]> git.ipfire.org Git - thirdparty/squid.git/blob - lib/ntlmauth/ntlmauth.h
projects / thirdparty / squid.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
SourceFormat Enforcement
[thirdparty/squid.git] / lib / ntlmauth / ntlmauth.h
1 /*
2 * Copyright (C) 1996-2014 The Squid Software Foundation and contributors
3 *
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
7 */
8
9 #ifndef SQUID_NTLMAUTH_H
10 #define SQUID_NTLMAUTH_H
11
12 /* NP: All of this cruft is little endian */
13 /* Endian functions are usualy handled by the OS but not always. */
14 #include "ntlmauth/support_endian.h"
15
16 #ifdef __cplusplus
17 extern "C" {
18 #endif
19
20 /* Used internally. Microsoft seems to think this is right, I believe them.
21 * Right. */
22 #define NTLM_MAX_FIELD_LENGTH 300 /* max length of an NTLMSSP field */
23
24 /* max length of the BLOB data. (and helper input/output buffer) */
25 #define NTLM_BLOB_BUFFER_SIZE 10240
26
27 /* Here start the NTLMSSP definitions */
28
29 /* these are marked as "extra" fields */
30 #define NTLM_REQUEST_INIT_RESPONSE 0x100000
31 #define NTLM_REQUEST_ACCEPT_RESPONSE 0x200000
32 #define NTLM_REQUEST_NON_NT_SESSION_KEY 0x400000
33
34 /* NTLM error codes */
35 #define NTLM_ERR_INTERNAL -3
36 #define NTLM_ERR_BLOB -2
37 #define NTLM_ERR_BAD_PROTOCOL -1
38 #define NTLM_ERR_NONE 0 /* aka. SMBLM_ERR_NONE */
39 /* codes used by smb_lm helper */
40 #define NTLM_ERR_SERVER 1 /* aka. SMBLM_ERR_SERVER */
41 #define NTLM_ERR_PROTOCOL 2 /* aka. SMBLM_ERR_PROTOCOL */
42 #define NTLM_ERR_LOGON 3 /* aka. SMBLM_ERR_LOGON */
43 #define NTLM_ERR_UNTRUSTED_DOMAIN 4
44 #define NTLM_ERR_NOT_CONNECTED 10
45 /* codes used by mswin_ntlmsspi helper */
46 #define NTLM_SSPI_ERROR 1
47 #define NTLM_BAD_NTGROUP 2
48 #define NTLM_BAD_REQUEST 3
49 /* TODO: reduce the above codes down to one set non-overlapping. */
50
51 /** String header. String data resides at the end of the request */
52 typedef struct _strhdr {
53 int16_t len; /**< Length in bytes */
54 int16_t maxlen; /**< Allocated space in bytes */
55 int32_t offset; /**< Offset from start of request */
56 } strhdr;
57
58 /** We use this to keep data/length couples. */
59 typedef struct _lstring {
60 int32_t l; /**< length, -1 if empty */
61 char *str; /**< the string. NULL if not initialized */
62 } lstring;
63
64 /** Debug dump the given flags field to stderr */
65 void ntlm_dump_ntlmssp_flags(const uint32_t flags);
66
67 /* ************************************************************************* */
68 /* Packet and Payload structures and handling functions */
69 /* ************************************************************************* */
70
71 /* NTLM request types that we know about */
72 #define NTLM_ANY 0
73 #define NTLM_NEGOTIATE 1
74 #define NTLM_CHALLENGE 2
75 #define NTLM_AUTHENTICATE 3
76
77 /** This is an header common to all packets, it's used to discriminate
78 * among the different packet signature types.
