]>
Commit | Line | Data |
---|---|---|
94439e4e | 1 | /* |
9c89cd13 | 2 | * Copyright (C) 1996-2014 The Squid Software Foundation and contributors |
94439e4e | 3 | * |
9c89cd13 AJ |
4 | * Squid software is distributed under GPLv2+ license and includes |
5 | * contributions from numerous individuals and organizations. | |
6 | * Please see the COPYING and CONTRIBUTORS files for details. | |
94439e4e | 7 | */ |
8 | ||
b5638623 | 9 | #ifndef SQUID_NTLMAUTH_H |
10 | #define SQUID_NTLMAUTH_H | |
94439e4e | 11 | |
dac46b89 | 12 | /* NP: All of this cruft is little endian */ |
5fc112ea AJ |
13 | /* Endian functions are usualy handled by the OS but not always. */ |
14 | #include "ntlmauth/support_endian.h" | |
77d6bd88 | 15 | |
75aa769b AJ |
16 | #ifdef __cplusplus |
17 | extern "C" { | |
18 | #endif | |
19 | ||
f53969cc SM |
20 | /* Used internally. Microsoft seems to think this is right, I believe them. |
21 | * Right. */ | |
22 | #define NTLM_MAX_FIELD_LENGTH 300 /* max length of an NTLMSSP field */ | |
94439e4e | 23 | |
f53969cc | 24 | /* max length of the BLOB data. (and helper input/output buffer) */ |
1dcf61eb | 25 | #define NTLM_BLOB_BUFFER_SIZE 10240 |
94439e4e | 26 | |
f53969cc | 27 | /* Here start the NTLMSSP definitions */ |
94439e4e | 28 | |
f53969cc | 29 | /* these are marked as "extra" fields */ |
1dcf61eb AJ |
30 | #define NTLM_REQUEST_INIT_RESPONSE 0x100000 |
31 | #define NTLM_REQUEST_ACCEPT_RESPONSE 0x200000 | |
32 | #define NTLM_REQUEST_NON_NT_SESSION_KEY 0x400000 | |
33 | ||
f53969cc | 34 | /* NTLM error codes */ |
1dcf61eb AJ |
35 | #define NTLM_ERR_INTERNAL -3 |
36 | #define NTLM_ERR_BLOB -2 | |
37 | #define NTLM_ERR_BAD_PROTOCOL -1 | |
38 | #define NTLM_ERR_NONE 0 /* aka. SMBLM_ERR_NONE */ | |
f53969cc | 39 | /* codes used by smb_lm helper */ |
1dcf61eb AJ |
40 | #define NTLM_ERR_SERVER 1 /* aka. SMBLM_ERR_SERVER */ |
41 | #define NTLM_ERR_PROTOCOL 2 /* aka. SMBLM_ERR_PROTOCOL */ | |
42 | #define NTLM_ERR_LOGON 3 /* aka. SMBLM_ERR_LOGON */ | |
43 | #define NTLM_ERR_UNTRUSTED_DOMAIN 4 | |
44 | #define NTLM_ERR_NOT_CONNECTED 10 | |
f53969cc | 45 | /* codes used by mswin_ntlmsspi helper */ |
1dcf61eb AJ |
46 | #define NTLM_SSPI_ERROR 1 |
47 | #define NTLM_BAD_NTGROUP 2 | |
48 | #define NTLM_BAD_REQUEST 3 | |
f53969cc SM |
49 | /* TODO: reduce the above codes down to one set non-overlapping. */ |
50 | ||
51 | /** String header. String data resides at the end of the request */ | |
52 | typedef struct _strhdr { | |
53 | int16_t len; /**< Length in bytes */ | |
54 | int16_t maxlen; /**< Allocated space in bytes */ | |
55 | int32_t offset; /**< Offset from start of request */ | |
56 | } strhdr; | |
57 | ||
58 | /** We use this to keep data/length couples. */ | |
59 | typedef struct _lstring { | |
60 | int32_t l; /**< length, -1 if empty */ | |
61 | char *str; /**< the string. NULL if not initialized */ | |
62 | } lstring; | |
63 | ||
64 | /** Debug dump the given flags field to stderr */ | |
65 | void ntlm_dump_ntlmssp_flags(const uint32_t flags); | |
