search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
audio: don't use GHashTableIter
[siplcs.git] / src / core / sip-sec.c
blobd241244b41d23dc8bc8559bd213b9c71c5dc6676
1 /**
2 * @file sip-sec.c
3 *
4 * pidgin-sipe
5 *
6 * Copyright (C) 2010 SIPE Project <http://sipe.sourceforge.net/>
7 * Copyright (C) 2009 pier11 <pier11@operamail.com>
8 *
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by
12 * the Free Software Foundation; either version 2 of the License, or
13 * (at your option) any later version.
14 *
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
19 *
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
23 */
24
25 #ifdef HAVE_CONFIG_H
26 #include "config.h"
27 #endif
28
29 #include <stdlib.h>
30 #include <string.h>
31 #include <stdio.h>
32 #include <time.h>
33
34 #include <glib.h>
35
36 #include "sipe-common.h"
37 #include "sip-sec.h"
38 #include "sipe-backend.h"
39 #include "sipe-utils.h"
40
41 #include "sip-sec-mech.h"
42 #include "sip-sec-ntlm.h"
43 #ifndef _WIN32
44 #define sip_sec_create_context__NTLM sip_sec_create_context__ntlm
45 #define sip_sec_create_context__Negotiate sip_sec_create_context__NONE
46
47 #ifdef HAVE_LIBKRB5
48 #include "sip-sec-krb5.h"
49 #define sip_sec_create_context__Kerberos sip_sec_create_context__krb5
50 #else
51 #define sip_sec_create_context__Kerberos sip_sec_create_context__NONE
52 #endif
53
54 #else /* _WIN32 */
55 #ifdef HAVE_LIBKRB5
56 #include "sip-sec-sspi.h"
57 #define sip_sec_create_context__NTLM sip_sec_create_context__sspi
58 #define sip_sec_create_context__Negotiate sip_sec_create_context__sspi
59 #define sip_sec_create_context__Kerberos sip_sec_create_context__sspi
60 #else /* HAVE_LIBKRB5 */
61 #define sip_sec_create_context__NTLM sip_sec_create_context__ntlm
62 #define sip_sec_create_context__Negotiate sip_sec_create_context__NONE
63 #define sip_sec_create_context__Kerberos sip_sec_create_context__NONE
64 #endif /* HAVE_LIBKRB5 */
65
66 #endif /* _WIN32 */
67
68 /* Dummy initialization hook */
69 static SipSecContext
70 sip_sec_create_context__NONE(SIPE_UNUSED_PARAMETER guint type)
71 {
72 return(NULL);
73 }
74
75 /* sip_sec API methods */
76 SipSecContext
77 sip_sec_create_context(guint type,
78 const int sso,
79 int is_connection_based,
80 const char *domain,
81 const char *username,
82 const char *password)
83 {
84 SipSecContext context = NULL;
85
86 /* Map authentication type to module initialization hook & name */
87 static sip_sec_create_context_func const auth_to_hook[] = {
88 sip_sec_create_context__NONE, /* AUTH_TYPE_UNSET */
89 sip_sec_create_context__NONE, /* AUTH_TYPE_DIGEST */
90 sip_sec_create_context__NTLM, /* AUTH_TYPE_NTLM */
91 sip_sec_create_context__Kerberos, /* AUTH_TYPE_KERBEROS */
92 sip_sec_create_context__Negotiate, /* AUTH_TYPE_NEGOTIATE */
93 };
94
95 context = (*(auth_to_hook[type]))(type);
96 if (context) {
97 sip_uint32 ret;
98
99 context->sso = sso;
100 context->is_connection_based = is_connection_based;
101
102 ret = (*context->acquire_cred_func)(context, domain, username, password);
103 if (ret != SIP_SEC_E_OK) {
104 SIPE_DEBUG_INFO_NOFORMAT("ERROR: sip_sec_init_context failed to acquire credentials.");
105 (*context->destroy_context_func)(context);
106 context = NULL;
107 }
108 }
109
110 return(context);
111 }
112
113 unsigned long
114 sip_sec_init_context_step(SipSecContext context,
115 const char *target,
116 const char *input_toked_base64,
117 char **output_toked_base64,
118 int *expires)
119 {
120 sip_uint32 ret = SIP_SEC_E_INTERNAL_ERROR;
121
122 if (context) {
123 SipSecBuffer in_buff = {0, NULL};
124 SipSecBuffer out_buff = {0, NULL};
