summaryrefslogtreecommitdiffstats
path: root/winpr/libwinpr/sspi/NTLM/ntlm.h
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-04 01:24:41 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-04 01:24:41 +0000
commita9bcc81f821d7c66f623779fa5147e728eb3c388 (patch)
tree98676963bcdd537ae5908a067a8eb110b93486a6 /winpr/libwinpr/sspi/NTLM/ntlm.h
parentInitial commit. (diff)
downloadfreerdp3-a9bcc81f821d7c66f623779fa5147e728eb3c388.tar.xz
freerdp3-a9bcc81f821d7c66f623779fa5147e728eb3c388.zip
Adding upstream version 3.3.0+dfsg1.upstream/3.3.0+dfsg1
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'winpr/libwinpr/sspi/NTLM/ntlm.h')
-rw-r--r--winpr/libwinpr/sspi/NTLM/ntlm.h301
1 files changed, 301 insertions, 0 deletions
diff --git a/winpr/libwinpr/sspi/NTLM/ntlm.h b/winpr/libwinpr/sspi/NTLM/ntlm.h
new file mode 100644
index 0000000..4eac436
--- /dev/null
+++ b/winpr/libwinpr/sspi/NTLM/ntlm.h
@@ -0,0 +1,301 @@
+/**
+ * WinPR: Windows Portable Runtime
+ * NTLM Security Package
+ *
+ * Copyright 2011-2014 Marc-Andre Moreau <marcandre.moreau@gmail.com>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef WINPR_SSPI_NTLM_PRIVATE_H
+#define WINPR_SSPI_NTLM_PRIVATE_H
+
+#include <winpr/sspi.h>
+#include <winpr/windows.h>
+
+#include <winpr/nt.h>
+#include <winpr/crypto.h>
+
+#include "../sspi.h"
+
+#define MESSAGE_TYPE_NEGOTIATE 1
+#define MESSAGE_TYPE_CHALLENGE 2
+#define MESSAGE_TYPE_AUTHENTICATE 3
+
+#define NTLMSSP_NEGOTIATE_56 0x80000000 /* W (0) */
+#define NTLMSSP_NEGOTIATE_KEY_EXCH 0x40000000 /* V (1) */
+#define NTLMSSP_NEGOTIATE_128 0x20000000 /* U (2) */
+#define NTLMSSP_RESERVED1 0x10000000 /* r1 (3) */
+#define NTLMSSP_RESERVED2 0x08000000 /* r2 (4) */
+#define NTLMSSP_RESERVED3 0x04000000 /* r3 (5) */
+#define NTLMSSP_NEGOTIATE_VERSION 0x02000000 /* T (6) */
+#define NTLMSSP_RESERVED4 0x01000000 /* r4 (7) */
+#define NTLMSSP_NEGOTIATE_TARGET_INFO 0x00800000 /* S (8) */
+#define NTLMSSP_REQUEST_NON_NT_SESSION_KEY 0x00400000 /* R (9) */
+#define NTLMSSP_RESERVED5 0x00200000 /* r5 (10) */
+#define NTLMSSP_NEGOTIATE_IDENTIFY 0x00100000 /* Q (11) */
+#define NTLMSSP_NEGOTIATE_EXTENDED_SESSION_SECURITY 0x00080000 /* P (12) */
+#define NTLMSSP_RESERVED6 0x00040000 /* r6 (13) */
+#define NTLMSSP_TARGET_TYPE_SERVER 0x00020000 /* O (14) */
+#define NTLMSSP_TARGET_TYPE_DOMAIN 0x00010000 /* N (15) */
+#define NTLMSSP_NEGOTIATE_ALWAYS_SIGN 0x00008000 /* M (16) */
+#define NTLMSSP_RESERVED7 0x00004000 /* r7 (17) */
+#define NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED 0x00002000 /* L (18) */
+#define NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED 0x00001000 /* K (19) */
+#define NTLMSSP_NEGOTIATE_ANONYMOUS 0x00000800 /* J (20) */
+#define NTLMSSP_RESERVED8 0x00000400 /* r8 (21) */
+#define NTLMSSP_NEGOTIATE_NTLM 0x00000200 /* H (22) */
+#define NTLMSSP_RESERVED9 0x00000100 /* r9 (23) */
+#define NTLMSSP_NEGOTIATE_LM_KEY 0x00000080 /* G (24) */
