth_provider_object_t **provider,\r
   apr_pool_t *pool);\r
\r
/** SSL client certificate passphrase credential type.\r
 *\r
 * @note The realmstring used with this credential type must be a name that\r
 * makes it possible for the user to identify the certificate.\r
 *\r
 * The following auth parameters are available to the providers:\r
 *\r
 * - @c SVN_AUTH_PARAM_CONFIG_CATEGORY_CONFIG (@c svn_config_t*)\r
 * - @c SVN_AUTH_PARAM_CONFIG_CATEGORY_SERVERS (@c svn_config_t*)\r
 * - @c SVN_AUTH_PARAM_SERVER_GROUP (@c char*)\r
 *\r
 * The following optional auth parameters are relevant to the providers:\r
 *\r
 * - @c SVN_AUTH_PARAM_NO_AUTH_CACHE (@c void*)\r
 */\r
#define SVN_AUTH_CRED_SSL_CLIENT_CERT_PW "svn.ssl.client-passphrase"\r
\r
/** @c SVN_AUTH_CRED_SSL_CLIENT_CERT_PW credentials. */\r
typedef struct svn_auth_cred_ssl_client_cert_pw_t\r
{\r
  /** Certificate password */\r
  const char *password;\r
  /** Indicates if the credentials may be saved (to disk). For example, a\r
   * GUI prompt implementation with a remember password checkbox shall set\r
   * @a may_save to TRUE if the checkbox is checked.\r
   */\r
  svn_boolean_t may_save;\r
} svn_auth_cred_ssl_client_cert_pw_t;\r
\r
\r
/** SSL server verification credential type.\r
 *\r
 * The following auth parameters are available to the providers:\r
 *\r
 * - @c SVN_AUTH_PARAM_CONFIG_CATEGORY_SERVERS (@c svn_config_t*)\r
 * - @c SVN_AUTH_PARAM_SERVER_GROUP (@c char*)\r
 * - @c SVN_AUTH_PARAM_SSL_SERVER_FAILURES (@c apr_uint32_t*)\r
 * - @c SVN_AUTH_PARAM_SSL_SERVER_CERT_INFO\r
 *      (@c svn_auth_ssl_server_cert_info_t*)\r
 *\r
 * The following optional auth parameters are relevant to the providers:\r
 *\r
 * - @c SVN_AUTH_PARAM_NO_AUTH_CACHE (@c void*)\r
 */\r
#define SVN_AUTH_CRED_SSL_SERVER_TRUST "svn.ssl.server"\r
\r
/** SSL server certificate information used by @c\r
 * SVN_AUTH_CRED_SSL_SERVER_TRUST providers.\r
 */\r
typedef struct svn_auth_ssl_server_cert_info_t\r
{\r
  /** Primary CN */\r
  const char *hostname;\r
  /** ASCII fingerprint */\r
  const char *fingerprint;\r
  /** ASCII date from which the certificate is valid */\r
  const char *valid_from;\r
  /** ASCII date until which the certificate is valid */\r
  const char *valid_until;\r
  /** DN of the certificate issuer */\r
  const char *issuer_dname;\r
  /** Base-64 encoded DER certificate representation */\r
  const char *ascii_cert;\r
} svn_auth_ssl_server_cert_info_t;\r
\r
/**\r
 * Return a deep copy of @a info, allocated in @a pool.\r
 *\r
 * @since New in 1.3.\r
 */\r
svn_auth_ssl_server_cert_info_t *\r
svn_auth_ssl_server_cert_info_dup(const svn_auth_ssl_server_cert_info_t *info,\r
                                  apr_pool_t *pool);\r
\r
/** @c SVN_AUTH_CRED_SSL_SERVER_TRUST credentials. */\r
typedef struct svn_auth_cred_ssl_server_trust_t\r
{\r
  /** Indicates if the credentials may be saved (to disk). For example, a\r
   * GUI prompt implementation with a checkbox to accept the certificate\r
   * permanently shall set @a may_save to TRUE if the checkbox is checked.\r
   */\r
  svn_boolean_t may_save;\r
  /** Bit mask of the accepted failures */\r
  apr_uint32_t accepted_failures;\r
} svn_auth_cred_ssl_server_trust_t;\r
\r
\r
\f\r
/** Credential-constructing prompt functions. **/\r
\r
/** These exist so that different client applications can use\r
 * different prompt mechanisms to supply the same credentials.  For\r
 * example, if authentication requires a username and password, a\r
 * command-line client's prompting function might prompt first for the\r
 * username and then for the password, whereas a GUI client's would\r
 * present a single dialog box asking for both, and a telepathic\r
 * client's would read all the information directly from the user's\r
 * mind.  All these prompting functions return the same type of\r
 * credential, but the information used to construct the credential is\r
 * gathered in an interface-specific way in each case.\r
 */\r
\r
/** Set @a *cred by prompting the user, allocating @a *cred in @a pool.\r
 * @a baton is an implementation-specific closure.\r
 *\r
 * If @a realm is non-NULL, maybe use it in the prompt string.\r
 *\r
 * If @a username is non-NULL, then the user might be prompted only\r
 * for a password, but @a *cred would still be filled with both\r
 * username and password.  For example, a typical usage would be to\r
 * pass @a username on the first call, but then leave it NULL for\r
 * subsequent calls, on the theory that if credentials failed, it's\r
 * as likely to be due to incorrect username as incorrect password.\r
 *\r
 * If @a may_save is FALSE, the auth system does not allow the credentials\r
