1#ifndef __HTTP_NTLM_H 2#define __HTTP_NTLM_H 3/*************************************************************************** 4 * _ _ ____ _ 5 * Project ___| | | | _ \| | 6 * / __| | | | |_) | | 7 * | (__| |_| | _ <| |___ 8 * \___|\___/|_| \_\_____| 9 * 10 * Copyright (C) 1998 - 2009, Daniel Stenberg, <daniel@haxx.se>, et al. 11 * 12 * This software is licensed as described in the file COPYING, which 13 * you should have received as part of this distribution. The terms 14 * are also available at http://curl.haxx.se/docs/copyright.html. 15 * 16 * You may opt to use, copy, modify, merge, publish, distribute and/or sell 17 * copies of the Software, and permit persons to whom the Software is 18 * furnished to do so, under the terms of the COPYING file. 19 * 20 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY 21 * KIND, either express or implied. 22 * 23 ***************************************************************************/ 24 25typedef enum { 26 CURLNTLM_NONE, /* not a ntlm */ 27 CURLNTLM_BAD, /* an ntlm, but one we don't like */ 28 CURLNTLM_FIRST, /* the first 401-reply we got with NTLM */ 29 CURLNTLM_FINE, /* an ntlm we act on */ 30 31 CURLNTLM_LAST /* last entry in this enum, don't use */ 32} CURLntlm; 33 34/* this is for ntlm header input */ 35CURLntlm Curl_input_ntlm(struct connectdata *conn, bool proxy, 36 const char *header); 37 38/* this is for creating ntlm header output */ 39CURLcode Curl_output_ntlm(struct connectdata *conn, bool proxy); 40 41void Curl_ntlm_cleanup(struct connectdata *conn); 42#ifndef USE_NTLM 43#define Curl_ntlm_cleanup(x) 44#endif 45 46/* Flag bits definitions based on http://davenport.sourceforge.net/ntlm.html */ 47 48#define NTLMFLAG_NEGOTIATE_UNICODE (1<<0) 49/* Indicates that Unicode strings are supported for use in security buffer 50 data. */ 51 52#define NTLMFLAG_NEGOTIATE_OEM (1<<1) 53/* Indicates that OEM strings are supported for use in security buffer data. */ 54 55#define NTLMFLAG_REQUEST_TARGET (1<<2) 56/* Requests that the server's authentication realm be included in the Type 2 57 message. */ 58 59/* unknown (1<<3) */ 60#define NTLMFLAG_NEGOTIATE_SIGN (1<<4) 61/* Specifies that authenticated communication between the client and server 62 should carry a digital signature (message integrity). */ 63 64#define NTLMFLAG_NEGOTIATE_SEAL (1<<5) 65/* Specifies that authenticated communication between the client and server 66 should be encrypted (message confidentiality). */ 67 68#define NTLMFLAG_NEGOTIATE_DATAGRAM_STYLE (1<<6) 69/* Indicates that datagram authentication is being used. */ 70 71#define NTLMFLAG_NEGOTIATE_LM_KEY (1<<7) 72/* Indicates that the LAN Manager session key should be used for signing and 73 sealing authenticated communications. */ 74 75#define NTLMFLAG_NEGOTIATE_NETWARE (1<<8) 76/* unknown purpose */ 77 78#define NTLMFLAG_NEGOTIATE_NTLM_KEY (1<<9) 79/* Indicates that NTLM authentication is being used. */ 80 81/* unknown (1<<10) */ 82 83#define NTLMFLAG_NEGOTIATE_ANONYMOUS (1<<11) 84/* Sent by the client in the Type 3 message to indicate that an anonymous 85 context has been established. This also affects the response fields. */ 86 87#define NTLMFLAG_NEGOTIATE_DOMAIN_SUPPLIED (1<<12) 88/* Sent by the client in the Type 1 message to indicate that a desired 89 authentication realm is included in the message. */ 90 91#define NTLMFLAG_NEGOTIATE_WORKSTATION_SUPPLIED (1<<13) 92/* Sent by the client in the Type 1 message to indicate that the client 93 workstation's name is included in the message. */ 94 95#define NTLMFLAG_NEGOTIATE_LOCAL_CALL (1<<14) 96/* Sent by the server to indicate that the server and client are on the same 97 machine. Implies that the client may use a pre-established local security 98 context rather than responding to the challenge. */ 99 100#define NTLMFLAG_NEGOTIATE_ALWAYS_SIGN (1<<15) 101/* Indicates that authenticated communication between the client and server 102 should be signed with a "dummy" signature. */ 103 104#define NTLMFLAG_TARGET_TYPE_DOMAIN (1<<16) 105/* Sent by the server in the Type 2 message to indicate that the target 106 authentication realm is a domain. */ 107 108#define NTLMFLAG_TARGET_TYPE_SERVER (1<<17) 109/* Sent by the server in the Type 2 message to indicate that the target 110 authentication realm is a server. */ 111 112#define NTLMFLAG_TARGET_TYPE_SHARE (1<<18) 113/* Sent by the server in the Type 2 message to indicate that the target 114 authentication realm is a share. Presumably, this is for share-level 115 authentication. Usage is unclear. */ 116 117#define NTLMFLAG_NEGOTIATE_NTLM2_KEY (1<<19) 118/* Indicates that the NTLM2 signing and sealing scheme should be used for 119 protecting authenticated communications. */ 120 121#define NTLMFLAG_REQUEST_INIT_RESPONSE (1<<20) 122/* unknown purpose */ 123 124#define NTLMFLAG_REQUEST_ACCEPT_RESPONSE (1<<21) 125/* unknown purpose */ 126 127#define NTLMFLAG_REQUEST_NONNT_SESSION_KEY (1<<22) 128/* unknown purpose */ 129 130#define NTLMFLAG_NEGOTIATE_TARGET_INFO (1<<23) 131/* Sent by the server in the Type 2 message to indicate that it is including a 132 Target Information block in the message. */ 133 134/* unknown (1<24) */ 135/* unknown (1<25) */ 136/* unknown (1<26) */ 137/* unknown (1<27) */ 138/* unknown (1<28) */ 139 140#define NTLMFLAG_NEGOTIATE_128 (1<<29) 141/* Indicates that 128-bit encryption is supported. */ 142 143#define NTLMFLAG_NEGOTIATE_KEY_EXCHANGE (1<<30) 144/* Indicates that the client will provide an encrypted master key in 145 the "Session Key" field of the Type 3 message. */ 146 147#define NTLMFLAG_NEGOTIATE_56 (1<<31) 148/* Indicates that 56-bit encryption is supported. */ 149#endif 150