+#define NTLMSSP_NEGOTIATE_DATAGRAM 0x00000040 /* F (25) */
+#define NTLMSSP_NEGOTIATE_SEAL 0x00000020 /* E (26) */
+#define NTLMSSP_NEGOTIATE_SIGN 0x00000010 /* D (27) */
+#define NTLMSSP_RESERVED10 0x00000008 /* r10 (28) */
+#define NTLMSSP_REQUEST_TARGET 0x00000004 /* C (29) */
+#define NTLMSSP_NEGOTIATE_OEM 0x00000002 /* B (30) */
+#define NTLMSSP_NEGOTIATE_UNICODE 0x00000001 /* A (31) */
+
+typedef enum
+{
+ NTLM_STATE_INITIAL,
+ NTLM_STATE_NEGOTIATE,
+ NTLM_STATE_CHALLENGE,
+ NTLM_STATE_AUTHENTICATE,
+ NTLM_STATE_FINAL
+} NTLM_STATE;
+
+#ifdef __MINGW32__
+typedef MSV1_0_AVID NTLM_AV_ID;
+
+#if __MINGW64_VERSION_MAJOR < 9
+enum
+{
+ MsvAvTimestamp = MsvAvFlags + 1,
+ MsvAvRestrictions,
+ MsvAvTargetName,
+ MsvAvChannelBindings,
+ MsvAvSingleHost = MsvAvRestrictions
+};
+
+#else
+#ifndef MsvAvSingleHost
+#define MsvAvSingleHost MsvAvRestrictions
+#endif
+#endif
+#else
+typedef enum
+{
+ MsvAvEOL,
+ MsvAvNbComputerName,
+ MsvAvNbDomainName,
+ MsvAvDnsComputerName,
+ MsvAvDnsDomainName,
+ MsvAvDnsTreeName,
+ MsvAvFlags,
+ MsvAvTimestamp,
+ MsvAvSingleHost,
+ MsvAvTargetName,
+ MsvAvChannelBindings
+} NTLM_AV_ID;
+#endif /* __MINGW32__ */
+
+typedef struct
+{
+ UINT16 AvId;
+ UINT16 AvLen;
+} NTLM_AV_PAIR;
+
+#define MSV_AV_FLAGS_AUTHENTICATION_CONSTRAINED 0x00000001
+#define MSV_AV_FLAGS_MESSAGE_INTEGRITY_CHECK 0x00000002
+#define MSV_AV_FLAGS_TARGET_SPN_UNTRUSTED_SOURCE 0x00000004
+
+#define WINDOWS_MAJOR_VERSION_5 0x05
+#define WINDOWS_MAJOR_VERSION_6 0x06
+#define WINDOWS_MINOR_VERSION_0 0x00
+#define WINDOWS_MINOR_VERSION_1 0x01
+#define WINDOWS_MINOR_VERSION_2 0x02
+#define NTLMSSP_REVISION_W2K3 0x0F
+
+typedef struct
+{
+ UINT8 ProductMajorVersion;
+ UINT8 ProductMinorVersion;
+ UINT16 ProductBuild;
+ BYTE Reserved[3];
+ UINT8 NTLMRevisionCurrent;
+} NTLM_VERSION_INFO;
+
+typedef struct
+{
+ UINT32 Size;
+ UINT32 Z4;
+ UINT32 DataPresent;
+ UINT32 CustomData;
+ BYTE MachineID[32];
+} NTLM_SINGLE_HOST_DATA;
+
+typedef struct
+{
+ BYTE Response[24];
+} NTLM_RESPONSE;
+
+typedef struct
+{
+ UINT8 RespType;
+ UINT8 HiRespType;
+ UINT16 Reserved1;
+ UINT32 Reserved2;
+ BYTE Timestamp[8];
+ BYTE ClientChallenge[8];
+ UINT32 Reserved3;
+ NTLM_AV_PAIR* AvPairs;
+ UINT32 cbAvPairs;
+} NTLMv2_CLIENT_CHALLENGE;
+
+typedef struct
+{
+ BYTE Response[16];
+ NTLMv2_CLIENT_CHALLENGE Challenge;
+} NTLMv2_RESPONSE;
+
+typedef struct
+{
+ UINT16 Len;
+ UINT16 MaxLen;
+ PBYTE Buffer;
+ UINT32 BufferOffset;
+} NTLM_MESSAGE_FIELDS;
+
+typedef struct
+{
+ BYTE Signature[8];
+ UINT32 MessageType;
+} NTLM_MESSAGE_HEADER;
+
+typedef struct
+{
+ NTLM_MESSAGE_HEADER header;
+ UINT32 NegotiateFlags;
+ NTLM_VERSION_INFO Version;
+ NTLM_MESSAGE_FIELDS DomainName;
+ NTLM_MESSAGE_FIELDS Workstation;
+} NTLM_NEGOTIATE_MESSAGE;
+
+typedef struct
+{
+ NTLM_MESSAGE_HEADER header;
+ UINT32 NegotiateFlags;
+ BYTE ServerChallenge[8];
+ BYTE Reserved[8];
+ NTLM_VERSION_INFO Version;