 * to be saved (to disk). A prompt function shall not ask the user if the\r
 * credentials shall be saved if @a may_save is FALSE. For example, a GUI\r
 * client with a remember password checkbox would grey out the checkbox if\r
 * @a may_save is FALSE.\r
 */\r
typedef svn_error_t *(*svn_auth_simple_prompt_func_t)\r
  (svn_auth_cred_simple_t **cred,\r
   void *baton,\r
   const char *realm,\r
   const char *username,\r
   svn_boolean_t may_save,\r
   apr_pool_t *pool);\r
\r
\r
/** Set @a *cred by prompting the user, allocating @a *cred in @a pool.\r
 * @a baton is an implementation-specific closure.\r
 *\r
 * If @a realm is non-NULL, maybe use it in the prompt string.\r
 *\r
 * If @a may_save is FALSE, the auth system does not allow the credentials\r
 * to be saved (to disk). A prompt function shall not ask the user if the\r
 * credentials shall be saved if @a may_save is FALSE. For example, a GUI\r
 * client with a remember username checkbox would grey out the checkbox if\r
 * @a may_save is FALSE.\r
 */\r
typedef svn_error_t *(*svn_auth_username_prompt_func_t)\r
  (svn_auth_cred_username_t **cred,\r
   void *baton,\r
   const char *realm,\r
   svn_boolean_t may_save,\r
   apr_pool_t *pool);\r
\r
\r
/** @name SSL server certificate failure bits\r
 *\r
 * @note These values are stored in the on disk auth cache by the SSL\r
 * server certificate auth provider, so the meaning of these bits must\r
 * not be changed.\r
 * @{\r
 */\r
/** Certificate is not yet valid. */\r
#define SVN_AUTH_SSL_NOTYETVALID 0x00000001\r
/** Certificate has expired. */\r
#define SVN_AUTH_SSL_EXPIRED     0x00000002\r
/** Certificate's CN (hostname) does not match the remote hostname. */\r
#define SVN_AUTH_SSL_CNMISMATCH  0x00000004\r
/** @brief Certificate authority is unknown (i.e. not trusted) */\r
#define SVN_AUTH_SSL_UNKNOWNCA   0x00000008\r
/** @brief Other failure. This can happen if neon has introduced a new\r
 * failure bit that we do not handle yet. */\r
#define SVN_AUTH_SSL_OTHER       0x40000000\r
/** @} */\r
\r
/** Set @a *cred by prompting the user, allocating @a *cred in @a pool.\r
 * @a baton is an implementation-specific closure.\r
 *\r
 * @a cert_info is a structure describing the server cert that was\r
 * presented to the client, and @a failures is a bitmask that\r
 * describes exactly why the cert could not be automatically validated,\r
 * composed from the constants SVN_AUTH_SSL_* (@c SVN_AUTH_SSL_NOTYETVALID\r
 * etc.).  @a realm is a string that can be used in the prompt string.\r
 *\r
 * If @a may_save is FALSE, the auth system does not allow the credentials\r
 * to be saved (to disk). A prompt function shall not ask the user if the\r
 * credentials shall be saved if @a may_save is FALSE. For example, a GUI\r
 * client with a trust permanently checkbox would grey out the checkbox if\r
 * @a may_save is FALSE.\r
 */\r
typedef svn_error_t *(*svn_auth_ssl_server_trust_prompt_func_t)\r
  (svn_auth_cred_ssl_server_trust_t **cred,\r
   void *baton,\r
   const char *realm,\r
   apr_uint32_t failures,\r
   const svn_auth_ssl_server_cert_info_t *cert_info,\r
   svn_boolean_t may_save,\r
   apr_pool_t *pool);\r
\r
\r
/** Set @a *cred by prompting the user, allocating @a *cred in @a pool.\r
 * @a baton is an implementation-specific closure.  @a realm is a string\r
 * that can be used in the prompt string.\r
 *\r
 * If @a may_save is FALSE, the auth system does not allow the credentials\r
 * to be saved (to disk). A prompt function shall not ask the user if the\r
 * credentials shall be saved if @a may_save is FALSE. For example, a GUI\r
 * client with a remember certificate checkbox would grey out the checkbox\r
 * if @a may_save is FALSE.\r
 */\r
typedef svn_error_t *(*svn_auth_ssl_client_cert_prompt_func_t)\r
  (svn_auth_cred_ssl_client_cert_t **cred,\r
   void *baton,\r
   const char *realm,\r
   svn_boolean_t may_save,\r
   apr_pool_t *pool);\r
\r
\r
/** Set @a *cred by prompting the user, allocating @a *cred in @a pool.\r
 * @a baton is an implementation-specific closure.  @a realm is a string\r
 * identifying the certificate, and can be used in the prompt string.\r
 *\r
 * If @a may_save is FALSE, the auth system does not allow the credentials\r
 * to be saved (to disk). A prompt function shall not ask the user if the\r
 * credentials shall be saved if @a may_save is FALSE. For example, a GUI\r
 * client with a remember password checkbox would grey out the checkbox if\r
 * @a may_save is FALSE.\r
 */\r
typedef svn_error_t *(*svn_auth_ssl_client_cert_pw_prompt_func_t)\r
  (svn_auth_cred_ssl_client_cert_pw_t **cred,\r
   void *baton,\r
   const char *realm,\r
   svn_boolean_t may_save,\r
   apr_pool_t *pool);\r
