1 # Copyright (C) 2005-2007 Jelmer Vernooij <jelmer@samba.org>
3 # This program is free software; you can redistribute it and/or modify
4 # it under the terms of the GNU General Public License as published by
5 # the Free Software Foundation; either version 3 of the License, or
6 # (at your option) any later version.
8 # This program is distributed in the hope that it will be useful,
9 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # GNU General Public License for more details.
13 # You should have received a copy of the GNU General Public License
14 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 from bzrlib.config import AuthenticationConfig
17 from bzrlib.ui import ui_factory
18 from svn.core import (svn_auth_cred_username_t,
19 svn_auth_cred_simple_t,
20 svn_auth_cred_ssl_client_cert_t,
21 svn_auth_cred_ssl_client_cert_pw_t,
22 svn_auth_cred_ssl_server_trust_t,
23 svn_auth_get_username_prompt_provider,
24 svn_auth_get_simple_prompt_provider,
25 svn_auth_get_ssl_server_trust_prompt_provider,
26 svn_auth_get_ssl_client_cert_pw_prompt_provider)
29 class SubversionAuthenticationConfig(AuthenticationConfig):
30 """Simple extended version of AuthenticationConfig that can provide
31 the information Subversion requires.
33 def __init__(self, file=None, scheme="svn", host=None):
34 super(SubversionAuthenticationConfig, self).__init__(file)
38 def get_svn_username(self, realm, may_save, pool=None):
39 """Look up a Subversion user name in the Bazaar authentication cache.
41 :param realm: Authentication realm (optional)
42 :param may_save: Whether or not the username should be saved.
43 :param pool: Allocation pool, is ignored.
45 username_cred = svn_auth_cred_username_t()
46 username_cred.username = self.get_user(self.scheme, host=self.host, realm=realm)
47 username_cred.may_save = False
50 def get_svn_simple(self, realm, username, may_save, pool):
51 """Look up a Subversion user name+password combination in the Bazaar authentication cache.
53 :param realm: Authentication realm (optional)
54 :param username: Username, if it is already known, or None.
55 :param may_save: Whether or not the username should be saved.
56 :param pool: Allocation pool, is ignored.
58 simple_cred = svn_auth_cred_simple_t()
59 simple_cred.username = username or self.get_username(realm, may_save, pool, prompt="%s password" % realm)
60 simple_cred.password = self.get_password(self.scheme, host=self.host,
61 user=simple_cred.username, realm=realm,
62 prompt="%s password" % realm)
63 simple_cred.may_save = False
66 def get_svn_ssl_server_trust(self, realm, failures, cert_info, may_save, pool):
67 """Return a Subversion auth provider that verifies SSL server trust.
69 :param realm: Realm name (optional)
70 :param failures: Failures to check for (bit field, SVN_AUTH_SSL_*)
71 :param cert_info: Certificate information
72 :param may_save: Whether this information may be stored.
74 ssl_server_trust = svn_auth_cred_ssl_server_trust_t()
75 credentials = self.get_credentials(self.scheme, host=self.host)
76 if (credentials is not None and
77 credentials.has_key("verify_certificates") and
78 credentials["verify_certificates"] == False):
79 ssl_server_trust.accepted_failures = (svn.core.SVN_AUTH_SSL_NOTYETVALID +
80 svn.core.SVN_AUTH_SSL_EXPIRED +
81 svn.core.SVN_AUTH_SSL_CNMISMATCH +
82 svn.core.SVN_AUTH_SSL_UNKNOWNCA +
83 svn.core.SVN_AUTH_SSL_OTHER)
85 ssl_server_trust.accepted_failures = 0
86 ssl_server_trust.may_save = False
87 return ssl_server_trust
89 def get_svn_username_prompt_provider(self, retries):
90 """Return a Subversion auth provider for retrieving the username, as
91 accepted by svn_auth_open().
93 :param retries: Number of allowed retries.
95 return svn_auth_get_username_prompt_provider(self.get_svn_username, retries)
97 def get_svn_simple_prompt_provider(self, retries):
98 """Return a Subversion auth provider for retrieving a
99 username+password combination, as accepted by svn_auth_open().
101 :param retries: Number of allowed retries.
103 return svn_auth_get_simple_prompt_provider(self.get_svn_simple, retries)
105 def get_svn_ssl_server_trust_prompt_provider(self):
106 """Return a Subversion auth provider for checking
107 whether a SSL server is trusted."""
108 return svn_auth_get_ssl_server_trust_prompt_provider(self.get_svn_ssl_server_trust)
110 def get_svn_auth_providers(self):
111 """Return a list of auth providers for this authentication file.
113 return [self.get_svn_username_prompt_provider(1),
114 self.get_svn_simple_prompt_provider(1),
115 self.get_svn_ssl_server_trust_prompt_provider()]
118 def get_ssl_client_cert_pw(realm, may_save, pool):
119 """Simple SSL client certificate password prompter.
121 :param realm: Realm, optional.
122 :param may_save: Whether the password can be cached.
124 ssl_cred_pw = svn_auth_cred_ssl_client_cert_pw_t()
125 ssl_cred_pw.password = \
126 ui_factory.get_password("Please enter password for client certificate[realm=%s]" % realm)
127 ssl_cred_pw.may_save = False
131 def get_ssl_client_cert_pw_provider(tries):
132 return svn_auth_get_ssl_client_cert_pw_prompt_provider(get_ssl_client_cert_pw, tries)