include/git2/credential.h

0001 /*
0002  * Copyright (C) the libgit2 contributors. All rights reserved.
0003  *
0004  * This file is part of libgit2, distributed under the GNU GPL v2 with
0005  * a Linking Exception. For full terms see the included COPYING file.
0006  */
0007 #ifndef INCLUDE_git_credential_h__
0008 #define INCLUDE_git_credential_h__
0009
0010 #include "common.h"
0011
0012 /**
0013  * @file git2/credential.h
0014  * @brief Git authentication & credential management
0015  * @defgroup git_credential Authentication & credential management
0016  * @ingroup Git
0017  * @{
0018  */
0019 GIT_BEGIN_DECL
0020
0021 /**
0022  * Supported credential types
0023  *
0024  * This represents the various types of authentication methods supported by
0025  * the library.
0026  */
0027 typedef enum {
0028     /**
0029      * A vanilla user/password request
0030      * @see git_credential_userpass_plaintext_new
0031      */
0032     GIT_CREDENTIAL_USERPASS_PLAINTEXT = (1u << 0),
0033
0034     /**
0035      * An SSH key-based authentication request
0036      * @see git_credential_ssh_key_new
0037      */
0038     GIT_CREDENTIAL_SSH_KEY = (1u << 1),
0039
0040     /**
0041      * An SSH key-based authentication request, with a custom signature
0042      * @see git_credential_ssh_custom_new
0043      */
0044     GIT_CREDENTIAL_SSH_CUSTOM = (1u << 2),
0045
0046     /**
0047      * An NTLM/Negotiate-based authentication request.
0048      * @see git_credential_default
0049      */
0050     GIT_CREDENTIAL_DEFAULT = (1u << 3),
0051
0052     /**
0053      * An SSH interactive authentication request
0054      * @see git_credential_ssh_interactive_new
0055      */
0056     GIT_CREDENTIAL_SSH_INTERACTIVE = (1u << 4),
0057
0058     /**
0059      * Username-only authentication request
0060      *
0061      * Used as a pre-authentication step if the underlying transport
0062      * (eg. SSH, with no username in its URL) does not know which username
0063      * to use.
0064      *
0065      * @see git_credential_username_new
0066      */
0067     GIT_CREDENTIAL_USERNAME = (1u << 5),
0068
0069     /**
0070      * An SSH key-based authentication request
0071      *
0072      * Allows credentials to be read from memory instead of files.
0073      * Note that because of differences in crypto backend support, it might
0074      * not be functional.
0075      *
0076      * @see git_credential_ssh_key_memory_new
0077      */
0078     GIT_CREDENTIAL_SSH_MEMORY = (1u << 6)
0079 } git_credential_t;
0080
0081 /**
0082  * The base structure for all credential types
0083  */
0084 typedef struct git_credential git_credential;
0085
0086 typedef struct git_credential_userpass_plaintext git_credential_userpass_plaintext;
0087
0088 /** Username-only credential information */
0089 typedef struct git_credential_username git_credential_username;
0090
0091 /** A key for NTLM/Kerberos "default" credentials */
0092 typedef struct git_credential git_credential_default;
0093
0094 /**
0095  * A ssh key from disk
0096  */
0097 typedef struct git_credential_ssh_key git_credential_ssh_key;
0098
0099 /**
0100  * Keyboard-interactive based ssh authentication
0101  */
0102 typedef struct git_credential_ssh_interactive git_credential_ssh_interactive;
0103
0104 /**
0105  * A key with a custom signature function
0106  */
0107 typedef struct git_credential_ssh_custom git_credential_ssh_custom;
0108
0109 /**
0110  * Credential acquisition callback.
0111  *
0112  * This callback is usually involved any time another system might need
0113  * authentication. As such, you are expected to provide a valid
0114  * git_credential object back, depending on allowed_types (a
0115  * git_credential_t bitmask).
0116  *
0117  * Note that most authentication details are your responsibility - this
0118  * callback will be called until the authentication succeeds, or you report
0119  * an error. As such, it's easy to get in a loop if you fail to stop providing
0120  * the same incorrect credentials.
0121  *
0122  * @param out The newly created credential object.
0123  * @param url The resource for which we are demanding a credential.
0124  * @param username_from_url The username that was embedded in a "user\@host"
0125  *                          remote url, or NULL if not included.
0126  * @param allowed_types A bitmask stating which credential types are OK to return.
0127  * @param payload The payload provided when specifying this callback.
0128  * @return 0 for success, < 0 to indicate an error, > 0 to indicate
0129  *       no credential was acquired
0130  */
0131 typedef int GIT_CALLBACK(git_credential_acquire_cb)(
0132     git_credential **out,
0133     const char *url,
0134     const char *username_from_url,
0135     unsigned int allowed_types,
0136     void *payload);
0137
0138 /**
0139  * Free a credential.
0140  *
0141  * This is only necessary if you own the object; that is, if you are a
0142  * transport.
0143  *
0144  * @param cred the object to free
0145  */
0146 GIT_EXTERN(void) git_credential_free(git_credential *cred);
0147
0148 /**
0149  * Check whether a credential object contains username information.
0150  *
0151  * @param cred object to check
0152  * @return 1 if the credential object has non-NULL username, 0 otherwise
0153  */
0154 GIT_EXTERN(int) git_credential_has_username(git_credential *cred);
0155
0156 /**
0157  * Return the username associated with a credential object.
0158  *
0159  * @param cred object to check
0160  * @return the credential username, or NULL if not applicable
0161  */
0162 GIT_EXTERN(const char *) git_credential_get_username(git_credential *cred);
0163
0164 /**
0165  * Create a new plain-text username and password credential object.
0166  * The supplied credential parameter will be internally duplicated.