\r
/** A type of callback function for asking whether storing a password to\r
 * disk in plaintext is allowed.\r
 *\r
 * In this callback, the client should ask the user whether storing\r
 * a password for the realm identified by @a realmstring to disk\r
 * in plaintext is allowed.\r
 *\r
 * The answer is returned in @a *may_save_plaintext.\r
 * @a baton is an implementation-specific closure.\r
 * All allocations should be done in @a pool.\r
 *\r
 * @since New in 1.6\r
 */\r
typedef svn_error_t *(*svn_auth_plaintext_prompt_func_t)\r
  (svn_boolean_t *may_save_plaintext,\r
   const char *realmstring,\r
   void *baton,\r
   apr_pool_t *pool);\r
\r
/** A type of callback function for asking whether storing a passphrase to\r
 * disk in plaintext is allowed.\r
 *\r
 * In this callback, the client should ask the user whether storing\r
 * a passphrase for the realm identified by @a realmstring to disk\r
 * in plaintext is allowed.\r
 *\r
 * The answer is returned in @a *may_save_plaintext.\r
 * @a baton is an implementation-specific closure.\r
 * All allocations should be done in @a pool.\r
 *\r
 * @since New in 1.6\r
 */\r
typedef svn_error_t *(*svn_auth_plaintext_passphrase_prompt_func_t)\r
  (svn_boolean_t *may_save_plaintext,\r
   const char *realmstring,\r
   void *baton,\r
   apr_pool_t *pool);\r
\r
\f\r
/** Initialize an authentication system.\r
 *\r
 * Return an authentication object in @a *auth_baton (allocated in @a\r
 * pool) that represents a particular instance of the svn\r
 * authentication system.  @a providers is an array of @c\r
 * svn_auth_provider_object_t pointers, already allocated in @a pool\r
 * and intentionally ordered.  These pointers will be stored within @a\r
 * *auth_baton, grouped by credential type, and searched in this exact\r
 * order.\r
 */\r
void\r
svn_auth_open(svn_auth_baton_t **auth_baton,\r
              apr_array_header_t *providers,\r
              apr_pool_t *pool);\r
\r
/** Set an authentication run-time parameter.\r
 *\r
 * Store @a name / @a value pair as a run-time parameter in @a\r
 * auth_baton, making the data accessible to all providers.  @a name\r
 * and @a value will NOT be duplicated into the auth_baton's pool.\r
 * To delete a run-time parameter, pass NULL for @a value.\r
 */\r
void\r
svn_auth_set_parameter(svn_auth_baton_t *auth_baton,\r
                       const char *name,\r
                       const void *value);\r
\r
/** Get an authentication run-time parameter.\r
 *\r
 * Return a value for run-time parameter @a name from @a auth_baton.\r
 * Return NULL if the parameter doesn't exist.\r
 */\r
const void *\r
svn_auth_get_parameter(svn_auth_baton_t *auth_baton,\r
                       const char *name);\r
\r
/** Universal run-time parameters, made available to all providers.\r
\r
    If you are writing a new provider, then to be a "good citizen",\r
    you should notice these global parameters!  Note that these\r
    run-time params should be treated as read-only by providers; the\r
    application is responsible for placing them into the auth_baton\r
    hash. */\r
\r
/** The auth-hash prefix indicating that the parameter is global. */\r
#define SVN_AUTH_PARAM_PREFIX "svn:auth:"\r
\r
/**\r
 * @name Default credentials defines\r
 * Any 'default' credentials that came in through the application itself,\r
 * (e.g. --username and --password options). Property values are\r
 * const char *.\r
 * @{ */\r
#define SVN_AUTH_PARAM_DEFAULT_USERNAME  SVN_AUTH_PARAM_PREFIX "username"\r
#define SVN_AUTH_PARAM_DEFAULT_PASSWORD  SVN_AUTH_PARAM_PREFIX "password"\r
/** @} */\r
\r
/** @brief The application doesn't want any providers to prompt\r
 * users. Property value is irrelevant; only property's existence\r
 * matters. */\r
#define SVN_AUTH_PARAM_NON_INTERACTIVE  SVN_AUTH_PARAM_PREFIX "non-interactive"\r
\r
/** @brief The application doesn't want any providers to save passwords\r
 * to disk. Property value is irrelevant; only property's existence\r
 * matters. */\r
#define SVN_AUTH_PARAM_DONT_STORE_PASSWORDS  SVN_AUTH_PARAM_PREFIX \\r
                                                 "dont-store-passwords"\r
\r
/** @brief Indicates whether providers may save passwords to disk in\r
 * plaintext. Property value can be either SVN_CONFIG_TRUE,\r
 * SVN_CONFIG_FALSE, or SVN_CONFIG_ASK. */\r
#define SVN_AUTH_PARAM_STORE_PLAINTEXT_PASSWORDS  SVN_AUTH_PARAM_PREFIX \\r
                                                  "store-plaintext-passwords"\r
\r
/** @brief The application doesn't want any providers to save passphrase\r
 * to disk. Property value is irrelevant; only property's existence\r
 * matters. */\r
#define SVN_AUTH_PARAM_DONT_STORE_SSL_CLIENT_CERT_PP \\r
