search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s3:auth_winbind: ignore a missing winbindd as NT4 PDC/BDC without trusts
[Samba.git] / librpc / idl / ntlmssp.idl
blob4799066d7c4af00c4ae44510687561c4dbf4e327
1 #include "idl_types.h"
2
3 import "security.idl";
4
5 /*
6 ntlmssp interface definition
7 */
8
9 [
10 pointer_default(unique),
11 helper("../librpc/ndr/ndr_ntlmssp.h"),
12 helpstring("NTLM messages"),
13 uuid("6e746c6d-7373-700a-0000-00000000")
14 ]
15 interface ntlmssp
16 {
17 typedef [v1_enum] enum {
18 NtLmNegotiate = 0x00000001,
19 NtLmChallenge = 0x00000002,
20 NtLmAuthenticate = 0x00000003
21 } ntlmssp_MessageType;
22
23 /* [MS-NLMP] 2.2.2.5 NEGOTIATE */
24
25 typedef [bitmap32bit] bitmap {
26 NTLMSSP_NEGOTIATE_UNICODE = 0x00000001,
27 NTLMSSP_NEGOTIATE_OEM = 0x00000002, /* NTLM_NEGOTIATE_OEM in MS-NLMP */
28 NTLMSSP_REQUEST_TARGET = 0x00000004,
29 NTLMSSP_NEGOTIATE_SIGN = 0x00000010, /* Message integrity */
30 NTLMSSP_NEGOTIATE_SEAL = 0x00000020, /* Message confidentiality */
31 NTLMSSP_NEGOTIATE_DATAGRAM = 0x00000040,
32 NTLMSSP_NEGOTIATE_LM_KEY = 0x00000080,
33 NTLMSSP_NEGOTIATE_NETWARE = 0x00000100, /* not mentioned in MS-NLMP */
34 NTLMSSP_NEGOTIATE_NTLM = 0x00000200,
35 NTLMSSP_NEGOTIATE_NT_ONLY = 0x00000400,
36 NTLMSSP_ANONYMOUS = 0x00000800, /* no symbol name in MS-NLMP */
37 NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED = 0x00001000,
38 NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED = 0x00002000,
39 NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL = 0x00004000, /* not mentioned in MS-NLMP */
40 NTLMSSP_NEGOTIATE_ALWAYS_SIGN = 0x00008000,
41 NTLMSSP_TARGET_TYPE_DOMAIN = 0x00010000,
42 NTLMSSP_TARGET_TYPE_SERVER = 0x00020000,
43 NTLMSSP_TARGET_TYPE_SHARE = 0x00040000,
44 NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY = 0x00080000,
45 NTLMSSP_NEGOTIATE_IDENTIFY = 0x00100000,
46 NTLMSSP_REQUEST_NON_NT_SESSION_KEY = 0x00400000,
47 NTLMSSP_NEGOTIATE_TARGET_INFO = 0x00800000,
48 NTLMSSP_NEGOTIATE_VERSION = 0x02000000,
49 NTLMSSP_NEGOTIATE_128 = 0x20000000, /* 128-bit encryption */
50 NTLMSSP_NEGOTIATE_KEY_EXCH = 0x40000000,
51 NTLMSSP_NEGOTIATE_56 = 0x80000000
52 } NEGOTIATE;
53
54 /* convenience mapping */
55 const int NTLMSSP_NEGOTIATE_NTLM2 = NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY;
56
57 /*
58 NTLMSSP_WINDOWS_MAJOR_VERSION_5: Windows XP SP2 and Server 2003
59 NTLMSSP_WINDOWS_MAJOR_VERSION_6: Windows Vista, Server 2008, 7, Server 2008 R2, 8, Server 2012, 8.1, Server 2012 R2
60 NTLMSSP_WINDOWS_MAJOR_VERSION_10: Windows 10, Windows Server 2016 Technical Preview
61 */
62
63 typedef [enum8bit] enum {
