1#ifndef HEADER_CURL_NTLM_MSGS_H
2#define HEADER_CURL_NTLM_MSGS_H
3/***************************************************************************
4 *                                  _   _ ____  _
5 *  Project                     ___| | | |  _ \| |
6 *                             / __| | | | |_) | |
7 *                            | (__| |_| |  _ <| |___
8 *                             \___|\___/|_| \_\_____|
9 *
10 * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
11 *
12 * This software is licensed as described in the file COPYING, which
13 * you should have received as part of this distribution. The terms
14 * are also available at http://curl.haxx.se/docs/copyright.html.
15 *
16 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
17 * copies of the Software, and permit persons to whom the Software is
18 * furnished to do so, under the terms of the COPYING file.
19 *
20 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
21 * KIND, either express or implied.
22 *
23 ***************************************************************************/
24
25#include "curl_setup.h"
26
27#ifdef USE_NTLM
28
29/* This is to generate a base64 encoded NTLM type-1 message */
30CURLcode Curl_ntlm_create_type1_message(const char *userp,
31                                        const char *passwdp,
32                                        struct ntlmdata *ntlm,
33                                        char **outptr,
34                                        size_t *outlen);
35
36/* This is to generate a base64 encoded NTLM type-3 message */
37CURLcode Curl_ntlm_create_type3_message(struct SessionHandle *data,
38                                        const char *userp,
39                                        const char *passwdp,
40                                        struct ntlmdata *ntlm,
41                                        char **outptr,
42                                        size_t *outlen);
43
44/* This is to decode a NTLM type-2 message */
45CURLcode Curl_ntlm_decode_type2_message(struct SessionHandle *data,
46                                        const char* header,
47                                        struct ntlmdata* ntlm);
48
49/* This is to decode target info received in NTLM type-2 message */
50CURLcode Curl_ntlm_decode_type2_target(struct SessionHandle *data,
51                                       unsigned char* buffer,
52                                       size_t size,
53                                       struct ntlmdata* ntlm);
54
55
56/* This is to clean up the ntlm data structure */
57#ifdef USE_WINDOWS_SSPI
58void Curl_ntlm_sspi_cleanup(struct ntlmdata *ntlm);
59#else
60#define Curl_ntlm_sspi_cleanup(x)
61#endif
62
63/* NTLM buffer fixed size, large enough for long user + host + domain */
64#define NTLM_BUFSIZE 1024
65
66/* Stuff only required for curl_ntlm_msgs.c */
67#ifdef BUILDING_CURL_NTLM_MSGS_C
68
69/* Flag bits definitions based on http://davenport.sourceforge.net/ntlm.html */
70
71#define NTLMFLAG_NEGOTIATE_UNICODE               (1<<0)
72/* Indicates that Unicode strings are supported for use in security buffer
73   data. */
74
75#define NTLMFLAG_NEGOTIATE_OEM                   (1<<1)
76/* Indicates that OEM strings are supported for use in security buffer data. */
77
78#define NTLMFLAG_REQUEST_TARGET                  (1<<2)
79/* Requests that the server's authentication realm be included in the Type 2
80   message. */
81
82/* unknown (1<<3) */
83#define NTLMFLAG_NEGOTIATE_SIGN                  (1<<4)
84/* Specifies that authenticated communication between the client and server
85   should carry a digital signature (message integrity). */
86
87#define NTLMFLAG_NEGOTIATE_SEAL                  (1<<5)
88/* Specifies that authenticated communication between the client and server
89   should be encrypted (message confidentiality). */