  SVN_AUTH_PARAM_PREFIX "dont-store-ssl-client-cert-pp"\r
\r
/** @brief Indicates whether providers may save passphrase to disk in\r
 * plaintext. Property value can be either SVN_CONFIG_TRUE,\r
 * SVN_CONFIG_FALSE, or SVN_CONFIG_ASK. */\r
#define SVN_AUTH_PARAM_STORE_SSL_CLIENT_CERT_PP_PLAINTEXT \\r
  SVN_AUTH_PARAM_PREFIX "store-ssl-client-cert-pp-plaintext"\r
\r
/** @brief The application doesn't want any providers to save credentials\r
 * to disk. Property value is irrelevant; only property's existence\r
 * matters. */\r
#define SVN_AUTH_PARAM_NO_AUTH_CACHE  SVN_AUTH_PARAM_PREFIX "no-auth-cache"\r
\r
/** @brief The following property is for SSL server cert providers. This\r
 * provides a pointer to an @c apr_uint32_t containing the failures\r
 * detected by the certificate validator. */\r
#define SVN_AUTH_PARAM_SSL_SERVER_FAILURES SVN_AUTH_PARAM_PREFIX \\r
  "ssl:failures"\r
\r
/** @brief The following property is for SSL server cert providers. This\r
 * provides the cert info (svn_auth_ssl_server_cert_info_t). */\r
#define SVN_AUTH_PARAM_SSL_SERVER_CERT_INFO SVN_AUTH_PARAM_PREFIX \\r
  "ssl:cert-info"\r
\r
/** Some providers need access to the @c svn_config_t configuration. */\r
#define SVN_AUTH_PARAM_CONFIG_CATEGORY_CONFIG SVN_AUTH_PARAM_PREFIX "config-category-config"\r
#define SVN_AUTH_PARAM_CONFIG_CATEGORY_SERVERS SVN_AUTH_PARAM_PREFIX "config-category-servers"\r
\r
/** @deprecated Provided for backward compatibility with the 1.5 API. */\r
#define SVN_AUTH_PARAM_CONFIG SVN_AUTH_PARAM_CONFIG_CATEGORY_SERVERS\r
\r
/** The current server group. */\r
#define SVN_AUTH_PARAM_SERVER_GROUP SVN_AUTH_PARAM_PREFIX "server-group"\r
\r
/** @brief A configuration directory that overrides the default\r
 * ~/.subversion. */\r
#define SVN_AUTH_PARAM_CONFIG_DIR SVN_AUTH_PARAM_PREFIX "config-dir"\r
\r
/** Get an initial set of credentials.\r
 *\r
 * Ask @a auth_baton to set @a *credentials to a set of credentials\r
 * defined by @a cred_kind and valid within @a realmstring, or NULL if\r
 * no credentials are available.  Otherwise, return an iteration state\r
 * in @a *state, so that the caller can call\r
 * svn_auth_next_credentials(), in case the first set of credentials\r
 * fails to authenticate.\r
 *\r
 * Use @a pool to allocate @a *state, and for temporary allocation.\r
 * Note that @a *credentials will be allocated in @a auth_baton's pool.\r
 */\r
svn_error_t *\r
svn_auth_first_credentials(void **credentials,\r
                           svn_auth_iterstate_t **state,\r
                           const char *cred_kind,\r
                           const char *realmstring,\r
                           svn_auth_baton_t *auth_baton,\r
                           apr_pool_t *pool);\r
\r
/** Get another set of credentials, assuming previous ones failed to\r
 * authenticate.\r
 *\r
 * Use @a state to fetch a different set of @a *credentials, as a\r
 * follow-up to svn_auth_first_credentials() or\r
 * svn_auth_next_credentials().  If no more credentials are available,\r
 * set @a *credentials to NULL.\r
 *\r
 * Note that @a *credentials will be allocated in @c auth_baton's pool.\r
 */\r
svn_error_t *\r
svn_auth_next_credentials(void **credentials,\r
                          svn_auth_iterstate_t *state,\r
                          apr_pool_t *pool);\r
\r
/** Save a set of credentials.\r
 *\r
 * Ask @a state to store the most recently returned credentials,\r
 * presumably because they successfully authenticated.\r
 * All allocations should be done in @a pool.\r
 *\r
 * If no credentials were ever returned, do nothing.\r
 */\r
svn_error_t *\r
svn_auth_save_credentials(svn_auth_iterstate_t *state,\r
                          apr_pool_t *pool);\r
\r
/** @} */\r
\r
/** Set @a *provider to an authentication provider of type\r
 * svn_auth_cred_simple_t that gets information by prompting the user\r
 * with @a prompt_func and @a prompt_baton.  Allocate @a *provider in\r
 * @a pool.\r
 *\r
 * If both @c SVN_AUTH_PARAM_DEFAULT_USERNAME and\r
 * @c SVN_AUTH_PARAM_DEFAULT_PASSWORD are defined as runtime\r
 * parameters in the @c auth_baton, then @a *provider will return the\r
 * default arguments when svn_auth_first_credentials() is called.  If\r
 * svn_auth_first_credentials() fails, then @a *provider will\r
 * re-prompt @a retry_limit times (via svn_auth_next_credentials()).\r
 * For infinite retries, set @a retry_limit to value less than 0.\r
 *\r
 * @since New in 1.4.\r
 */\r
void\r
svn_auth_get_simple_prompt_provider(svn_auth_provider_object_t **provider,\r
                                    svn_auth_simple_prompt_func_t prompt_func,\r
                                    void *prompt_baton,\r
