src/core/sip-sec.h

   1 /**
   2  * @file sip-sec.h
   3  *
   4  * pidgin-sipe
   5  *
   6  * Copyright (C) 2010-2013 SIPE Project <http://sipe.sourceforge.net/>
   7  * Copyright (C) 2009 pier11 <pier11@operamail.com>
   8  *
   9  *
  10  * This program is free software; you can redistribute it and/or modify
  11  * it under the terms of the GNU General Public License as published by
  12  * the Free Software Foundation; either version 2 of the License, or
  13  * (at your option) any later version.
  14  *
  15  * This program is distributed in the hope that it will be useful,
  16  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  17  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  18  * GNU General Public License for more details.
  19  *
  20  * You should have received a copy of the GNU General Public License
  21  * along with this program; if not, write to the Free Software
  22  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  23  */
  24
  25 /* Opaque type definition for security context */
  26 typedef struct sip_sec_context *SipSecContext;
  27
  28 /*** Sipe convenience methods ***/
  29
  30 /**
  31  * Initializes Sipe security context.
  32  * Obtains cashed initial credentials (TGT for Kerberos) or requests new ones if required.
  33  * In former case domain/username/password information is unnecessary.
  34  *
  35  * @param type     (in) authentication type
  36  * @param sso      (in) @c TRUE if Single Sign-On should be used
  37  * @param http     (in) @c TRUE if HTTP, @c FALSE for SIP
  38  * @param domain   (in) NTLM Domain/Kerberos Realm (ignored for SSO)
  39  * @param username (in) user name (can be NULL)    (ignored for SSO)
  40  * @param password (in) password (can be NULL)     (ignored for SSO)
  41  *
  42  * @return context security context to store and pass between security method invocations
  43  */
  44 SipSecContext
  45 sip_sec_create_context(guint type,
  46                        gboolean sso,
  47                        gboolean http,
  48                        const gchar *domain,
  49                        const gchar *username,
  50                        const gchar *password);
  51
  52 /**
  53  * Obtains Service ticket (for Kerberos), base64 encodes it and provide as output.
  54  *
  55  * @param context (in) security context to pass between security method invocations
  56  * @param target (in) security target. Service principal name on case of Kerberos.
  57  * @param input_toked_base64 (in) base64 encoded input security token. This is Type2 NTLM message or NULL.
  58  * @param output_toked_base64 (out) base64 encoded output token to send to server.
  59  * @param expires (out) security context expiration time in seconds.
  60  *
  61  * @return @c TRUE if successful
  62  *
  63  */
  64 gboolean
  65 sip_sec_init_context_step(SipSecContext context,
  66                           const gchar *target,
  67                           const gchar *input_toked_base64,
  68                           gchar **output_toked_base64,
  69                           guint *expires);
  70
  71 /**
  72  * Check if the authentication of a security context is completed and it is
  73  * ready to be used for message signing and signature verification
  74  *
  75  * @param context (in) security context. May be @c NULL.
  76  *
  77  * @return @c TRUE if authentication is completed
  78  */
  79 gboolean sip_sec_context_is_ready(SipSecContext context);
  80
  81 /**
  82  * A convenience method for sipe.
  83  * Destroys security context.
  84  *
  85  * @param context (in,out) security context to destroy
  86  */
  87 void sip_sec_destroy_context(SipSecContext context);
  88
  89 /**
  90  * A convenience method for sipe.
  91  * Signs incoming message.
  92  *
  93  * @param context (in) security context
  94  * @param message (in) a message to sign.
  95  *
  96  * @return signature for the message. Converted to Hex null terminated string;
  97  */
  98 gchar *sip_sec_make_signature(SipSecContext context,
  99                               const gchar *message);
 100
 101 /**
 102  * A convenience method for sipe.
 103  * Verifies signature for the message.
 104  *
 105  * @param context (in) security context
 106  * @param message (in) which signature to verify. Null terminated string.
 107  * @param signature_hex (in) signature to test in Hex representation. Null terminated string. Example: "602306092A864886F71201020201011100FFFFFFFF1A306ACB7BE311827BBF7208D80D15E3"
 108  *
 109  * @return FALSE on error
 110  */
 111 gboolean sip_sec_verify_signature(SipSecContext context,
 112                                   const gchar *message,
 113                                   const gchar *signature_hex);
 114
 115 /**
 116  * Check if authentication scheme requires a password
 117  *
 118  * @param type authentication type
 119  * @param sso  TRUE if user selected Single-Sign On
 120  *
 121  * @return @c TRUE if password is required
 122  */
 123 gboolean sip_sec_requires_password(guint authentication,
 124                                    gboolean sso);
 125
 126 /**
 127  * Initialize & destroy functions for sip-sec.
 128  * Should be called on loading and unloading of the core.
 129  */
 130 void sip_sec_init(void);
 131 void sip_sec_destroy(void);