1package Git::SVN::Prompt;
2use strict;
3use warnings;
4require SVN::Core;
5use vars qw/$_no_auth_cache $_username/;
6
7sub simple {
8 my ($cred, $realm, $default_username, $may_save, $pool) = @_;
9 $may_save = undef if $_no_auth_cache;
10 $default_username = $_username if defined $_username;
11 if (defined $default_username && length $default_username) {
12 if (defined $realm && length $realm) {
13 print STDERR "Authentication realm: $realm\n";
14 STDERR->flush;
15 }
16 $cred->username($default_username);
17 } else {
18 username($cred, $realm, $may_save, $pool);
19 }
20 $cred->password(_read_password("Password for '" .
21 $cred->username . "': ", $realm));
22 $cred->may_save($may_save);
23 $SVN::_Core::SVN_NO_ERROR;
24}
25
26sub ssl_server_trust {
27 my ($cred, $realm, $failures, $cert_info, $may_save, $pool) = @_;
28 $may_save = undef if $_no_auth_cache;
29 print STDERR "Error validating server certificate for '$realm':\n";
30 {
31 no warnings 'once';
32 # All variables SVN::Auth::SSL::* are used only once,
33 # so we're shutting up Perl warnings about this.
34 if ($failures & $SVN::Auth::SSL::UNKNOWNCA) {
35 print STDERR " - The certificate is not issued ",
36 "by a trusted authority. Use the\n",
37 " fingerprint to validate ",
38 "the certificate manually!\n";
39 }
40 if ($failures & $SVN::Auth::SSL::CNMISMATCH) {
41 print STDERR " - The certificate hostname ",
42 "does not match.\n";
43 }
44 if ($failures & $SVN::Auth::SSL::NOTYETVALID) {
45 print STDERR " - The certificate is not yet valid.\n";
46 }
47 if ($failures & $SVN::Auth::SSL::EXPIRED) {
48 print STDERR " - The certificate has expired.\n";
49 }
50 if ($failures & $SVN::Auth::SSL::OTHER) {
51 print STDERR " - The certificate has ",
52 "an unknown error.\n";
53 }
54 } # no warnings 'once'
55 printf STDERR
56 "Certificate information:\n".
57 " - Hostname: %s\n".
58 " - Valid: from %s until %s\n".
59 " - Issuer: %s\n".
60 " - Fingerprint: %s\n",
61 map $cert_info->$_, qw(hostname valid_from valid_until
62 issuer_dname fingerprint);
63 my $choice;
64prompt:
65 my $options = $may_save ?
66 "(R)eject, accept (t)emporarily or accept (p)ermanently? " :
67 "(R)eject or accept (t)emporarily? ";
68 STDERR->flush;
69 $choice = lc(substr(Git::prompt("Certificate problem.\n" . $options) || 'R', 0, 1));
70 if ($choice eq 't') {
71 $cred->may_save(undef);
72 } elsif ($choice eq 'r') {
73 return -1;
74 } elsif ($may_save && $choice eq 'p') {
75 $cred->may_save($may_save);
76 } else {
77 goto prompt;
78 }
79 $cred->accepted_failures($failures);
80 $SVN::_Core::SVN_NO_ERROR;
81}
82
83sub ssl_client_cert {
84 my ($cred, $realm, $may_save, $pool) = @_;
85 $may_save = undef if $_no_auth_cache;
86 print STDERR "Client certificate filename: ";
87 STDERR->flush;
88 chomp(my $filename = <STDIN>);
89 $cred->cert_file($filename);
90 $cred->may_save($may_save);
91 $SVN::_Core::SVN_NO_ERROR;
92}
93
94sub ssl_client_cert_pw {
95 my ($cred, $realm, $may_save, $pool) = @_;
96 $may_save = undef if $_no_auth_cache;
97 $cred->password(_read_password("Password: ", $realm));
98 $cred->may_save($may_save);
99 $SVN::_Core::SVN_NO_ERROR;
100}
101
102sub username {
103 my ($cred, $realm, $may_save, $pool) = @_;
104 $may_save = undef if $_no_auth_cache;
105 if (defined $realm && length $realm) {
106 print STDERR "Authentication realm: $realm\n";
107 }
108 my $username;
109 if (defined $_username) {
110 $username = $_username;
111 } else {
112 $username = Git::prompt("Username: ");
113 }
114 $cred->username($username);
115 $cred->may_save($may_save);
116 $SVN::_Core::SVN_NO_ERROR;
117}
118
119sub _read_password {
120 my ($prompt, $realm) = @_;
121 my $password = Git::prompt($prompt, 1);
122 $password;
123}
124
1251;
126__END__
127
128Git::SVN::Prompt - authentication callbacks for git-svn
129
130=head1 SYNOPSIS
131
132 use Git::SVN::Prompt qw(simple ssl_client_cert ssl_client_cert_pw
133 ssl_server_trust username);
134 use SVN::Client ();
135
136 my $cached_simple = SVN::Client::get_simple_provider();
137 my $git_simple = SVN::Client::get_simple_prompt_provider(\&simple, 2);
138 my $cached_ssl = SVN::Client::get_ssl_server_trust_file_provider();
139 my $git_ssl = SVN::Client::get_ssl_server_trust_prompt_provider(
140 \&ssl_server_trust);
141 my $cached_cert = SVN::Client::get_ssl_client_cert_file_provider();
142 my $git_cert = SVN::Client::get_ssl_client_cert_prompt_provider(
143 \&ssl_client_cert, 2);
144 my $cached_cert_pw = SVN::Client::get_ssl_client_cert_pw_file_provider();
145 my $git_cert_pw = SVN::Client::get_ssl_client_cert_pw_prompt_provider(
146 \&ssl_client_cert_pw, 2);
147 my $cached_username = SVN::Client::get_username_provider();
148 my $git_username = SVN::Client::get_username_prompt_provider(
149 \&username, 2);
150
151 my $ctx = new SVN::Client(
152 auth => [
153 $cached_simple, $git_simple,
154 $cached_ssl, $git_ssl,
155 $cached_cert, $git_cert,
156 $cached_cert_pw, $git_cert_pw,
157 $cached_username, $git_username
158 ]);
159
160=head1 DESCRIPTION
161
162This module is an implementation detail of the "git svn" command.
163It implements git-svn's authentication policy. Do not use it unless
164you are developing git-svn.
165
166The interface will change as git-svn evolves.
167
168=head1 DEPENDENCIES
169
170L<SVN::Core>.
171
172=head1 SEE ALSO
173
174L<SVN::Client>.
175
176=head1 INCOMPATIBILITIES
177
178None reported.
179
180=head1 BUGS
181
182None.