66 | ||
67 | /* ************************************************************************* */ | |
68 | /* Packet and Payload structures and handling functions */ | |
69 | /* ************************************************************************* */ | |
70 | ||
71 | /* NTLM request types that we know about */ | |
72 | #define NTLM_ANY 0 | |
73 | #define NTLM_NEGOTIATE 1 | |
74 | #define NTLM_CHALLENGE 2 | |
75 | #define NTLM_AUTHENTICATE 3 | |
76 | ||
77 | /** This is an header common to all packets, it's used to discriminate | |
78 | * among the different packet signature types. | |
79 | */ | |
80 | typedef struct _ntlmhdr { | |
81 | char signature[8]; /**< "NTLMSSP" */ | |
82 | int32_t type; /**< One of the NTLM_* types above. */ | |
83 | } ntlmhdr; | |
84 | ||
85 | /** Validate the packet type matches one we want. */ | |
86 | int ntlm_validate_packet(const ntlmhdr *packet, const int32_t type); | |
87 | ||
88 | /** Retrieve a string from the NTLM packet payload. */ | |
89 | lstring ntlm_fetch_string(const ntlmhdr *packet, | |
90 | const int32_t packet_length, | |
91 | const strhdr *str, | |
92 | const uint32_t flags); | |
93 | ||
94 | /** Append a string to the NTLM packet payload. */ | |
95 | void ntlm_add_to_payload(const ntlmhdr *packet_hdr, | |
96 | char *payload, | |
97 | int *payload_length, | |
98 | strhdr * hdr, | |
99 | const char *toadd, | |
100 | const uint16_t toadd_length); | |
101 | ||
102 | /* ************************************************************************* */ | |
103 | /* Negotiate Packet structures and functions */ | |
104 | /* ************************************************************************* */ | |
105 | ||
106 | /* negotiate request flags */ | |
1dcf61eb AJ |
107 | #define NTLM_NEGOTIATE_UNICODE 0x0001 |
108 | #define NTLM_NEGOTIATE_ASCII 0x0002 | |
109 | #define NTLM_NEGOTIATE_REQUEST_TARGET 0x0004 | |
110 | #define NTLM_NEGOTIATE_REQUEST_SIGN 0x0010 | |
111 | #define NTLM_NEGOTIATE_REQUEST_SEAL 0x0020 | |
112 | #define NTLM_NEGOTIATE_DATAGRAM_STYLE 0x0040 | |
113 | #define NTLM_NEGOTIATE_USE_LM 0x0080 | |
114 | #define NTLM_NEGOTIATE_USE_NETWARE 0x0100 | |
115 | #define NTLM_NEGOTIATE_USE_NTLM 0x0200 | |
116 | #define NTLM_NEGOTIATE_DOMAIN_SUPPLIED 0x1000 | |
117 | #define NTLM_NEGOTIATE_WORKSTATION_SUPPLIED 0x2000 | |
118 | #define NTLM_NEGOTIATE_THIS_IS_LOCAL_CALL 0x4000 | |
119 | #define NTLM_NEGOTIATE_ALWAYS_SIGN 0x8000 | |
75aa769b | 120 | |
f53969cc SM |
121 | /** Negotiation request sent by client */ |
122 | typedef struct _ntlm_negotiate { | |
123 | ntlmhdr hdr; /**< "NTLMSSP" , LSWAP(0x1) */ | |
124 | uint32_t flags; /**< Request flags */ | |
125 | strhdr domain; /**< Domain we wish to authenticate in */ | |
126 | strhdr workstation; /**< Client workstation name */ | |
127 | char payload[256]; /**< String data */ | |
128 | } ntlm_negotiate; | |
94439e4e | 129 | |
f53969cc SM |
130 | /* ************************************************************************* */ |
131 | /* Challenge Packet structures and functions */ | |
