1 # Copyright (C) 2005-2007 Jelmer Vernooij <jelmer@samba.org>
3 # This program is free software; you can redistribute it and/or modify
4 # it under the terms of the GNU General Public License as published by
5 # the Free Software Foundation; either version 3 of the License, or
6 # (at your option) any later version.
8 # This program is distributed in the hope that it will be useful,
9 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # GNU General Public License for more details.
13 # You should have received a copy of the GNU General Public License
14 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 """Authentication token retrieval."""
18 from bzrlib.config import AuthenticationConfig
19 from bzrlib.ui import ui_factory
20 from ra import (get_username_prompt_provider,
21 get_simple_prompt_provider,
22 get_ssl_server_trust_prompt_provider,
23 get_ssl_client_cert_pw_prompt_provider,
24 get_simple_provider, get_username_provider,
25 get_ssl_client_cert_file_provider,
26 get_ssl_client_cert_pw_file_provider,
27 get_ssl_server_trust_file_provider,
33 class SubversionAuthenticationConfig(AuthenticationConfig):
34 """Simple extended version of AuthenticationConfig that can provide
35 the information Subversion requires.
37 def __init__(self, file=None, scheme="svn", host=None):
38 super(SubversionAuthenticationConfig, self).__init__(file)
42 def get_svn_username(self, realm, may_save):
43 """Look up a Subversion user name in the Bazaar authentication cache.
45 :param realm: Authentication realm (optional)
46 :param may_save: Whether or not the username should be saved.
48 username = self.get_user(self.scheme, host=self.host, realm=realm)
49 return (username, False)
51 def get_svn_simple(self, realm, username, may_save, pool):
52 """Look up a Subversion user name+password combination in the Bazaar
55 :param realm: Authentication realm (optional)
56 :param username: Username, if it is already known, or None.
57 :param may_save: Whether or not the username should be saved.
58 :param pool: Allocation pool, is ignored.
60 username = username or self.get_username(realm, may_save,
61 pool, prompt="%s password" % realm)
62 password = self.get_password(self.scheme, host=self.host,
63 user=simple_cred.username, realm=realm,
64 prompt="%s password" % realm)
65 return (username, password, False)
67 def get_svn_ssl_server_trust(self, realm, failures, cert_info, may_save,
69 """Return a Subversion auth provider that verifies SSL server trust.
71 :param realm: Realm name (optional)
72 :param failures: Failures to check for (bit field, SVN_AUTH_SSL_*)
73 :param cert_info: Certificate information
74 :param may_save: Whether this information may be stored.
76 credentials = self.get_credentials(self.scheme, host=self.host)
77 if (credentials is not None and
78 credentials.has_key("verify_certificates") and
79 credentials["verify_certificates"] == False):
81 constants.AUTH_SSL_NOTYETVALID +
82 constants.AUTH_SSL_EXPIRED +
83 constants.AUTH_SSL_CNMISMATCH +
84 constants.AUTH_SSL_UNKNOWNCA +
85 constants.AUTH_SSL_OTHER)
88 return (accepted_failures, False)
90 def get_svn_username_prompt_provider(self, retries):
91 """Return a Subversion auth provider for retrieving the username, as
92 accepted by svn_auth_open().
94 :param retries: Number of allowed retries.
96 return get_username_prompt_provider(self.get_svn_username,
99 def get_svn_simple_prompt_provider(self, retries):
100 """Return a Subversion auth provider for retrieving a
101 username+password combination, as accepted by svn_auth_open().
103 :param retries: Number of allowed retries.
105 return get_simple_prompt_provider(self.get_svn_simple, retries)
107 def get_svn_ssl_server_trust_prompt_provider(self):
108 """Return a Subversion auth provider for checking
109 whether a SSL server is trusted."""
110 return get_ssl_server_trust_prompt_provider(
111 self.get_svn_ssl_server_trust)
113 def get_svn_auth_providers(self):
114 """Return a list of auth providers for this authentication file.
116 return [self.get_svn_username_prompt_provider(1),
117 self.get_svn_simple_prompt_provider(1),
118 self.get_svn_ssl_server_trust_prompt_provider()]
121 def get_ssl_client_cert_pw(realm, may_save, pool):
122 """Simple SSL client certificate password prompter.
124 :param realm: Realm, optional.
125 :param may_save: Whether the password can be cached.
127 password = ui_factory.get_password(
128 "Please enter password for client certificate[realm=%s]" % realm)
129 return (password, False)
132 def get_ssl_client_cert_pw_provider(tries):
133 return get_ssl_client_cert_pw_prompt_provider(
134 get_ssl_client_cert_pw, tries)
137 def create_auth_baton():
138 """Create a Subversion authentication baton. """
139 # Give the client context baton a suite of authentication
142 providers += SubversionAuthenticationConfig().get_svn_auth_providers()
144 get_ssl_client_cert_pw_provider(1),
145 get_simple_provider(),
146 get_username_provider(),
147 get_ssl_client_cert_file_provider(),
148 get_ssl_client_cert_pw_file_provider(),
149 get_ssl_server_trust_file_provider(),
152 if hasattr(ra, 'get_windows_simple_provider'):
153 providers.append(ra.get_windows_simple_provider())
155 if hasattr(ra, 'get_keychain_simple_provider'):
156 providers.append(ra.get_keychain_simple_provider())
158 if hasattr(ra, 'get_windows_ssl_server_trust_provider'):
159 providers.append(ra.get_windows_ssl_server_trust_provider())
161 return Auth(providers)