archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-server-2003/net/sfm/uam/macsource/macssp/ntlmsspi.h

532 lines
16 KiB
Raw Permalink Normal View History

commiting as it is
4 years ago
  1. /*++
  3. Copyright (c) 1993 Microsoft Corporation
  5. Module Name:
  7. ntlmsspi.h
  9. Abstract:
  11. Header file describing the interface to code common to the
  12. NT Lanman Security Support Provider (NtLmSsp) Service and the DLL.
  14. Author:
  16. Cliff Van Dyke (CliffV) 17-Sep-1993
  18. Revision History:
  20. --*/
  22. #ifndef _NTLMSSPI_INCLUDED_
  23. #define _NTLMSSPI_INCLUDED_
  25. #include <rc4.h>
  26. #include <md5.h>
  27. #include <hmac.h>
  28. #include <crypt.h>
  30. #ifndef __MACSSP__
  31. #define SEC_FAR
  32. #define FAR
  33. #define _fmemcpy memcpy
  34. #define _fmemcmp memcmp
  35. #define _fmemset memset
  36. #define _fstrcmp strcmp
  37. #define _fstrcpy strcpy
  38. #define _fstrlen strlen
  39. #define _fstrncmp strncmp
  40. #endif
  42. #ifdef DOS
  43. #ifndef FAR
  44. #define FAR far
  45. #endif
  46. #ifndef SEC_FAR
  47. #define SEC_FAR FAR
  48. #endif
  49. #endif
  51. //#include <sysinc.h>
  53. #define MSV1_0_CHALLENGE_LENGTH 8
  55. #ifndef IN
  56. #define IN
  57. #define OUT
  58. #define OPTIONAL
  59. #endif
  61. #define ARGUMENT_PRESENT(ArgumentPointer) (\
  62. (CHAR *)(ArgumentPointer) != (CHAR *)(NULL) )
  63. #define UNREFERENCED_PARAMETER(P)
  65. #ifdef MAC
  66. #define swaplong(Value) \
  67. Value = ( (((Value) & 0xFF000000) >> 24) \
  68. | (((Value) & 0x00FF0000) >> 8) \
  69. | (((Value) & 0x0000FF00) << 8) \
  70. | (((Value) & 0x000000FF) << 24))
  71. #else
  72. #define swaplong(Value)
  73. #endif
  75. #ifdef MAC
  76. #define swapshort(Value) \
  77. Value = ( (((Value) & 0x00FF) << 8) \
  78. | (((Value) & 0xFF00) >> 8))
  79. #else
  80. #define swapshort(Value)
  81. #endif
  83. #ifndef MAC
  84. typedef int BOOL;
  85. #endif
  86. #ifndef TRUE
  87. #define FALSE 0
  88. #define TRUE 1
  89. #endif
  91. #ifndef MAC
  92. typedef unsigned long ULONG, DWORD, *PULONG;
  93. typedef unsigned long SEC_FAR *LPULONG;
  94. typedef unsigned short USHORT, WORD;
  95. typedef char CHAR, *PCHAR;
  96. typedef unsigned char UCHAR, *PUCHAR;
  97. typedef unsigned char SEC_FAR *LPUCHAR;
  98. typedef void SEC_FAR *PVOID, *LPVOID;
  99. typedef unsigned char BOOLEAN;
  100. #endif
  101. #ifndef BLDR_KERNEL_RUNTIME
  102. typedef long LUID, *PLUID;
  103. #endif
  105. //
  106. // Calculate the address of the base of the structure given its type, and an
  107. // address of a field within the structure.