132 | /* ************************************************************************* */ | |
75aa769b AJ |
133 | |
134 | #define NTLM_NONCE_LEN 8 | |
135 | ||
f53969cc | 136 | /* challenge request flags */ |
1dcf61eb AJ |
137 | #define NTLM_CHALLENGE_TARGET_IS_DOMAIN 0x10000 |
138 | #define NTLM_CHALLENGE_TARGET_IS_SERVER 0x20000 | |
139 | #define NTLM_CHALLENGE_TARGET_IS_SHARE 0x40000 | |
75aa769b | 140 | |
f53969cc SM |
141 | /** Challenge request sent by server. */ |
142 | typedef struct _ntlm_challenge { | |
143 | ntlmhdr hdr; /**< "NTLMSSP" , LSWAP(0x2) */ | |
144 | strhdr target; /**< Authentication target (domain/server ...) */ | |
145 | uint32_t flags; /**< Request flags */ | |
146 | u_char challenge[NTLM_NONCE_LEN]; /**< Challenge string */ | |
147 | uint32_t context_low; /**< LS part of the server context handle */ | |
148 | uint32_t context_high; /**< MS part of the server context handle */ | |
149 | char payload[256]; /**< String data */ | |
150 | } ntlm_challenge; | |
151 | ||
152 | /* Size of the ntlm_challenge structures formatted fields (excluding payload) */ | |
153 | #define NTLM_CHALLENGE_HEADER_OFFSET (sizeof(ntlm_challenge)-256) | |
154 | ||
155 | /** Generate a challenge request nonce. */ | |
156 | void ntlm_make_nonce(char *nonce); | |
157 | ||
158 | /** Generate a challenge request Blob to be sent to the client. | |
159 | * Will silently truncate the domain value at 2^16-1 bytes if larger. | |
160 | */ | |
161 | void ntlm_make_challenge(ntlm_challenge *ch, | |
162 | const char *domain, | |
163 | const char *domain_controller, | |
164 | const char *challenge_nonce, | |
165 | const int challenge_nonce_len, | |
166 | const uint32_t flags); | |
167 | ||
168 | /* ************************************************************************* */ | |
169 | /* Authenticate Packet structures and functions */ | |
170 | /* ************************************************************************* */ | |
171 | ||
172 | /** Authentication request sent by client in response to challenge */ | |
173 | typedef struct _ntlm_authenticate { | |
174 | ntlmhdr hdr; /**< "NTLMSSP" , LSWAP(0x3) */ | |
175 | strhdr lmresponse; /**< LANMAN challenge response */ | |
176 | strhdr ntresponse; /**< NT challenge response */ | |
177 | strhdr domain; /**< Domain to authenticate against */ | |
178 | strhdr user; /**< Username */ | |
179 | strhdr workstation; /**< Workstation name */ | |
180 | strhdr sessionkey; /**< Session key for server's use */ | |
181 | uint32_t flags; /**< Request flags */ | |
182 | char payload[256 * 6]; /**< String data */ | |
183 | } ntlm_authenticate; | |
184 | ||
185 | /** Unpack username and domain out of a packet payload. */ | |
186 | int ntlm_unpack_auth(const ntlm_authenticate *auth, | |
187 | char *user, | |
188 | char *domain, | |
189 | const int32_t size); | |
75aa769b | 190 | |
75aa769b AJ |
191 | #if __cplusplus |
192 | } | |
193 | #endif | |
94439e4e | 194 | |
b5638623 | 195 | #endif /* SQUID_NTLMAUTH_H */ |
f53969cc | 196 |