1 files changed, 299 insertions, 0 deletions

diff --git a/public/sdk/inc/ntlmsp.h b/public/sdk/inc/ntlmsp.h
new file mode 100644
index 000000000..760047700
--- /dev/null
+++ b/public/sdk/inc/ntlmsp.h
@@ -0,0 +1,299 @@
+//+-------------------------------------------------------------------------
+//
+//  Microsoft Windows
+//  Copyright (C) Microsoft Corporation, 1992 - 1992.
+//
+//  File:       ntlmsp.h
+//
+//  Contents:
+//
+//  Classes:
+//
+//  Functions:
+//
+//  History:    13-May-92 PeterWi       Created
+//
+//--------------------------------------------------------------------------
+
+#ifndef _NTLMSP_H_
+#define _NTLMSP_H_
+
+#include <ntmsv1_0.h>
+
+
+////////////////////////////////////////////////////////////////////////
+//
+// Name of the package to pass in to AcquireCredentialsHandle, etc.
+//
+////////////////////////////////////////////////////////////////////////
+
+#define NTLMSP_NAME_A            "NTLM"
+#define NTLMSP_NAME              L"NTLM"
+#define NTLMSP_NAME_SIZE        (sizeof(NTLMSP_NAME) - sizeof(WCHAR))
+#define NTLMSP_COMMENT_A         "NTLM Security Package"
+#define NTLMSP_COMMENT           L"NTLM Security Package"
+#define NTLMSP_CAPABILITIES     (SECPKG_FLAG_TOKEN_ONLY | \
+                                 SECPKG_FLAG_MULTI_REQUIRED | \
+                                 SECPKG_FLAG_CONNECTION | \
+                                 SECPKG_FLAG_INTEGRITY | \
+                                 SECPKG_FLAG_PRIVACY)
+
+#define NTLMSP_VERSION          1
+#define NTLMSP_RPCID            10  // RPC_C_AUTHN_WINNT from rpcdce.h
+#define NTLMSP_MAX_TOKEN_SIZE 0x300
+
+////////////////////////////////////////////////////////////////////////
+//
+// Opaque Messages passed between client and server
+//
+////////////////////////////////////////////////////////////////////////
+
+#define NTLMSSP_SIGNATURE "NTLMSSP"
+
+//
+// MessageType for the following messages.
+//
+
+typedef enum {
+    NtLmNegotiate = 1,
+    NtLmChallenge,
+    NtLmAuthenticate,
+    NtLmUnknown
+} NTLM_MESSAGE_TYPE;
+
+//
+// Valid values of NegotiateFlags
+//
+
+#define NTLMSSP_NEGOTIATE_UNICODE       0x0001  // Text strings are in unicode
+#define NTLMSSP_NEGOTIATE_OEM           0x0002  // Text strings are in OEM
+#define NTLMSSP_REQUEST_TARGET          0x0004  // Server should return its
+                                                // authentication realm
+#define NTLMSSP_NEGOTIATE_SIGN          0x0010  // Request signature capability
+#define NTLMSSP_NEGOTIATE_SEAL          0x0020  // Request confidentiality
+#define NTLMSSP_NEGOTIATE_DATAGRAM      0x0040  // Use datagram style authentication
+#define NTLMSSP_NEGOTIATE_LM_KEY        0x0080  // Use LM session key for sign/seal
+
+#define NTLMSSP_NEGOTIATE_NETWARE       0x0100  // NetWare authentication
+#define NTLMSSP_NEGOTIATE_NTLM          0x0200  // NTLM authentication
+
+#define NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED       0x1000  // Domain Name supplied on negotiate
+#define NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED  0x2000  // Workstation Name supplied on negotiate
+#define NTLMSSP_NEGOTIATE_LOCAL_CALL                0x4000 // Indicates client/server are same machine