125 char *tmp;
126
127 /* Not NULL for NTLM Type 2 */
128 if (input_toked_base64) {
129 in_buff.value = g_base64_decode(input_toked_base64, &in_buff.length);
130
131 tmp = sip_sec_ntlm_message_describe(in_buff);
132 if (tmp) {
133 SIPE_DEBUG_INFO("sip_sec_init_context_step: Challenge message is:\n%s", tmp);
134 }
135 g_free(tmp);
136 }
137
138 ret = (*context->init_context_func)(context, in_buff, &out_buff, target);
139
140 if (input_toked_base64)
141 g_free(in_buff.value);
142
143 if (ret == SIP_SEC_E_OK || ret == SIP_SEC_I_CONTINUE_NEEDED) {
144 *output_toked_base64 = g_base64_encode(out_buff.value, out_buff.length);
145
146 if (out_buff.length > 0 && out_buff.value) {
147 tmp = sip_sec_ntlm_message_describe(out_buff);
148 if (tmp) {
149 SIPE_DEBUG_INFO("sip_sec_init_context_step: Negotiate or Authenticate message is:\n%s", tmp);
150 }
151 g_free(tmp);
152 }
153
154 g_free(out_buff.value);
155 }
156
157 if (expires) {
158 *expires = context->expires;
159 }
160 }
161
162 return ret;
163 }
164
165 char *
166 sip_sec_init_context(SipSecContext *context,
167 int *expires,
168 guint type,
169 const int sso,
170 const char *domain,
171 const char *username,
172 const char *password,
173 const char *target,
174 const char *input_toked_base64)
175 {
176 sip_uint32 ret;
177 char *output_toked_base64 = NULL;
178 int exp;
179
180 *context = sip_sec_create_context(type,
181 sso,
182 0, /* Connectionless for SIP */
183 domain,
184 username,
185 password);
186 if (!*context) {
187 SIPE_DEBUG_INFO_NOFORMAT("ERROR: sip_sec_init_context: failed sip_sec_create_context()");
188 return NULL;
189 }
190
191 ret = sip_sec_init_context_step(*context,
192 target,
193 NULL,
194 &output_toked_base64,
195 &exp);
196
197 /* for NTLM type 3 */
198 if (ret == SIP_SEC_I_CONTINUE_NEEDED) {
199 g_free(output_toked_base64);
200 ret = sip_sec_init_context_step(*context,
201 target,
202 input_toked_base64,
203 &output_toked_base64,
204 &exp);
205 }
206
207 if (expires) {
208 *expires = exp;
209 }
210
211 return output_toked_base64;
212 }
213
214 void
215 sip_sec_destroy_context(SipSecContext context)
216 {
217 if (context) (*context->destroy_context_func)(context);
218 }
219
220 char * sip_sec_make_signature(SipSecContext context, const char *message)
221 {
222 SipSecBuffer signature;
223 char *signature_hex;
224
225 if(((*context->make_signature_func)(context, message, &signature)) != SIP_SEC_E_OK) {
226 SIPE_DEBUG_INFO_NOFORMAT("ERROR: sip_sec_make_signature failed. Unable to sign message!");
227 return NULL;
228 }
229 signature_hex = buff_to_hex_str(signature.value, signature.length);
230 g_free(signature.value);
231 return signature_hex;
232 }
233
234 int sip_sec_verify_signature(SipSecContext context, const char *message, const char *signature_hex)
235 {
236 SipSecBuffer signature;
237 sip_uint32 res;
238
239 SIPE_DEBUG_INFO("sip_sec_verify_signature: message is:%s signature to verify is:%s",
240 message ? message : "", signature_hex ? signature_hex : "");
241
242 if (!message || !signature_hex) return SIP_SEC_E_INTERNAL_ERROR;
243
244 signature.length = hex_str_to_buff(signature_hex, &signature.value);
245 res = (*context->verify_signature_func)(context, message, signature);
246 g_free(signature.value);
247 return res;
248 }
249
250 /* Initialize & Destroy */
251 void sip_sec_init(void)
252 {
253 sip_sec_init__ntlm();
254 }
255
256 void sip_sec_destroy(void)
257 {
258 sip_sec_destroy__ntlm();
259 }
260
261 /*
262 Local Variables:
263 mode: c
264 c-file-style: "bsd"
265 indent-tabs-mode: t
266 tab-width: 8
267 End:
268 */
A third-party Pidgin plugin for Microsoft LCS/OCS