  108. //
  110. #define CONTAINING_RECORD(address, type, field) ((type *)( \
  111. (PCHAR)(address) - \
  112. (PCHAR)(&((type *)0)->field)))
  114. #ifndef BLDR_KERNEL_RUNTIME
  115. typedef struct _LIST_ENTRY {
  116. struct _LIST_ENTRY *Flink;
  117. struct _LIST_ENTRY *Blink;
  118. } LIST_ENTRY, *PLIST_ENTRY;
  119. #endif
  121. //
  122. // VOID
  123. // InitializeListHead(
  124. // PLIST_ENTRY ListHead
  125. // );
  126. //
  128. #define InitializeListHead(ListHead) (\
  129. (ListHead)->Flink = (ListHead)->Blink = (ListHead))
  131. //
  132. // VOID
  133. // RemoveEntryList(
  134. // PLIST_ENTRY Entry
  135. // );
  136. //
  138. #define RemoveEntryList(Entry) {\
  139. PLIST_ENTRY _EX_Blink;\
  140. PLIST_ENTRY _EX_Flink;\
  141. _EX_Flink = (Entry)->Flink;\
  142. _EX_Blink = (Entry)->Blink;\
  143. _EX_Blink->Flink = _EX_Flink;\
  144. _EX_Flink->Blink = _EX_Blink;\
  145. }
  147. //
  148. // VOID
  149. // InsertHeadList(
  150. // PLIST_ENTRY ListHead,
  151. // PLIST_ENTRY Entry
  152. // );
  153. //
  155. #define InsertHeadList(ListHead,Entry) {\
  156. PLIST_ENTRY _EX_Flink;\
  157. PLIST_ENTRY _EX_ListHead;\
  158. _EX_ListHead = (ListHead);\
  159. _EX_Flink = _EX_ListHead->Flink;\
  160. (Entry)->Flink = _EX_Flink;\
  161. (Entry)->Blink = _EX_ListHead;\
  162. _EX_Flink->Blink = (Entry);\
  163. _EX_ListHead->Flink = (Entry);\
  164. }
  166. //
  167. // BOOLEAN
  168. // IsListEmpty(
  169. // PLIST_ENTRY ListHead
  170. // );
  171. //
  173. #define IsListEmpty(ListHead) \
  174. ((ListHead)->Flink == (ListHead))
  176. //
  177. // Maximum lifetime of a context
  178. //
  179. //#define NTLMSSP_MAX_LIFETIME (2*60*1000)L // 2 minutes
  180. #define NTLMSSP_MAX_LIFETIME 120000L // 2 minutes
  183. ////////////////////////////////////////////////////////////////////////
  184. //
  185. // Opaque Messages passed between client and server
  186. //
  187. ////////////////////////////////////////////////////////////////////////
  189. #define NTLMSSP_SIGNATURE "NTLMSSP"
  191. //
  192. // MessageType for the following messages.
  193. //
  195. typedef enum {
  196. NtLmNegotiate = 1,
  197. NtLmChallenge,
  198. NtLmAuthenticate,
  199. #ifdef MAC
  200. NtLmUnknown
  201. #endif
  202. } NTLM_MESSAGE_TYPE;
  204. //
  205. // Signature structure
  206. //
  208. typedef struct _NTLMSSP_MESSAGE_SIGNATURE {
  209. ULONG Version;
  210. ULONG RandomPad;
  211. ULONG CheckSum;
  212. ULONG Nonce;
  213. } NTLMSSP_MESSAGE_SIGNATURE, * PNTLMSSP_MESSAGE_SIGNATURE;
  215. #define NTLMSSP_MESSAGE_SIGNATURE_SIZE sizeof(NTLMSSP_MESSAGE_SIGNATURE)
  217. #define NTLMSSP_SIGN_VERSION 1
  219. #define NTLMSSP_KEY_SALT 0xbd
  221. #define MSV1_0_NTLMV2_RESPONSE_LENGTH 16
  222. #define MSV1_0_NTLMV2_OWF_LENGTH 16
  223. #define MSV1_0_CHALLENGE_LENGTH 8
  225. //
  226. // valid QoP flags
  227. //
  229. #define QOP_NTLMV2 0x00000001
  231. //
  232. // this is an MSV1_0 private data structure, defining the layout of an Ntlmv2
  233. // response, as sent by a client in the NtChallengeResponse field of the
  234. // NETLOGON_NETWORK_INFO structure. If can be differentiated from an old style
  235. // NT response by its length. This is crude, but it needs to pass through
  236. // servers and the servers' DCs that do not understand Ntlmv2 but that are
  237. // willing to pass longer responses.