64 NTLMSSP_WINDOWS_MAJOR_VERSION_5 = 0x05,
65 NTLMSSP_WINDOWS_MAJOR_VERSION_6 = 0x06,
66 NTLMSSP_WINDOWS_MAJOR_VERSION_10 = 0x0A
67 } ntlmssp_WindowsMajorVersion;
68
69 /*
70 NTLMSSP_WINDOWS_MINOR_VERSION_0: Windows Vista, 10, Server 2016 Technical Preview
71 NTLMSSP_WINDOWS_MINOR_VERSION_1: Windows XP SP2, 7, Server 2008 R2
72 NTLMSSP_WINDOWS_MINOR_VERSION_2: Windows Server 2003, 8, Server 2012
73 NTLMSSP_WINDOWS_MINOR_VERSION_3: Windows 8.1, Server 2012 R2
74 */
75
76 typedef [enum8bit] enum {
77 NTLMSSP_WINDOWS_MINOR_VERSION_0 = 0x00,
78 NTLMSSP_WINDOWS_MINOR_VERSION_1 = 0x01,
79 NTLMSSP_WINDOWS_MINOR_VERSION_2 = 0x02,
80 NTLMSSP_WINDOWS_MINOR_VERSION_3 = 0x03
81 } ntlmssp_WindowsMinorVersion;
82
83 /*
84 NTLMSSP_REVISION_W2K3_RC1:
85 NTLMSSP_REVISION_W2K3: Windows XP SP2, Server 2003, Vista, Server 2008, 7, Server 2008 R2
86 */
87
88 typedef [enum8bit] enum {
89 NTLMSSP_REVISION_W2K3_RC1 = 0x0A,
90 NTLMSSP_REVISION_W2K3 = 0x0F
91 } ntlmssp_NTLMRevisionCurrent;
92
93 /* [MS-NLMP] 2.2.2.10 VERSION */
94
95 typedef [public] struct {
96 ntlmssp_WindowsMajorVersion ProductMajorVersion;
97 ntlmssp_WindowsMinorVersion ProductMinorVersion;
98 uint16 ProductBuild;
99 uint8 Reserved[3];
100 ntlmssp_NTLMRevisionCurrent NTLMRevisionCurrent;
101 } ntlmssp_VERSION;
102
103 typedef [noprint,nodiscriminant] union {
104 [case(NTLMSSP_NEGOTIATE_VERSION)] ntlmssp_VERSION version;
105 [default];
106 } ntlmssp_Version;
107
108 /* [MS-NLMP] 2.2.1.1 NEGOTIATE_MESSAGE */
109
110 typedef [public] struct {
111 [charset(DOS),value("NTLMSSP")] uint8 Signature[8];
112 [value(NtLmNegotiate)] ntlmssp_MessageType MessageType;
113 NEGOTIATE NegotiateFlags;
114 [value(DomainName ? strlen(DomainName) : 0)] uint16 DomainNameLen;
115 [value(DomainNameLen)] uint16 DomainNameMaxLen;
116 [relative] [subcontext(0),subcontext_size(DomainNameLen)] [flag(ndr_ntlmssp_negotiated_string_flags(NTLMSSP_NEGOTIATE_OEM))] string *DomainName;
117 [value(Workstation ? strlen(Workstation) : 0)] uint16 WorkstationLen;
118 [value(WorkstationLen)] uint16 WorkstationMaxLen;
119 [relative] [subcontext(0),subcontext_size(WorkstationLen)] [flag(ndr_ntlmssp_negotiated_string_flags(NTLMSSP_NEGOTIATE_OEM))] string *Workstation;
120 [switch_is(NegotiateFlags & NTLMSSP_NEGOTIATE_VERSION)] ntlmssp_Version Version;
121 } NEGOTIATE_MESSAGE;
122
123 typedef enum {
124 MsvAvEOL = 0,
125 MsvAvNbComputerName = 1,
126 MsvAvNbDomainName = 2,
127 MsvAvDnsComputerName = 3,
128 MsvAvDnsDomainName = 4,
129 MsvAvDnsTreeName = 5,
130 MsvAvFlags = 6,
131 MsvAvTimestamp = 7,
132 MsvAvSingleHost = 8,
133 MsvAvTargetName = 9,
134 MsvChannelBindings = 10
135 } ntlmssp_AvId;
136
