winpr/libwinpr/sspi/NTLM/ntlm.h


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301

/**
 * WinPR: Windows Portable Runtime
 * NTLM Security Package
 *
 * Copyright 2011-2014 Marc-Andre Moreau <marcandre.moreau@gmail.com>
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

#ifndef WINPR_SSPI_NTLM_PRIVATE_H
#define WINPR_SSPI_NTLM_PRIVATE_H

#include <winpr/sspi.h>
#include <winpr/windows.h>

#include <winpr/nt.h>
#include <winpr/crypto.h>

#include "../sspi.h"

#define MESSAGE_TYPE_NEGOTIATE 1
#define MESSAGE_TYPE_CHALLENGE 2
#define MESSAGE_TYPE_AUTHENTICATE 3

#define NTLMSSP_NEGOTIATE_56 0x80000000                        /* W   (0) */
#define NTLMSSP_NEGOTIATE_KEY_EXCH 0x40000000                  /* V   (1) */
#define NTLMSSP_NEGOTIATE_128 0x20000000                       /* U   (2) */
#define NTLMSSP_RESERVED1 0x10000000                           /* r1  (3) */
#define NTLMSSP_RESERVED2 0x08000000                           /* r2  (4) */
#define NTLMSSP_RESERVED3 0x04000000                           /* r3  (5) */
#define NTLMSSP_NEGOTIATE_VERSION 0x02000000                   /* T   (6) */
#define NTLMSSP_RESERVED4 0x01000000                           /* r4  (7) */
#define NTLMSSP_NEGOTIATE_TARGET_INFO 0x00800000               /* S   (8) */
#define NTLMSSP_REQUEST_NON_NT_SESSION_KEY 0x00400000          /* R   (9) */
#define NTLMSSP_RESERVED5 0x00200000                           /* r5  (10) */
#define NTLMSSP_NEGOTIATE_IDENTIFY 0x00100000                  /* Q   (11) */
#define NTLMSSP_NEGOTIATE_EXTENDED_SESSION_SECURITY 0x00080000 /* P   (12) */
#define NTLMSSP_RESERVED6 0x00040000                           /* r6  (13) */
#define NTLMSSP_TARGET_TYPE_SERVER 0x00020000                  /* O   (14) */
#define NTLMSSP_TARGET_TYPE_DOMAIN 0x00010000                  /* N   (15) */
#define NTLMSSP_NEGOTIATE_ALWAYS_SIGN 0x00008000               /* M   (16) */
#define NTLMSSP_RESERVED7 0x00004000                           /* r7  (17) */
#define NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED 0x00002000      /* L   (18) */
#define NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED 0x00001000           /* K   (19) */
#define NTLMSSP_NEGOTIATE_ANONYMOUS 0x00000800                 /* J   (20) */
#define NTLMSSP_RESERVED8 0x00000400                           /* r8  (21) */
#define NTLMSSP_NEGOTIATE_NTLM 0x00000200                      /* H   (22) */
#define NTLMSSP_RESERVED9 0x00000100                           /* r9  (23) */
#define NTLMSSP_NEGOTIATE_LM_KEY 0x00000080                    /* G   (24) */
#define NTLMSSP_NEGOTIATE_DATAGRAM 0x00000040                  /* F   (25) */
#define NTLMSSP_NEGOTIATE_SEAL 0x00000020                      /* E   (26) */
#define NTLMSSP_NEGOTIATE_SIGN 0x00000010                      /* D   (27) */
#define NTLMSSP_RESERVED10 0x00000008                          /* r10 (28) */
#define NTLMSSP_REQUEST_TARGET 0x00000004                      /* C   (29) */
#define NTLMSSP_NEGOTIATE_OEM 0x00000002                       /* B   (30) */
#define NTLMSSP_NEGOTIATE_UNICODE 0x00000001                   /* A   (31) */

typedef enum
{
	NTLM_STATE_INITIAL,
	NTLM_STATE_NEGOTIATE,
	NTLM_STATE_CHALLENGE,
	NTLM_STATE_AUTHENTICATE,
	NTLM_STATE_FINAL
} NTLM_STATE;

#ifdef __MINGW32__
typedef MSV1_0_AVID NTLM_AV_ID;

