src/core/sip-sec.c

   1 /**
   2  * @file sip-sec.c
   3  *
   4  * pidgin-sipe
   5  *
   6  * Copyright (C) 2010-2013 SIPE Project <http://sipe.sourceforge.net/>
   7  * Copyright (C) 2009 pier11 <pier11@operamail.com>
   8  *
   9  *
  10  * This program is free software; you can redistribute it and/or modify
  11  * it under the terms of the GNU General Public License as published by
  12  * the Free Software Foundation; either version 2 of the License, or
  13  * (at your option) any later version.
  14  *
  15  * This program is distributed in the hope that it will be useful,
  16  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  17  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  18  * GNU General Public License for more details.
  19  *
  20  * You should have received a copy of the GNU General Public License
  21  * along with this program; if not, write to the Free Software
  22  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  23  */
  24
  25 #ifdef HAVE_CONFIG_H
  26 #include "config.h"
  27 #endif
  28
  29 #include <stdlib.h>
  30 #include <string.h>
  31 #include <stdio.h>
  32 #include <time.h>
  33
  34 #include <glib.h>
  35
  36 #include "sipe-common.h"
  37 #include "sip-sec.h"
  38 #include "sipe-backend.h"
  39 #include "sipe-utils.h"
  40
  41 #include "sip-sec-mech.h"
  42 #ifndef _WIN32
  43 #include "sip-sec-ntlm.h"
  44 #include "sip-sec-tls-dsk.h"
  45 #define sip_sec_create_context__NTLM            sip_sec_create_context__ntlm
  46 #define sip_sec_password__NTLM                  sip_sec_password__ntlm
  47 #define sip_sec_create_context__Negotiate       sip_sec_create_context__NONE
  48 /* #define sip_sec_password__Negotiate: see below */
  49 #define sip_sec_create_context__TLS_DSK         sip_sec_create_context__tls_dsk
  50 #define sip_sec_password__TLS_DSK               sip_sec_password__tls_dsk
  51
  52 #ifdef HAVE_LIBKRB5
  53 #include "sip-sec-krb5.h"
  54 #define sip_sec_create_context__Kerberos        sip_sec_create_context__krb5
  55 #define sip_sec_password__Kerberos              sip_sec_password__krb5
  56 #else
  57 #define sip_sec_create_context__Kerberos        sip_sec_create_context__NONE
  58 #define sip_sec_password__Kerberos              sip_sec_password__NONE
  59 #endif
  60
  61 #else /* _WIN32 */
  62 #ifdef HAVE_SSPI
  63 #include "sip-sec-sspi.h"
  64 #define sip_sec_create_context__NTLM            sip_sec_create_context__sspi
  65 #define sip_sec_password__NTLM                  sip_sec_password__sspi
  66 #define sip_sec_create_context__Negotiate       sip_sec_create_context__sspi
  67 /* #define sip_sec_password__Negotiate: see below */
  68 #define sip_sec_create_context__Kerberos        sip_sec_create_context__sspi
  69 #define sip_sec_password__Kerberos              sip_sec_password__sspi
  70 #define sip_sec_create_context__TLS_DSK         sip_sec_create_context__sspi
  71 #define sip_sec_password__TLS_DSK               sip_sec_password__sspi
  72 #else /* !HAVE_SSPI */
  73 #include "sip-sec-ntlm.h"
  74 #include "sip-sec-tls-dsk.h"
  75 #define sip_sec_create_context__NTLM            sip_sec_create_context__ntlm
  76 #define sip_sec_password__NTLM                  sip_sec_password__ntlm
  77 #define sip_sec_create_context__Negotiate       sip_sec_create_context__NONE
  78 /* #define sip_sec_password__Negotiate: see below */
  79 #define sip_sec_create_context__Kerberos        sip_sec_create_context__NONE
  80 #define sip_sec_password__Kerberos              sip_sec_password__NONE
  81 #define sip_sec_create_context__TLS_DSK         sip_sec_create_context__tls_dsk
  82 #define sip_sec_password__TLS_DSK               sip_sec_password__tls_dsk
  83 #endif /* HAVE_SSPI */
  84
  85 #endif /* _WIN32 */
  86
  87 /* Dummy initialization hook */
  88 static SipSecContext
  89 sip_sec_create_context__NONE(SIPE_UNUSED_PARAMETER guint type)
  90 {
  91         return(NULL);
  92 }
  93
  94 static gboolean sip_sec_password__NONE(void)
  95 {
  96         return(TRUE);
  97 }
  98
  99 /* sip_sec API methods */
 100 SipSecContext
 101 sip_sec_create_context(guint type,
 102                        const int  sso,
 103                        int is_connection_based,
 104                        const char *domain,
 105                        const char *username,
 106                        const char *password)
 107 {
 108         SipSecContext context = NULL;
 109
 110         /* Map authentication type to module initialization hook & name */
 111         static sip_sec_create_context_func const auth_to_hook[] = {
 112                 sip_sec_create_context__NONE,      /* SIPE_AUTHENTICATION_TYPE_UNSET     */
 113                 sip_sec_create_context__NTLM,      /* SIPE_AUTHENTICATION_TYPE_NTLM      */
 114                 sip_sec_create_context__Kerberos,  /* SIPE_AUTHENTICATION_TYPE_KERBEROS  */
 115                 sip_sec_create_context__Negotiate, /* SIPE_AUTHENTICATION_TYPE_NEGOTIATE */
 116                 sip_sec_create_context__TLS_DSK,   /* SIPE_AUTHENTICATION_TYPE_TLS_DSK   */
 117         };
 118
 119         context = (*(auth_to_hook[type]))(type);
 120         if (context) {
 121                 sip_uint32 ret;
 122
 123                 context->sso = sso;
 124                 context->is_connection_based = is_connection_based;