  238. //
  240. typedef struct _MSV1_0_NTLMV2_RESPONSE {
  241. UCHAR Response[MSV1_0_NTLMV2_RESPONSE_LENGTH]; // hash of OWF of password with all the following fields
  242. UCHAR RespType; // id number of response; current is 1
  243. UCHAR HiRespType; // highest id number understood by client
  244. USHORT Flags; // reserved; must be sent as zero at this version
  245. ULONG MsgWord; // 32 bit message from client to server (for use by auth protocol)
  246. ULONGLONG TimeStamp; // time stamp when client generated response -- NT system time, quad part
  247. UCHAR ChallengeFromClient[MSV1_0_CHALLENGE_LENGTH];
  248. ULONG AvPairsOff; // offset to start of AvPairs (to allow future expansion)
  249. UCHAR Buffer[1]; // start of buffer with AV pairs (or future stuff -- so use the offset)
  250. } MSV1_0_NTLMV2_RESPONSE, *PMSV1_0_NTLMV2_RESPONSE;
  252. #define MSV1_0_NTLMV2_INPUT_LENGTH (sizeof(MSV1_0_NTLMV2_RESPONSE) - MSV1_0_NTLMV2_RESPONSE_LENGTH)
  254. typedef struct {
  255. UCHAR Response[MSV1_0_NTLMV2_RESPONSE_LENGTH];
  256. UCHAR ChallengeFromClient[MSV1_0_CHALLENGE_LENGTH];
  257. } MSV1_0_LMV2_RESPONSE, *PMSV1_0_LMV2_RESPONSE;
  259. //
  260. // User, Group and Password lengths
  261. //
  263. #define UNLEN 256 // Maximum user name length
  264. #define LM20_UNLEN 20 // LM 2.0 Maximum user name length
  266. //
  267. // String Lengths for various LanMan names
  268. //
  270. #define CNLEN 15 // Computer name length
  271. #define LM20_CNLEN 15 // LM 2.0 Computer name length
  272. #define DNLEN CNLEN // Maximum domain name length
  273. #define LM20_DNLEN LM20_CNLEN // LM 2.0 Maximum domain name length
  275. //
  276. // Size of the largest message
  277. // (The largest message is the AUTHENTICATE_MESSAGE)
  278. //
  280. #define DNSLEN 256 // length of DNS name
  282. #define TARGET_INFO_LEN ((2*DNSLEN + DNLEN + CNLEN) * sizeof(WCHAR) + \
  283. 5 * sizeof(MSV1_0_AV_PAIR))
  285. // length of NTLM2 response
  286. #define NTLMV2_RESPONSE_LENGTH (sizeof(MSV1_0_NTLMV2_RESPONSE) + \
  287. TARGET_INFO_LEN)
  289. #define NTLMSSP_MAX_MESSAGE_SIZE (sizeof(AUTHENTICATE_MESSAGE) + \
  290. LM_RESPONSE_LENGTH + \
  291. NTLMV2_RESPONSE_LENGTH + \
  292. (DNLEN + 1) * sizeof(WCHAR) + \
  293. (UNLEN + 1) * sizeof(WCHAR) + \
  294. (CNLEN + 1) * sizeof(WCHAR))
  296. typedef struct _MSV1_0_AV_PAIR {
  297. USHORT AvId;
  298. USHORT AvLen;
  299. // Data is treated as byte array following structure
  300. } MSV1_0_AV_PAIR, *PMSV1_0_AV_PAIR;
  302. //
  303. // bootssp does not support RtlOemStringToUnicodeString or
  304. // RtlUnicodeStringToOemString, punt to Ansi Strings
  305. //
  307. #define SspOemStringToUnicodeString RtlAnsiStringToUnicodeString
  308. #define SspUnicodeStringToOemString RtlUnicodeStringToAnsiString
  310. #define CSSEALMAGIC "session key to client-to-server sealing key magic constant"
  311. #define SCSEALMAGIC "session key to server-to-client sealing key magic constant"
