diff options
Diffstat (limited to '')
-rw-r--r-- | public/sdk/inc/ntlmsp.h | 299 |
1 files changed, 299 insertions, 0 deletions
diff --git a/public/sdk/inc/ntlmsp.h b/public/sdk/inc/ntlmsp.h new file mode 100644 index 000000000..760047700 --- /dev/null +++ b/public/sdk/inc/ntlmsp.h @@ -0,0 +1,299 @@ +//+------------------------------------------------------------------------- +// +// Microsoft Windows +// Copyright (C) Microsoft Corporation, 1992 - 1992. +// +// File: ntlmsp.h +// +// Contents: +// +// Classes: +// +// Functions: +// +// History: 13-May-92 PeterWi Created +// +//-------------------------------------------------------------------------- + +#ifndef _NTLMSP_H_ +#define _NTLMSP_H_ + +#include <ntmsv1_0.h> + + +//////////////////////////////////////////////////////////////////////// +// +// Name of the package to pass in to AcquireCredentialsHandle, etc. +// +//////////////////////////////////////////////////////////////////////// + +#define NTLMSP_NAME_A "NTLM" +#define NTLMSP_NAME L"NTLM" +#define NTLMSP_NAME_SIZE (sizeof(NTLMSP_NAME) - sizeof(WCHAR)) +#define NTLMSP_COMMENT_A "NTLM Security Package" +#define NTLMSP_COMMENT L"NTLM Security Package" +#define NTLMSP_CAPABILITIES (SECPKG_FLAG_TOKEN_ONLY | \ + SECPKG_FLAG_MULTI_REQUIRED | \ + SECPKG_FLAG_CONNECTION | \ + SECPKG_FLAG_INTEGRITY | \ + SECPKG_FLAG_PRIVACY) + +#define NTLMSP_VERSION 1 +#define NTLMSP_RPCID 10 // RPC_C_AUTHN_WINNT from rpcdce.h +#define NTLMSP_MAX_TOKEN_SIZE 0x300 + +//////////////////////////////////////////////////////////////////////// +// +// Opaque Messages passed between client and server +// +//////////////////////////////////////////////////////////////////////// + +#define NTLMSSP_SIGNATURE "NTLMSSP" + +// +// MessageType for the following messages. +// + +typedef enum { + NtLmNegotiate = 1, + NtLmChallenge, + NtLmAuthenticate, + NtLmUnknown +} NTLM_MESSAGE_TYPE; + +// +// Valid values of NegotiateFlags +// + +#define NTLMSSP_NEGOTIATE_UNICODE 0x0001 // Text strings are in unicode +#define NTLMSSP_NEGOTIATE_OEM 0x0002 // Text strings are in OEM +#define NTLMSSP_REQUEST_TARGET 0x0004 // Server should return its + // authentication realm +#define NTLMSSP_NEGOTIATE_SIGN 0x0010 // Request signature capability +#define NTLMSSP_NEGOTIATE_SEAL 0x0020 // Request confidentiality +#define NTLMSSP_NEGOTIATE_DATAGRAM 0x0040 // Use datagram style authentication +#define NTLMSSP_NEGOTIATE_LM_KEY 0x0080 // Use LM session key for sign/seal + +#define NTLMSSP_NEGOTIATE_NETWARE 0x0100 // NetWare authentication +#define NTLMSSP_NEGOTIATE_NTLM 0x0200 // NTLM authentication + +#define NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED 0x1000 // Domain Name supplied on negotiate +#define NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED 0x2000 // Workstation Name supplied on negotiate +#define NTLMSSP_NEGOTIATE_LOCAL_CALL 0x4000 // Indicates client/server are same machine +#define NTLMSSP_NEGOTIATE_ALWAYS_SIGN 0x8000 // Sign for all security levels + + +// +// Valid target types returned by the server in Negotiate Flags +// + +#define NTLMSSP_TARGET_TYPE_DOMAIN 0x10000 // TargetName is a domain name +#define NTLMSSP_TARGET_TYPE_SERVER 0x20000 // TargetName is a server name +#define NTLMSSP_TARGET_TYPE_SHARE 0x40000 // TargetName is a share name + + +// +// Valid requests for additional output buffers +// + +#define NTLMSSP_REQUEST_INIT_RESPONSE 0x100000 // get back session keys +#define NTLMSSP_REQUEST_ACCEPT_RESPONSE 0x200000 // get back session key, LUID +#define NTLMSSP_REQUEST_NON_NT_SESSION_KEY 0x400000 // request non-nt session key + +// +// Opaque message returned from first call to InitializeSecurityContext +// +typedef struct _NEGOTIATE_MESSAGE { + UCHAR Signature[sizeof(NTLMSSP_SIGNATURE)]; + NTLM_MESSAGE_TYPE MessageType; + ULONG NegotiateFlags; + STRING OemDomainName; + STRING OemWorkstationName; +} NEGOTIATE_MESSAGE, *PNEGOTIATE_MESSAGE; + + +// +// Old version of the message, for old clients +// + +typedef struct _OLD_NEGOTIATE_MESSAGE { + UCHAR Signature[sizeof(NTLMSSP_SIGNATURE)]; + NTLM_MESSAGE_TYPE MessageType; + ULONG NegotiateFlags; +} OLD_NEGOTIATE_MESSAGE, *POLD_NEGOTIATE_MESSAGE; + +// +// Opaque message returned from first call to AcceptSecurityContext +// +typedef struct _CHALLENGE_MESSAGE { + UCHAR Signature[sizeof(NTLMSSP_SIGNATURE)]; + NTLM_MESSAGE_TYPE MessageType; + STRING TargetName; + ULONG NegotiateFlags; + UCHAR Challenge[MSV1_0_CHALLENGE_LENGTH]; + ULONG ServerContextHandleLower; + ULONG ServerContextHandleUpper; +} CHALLENGE_MESSAGE, *PCHALLENGE_MESSAGE; + +// +// Old version of the challenge message +// + +typedef struct _OLD_CHALLENGE_MESSAGE { + UCHAR Signature[sizeof(NTLMSSP_SIGNATURE)]; + NTLM_MESSAGE_TYPE MessageType; + STRING TargetName; + ULONG NegotiateFlags; + UCHAR Challenge[MSV1_0_CHALLENGE_LENGTH]; +} OLD_CHALLENGE_MESSAGE, *POLD_CHALLENGE_MESSAGE; + +// +// Opaque message returned from second call to InitializeSecurityContext +// +typedef struct _AUTHENTICATE_MESSAGE { + UCHAR Signature[sizeof(NTLMSSP_SIGNATURE)]; + NTLM_MESSAGE_TYPE MessageType; + STRING LmChallengeResponse; + STRING NtChallengeResponse; + STRING DomainName; + STRING UserName; + STRING Workstation; + STRING SessionKey; + ULONG NegotiateFlags; +} AUTHENTICATE_MESSAGE, *PAUTHENTICATE_MESSAGE; + +typedef struct _OLD_AUTHENTICATE_MESSAGE { + UCHAR Signature[sizeof(NTLMSSP_SIGNATURE)]; + NTLM_MESSAGE_TYPE MessageType; + STRING LmChallengeResponse; + STRING NtChallengeResponse; + STRING DomainName; + STRING UserName; + STRING Workstation; +} OLD_AUTHENTICATE_MESSAGE, *POLD_AUTHENTICATE_MESSAGE; + + +// +// Additional input message to Initialize for clients to provide a +// user-supplied password +// + +typedef struct _NTLM_CHALLENGE_MESSAGE { + UNICODE_STRING Password; + UNICODE_STRING UserName; + UNICODE_STRING DomainName; +} NTLM_CHALLENGE_MESSAGE, *PNTLM_CHALLENGE_MESSAGE; + + +// +// Non-opaque message