ntlmauth.h

Go to the documentation of this file.

/*
 * Copyright (C) 1996-2025 The Squid Software Foundation and contributors
 *
 * Squid software is distributed under GPLv2+ license and includes
 * contributions from numerous individuals and organizations.
 * Please see the COPYING and CONTRIBUTORS files for details.
 */
 
#ifndef SQUID_LIB_NTLMAUTH_NTLMAUTH_H
#define SQUID_LIB_NTLMAUTH_NTLMAUTH_H
 
/* NP: All of this cruft is little endian */
/* Endian functions are usually handled by the OS but not always. */
#include "ntlmauth/support_endian.h"
 
/* Used internally. Microsoft seems to think this is right, I believe them.
 * Right. */
#define NTLM_MAX_FIELD_LENGTH 300   /* max length of an NTLMSSP field */
 
/* max length of the BLOB data. (and helper input/output buffer) */
#define NTLM_BLOB_BUFFER_SIZE 10240
 
/* Here start the NTLMSSP definitions */
 
/* these are marked as "extra" fields */
#define NTLM_REQUEST_INIT_RESPONSE          0x100000
#define NTLM_REQUEST_ACCEPT_RESPONSE        0x200000
#define NTLM_REQUEST_NON_NT_SESSION_KEY     0x400000
 
/* NTLM error codes */
enum class NtlmError
{
    None = 0,
    ServerError,
    ProtocolError,
    LoginEror,
    UntrustedDomain,
    NotConnected,
    SspiError,
    BadNtGroup,
    BadRequest,
    InternalError,
    BlobError,
    BadProtocol
};
 
typedef struct _strhdr {
    int16_t len;        
    int16_t maxlen;     
    int32_t offset;     
} strhdr;
 
typedef struct _lstring {
    int32_t l;          
    char *str;          
} lstring;
 
void ntlm_dump_ntlmssp_flags(const uint32_t flags);
 
/* ************************************************************************* */
/* Packet and Payload structures and handling functions */
/* ************************************************************************* */
 
/* NTLM request types that we know about */
#define NTLM_ANY            0
#define NTLM_NEGOTIATE          1
#define NTLM_CHALLENGE          2
#define NTLM_AUTHENTICATE       3
 
typedef struct _ntlmhdr {
    char signature[8];      
    int32_t type;       
} ntlmhdr;
 
NtlmError ntlm_validate_packet(const ntlmhdr *packet, const int32_t type);
 
lstring ntlm_fetch_string(const ntlmhdr *packet,
                          const int32_t packet_length,
                          const strhdr *str,
                          const uint32_t flags);
 
void ntlm_add_to_payload(const ntlmhdr *packet_hdr,
                         char *payload,
                         int *payload_length,
                         strhdr * hdr,
                         const char *toadd,
                         const uint16_t toadd_length);
 
/* ************************************************************************* */
/* Negotiate Packet structures and functions */
/* ************************************************************************* */
 
/* negotiate request flags */
#define NTLM_NEGOTIATE_UNICODE              0x0001
#define NTLM_NEGOTIATE_ASCII                0x0002
#define NTLM_NEGOTIATE_REQUEST_TARGET       0x0004
#define NTLM_NEGOTIATE_REQUEST_SIGN         0x0010
#define NTLM_NEGOTIATE_REQUEST_SEAL         0x0020
#define NTLM_NEGOTIATE_DATAGRAM_STYLE       0x0040
#define NTLM_NEGOTIATE_USE_LM               0x0080
#define NTLM_NEGOTIATE_USE_NETWARE          0x0100
#define NTLM_NEGOTIATE_USE_NTLM             0x0200
#define NTLM_NEGOTIATE_DOMAIN_SUPPLIED      0x1000
#define NTLM_NEGOTIATE_WORKSTATION_SUPPLIED 0x2000
#define NTLM_NEGOTIATE_THIS_IS_LOCAL_CALL   0x4000
#define NTLM_NEGOTIATE_ALWAYS_SIGN          0x8000
 
typedef struct _ntlm_negotiate {
    ntlmhdr hdr;        
    uint32_t flags; 
    strhdr domain;      
    strhdr workstation; 
    char payload[256];  
} ntlm_negotiate;
 
/* ************************************************************************* */
/* Challenge Packet structures and functions */
/* ************************************************************************* */
 
#define NTLM_NONCE_LEN 8
 
/* challenge request flags */
#define NTLM_CHALLENGE_TARGET_IS_DOMAIN     0x10000
#define NTLM_CHALLENGE_TARGET_IS_SERVER     0x20000
#define NTLM_CHALLENGE_TARGET_IS_SHARE      0x40000
 
typedef struct _ntlm_challenge {
    ntlmhdr hdr;        
    strhdr target;      
    uint32_t flags;     
    u_char challenge[NTLM_NONCE_LEN];   
    uint32_t context_low;   
    uint32_t context_high;  
    char payload[256];      
} ntlm_challenge;
 
/* Size of the ntlm_challenge structures formatted fields (excluding payload) */
#define NTLM_CHALLENGE_HEADER_OFFSET    (sizeof(ntlm_challenge)-256)
 
void ntlm_make_nonce(char *nonce);
 
void ntlm_make_challenge(ntlm_challenge *ch,
                         const char *domain,
                         const char *domain_controller,
                         const char *challenge_nonce,
                         const int challenge_nonce_len,
                         const uint32_t flags);
 
/* ************************************************************************* */
/* Authenticate Packet structures and functions */
/* ************************************************************************* */
 
typedef struct _ntlm_authenticate {
    ntlmhdr hdr;        
    strhdr lmresponse;      
    strhdr ntresponse;      
    strhdr domain;      
    strhdr user;        
    strhdr workstation;     
    strhdr sessionkey;      
    uint32_t flags;     
    char payload[256 * 6];  
} ntlm_authenticate;
 
NtlmError ntlm_unpack_auth(const ntlm_authenticate *auth,
                           char *user,
                           char *domain,
                           const int32_t size);
 
#endif /* SQUID_LIB_NTLMAUTH_NTLMAUTH_H */