[thirdparty/squid.git] / lib / ntlmauth / ntlmauth.h

/*
 * Copyright (C) 1996-2018 The Squid Software Foundation and contributors
 *
 * Squid software is distributed under GPLv2+ license and includes
 * contributions from numerous individuals and organizations.
 * Please see the COPYING and CONTRIBUTORS files for details.
 */

#ifndef SQUID_NTLMAUTH_H
#define SQUID_NTLMAUTH_H

/* NP: All of this cruft is little endian */
/* Endian functions are usualy handled by the OS but not always. */
#include "ntlmauth/support_endian.h"

#ifdef __cplusplus
extern "C" {
#endif

/* Used internally. Microsoft seems to think this is right, I believe them.
 * Right. */
#define NTLM_MAX_FIELD_LENGTH 300   /* max length of an NTLMSSP field */

/* max length of the BLOB data. (and helper input/output buffer) */
#define NTLM_BLOB_BUFFER_SIZE 10240

/* Here start the NTLMSSP definitions */

/* these are marked as "extra" fields */
#define NTLM_REQUEST_INIT_RESPONSE          0x100000
#define NTLM_REQUEST_ACCEPT_RESPONSE        0x200000
#define NTLM_REQUEST_NON_NT_SESSION_KEY     0x400000

/* NTLM error codes */
#define NTLM_ERR_INTERNAL         -3
#define NTLM_ERR_BLOB             -2
#define NTLM_ERR_BAD_PROTOCOL     -1
#define NTLM_ERR_NONE              0    /* aka. SMBLM_ERR_NONE */
/* codes used by smb_lm helper */
#define NTLM_ERR_SERVER            1    /* aka. SMBLM_ERR_SERVER   */
#define NTLM_ERR_PROTOCOL          2    /* aka. SMBLM_ERR_PROTOCOL */
#define NTLM_ERR_LOGON             3    /* aka. SMBLM_ERR_LOGON    */
#define NTLM_ERR_UNTRUSTED_DOMAIN  4
#define NTLM_ERR_NOT_CONNECTED     10
/* codes used by mswin_ntlmsspi helper */
#define NTLM_SSPI_ERROR         1
#define NTLM_BAD_NTGROUP        2
#define NTLM_BAD_REQUEST        3
/* TODO: reduce the above codes down to one set non-overlapping. */

/** String header. String data resides at the end of the request */
typedef struct _strhdr {
    int16_t len;        /**< Length in bytes */
    int16_t maxlen;     /**< Allocated space in bytes */
    int32_t offset;     /**< Offset from start of request */
} strhdr;

/** We use this to keep data/length couples. */
typedef struct _lstring {
    int32_t l;          /**< length, -1 if empty */
    char *str;          /**< the string. NULL if not initialized */
} lstring;

/** Debug dump the given flags field to stderr */
void ntlm_dump_ntlmssp_flags(const uint32_t flags);

/* ************************************************************************* */
/* Packet and Payload structures and handling functions */
/* ************************************************************************* */

/* NTLM request types that we know about */
#define NTLM_ANY            0
#define NTLM_NEGOTIATE          1
#define NTLM_CHALLENGE          2
#define NTLM_AUTHENTICATE       3

/** This is an header common to all packets, it's used to discriminate
 * among the different packet signature types.
 */
typedef struct _ntlmhdr {
    char signature[8];      /**< "NTLMSSP" */
    int32_t type;       /**< One of the NTLM_* types above. */
} ntlmhdr;

/** Validate the packet type matches one we want. */
int ntlm_validate_packet(const ntlmhdr *packet, const int32_t type);

/** Retrieve a string from the NTLM packet payload. */
lstring ntlm_fetch_string(const ntlmhdr *packet,
                          const int32_t packet_length,
                          const strhdr *str,
                          const uint32_t flags);

/** Append a string to the NTLM packet payload. */
void ntlm_add_to_payload(const ntlmhdr *packet_hdr,
                         char *payload,
                         int *payload_length,
                         strhdr * hdr,
                         const char *toadd,
                         const uint16_t toadd_length);

/* ************************************************************************* */
/* Negotiate Packet structures and functions */
/* ************************************************************************* */

