6 * Copyright (C) 2009 pier11 <pier11@operamail.com>
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, write to the Free Software
21 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
36 #include "sipe-backend-debug.h"
37 #include "sipe-core-api.h"
38 #include "sipe-utils.h"
40 #include "sip-sec-mech.h"
41 #include "sip-sec-ntlm.h"
43 #define sip_sec_create_context__NTLM sip_sec_create_context__ntlm
44 #define sip_sec_create_context__Negotiate sip_sec_create_context__NONE
47 #include "sip-sec-krb5.h"
48 #define sip_sec_create_context__Kerberos sip_sec_create_context__krb5
50 #define sip_sec_create_context__Kerberos sip_sec_create_context__NONE
55 #include "sip-sec-sspi.h"
56 #define sip_sec_create_context__NTLM sip_sec_create_context__sspi
57 #define sip_sec_create_context__Negotiate sip_sec_create_context__sspi
58 #define sip_sec_create_context__Kerberos sip_sec_create_context__sspi
59 #else /* HAVE_KERBEROS */
60 #define sip_sec_create_context__NTLM sip_sec_create_context__ntlm
61 #define sip_sec_create_context__Negotiate sip_sec_create_context__NONE
62 #define sip_sec_create_context__Kerberos sip_sec_create_context__NONE
63 #endif /* HAVE_KERBEROS */
67 /* Dummy initialization hook */
69 sip_sec_create_context__NONE(SIPE_UNUSED_PARAMETER SipSecAuthType type
)
74 /* sip_sec API methods */
76 sip_sec_create_context(SipSecAuthType type
,
78 int is_connection_based
,
83 SipSecContext context
= NULL
;
85 /* Map authentication type to module initialization hook & name */
86 static sip_sec_create_context_func
const auth_to_hook
[] = {
87 sip_sec_create_context__NONE
, /* AUTH_TYPE_UNSET */
88 sip_sec_create_context__NONE
, /* AUTH_TYPE_DIGEST */
89 sip_sec_create_context__NTLM
, /* AUTH_TYPE_NTLM */
90 sip_sec_create_context__Kerberos
, /* AUTH_TYPE_KERBEROS */
91 sip_sec_create_context__Negotiate
, /* AUTH_TYPE_NEGOTIATE */
94 context
= (*(auth_to_hook
[type
]))(type
);
99 context
->is_connection_based
= is_connection_based
;
101 ret
= (*context
->acquire_cred_func
)(context
, domain
, username
, password
);
102 if (ret
!= SIP_SEC_E_OK
) {
103 SIPE_DEBUG_INFO_NOFORMAT("ERROR: sip_sec_init_context failed to acquire credentials.");
104 (*context
->destroy_context_func
)(context
);
113 sip_sec_init_context_step(SipSecContext context
,
115 const char *input_toked_base64
,
116 char **output_toked_base64
,
119 sip_uint32 ret
= SIP_SEC_E_INTERNAL_ERROR
;
122 SipSecBuffer in_buff
= {0, NULL
};
123 SipSecBuffer out_buff
= {0, NULL
};
126 /* Not NULL for NTLM Type 2 */
127 if (input_toked_base64
) {
128 in_buff
.value
= g_base64_decode(input_toked_base64
, &in_buff
.length
);
130 tmp
= sip_sec_ntlm_message_describe(in_buff
);
132 SIPE_DEBUG_INFO("sip_sec_init_context_step: Challenge message is:\n%s", tmp
);
137 ret
= (*context
->init_context_func
)(context
, in_buff
, &out_buff
, target
);
139 if (input_toked_base64
)
140 g_free(in_buff
.value
);
142 if (ret
== SIP_SEC_E_OK
|| ret
== SIP_SEC_I_CONTINUE_NEEDED
) {
143 *output_toked_base64
= g_base64_encode(out_buff
.value
, out_buff
.length
);
145 if (out_buff
.length
> 0 && out_buff
.value
) {
146 tmp
= sip_sec_ntlm_message_describe(out_buff
);
148 SIPE_DEBUG_INFO("sip_sec_init_context_step: Negotiate or Authenticate message is:\n%s", tmp
);
153 g_free(out_buff
.value
);
157 *expires
= context
->expires
;
165 sip_sec_init_context(SipSecContext
*context
,
170 const char *username
,
171 const char *password
,
173 const char *input_toked_base64
)
176 char *output_toked_base64
= NULL
;
179 *context
= sip_sec_create_context(type
,
181 0, /* Connectionless for SIP */
186 SIPE_DEBUG_INFO_NOFORMAT("ERROR: sip_sec_init_context: failed sip_sec_create_context()");
190 ret
= sip_sec_init_context_step(*context
,
193 &output_toked_base64
,
196 /* for NTLM type 3 */
197 if (ret
== SIP_SEC_I_CONTINUE_NEEDED
) {
198 g_free(output_toked_base64
);
199 ret
= sip_sec_init_context_step(*context
,
202 &output_toked_base64
,
210 return output_toked_base64
;
214 sip_sec_destroy_context(SipSecContext context
)
216 if (context
) (*context
->destroy_context_func
)(context
);
219 char * sip_sec_make_signature(SipSecContext context
, const char *message
)
221 SipSecBuffer signature
;
224 if(((*context
->make_signature_func
)(context
, message
, &signature
)) != SIP_SEC_E_OK
) {
225 SIPE_DEBUG_INFO_NOFORMAT("ERROR: sip_sec_make_signature failed. Unable to sign message!");
228 signature_hex
= buff_to_hex_str(signature
.value
, signature
.length
);
229 g_free(signature
.value
);
230 return signature_hex
;
233 int sip_sec_verify_signature(SipSecContext context
, const char *message
, const char *signature_hex
)
235 SipSecBuffer signature
;
238 SIPE_DEBUG_INFO("sip_sec_verify_signature: message is:%s signature to verify is:%s",
239 message
? message
: "", signature_hex
? signature_hex
: "");
241 if (!message
|| !signature_hex
) return SIP_SEC_E_INTERNAL_ERROR
;
243 signature
.length
= hex_str_to_buff(signature_hex
, &signature
.value
);
244 res
= (*context
->verify_signature_func
)(context
, message
, signature
);
245 g_free(signature
.value
);
249 /* Initialize & Destroy */
250 void sip_sec_init(void)
252 sip_sec_init__ntlm();
255 void sip_sec_destroy(void)
257 sip_sec_destroy__ntlm();