src/core/sip-sec.h

   1 /**
   2  * @file sip-sec.h
   3  *
   4  * pidgin-sipe
   5  *
   6  * Copyright (C) 2010-2013 SIPE Project <http://sipe.sourceforge.net/>
   7  * Copyright (C) 2009 pier11 <pier11@operamail.com>
   8  *
   9  *
  10  * This program is free software; you can redistribute it and/or modify
  11  * it under the terms of the GNU General Public License as published by
  12  * the Free Software Foundation; either version 2 of the License, or
  13  * (at your option) any later version.
  14  *
  15  * This program is distributed in the hope that it will be useful,
  16  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  17  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  18  * GNU General Public License for more details.
  19  *
  20  * You should have received a copy of the GNU General Public License
  21  * along with this program; if not, write to the Free Software
  22  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  23  */
  24
  25 /* Opaque type definition for security context */
  26 typedef struct sip_sec_context *SipSecContext;
  27
  28 /*** Sipe convenience methods ***/
  29
  30 /**
  31  * Initializes Sipe security context.
  32  * Obtains cashed initial credentials (TGT for Kerberos) or requests new ones if required.
  33  * In former case domain/username/password information is unnecessary.
  34  *
  35  * @param type     (in) authentication type
  36  * @param sso      (in) @c TRUE if Single Sign-On should be used
  37  * @param http     (in) @c TRUE if HTTP, @c FALSE for SIP
  38  * @param domain   (in) NTLM Domain/Kerberos Realm (ignored for SSO)
  39  * @param username (in) user name (can be NULL)    (ignored for SSO)
  40  * @param password (in) password (can be NULL)     (ignored for SSO)
  41  *
  42  * @return context security context to store and pass between security method invocations
  43  */
  44 SipSecContext
  45 sip_sec_create_context(guint type,
  46                        gboolean sso,
  47                        gboolean http,
  48                        const gchar *domain,
  49                        const gchar *username,
  50                        const gchar *password);
  51
  52 /**
  53  * Obtains Service ticket (for Kerberos), base64 encodes it and provide as output.
  54  *
  55  * @param context (in) security context to pass between security method invocations
  56  * @param target (in) security target. Service principal name on case of Kerberos.
  57  * @param input_toked_base64 (in) base64 encoded input security token. This is Type2 NTLM message or NULL.
  58  * @param output_toked_base64 (out) base64 encoded output token to send to server.
  59  * @param expires (out) security context expiration time in seconds.
  60  *
  61  * @return @c TRUE if successful
  62  *
  63  */
  64 gboolean
  65 sip_sec_init_context_step(SipSecContext context,
  66                           const gchar *target,
  67                           const gchar *input_toked_base64,
  68                           gchar **output_toked_base64,
  69                           guint *expires);
  70
  71 /**
  72  * Check if the authentication of a security context is completed and it is
  73  * ready to be used for message signing and signature verification
  74  *
  75  * @param context (in) security context. May be @c NULL.
  76  *
  77  * @return @c TRUE if authentication is completed
  78  */
  79 gboolean sip_sec_context_is_ready(SipSecContext context);
  80
  81 /**
  82  * Return authentication name of a security context
  83  *
  84  * @param context (in) security context. May be @c NULL.
  85  *
  86  * @return string or @c NULL
  87  */
  88 const gchar *sip_sec_context_name(SipSecContext context);
  89
  90 /**
  91  * Return type of a security context
  92  *
  93  * @param context (in) security context. May be @c NULL.
  94  *
  95  * @return context type or @c SIPE_SIPE_AUTHENTICATION_TYPE_UNSET
  96  */
  97 guint sip_sec_context_type(SipSecContext context);
  98
  99 /**
 100  * A convenience method for sipe.
 101  * Destroys security context.
 102  *
 103  * @param context (in,out) security context to destroy
 104  */
 105 void sip_sec_destroy_context(SipSecContext context);
 106
 107 /**
 108  * A convenience method for sipe.
 109  * Signs incoming message.
 110  *
 111  * @param context (in) security context
 112  * @param message (in) a message to sign.
 113  *
 114  * @return signature for the message. Converted to Hex null terminated string;
 115  */
 116 gchar *sip_sec_make_signature(SipSecContext context,
 117                               const gchar *message);
 118
 119 /**
 120  * A convenience method for sipe.
 121  * Verifies signature for the message.
 122  *
 123  * @param context (in) security context
 124  * @param message (in) which signature to verify. Null terminated string.
 125  * @param signature_hex (in) signature to test in Hex representation. Null terminated string. Example: "602306092A864886F71201020201011100FFFFFFFF1A306ACB7BE311827BBF7208D80D15E3"
 126  *
 127  * @return FALSE on error
 128  */
 129 gboolean sip_sec_verify_signature(SipSecContext context,
 130                                   const gchar *message,
 131                                   const gchar *signature_hex);
 132
 133 /**
 134  * Check if authentication scheme requires a password
 135  *
 136  * @param type authentication type
 137  * @param sso  TRUE if user selected Single-Sign On
 138  *
 139  * @return @c TRUE if password is required
 140  */
 141 gboolean sip_sec_requires_password(guint authentication,
 142                                    gboolean sso);
 143
 144 /**
 145  * Initialize & destroy functions for sip-sec.
 146  * Should be called on loading and unloading of the core.
 147  */
 148 void sip_sec_init(void);
 149 void sip_sec_destroy(void);