/* negotiate request flags */
#define NTLM_NEGOTIATE_UNICODE              0x0001
#define NTLM_NEGOTIATE_ASCII                0x0002
#define NTLM_NEGOTIATE_REQUEST_TARGET       0x0004
#define NTLM_NEGOTIATE_REQUEST_SIGN         0x0010
#define NTLM_NEGOTIATE_REQUEST_SEAL         0x0020
#define NTLM_NEGOTIATE_DATAGRAM_STYLE       0x0040
#define NTLM_NEGOTIATE_USE_LM               0x0080
#define NTLM_NEGOTIATE_USE_NETWARE          0x0100
#define NTLM_NEGOTIATE_USE_NTLM             0x0200
#define NTLM_NEGOTIATE_DOMAIN_SUPPLIED      0x1000
#define NTLM_NEGOTIATE_WORKSTATION_SUPPLIED 0x2000
#define NTLM_NEGOTIATE_THIS_IS_LOCAL_CALL   0x4000
#define NTLM_NEGOTIATE_ALWAYS_SIGN          0x8000

/** Negotiation request sent by client */
typedef struct _ntlm_negotiate {
    ntlmhdr hdr;        /**< "NTLMSSP" , LSWAP(0x1) */
    uint32_t flags; /**< Request flags */
    strhdr domain;      /**< Domain we wish to authenticate in */
    strhdr workstation; /**< Client workstation name */
    char payload[256];  /**< String data */
} ntlm_negotiate;

/* ************************************************************************* */
/* Challenge Packet structures and functions */
/* ************************************************************************* */

#define NTLM_NONCE_LEN 8

/* challenge request flags */
#define NTLM_CHALLENGE_TARGET_IS_DOMAIN     0x10000
#define NTLM_CHALLENGE_TARGET_IS_SERVER     0x20000
#define NTLM_CHALLENGE_TARGET_IS_SHARE      0x40000

/** Challenge request sent by server. */
typedef struct _ntlm_challenge {
    ntlmhdr hdr;        /**< "NTLMSSP" , LSWAP(0x2) */
    strhdr target;      /**< Authentication target (domain/server ...) */
    uint32_t flags;     /**< Request flags */
    u_char challenge[NTLM_NONCE_LEN];   /**< Challenge string */
    uint32_t context_low;   /**< LS part of the server context handle */
    uint32_t context_high;  /**< MS part of the server context handle */
    char payload[256];      /**< String data */
} ntlm_challenge;

/* Size of the ntlm_challenge structures formatted fields (excluding payload) */
#define NTLM_CHALLENGE_HEADER_OFFSET    (sizeof(ntlm_challenge)-256)

/** Generate a challenge request nonce. */
void ntlm_make_nonce(char *nonce);

/** Generate a challenge request Blob to be sent to the client.
 * Will silently truncate the domain value at 2^16-1 bytes if larger.
 */
void ntlm_make_challenge(ntlm_challenge *ch,
                         const char *domain,
                         const char *domain_controller,
                         const char *challenge_nonce,
                         const int challenge_nonce_len,
                         const uint32_t flags);

/* ************************************************************************* */
/* Authenticate Packet structures and functions */
/* ************************************************************************* */

/** Authentication request sent by client in response to challenge */
typedef struct _ntlm_authenticate {
    ntlmhdr hdr;        /**< "NTLMSSP" , LSWAP(0x3) */
    strhdr lmresponse;      /**< LANMAN challenge response */
    strhdr ntresponse;      /**< NT challenge response */
    strhdr domain;      /**< Domain to authenticate against */
    strhdr user;        /**< Username */
    strhdr workstation;     /**< Workstation name */
    strhdr sessionkey;      /**< Session key for server's use */
    uint32_t flags;     /**< Request flags */
    char payload[256 * 6];  /**< String data */
} ntlm_authenticate;

/** Unpack username and domain out of a packet payload. */
int ntlm_unpack_auth(const ntlm_authenticate *auth,
                     char *user,
                     char *domain,
                     const int32_t size);