79 */
80 typedef struct _ntlmhdr {
81 char signature[8]; /**< "NTLMSSP" */
82 int32_t type; /**< One of the NTLM_* types above. */
83 } ntlmhdr;
84
85 /** Validate the packet type matches one we want. */
86 int ntlm_validate_packet(const ntlmhdr *packet, const int32_t type);
87
88 /** Retrieve a string from the NTLM packet payload. */
89 lstring ntlm_fetch_string(const ntlmhdr *packet,
90 const int32_t packet_length,
91 const strhdr *str,
92 const uint32_t flags);
93
94 /** Append a string to the NTLM packet payload. */
95 void ntlm_add_to_payload(const ntlmhdr *packet_hdr,
96 char *payload,
97 int *payload_length,
98 strhdr * hdr,
99 const char *toadd,
100 const uint16_t toadd_length);
101
102 /* ************************************************************************* */
103 /* Negotiate Packet structures and functions */
104 /* ************************************************************************* */
105
106 /* negotiate request flags */
107 #define NTLM_NEGOTIATE_UNICODE 0x0001
108 #define NTLM_NEGOTIATE_ASCII 0x0002
109 #define NTLM_NEGOTIATE_REQUEST_TARGET 0x0004
110 #define NTLM_NEGOTIATE_REQUEST_SIGN 0x0010
111 #define NTLM_NEGOTIATE_REQUEST_SEAL 0x0020
112 #define NTLM_NEGOTIATE_DATAGRAM_STYLE 0x0040
113 #define NTLM_NEGOTIATE_USE_LM 0x0080
114 #define NTLM_NEGOTIATE_USE_NETWARE 0x0100
115 #define NTLM_NEGOTIATE_USE_NTLM 0x0200
116 #define NTLM_NEGOTIATE_DOMAIN_SUPPLIED 0x1000
117 #define NTLM_NEGOTIATE_WORKSTATION_SUPPLIED 0x2000
118 #define NTLM_NEGOTIATE_THIS_IS_LOCAL_CALL 0x4000
119 #define NTLM_NEGOTIATE_ALWAYS_SIGN 0x8000
120
121 /** Negotiation request sent by client */
122 typedef struct _ntlm_negotiate {
123 ntlmhdr hdr; /**< "NTLMSSP" , LSWAP(0x1) */
124 uint32_t flags; /**< Request flags */
125 strhdr domain; /**< Domain we wish to authenticate in */
126 strhdr workstation; /**< Client workstation name */
127 char payload[256]; /**< String data */
128 } ntlm_negotiate;
129
130 /* ************************************************************************* */
131 /* Challenge Packet structures and functions */
132 /* ************************************************************************* */
133
134 #define NTLM_NONCE_LEN 8
135
136 /* challenge request flags */
137 #define NTLM_CHALLENGE_TARGET_IS_DOMAIN 0x10000
138 #define NTLM_CHALLENGE_TARGET_IS_SERVER 0x20000
139 #define NTLM_CHALLENGE_TARGET_IS_SHARE 0x40000
140
141 /** Challenge request sent by server. */
142 typedef struct _ntlm_challenge {
143 ntlmhdr hdr; /**< "NTLMSSP" , LSWAP(0x2) */
144 strhdr target; /**< Authentication target (domain/server ...) */
145 uint32_t flags; /**< Request flags */
146 u_char challenge[NTLM_NONCE_LEN]; /**< Challenge string */
147 uint32_t context_low; /**< LS part of the server context handle */
148 uint32_t context_high; /**< MS part of the server context handle */
149 char payload[256]; /**< String data */
150 } ntlm_challenge;
151
152 /* Size of the ntlm_challenge structures formatted fields (excluding payload) */
153 #define NTLM_CHALLENGE_HEADER_OFFSET (sizeof(ntlm_challenge)-256)
154
155 /** Generate a challenge request nonce. */
156 void ntlm_make_nonce(char *nonce);
157
158 /** Generate a challenge request Blob to be sent to the client.
159 * Will silently truncate the domain value at 2^16-1 bytes if larger.
160 */
161 void ntlm_make_challenge(ntlm_challenge *ch,
162 const char *domain,
163 const char *domain_controller,
164 const char *challenge_nonce,
165 const int challenge_nonce_len,
166 const uint32_t flags);
167
168 /* ************************************************************************* */
169 /* Authenticate Packet structures and functions */
170 /* ************************************************************************* */
171
172 /** Authentication request sent by client in response to challenge */
173 typedef struct _ntlm_authenticate {
174 ntlmhdr hdr; /**< "NTLMSSP" , LSWAP(0x3) */
175 strhdr lmresponse; /**< LANMAN challenge response */
176 strhdr ntresponse; /**< NT challenge response */
177 strhdr domain; /**< Domain to authenticate against */
178 strhdr user; /**< Username */
179 strhdr workstation; /**< Workstation name */
180 strhdr sessionkey; /**< Session key for server's use */
181 uint32_t flags; /**< Request flags */
182 char payload[256 * 6]; /**< String data */
183 } ntlm_authenticate;
184
185 /** Unpack username and domain out of a packet payload. */
186 int ntlm_unpack_auth(const ntlm_authenticate *auth,
187 char *user,
188 char *domain,
189 const int32_t size);
190
191 #if __cplusplus
192 }
193 #endif
194
195 #endif /* SQUID_NTLMAUTH_H */
196
Mirror of https://github.com/squid-cache/squid.git