search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Get rid of old hex/string conversion functions
[siplcs.git] / src / core / sip-sec.c
blobf008ec8ba5ec44be12b701a7d03d72784b51bff6
1 /**
2 * @file sip-sec.c
3 *
4 * pidgin-sipe
5 *
6 * Copyright (C) 2009 pier11 <pier11@operamail.com>
7 *
8 *
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, write to the Free Software
21 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
22 */
23
24 #include <glib.h>
25 #include <stdlib.h>
26 #include <string.h>
27 #include <stdio.h>
28 #include "debug.h"
29 /* #include "util.h" */
30 #include "sip-sec.h"
31 #include "sip-sec-mech.h"
32
33 #include "sip-sec-ntlm.h"
34 #ifndef _WIN32
35 #define sip_sec_create_context__NTLM sip_sec_create_context__ntlm
36 #define sip_sec_create_context__Negotiate sip_sec_create_context__NONE
37
38 #ifdef USE_KERBEROS
39 #include "sip-sec-krb5.h"
40 #define sip_sec_create_context__Kerberos sip_sec_create_context__krb5
41 #else
42 #define sip_sec_create_context__Kerberos sip_sec_create_context__NONE
43 #endif
44
45 #else /* _WIN32 */
46 #ifdef USE_KERBEROS
47 #include "sip-sec-sspi.h"
48 #define sip_sec_create_context__NTLM sip_sec_create_context__sspi
49 #define sip_sec_create_context__Negotiate sip_sec_create_context__sspi
50 #define sip_sec_create_context__Kerberos sip_sec_create_context__sspi
51 #else /* USE_KERBEROS */
52 #define sip_sec_create_context__NTLM sip_sec_create_context__ntlm
53 #define sip_sec_create_context__Negotiate sip_sec_create_context__NONE
54 #define sip_sec_create_context__Kerberos sip_sec_create_context__NONE
55 #endif /* USE_KERBEROS */
56
57 #endif /* _WIN32 */
58
59 gchar *purple_base64_encode(const guchar *data, gsize len);
60 guchar *purple_base64_decode(const char *str, gsize *ret_len);
61
62 /* @TODO: copy&paste stinks. Find a better solution! */
63 size_t
64 hex_str_to_buff(const char *hex_str, guint8 **buff);
65 char *
66 buff_to_hex_str(const guint8 *buff, const size_t buff_len);
67
68 /* Dummy initialization hook */
69 static SipSecContext
70 sip_sec_create_context__NONE(SIPE_UNUSED_PARAMETER SipSecAuthType type)
71 {
72 return(NULL);
73 }
74
75 /* sip_sec API methods */
76 SipSecContext
77 sip_sec_create_context(SipSecAuthType type,
78 const int sso,
79 int is_connection_based,
80 const char *domain,
81 const char *username,
82 const char *password)
83 {
84 SipSecContext context = NULL;
85
86 /* Map authentication type to module initialization hook & name */
87 static sip_sec_create_context_func const auth_to_hook[] = {
88 sip_sec_create_context__NONE, /* AUTH_TYPE_UNSET */
89 sip_sec_create_context__NONE, /* AUTH_TYPE_DIGEST */
90 sip_sec_create_context__NTLM, /* AUTH_TYPE_NTLM */
91 sip_sec_create_context__Kerberos, /* AUTH_TYPE_KERBEROS */
92 sip_sec_create_context__Negotiate, /* AUTH_TYPE_NEGOTIATE */
93 };
94
95 context = (*(auth_to_hook[type]))(type);
96 if (context) {
97 sip_uint32 ret;
98
99 context->sso = sso;
100 context->is_connection_based = is_connection_based;
101
102 ret = (*context->acquire_cred_func)(context, domain, username, password);
103 if (ret != SIP_SEC_E_OK) {
104 purple_debug_info("sipe", "ERROR: sip_sec_init_context failed to acquire credentials.\n");
105 (*context->destroy_context_func)(context);
106 context = NULL;
107 }
108 }
109
110 return(context);
111 }
112
113 unsigned long
114 sip_sec_init_context_step(SipSecContext context,
115 const char *target,
116 const char *input_toked_base64,
117 char **output_toked_base64,
118 int *expires)
119 {
120 sip_uint32 ret = SIP_SEC_E_INTERNAL_ERROR;
121
122 if (context) {
123 SipSecBuffer in_buff = {0, NULL};