#if __cplusplus
}
#endif

#endif /* SQUID_NTLMAUTH_H */
Commit	Line	Data
94439e4e	1	/*
5b74111a	2	* Copyright (C) 1996-2018 The Squid Software Foundation and contributors
94439e4e	3	*
9c89cd13 AJ	4	* Squid software is distributed under GPLv2+ license and includes
	5	* contributions from numerous individuals and organizations.
	6	* Please see the COPYING and CONTRIBUTORS files for details.
94439e4e	7	*/
94439e4e	8
b5638623	9	#ifndef SQUID_NTLMAUTH_H
b5638623	10	#define SQUID_NTLMAUTH_H
94439e4e	11
dac46b89	12	/* NP: All of this cruft is little endian */
5fc112ea AJ	13	/* Endian functions are usualy handled by the OS but not always. */
5fc112ea AJ	14	#include "ntlmauth/support_endian.h"
77d6bd88	15
75aa769b AJ	16	#ifdef __cplusplus
	17	extern "C" {
	18	#endif
	19
f53969cc SM	20	/* Used internally. Microsoft seems to think this is right, I believe them.
	21	* Right. */
	22	#define NTLM_MAX_FIELD_LENGTH 300 /* max length of an NTLMSSP field */
94439e4e	23
f53969cc	24	/* max length of the BLOB data. (and helper input/output buffer) */
1dcf61eb	25	#define NTLM_BLOB_BUFFER_SIZE 10240
94439e4e	26
f53969cc	27	/* Here start the NTLMSSP definitions */
94439e4e	28
f53969cc	29	/* these are marked as "extra" fields */
1dcf61eb AJ	30	#define NTLM_REQUEST_INIT_RESPONSE 0x100000
	31	#define NTLM_REQUEST_ACCEPT_RESPONSE 0x200000
	32	#define NTLM_REQUEST_NON_NT_SESSION_KEY 0x400000
	33
f53969cc	34	/* NTLM error codes */
1dcf61eb AJ	35	#define NTLM_ERR_INTERNAL -3
	36	#define NTLM_ERR_BLOB -2
	37	#define NTLM_ERR_BAD_PROTOCOL -1
	38	#define NTLM_ERR_NONE 0 /* aka. SMBLM_ERR_NONE */
f53969cc	39	/* codes used by smb_lm helper */
1dcf61eb AJ	40	#define NTLM_ERR_SERVER 1 /* aka. SMBLM_ERR_SERVER */
	41	#define NTLM_ERR_PROTOCOL 2 /* aka. SMBLM_ERR_PROTOCOL */
	42	#define NTLM_ERR_LOGON 3 /* aka. SMBLM_ERR_LOGON */
	43	#define NTLM_ERR_UNTRUSTED_DOMAIN 4
	44	#define NTLM_ERR_NOT_CONNECTED 10
f53969cc	45	/* codes used by mswin_ntlmsspi helper */
1dcf61eb AJ	46	#define NTLM_SSPI_ERROR 1
	47	#define NTLM_BAD_NTGROUP 2
	48	#define NTLM_BAD_REQUEST 3
f53969cc SM	49	/* TODO: reduce the above codes down to one set non-overlapping. */
	50
	51	/** String header. String data resides at the end of the request */
	52	typedef struct _strhdr {
	53	int16_t len; /*< Length in bytes /
	54	int16_t maxlen; /*< Allocated space in bytes /
	55	int32_t offset; /*< Offset from start of request /
	56	} strhdr;
	57
	58	/** We use this to keep data/length couples. */
	59	typedef struct _lstring {
	60	int32_t l; /*< length, -1 if empty /
	61	char str; /< the string. NULL if not initialized /
	62	} lstring;
	63
	64	/** Debug dump the given flags field to stderr */
	65	void ntlm_dump_ntlmssp_flags(const uint32_t flags);
	66
	67	/* ************************************************************************* */
	68	/* Packet and Payload structures and handling functions */
	69	/* ************************************************************************* */
	70
	71	/* NTLM request types that we know about */
	72	#define NTLM_ANY 0
	73	#define NTLM_NEGOTIATE 1
	74	#define NTLM_CHALLENGE 2
	75	#define NTLM_AUTHENTICATE 3
	76
	77	/** This is an header common to all packets, it's used to discriminate
	78	* among the different packet signature types.
	79	*/
	80	typedef struct _ntlmhdr {
	81	char signature[8]; /*< "NTLMSSP" /
	82	int32_t type; /*< One of the NTLM_ types above. */
	83	} ntlmhdr;
	84
	85	/** Validate the packet type matches one we want. */
	86	int ntlm_validate_packet(const ntlmhdr *packet, const int32_t type);
	87
	88	/** Retrieve a string from the NTLM packet payload. */
	89	lstring ntlm_fetch_string(const ntlmhdr *packet,
	90	const int32_t packet_length,
	91	const strhdr *str,
	92	const uint32_t flags);
	93
	94	/** Append a string to the NTLM packet payload. */
	95	void ntlm_add_to_payload(const ntlmhdr *packet_hdr,
	96	char *payload,
	97	int *payload_length,
	98	strhdr * hdr,
	99	const char *toadd,
	100	const uint16_t toadd_length);
	101
	102	/* ************************************************************************* */