  312. #define CSSIGNMAGIC "session key to client-to-server signing key magic constant"
  313. #define SCSIGNMAGIC "session key to server-to-client signing key magic constant"
  315. //
  316. // Valid values of NegotiateFlags
  317. //
  319. #define NTLMSSP_NEGOTIATE_UNICODE 0x00000001 // Text strings are in unicode
  320. #define NTLMSSP_NEGOTIATE_OEM 0x00000002 // Text strings are in OEM
  321. #define NTLMSSP_REQUEST_TARGET 0x00000004 // Server should return its authentication realm
  323. #define NTLMSSP_NEGOTIATE_SIGN 0x00000010 // Request signature capability
  324. #define NTLMSSP_NEGOTIATE_SEAL 0x00000020 // Request confidentiality
  325. #define NTLMSSP_NEGOTIATE_DATAGRAM 0x00000040 // Use datagram style authentication
  326. #define NTLMSSP_NEGOTIATE_LM_KEY 0x00000080 // Use LM session key for sign/seal
  328. #define NTLMSSP_NEGOTIATE_NETWARE 0x00000100 // NetWare authentication
  329. #define NTLMSSP_NEGOTIATE_NTLM 0x00000200 // NTLM authentication
  330. #define NTLMSSP_NEGOTIATE_NT_ONLY 0x00000400 // NT authentication only (no LM)
  331. #define NTLMSSP_NEGOTIATE_NULL_SESSION 0x00000800 // NULL Sessions on NT 5.0 and beyand
  333. #define NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED 0x1000 // Domain Name supplied on negotiate
  334. #define NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED 0x2000 // Workstation Name supplied on negotiate
  335. #define NTLMSSP_NEGOTIATE_LOCAL_CALL 0x00004000 // Indicates client/server are same machine
  336. #define NTLMSSP_NEGOTIATE_ALWAYS_SIGN 0x00008000 // Sign for all security levels
  338. //
  339. // Valid target types returned by the server in Negotiate Flags
  340. //
  342. #define NTLMSSP_TARGET_TYPE_DOMAIN 0x00010000 // TargetName is a domain name
  343. #define NTLMSSP_TARGET_TYPE_SERVER 0x00020000 // TargetName is a server name
  344. #define NTLMSSP_TARGET_TYPE_SHARE 0x00040000 // TargetName is a share name
  345. #define NTLMSSP_NEGOTIATE_NTLM2 0x00080000 // NTLM2 authentication added for NT4-SP4
  347. #define NTLMSSP_NEGOTIATE_IDENTIFY 0x00100000 // Create identify level token
  349. //
  350. // Valid requests for additional output buffers
  351. //
  353. #define NTLMSSP_REQUEST_INIT_RESPONSE 0x00100000 // get back session keys
  354. #define NTLMSSP_REQUEST_ACCEPT_RESPONSE 0x00200000 // get back session key, LUID
  355. #define NTLMSSP_REQUEST_NON_NT_SESSION_KEY 0x00400000 // request non-nt session key
  356. #define NTLMSSP_NEGOTIATE_TARGET_INFO 0x00800000 // target info present in challenge message
  358. #define NTLMSSP_NEGOTIATE_EXPORTED_CONTEXT 0x01000000 // It's an exported context
  360. #define NTLMSSP_NEGOTIATE_128 0x20000000 // negotiate 128 bit encryption
  361. #define NTLMSSP_NEGOTIATE_KEY_EXCH 0x40000000 // exchange a key using key exchange key
  362. #define NTLMSSP_NEGOTIATE_56 0x80000000 // negotiate 56 bit encryption
  364. // flags used in client space to control sign and seal; never appear on the wire
