6 * Copyright (C) 2010-2013 SIPE Project <http://sipe.sourceforge.net/>
7 * Copyright (C) 2009 pier11 <pier11@operamail.com>
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by
12 * the Free Software Foundation; either version 2 of the License, or
13 * (at your option) any later version.
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
25 /* Opaque type definition for security context */
26 typedef struct sip_sec_context
*SipSecContext
;
28 /*** Sipe convenience methods ***/
31 * Initializes Sipe security context.
32 * Obtains cashed initial credentials (TGT for Kerberos) or requests new ones if required.
33 * In former case domain/username/password information is unnecessary.
35 * @param type (in) authentication type
36 * @param sso (in) @c TRUE if Single Sign-On should be used
37 * @param http (in) @c TRUE if HTTP, @c FALSE for SIP
38 * @param domain (in) NTLM Domain/Kerberos Realm (ignored for SSO)
39 * @param username (in) user name (can be NULL) (ignored for SSO)
40 * @param password (in) password (can be NULL) (ignored for SSO)
42 * @return context security context to store and pass between security method invocations
45 sip_sec_create_context(guint type
,
49 const gchar
*username
,
50 const gchar
*password
);
53 * Obtains Service ticket (for Kerberos), base64 encodes it and provide as output.
55 * @param context (in) security context to pass between security method invocations
56 * @param target (in) security target. Service principal name on case of Kerberos.
57 * @param input_toked_base64 (in) base64 encoded input security token. This is Type2 NTLM message or NULL.
58 * @param output_toked_base64 (out) base64 encoded output token to send to server.
59 * @param expires (out) security context expiration time in seconds.
61 * @return @c TRUE if successful
65 sip_sec_init_context_step(SipSecContext context
,
67 const gchar
*input_toked_base64
,
68 gchar
**output_toked_base64
,
72 * Check if the authentication of a security context is completed and it is
73 * ready to be used for message signing and signature verification
75 * @param context (in) security context. May be @c NULL.
77 * @return @c TRUE if authentication is completed
79 gboolean
sip_sec_context_is_ready(SipSecContext context
);
82 * Return authentication name of a security context
84 * @param context (in) security context. May be @c NULL.
86 * @return string or @c NULL
88 const gchar
*sip_sec_context_name(SipSecContext context
);
91 * Return type of a security context
93 * @param context (in) security context. May be @c NULL.
95 * @return context type or @c SIPE_SIPE_AUTHENTICATION_TYPE_UNSET
97 guint
sip_sec_context_type(SipSecContext context
);
100 * A convenience method for sipe.
101 * Destroys security context.
103 * @param context (in,out) security context to destroy
105 void sip_sec_destroy_context(SipSecContext context
);
108 * A convenience method for sipe.
109 * Signs incoming message.
111 * @param context (in) security context
112 * @param message (in) a message to sign.
114 * @return signature for the message. Converted to Hex null terminated string;
116 gchar
*sip_sec_make_signature(SipSecContext context
,
117 const gchar
*message
);
120 * A convenience method for sipe.
121 * Verifies signature for the message.
123 * @param context (in) security context
124 * @param message (in) which signature to verify. Null terminated string.
125 * @param signature_hex (in) signature to test in Hex representation. Null terminated string. Example: "602306092A864886F71201020201011100FFFFFFFF1A306ACB7BE311827BBF7208D80D15E3"
127 * @return FALSE on error
129 gboolean
sip_sec_verify_signature(SipSecContext context
,
130 const gchar
*message
,
131 const gchar
*signature_hex
);
134 * Check if authentication scheme requires a password
136 * @param type authentication type
137 * @param sso TRUE if user selected Single-Sign On
139 * @return @c TRUE if password is required
141 gboolean
sip_sec_requires_password(guint authentication
,
145 * Initialize & destroy functions for sip-sec.
146 * Should be called on loading and unloading of the core.
148 void sip_sec_init(void);
149 void sip_sec_destroy(void);