+ NTLM_MESSAGE_FIELDS TargetName;
+ NTLM_MESSAGE_FIELDS TargetInfo;
+} NTLM_CHALLENGE_MESSAGE;
+
+typedef struct
+{
+ NTLM_MESSAGE_HEADER header;
+ UINT32 NegotiateFlags;
+ NTLM_VERSION_INFO Version;
+ NTLM_MESSAGE_FIELDS DomainName;
+ NTLM_MESSAGE_FIELDS UserName;
+ NTLM_MESSAGE_FIELDS Workstation;
+ NTLM_MESSAGE_FIELDS LmChallengeResponse;
+ NTLM_MESSAGE_FIELDS NtChallengeResponse;
+ NTLM_MESSAGE_FIELDS EncryptedRandomSessionKey;
+ BYTE MessageIntegrityCheck[16];
+} NTLM_AUTHENTICATE_MESSAGE;
+
+typedef struct
+{
+ BOOL server;
+ BOOL NTLMv2;
+ BOOL UseMIC;
+ NTLM_STATE state;
+ int SendSeqNum;
+ int RecvSeqNum;
+ char* SamFile;
+ BYTE NtlmHash[16];
+ BYTE NtlmV2Hash[16];
+ BYTE MachineID[32];
+ BOOL SendVersionInfo;
+ BOOL confidentiality;
+ WINPR_RC4_CTX* SendRc4Seal;
+ WINPR_RC4_CTX* RecvRc4Seal;
+ BYTE* SendSigningKey;
+ BYTE* RecvSigningKey;
+ BYTE* SendSealingKey;
+ BYTE* RecvSealingKey;
+ UINT32 NegotiateFlags;
+ BOOL UseSamFileDatabase;
+ int LmCompatibilityLevel;
+ int SuppressExtendedProtection;
+ BOOL SendWorkstationName;
+ UNICODE_STRING Workstation;
+ UNICODE_STRING ServicePrincipalName;
+ SSPI_CREDENTIALS* credentials;
+ BYTE* ChannelBindingToken;
+ BYTE ChannelBindingsHash[16];
+ SecPkgContext_Bindings Bindings;
+ BOOL SendSingleHostData;
+ BOOL NegotiateKeyExchange;
+ NTLM_SINGLE_HOST_DATA SingleHostData;
+ NTLM_NEGOTIATE_MESSAGE NEGOTIATE_MESSAGE;
+ NTLM_CHALLENGE_MESSAGE CHALLENGE_MESSAGE;
+ NTLM_AUTHENTICATE_MESSAGE AUTHENTICATE_MESSAGE;
+ size_t MessageIntegrityCheckOffset;
+ SecBuffer NegotiateMessage;
+ SecBuffer ChallengeMessage;
+ SecBuffer AuthenticateMessage;
+ SecBuffer ChallengeTargetInfo;
+ SecBuffer AuthenticateTargetInfo;
+ SecBuffer TargetName;
+ SecBuffer NtChallengeResponse;
+ SecBuffer LmChallengeResponse;
+ NTLMv2_RESPONSE NTLMv2Response;
+ BYTE NtProofString[16];
+ BYTE Timestamp[8];
+ BYTE ChallengeTimestamp[8];
+ BYTE ServerChallenge[8];
+ BYTE ClientChallenge[8];
+ BYTE SessionBaseKey[16];
+ BYTE KeyExchangeKey[16];
+ BYTE RandomSessionKey[16];
+ BYTE ExportedSessionKey[16];
+ BYTE EncryptedRandomSessionKey[16];
+ BYTE ClientSigningKey[16];
+ BYTE ClientSealingKey[16];
+ BYTE ServerSigningKey[16];
+ BYTE ServerSealingKey[16];
+ psSspiNtlmHashCallback HashCallback;
+ void* HashCallbackArg;
+} NTLM_CONTEXT;
+
+char* ntlm_negotiate_flags_string(char* buffer, size_t size, UINT32 flags);
+const char* ntlm_message_type_string(UINT32 messageType);
+
+const char* ntlm_state_string(NTLM_STATE state);
+void ntlm_change_state(NTLM_CONTEXT* ntlm, NTLM_STATE state);
+NTLM_STATE ntlm_get_state(NTLM_CONTEXT* ntlm);
+BOOL ntlm_reset_cipher_state(PSecHandle phContext);
+
+SECURITY_STATUS ntlm_computeProofValue(NTLM_CONTEXT* ntlm, SecBuffer* ntproof);
+SECURITY_STATUS ntlm_computeMicValue(NTLM_CONTEXT* ntlm, SecBuffer* micvalue);
+
+#ifdef WITH_DEBUG_NLA
+#define WITH_DEBUG_NTLM
+#endif
+
+BOOL NTLM_init(void);
+
+#endif /* WINPR_SSPI_NTLM_PRIVATE_H */