137 /* [MS-NLMP] 2.2.2.2 SingleHostData */
138
139 typedef [flag(NDR_PAHEX)] struct {
140 [value(8+ndr_size_LSAP_TOKEN_INFO_INTEGRITY(&r->token_info, 0)+r->remaining.length)] uint32 Size;
141 [value(0)] uint32 Z4;
142 LSAP_TOKEN_INFO_INTEGRITY token_info;
143 [flag(NDR_REMAINING)] DATA_BLOB remaining;
144 } ntlmssp_SingleHostData;
145
146 typedef [bitmap32bit] bitmap {
147 NTLMSSP_AVFLAG_CONSTRAINTED_ACCOUNT = 0x00000001,
148 NTLMSSP_AVFLAG_MIC_IN_AUTHENTICATE_MESSAGE = 0x00000002,
149 NTLMSSP_AVFLAG_TARGET_SPN_FROM_UNTRUSTED_SOURCE = 0x00000004
150 } ntlmssp_AvFlags;
151
152 typedef [gensize,nodiscriminant,flag(NDR_NOALIGN)] union {
153 [case(MsvAvEOL)] ;
154 [case(MsvAvNbComputerName)] [flag(ndr_ntlmssp_negotiated_string_flags(NTLMSSP_NEGOTIATE_UNICODE))] string AvNbComputerName;
155 [case(MsvAvNbDomainName)] [flag(ndr_ntlmssp_negotiated_string_flags(NTLMSSP_NEGOTIATE_UNICODE))] string AvNbDomainName;
156 [case(MsvAvDnsComputerName)] [flag(ndr_ntlmssp_negotiated_string_flags(NTLMSSP_NEGOTIATE_UNICODE))] string AvDnsComputerName;
157 [case(MsvAvDnsDomainName)] [flag(ndr_ntlmssp_negotiated_string_flags(NTLMSSP_NEGOTIATE_UNICODE))] string AvDnsDomainName;
158 [case(MsvAvDnsTreeName)] [flag(ndr_ntlmssp_negotiated_string_flags(NTLMSSP_NEGOTIATE_UNICODE))] string AvDnsTreeName;
159 [case(MsvAvFlags)] ntlmssp_AvFlags AvFlags;
160 [case(MsvAvTimestamp)] NTTIME AvTimestamp;
161 [case(MsvAvSingleHost)] ntlmssp_SingleHostData AvSingleHost;
162 [case(MsvAvTargetName)] [flag(ndr_ntlmssp_negotiated_string_flags(NTLMSSP_NEGOTIATE_UNICODE))] string AvTargetName;
163 [case(MsvChannelBindings)] uint8 ChannelBindings[16];
164 [default] [flag(NDR_REMAINING)] DATA_BLOB blob;
165 } ntlmssp_AvValue;
166
167 /* [MS-NLMP] 2.2.2.1 AV_PAIR */
168
169 typedef [public,flag(NDR_NOALIGN)] struct {
170 ntlmssp_AvId AvId;
171 [value(ndr_size_ntlmssp_AvValue(&r->Value, r->AvId, 0))] uint16 AvLen;
172 [subcontext(0),subcontext_size(AvLen),switch_is(AvId)] ntlmssp_AvValue Value;
173 } AV_PAIR;
174
175 typedef [public,gensize,nopush,nopull,flag(NDR_NOALIGN)] struct {
176 uint32 count;
177 AV_PAIR pair[count];
178 } AV_PAIR_LIST;
179
180 /* [MS-NLMP] 2.2.1.2 CHALLENGE_MESSAGE */
181
182 typedef [public,flag(NDR_PAHEX)] struct {
183 [charset(DOS),value("NTLMSSP")] uint8 Signature[8];
184 [value(NtLmChallenge)] ntlmssp_MessageType MessageType;
185 [value(ndr_ntlmssp_string_length(NegotiateFlags, TargetName))] uint16 TargetNameLen;
186 [value(TargetNameLen)] uint16 TargetNameMaxLen;
187 [relative] [subcontext(0),subcontext_size(TargetNameLen)] [flag(ndr_ntlmssp_negotiated_string_flags(r->NegotiateFlags))] string *TargetName;