124 SipSecBuffer out_buff = {0, NULL};
125 char *tmp;
126
127 /* Not NULL for NTLM Type 2 */
128 if (input_toked_base64) {
129 in_buff.value = purple_base64_decode(input_toked_base64, &(in_buff.length));
130
131 tmp = sip_sec_ntlm_message_describe(in_buff);
132 if (tmp) {
133 purple_debug_info("sipe", "sip_sec_init_context_step: Challenge message is:\n%s", tmp);
134 }
135 g_free(tmp);
136 }
137
138 ret = (*context->init_context_func)(context, in_buff, &out_buff, target);
139
140 if (input_toked_base64)
141 g_free(in_buff.value);
142
143 if (ret == SIP_SEC_E_OK || ret == SIP_SEC_I_CONTINUE_NEEDED) {
144 *output_toked_base64 = purple_base64_encode(out_buff.value, out_buff.length);
145
146 if (out_buff.length > 0 && out_buff.value) {
147 tmp = sip_sec_ntlm_message_describe(out_buff);
148 if (tmp) {
149 purple_debug_info("sipe", "sip_sec_init_context_step: Negotiate or Authenticate message is:\n%s", tmp);
150 }
151 g_free(tmp);
152 }
153
154 g_free(out_buff.value);
155 }
156
157 if (expires) {
158 *expires = context->expires;
159 }
160 }
161
162 return ret;
163 }
164
165 char *
166 sip_sec_init_context(SipSecContext *context,
167 int *expires,
168 SipSecAuthType type,
169 const int sso,
170 const char *domain,
171 const char *username,
172 const char *password,
173 const char *target,
174 const char *input_toked_base64)
175 {
176 sip_uint32 ret;
177 char *output_toked_base64 = NULL;
178 int exp;
179
180 *context = sip_sec_create_context(type,
181 sso,
182 0, /* Connectionless for SIP */
183 domain,
184 username,
185 password);
186 if (!*context) return NULL;
187
188 ret = sip_sec_init_context_step(*context,
189 target,
190 NULL,
191 &output_toked_base64,
192 &exp);
193
194 /* for NTLM type 3 */
195 if (ret == SIP_SEC_I_CONTINUE_NEEDED) {
196 g_free(output_toked_base64);
197 ret = sip_sec_init_context_step(*context,
198 target,
199 input_toked_base64,
200 &output_toked_base64,
201 &exp);
202 }
203
204 if (expires) {
205 *expires = exp;
206 }
207
208 return output_toked_base64;
209 }
210
211 void
212 sip_sec_destroy_context(SipSecContext context)
213 {
214 if (context) (*context->destroy_context_func)(context);
215 }
216
217 char * sip_sec_make_signature(SipSecContext context, const char *message)
218 {
219 SipSecBuffer signature;
220 char *signature_hex;
221
222 if(((*context->make_signature_func)(context, message, &signature)) != SIP_SEC_E_OK) {
223 purple_debug_info("sipe", "ERROR: sip_sec_make_signature failed. Unable to sign message!\n");
224 return NULL;
225 }
226 signature_hex = buff_to_hex_str(signature.value, signature.length);
227 g_free(signature.value);
228 return signature_hex;
229 }
230
231 int sip_sec_verify_signature(SipSecContext context, const char *message, const char *signature_hex)
232 {
233 SipSecBuffer signature;
234 sip_uint32 res;
235
236 purple_debug_info("sipe", "sip_sec_verify_signature: message is:%s signature to verify is:%s\n",
237 message ? message : "", signature_hex ? signature_hex : "");
238
239 if (!message || !signature_hex) return SIP_SEC_E_INTERNAL_ERROR;
240
241 signature.length = hex_str_to_buff(signature_hex, &signature.value);
242 res = (*context->verify_signature_func)(context, message, signature);
243 g_free(signature.value);
244 return res;
245 }
246
247 /* Initialize & Destroy */
248 void sip_sec_init(void)
249 {
250 sip_sec_init__ntlm();
251 }
252
253 void sip_sec_destroy(void)
254 {
255 sip_sec_destroy__ntlm();
256 }
257
258 /*
259 Local Variables:
260 mode: c
261 c-file-style: "bsd"
262 indent-tabs-mode: t
263 tab-width: 8
264 End:
265 */
A third-party Pidgin plugin for Microsoft LCS/OCS