6 * Copyright (C) 2010-12 SIPE Project <http://sipe.sourceforge.net/>
7 * Copyright (C) 2009 pier11 <pier11@operamail.com>
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by
12 * the Free Software Foundation; either version 2 of the License, or
13 * (at your option) any later version.
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
25 /* Opaque type definition for security context */
26 typedef struct sip_sec_context
*SipSecContext
;
28 /*** Sipe convenience methods ***/
31 * Initializes Sipe security context.
32 * Obtains cashed initial credentials (TGT for Kerberos) or requests new ones if required.
33 * In former case domain/username/password information is unnecessary.
35 * @param type (in) authentication type
36 * @param sso (in) use Single Sign-On
37 * @param is_connection_based (in) context is used for a connection
38 * @param domain (in) NTLM Domain/Kerberos Realm.
39 * @param username (in) user name (can be NULL)
40 * @param password (in) password (can be NULL)
42 * @return context security context to store and pass between security method invocations
45 sip_sec_create_context(guint type
,
47 int is_connection_based
,
50 const char *password
);
53 * Obtains Service ticket (for Kerberos), base64 encodes it and provide as output.
55 * @param context (in) security context to pass between security method invocations
56 * @param target (in) security target. Service principal name on case of Kerberos.
57 * @param input_toked_base64 (in) base64 encoded input security token. This is Type2 NTLM message or NULL.
58 * @param output_toked_base64 (out) base64 encoded output token to send to server.
59 * @param expires (out) security context expiration time in seconds.
61 * @return SIP_SEC_* value signifying success of the operation.
65 sip_sec_init_context_step(SipSecContext context
,
67 const char *input_toked_base64
,
68 char **output_toked_base64
,
72 * A convenience method for sipe. Combines execution on sip_sec_create_context()
73 * and sip_sec_init_context_step(). Suitable for connectionless NTLM (as in SIP).
74 * Unsuitable for connection-based (TCP, TLS) Web authentication.
76 * Initializes security context.
77 * Obtains cashed initial credentials (TGT for Kerberos) or requests new ones if required. In former case domain/username/password information is unnecessary.
78 * Then obtains Service ticket (for Kerberos) , base64 encodes it and provide as output.
80 * @param context (in,out) security context to store and pass between security method invocations
81 * @param mech (in) security mechanism - NTLM or Kerberos
82 * @param domain (in) NTLM Domain/Kerberos Realm.
83 * @param target (in) security target. Service principal name on case of Kerberos.
84 * @param input_toked_base64 (in) base64 encoded input security token. This is Type2 NTLM message or NULL for Kerberos.
85 * @param expires (out) security context expiration time in seconds.
87 * @return base64 encoded output token to send to server.
89 char *sip_sec_init_context(SipSecContext
*context
,
97 const char *input_toked_base64
);
100 * Check if the authentication of a security context is completed and it is
101 * ready to be used for message signing and signature verification
103 * @param context (in) security context. May be @c NULL.
105 * @return @TRUE if authentication is completed
107 gboolean
sip_sec_context_is_ready(SipSecContext context
);
110 * A convenience method for sipe.
111 * Destroys security context.
113 * @param context (in,out) security context to destroy
115 void sip_sec_destroy_context(SipSecContext context
);
118 * A convenience method for sipe.
119 * Signs incoming message.
121 * @param context (in) security context
122 * @param message (in) a message to sign.
124 * @return signature for the message. Converted to Hex null terminated string;
126 char *sip_sec_make_signature(SipSecContext context
,
127 const char *message
);
130 * A convenience method for sipe.
131 * Verifies signature for the message.
133 * @param context (in) security context
134 * @param message (in) which signature to verify. Null terminated string.
135 * @param signature_hex (in) signature to test in Hex representation. Null terminated string. Example: "602306092A864886F71201020201011100FFFFFFFF1A306ACB7BE311827BBF7208D80D15E3"
137 * @return FALSE on error
139 int sip_sec_verify_signature(SipSecContext context
,
141 const char *signature_hex
);
144 * Check if authentication scheme requires a password
146 * @param type authentication type
147 * @param sso TRUE if user selected Single-Sign On
149 * @return TRUE if password is required
151 gboolean
sip_sec_requires_password(guint authentication
,
155 * Initialize & destroy functions for sip-sec.
156 * Should be called on loading and unloading of the core.
158 void sip_sec_init(void);
159 void sip_sec_destroy(void);