                                    int retry_limit,\r
                                    apr_pool_t *pool);\r
\r
\r
/** Set @a *provider to an authentication provider of type @c\r
 * svn_auth_cred_username_t that gets information by prompting the\r
 * user with @a prompt_func and @a prompt_baton.  Allocate @a *provider\r
 * in @a pool.\r
 *\r
 * If @c SVN_AUTH_PARAM_DEFAULT_USERNAME is defined as a runtime\r
 * parameter in the @c auth_baton, then @a *provider will return the\r
 * default argument when svn_auth_first_credentials() is called.  If\r
 * svn_auth_first_credentials() fails, then @a *provider will\r
 * re-prompt @a retry_limit times (via svn_auth_next_credentials()).\r
 * For infinite retries, set @a retry_limit to value less than 0.\r
 *\r
 * @since New in 1.4.\r
 */\r
void\r
svn_auth_get_username_prompt_provider\r
  (svn_auth_provider_object_t **provider,\r
   svn_auth_username_prompt_func_t prompt_func,\r
   void *prompt_baton,\r
   int retry_limit,\r
   apr_pool_t *pool);\r
\r
\r
/** Set @a *provider to an authentication provider of type @c\r
 * svn_auth_cred_simple_t that gets/sets information from the user's\r
 * ~/.subversion configuration directory.\r
 *\r
 * If the provider is going to save the password unencrypted, it calls @a\r
 * plaintext_prompt_func, passing @a prompt_baton, before saving the\r
 * password.\r
 *\r
 * If @a plaintext_prompt_func is NULL it is not called and the answer is\r
 * assumed to be TRUE. This matches the deprecated behaviour of storing\r
 * unencrypted passwords by default, and is only done this way for backward\r
 * compatibility reasons.\r
 * Client developers are highly encouraged to provide this callback\r
 * to ensure their users are made aware of the fact that their password\r
 * is going to be stored unencrypted. In the future, providers may\r
 * default to not storing the password unencrypted if this callback is NULL.\r
 *\r
 * Clients can however set the callback to NULL and set\r
 * SVN_AUTH_PARAM_STORE_PLAINTEXT_PASSWORDS to SVN_CONFIG_FALSE or\r
 * SVN_CONFIG_TRUE to enforce a certain behaviour.\r
 *\r
 * Allocate @a *provider in @a pool.\r
 *\r
 * If a default username or password is available, @a *provider will\r
 * honor them as well, and return them when\r
 * svn_auth_first_credentials() is called.  (see @c\r
 * SVN_AUTH_PARAM_DEFAULT_USERNAME and @c\r
 * SVN_AUTH_PARAM_DEFAULT_PASSWORD).\r
 *\r
 * @since New in 1.6.\r
 */\r
void\r
svn_auth_get_simple_provider2\r
  (svn_auth_provider_object_t **provider,\r
   svn_auth_plaintext_prompt_func_t plaintext_prompt_func,\r
   void *prompt_baton,\r
   apr_pool_t *pool);\r
\r
/** Like svn_auth_get_simple_provider2, but without the ability to\r
 * call the svn_auth_plaintext_prompt_func_t callback, and the provider\r
 * always assumes that it is allowed to store the password in plaintext.\r
 *\r
 * @deprecated Provided for backwards compatibility with the 1.5 API.\r
 * @since New in 1.4.\r
 */\r
SVN_DEPRECATED\r
void\r
svn_auth_get_simple_provider(svn_auth_provider_object_t **provider,\r
                             apr_pool_t *pool);\r
\r
/** Set @a *provider to an authentication provider of type @c\r
 * svn_auth_provider_object_t, or return @a NULL if the provider is not\r
 * available for the requested platform or the requested provider is unknown.\r
 *\r
 * Valid @a provider_name values are: "gnome_keyring", "keychain", "kwallet"\r
 * and "windows".\r
 *\r
 * Valid @a provider_type values are: "simple", "ssl_client_cert_pw" and\r
 * "ssl_server_trust".\r
 *\r
 * Allocate @a *provider in @a pool.\r
 *\r
 * What actually happens is we invoke the appropriate provider function to\r
 * supply the @a provider, like so:\r
 *\r
 *    svn_auth_get_<name>_<type>_provider(@a provider, @a pool);\r
 *\r
 * @since New in 1.6.\r
 */\r
svn_error_t *\r
svn_auth_get_platform_specific_provider\r
  (svn_auth_provider_object_t **provider,\r
   const char *provider_name,\r
   const char *provider_type,\r
   apr_pool_t *pool);\r
\r
/** Set @a *providers to an array of <tt>svn_auth_provider_object_t *</tt>\r
 * objects.\r
 * Only client authentication providers available for the current platform are\r
 * returned. Order of the platform-specific authentication providers is\r
 * determined by the 'password-stores' configuration option which is retrieved\r
 * from @a config. @a config can be NULL.\r
 *\r
 * Create and allocate @a *providers in @a pool.\r
 *\r
 * Default order of the platform-specific authentication providers:\r
 *   1. gnome-keyring\r
 *   2. kwallet\r
 *   3. keychain\r
 *   4. windows-cryptoapi\r
 *\r
 * @since New in 1.6.\r
 */\r
svn_error_t *\r
