1 /*
2  * svn_server.h :  declarations for the svn server
3  *
4  * ====================================================================
5  *    Licensed to the Apache Software Foundation (ASF) under one
6  *    or more contributor license agreements.  See the NOTICE file
7  *    distributed with this work for additional information
8  *    regarding copyright ownership.  The ASF licenses this file
9  *    to you under the Apache License, Version 2.0 (the
10  *    "License"); you may not use this file except in compliance
11  *    with the License.  You may obtain a copy of the License at
12  *
13  *      http://www.apache.org/licenses/LICENSE-2.0
14  *
15  *    Unless required by applicable law or agreed to in writing,
16  *    software distributed under the License is distributed on an
17  *    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
18  *    KIND, either express or implied.  See the License for the
19  *    specific language governing permissions and limitations
20  *    under the License.
21  * ====================================================================
22  */
23 
24 
25 
26 #ifndef SERVER_H
27 #define SERVER_H
28 
29 #include <apr_network_io.h>
30 
31 #ifdef __cplusplus
32 extern "C" {
33 #endif /* __cplusplus */
34 
35 #include "svn_config.h"
36 #include "svn_repos.h"
37 #include "svn_ra_svn.h"
38 
39 #include "private/svn_atomic.h"
40 #include "private/svn_mutex.h"
41 #include "private/svn_repos_private.h"
42 #include "private/svn_subr_private.h"
43 
44 enum username_case_type { CASE_FORCE_UPPER, CASE_FORCE_LOWER, CASE_ASIS };
45 
46 enum authn_type { UNAUTHENTICATED, AUTHENTICATED };
47 enum access_type { NO_ACCESS, READ_ACCESS, WRITE_ACCESS };
48 
49 typedef struct repository_t {
50   svn_repos_t *repos;
51   const char *repos_name;  /* URI-encoded name of repository (not for authz) */
52   const char *repos_root;  /* Repository root directory */
53   svn_fs_t *fs;            /* For convenience; same as svn_repos_fs(repos) */
54   const char *base;        /* Base directory for config files */
55   svn_config_t *pwdb;      /* Parsed password database */
56   svn_authz_t *authzdb;    /* Parsed authz rules */
57   const char *authz_repos_name; /* The name of the repository for authz */
58   const char *realm;       /* Authentication realm */
59   const char *repos_url;   /* URL to base of repository */
60   const char *hooks_env;   /* Path to the hooks environment file or NULL */
61   const char *uuid;        /* Repository ID */
62   apr_array_header_t *capabilities;
63                            /* Client capabilities (SVN_RA_CAPABILITY_*) */
64   svn_stringbuf_t *fs_path;/* Decoded base in-repos path (w/ leading slash) */
65   enum username_case_type username_case; /* Case-normalize the username? */
66   svn_boolean_t use_sasl;  /* Use Cyrus SASL for authentication;
67                               always false if SVN_HAVE_SASL not defined */
68 #ifdef SVN_HAVE_SASL
69   unsigned min_ssf;        /* min-encryption SASL parameter */
70   unsigned max_ssf;        /* max-encryption SASL parameter */
71 #endif
72 
73   enum access_type auth_access; /* access granted to authenticated users */
74   enum access_type anon_access; /* access granted to annonymous users */
75 
76 } repository_t;
77 
78 typedef struct client_info_t {
79   const char *user;        /* Authenticated username of the user */
80   const char *remote_host; /* IP of the client that contacted the server */
81   const char *authz_user;  /* Username for authz ('user' + 'username_case') */
82   svn_boolean_t tunnel;    /* Tunneled through login agent */
83   const char *tunnel_user; /* Allow EXTERNAL to authenticate as this */
84 } client_info_t;
85 
86 typedef struct server_baton_t {
87   repository_t *repository; /* repository-specific data to use */
88   client_info_t *client_info; /* client-specific data to use */
89   struct logger_t *logger; /* Log file data structure.
90                               May be NULL even if log_file is not. */
91   svn_boolean_t read_only; /* Disallow write access (global flag) */
92   svn_boolean_t vhost;     /* Use virtual-host-based path to repo. */
93   apr_pool_t *pool;
94 } server_baton_t;
95 
96 typedef struct serve_params_t {
97   /* The virtual root of the repositories to serve.  The client URL
98      path is interpreted relative to this root and is not allowed to
99      escape it. */
100   const char *root;
101 
102   /* True if the connection is tunneled over an ssh-like transport,
103      such that the client may use EXTERNAL to authenticate as the
104      current uid's username. */
105   svn_boolean_t tunnel;
106 
107   /* If tunnel is true, overrides the current uid's username as the
108      identity EXTERNAL authenticates as. */
109   const char *tunnel_user;
110 
111   /* True if the read-only flag was specified on the command-line,
112      which forces all connections to be read-only. */
113   svn_boolean_t read_only;
114 
115   /* The base directory for any relative configuration files. */
116   const char *base;
117 
118   /* A parsed repository svnserve configuration file, ala
119      svnserve.conf.  If this is NULL, then no configuration file was
120      specified on the command line.  If this is non-NULL, then
121      per-repository svnserve.conf are not read. */
122   svn_config_t *cfg;
123 
124   /* logging data structure; possibly NULL. */
125   struct logger_t *logger;
126 
127   /* all configurations should be opened through this factory */
128   svn_repos__config_pool_t *config_pool;
129 
130   /* The FS configuration to be applied to all repositories.
