File: ntlmauth.h

package info (click to toggle)
squid 2.6.5-6etch5
  • links: PTS
  • area: main
  • in suites: etch
  • size: 12,540 kB
  • ctags: 13,801
  • sloc: ansic: 105,278; sh: 6,083; makefile: 1,297; perl: 1,245; awk: 40
file content (182 lines) | stat: -rw-r--r-- 7,155 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
 
/*
 * $Id: ntlmauth.h,v 1.10 2005/05/17 16:56:35 hno Exp $
 *
 * * * * * * * * Legal stuff * * * * * * *
 *
 * (C) 2000 Francesco Chemolli <kinkie@kame.usr.dsi.unimi.it>,
 *   inspired by previous work by Andrew Doran <ad@interlude.eu.org>.
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *  
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *  
 *  You should have received a copy of the GNU General Public License
 *  along with this program; if not, write to the Free Software
 * SQUID Web Proxy Cache          http://www.squid-cache.org/
 * ----------------------------------------------------------
 *
 *  Squid is the result of efforts by numerous individuals from
 *  the Internet community; see the CONTRIBUTORS file for full
 *  details.   Many organizations have provided support for Squid's
 *  development; see the SPONSORS file for full details.  Squid is
 *  Copyrighted (C) 2001 by the Regents of the University of
 *  California; see the COPYRIGHT file for full details.  Squid
 *  incorporates software developed and/or copyrighted by other
 *  sources; see the CREDITS file for full details.
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *  
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *  
 *  You should have received a copy of the GNU General Public License
 *  along with this program; if not, write to the Free Software
 *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
 *
 * * * * * * * * Declaration of intents * * * * * * *
 *
 * This header contains definitions and defines allowing to decode and
 * understand NTLM packets, as sent by Internet Explorer.
 * It's put here as it is a common utility to all HTLM-enabled modules.
 */

#ifndef SQUID_NTLMAUTH_H
#define SQUID_NTLMAUTH_H

/* int*_t */
#include "squid_types.h"

/* All of this cruft is little endian */
#ifdef WORDS_BIGENDIAN
#define SSWAP(x)	(bswap16((x)))
#define WSWAP(x)	(bswap32((x)))
#else
#define SSWAP(x)	(x)
#define WSWAP(x)	(x)
#endif

#ifdef HAVE_BYTESWAP_H
#include <byteswap.h>
#define bswap16(x) bswap_16(x)
#define bswap32(x) bswap_32(x)
#else	 /* HAVE_BISTWAP_H */
#define bswap16(x) (((((u_int16_t)x) >> 8) & 0xff) | ((((u_int16_t)x) & 0xff) << 8))
#define bswap32(x) \
    (((((u_int32_t)x) & 0xff000000) >> 24) | ((((u_int32_t)x) & 0x00ff0000) >>  8) | \
     ((((u_int32_t)x) & 0x0000ff00) <<  8) | ((((u_int32_t)x) & 0x000000ff) << 24))
#endif /* HAVE_BITSWAP_H */

/* Used internally. Microsoft seems to think this is right, I believe them.
 * Right. */
#define MAX_FIELD_LENGTH 300	/* max length of an NTLMSSP field */


/* Here start the NTLMSSP definitions */
/* NTLM request types that we know about */
#define NTLM_NEGOTIATE		1
#define NTLM_CHALLENGE		2
#define NTLM_CHALLENGE_HEADER_OFFSET 40
#define NTLM_AUTHENTICATE	3

#define NONCE_LEN 8

/* negotiate request flags */
#define NEGOTIATE_UNICODE              0x0001
#define NEGOTIATE_ASCII                0x0002
#define NEGOTIATE_REQUEST_TARGET       0x0004
#define NEGOTIATE_REQUEST_SIGN         0x0010
#define NEGOTIATE_REQUEST_SEAL         0x0020
#define NEGOTIATE_DATAGRAM_STYLE       0x0040
#define NEGOTIATE_USE_LM               0x0080
#define NEGOTIATE_USE_NETWARE          0x0100
#define NEGOTIATE_USE_NTLM             0x0200
#define NEGOTIATE_DOMAIN_SUPPLIED      0x1000
#define NEGOTIATE_WORKSTATION_SUPPLIED 0x2000
#define NEGOTIATE_THIS_IS_LOCAL_CALL   0x4000
#define NEGOTIATE_ALWAYS_SIGN          0x8000

/* challenge request flags */
#define CHALLENGE_TARGET_IS_DOMAIN     0x10000
#define CHALLENGE_TARGET_IS_SERVER     0x20000
#define CHALLENGE_TARGET_IS_SHARE      0x40000

/* these are marked as "extra" fields */
#define REQUEST_INIT_RESPONSE          0x100000
#define REQUEST_ACCEPT_RESPONSE        0x200000
#define REQUEST_NON_NT_SESSION_KEY     0x400000


/* String header. String data resides at the end of the request */
typedef struct _strhdr {
    int16_t len;		/* Length in bytes */
    int16_t maxlen;		/* Allocated space in bytes */
    int32_t offset;		/* Offset from start of request */
} strhdr;

/* We use this to keep data/lenght couples. Only used internally. */
typedef struct _lstring {
    int32_t l;			/* length, -1 if empty */
    char *str;			/* the string. NULL if not initialized */
} lstring;

/* This is an header common to all signatures, it's used to discriminate
 * among the different signature types. */
typedef struct _ntlmhdr {
    char signature[8];		/* "NTLMSSP" */
    int32_t type;		/* One of the NTLM_* types above. */
} ntlmhdr;

/* Negotiation request sent by client */
typedef struct _ntlm_negotiate {
    char signature[8];		/* "NTLMSSP" */
    int32_t type;		/* LSWAP(0x1) */
    u_int32_t flags;		/* Request flags */
    strhdr domain;		/* Domain we wish to authenticate in */
    strhdr workstation;		/* Client workstation name */
    char payload[256];		/* String data */
} ntlm_negotiate;

/* Challenge request sent by server. */
typedef struct _ntlm_challenge {
    char signature[8];		/* "NTLMSSP" */
    int32_t type;		/* LSWAP(0x2) */
    strhdr target;		/* Authentication target (domain/server ...) */
    u_int32_t flags;		/* Request flags */
    u_char challenge[NONCE_LEN];	/* Challenge string */
    u_int32_t context_low;	/* LS part of the server context handle */
    u_int32_t context_high;	/* MS part of the server context handle */
    char payload[256];		/* String data */
} ntlm_challenge;

/* Authentication request sent by client in response to challenge */
typedef struct _ntlm_authenticate {
    char signature[8];		/* "NTLMSSP" */
    int32_t type;		/* LSWAP(0x3) */
    strhdr lmresponse;		/* LANMAN challenge response */
    strhdr ntresponse;		/* NT challenge response */
    strhdr domain;		/* Domain to authenticate against */
    strhdr user;		/* Username */
    strhdr workstation;		/* Workstation name */
    strhdr sessionkey;		/* Session key for server's use */
    int32_t flags;		/* Request flags */
    char payload[256 * 6];	/* String data */
} ntlm_authenticate;

const char *ntlm_make_challenge(char *domain, char *domain_controller,
    unsigned char *challenge_nonce, int challenge_nonce_len);
lstring ntlm_fetch_string(char *packet, int32_t length, strhdr * str);
void ntlm_add_to_payload(char *payload, int *payload_length,
    strhdr * hdr, char *toadd,
    int toadd_length, int base_offset);

#endif /* SQUID_NTLMAUTH_H */