  365. #define NTLMSSP_APP_SEQ 0x00000040 // Use application provided seq num
  367. typedef struct _NTLMV2_DERIVED_SKEYS {
  368. ULONG KeyLen; // key length in octets
  369. ULONG* pSendNonce; // ptr to nonce to use for send
  370. ULONG* pRecvNonce; // ptr to nonce to use for receive
  371. struct RC4_KEYSTRUCT* pSealRc4Sched; // ptr to key sched used for Seal
  372. struct RC4_KEYSTRUCT* pUnsealRc4Sched; // ptr to key sched used to Unseal
  374. ULONG SendNonce;
  375. ULONG RecvNonce;
  376. UCHAR SignSessionKey[sizeof(USER_SESSION_KEY)];
  377. UCHAR VerifySessionKey[sizeof(USER_SESSION_KEY)];
  378. UCHAR SealSessionKey[sizeof(USER_SESSION_KEY)];
  379. UCHAR UnsealSessionKey[sizeof(USER_SESSION_KEY)];
  380. ULONG64 Pad1; // pad keystructs to 64.
  381. struct RC4_KEYSTRUCT SealRc4Sched; // key struct used for Seal
  382. ULONG64 Pad2; // pad keystructs to 64.
  383. struct RC4_KEYSTRUCT UnsealRc4Sched; // key struct used to Unseal
  384. } NTLMV2_DERIVED_SKEYS, *PNTLMV2_DERIVED_SKEYS;
  386. //
  387. // Opaque message returned from first call to InitializeSecurityContext
  388. //
  390. typedef struct _NEGOTIATE_MESSAGE {
  391. UCHAR Signature[sizeof(NTLMSSP_SIGNATURE)];
  392. NTLM_MESSAGE_TYPE MessageType;
  393. ULONG NegotiateFlags;
  394. STRING32 OemDomainName;
  395. STRING32 OemWorkstationName;
  396. } NEGOTIATE_MESSAGE, *PNEGOTIATE_MESSAGE;
  398. //
  399. // Opaque message returned from first call to AcceptSecurityContext
  400. //
  402. typedef struct _CHALLENGE_MESSAGE {
  403. UCHAR Signature[sizeof(NTLMSSP_SIGNATURE)];
  404. NTLM_MESSAGE_TYPE MessageType;
  405. STRING32 TargetName;
  406. ULONG NegotiateFlags;
  407. UCHAR Challenge[MSV1_0_CHALLENGE_LENGTH];
  408. ULONG64 ServerContextHandle;
  409. STRING32 TargetInfo;
  410. } CHALLENGE_MESSAGE, *PCHALLENGE_MESSAGE;
  412. //
  413. // Opaque message returned from second call to InitializeSecurityContext
  414. //
  416. typedef struct _AUTHENTICATE_MESSAGE {
  417. UCHAR Signature[sizeof(NTLMSSP_SIGNATURE)];
  418. NTLM_MESSAGE_TYPE MessageType;
  419. STRING32 LmChallengeResponse;
  420. STRING32 NtChallengeResponse;
  421. STRING32 DomainName;
  422. STRING32 UserName;
  423. STRING32 Workstation;
  424. STRING32 SessionKey;
  425. ULONG NegotiateFlags;
  426. } AUTHENTICATE_MESSAGE, *PAUTHENTICATE_MESSAGE;
  428. typedef enum _eSignSealOp {
  429. eSign, // MakeSignature is calling
  430. eVerify, // VerifySignature is calling
  431. eSeal, // SealMessage is calling
  432. eUnseal // UnsealMessage is calling
  433. } eSignSealOp;
  435. //
  436. // Version 1 is the structure above, using stream RC4 to encrypt the trailing
  437. // 12 bytes.
  438. //
  440. #define NTLM_SIGN_VERSION 1
  442. #ifdef __cplusplus
  443. extern "C" {
  444. #endif
  446. //
  447. // the following declarations may be duplicates
  448. //
  450. NTSTATUS
  451. RtlAnsiStringToUnicodeString(
  452. UNICODE_STRING* DestinationString,
  453. ANSI_STRING* SourceString,
  454. BOOLEAN AllocateDestinationString
  455. );
  457. VOID
  458. RtlInitString(
  459. OUT STRING* DestinationString,
  460. IN PCSTR SourceString OPTIONAL
  461. );
  463. NTSTATUS
  464. RtlUnicodeStringToAnsiString(
  465. OUT ANSI_STRING* DestinationString,
  466. IN UNICODE_STRING* SourceString,
  467. IN BOOLEAN AllocateDestinationString
  468. );
  470. WCHAR
  471. RtlUpcaseUnicodeChar(
  472. IN WCHAR SourceCharacter
  473. );
  475. ////////////////////////////////////////////////////////////////////////
  476. //
  477. // Procedure Forwards
  478. //
  479. ////////////////////////////////////////////////////////////////////////
  481. PVOID
  482. SspAlloc(
  483. int Size
  484. );
  486. void
  487. SspFree(
  488. PVOID Buffer
  489. );
  491. PSTRING
  492. SspAllocateString(
  493. PVOID Value
  494. );
  496. PSTRING
  497. SspAllocateStringBlock(
  498. PVOID Value,
  499. int Length
  500. );
  502. void
  503. SspFreeString(
  504. PSTRING * String
  505. );
  507. void
  508. SspCopyString(
  509. IN PVOID MessageBuffer,
  510. OUT PSTRING OutString,
  511. IN PSTRING InString,
  512. IN OUT PCHAR *Where,
  513. IN BOOLEAN Absolute
  514. );
  516. void
  517. SspCopyStringFromRaw(
  518. IN PVOID MessageBuffer,
  519. OUT STRING32* OutString,
  520. IN PCHAR InString,
  521. IN int InStringLength,
  522. IN OUT PCHAR *Where
  523. );
  525. DWORD
  526. SspTicks(
  527. );
  529. #ifdef __cplusplus
  530. }
  531. #endif
  532. #endif // ifndef _NTLMSSPI_INCLUDED_