svn_auth_get_platform_specific_client_providers\r
  (apr_array_header_t **providers,\r
   svn_config_t *config,\r
   apr_pool_t *pool);\r
\r
#if (defined(WIN32) && !defined(__MINGW32__)) || defined(DOXYGEN)\r
/**\r
 * Set @a *provider to an authentication provider of type @c\r
 * svn_auth_cred_simple_t that gets/sets information from the user's\r
 * ~/.subversion configuration directory.  Allocate @a *provider in\r
 * @a pool.\r
 *\r
 * This is like svn_auth_get_simple_provider(), except that, when\r
 * running on Window 2000 or newer (or any other Windows version that\r
 * includes the CryptoAPI), the provider encrypts the password before\r
 * storing it to disk. On earlier versions of Windows, the provider\r
 * does nothing.\r
 *\r
 * @since New in 1.4.\r
 * @note This function is only available on Windows.\r
 *\r
 * @note An administrative password reset may invalidate the account's\r
 * secret key. This function will detect that situation and behave as\r
 * if the password were not cached at all.\r
 */\r
void\r
svn_auth_get_windows_simple_provider(svn_auth_provider_object_t **provider,\r
                                     apr_pool_t *pool);\r
\r
/**\r
 * Set @a *provider to an authentication provider of type @c\r
 * svn_auth_cred_ssl_client_cert_pw_t that gets/sets information from the\r
 * user's ~/.subversion configuration directory.  Allocate @a *provider in\r
 * @a pool.\r
 *\r
 * This is like svn_auth_get_ssl_client_cert_pw_file_provider(), except that\r
 * when running on Window 2000 or newer, the provider encrypts the password\r
 * before storing it to disk. On earlier versions of Windows, the provider\r
 * does nothing.\r
 *\r
 * @since New in 1.6\r
 * @note This function is only available on Windows.\r
 *\r
 * @note An administrative password reset may invalidate the account's\r
 * secret key. This function will detect that situation and behave as\r
 * if the password were not cached at all.\r
 */\r
void\r
svn_auth_get_windows_ssl_client_cert_pw_provider\r
  (svn_auth_provider_object_t **provider,\r
   apr_pool_t *pool);\r
\r
/**\r
 * Set @a *provider to an authentication provider of type @c\r
 * svn_auth_cred_ssl_server_trust_t, allocated in @a pool.\r
 *\r
 * This provider automatically validates ssl server certificates with\r
 * the CryptoApi, like Internet Explorer and the Windows network API do.\r
 * This allows the rollout of root certificates via Windows Domain\r
 * policies, instead of Subversion specific configuration.\r
 *\r
 * @since New in 1.5.\r
 * @note This function is only available on Windows.\r
 */\r
void\r
svn_auth_get_windows_ssl_server_trust_provider\r
  (svn_auth_provider_object_t **provider,\r
   apr_pool_t *pool);\r
\r
#endif /* WIN32 && !__MINGW32__ || DOXYGEN */\r
\r
#if defined(DARWIN) || defined(DOXYGEN)\r
/**\r
 * Set @a *provider to an authentication provider of type @c\r
 * svn_auth_cred_simple_t that gets/sets information from the user's\r
 * ~/.subversion configuration directory.  Allocate @a *provider in\r
 * @a pool.\r
 *\r
 * This is like svn_auth_get_simple_provider(), except that the\r
 * password is stored in the Mac OS KeyChain.\r
 *\r
 * @since New in 1.4\r
 * @note This function is only available on Mac OS 10.2 and higher.\r
 */\r
void\r
svn_auth_get_keychain_simple_provider(svn_auth_provider_object_t **provider,\r
                                      apr_pool_t *pool);\r
\r
/**\r
 * Set @a *provider to an authentication provider of type @c\r
 * svn_auth_cred_ssl_client_cert_pw_t that gets/sets information from the\r
 * user's ~/.subversion configuration directory.  Allocate @a *provider in\r
 * @a pool.\r
 *\r
 * This is like svn_auth_get_ssl_client_cert_pw_file_provider(), except\r
 * that the password is stored in the Mac OS KeyChain.\r
 *\r
 * @since New in 1.6\r
 * @note This function is only available on Mac OS 10.2 and higher.\r
 */\r
void\r
svn_auth_get_keychain_ssl_client_cert_pw_provider\r
  (svn_auth_provider_object_t **provider,\r
   apr_pool_t *pool);\r
#endif /* DARWIN || DOXYGEN */\r
\r
#if (!defined(DARWIN) && !defined(WIN32)) || defined(DOXYGEN)\r
/** A type of callback function for obtaining the GNOME Keyring password.\r
 *\r
 * In this callback, the client should ask the user for default keyring\r
 * @a keyring_name password.\r
 *\r
 * The answer is returned in @a *keyring_password.\r
 * @a baton is an implementation-specific closure.\r
 * All allocations should be done in @a pool.\r
 *\r
 * @since New in 1.6\r
 */\r
typedef svn_error_t *(*svn_auth_gnome_keyring_unlock_prompt_func_t)\r
  (char **keyring_password,\r
   const char *keyring_name,\r
   void *baton,\r
   apr_pool_t *pool);\r
\r
\r
