lib/gssapi/netlogon/netlogon.h

   1 /*
   2  * Copyright (c) 2010 Kungliga Tekniska Högskolan
   3  * (Royal Institute of Technology, Stockholm, Sweden).
   4  * All rights reserved.
   5  *
   6  * Portions Copyright (c) 2010 Apple Inc. All rights reserved.
   7  *
   8  * Redistribution and use in source and binary forms, with or without
   9  * modification, are permitted provided that the following conditions
  10  * are met:
  11  *
  12  * 1. Redistributions of source code must retain the above copyright
  13  *    notice, this list of conditions and the following disclaimer.
  14  *
  15  * 2. Redistributions in binary form must reproduce the above copyright
  16  *    notice, this list of conditions and the following disclaimer in the
  17  *    documentation and/or other materials provided with the distribution.
  18  *
  19  * 3. Neither the name of the Institute nor the names of its contributors
  20  *    may be used to endorse or promote products derived from this software
  21  *    without specific prior written permission.
  22  *
  23  * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
  24  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  25  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  26  * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
  27  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  28  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  29  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  30  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  31  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  32  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  33  * SUCH DAMAGE.
  34  */
  35
  36 #ifndef NETLOGON_NETLOGON_H
  37 #define NETLOGON_NETLOGON_H
  38
  39 #include <config.h>
  40
  41 #include <stdio.h>
  42 #include <stdlib.h>
  43 #include <assert.h>
  44 #include <string.h>
  45 #include <errno.h>
  46
  47 #include <gssapi.h>
  48 #include <gssapi_mech.h>
  49 #include <gssapi_netlogon.h>
  50
  51 #include <krb5.h>
  52
  53 #include <roken.h>
  54 #include <heim_threads.h>
  55
  56 #define HC_DEPRECATED_CRYPTO
  57 #include "crypto-headers.h"
  58
  59 /*
  60  *
  61  */
  62
  63 typedef struct {
  64 #define NL_NEGOTIATE_REQUEST_MESSAGE    0x00000000
  65 #define NL_NEGOTIATE_RESPONSE_MESSAGE   0x00000001
  66     uint32_t MessageType;
  67 #define NL_FLAG_NETBIOS_DOMAIN_NAME     0x00000001
  68 #define NL_FLAG_NETBIOS_COMPUTER_NAME   0x00000002
  69 #define NL_FLAG_DNS_DOMAIN_NAME         0x00000004
  70 #define NL_FLAG_DNS_HOST_NAME           0x00000008 /* not used */
  71 #define NL_FLAG_UTF8_COMPUTER_NAME      0x00000010
  72     uint32_t Flags;
  73     char *Buffer[0];
  74 } NL_AUTH_MESSAGE;
  75
  76 #define NL_AUTH_MESSAGE_LENGTH          8
  77
  78 /* SignatureAlgorithm */
  79 #define NL_SIGN_ALG_HMAC_MD5            0x0077
  80 #define NL_SIGN_ALG_SHA256              0x0013
  81
  82 /* SealAlgorithm */
  83 #define NL_SEAL_ALG_RC4                 0x007A
  84 #define NL_SEAL_ALG_AES128              0x001A
  85 #define NL_SEAL_ALG_NONE                0xFFFF
  86
  87 typedef struct {
  88     uint16_t SignatureAlgorithm;
  89     uint16_t SealAlgorithm;
  90     uint16_t Pad;
  91     uint16_t Flags;
  92     uint8_t SequenceNumber[8];
  93     uint8_t Checksum[8];
  94     uint8_t Confounder[8];
  95 } NL_AUTH_SIGNATURE;
  96
  97 #define NL_AUTH_SIGNATURE_HEADER_LENGTH 8
  98 #define NL_AUTH_SIGNATURE_COMMON_LENGTH 16
  99 #define NL_AUTH_SIGNATURE_LENGTH        32
 100
 101 typedef struct {
 102     uint16_t SignatureAlgorithm;
 103     uint16_t SealAlgorithm;
 104     uint16_t Pad;
 105     uint16_t Flags;
 106     uint8_t SequenceNumber[8];
 107     uint8_t Checksum[32];
 108     uint8_t Confounder[8];
 109 } NL_AUTH_SHA2_SIGNATURE;
 110
 111 #define NL_AUTH_SHA2_SIGNATURE_LENGTH   56
 112
 113 typedef union {
 114     NL_AUTH_SIGNATURE Signature;
 115     NL_AUTH_SHA2_SIGNATURE SHA2Signature;
 116 } NL_AUTH_SIGNATURE_U;
 117
 118 #define NL_AUTH_SIGNATURE_P(_u)         (&(_u)->Signature)
 119
 120 typedef struct gssnetlogon_name {
 121     gss_buffer_desc NetbiosName;
 122     gss_buffer_desc DnsName;
 123 } *gssnetlogon_name;
 124
 125 typedef struct gssnetlogon_cred {
 126     gssnetlogon_name *Name;
 127     uint16_t SignatureAlgorithm;
 128     uint16_t SealAlgorithm;
 129     uint8_t SessionKey[16];
 130 } *gssnetlogon_cred;
 131
 132 typedef struct gssnetlogon_ctx {
 133     HEIMDAL_MUTEX Mutex;
 134     enum { NL_AUTH_NEGOTIATE, NL_AUTH_ESTABLISHED } State;
 135     OM_uint32 GssFlags;
 136     uint8_t LocallyInitiated;
 137     uint32_t MessageBlockSize;
 138     uint16_t SignatureAlgorithm;
 139     uint16_t SealAlgorithm;
 140     uint64_t SequenceNumber;
 141     gssnetlogon_name SourceName;
 142     gssnetlogon_name TargetName;
 143     uint8_t SessionKey[16];
 144 } *gssnetlogon_ctx;
 145
 146 #include <netlogon-private.h>
 147
 148 #endif /* NETLOGON_NETLOGON_H */