src/core/sip-sec.c

   1 /**
   2  * @file sip-sec.c
   3  *
   4  * pidgin-sipe
   5  *
   6  * Copyright (C) 2009 pier11 <pier11@operamail.com>
   7  *
   8  *
   9  * This program is free software; you can redistribute it and/or modify
  10  * it under the terms of the GNU General Public License as published by
  11  * the Free Software Foundation; either version 2 of the License, or
  12  * (at your option) any later version.
  13  *
  14  * This program is distributed in the hope that it will be useful,
  15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  17  * GNU General Public License for more details.
  18  *
  19  * You should have received a copy of the GNU General Public License
  20  * along with this program; if not, write to the Free Software
  21  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  22  */
  23
  24 #ifdef HAVE_CONFIG_H
  25 #include "config.h"
  26 #endif
  27
  28 #include <stdlib.h>
  29 #include <string.h>
  30 #include <stdio.h>
  31 #include <time.h>
  32
  33 #include <glib.h>
  34
  35 #include "sip-sec.h"
  36 #include "sipe-backend-debug.h"
  37 #include "sipe-core-api.h"
  38 #include "sipe-utils.h"
  39
  40 #include "sip-sec-mech.h"
  41 #include "sip-sec-ntlm.h"
  42 #ifndef _WIN32
  43 #define sip_sec_create_context__NTLM            sip_sec_create_context__ntlm
  44 #define sip_sec_create_context__Negotiate       sip_sec_create_context__NONE
  45
  46 #ifdef HAVE_KERBEROS
  47 #include "sip-sec-krb5.h"
  48 #define sip_sec_create_context__Kerberos        sip_sec_create_context__krb5
  49 #else
  50 #define sip_sec_create_context__Kerberos        sip_sec_create_context__NONE
  51 #endif
  52
  53 #else /* _WIN32 */
  54 #ifdef HAVE_KERBEROS
  55 #include "sip-sec-sspi.h"
  56 #define sip_sec_create_context__NTLM            sip_sec_create_context__sspi
  57 #define sip_sec_create_context__Negotiate       sip_sec_create_context__sspi
  58 #define sip_sec_create_context__Kerberos        sip_sec_create_context__sspi
  59 #else /* HAVE_KERBEROS */
  60 #define sip_sec_create_context__NTLM            sip_sec_create_context__ntlm
  61 #define sip_sec_create_context__Negotiate       sip_sec_create_context__NONE
  62 #define sip_sec_create_context__Kerberos        sip_sec_create_context__NONE
  63 #endif /* HAVE_KERBEROS */
  64
  65 #endif /* _WIN32 */
  66
  67 /* Dummy initialization hook */
  68 static SipSecContext
  69 sip_sec_create_context__NONE(SIPE_UNUSED_PARAMETER SipSecAuthType type)
  70 {
  71         return(NULL);
  72 }
  73
  74 /* sip_sec API methods */
  75 SipSecContext
  76 sip_sec_create_context(SipSecAuthType type,
  77                        const int  sso,
  78                        int is_connection_based,
  79                        const char *domain,
  80                        const char *username,
  81                        const char *password)
  82 {
  83         SipSecContext context = NULL;
  84
  85         /* Map authentication type to module initialization hook & name */
  86         static sip_sec_create_context_func const auth_to_hook[] = {
  87                 sip_sec_create_context__NONE,      /* AUTH_TYPE_UNSET     */
  88                 sip_sec_create_context__NONE,      /* AUTH_TYPE_DIGEST    */
  89                 sip_sec_create_context__NTLM,      /* AUTH_TYPE_NTLM      */
  90                 sip_sec_create_context__Kerberos,  /* AUTH_TYPE_KERBEROS  */
  91                 sip_sec_create_context__Negotiate, /* AUTH_TYPE_NEGOTIATE */
  92         };
  93
  94         context = (*(auth_to_hook[type]))(type);
  95         if (context) {
  96                 sip_uint32 ret;
  97
  98                 context->sso = sso;
  99                 context->is_connection_based = is_connection_based;
 100
 101                 ret = (*context->acquire_cred_func)(context, domain, username, password);
 102                 if (ret != SIP_SEC_E_OK) {
 103                         SIPE_DEBUG_INFO("ERROR: sip_sec_init_context failed to acquire credentials.%s", "");
 104                         (*context->destroy_context_func)(context);
 105                         context = NULL;
 106                 }
 107         }
 108
 109         return(context);
 110 }
 111
 112 unsigned long
 113 sip_sec_init_context_step(SipSecContext context,
 114                           const char *target,
 115                           const char *input_toked_base64,
 116                           char **output_toked_base64,
 117                           int *expires)
 118 {
 119         sip_uint32 ret = SIP_SEC_E_INTERNAL_ERROR;
 120
 121         if (context) {
 122                 SipSecBuffer in_buff  = {0, NULL};
 123                 SipSecBuffer out_buff = {0, NULL};
 124                 char *tmp;
 125
 126                 /* Not NULL for NTLM Type 2 */
 127                 if (input_toked_base64) {
 128                         in_buff.value = g_base64_decode(input_toked_base64, &in_buff.length);
 129
 130                         tmp = sip_sec_ntlm_message_describe(in_buff);
 131                         if (tmp) {