/** libsvn_auth_gnome_keyring-specific run-time parameters. */\r
\r
/** @brief The pointer to function which prompts user for GNOME Keyring\r
 * password.\r
 * The type of this pointer should be svn_auth_gnome_keyring_unlock_prompt_func_t. */\r
#define SVN_AUTH_PARAM_GNOME_KEYRING_UNLOCK_PROMPT_FUNC "gnome-keyring-unlock-prompt-func"\r
\r
/** @brief The baton which is passed to\r
 * @c *SVN_AUTH_PARAM_GNOME_KEYRING_UNLOCK_PROMPT_FUNC. */\r
#define SVN_AUTH_PARAM_GNOME_KEYRING_UNLOCK_PROMPT_BATON "gnome-keyring-unlock-prompt-baton"\r
\r
\r
/**\r
 * Get libsvn_auth_gnome_keyring version information.\r
 *\r
 * @since New in 1.6\r
 */\r
const svn_version_t *\r
svn_auth_gnome_keyring_version(void);\r
\r
\r
/**\r
 * Set @a *provider to an authentication provider of type @c\r
 * svn_auth_cred_simple_t that gets/sets information from the user's\r
 * ~/.subversion configuration directory.\r
 *\r
 * This is like svn_client_get_simple_provider(), except that the\r
 * password is stored in GNOME Keyring.\r
 *\r
 * If the GNOME Keyring is locked the provider calls\r
 * @c *SVN_AUTH_PARAM_GNOME_KEYRING_UNLOCK_PROMPT_FUNC in order to unlock\r
 * the keyring.\r
 *\r
 * @c SVN_AUTH_PARAM_GNOME_KEYRING_UNLOCK_PROMPT_BATON is passed to\r
 * @c *SVN_AUTH_PARAM_GNOME_KEYRING_UNLOCK_PROMPT_FUNC.\r
 *\r
 * Allocate @a *provider in @a pool.\r
 *\r
 * @since New in 1.6\r
 * @note This function actually works only on systems with\r
 * libsvn_auth_gnome_keyring and GNOME Keyring installed.\r
 */\r
void\r
svn_auth_get_gnome_keyring_simple_provider\r
    (svn_auth_provider_object_t **provider,\r
     apr_pool_t *pool);\r
\r
\r
/**\r
 * Set @a *provider to an authentication provider of type @c\r
 * svn_auth_cred_ssl_client_cert_pw_t that gets/sets information from the\r
 * user's ~/.subversion configuration directory.\r
 *\r
 * This is like svn_client_get_ssl_client_cert_pw_file_provider(), except\r
 * that the password is stored in GNOME Keyring.\r
 *\r
 * If the GNOME Keyring is locked the provider calls\r
 * @c *SVN_AUTH_PARAM_GNOME_KEYRING_UNLOCK_PROMPT_FUNC in order to unlock\r
 * the keyring.\r
 *\r
 * @c SVN_AUTH_PARAM_GNOME_KEYRING_UNLOCK_PROMPT_BATON is passed to\r
 * @c *SVN_AUTH_PARAM_GNOME_KEYRING_UNLOCK_PROMPT_FUNC.\r
 *\r
 * Allocate @a *provider in @a pool.\r
 *\r
 * @since New in 1.6\r
 * @note This function actually works only on systems with\r
 * libsvn_auth_gnome_keyring and GNOME Keyring installed.\r
 */\r
void\r
svn_auth_get_gnome_keyring_ssl_client_cert_pw_provider\r
  (svn_auth_provider_object_t **provider,\r
   apr_pool_t *pool);\r
\r
\r
/**\r
 * Get libsvn_auth_kwallet version information.\r
 *\r
 * @since New in 1.6\r
 */\r
const svn_version_t *\r
svn_auth_kwallet_version(void);\r
\r
\r
/**\r
 * Set @a *provider to an authentication provider of type @c\r
 * svn_auth_cred_simple_t that gets/sets information from the user's\r
 * ~/.subversion configuration directory.  Allocate @a *provider in\r
 * @a pool.\r
 *\r
 * This is like svn_client_get_simple_provider(), except that the\r
 * password is stored in KWallet.\r
 *\r
 * @since New in 1.6\r
 * @note This function actually works only on systems with libsvn_auth_kwallet\r
 * and KWallet installed.\r
 */\r
void\r
svn_auth_get_kwallet_simple_provider(svn_auth_provider_object_t **provider,\r
                                     apr_pool_t *pool);\r
\r
\r
/**\r
 * Set @a *provider to an authentication provider of type @c\r
 * svn_auth_cred_ssl_client_cert_pw_t that gets/sets information from the\r
 * user's ~/.subversion configuration directory.  Allocate @a *provider in\r
 * @a pool.\r
 *\r
 * This is like svn_client_get_ssl_client_cert_pw_file_provider(), except\r
 * that the password is stored in KWallet.\r
 *\r
 * @since New in 1.6\r
 * @note This function actually works only on systems with libsvn_auth_kwallet\r
 * and KWallet installed.\r
 */\r
void\r
svn_auth_get_kwallet_ssl_client_cert_pw_provider\r
  (svn_auth_provider_object_t **provider,\r
   apr_pool_t *pool);\r
#endif /* (!DARWIN && !WIN32) || DOXYGEN */\r
\r
\r
/** Set @a *provider to an authentication provider of type @c\r
 * svn_auth_cred_username_t that gets/sets information from a user's\r
 * ~/.subversion configuration directory.  Allocate @a *provider in\r
 * @a pool.\r
 *\r
 * If a default username is available, @a *provider will honor it,\r
 * and return it when svn_auth_first_credentials() is called.  (See\r
 * @c SVN_AUTH_PARAM_DEFAULT_USERNAME.)\r
 *\r
 * @since New in 1.4.\r
 */\r
void\r
svn_auth_get_username_provider(svn_auth_provider_object_t **provider,\r
                               apr_pool_t *pool);\r
\r
\r
/** Set @a *provider to an authentication provider of type @c\r