#if __MINGW64_VERSION_MAJOR < 9
enum
{
	MsvAvTimestamp = MsvAvFlags + 1,
	MsvAvRestrictions,
	MsvAvTargetName,
	MsvAvChannelBindings,
	MsvAvSingleHost = MsvAvRestrictions
};

#else
#ifndef MsvAvSingleHost
#define MsvAvSingleHost MsvAvRestrictions
#endif
#endif
#else
typedef enum
{
	MsvAvEOL,
	MsvAvNbComputerName,
	MsvAvNbDomainName,
	MsvAvDnsComputerName,
	MsvAvDnsDomainName,
	MsvAvDnsTreeName,
	MsvAvFlags,
	MsvAvTimestamp,
	MsvAvSingleHost,
	MsvAvTargetName,
	MsvAvChannelBindings
} NTLM_AV_ID;
#endif /* __MINGW32__ */

typedef struct
{
	UINT16 AvId;
	UINT16 AvLen;
} NTLM_AV_PAIR;

#define MSV_AV_FLAGS_AUTHENTICATION_CONSTRAINED 0x00000001
#define MSV_AV_FLAGS_MESSAGE_INTEGRITY_CHECK 0x00000002
#define MSV_AV_FLAGS_TARGET_SPN_UNTRUSTED_SOURCE 0x00000004

#define WINDOWS_MAJOR_VERSION_5 0x05
#define WINDOWS_MAJOR_VERSION_6 0x06
#define WINDOWS_MINOR_VERSION_0 0x00
#define WINDOWS_MINOR_VERSION_1 0x01
#define WINDOWS_MINOR_VERSION_2 0x02
#define NTLMSSP_REVISION_W2K3 0x0F

typedef struct
{
	UINT8 ProductMajorVersion;
	UINT8 ProductMinorVersion;
	UINT16 ProductBuild;
	BYTE Reserved[3];
	UINT8 NTLMRevisionCurrent;
} NTLM_VERSION_INFO;

typedef struct
{
	UINT32 Size;
	UINT32 Z4;
	UINT32 DataPresent;
	UINT32 CustomData;
	BYTE MachineID[32];
} NTLM_SINGLE_HOST_DATA;

typedef struct
{
	BYTE Response[24];
} NTLM_RESPONSE;

typedef struct
{
	UINT8 RespType;
	UINT8 HiRespType;
	UINT16 Reserved1;
	UINT32 Reserved2;
	BYTE Timestamp[8];
	BYTE ClientChallenge[8];
	UINT32 Reserved3;
	NTLM_AV_PAIR* AvPairs;
	UINT32 cbAvPairs;
} NTLMv2_CLIENT_CHALLENGE;

typedef struct
{
	BYTE Response[16];
	NTLMv2_CLIENT_CHALLENGE Challenge;
} NTLMv2_RESPONSE;

typedef struct
{
	UINT16 Len;
	UINT16 MaxLen;
	PBYTE Buffer;
	UINT32 BufferOffset;
} NTLM_MESSAGE_FIELDS;

typedef struct
{
	BYTE Signature[8];
	UINT32 MessageType;
} NTLM_MESSAGE_HEADER;

typedef struct
{
	NTLM_MESSAGE_HEADER header;
	UINT32 NegotiateFlags;
	NTLM_VERSION_INFO Version;
	NTLM_MESSAGE_FIELDS DomainName;
	NTLM_MESSAGE_FIELDS Workstation;
} NTLM_NEGOTIATE_MESSAGE;

typedef struct
{
	NTLM_MESSAGE_HEADER header;
	UINT32 NegotiateFlags;
	BYTE ServerChallenge[8];
	BYTE Reserved[8];
	NTLM_VERSION_INFO Version;
	NTLM_MESSAGE_FIELDS TargetName;
	NTLM_MESSAGE_FIELDS TargetInfo;
} NTLM_CHALLENGE_MESSAGE;