 125                 context->is_ready = FALSE;
 126
 127                 ret = (*context->acquire_cred_func)(context, domain, username, password);
 128                 if (ret != SIP_SEC_E_OK) {
 129                         SIPE_DEBUG_INFO_NOFORMAT("ERROR: sip_sec_create_context: failed to acquire credentials.");
 130                         (*context->destroy_context_func)(context);
 131                         context = NULL;
 132                 }
 133         }
 134
 135         return(context);
 136 }
 137
 138 unsigned long
 139 sip_sec_init_context_step(SipSecContext context,
 140                           const char *target,
 141                           const char *input_toked_base64,
 142                           char **output_toked_base64,
 143                           int *expires)
 144 {
 145         sip_uint32 ret = SIP_SEC_E_INTERNAL_ERROR;
 146
 147         if (context) {
 148                 SipSecBuffer in_buff  = {0, NULL};
 149                 SipSecBuffer out_buff = {0, NULL};
 150
 151                 /* Not NULL for NTLM Type 2 or TLS-DSK */
 152                 if (input_toked_base64)
 153                         in_buff.value = g_base64_decode(input_toked_base64, &in_buff.length);
 154
 155                 ret = (*context->init_context_func)(context, in_buff, &out_buff, target);
 156
 157                 if (input_toked_base64)
 158                         g_free(in_buff.value);
 159
 160                 if (ret == SIP_SEC_E_OK) {
 161
 162                         if (out_buff.length > 0 && out_buff.value) {
 163                                 *output_toked_base64 = g_base64_encode(out_buff.value, out_buff.length);
 164                         } else {
 165                                 *output_toked_base64 = g_strdup("");
 166                         }
 167
 168                         g_free(out_buff.value);
 169                 }
 170
 171                 if (expires) {
 172                         *expires = context->expires;
 173                 }
 174         }
 175
 176         return ret;
 177 }
 178
 179 gboolean sip_sec_context_is_ready(SipSecContext context)
 180 {
 181         return(context && (context->is_ready != 0));
 182 }
 183
 184 void
 185 sip_sec_destroy_context(SipSecContext context)
 186 {
 187         if (context) (*context->destroy_context_func)(context);
 188 }
 189
 190 char * sip_sec_make_signature(SipSecContext context, const char *message)
 191 {
 192         SipSecBuffer signature;
 193         char *signature_hex;
 194
 195         if(((*context->make_signature_func)(context, message, &signature)) != SIP_SEC_E_OK) {
 196                 SIPE_DEBUG_INFO_NOFORMAT("ERROR: sip_sec_make_signature failed. Unable to sign message!");
 197                 return NULL;
 198         }
 199         signature_hex = buff_to_hex_str(signature.value, signature.length);
 200         g_free(signature.value);
 201         return signature_hex;
 202 }
 203
 204 int sip_sec_verify_signature(SipSecContext context, const char *message, const char *signature_hex)
 205 {
 206         SipSecBuffer signature;
 207         sip_uint32 res;
 208
 209         SIPE_DEBUG_INFO("sip_sec_verify_signature: message is:%s signature to verify is:%s",
 210                         message ? message : "", signature_hex ? signature_hex : "");
 211
 212         if (!message || !signature_hex) return SIP_SEC_E_INTERNAL_ERROR;
 213
 214         signature.length = hex_str_to_buff(signature_hex, &signature.value);
 215         res = (*context->verify_signature_func)(context, message, signature);
 216         g_free(signature.value);
 217         return res;
 218 }
 219
 220 /* Does authentication type require a password? */
 221 gboolean sip_sec_requires_password(guint authentication,
 222                                    gboolean sso)
 223 {
 224         /* Map authentication type to module initialization hook & name */
 225         static sip_sec_password_func const auth_to_hook[] = {
 226                 sip_sec_password__NONE,     /* SIPE_AUTHENTICATION_TYPE_UNSET     */
 227                 sip_sec_password__NTLM,     /* SIPE_AUTHENTICATION_TYPE_NTLM      */
 228                 sip_sec_password__Kerberos, /* SIPE_AUTHENTICATION_TYPE_KERBEROS  */
 229                 /* Negotiate is only used internally so pasword requirement doesn't make sense */
 230                 sip_sec_password__NONE,     /* SIPE_AUTHENTICATION_TYPE_NEGOTIATE */
 231                 sip_sec_password__TLS_DSK,  /* SIPE_AUTHENTICATION_TYPE_TLS_DSK   */
 232         };
 233
 234         /* If Single-Sign On is disabled then a password is required */
 235         if (!sso)
 236                 return(TRUE);
 237
 238         /* Check if authentation method supports Single-Sign On */
 239         return((*(auth_to_hook[authentication]))());
 240 }
 241
 242 /* Initialize & Destroy */
 243 void sip_sec_init(void)
 244 {
 245 #ifndef HAVE_SSPI
 246         sip_sec_init__ntlm();
 247 #endif
 248 }
 249
 250 void sip_sec_destroy(void)
 251 {
 252 #ifndef HAVE_SSPI
 253         sip_sec_destroy__ntlm();
 254 #endif
 255 }
 256
 257 /*
 258   Local Variables:
 259   mode: c
 260   c-file-style: "bsd"
 261   indent-tabs-mode: t
 262   tab-width: 8
 263   End:
 264 */