 * svn_auth_cred_ssl_server_trust_t, allocated in @a pool.\r
 *\r
 * @a *provider retrieves its credentials from the configuration\r
 * mechanism.  The returned credential is used to override SSL\r
 * security on an error.\r
 *\r
 * @since New in 1.4.\r
 */\r
void\r
svn_auth_get_ssl_server_trust_file_provider\r
  (svn_auth_provider_object_t **provider,\r
   apr_pool_t *pool);\r
\r
/** Set @a *provider to an authentication provider of type @c\r
 * svn_auth_cred_ssl_client_cert_t, allocated in @a pool.\r
 *\r
 * @a *provider retrieves its credentials from the configuration\r
 * mechanism.  The returned credential is used to load the appropriate\r
 * client certificate for authentication when requested by a server.\r
 *\r
 * @since New in 1.4.\r
 */\r
void\r
svn_auth_get_ssl_client_cert_file_provider\r
  (svn_auth_provider_object_t **provider,\r
   apr_pool_t *pool);\r
\r
\r
/** Set @a *provider to an authentication provider of type @c\r
 * svn_auth_cred_ssl_client_cert_pw_t that gets/sets information from the user's\r
 * ~/.subversion configuration directory.\r
 *\r
 * If the provider is going to save the passphrase unencrypted,\r
 * it calls @a plaintext_passphrase_prompt_func, passing @a\r
 * prompt_baton, before saving the passphrase.\r
 *\r
 * If @a plaintext_passphrase_prompt_func is NULL it is not called\r
 * and the passphrase is not stored in plaintext.\r
 * Client developers are highly encouraged to provide this callback\r
 * to ensure their users are made aware of the fact that their passphrase\r
 * is going to be stored unencrypted.\r
 *\r
 * Clients can however set the callback to NULL and set\r
 * SVN_AUTH_PARAM_STORE_SSL_CLIENT_CERT_PP_PLAINTEXT to SVN_CONFIG_FALSE or\r
 * SVN_CONFIG_TRUE to enforce a certain behaviour.\r
 *\r
 * Allocate @a *provider in @a pool.\r
 *\r
 * @since New in 1.6.\r
 */\r
void\r
svn_auth_get_ssl_client_cert_pw_file_provider2\r
  (svn_auth_provider_object_t **provider,\r
   svn_auth_plaintext_passphrase_prompt_func_t plaintext_passphrase_prompt_func,\r
   void *prompt_baton,\r
   apr_pool_t *pool);\r
\r
/** Like svn_auth_get_ssl_client_cert_pw_file_provider2, but without\r
 * the ability to call the svn_auth_plaintext_passphrase_prompt_func_t\r
 * callback, and the provider always assumes that it is not allowed\r
 * to store the passphrase in plaintext.\r
 *\r
 * @deprecated Provided for backwards compatibility with the 1.5 API.\r
 * @since New in 1.4.\r
 */\r
SVN_DEPRECATED\r
void\r
svn_auth_get_ssl_client_cert_pw_file_provider\r
  (svn_auth_provider_object_t **provider,\r
   apr_pool_t *pool);\r
\r
\r
/** Set @a *provider to an authentication provider of type @c\r
 * svn_auth_cred_ssl_server_trust_t, allocated in @a pool.\r
 *\r
 * @a *provider retrieves its credentials by using the @a prompt_func\r
 * and @a prompt_baton.  The returned credential is used to override\r
 * SSL security on an error.\r
 *\r
 * @since New in 1.4.\r
 */\r
void\r
svn_auth_get_ssl_server_trust_prompt_provider\r
  (svn_auth_provider_object_t **provider,\r
   svn_auth_ssl_server_trust_prompt_func_t prompt_func,\r
   void *prompt_baton,\r
   apr_pool_t *pool);\r
\r
\r
/** Set @a *provider to an authentication provider of type @c\r
 * svn_auth_cred_ssl_client_cert_t, allocated in @a pool.\r
 *\r
 * @a *provider retrieves its credentials by using the @a prompt_func\r
 * and @a prompt_baton.  The returned credential is used to load the\r
 * appropriate client certificate for authentication when requested by\r
 * a server.  The prompt will be retried @a retry_limit times. For\r
 * infinite retries, set @a retry_limit to value less than 0.\r
 *\r
 * @since New in 1.4.\r
 */\r
void\r
svn_auth_get_ssl_client_cert_prompt_provider\r
  (svn_auth_provider_object_t **provider,\r
   svn_auth_ssl_client_cert_prompt_func_t prompt_func,\r
   void *prompt_baton,\r
   int retry_limit,\r
   apr_pool_t *pool);\r
\r
\r
/** Set @a *provider to an authentication provider of type @c\r
 * svn_auth_cred_ssl_client_cert_pw_t, allocated in @a pool.\r
 *\r
 * @a *provider retrieves its credentials by using the @a prompt_func\r
 * and @a prompt_baton.  The returned credential is used when a loaded\r
 * client certificate is protected by a passphrase.  The prompt will\r
 * be retried @a retry_limit times. For infinite retries, set\r
 * @a retry_limit to value less than 0.\r
 *\r
 * @since New in 1.4.\r
 */\r
void\r
svn_auth_get_ssl_client_cert_pw_prompt_provider\r
  (svn_auth_provider_object_t **provider,\r
   svn_auth_ssl_client_cert_pw_prompt_func_t prompt_func,\r
   void *prompt_baton,\r
   int retry_limit,\r
   apr_pool_t *pool);\r
\r
#ifdef __cplusplus\r
}\r
#endif /* __cplusplus */\r
\r
#endif /* SVN_AUTH_H */\r