src/sip-sec.h

   1 /**
   2  * @file sip-sec.h
   3  *
   4  * pidgin-sipe
   5  *
   6  * Copyright (C) 2009 pier11 <pier11@operamail.com>
   7  *
   8  *
   9  * This program is free software; you can redistribute it and/or modify
  10  * it under the terms of the GNU General Public License as published by
  11  * the Free Software Foundation; either version 2 of the License, or
  12  * (at your option) any later version.
  13  *
  14  * This program is distributed in the hope that it will be useful,
  15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  17  * GNU General Public License for more details.
  18  *
  19  * You should have received a copy of the GNU General Public License
  20  * along with this program; if not, write to the Free Software
  21  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  22  */
  23
  24 #define SIPE_UNUSED_PARAMETER __attribute__((unused))
  25
  26 /* Opaque type definition for security context */
  27 typedef struct sip_sec_context *SipSecContext;
  28
  29 typedef enum
  30 {
  31         AUTH_TYPE_UNSET = 0,
  32         AUTH_TYPE_DIGEST,
  33         AUTH_TYPE_NTLM,
  34         AUTH_TYPE_KERBEROS
  35 } SipSecAuthType;
  36
  37 //// Sipe convenience methods ////
  38
  39 /**
  40  * A convenience method for sipe.
  41  * Initializes security context.
  42  * Obtains cashed initial credentials (TGT for Kerberos) or requests new ones if required. In former case domain/username/password information is unnecessary.
  43  * Then obtains Service ticket (for Kerberos) , base64 encodes it and provide as output.
  44  *
  45  * @param context (in,out) security context to store and pass between security method invocations
  46  * @param mech (in) security mechanism - NTLM or Kerberos
  47  * @param domain (in) NTLM Domain/Kerberos Realm.
  48  * @param target (in) security target. Service principal name on case of Kerberos.
  49  * @param input_toked_base64 (in) base64 encoded input security token. This is Type2 NTLM message or NULL for Kerberos.
  50  * @param expires (out) security context expiration time in seconds.
  51  *
  52  * @return base64 encoded output token to send to server.
  53  */
  54 char *sip_sec_init_context(SipSecContext *context,
  55                            int *expires,
  56                            SipSecAuthType type,
  57                            const int  sso,
  58                            const char *domain,
  59                            const char *username,
  60                            const char *password,
  61                            const char *target,
  62                            const char *input_toked_base64);
  63
  64 /**
  65  * A convenience method for sipe.
  66  * Destroys security context.
  67  *
  68  * @param context (in,out) security context to destroy
  69  */
  70 void sip_sec_destroy_context(SipSecContext context);
  71
  72 /**
  73  * A convenience method for sipe.
  74  * Signs incoming message.
  75  *
  76  * @param message (in) a message to sign.
  77  *
  78  * @return signature for the message. Converted to Hex null terminated string;
  79  */
  80 char *sip_sec_make_signature(SipSecContext context,
  81                              const char *message);
  82
  83 /**
  84  * A convenience method for sipe.
  85  * Verifies signature for the message.
  86  *
  87  * @param mesage (in) which signature to verify. Null terminated string.
  88  * @param signature_hex (in) signature to test in Hex representation. Null terminated string. Example: "602306092A864886F71201020201011100FFFFFFFF1A306ACB7BE311827BBF7208D80D15E3"
  89  *
  90  * @return FALSE on error
  91  */
  92 int sip_sec_verify_signature(SipSecContext context,
  93                              const char *message,
  94                              const char *signature_hex);