src/core/sip-sec.h

   1 /**
   2  * @file sip-sec.h
   3  *
   4  * pidgin-sipe
   5  *
   6  * Copyright (C) 2010-12 SIPE Project <http://sipe.sourceforge.net/>
   7  * Copyright (C) 2009 pier11 <pier11@operamail.com>
   8  *
   9  *
  10  * This program is free software; you can redistribute it and/or modify
  11  * it under the terms of the GNU General Public License as published by
  12  * the Free Software Foundation; either version 2 of the License, or
  13  * (at your option) any later version.
  14  *
  15  * This program is distributed in the hope that it will be useful,
  16  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  17  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  18  * GNU General Public License for more details.
  19  *
  20  * You should have received a copy of the GNU General Public License
  21  * along with this program; if not, write to the Free Software
  22  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  23  */
  24
  25 /* Opaque type definition for security context */
  26 typedef struct sip_sec_context *SipSecContext;
  27
  28 /*** Sipe convenience methods ***/
  29
  30 /**
  31  * Initializes Sipe security context.
  32  * Obtains cashed initial credentials (TGT for Kerberos) or requests new ones if required.
  33  * In former case domain/username/password information is unnecessary.
  34  *
  35  * @param type (in) authentication type
  36  * @param sso (in) use Single Sign-On
  37  * @param is_connection_based (in) context is used for a connection
  38  * @param domain (in) NTLM Domain/Kerberos Realm.
  39  * @param username (in) user name (can be NULL)
  40  * @param password (in) password (can be NULL)
  41  *
  42  * @return context security context to store and pass between security method invocations
  43  */
  44 SipSecContext
  45 sip_sec_create_context(guint type,
  46                        const int  sso,
  47                        int is_connection_based,
  48                        const char *domain,
  49                        const char *username,
  50                        const char *password);
  51
  52 /**
  53  * Obtains Service ticket (for Kerberos), base64 encodes it and provide as output.
  54  *
  55  * @param context (in) security context to pass between security method invocations
  56  * @param target (in) security target. Service principal name on case of Kerberos.
  57  * @param input_toked_base64 (in) base64 encoded input security token. This is Type2 NTLM message or NULL.
  58  * @param output_toked_base64 (out) base64 encoded output token to send to server.
  59  * @param expires (out) security context expiration time in seconds.
  60  *
  61  * @return SIP_SEC_* value signifying success of the operation.
  62  *
  63  */
  64 unsigned long
  65 sip_sec_init_context_step(SipSecContext context,
  66                           const char *target,
  67                           const char *input_toked_base64,
  68                           char **output_toked_base64,
  69                           int *expires);
  70
  71 /**
  72  * A convenience method for sipe. Combines execution on sip_sec_create_context()
  73  * and sip_sec_init_context_step(). Suitable for connectionless NTLM (as in SIP).
  74  * Unsuitable for connection-based (TCP, TLS) Web authentication.
  75  *
  76  * Initializes security context.
  77  * Obtains cashed initial credentials (TGT for Kerberos) or requests new ones if required. In former case domain/username/password information is unnecessary.
  78  * Then obtains Service ticket (for Kerberos) , base64 encodes it and provide as output.
  79  *
  80  * @param context (in,out) security context to store and pass between security method invocations
  81  * @param mech (in) security mechanism - NTLM or Kerberos
  82  * @param domain (in) NTLM Domain/Kerberos Realm.
  83  * @param target (in) security target. Service principal name on case of Kerberos.
  84  * @param input_toked_base64 (in) base64 encoded input security token. This is Type2 NTLM message or NULL for Kerberos.
  85  * @param expires (out) security context expiration time in seconds.
  86  *
  87  * @return base64 encoded output token to send to server.
  88  */
  89 char *sip_sec_init_context(SipSecContext *context,
  90                            int *expires,
  91                            guint type,
  92                            const int  sso,
  93                            const char *domain,
  94                            const char *username,
  95                            const char *password,
  96                            const char *target,
  97                            const char *input_toked_base64);
  98
  99 /**
 100  * Check if the authentication of a security context is completed and it is
 101  * ready to be used for message signing and signature verification
 102  *
 103  * @param context (in) security context. May be @c NULL.
 104  *
 105  * @return @TRUE if authentication is completed
 106  */
 107 gboolean sip_sec_context_is_ready(SipSecContext context);
 108
 109 /**
 110  * A convenience method for sipe.
 111  * Destroys security context.
 112  *
 113  * @param context (in,out) security context to destroy
 114  */
 115 void sip_sec_destroy_context(SipSecContext context);
 116
 117 /**
 118  * A convenience method for sipe.
 119  * Signs incoming message.
 120  *
 121  * @param context (in) security context
 122  * @param message (in) a message to sign.
 123  *
 124  * @return signature for the message. Converted to Hex null terminated string;
 125  */
 126 char *sip_sec_make_signature(SipSecContext context,
 127                              const char *message);
 128
 129 /**
 130  * A convenience method for sipe.
 131  * Verifies signature for the message.
 132  *
 133  * @param context (in) security context
 134  * @param message (in) which signature to verify. Null terminated string.
 135  * @param signature_hex (in) signature to test in Hex representation. Null terminated string. Example: "602306092A864886F71201020201011100FFFFFFFF1A306ACB7BE311827BBF7208D80D15E3"
 136  *
 137  * @return FALSE on error
 138  */
 139 int sip_sec_verify_signature(SipSecContext context,
 140                              const char *message,
 141                              const char *signature_hex);
 142
 143 /**
 144  * Check if authentication scheme requires a password
 145  *
 146  * @param type authentication type
 147  * @param sso  TRUE if user selected Single-Sign On
 148  *
 149  * @return TRUE if password is required
 150  */
 151 gboolean sip_sec_requires_password(guint authentication,
 152                                    gboolean sso);
 153
 154 /**
 155  * Initialize & destroy functions for sip-sec.
 156  * Should be called on loading and unloading of the core.
 157  */
 158 void sip_sec_init(void);
 159 void sip_sec_destroy(void);