]>
git.ipfire.org Git - thirdparty/squid.git/blob - lib/ntlmauth/ntlmauth.h
2 * Copyright (C) 1996-2021 The Squid Software Foundation and contributors
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
9 #ifndef SQUID_NTLMAUTH_H
10 #define SQUID_NTLMAUTH_H
12 /* NP: All of this cruft is little endian */
13 /* Endian functions are usually handled by the OS but not always. */
14 #include "ntlmauth/support_endian.h"
20 /* Used internally. Microsoft seems to think this is right, I believe them.
22 #define NTLM_MAX_FIELD_LENGTH 300 /* max length of an NTLMSSP field */
24 /* max length of the BLOB data. (and helper input/output buffer) */
25 #define NTLM_BLOB_BUFFER_SIZE 10240
27 /* Here start the NTLMSSP definitions */
29 /* these are marked as "extra" fields */
30 #define NTLM_REQUEST_INIT_RESPONSE 0x100000
31 #define NTLM_REQUEST_ACCEPT_RESPONSE 0x200000
32 #define NTLM_REQUEST_NON_NT_SESSION_KEY 0x400000
34 /* NTLM error codes */
35 #define NTLM_ERR_INTERNAL -3
36 #define NTLM_ERR_BLOB -2
37 #define NTLM_ERR_BAD_PROTOCOL -1
38 #define NTLM_ERR_NONE 0 /* aka. SMBLM_ERR_NONE */
39 /* codes used by smb_lm helper */
40 #define NTLM_ERR_SERVER 1 /* aka. SMBLM_ERR_SERVER */
41 #define NTLM_ERR_PROTOCOL 2 /* aka. SMBLM_ERR_PROTOCOL */
42 #define NTLM_ERR_LOGON 3 /* aka. SMBLM_ERR_LOGON */
43 #define NTLM_ERR_UNTRUSTED_DOMAIN 4
44 #define NTLM_ERR_NOT_CONNECTED 10
45 /* codes used by mswin_ntlmsspi helper */
46 #define NTLM_SSPI_ERROR 1
47 #define NTLM_BAD_NTGROUP 2
48 #define NTLM_BAD_REQUEST 3
49 /* TODO: reduce the above codes down to one set non-overlapping. */
51 /** String header. String data resides at the end of the request */
52 typedef struct _strhdr
{
53 int16_t len
; /**< Length in bytes */
54 int16_t maxlen
; /**< Allocated space in bytes */
55 int32_t offset
; /**< Offset from start of request */
58 /** We use this to keep data/length couples. */
59 typedef struct _lstring
{
60 int32_t l
; /**< length, -1 if empty */
61 char *str
; /**< the string. NULL if not initialized */
64 /** Debug dump the given flags field to stderr */
65 void ntlm_dump_ntlmssp_flags(const uint32_t flags
);
67 /* ************************************************************************* */
68 /* Packet and Payload structures and handling functions */
69 /* ************************************************************************* */
71 /* NTLM request types that we know about */
73 #define NTLM_NEGOTIATE 1
74 #define NTLM_CHALLENGE 2
75 #define NTLM_AUTHENTICATE 3
77 /** This is an header common to all packets, it's used to discriminate
78 * among the different packet signature types.