+#define NTLMSSP_NEGOTIATE_ALWAYS_SIGN               0x8000 // Sign for all security levels
+
+
+//
+// Valid target types returned by the server in Negotiate Flags
+//
+
+#define NTLMSSP_TARGET_TYPE_DOMAIN 0x10000  // TargetName is a domain name
+#define NTLMSSP_TARGET_TYPE_SERVER 0x20000  // TargetName is a server name
+#define NTLMSSP_TARGET_TYPE_SHARE  0x40000  // TargetName is a share name
+
+
+//
+// Valid requests for additional output buffers
+//
+
+#define NTLMSSP_REQUEST_INIT_RESPONSE       0x100000    // get back session keys
+#define NTLMSSP_REQUEST_ACCEPT_RESPONSE     0x200000    // get back session key, LUID
+#define NTLMSSP_REQUEST_NON_NT_SESSION_KEY  0x400000    // request non-nt session key
+
+//
+// Opaque message returned from first call to InitializeSecurityContext
+//
+typedef struct _NEGOTIATE_MESSAGE {
+    UCHAR Signature[sizeof(NTLMSSP_SIGNATURE)];
+    NTLM_MESSAGE_TYPE MessageType;
+    ULONG NegotiateFlags;
+    STRING OemDomainName;
+    STRING OemWorkstationName;
+} NEGOTIATE_MESSAGE, *PNEGOTIATE_MESSAGE;
+
+
+//
+// Old version of the message, for old clients
+//
+
+typedef struct _OLD_NEGOTIATE_MESSAGE {
+    UCHAR Signature[sizeof(NTLMSSP_SIGNATURE)];
+    NTLM_MESSAGE_TYPE MessageType;
+    ULONG NegotiateFlags;
+} OLD_NEGOTIATE_MESSAGE, *POLD_NEGOTIATE_MESSAGE;
+
+//
+// Opaque message returned from first call to AcceptSecurityContext
+//
+typedef struct _CHALLENGE_MESSAGE {
+    UCHAR Signature[sizeof(NTLMSSP_SIGNATURE)];
+    NTLM_MESSAGE_TYPE MessageType;
+    STRING TargetName;
+    ULONG NegotiateFlags;
+    UCHAR Challenge[MSV1_0_CHALLENGE_LENGTH];
+    ULONG ServerContextHandleLower;
+    ULONG ServerContextHandleUpper;
+} CHALLENGE_MESSAGE, *PCHALLENGE_MESSAGE;
+
+//
+// Old version of the challenge message
+//
+
+typedef struct _OLD_CHALLENGE_MESSAGE {
+    UCHAR Signature[sizeof(NTLMSSP_SIGNATURE)];
+    NTLM_MESSAGE_TYPE MessageType;
+    STRING TargetName;
+    ULONG NegotiateFlags;
+    UCHAR Challenge[MSV1_0_CHALLENGE_LENGTH];
+} OLD_CHALLENGE_MESSAGE, *POLD_CHALLENGE_MESSAGE;
+
+//
+// Opaque message returned from second call to InitializeSecurityContext
+//
+typedef struct _AUTHENTICATE_MESSAGE {
+    UCHAR Signature[sizeof(NTLMSSP_SIGNATURE)];
+    NTLM_MESSAGE_TYPE MessageType;
+    STRING LmChallengeResponse;
+    STRING NtChallengeResponse;
+    STRING DomainName;
+    STRING UserName;
+    STRING Workstation;
+    STRING SessionKey;
+    ULONG NegotiateFlags;
+} AUTHENTICATE_MESSAGE, *PAUTHENTICATE_MESSAGE;
+
+typedef struct _OLD_AUTHENTICATE_MESSAGE {
+    UCHAR Signature[sizeof(NTLMSSP_SIGNATURE)];
+    NTLM_MESSAGE_TYPE MessageType;
+    STRING LmChallengeResponse;
+    STRING NtChallengeResponse;
+    STRING DomainName;
+    STRING UserName;
+    STRING Workstation;
+} OLD_AUTHENTICATE_MESSAGE, *POLD_AUTHENTICATE_MESSAGE;
+
+
+//
+// Additional input message to Initialize for clients to provide a
+// user-supplied password
+//
+
+typedef struct _NTLM_CHALLENGE_MESSAGE {
+    UNICODE_STRING Password;
+    UNICODE_STRING UserName;
+    UNICODE_STRING DomainName;
+} NTLM_CHALLENGE_MESSAGE, *PNTLM_CHALLENGE_MESSAGE;
+
+
+//
+// Non-opaque message returned from second call to InitializeSecurityContext
+//
+
+typedef struct _NTLM_INITIALIZE_RESPONSE {
