Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

303 lines
9.4 KiB

  1. //+-------------------------------------------------------------------------
  2. //
  3. // Microsoft Windows
  4. // Copyright (C) Microsoft Corporation, 1992-1999.
  5. //
  6. // File: ntlmsp.h
  7. //
  8. // Contents:
  9. //
  10. // Classes:
  11. //
  12. // Functions:
  13. //
  14. // History: 13-May-92 PeterWi Created
  15. //
  16. //--------------------------------------------------------------------------
  17. #ifndef _NTLMSP_H_
  18. #define _NTLMSP_H_
  19. #if _MSC_VER > 1000
  20. #pragma once
  21. #endif
  22. #include <ntmsv1_0.h>
  23. #ifdef __cplusplus
  24. extern "C" {
  25. #endif
  26. ////////////////////////////////////////////////////////////////////////
  27. //
  28. // Name of the package to pass in to AcquireCredentialsHandle, etc.
  29. //
  30. ////////////////////////////////////////////////////////////////////////
  31. #ifndef NTLMSP_NAME_A
  32. #define NTLMSP_NAME_A "NTLM"
  33. #define NTLMSP_NAME L"NTLM" // ntifs
  34. #endif // NTLMSP_NAME_A
  35. #define NTLMSP_NAME_SIZE (sizeof(NTLMSP_NAME) - sizeof(WCHAR)) // ntifs
  36. #define NTLMSP_COMMENT_A "NTLM Security Package"
  37. #define NTLMSP_COMMENT L"NTLM Security Package"
  38. #define NTLMSP_CAPABILITIES (SECPKG_FLAG_TOKEN_ONLY | \
  39. SECPKG_FLAG_MULTI_REQUIRED | \
  40. SECPKG_FLAG_CONNECTION | \
  41. SECPKG_FLAG_INTEGRITY | \
  42. SECPKG_FLAG_PRIVACY)
  43. #define NTLMSP_VERSION 1
  44. #define NTLMSP_RPCID 10 // RPC_C_AUTHN_WINNT from rpcdce.h
  45. #define NTLMSP_MAX_TOKEN_SIZE 0x770
  46. ////////////////////////////////////////////////////////////////////////
  47. //
  48. // Opaque Messages passed between client and server
  49. //
  50. ////////////////////////////////////////////////////////////////////////
  51. // begin_ntifs
  52. #define NTLMSSP_SIGNATURE "NTLMSSP"
  53. //
  54. // GetKey argument for AcquireCredentialsHandle that indicates that
  55. // old style LM is required:
  56. //
  57. #define NTLMSP_NTLM_CREDENTIAL ((PVOID) 1)
  58. //
  59. // MessageType for the following messages.
  60. //
  61. typedef enum {
  62. NtLmNegotiate = 1,
  63. NtLmChallenge,
  64. NtLmAuthenticate,
  65. NtLmUnknown
  66. } NTLM_MESSAGE_TYPE;
  67. //
  68. // Valid values of NegotiateFlags
  69. //
  70. #define NTLMSSP_NEGOTIATE_UNICODE 0x00000001 // Text strings are in unicode
  71. #define NTLMSSP_NEGOTIATE_OEM 0x00000002 // Text strings are in OEM
  72. #define NTLMSSP_REQUEST_TARGET 0x00000004 // Server should return its authentication realm
  73. #define NTLMSSP_NEGOTIATE_SIGN 0x00000010 // Request signature capability
  74. #define NTLMSSP_NEGOTIATE_SEAL 0x00000020 // Request confidentiality
  75. #define NTLMSSP_NEGOTIATE_DATAGRAM 0x00000040 // Use datagram style authentication
  76. #define NTLMSSP_NEGOTIATE_LM_KEY 0x00000080 // Use LM session key for sign/seal
  77. #define NTLMSSP_NEGOTIATE_NETWARE 0x00000100 // NetWare authentication
  78. #define NTLMSSP_NEGOTIATE_NTLM 0x00000200 // NTLM authentication
  79. #define NTLMSSP_NEGOTIATE_NT_ONLY 0x00000400 // NT authentication only (no LM)
  80. #define NTLMSSP_NEGOTIATE_NULL_SESSION 0x00000800 // NULL Sessions on NT 5.0 and beyand
  81. #define NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED 0x1000 // Domain Name supplied on negotiate