80 typedef struct _ntlmhdr
{
81 char signature
[8]; /**< "NTLMSSP" */
82 int32_t type
; /**< One of the NTLM_* types above. */
85 /** Validate the packet type matches one we want. */
86 int ntlm_validate_packet(const ntlmhdr
*packet
, const int32_t type
);
88 /** Retrieve a string from the NTLM packet payload. */
89 lstring
ntlm_fetch_string(const ntlmhdr
*packet
,
90 const int32_t packet_length
,
92 const uint32_t flags
);
94 /** Append a string to the NTLM packet payload. */
95 void ntlm_add_to_payload(const ntlmhdr
*packet_hdr
,
100 const uint16_t toadd_length
);
102 /* ************************************************************************* */
103 /* Negotiate Packet structures and functions */
104 /* ************************************************************************* */
106 /* negotiate request flags */
107 #define NTLM_NEGOTIATE_UNICODE 0x0001
108 #define NTLM_NEGOTIATE_ASCII 0x0002
109 #define NTLM_NEGOTIATE_REQUEST_TARGET 0x0004
110 #define NTLM_NEGOTIATE_REQUEST_SIGN 0x0010
111 #define NTLM_NEGOTIATE_REQUEST_SEAL 0x0020
112 #define NTLM_NEGOTIATE_DATAGRAM_STYLE 0x0040
113 #define NTLM_NEGOTIATE_USE_LM 0x0080
114 #define NTLM_NEGOTIATE_USE_NETWARE 0x0100
115 #define NTLM_NEGOTIATE_USE_NTLM 0x0200
116 #define NTLM_NEGOTIATE_DOMAIN_SUPPLIED 0x1000
117 #define NTLM_NEGOTIATE_WORKSTATION_SUPPLIED 0x2000
118 #define NTLM_NEGOTIATE_THIS_IS_LOCAL_CALL 0x4000
119 #define NTLM_NEGOTIATE_ALWAYS_SIGN 0x8000
121 /** Negotiation request sent by client */
122 typedef struct _ntlm_negotiate
{
123 ntlmhdr hdr
; /**< "NTLMSSP" , LSWAP(0x1) */
124 uint32_t flags
; /**< Request flags */
125 strhdr domain
; /**< Domain we wish to authenticate in */
126 strhdr workstation
; /**< Client workstation name */
127 char payload
[256]; /**< String data */
130 /* ************************************************************************* */
131 /* Challenge Packet structures and functions */
132 /* ************************************************************************* */
134 #define NTLM_NONCE_LEN 8
136 /* challenge request flags */
137 #define NTLM_CHALLENGE_TARGET_IS_DOMAIN 0x10000
138 #define NTLM_CHALLENGE_TARGET_IS_SERVER 0x20000
139 #define NTLM_CHALLENGE_TARGET_IS_SHARE 0x40000
141 /** Challenge request sent by server. */
142 typedef struct _ntlm_challenge
{
143 ntlmhdr hdr
; /**< "NTLMSSP" , LSWAP(0x2) */
144 strhdr target
; /**< Authentication target (domain/server ...) */
145 uint32_t flags
; /**< Request flags */
146 u_char challenge
[NTLM_NONCE_LEN
]; /**< Challenge string */
147 uint32_t context_low
; /**< LS part of the server context handle */
148 uint32_t context_high
; /**< MS part of the server context handle */
149 char payload
[256]; /**< String data */
152 /* Size of the ntlm_challenge structures formatted fields (excluding payload) */
153 #define NTLM_CHALLENGE_HEADER_OFFSET (sizeof(ntlm_challenge)-256)
155 /** Generate a challenge request nonce. */
156 void ntlm_make_nonce(char *nonce
);
158 /** Generate a challenge request Blob to be sent to the client.
159 * Will silently truncate the domain value at 2^16-1 bytes if larger.
161 void ntlm_make_challenge(ntlm_challenge
*ch
,
163 const char *domain_controller
,
164 const char *challenge_nonce
,
165 const int challenge_nonce_len
,
166 const uint32_t flags
);
168 /* ************************************************************************* */
169 /* Authenticate Packet structures and functions */
170 /* ************************************************************************* */
172 /** Authentication request sent by client in response to challenge */
173 typedef struct _ntlm_authenticate
{
174 ntlmhdr hdr
; /**< "NTLMSSP" , LSWAP(0x3) */
175 strhdr lmresponse
; /**< LANMAN challenge response */
176 strhdr ntresponse
; /**< NT challenge response */
177 strhdr domain
; /**< Domain to authenticate against */
178 strhdr user
; /**< Username */
179 strhdr workstation
; /**< Workstation name */
180 strhdr sessionkey
; /**< Session key for server's use */
181 uint32_t flags
; /**< Request flags */
182 char payload
[256 * 6]; /**< String data */
185 /** Unpack username and domain out of a packet payload. */
186 int ntlm_unpack_auth(const ntlm_authenticate
*auth
,
195 #endif /* SQUID_NTLMAUTH_H */