0167  *
0168  * @param out The newly created credential object.
0169  * @param username The username of the credential.
0170  * @param password The password of the credential.
0171  * @return 0 for success or an error code for failure
0172  */
0173 GIT_EXTERN(int) git_credential_userpass_plaintext_new(
0174     git_credential **out,
0175     const char *username,
0176     const char *password);
0177
0178 /**
0179  * Create a "default" credential usable for Negotiate mechanisms like NTLM
0180  * or Kerberos authentication.
0181  *
0182  * @param out The newly created credential object.
0183  * @return 0 for success or an error code for failure
0184  */
0185 GIT_EXTERN(int) git_credential_default_new(git_credential **out);
0186
0187 /**
0188  * Create a credential to specify a username.
0189  *
0190  * This is used with ssh authentication to query for the username if
0191  * none is specified in the url.
0192  *
0193  * @param out The newly created credential object.
0194  * @param username The username to authenticate with
0195  * @return 0 for success or an error code for failure
0196  */
0197 GIT_EXTERN(int) git_credential_username_new(git_credential **out, const char *username);
0198
0199 /**
0200  * Create a new passphrase-protected ssh key credential object.
0201  * The supplied credential parameter will be internally duplicated.
0202  *
0203  * @param out The newly created credential object.
0204  * @param username username to use to authenticate
0205  * @param publickey The path to the public key of the credential.
0206  * @param privatekey The path to the private key of the credential.
0207  * @param passphrase The passphrase of the credential.
0208  * @return 0 for success or an error code for failure
0209  */
0210 GIT_EXTERN(int) git_credential_ssh_key_new(
0211     git_credential **out,
0212     const char *username,
0213     const char *publickey,
0214     const char *privatekey,
0215     const char *passphrase);
0216
0217 /**
0218  * Create a new ssh key credential object reading the keys from memory.
0219  *
0220  * @param out The newly created credential object.
0221  * @param username username to use to authenticate.
0222  * @param publickey The public key of the credential.
0223  * @param privatekey The private key of the credential.
0224  * @param passphrase The passphrase of the credential.
0225  * @return 0 for success or an error code for failure
0226  */
0227 GIT_EXTERN(int) git_credential_ssh_key_memory_new(
0228     git_credential **out,
0229     const char *username,
0230     const char *publickey,
0231     const char *privatekey,
0232     const char *passphrase);
0233
0234 /*
0235  * If the user hasn't included libssh2.h before git2.h, we need to
0236  * define a few types for the callback signatures.
0237  */
0238 #ifndef LIBSSH2_VERSION
0239 typedef struct _LIBSSH2_SESSION LIBSSH2_SESSION;
0240 typedef struct _LIBSSH2_USERAUTH_KBDINT_PROMPT LIBSSH2_USERAUTH_KBDINT_PROMPT;
0241 typedef struct _LIBSSH2_USERAUTH_KBDINT_RESPONSE LIBSSH2_USERAUTH_KBDINT_RESPONSE;
0242 #endif
0243
0244 typedef void GIT_CALLBACK(git_credential_ssh_interactive_cb)(
0245     const char *name,
0246     int name_len,
0247     const char *instruction, int instruction_len,
0248     int num_prompts, const LIBSSH2_USERAUTH_KBDINT_PROMPT *prompts,
0249     LIBSSH2_USERAUTH_KBDINT_RESPONSE *responses,
0250     void **abstract);
0251
0252
0253 /**
0254  * Create a new ssh keyboard-interactive based credential object.
0255  * The supplied credential parameter will be internally duplicated.
0256  *
0257  * @param out The newly created credential object.
0258  * @param username Username to use to authenticate.
0259  * @param prompt_callback The callback method used for prompts.
0260  * @param payload Additional data to pass to the callback.
0261  * @return 0 for success or an error code for failure.
0262  */
0263 GIT_EXTERN(int) git_credential_ssh_interactive_new(
0264     git_credential **out,
0265     const char *username,
0266     git_credential_ssh_interactive_cb prompt_callback,
0267     void *payload);
0268
0269 /**
0270  * Create a new ssh key credential object used for querying an ssh-agent.
0271  * The supplied credential parameter will be internally duplicated.
0272  *
0273  * @param out The newly created credential object.
0274  * @param username username to use to authenticate
0275  * @return 0 for success or an error code for failure
0276  */
0277 GIT_EXTERN(int) git_credential_ssh_key_from_agent(
0278     git_credential **out,
0279     const char *username);
0280
0281 typedef int GIT_CALLBACK(git_credential_sign_cb)(
0282     LIBSSH2_SESSION *session,
0283     unsigned char **sig, size_t *sig_len,
0284     const unsigned char *data, size_t data_len,
0285     void **abstract);
0286
0287 /**
0288  * Create an ssh key credential with a custom signing function.
0289  *
0290  * This lets you use your own function to sign the challenge.
0291  *
0292  * This function and its credential type is provided for completeness
0293  * and wraps `libssh2_userauth_publickey()`, which is undocumented.
0294  *
0295  * The supplied credential parameter will be internally duplicated.
0296  *
0297  * @param out The newly created credential object.
0298  * @param username username to use to authenticate
0299  * @param publickey The bytes of the public key.
0300  * @param publickey_len The length of the public key in bytes.
0301  * @param sign_callback The callback method to sign the data during the challenge.
0302  * @param payload Additional data to pass to the callback.
0303  * @return 0 for success or an error code for failure
0304  */
0305 GIT_EXTERN(int) git_credential_ssh_custom_new(
0306     git_credential **out,
0307     const char *username,
0308     const char *publickey,
0309     size_t publickey_len,
0310     git_credential_sign_cb sign_callback,
0311     void *payload);
0312
0313 /** @} */
0314 GIT_END_DECL
0315 #endif