188 NEGOTIATE NegotiateFlags;
189 uint8 ServerChallenge[8];
190 uint8 Reserved[8];
191 [value(ndr_size_AV_PAIR_LIST(TargetInfo, ndr->flags))] uint16 TargetInfoLen;
192 [value(TargetInfoLen)] uint16 TargetInfoMaxLen;
193 [relative] [subcontext(0),subcontext_size(TargetInfoLen)] AV_PAIR_LIST *TargetInfo;
194 [switch_is(NegotiateFlags & NTLMSSP_NEGOTIATE_VERSION)] ntlmssp_Version Version;
195 } CHALLENGE_MESSAGE;
196
197 /* [MS-NLMP] 2.2.2.3 LM_RESPONSE */
198
199 typedef [public,flag(NDR_PAHEX)] struct {
200 uint8 Response[24];
201 } LM_RESPONSE;
202
203 /* [MS-NLMP] 2.2.2.4 LMv2_RESPONSE */
204
205 typedef [public,flag(NDR_PAHEX)] struct {
206 uint8 Response[16];
207 uint8 ChallengeFromClient[8];
208 } LMv2_RESPONSE;
209
210 typedef [nodiscriminant] union {
211 [case(24)] LM_RESPONSE v1;
212 [default];
213 } ntlmssp_LM_RESPONSE_with_len;
214
215 /* [MS-NLMP] 2.2.2.6 NTLM_RESPONSE */
216
217 typedef [public,flag(NDR_PAHEX)] struct {
218 uint8 Response[24];
219 } NTLM_RESPONSE;
220
221 /* [MS-NLMP] 2.2.2.7 NTLMv2_CLIENT_CHALLENGE */
222
223 typedef [flag(NDR_PAHEX)] struct {
224 [value(1)] uint8 RespType;
225 [value(1)] uint8 HiRespType;
226 uint16 Reserved1;
227 uint32 Reserved2;
228 NTTIME TimeStamp;
229 uint8 ChallengeFromClient[8];
230 uint32 Reserved3;
231 [subcontext(0)] [flag(NDR_REMAINING)] AV_PAIR_LIST AvPairs;
232 } NTLMv2_CLIENT_CHALLENGE;
233
234 /* [MS-NLMP] 2.2.2.8 NTLMv2_RESPONSE */
235
236 typedef [public,flag(NDR_PAHEX)] struct {
237 uint8 Response[16];
238 NTLMv2_CLIENT_CHALLENGE Challenge;
239 } NTLMv2_RESPONSE;
240
241 typedef [public,nodiscriminant] union {
242 [case(0)] ;
243 [case(0x18)] NTLM_RESPONSE v1;
244 [default] NTLMv2_RESPONSE v2;
245 } ntlmssp_NTLM_RESPONSE_with_len;
246
247 const int NTLMSSP_MIC_OFFSET = 72;
248 const int NTLMSSP_MIC_SIZE = 16;
249
250 typedef [flag(NDR_PAHEX)] struct {
251 uint8 MIC[NTLMSSP_MIC_SIZE];
252 } ntlmssp_MIC;
253
254 /* [MS-NLMP] 2.2.1.3 AUTHENTICATE_MESSAGE */
255
256 typedef [public,flag(NDR_REMAINING)] struct {
257 [charset(DOS),value("NTLMSSP")] uint8 Signature[8];
258 [value(NtLmAuthenticate)] ntlmssp_MessageType MessageType;
259 uint16 LmChallengeResponseLen;
260 [value(LmChallengeResponseLen)] uint16 LmChallengeResponseMaxLen;
261 [relative] [subcontext(0),subcontext_size(LmChallengeResponseLen),switch_is(LmChallengeResponseLen)] ntlmssp_LM_RESPONSE_with_len *LmChallengeResponse;
262 uint16 NtChallengeResponseLen;
263 [value(NtChallengeResponseLen)] uint16 NtChallengeResponseMaxLen;
264 [relative] [subcontext(0),subcontext_size(NtChallengeResponseMaxLen),switch_is(NtChallengeResponseLen)] ntlmssp_NTLM_RESPONSE_with_len *NtChallengeResponse;