90
91#define NTLMFLAG_NEGOTIATE_DATAGRAM_STYLE        (1<<6)
92/* Indicates that datagram authentication is being used. */
93
94#define NTLMFLAG_NEGOTIATE_LM_KEY                (1<<7)
95/* Indicates that the LAN Manager session key should be used for signing and
96   sealing authenticated communications. */
97
98#define NTLMFLAG_NEGOTIATE_NETWARE               (1<<8)
99/* unknown purpose */
100
101#define NTLMFLAG_NEGOTIATE_NTLM_KEY              (1<<9)
102/* Indicates that NTLM authentication is being used. */
103
104/* unknown (1<<10) */
105
106#define NTLMFLAG_NEGOTIATE_ANONYMOUS             (1<<11)
107/* Sent by the client in the Type 3 message to indicate that an anonymous
108   context has been established. This also affects the response fields. */
109
110#define NTLMFLAG_NEGOTIATE_DOMAIN_SUPPLIED       (1<<12)
111/* Sent by the client in the Type 1 message to indicate that a desired
112   authentication realm is included in the message. */
113
114#define NTLMFLAG_NEGOTIATE_WORKSTATION_SUPPLIED  (1<<13)
115/* Sent by the client in the Type 1 message to indicate that the client
116   workstation's name is included in the message. */
117
118#define NTLMFLAG_NEGOTIATE_LOCAL_CALL            (1<<14)
119/* Sent by the server to indicate that the server and client are on the same
120   machine. Implies that the client may use a pre-established local security
121   context rather than responding to the challenge. */
122
123#define NTLMFLAG_NEGOTIATE_ALWAYS_SIGN           (1<<15)
124/* Indicates that authenticated communication between the client and server
125   should be signed with a "dummy" signature. */
126
127#define NTLMFLAG_TARGET_TYPE_DOMAIN              (1<<16)
128/* Sent by the server in the Type 2 message to indicate that the target
129   authentication realm is a domain. */
130
131#define NTLMFLAG_TARGET_TYPE_SERVER              (1<<17)
132/* Sent by the server in the Type 2 message to indicate that the target
133   authentication realm is a server. */
134
135#define NTLMFLAG_TARGET_TYPE_SHARE               (1<<18)
136/* Sent by the server in the Type 2 message to indicate that the target
137   authentication realm is a share. Presumably, this is for share-level
138   authentication. Usage is unclear. */
139
140#define NTLMFLAG_NEGOTIATE_NTLM2_KEY             (1<<19)
141/* Indicates that the NTLM2 signing and sealing scheme should be used for
142   protecting authenticated communications. */
143
144#define NTLMFLAG_REQUEST_INIT_RESPONSE           (1<<20)
145/* unknown purpose */
146
147#define NTLMFLAG_REQUEST_ACCEPT_RESPONSE         (1<<21)
148/* unknown purpose */
149
150#define NTLMFLAG_REQUEST_NONNT_SESSION_KEY       (1<<22)
151/* unknown purpose */
152
153#define NTLMFLAG_NEGOTIATE_TARGET_INFO           (1<<23)
154/* Sent by the server in the Type 2 message to indicate that it is including a
155   Target Information block in the message. */
156
157/* unknown (1<24) */
158/* unknown (1<25) */
159/* unknown (1<26) */
160/* unknown (1<27) */
161/* unknown (1<28) */
162
163#define NTLMFLAG_NEGOTIATE_128                   (1<<29)
164/* Indicates that 128-bit encryption is supported. */
165
166#define NTLMFLAG_NEGOTIATE_KEY_EXCHANGE          (1<<30)
167/* Indicates that the client will provide an encrypted master key in
168   the "Session Key" field of the Type 3 message. */
169
170#define NTLMFLAG_NEGOTIATE_56                    (1<<31)
171/* Indicates that 56-bit encryption is supported. */
172
173#ifdef UNICODE
174#  define SECFLAG_WINNT_AUTH_IDENTITY \
175     (unsigned long)SEC_WINNT_AUTH_IDENTITY_UNICODE
176#else
177#  define SECFLAG_WINNT_AUTH_IDENTITY \
178     (unsigned long)SEC_WINNT_AUTH_IDENTITY_ANSI
179#endif
180
181#endif /* BUILDING_CURL_NTLM_MSGS_C */
182
183#endif /* USE_NTLM */
184
185#endif /* HEADER_CURL_NTLM_MSGS_H */
186