 132                                 SIPE_DEBUG_INFO("sip_sec_init_context_step: Challenge message is:\n%s", tmp);
 133                         }
 134                         g_free(tmp);
 135                 }
 136
 137                 ret = (*context->init_context_func)(context, in_buff, &out_buff, target);
 138
 139                 if (input_toked_base64)
 140                         g_free(in_buff.value);
 141
 142                 if (ret == SIP_SEC_E_OK || ret == SIP_SEC_I_CONTINUE_NEEDED) {
 143                         *output_toked_base64 = g_base64_encode(out_buff.value, out_buff.length);
 144
 145                         if (out_buff.length > 0 && out_buff.value) {
 146                                 tmp = sip_sec_ntlm_message_describe(out_buff);
 147                                 if (tmp) {
 148                                         SIPE_DEBUG_INFO("sip_sec_init_context_step: Negotiate or Authenticate message is:\n%s", tmp);
 149                                 }
 150                                 g_free(tmp);
 151                         }
 152
 153                         g_free(out_buff.value);
 154                 }
 155
 156                 if (expires) {
 157                         *expires = context->expires;
 158                 }
 159         }
 160
 161         return ret;
 162 }
 163
 164 char *
 165 sip_sec_init_context(SipSecContext *context,
 166                      int *expires,
 167                      SipSecAuthType type,
 168                      const int  sso,
 169                      const char *domain,
 170                      const char *username,
 171                      const char *password,
 172                      const char *target,
 173                      const char *input_toked_base64)
 174 {
 175         sip_uint32 ret;
 176         char *output_toked_base64 = NULL;
 177         int exp;
 178
 179         *context = sip_sec_create_context(type,
 180                                           sso,
 181                                           0, /* Connectionless for SIP */
 182                                           domain,
 183                                           username,
 184                                           password);
 185         if (!*context) {
 186                 SIPE_DEBUG_INFO("ERROR: sip_sec_init_context: failed sip_sec_create_context()%s", "");
 187                 return NULL;
 188         }
 189
 190         ret = sip_sec_init_context_step(*context,
 191                                         target,
 192                                         NULL,
 193                                         &output_toked_base64,
 194                                         &exp);
 195
 196         /* for NTLM type 3 */
 197         if (ret == SIP_SEC_I_CONTINUE_NEEDED) {
 198                 g_free(output_toked_base64);
 199                 ret = sip_sec_init_context_step(*context,
 200                                                 target,
 201                                                 input_toked_base64,
 202                                                 &output_toked_base64,
 203                                                 &exp);
 204         }
 205
 206         if (expires) {
 207                 *expires = exp;
 208         }
 209
 210         return output_toked_base64;
 211 }
 212
 213 void
 214 sip_sec_destroy_context(SipSecContext context)
 215 {
 216         if (context) (*context->destroy_context_func)(context);
 217 }
 218
 219 char * sip_sec_make_signature(SipSecContext context, const char *message)
 220 {
 221         SipSecBuffer signature;
 222         char *signature_hex;
 223
 224         if(((*context->make_signature_func)(context, message, &signature)) != SIP_SEC_E_OK) {
 225                 SIPE_DEBUG_INFO("ERROR: sip_sec_make_signature failed. Unable to sign message!%s", "");
 226                 return NULL;
 227         }
 228         signature_hex = buff_to_hex_str(signature.value, signature.length);
 229         g_free(signature.value);
 230         return signature_hex;
 231 }
 232
 233 int sip_sec_verify_signature(SipSecContext context, const char *message, const char *signature_hex)
 234 {
 235         SipSecBuffer signature;
 236         sip_uint32 res;
 237
 238         SIPE_DEBUG_INFO("sip_sec_verify_signature: message is:%s signature to verify is:%s",
 239                         message ? message : "", signature_hex ? signature_hex : "");
 240
 241         if (!message || !signature_hex) return SIP_SEC_E_INTERNAL_ERROR;
 242
 243         signature.length = hex_str_to_buff(signature_hex, &signature.value);
 244         res = (*context->verify_signature_func)(context, message, signature);
 245         g_free(signature.value);
 246         return res;
 247 }
 248
 249 /* Initialize & Destroy */
 250 void sip_sec_init(void)
 251 {
 252         sip_sec_init__ntlm();
 253 }
 254
 255 void sip_sec_destroy(void)
 256 {
 257         sip_sec_destroy__ntlm();
 258 }
 259
 260 /*
 261   Local Variables:
 262   mode: c
 263   c-file-style: "bsd"
 264   indent-tabs-mode: t
 265   tab-width: 8
 266   End:
 267 */