source3/include/ntlmssp.h

   1 /*
   2    Unix SMB/CIFS implementation.
   3    SMB parameters and setup
   4    Copyright (C) Andrew Tridgell 1992-1997
   5    Copyright (C) Luke Kenneth Casson Leighton 1996-1997
   6    Copyright (C) Paul Ashton 1997
   7
   8    This program is free software; you can redistribute it and/or modify
   9    it under the terms of the GNU General Public License as published by
  10    the Free Software Foundation; either version 2 of the License, or
  11    (at your option) any later version.
  12
  13    This program is distributed in the hope that it will be useful,
  14    but WITHOUT ANY WARRANTY; without even the implied warranty of
  15    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  16    GNU General Public License for more details.
  17
  18    You should have received a copy of the GNU General Public License
  19    along with this program; if not, write to the Free Software
  20    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
  21 */
  22
  23 /* NTLMSSP mode */
  24 enum NTLMSSP_ROLE
  25 {
  26         NTLMSSP_SERVER,
  27         NTLMSSP_CLIENT
  28 };
  29
  30 /* NTLMSSP message types */
  31 enum NTLM_MESSAGE_TYPE
  32 {
  33         NTLMSSP_NEGOTIATE = 1,
  34         NTLMSSP_CHALLENGE = 2,
  35         NTLMSSP_AUTH      = 3,
  36         NTLMSSP_UNKNOWN   = 4
  37 };
  38
  39 /* NTLMSSP negotiation flags */
  40 #define NTLMSSP_NEGOTIATE_UNICODE          0x00000001
  41 #define NTLMSSP_NEGOTIATE_OEM              0x00000002
  42 #define NTLMSSP_REQUEST_TARGET             0x00000004
  43 #define NTLMSSP_NEGOTIATE_SIGN             0x00000010 /* Message integrity */
  44 #define NTLMSSP_NEGOTIATE_SEAL             0x00000020 /* Message confidentiality */
  45 #define NTLMSSP_NEGOTIATE_DATAGRAM_STYLE   0x00000040
  46 #define NTLMSSP_NEGOTIATE_LM_KEY           0x00000080
  47 #define NTLMSSP_NEGOTIATE_NETWARE          0x00000100
  48 #define NTLMSSP_NEGOTIATE_NTLM             0x00000200
  49 #define NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED  0x00001000
  50 #define NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED 0x00002000
  51 #define NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL  0x00004000
  52 #define NTLMSSP_NEGOTIATE_ALWAYS_SIGN      0x00008000
  53 #define NTLMSSP_TARGET_TYPE_DOMAIN            0x10000
  54 #define NTLMSSP_TARGET_TYPE_SERVER            0x20000
  55 #define NTLMSSP_CHAL_INIT_RESPONSE         0x00010000
  56
  57 #define NTLMSSP_CHAL_ACCEPT_RESPONSE       0x00020000
  58 #define NTLMSSP_CHAL_NON_NT_SESSION_KEY    0x00040000
  59 #define NTLMSSP_NEGOTIATE_NTLM2            0x00080000
  60 #define NTLMSSP_CHAL_TARGET_INFO           0x00800000
  61 #define NTLMSSP_NEGOTIATE_128              0x20000000 /* 128-bit encryption */
  62 #define NTLMSSP_NEGOTIATE_KEY_EXCH         0x40000000
  63 #define NTLMSSP_NEGOTIATE_080000000        0x80000000
  64
  65 #define NTLMSSP_NAME_TYPE_SERVER      0x01
  66 #define NTLMSSP_NAME_TYPE_DOMAIN      0x02
  67 #define NTLMSSP_NAME_TYPE_SERVER_DNS  0x03
  68 #define NTLMSSP_NAME_TYPE_DOMAIN_DNS  0x04
  69
  70 typedef struct ntlmssp_state
  71 {
  72         TALLOC_CTX *mem_ctx;
  73         enum NTLMSSP_ROLE role;
  74         BOOL unicode;
  75         char *user;
  76         char *domain;
  77         char *workstation;
  78         DATA_BLOB lm_resp;
  79         DATA_BLOB nt_resp;
  80         DATA_BLOB chal;
  81         void *auth_context;
  82         const uint8 *(*get_challenge)(struct ntlmssp_state *ntlmssp_state);
  83         NTSTATUS (*check_password)(struct ntlmssp_state *ntlmssp_state);
  84
  85         const char *(*get_global_myname)(void);
  86         const char *(*get_domain)(void);
  87
  88         int server_role;
  89         uint32 expected_state;
  90 } NTLMSSP_STATE;
  91
  92 typedef struct ntlmssp_client_state
  93 {
  94         TALLOC_CTX *mem_ctx;
  95         unsigned int ref_count;
  96
  97         BOOL unicode;
  98         BOOL use_ntlmv2;
  99         char *user;
 100         char *domain;
 101         char *workstation;
 102         char *password;
 103         char *server_domain;
 104
 105         const char *(*get_global_myname)(void);
 106         const char *(*get_domain)(void);
 107
 108         DATA_BLOB chal;
 109         DATA_BLOB lm_resp;
 110         DATA_BLOB nt_resp;
 111         DATA_BLOB session_key;
 112
 113         uint32 neg_flags;
 114
 115         /* SMB Signing */
 116
 117         uint32 ntlmssp_seq_num;
 118
 119         /* ntlmv2 */
 120         char cli_sign_const[16];
 121         char cli_seal_const[16];
 122         char srv_sign_const[16];
 123         char srv_seal_const[16];
 124
 125         unsigned char cli_sign_hash[258];
 126         unsigned char cli_seal_hash[258];
 127         unsigned char srv_sign_hash[258];
 128         unsigned char srv_seal_hash[258];
 129
 130         /* ntlmv1 */
 131         unsigned char ntlmssp_hash[258];
 132
 133         /* it turns out that we don't always get the
 134            response in at the time we want to process it.
 135            Store it here, until we need it */
 136         DATA_BLOB stored_response;
 137
 138 } NTLMSSP_CLIENT_STATE;
 139