typedef struct
{
	NTLM_MESSAGE_HEADER header;
	UINT32 NegotiateFlags;
	NTLM_VERSION_INFO Version;
	NTLM_MESSAGE_FIELDS DomainName;
	NTLM_MESSAGE_FIELDS UserName;
	NTLM_MESSAGE_FIELDS Workstation;
	NTLM_MESSAGE_FIELDS LmChallengeResponse;
	NTLM_MESSAGE_FIELDS NtChallengeResponse;
	NTLM_MESSAGE_FIELDS EncryptedRandomSessionKey;
	BYTE MessageIntegrityCheck[16];
} NTLM_AUTHENTICATE_MESSAGE;

typedef struct
{
	BOOL server;
	BOOL NTLMv2;
	BOOL UseMIC;
	NTLM_STATE state;
	int SendSeqNum;
	int RecvSeqNum;
	char* SamFile;
	BYTE NtlmHash[16];
	BYTE NtlmV2Hash[16];
	BYTE MachineID[32];
	BOOL SendVersionInfo;
	BOOL confidentiality;
	WINPR_RC4_CTX* SendRc4Seal;
	WINPR_RC4_CTX* RecvRc4Seal;
	BYTE* SendSigningKey;
	BYTE* RecvSigningKey;
	BYTE* SendSealingKey;
	BYTE* RecvSealingKey;
	UINT32 NegotiateFlags;
	BOOL UseSamFileDatabase;
	int LmCompatibilityLevel;
	int SuppressExtendedProtection;
	BOOL SendWorkstationName;
	UNICODE_STRING Workstation;
	UNICODE_STRING ServicePrincipalName;
	SSPI_CREDENTIALS* credentials;
	BYTE* ChannelBindingToken;
	BYTE ChannelBindingsHash[16];
	SecPkgContext_Bindings Bindings;
	BOOL SendSingleHostData;
	BOOL NegotiateKeyExchange;
	NTLM_SINGLE_HOST_DATA SingleHostData;
	NTLM_NEGOTIATE_MESSAGE NEGOTIATE_MESSAGE;
	NTLM_CHALLENGE_MESSAGE CHALLENGE_MESSAGE;
	NTLM_AUTHENTICATE_MESSAGE AUTHENTICATE_MESSAGE;
	size_t MessageIntegrityCheckOffset;
	SecBuffer NegotiateMessage;
	SecBuffer ChallengeMessage;
	SecBuffer AuthenticateMessage;
	SecBuffer ChallengeTargetInfo;
	SecBuffer AuthenticateTargetInfo;
	SecBuffer TargetName;
	SecBuffer NtChallengeResponse;
	SecBuffer LmChallengeResponse;
	NTLMv2_RESPONSE NTLMv2Response;
	BYTE NtProofString[16];
	BYTE Timestamp[8];
	BYTE ChallengeTimestamp[8];
	BYTE ServerChallenge[8];
	BYTE ClientChallenge[8];
	BYTE SessionBaseKey[16];
	BYTE KeyExchangeKey[16];
	BYTE RandomSessionKey[16];
	BYTE ExportedSessionKey[16];
	BYTE EncryptedRandomSessionKey[16];
	BYTE ClientSigningKey[16];
	BYTE ClientSealingKey[16];
	BYTE ServerSigningKey[16];
	BYTE ServerSealingKey[16];
	psSspiNtlmHashCallback HashCallback;
	void* HashCallbackArg;
} NTLM_CONTEXT;

char* ntlm_negotiate_flags_string(char* buffer, size_t size, UINT32 flags);
const char* ntlm_message_type_string(UINT32 messageType);

const char* ntlm_state_string(NTLM_STATE state);
void ntlm_change_state(NTLM_CONTEXT* ntlm, NTLM_STATE state);
NTLM_STATE ntlm_get_state(NTLM_CONTEXT* ntlm);
BOOL ntlm_reset_cipher_state(PSecHandle phContext);

SECURITY_STATUS ntlm_computeProofValue(NTLM_CONTEXT* ntlm, SecBuffer* ntproof);
SECURITY_STATUS ntlm_computeMicValue(NTLM_CONTEXT* ntlm, SecBuffer* micvalue);

#ifdef WITH_DEBUG_NLA
#define WITH_DEBUG_NTLM
#endif

BOOL NTLM_init(void);

#endif /* WINPR_SSPI_NTLM_PRIVATE_H */