6 * Copyright (C) 2010 SIPE Project <http://sipe.sourceforge.net/>
7 * Copyright (C) 2009 pier11 <pier11@operamail.com>
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by
12 * the Free Software Foundation; either version 2 of the License, or
13 * (at your option) any later version.
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
25 /* Opaque type definition for security context */
26 typedef struct sip_sec_context
*SipSecContext
;
28 typedef enum sip_sec_auth_type
37 /*** Sipe convenience methods ***/
40 * Initializes Sipe security context.
41 * Obtains cashed initial credentials (TGT for Kerberos) or requests new ones if required.
42 * In former case domain/username/password information is unnecessary.
44 * @param type (in) authentication type
45 * @param sso (in) use Single Sign-On
46 * @param is_connection_based (in) context is used for a connection
47 * @param domain (in) NTLM Domain/Kerberos Realm.
48 * @param username (in) user name (can be NULL)
49 * @param password (in) password (can be NULL)
51 * @return context security context to store and pass between security method invocations
54 sip_sec_create_context(SipSecAuthType type
,
56 int is_connection_based
,
59 const char *password
);
62 * Obtains Service ticket (for Kerberos), base64 encodes it and provide as output.
64 * @param context (in) security context to pass between security method invocations
65 * @param target (in) security target. Service principal name on case of Kerberos.
66 * @param input_toked_base64 (in) base64 encoded input security token. This is Type2 NTLM message or NULL.
67 * @param output_toked_base64 (out) base64 encoded output token to send to server.
68 * @param expires (out) security context expiration time in seconds.
70 * @return SIP_SEC_* value signifying success of the operation.
74 sip_sec_init_context_step(SipSecContext context
,
76 const char *input_toked_base64
,
77 char **output_toked_base64
,
81 * A convenience method for sipe. Combines execution on sip_sec_create_context()
82 * and sip_sec_init_context_step(). Suitable for connectionless NTLM (as in SIP).
83 * Unsuitable for connection-based (TCP, TLS) Web authentication.
85 * Initializes security context.
86 * Obtains cashed initial credentials (TGT for Kerberos) or requests new ones if required. In former case domain/username/password information is unnecessary.
87 * Then obtains Service ticket (for Kerberos) , base64 encodes it and provide as output.
89 * @param context (in,out) security context to store and pass between security method invocations
90 * @param mech (in) security mechanism - NTLM or Kerberos
91 * @param domain (in) NTLM Domain/Kerberos Realm.
92 * @param target (in) security target. Service principal name on case of Kerberos.
93 * @param input_toked_base64 (in) base64 encoded input security token. This is Type2 NTLM message or NULL for Kerberos.
94 * @param expires (out) security context expiration time in seconds.
96 * @return base64 encoded output token to send to server.
98 char *sip_sec_init_context(SipSecContext
*context
,
103 const char *username
,
104 const char *password
,
106 const char *input_toked_base64
);
109 * A convenience method for sipe.
110 * Destroys security context.
112 * @param context (in,out) security context to destroy
114 void sip_sec_destroy_context(SipSecContext context
);
117 * A convenience method for sipe.
118 * Signs incoming message.
120 * @param message (in) a message to sign.
122 * @return signature for the message. Converted to Hex null terminated string;
124 char *sip_sec_make_signature(SipSecContext context
,
125 const char *message
);
128 * A convenience method for sipe.
129 * Verifies signature for the message.
131 * @param mesage (in) which signature to verify. Null terminated string.
132 * @param signature_hex (in) signature to test in Hex representation. Null terminated string. Example: "602306092A864886F71201020201011100FFFFFFFF1A306ACB7BE311827BBF7208D80D15E3"
134 * @return FALSE on error
136 int sip_sec_verify_signature(SipSecContext context
,
138 const char *signature_hex
);
141 * Initialize & destroy functions for sip-sec.
142 * Should be called on loading and unloading of the core.
144 void sip_sec_init(void);
145 void sip_sec_destroy(void);