/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=2 et sw=2 tw=80: */
#if !defined(NET_FOSSIL_SCM_FSL_AUTH_H_INCLUDED)
#define NET_FOSSIL_SCM_FSL_AUTH_H_INCLUDED
/*
Copyright 2013-2021 The Libfossil Authors, see LICENSES/BSD-2-Clause.txt
SPDX-License-Identifier: BSD-2-Clause-FreeBSD
SPDX-FileCopyrightText: 2021 The Libfossil Authors
SPDX-ArtifactOfProjectName: Libfossil
SPDX-FileType: Code
Heavily indebted to the Fossil SCM project (https://fossil-scm.org).
******************************************************************************
This file declares public APIs for handling fossil
authentication-related tasks.
*/
#include "fossil-core.h"
#if defined(__cplusplus)
extern "C" {
#endif
/**
If f has an opened repository, this function forms a hash from:
"ProjectCode/zLoginName/zPw"
(without the quotes)
where ProjectCode is a repository-instance-dependent series of
random bytes. The returned string is owned by the caller, who
must eventually fsl_free() it. The project code is stored in
the repository's config table under the key 'project-code', and
this routine fetches that key if necessary.
Potential TODO:
- in fossil(1), this function generates a different result (it
returns a copy of zPw) if the project code is not set, under
the assumption that this is "the first xfer request of a
clone." Whether or not that will apply at this level to
libfossil remains to be seen.
TODO? Does fossil still use SHA1 for this?
*/
FSL_EXPORT char * fsl_sha1_shared_secret( fsl_cx * f, char const * zLoginName, char const * zPw );
/**
Fetches the login group name (if any) for the given context's
current repositorty db. If f has no opened repo, 0 is returned.
If the repo belongs to a login group, its name is returned in the
form of a NUL-terminated string. The returned value (which may be
0) is owned by the caller, who must eventually fsl_free() it. The
value (unlike in fossil(1)) is not cached because it may change
via modification of the login group.
*/
FSL_EXPORT char * fsl_repo_login_group_name(fsl_cx * f);
/**
Fetches the login cookie name associated with the current repository
db, or 0 if no repository is opened.
The returned (NUL-terminated) string is owned by the caller, who
must eventually fsl_free() it. The value is not cached in f because
it may change during the lifetime of a repo (if a login group is
set or removed).
The login cookie name is a string in the form "fossil-XXX", where
XXX is the first 16 hex digits of either the repo's
'login-group-code' or 'project-code' config values (in that order).
*/
FSL_EXPORT char * fsl_repo_login_cookie_name(fsl_cx * f);
/**
Searches for a user ID (from the repo.user.uid DB field) for a given
username and password. The password may be either its hashed form or
non-hashed form (if it is not exactly 40 bytes long, that is!).
On success, 0 is returned and *pId holds the ID of the
user found (if any). *pId will be set to 0 if no match for the
name/password was found, or positive if a match was found.
If any of the arguments are NULL, FSL_RC_MISUSE is returned. f must
have an opened repo, else FSL_RC_NOT_A_REPO is returned.
*/
FSL_EXPORT int fsl_repo_login_search_uid(fsl_cx * f, char const * zUsername,
char const * zPasswd, fsl_id_t * pId);
/**
Clears all login state for the given user ID. If the ID is <=0 then
ALL logins are cleared. Has no effect on the built-in pseudo-users.
Returns non-0 on error, and not finding a matching user ID is not
considered an error.
f must have an opened repo, or FSL_RC_NOT_A_REPO is returned.
TODO: there are currently no APIs for _setting_ the state this
function clears!
*/
FSL_EXPORT int fsl_repo_login_clear( fsl_cx * f, fsl_id_t userId );
#if defined(__cplusplus)
} /*extern "C"*/
#endif
#endif
/* NET_FOSSIL_SCM_FSL_AUTH_H_INCLUDED */