131      It mainly contains things like cache settings. */
132   apr_hash_t *fs_config;
133 
134   /* Username case normalization style. */
135   enum username_case_type username_case;
136 
137   /* Size of the in-memory cache (used by FSFS only). */
138   apr_uint64_t memory_cache_size;
139 
140   /* Data compression level to reduce for network traffic. If this
141      is 0, no compression should be applied and the protocol may
142      fall back to svndiff "version 0" bypassing zlib entirely.
143      Defaults to SVN_DELTA_COMPRESSION_LEVEL_DEFAULT. */
144   int compression_level;
145 
146   /* Item size up to which we use the zero-copy code path to transmit
147      them over the network.  0 disables that code path. */
148   apr_size_t zero_copy_limit;
149 
150   /* Amount of data to send between checks for cancellation requests
151      coming in from the client. */
152   apr_size_t error_check_interval;
153 
154   /* If not 0, error out on requests exceeding this value. */
155   apr_uint64_t max_request_size;
156 
157   /* If not 0, stop sending a response once it exceeds this value. */
158   apr_uint64_t max_response_size;
159 
160   /* Use virtual-host-based path to repo. */
161   svn_boolean_t vhost;
162 } serve_params_t;
163 
164 /* This structure contains all data that describes a client / server
165    connection.  Their lifetime is separated from the thread-local
166    serving pools. */
167 typedef struct connection_t
168 {
169   /* socket return by accept() */
170   apr_socket_t *usock;
171 
172   /* server-global parameters */
173   serve_params_t *params;
174 
175   /* connection-specific objects */
176   server_baton_t *baton;
177 
178   /* buffered connection object used by the marshaller */
179   svn_ra_svn_conn_t *conn;
180 
181   /* memory pool for objects with connection lifetime */
182   apr_pool_t *pool;
183 
184   /* Number of threads using the pool.
185      The pool passed to apr_thread_create can only be released when both
186 
187         A: the call to apr_thread_create has returned to the calling thread
188         B: the new thread has started running and reached apr_thread_start_t
189 
190      So we set the atomic counter to 2 then both the calling thread and
191      the new thread decrease it and when it reaches 0 the pool can be
192      released.  */
193   svn_atomic_t ref_count;
194 
195 } connection_t;
196 
197 /* Return a client_info_t structure allocated in POOL and initialize it
198  * with data from CONN. */
199 client_info_t * get_client_info(svn_ra_svn_conn_t *conn,
200                                 serve_params_t *params,
201                                 apr_pool_t *pool);
202 
203 /* Serve the connection CONN according to the parameters PARAMS. */
204 svn_error_t *serve(svn_ra_svn_conn_t *conn, serve_params_t *params,
205                    apr_pool_t *pool);
206 
207 /* Serve the connection CONNECTION for as long as IS_BUSY does not
208    return TRUE.  If IS_BUSY is NULL, serve the connection until it
209    either gets terminated or there is an error.  If TERMINATE_P is
210    not NULL, set *TERMINATE_P to TRUE if the connection got
211    terminated.
212 
213    For the first call, CONNECTION->CONN may be NULL in which case we
214    will create an ra_svn connection object.  Subsequent calls will
215    check for an open repository and automatically re-open the repo
216    in pool if necessary.
217  */
218 svn_error_t *
219 serve_interruptable(svn_boolean_t *terminate_p,
220                     connection_t *connection,
221                     svn_boolean_t (* is_busy)(connection_t *),
222                     apr_pool_t *pool);
223 
224 /* Initialize the Cyrus SASL library. POOL is used for allocations. */
225 svn_error_t *cyrus_init(apr_pool_t *pool);
226 
227 /* Authenticate using Cyrus SASL. */
228 svn_error_t *cyrus_auth_request(svn_ra_svn_conn_t *conn,
229                                 apr_pool_t *pool,
230                                 server_baton_t *b,
231                                 enum access_type required,
232                                 svn_boolean_t needs_username);
233 
234 /* Escape SOURCE into DEST where SOURCE is null-terminated and DEST is
235    size BUFLEN DEST will be null-terminated.  Returns number of bytes
236    written, including terminating null byte. */
237 apr_size_t escape_errorlog_item(char *dest, const char *source,
238                                 apr_size_t buflen);
239 
240 #ifdef __cplusplus
241 }
242 #endif /* __cplusplus */
243 
244 #endif  /* SERVER_H */
245