1 # Copyright (C) 2005-2007 Jelmer Vernooij <jelmer@samba.org>
3 # This program is free software; you can redistribute it and/or modify
4 # it under the terms of the GNU General Public License as published by
5 # the Free Software Foundation; either version 3 of the License, or
6 # (at your option) any later version.
8 # This program is distributed in the hope that it will be useful,
9 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # GNU General Public License for more details.
13 # You should have received a copy of the GNU General Public License
14 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 """Authentication token retrieval."""
18 from bzrlib.config import AuthenticationConfig
19 from bzrlib.ui import ui_factory
20 from svn.core import (svn_auth_cred_username_t,
21 svn_auth_cred_simple_t,
22 svn_auth_cred_ssl_client_cert_t,
23 svn_auth_cred_ssl_client_cert_pw_t,
24 svn_auth_cred_ssl_server_trust_t,
25 svn_auth_get_username_prompt_provider,
26 svn_auth_get_simple_prompt_provider,
27 svn_auth_get_ssl_server_trust_prompt_provider,
28 svn_auth_get_ssl_client_cert_pw_prompt_provider)
31 class SubversionAuthenticationConfig(AuthenticationConfig):
32 """Simple extended version of AuthenticationConfig that can provide
33 the information Subversion requires.
35 def __init__(self, file=None, scheme="svn", host=None):
36 super(SubversionAuthenticationConfig, self).__init__(file)
40 def get_svn_username(self, realm, may_save, pool=None):
41 """Look up a Subversion user name in the Bazaar authentication cache.
43 :param realm: Authentication realm (optional)
44 :param may_save: Whether or not the username should be saved.
45 :param pool: Allocation pool, is ignored.
47 username_cred = svn_auth_cred_username_t()
48 username_cred.username = self.get_user(self.scheme,
49 host=self.host, realm=realm)
50 username_cred.may_save = False
53 def get_svn_simple(self, realm, username, may_save, pool):
54 """Look up a Subversion user name+password combination in the Bazaar
57 :param realm: Authentication realm (optional)
58 :param username: Username, if it is already known, or None.
59 :param may_save: Whether or not the username should be saved.
60 :param pool: Allocation pool, is ignored.
62 simple_cred = svn_auth_cred_simple_t()
63 simple_cred.username = username or self.get_username(realm, may_save,
64 pool, prompt="%s password" % realm)
65 simple_cred.password = self.get_password(self.scheme, host=self.host,
66 user=simple_cred.username, realm=realm,
67 prompt="%s password" % realm)
68 simple_cred.may_save = False
71 def get_svn_ssl_server_trust(self, realm, failures, cert_info, may_save,
73 """Return a Subversion auth provider that verifies SSL server trust.
75 :param realm: Realm name (optional)
76 :param failures: Failures to check for (bit field, SVN_AUTH_SSL_*)
77 :param cert_info: Certificate information
78 :param may_save: Whether this information may be stored.
80 ssl_server_trust = svn_auth_cred_ssl_server_trust_t()
81 credentials = self.get_credentials(self.scheme, host=self.host)
82 if (credentials is not None and
83 credentials.has_key("verify_certificates") and
84 credentials["verify_certificates"] == False):
85 ssl_server_trust.accepted_failures = (
86 core.SVN_AUTH_SSL_NOTYETVALID +
87 core.SVN_AUTH_SSL_EXPIRED +
88 core.SVN_AUTH_SSL_CNMISMATCH +
89 core.SVN_AUTH_SSL_UNKNOWNCA +
90 core.SVN_AUTH_SSL_OTHER)
92 ssl_server_trust.accepted_failures = 0
93 ssl_server_trust.may_save = False
94 return ssl_server_trust
96 def get_svn_username_prompt_provider(self, retries):
97 """Return a Subversion auth provider for retrieving the username, as
98 accepted by svn_auth_open().
100 :param retries: Number of allowed retries.
102 return svn_auth_get_username_prompt_provider(self.get_svn_username,
105 def get_svn_simple_prompt_provider(self, retries):
106 """Return a Subversion auth provider for retrieving a
107 username+password combination, as accepted by svn_auth_open().
109 :param retries: Number of allowed retries.
111 return svn_auth_get_simple_prompt_provider(self.get_svn_simple, retries)
113 def get_svn_ssl_server_trust_prompt_provider(self):
114 """Return a Subversion auth provider for checking
115 whether a SSL server is trusted."""
116 return svn_auth_get_ssl_server_trust_prompt_provider(
117 self.get_svn_ssl_server_trust)
119 def get_svn_auth_providers(self):
120 """Return a list of auth providers for this authentication file.
122 return [self.get_svn_username_prompt_provider(1),
123 self.get_svn_simple_prompt_provider(1),
124 self.get_svn_ssl_server_trust_prompt_provider()]
127 def get_ssl_client_cert_pw(realm, may_save, pool):
128 """Simple SSL client certificate password prompter.
130 :param realm: Realm, optional.
131 :param may_save: Whether the password can be cached.
133 ssl_cred_pw = svn_auth_cred_ssl_client_cert_pw_t()
134 ssl_cred_pw.password = ui_factory.get_password(
135 "Please enter password for client certificate[realm=%s]" % realm)
136 ssl_cred_pw.may_save = False
140 def get_ssl_client_cert_pw_provider(tries):
141 return svn_auth_get_ssl_client_cert_pw_prompt_provider(
142 get_ssl_client_cert_pw, tries)