+    UCHAR UserSessionKey[MSV1_0_USER_SESSION_KEY_LENGTH];
+    UCHAR LanmanSessionKey[MSV1_0_LANMAN_SESSION_KEY_LENGTH];
+} NTLM_INITIALIZE_RESPONSE, *PNTLM_INITIALIZE_RESPONSE;
+
+//
+// Additional input message to Accept for trusted client skipping the first
+// call to Accept and providing their own challenge
+//
+
+typedef struct _NTLM_AUTHENTICATE_MESSAGE {
+    CHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH];
+    ULONG ParameterControl;
+} NTLM_AUTHENTICATE_MESSAGE, *PNTLM_AUTHENTICATE_MESSAGE;
+
+
+//
+// Non-opaque message returned from second call to AcceptSecurityContext
+//
+
+typedef struct _NTLM_ACCEPT_RESPONSE {
+    LUID LogonId;
+    LARGE_INTEGER KickoffTime;
+    ULONG UserFlags;
+    UCHAR UserSessionKey[MSV1_0_USER_SESSION_KEY_LENGTH];
+    UCHAR LanmanSessionKey[MSV1_0_LANMAN_SESSION_KEY_LENGTH];
+} NTLM_ACCEPT_RESPONSE, *PNTLM_ACCEPT_RESPONSE;
+
+
+//
+// Size of the largest message
+//  (The largest message is the AUTHENTICATE_MESSAGE)
+//
+
+#define NTLMSSP_MAX_MESSAGE_SIZE (sizeof(AUTHENTICATE_MESSAGE) + \
+                                  LM_RESPONSE_LENGTH +           \
+                                  NT_RESPONSE_LENGTH +           \
+                                  (DNLEN + 1) * sizeof(WCHAR) +  \
+                                  (UNLEN + 1) * sizeof(WCHAR) +  \
+                                  (CNLEN + 1) * sizeof(WCHAR))
+
+
+typedef struct _NTLMSSP_MESSAGE_SIGNATURE {
+    ULONG   Version;
+    ULONG   RandomPad;
+    ULONG   CheckSum;
+    ULONG   Nonce;
+} NTLMSSP_MESSAGE_SIGNATURE, *PNTLMSSP_MESSAGE_SIGNATURE;
+
+#define NTLMSSP_MESSAGE_SIGNATURE_SIZE sizeof(NTLMSSP_MESSAGE_SIGNATURE)
+//
+// Version 1 is the structure above, using stream RC4 to encrypt the trailing
+// 12 bytes.
+//
+#define NTLM_SIGN_VERSION   1
+
+//////////////////////////////////////////////////////////////////////
+//
+// Control Functions
+//
+//////////////////////////////////////////////////////////////////////
+
+#define NTLM_CHANGE_PASSWORD            0x0001
+#define NTLM_DUMP_CONTEXTS              0x1001
+#define NTLM_DUMP_CREDENTIALS           0x1002
+#define NTLM_DUMP_SESSIONS              0x1003
+
+
+//////////////////////////////////////////////////////////////////////
+//
+// Credential data structures
+//
+//////////////////////////////////////////////////////////////////////
+
+typedef enum {
+    Share = 1,
+    Server,
+    Domain,
+    Default
+} NTLMCredentialType, *PNTLMCredentialType;
+
+#define NTLM_CRED_REVISION 1
+
+typedef struct _NTLMCredHeader {
+    ULONG       Revision;
+    ULONG       CredentialCount;
+    ULONG       Reserved[2];
+} NTLMCredHeader, *PNTLMCredHeader;
+
+
+typedef struct _NTLMPublicCredential {
+    NTLMCredentialType          CredType;
+    SECURITY_STRING             ssTarget;
+    SECURITY_STRING             ssPassword;
+    SECURITY_STRING OPTIONAL    ssUser;
+    SECURITY_STRING OPTIONAL    ssDomain;
+    struct _NTLMPublicCredential * pNext;
+} NTLMPublicCredential, *PNTLMPublicCredential;
+
+typedef struct _NTLMPublicPrimaryCred {
+    SECURITY_STRING             ssUser;
+    SECURITY_STRING             ssDomain;
+    SECURITY_STRING             ssPassword;
+} NTLMPublicPrimaryCred, *PNTLMPublicPrimaryCred;
+
+
+#endif // _NTLMSP_H_
+