returned from second call to InitializeSecurityContext +// + +typedef struct _NTLM_INITIALIZE_RESPONSE { + UCHAR UserSessionKey[MSV1_0_USER_SESSION_KEY_LENGTH]; + UCHAR LanmanSessionKey[MSV1_0_LANMAN_SESSION_KEY_LENGTH]; +} NTLM_INITIALIZE_RESPONSE, *PNTLM_INITIALIZE_RESPONSE; + +// +// Additional input message to Accept for trusted client skipping the first +// call to Accept and providing their own challenge +// + +typedef struct _NTLM_AUTHENTICATE_MESSAGE { + CHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH]; + ULONG ParameterControl; +} NTLM_AUTHENTICATE_MESSAGE, *PNTLM_AUTHENTICATE_MESSAGE; + + +// +// Non-opaque message returned from second call to AcceptSecurityContext +// + +typedef struct _NTLM_ACCEPT_RESPONSE { + LUID LogonId; + LARGE_INTEGER KickoffTime; + ULONG UserFlags; + UCHAR UserSessionKey[MSV1_0_USER_SESSION_KEY_LENGTH]; + UCHAR LanmanSessionKey[MSV1_0_LANMAN_SESSION_KEY_LENGTH]; +} NTLM_ACCEPT_RESPONSE, *PNTLM_ACCEPT_RESPONSE; + + +// +// Size of the largest message +// (The largest message is the AUTHENTICATE_MESSAGE) +// + +#define NTLMSSP_MAX_MESSAGE_SIZE (sizeof(AUTHENTICATE_MESSAGE) + \ + LM_RESPONSE_LENGTH + \ + NT_RESPONSE_LENGTH + \ + (DNLEN + 1) * sizeof(WCHAR) + \ + (UNLEN + 1) * sizeof(WCHAR) + \ + (CNLEN + 1) * sizeof(WCHAR)) + + +typedef struct _NTLMSSP_MESSAGE_SIGNATURE { + ULONG Version; + ULONG RandomPad; + ULONG CheckSum; + ULONG Nonce; +} NTLMSSP_MESSAGE_SIGNATURE, *PNTLMSSP_MESSAGE_SIGNATURE; + +#define NTLMSSP_MESSAGE_SIGNATURE_SIZE sizeof(NTLMSSP_MESSAGE_SIGNATURE) +// +// Version 1 is the structure above, using stream RC4 to encrypt the trailing +// 12 bytes. +// +#define NTLM_SIGN_VERSION 1 + +////////////////////////////////////////////////////////////////////// +// +// Control Functions +// +////////////////////////////////////////////////////////////////////// + +#define NTLM_CHANGE_PASSWORD 0x0001 +#define NTLM_DUMP_CONTEXTS 0x1001 +#define NTLM_DUMP_CREDENTIALS 0x1002 +#define NTLM_DUMP_SESSIONS 0x1003 + + +////////////////////////////////////////////////////////////////////// +// +// Credential data structures +// +////////////////////////////////////////////////////////////////////// + +typedef enum { + Share = 1, + Server, + Domain, + Default +} NTLMCredentialType, *PNTLMCredentialType; + +#define NTLM_CRED_REVISION 1 + +typedef struct _NTLMCredHeader { + ULONG Revision; + ULONG CredentialCount; + ULONG Reserved[2]; +} NTLMCredHeader, *PNTLMCredHeader; + + +typedef struct _NTLMPublicCredential { + NTLMCredentialType CredType; + SECURITY_STRING ssTarget; + SECURITY_STRING ssPassword; + SECURITY_STRING OPTIONAL ssUser; + SECURITY_STRING OPTIONAL ssDomain; + struct _NTLMPublicCredential * pNext; +} NTLMPublicCredential, *PNTLMPublicCredential; + +typedef struct _NTLMPublicPrimaryCred { + SECURITY_STRING ssUser; + SECURITY_STRING ssDomain; + SECURITY_STRING ssPassword; +} NTLMPublicPrimaryCred, *PNTLMPublicPrimaryCred; + + +#endif // _NTLMSP_H_ + |