2
* $Id: ntlmauth.h,v 1.12 2003/08/05 21:40:04 robertc Exp $
4
* * * * * * * * Legal stuff * * * * * * *
6
* (C) 2000 Francesco Chemolli <kinkie@kame.usr.dsi.unimi.it>,
7
* inspired by previous work by Andrew Doran <ad@interlude.eu.org>.
8
* This program is free software; you can redistribute it and/or modify
9
* it under the terms of the GNU General Public License as published by
10
* the Free Software Foundation; either version 2 of the License, or
11
* (at your option) any later version.
13
* This program is distributed in the hope that it will be useful,
14
* but WITHOUT ANY WARRANTY; without even the implied warranty of
15
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16
* GNU General Public License for more details.
18
* You should have received a copy of the GNU General Public License
19
* along with this program; if not, write to the Free Software
20
* SQUID Web Proxy Cache http://www.squid-cache.org/
21
* ----------------------------------------------------------
23
* Squid is the result of efforts by numerous individuals from
24
* the Internet community; see the CONTRIBUTORS file for full
25
* details. Many organizations have provided support for Squid's
26
* development; see the SPONSORS file for full details. Squid is
27
* Copyrighted (C) 2001 by the Regents of the University of
28
* California; see the COPYRIGHT file for full details. Squid
29
* incorporates software developed and/or copyrighted by other
30
* sources; see the CREDITS file for full details.
32
* This program is free software; you can redistribute it and/or modify
33
* it under the terms of the GNU General Public License as published by
34
* the Free Software Foundation; either version 2 of the License, or
35
* (at your option) any later version.
37
* This program is distributed in the hope that it will be useful,
38
* but WITHOUT ANY WARRANTY; without even the implied warranty of
39
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
40
* GNU General Public License for more details.
42
* You should have received a copy of the GNU General Public License
43
* along with this program; if not, write to the Free Software
44
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
46
* * * * * * * * Declaration of intents * * * * * * *
48
* This header contains definitions and defines allowing to decode and
49
* understand NTLM packets, as sent by Internet Explorer.
50
* It's put here as it is a common utility to all HTLM-enabled modules.
53
#ifndef SQUID_NTLMAUTH_H
54
#define SQUID_NTLMAUTH_H
59
/* All of this cruft is little endian */
60
#include "squid_endian.h"
62
/* Used internally. Microsoft seems to think this is right, I believe them.
64
#define MAX_FIELD_LENGTH 300 /* max length of an NTLMSSP field */
67
/* Here start the NTLMSSP definitions */
68
/* NTLM request types that we know about */
69
#define NTLM_NEGOTIATE 1
70
#define NTLM_CHALLENGE 2
71
#define NTLM_CHALLENGE_HEADER_OFFSET 40
72
#define NTLM_AUTHENTICATE 3
76
/* negotiate request flags */
77
#define NEGOTIATE_UNICODE 0x0001
78
#define NEGOTIATE_ASCII 0x0002
79
#define NEGOTIATE_REQUEST_TARGET 0x0004
80
#define NEGOTIATE_REQUEST_SIGN 0x0010
81
#define NEGOTIATE_REQUEST_SEAL 0x0020
82
#define NEGOTIATE_DATAGRAM_STYLE 0x0040
83
#define NEGOTIATE_USE_LM 0x0080
84
#define NEGOTIATE_USE_NETWARE 0x0100
85
#define NEGOTIATE_USE_NTLM 0x0200
86
#define NEGOTIATE_DOMAIN_SUPPLIED 0x1000
87
#define NEGOTIATE_WORKSTATION_SUPPLIED 0x2000
88
#define NEGOTIATE_THIS_IS_LOCAL_CALL 0x4000
89
#define NEGOTIATE_ALWAYS_SIGN 0x8000
91
/* challenge request flags */
92
#define CHALLENGE_TARGET_IS_DOMAIN 0x10000
93
#define CHALLENGE_TARGET_IS_SERVER 0x20000
94
#define CHALLENGE_TARGET_IS_SHARE 0x40000
96
/* these are marked as "extra" fields */
97
#define REQUEST_INIT_RESPONSE 0x100000
98
#define REQUEST_ACCEPT_RESPONSE 0x200000
99
#define REQUEST_NON_NT_SESSION_KEY 0x400000
102
/* String header. String data resides at the end of the request */
103
typedef struct _strhdr {
104
int16_t len; /* Length in bytes */
105
int16_t maxlen; /* Allocated space in bytes */
106
int32_t offset; /* Offset from start of request */
109
/* We use this to keep data/lenght couples. Only used internally. */
110
typedef struct _lstring {
111
int32_t l; /* length, -1 if empty */
112
char *str; /* the string. NULL if not initialized */
115
/* This is an header common to all signatures, it's used to discriminate
116
* among the different signature types. */
117
typedef struct _ntlmhdr {
118
char signature[8]; /* "NTLMSSP" */
119
int32_t type; /* One of the NTLM_* types above. */
122
/* Negotiation request sent by client */
123
typedef struct _ntlm_negotiate {
124
char signature[8]; /* "NTLMSSP" */
125
int32_t type; /* LSWAP(0x1) */
126
u_int32_t flags; /* Request flags */
127
strhdr domain; /* Domain we wish to authenticate in */
128
strhdr workstation; /* Client workstation name */
129
char payload[256]; /* String data */
132
/* Challenge request sent by server. */
133
typedef struct _ntlm_challenge {
134
char signature[8]; /* "NTLMSSP" */
135
int32_t type; /* LSWAP(0x2) */
136
strhdr target; /* Authentication target (domain/server ...) */
137
u_int32_t flags; /* Request flags */
138
u_char challenge[NONCE_LEN]; /* Challenge string */
139
u_int32_t context_low; /* LS part of the server context handle */
140
u_int32_t context_high; /* MS part of the server context handle */
141
char payload[256]; /* String data */
144
/* Authentication request sent by client in response to challenge */
145
typedef struct _ntlm_authenticate {
146
char signature[8]; /* "NTLMSSP" */
147
int32_t type; /* LSWAP(0x3) */
148
strhdr lmresponse; /* LANMAN challenge response */
149
strhdr ntresponse; /* NT challenge response */
150
strhdr domain; /* Domain to authenticate against */
151
strhdr user; /* Username */
152
strhdr workstation; /* Workstation name */
153
strhdr sessionkey; /* Session key for server's use */
154
int32_t flags; /* Request flags */
155
char payload[256 * 6]; /* String data */
158
const char *ntlm_make_challenge(char *domain, char *domain_controller,
159
char *challenge_nonce, int challenge_nonce_len);
160
lstring ntlm_fetch_string(char *packet, int32_t length, strhdr * str);
161
void ntlm_add_to_payload(char *payload, int *payload_length,
162
strhdr * hdr, char *toadd,
163
int toadd_length, int base_offset);
165
#endif /* SQUID_NTLMAUTH_H */