[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

authentication progress...

From: Ben Collins-Sussman <sussman_at_collab.net>
Date: 2001-09-17 23:32:17 CEST

Okay, I'm almost done inverting the authentication system from "client
push" to "RA pull". It's fully working in ra_local now... (at least
all the python tests pass).

ra_dav is still lying in pieces, but it's almost there. Since the RA
layer now effectively gets to decide when to store authentication data
(by "pushing" it back at the client via callback), it needs to be a
wee bit smart about this. For example, it shouldn't always store the
data as soon as authentication is successful; in the case of a
checkout, there's no working copy to store in! (I know this isn't
true of our current Apache setup... our current setup never challenges
a checkout, but it's conceivable that somebody might set up a closed

gstein, here are the relevant sections of my new svn_ra.h, if you're curious:


/*** Authentication ***/

/* This is the 2nd draft of client-side authentication; in the first
   draft, the client presumed to be in control of selecting auth
   methods and then "pushing" data at the RA layer. In this draft,
   the RA layer is presumed to be in control; as server challenges are
   made, it "pulls" data from the client via callbacks. */

/* List all known authenticator objects (protocols) here. */
#define SVN_RA_AUTH_USERNAME 0x0001
/* ### someday add other protocols here: PRIVATE_KEY, CERT, etc. */

/* Authenticators: these are small "protocol" vtables that are
   implemented by libsvn_client, but are driven by the RA layer.

   (Because they're related to authentication, we define them here in

   The RA layer is challenged by the server, and then fetches one of
   these vtables in order to retrieve the necessary authentication
   info from the client. */

/* A protocol which only needs a username. (used by ra_local)
   (matches type SVN_RA_AUTH_USERNAME above.) */
typedef struct svn_ra_username_authenticator_t
  /* Get a username from the client. */
  svn_error_t *(*get_username) (char **username,
                                void *auth_baton,
                                apr_pool_t *pool);

  /* If authentication was successful, tell the client to store the
     USERNAME. */
  svn_error_t *(*store_username) (const char *username,
                                  void *auth_baton);

} svn_ra_username_authenticator_t;

/* A protocol which needs a username and password (used by ra_dav)
   (matches type SVN_RA_AUTH_SIMPLE_PASSWORD above.) */
typedef struct svn_ra_simple_password_authenticator_t
  /* Get a username from the client. */
  svn_error_t *(*get_username) (char **username,
                                void *auth_baton,
                                apr_pool_t *pool);

  /* Get a password from the client. */
  svn_error_t *(*get_password) (char **password,
                                void *auth_baton,
                                apr_pool_t *pool);

  /* If authentication was successful, tell the client to store the
  svn_error_t *(*store_username) (const char *username,
                                  void *auth_baton);
  svn_error_t *(*store_password) (const char *password,
                                  void *auth_baton);

} svn_ra_simple_password_authenticator_t;

/* A collection of callbacks implemented by libsvn_client which allows
   an RA layer to "pull" information from the client application, or
   possibly store information. libsvn_client passes this vtable to

   Each routine takes a CALLBACK_BATON originally provided with the
   vtable. */
typedef struct svn_ra_callbacks_t
  /* Open a temporary file FILENAME in the working copy.
     Arguments are identical to apr_file_open(), except that FILENAME
     is presumed to be a basename (instead of a whole path.) */
  svn_error_t *(*open_tmp_file) (apr_file_t **fp,
                                 const char *filename,
                                 apr_int32_t flag,
                                 apr_fileperms_t perm,
                                 void *callback_baton,
                                 apr_pool_t *pool);
  /* Close (and delete!) the temporary file previously created. */
  svn_error_t *(*close_tmp_file) (apr_file_t *fp,
                                  void *callback_baton);

  /* Retrieve an AUTHENTICATOR/AUTH_BATON pair from the client,
     which represents the protocol METHOD. */
  svn_error_t *(*get_authenticator) (void **authenticator,
                                     void **auth_baton,
                                     apr_uint64_t method,
                                     void *callback_baton,
                                     apr_pool_t *pool);

} svn_ra_callbacks_t;

/* ### will svn_ra_callbacks_t need its own baton? probably .*/


/* The RA Library */

/* A vtable structure which encapsulates all the functionality of a
   particular repository-access implementation.

   Note: libsvn_client will keep an array of these objects,
   representing all RA libraries that it has simultaneously loaded
   into memory. Depending on the situation, the client can look
   through this array and find the appropriate implementation it
   needs. */

typedef struct svn_ra_plugin_t
  /* The proper name of the ra library, (e.g. "ra_dav" or "ra_local") */
  const char *name;
  /* Short doc string printed out by `svn -v` */
  const char *description;

  /* The vtable hooks */
  /* Open a repository session to REPOS_URL. Return an opaque object
     representing this session in *SESSION_BATON, allocated in POOL.

     CALLBACKS/CALLBACK_BATON is a table of callbacks provided by the
     client; see svn_ra_callbacks_t above.

     All RA requests require a session_baton; they will continue to
     use POOL for memory allocation. */
  svn_error_t *(*open) (void **session_baton,
                        svn_stringbuf_t *repos_URL,
                        svn_ra_callbacks_t *callbacks,
                        void *callback_baton,
                        apr_pool_t *pool);

To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Sat Oct 21 14:36:41 2006

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.