	103	/* Negotiate Packet structures and functions */
	104	/* ************************************************************************* */
	105
	106	/* negotiate request flags */
1dcf61eb AJ	107	#define NTLM_NEGOTIATE_UNICODE 0x0001
	108	#define NTLM_NEGOTIATE_ASCII 0x0002
	109	#define NTLM_NEGOTIATE_REQUEST_TARGET 0x0004
	110	#define NTLM_NEGOTIATE_REQUEST_SIGN 0x0010
	111	#define NTLM_NEGOTIATE_REQUEST_SEAL 0x0020
	112	#define NTLM_NEGOTIATE_DATAGRAM_STYLE 0x0040
	113	#define NTLM_NEGOTIATE_USE_LM 0x0080
	114	#define NTLM_NEGOTIATE_USE_NETWARE 0x0100
	115	#define NTLM_NEGOTIATE_USE_NTLM 0x0200
	116	#define NTLM_NEGOTIATE_DOMAIN_SUPPLIED 0x1000
	117	#define NTLM_NEGOTIATE_WORKSTATION_SUPPLIED 0x2000
	118	#define NTLM_NEGOTIATE_THIS_IS_LOCAL_CALL 0x4000
	119	#define NTLM_NEGOTIATE_ALWAYS_SIGN 0x8000
75aa769b	120
f53969cc SM	121	/** Negotiation request sent by client */
	122	typedef struct _ntlm_negotiate {
	123	ntlmhdr hdr; /*< "NTLMSSP" , LSWAP(0x1) /
	124	uint32_t flags; /*< Request flags /
	125	strhdr domain; /*< Domain we wish to authenticate in /
	126	strhdr workstation; /*< Client workstation name /
	127	char payload[256]; /*< String data /
	128	} ntlm_negotiate;
94439e4e	129
f53969cc SM	130	/* ************************************************************************* */
	131	/* Challenge Packet structures and functions */
	132	/* ************************************************************************* */
75aa769b AJ	133
	134	#define NTLM_NONCE_LEN 8
	135
f53969cc	136	/* challenge request flags */
1dcf61eb AJ	137	#define NTLM_CHALLENGE_TARGET_IS_DOMAIN 0x10000
	138	#define NTLM_CHALLENGE_TARGET_IS_SERVER 0x20000
	139	#define NTLM_CHALLENGE_TARGET_IS_SHARE 0x40000
75aa769b	140
f53969cc SM	141	/** Challenge request sent by server. */
	142	typedef struct _ntlm_challenge {
	143	ntlmhdr hdr; /*< "NTLMSSP" , LSWAP(0x2) /
	144	strhdr target; /*< Authentication target (domain/server ...) /
	145	uint32_t flags; /*< Request flags /
	146	u_char challenge[NTLM_NONCE_LEN]; /*< Challenge string /
	147	uint32_t context_low; /*< LS part of the server context handle /
	148	uint32_t context_high; /*< MS part of the server context handle /
	149	char payload[256]; /*< String data /
	150	} ntlm_challenge;
	151
	152	/* Size of the ntlm_challenge structures formatted fields (excluding payload) */
	153	#define NTLM_CHALLENGE_HEADER_OFFSET (sizeof(ntlm_challenge)-256)
	154
	155	/** Generate a challenge request nonce. */
	156	void ntlm_make_nonce(char *nonce);
	157
	158	/** Generate a challenge request Blob to be sent to the client.
	159	* Will silently truncate the domain value at 2^16-1 bytes if larger.
	160	*/
	161	void ntlm_make_challenge(ntlm_challenge *ch,
	162	const char *domain,
	163	const char *domain_controller,
	164	const char *challenge_nonce,
	165	const int challenge_nonce_len,
	166	const uint32_t flags);
	167
	168	/* ************************************************************************* */
	169	/* Authenticate Packet structures and functions */
	170	/* ************************************************************************* */
	171
	172	/** Authentication request sent by client in response to challenge */
	173	typedef struct _ntlm_authenticate {
	174	ntlmhdr hdr; /*< "NTLMSSP" , LSWAP(0x3) /
	175	strhdr lmresponse; /*< LANMAN challenge response /
	176	strhdr ntresponse; /*< NT challenge response /
	177	strhdr domain; /*< Domain to authenticate against /
	178	strhdr user; /*< Username /
	179	strhdr workstation; /*< Workstation name /
	180	strhdr sessionkey; /*< Session key for server's use /
	181	uint32_t flags; /*< Request flags /
	182	char payload[256 * 6]; /*< String data /
	183	} ntlm_authenticate;
	184
	185	/** Unpack username and domain out of a packet payload. */
	186	int ntlm_unpack_auth(const ntlm_authenticate *auth,
	187	char *user,
	188	char *domain,
	189	const int32_t size);
75aa769b	190
75aa769b AJ	191	#if __cplusplus
	192	}
	193	#endif
94439e4e	194
b5638623	195	#endif /* SQUID_NTLMAUTH_H */
f53969cc	196