265 [value(ndr_ntlmssp_string_length(NegotiateFlags, DomainName))] uint16 DomainNameLen;
266 [value(DomainNameLen)] uint16 DomainNameMaxLen;
267 [relative] [subcontext(0),subcontext_size(DomainNameLen)] [flag(ndr_ntlmssp_negotiated_string_flags(r->NegotiateFlags))] string *DomainName;
268 [value(ndr_ntlmssp_string_length(NegotiateFlags, UserName))] uint16 UserNameLen;
269 [value(UserNameLen)] uint16 UserNameMaxLen;
270 [relative] [subcontext(0),subcontext_size(UserNameLen)] [flag(ndr_ntlmssp_negotiated_string_flags(r->NegotiateFlags))] string *UserName;
271 [value(ndr_ntlmssp_string_length(NegotiateFlags, Workstation))] uint16 WorkstationLen;
272 [value(WorkstationLen)] uint16 WorkstationMaxLen;
273 [relative] [subcontext(0),subcontext_size(WorkstationLen)] [flag(ndr_ntlmssp_negotiated_string_flags(r->NegotiateFlags))] string *Workstation;
274 [value(EncryptedRandomSessionKey->length)] uint16 EncryptedRandomSessionKeyLen;
275 [value(EncryptedRandomSessionKeyLen)] uint16 EncryptedRandomSessionKeyMaxLen;
276 [relative] [subcontext(0),subcontext_size(EncryptedRandomSessionKeyLen)] DATA_BLOB *EncryptedRandomSessionKey;
277 NEGOTIATE NegotiateFlags;
278 [switch_is(NegotiateFlags & NTLMSSP_NEGOTIATE_VERSION)] ntlmssp_Version Version;
279 /* MIC (Message Integrity) is only included when the client has
280 * sent a timestap Av struct in the CHALLENGE_MESSAGE AvPair */
281 /* [flag(NDR_REMAINING)] ntlmssp_MIC mic; */
282 } AUTHENTICATE_MESSAGE;
283
284 /* NTLMSSP signature version */
285 const int NTLMSSP_SIGN_VERSION = 0x01;
286
287 /* NTLMSSP signature size */
288 const int NTLMSSP_SIG_SIZE = 16;
289
290 /* [MS-NLMP] 2.2.2.9.1 NTLMSSP_MESSAGE_SIGNATURE */
291
292 typedef [public] struct {
293 [value(NTLMSSP_SIGN_VERSION)] uint32 Version;
294 uint32 RandomPad;
295 uint32 Checksum;
296 uint32 SeqNum;
297 } NTLMSSP_MESSAGE_SIGNATURE;
298
299 /* [MS-NLMP] 2.2.2.9.2 NTLMSSP_MESSAGE_SIGNATURE for Extended Session Security */
300
301 typedef [public,flag(NDR_PAHEX)] struct {
302 [value(NTLMSSP_SIGN_VERSION)] uint32 Version;
303 uint8 Checksum[8];
304 uint32 SeqNum;
305 } NTLMSSP_MESSAGE_SIGNATURE_NTLMv2;
306
307 /* some ndrdump helpers */
308
309 void decode_NEGOTIATE_MESSAGE(
310 [in] NEGOTIATE_MESSAGE negotiate
311 );
312
313 void decode_CHALLENGE_MESSAGE(
314 [in] CHALLENGE_MESSAGE challenge
315 );
316
317 void decode_AUTHENTICATE_MESSAGE(
318 [in] AUTHENTICATE_MESSAGE authenticate
319 );
320
321 void decode_NTLMv2_CLIENT_CHALLENGE(
322 [in] NTLMv2_CLIENT_CHALLENGE challenge
323 );
324
325 void decode_NTLMv2_RESPONSE(
326 [in] NTLMv2_RESPONSE response
327 );
328
329 }
Samba GIT mirror