  82. #define NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED 0x2000 // Workstation Name supplied on negotiate
  83. #define NTLMSSP_NEGOTIATE_LOCAL_CALL 0x00004000 // Indicates client/server are same machine
  84. #define NTLMSSP_NEGOTIATE_ALWAYS_SIGN 0x00008000 // Sign for all security levels
  85. //
  86. // Valid target types returned by the server in Negotiate Flags
  87. //
  88. #define NTLMSSP_TARGET_TYPE_DOMAIN 0x00010000 // TargetName is a domain name
  89. #define NTLMSSP_TARGET_TYPE_SERVER 0x00020000 // TargetName is a server name
  90. #define NTLMSSP_TARGET_TYPE_SHARE 0x00040000 // TargetName is a share name
  91. #define NTLMSSP_NEGOTIATE_NTLM2 0x00080000 // NTLM2 authentication added for NT4-SP4
  92. #define NTLMSSP_NEGOTIATE_IDENTIFY 0x00100000 // Create identify level token
  93. //
  94. // Valid requests for additional output buffers
  95. //
  96. #define NTLMSSP_REQUEST_INIT_RESPONSE 0x00100000 // get back session keys
  97. #define NTLMSSP_REQUEST_ACCEPT_RESPONSE 0x00200000 // get back session key, LUID
  98. #define NTLMSSP_REQUEST_NON_NT_SESSION_KEY 0x00400000 // request non-nt session key
  99. #define NTLMSSP_NEGOTIATE_TARGET_INFO 0x00800000 // target info present in challenge message
  100. #define NTLMSSP_NEGOTIATE_EXPORTED_CONTEXT 0x01000000 // It's an exported context
  101. #define NTLMSSP_NEGOTIATE_128 0x20000000 // negotiate 128 bit encryption
  102. #define NTLMSSP_NEGOTIATE_KEY_EXCH 0x40000000 // exchange a key using key exchange key
  103. #define NTLMSSP_NEGOTIATE_56 0x80000000 // negotiate 56 bit encryption
  104. // flags used in client space to control sign and seal; never appear on the wire
  105. #define NTLMSSP_APP_SEQ 0x0040 // Use application provided seq num
  106. // end_ntifs
  107. //
  108. // Opaque message returned from first call to InitializeSecurityContext
  109. //
  110. typedef struct _NEGOTIATE_MESSAGE {
  111. UCHAR Signature[sizeof(NTLMSSP_SIGNATURE)];
  112. NTLM_MESSAGE_TYPE MessageType;
  113. ULONG NegotiateFlags;
  114. STRING32 OemDomainName;
  115. STRING32 OemWorkstationName;
  116. } NEGOTIATE_MESSAGE, *PNEGOTIATE_MESSAGE;
  117. //
  118. // Old version of the message, for old clients
  119. //
  120. // begin_ntifs
  121. typedef struct _OLD_NEGOTIATE_MESSAGE {
  122. UCHAR Signature[sizeof(NTLMSSP_SIGNATURE)];
  123. NTLM_MESSAGE_TYPE MessageType;
  124. ULONG NegotiateFlags;
  125. } OLD_NEGOTIATE_MESSAGE, *POLD_NEGOTIATE_MESSAGE;
  126. //
  127. // Opaque message returned from first call to AcceptSecurityContext
  128. //
  129. typedef struct _CHALLENGE_MESSAGE {
  130. UCHAR Signature[sizeof(NTLMSSP_SIGNATURE)];
  131. NTLM_MESSAGE_TYPE MessageType;
  132. STRING32 TargetName;
  133. ULONG NegotiateFlags;
  134. UCHAR Challenge[MSV1_0_CHALLENGE_LENGTH];
  135. ULONG64 ServerContextHandle;
  136. STRING32 TargetInfo;
  137. } CHALLENGE_MESSAGE, *PCHALLENGE_MESSAGE;
  138. //
  139. // Old version of the challenge message
  140. //
  141. typedef struct _OLD_CHALLENGE_MESSAGE {
  142. UCHAR Signature[sizeof(NTLMSSP_SIGNATURE)];
  143. NTLM_MESSAGE_TYPE MessageType;
  144. STRING32 TargetName;
  145. ULONG NegotiateFlags;
  146. UCHAR Challenge[MSV1_0_CHALLENGE_LENGTH];
  147. } OLD_CHALLENGE_MESSAGE, *POLD_CHALLENGE_MESSAGE;
  148. //
  149. // Opaque message returned from second call to InitializeSecurityContext
  150. //
  151. typedef struct _AUTHENTICATE_MESSAGE {
  152. UCHAR Signature[sizeof(NTLMSSP_SIGNATURE)];
  153. NTLM_MESSAGE_TYPE MessageType;
  154. STRING32 LmChallengeResponse;
  155. STRING32 NtChallengeResponse;
  156. STRING32 DomainName;
  157. STRING32 UserName;
  158. STRING32 Workstation;
  159. STRING32 SessionKey;
  160. ULONG NegotiateFlags;
  161. } AUTHENTICATE_MESSAGE, *PAUTHENTICATE_MESSAGE;
  162. typedef struct _OLD_AUTHENTICATE_MESSAGE {
  163. UCHAR Signature[sizeof(NTLMSSP_SIGNATURE)];
  164. NTLM_MESSAGE_TYPE MessageType;
  165. STRING32 LmChallengeResponse;
  166. STRING32 NtChallengeResponse;
  167. STRING32 DomainName;
  168. STRING32 UserName;
  169. STRING32 Workstation;
  170. } OLD_AUTHENTICATE_MESSAGE, *POLD_AUTHENTICATE_MESSAGE;
  171. //
  172. // Additional input message to Initialize for clients to provide a
  173. // user-supplied password
  174. //
  175. typedef struct _NTLM_CHALLENGE_MESSAGE {
  176. UNICODE_STRING32 Password;
  177. UNICODE_STRING32 UserName;
  178. UNICODE_STRING32 DomainName;
  179. } NTLM_CHALLENGE_MESSAGE, *PNTLM_CHALLENGE_MESSAGE;
  180. //
  181. // Non-opaque message returned from second call to InitializeSecurityContext
  182. //
  183. typedef struct _NTLM_INITIALIZE_RESPONSE {
  184. UCHAR UserSessionKey[MSV1_0_USER_SESSION_KEY_LENGTH];
  185. UCHAR LanmanSessionKey[MSV1_0_LANMAN_SESSION_KEY_LENGTH];
  186. } NTLM_INITIALIZE_RESPONSE, *PNTLM_INITIALIZE_RESPONSE;
  187. //
  188. // Additional input message to Accept for trusted client skipping the first
  189. // call to Accept and providing their own challenge
  190. //
  191. typedef struct _NTLM_AUTHENTICATE_MESSAGE {
  192. CHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH];
  193. ULONG ParameterControl;
  194. } NTLM_AUTHENTICATE_MESSAGE, *PNTLM_AUTHENTICATE_MESSAGE;
  195. //
  196. // Non-opaque message returned from second call to AcceptSecurityContext
  197. //
  198. typedef struct _NTLM_ACCEPT_RESPONSE {
  199. LUID LogonId;
  200. LARGE_INTEGER KickoffTime;
  201. ULONG UserFlags;
  202. UCHAR UserSessionKey[MSV1_0_USER_SESSION_KEY_LENGTH];
  203. UCHAR LanmanSessionKey[MSV1_0_LANMAN_SESSION_KEY_LENGTH];
  204. } NTLM_ACCEPT_RESPONSE, *PNTLM_ACCEPT_RESPONSE;
  205. // end_ntifs
  206. //
  207. // Size of the largest message
  208. // (The largest message is the AUTHENTICATE_MESSAGE)
  209. //
  210. #define DNSLEN 256 // length of DNS name
  211. #define TARGET_INFO_LEN ((2*DNSLEN + DNLEN + CNLEN) * sizeof(WCHAR) + \
  212. 5 * sizeof(MSV1_0_AV_PAIR))
  213. // length of NTLM2 response
  214. #define NTLM2_RESPONSE_LENGTH (sizeof(MSV1_0_NTLM3_RESPONSE) + \
  215. TARGET_INFO_LEN)
  216. #define NTLMSSP_MAX_MESSAGE_SIZE (sizeof(AUTHENTICATE_MESSAGE) + \
  217. LM_RESPONSE_LENGTH + \
  218. NTLM2_RESPONSE_LENGTH + \
  219. (DNLEN + 1) * sizeof(WCHAR) + \
  220. (UNLEN + 1) * sizeof(WCHAR) + \
  221. (CNLEN + 1) * sizeof(WCHAR))
  222. typedef struct _NTLMSSP_MESSAGE_SIGNATURE {
  223. ULONG Version;
  224. ULONG RandomPad;
  225. ULONG CheckSum;
  226. ULONG Nonce;
  227. } NTLMSSP_MESSAGE_SIGNATURE, *PNTLMSSP_MESSAGE_SIGNATURE;
  228. #define NTLMSSP_MESSAGE_SIGNATURE_SIZE sizeof(NTLMSSP_MESSAGE_SIGNATURE)
  229. //
  230. // Version 1 is the structure above, using stream RC4 to encrypt the trailing
  231. // 12 bytes.
  232. //
  233. #define NTLM_SIGN_VERSION 1
  234. #ifdef __cplusplus
  235. }
  236. #endif
  237. #endif // _NTLMSP_H_