1#ifndef HEADER_CURL_NTLM_MSGS_H 2#define HEADER_CURL_NTLM_MSGS_H 3/*************************************************************************** 4 * _ _ ____ _ 5 * Project ___| | | | _ \| | 6 * / __| | | | |_) | | 7 * | (__| |_| | _ <| |___ 8 * \___|\___/|_| \_\_____| 9 * 10 * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al. 11 * 12 * This software is licensed as described in the file COPYING, which 13 * you should have received as part of this distribution. The terms 14 * are also available at http://curl.haxx.se/docs/copyright.html. 15 * 16 * You may opt to use, copy, modify, merge, publish, distribute and/or sell 17 * copies of the Software, and permit persons to whom the Software is 18 * furnished to do so, under the terms of the COPYING file. 19 * 20 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY 21 * KIND, either express or implied. 22 * 23 ***************************************************************************/ 24 25#include "curl_setup.h" 26 27#ifdef USE_NTLM 28 29/* This is to generate a base64 encoded NTLM type-1 message */ 30CURLcode Curl_ntlm_create_type1_message(const char *userp, 31 const char *passwdp, 32 struct ntlmdata *ntlm, 33 char **outptr, 34 size_t *outlen); 35 36/* This is to generate a base64 encoded NTLM type-3 message */ 37CURLcode Curl_ntlm_create_type3_message(struct SessionHandle *data, 38 const char *userp, 39 const char *passwdp, 40 struct ntlmdata *ntlm, 41 char **outptr, 42 size_t *outlen); 43 44/* This is to decode a NTLM type-2 message */ 45CURLcode Curl_ntlm_decode_type2_message(struct SessionHandle *data, 46 const char* header, 47 struct ntlmdata* ntlm); 48 49/* This is to decode target info received in NTLM type-2 message */ 50CURLcode Curl_ntlm_decode_type2_target(struct SessionHandle *data, 51 unsigned char* buffer, 52 size_t size, 53 struct ntlmdata* ntlm); 54 55 56/* This is to clean up the ntlm data structure */ 57#ifdef USE_WINDOWS_SSPI 58void Curl_ntlm_sspi_cleanup(struct ntlmdata *ntlm); 59#else 60#define Curl_ntlm_sspi_cleanup(x) 61#endif 62 63/* NTLM buffer fixed size, large enough for long user + host + domain */ 64#define NTLM_BUFSIZE 1024 65 66/* Stuff only required for curl_ntlm_msgs.c */ 67#ifdef BUILDING_CURL_NTLM_MSGS_C 68 69/* Flag bits definitions based on http://davenport.sourceforge.net/ntlm.html */ 70 71#define NTLMFLAG_NEGOTIATE_UNICODE (1<<0) 72/* Indicates that Unicode strings are supported for use in security buffer 73 data. */ 74 75#define NTLMFLAG_NEGOTIATE_OEM (1<<1) 76/* Indicates that OEM strings are supported for use in security buffer data. */ 77 78#define NTLMFLAG_REQUEST_TARGET (1<<2) 79/* Requests that the server's authentication realm be included in the Type 2 80 message. */ 81 82/* unknown (1<<3) */ 83#define NTLMFLAG_NEGOTIATE_SIGN (1<<4) 84/* Specifies that authenticated communication between the client and server 85 should carry a digital signature (message integrity). */ 86 87#define NTLMFLAG_NEGOTIATE_SEAL (1<<5) 88/* Specifies that authenticated communication between the client and server 89 should be encrypted (message confidentiality). */ 90 91#define NTLMFLAG_NEGOTIATE_DATAGRAM_STYLE (1<<6) 92/* Indicates that datagram authentication is being used. */ 93 94#define NTLMFLAG_NEGOTIATE_LM_KEY (1<<7) 95/* Indicates that the LAN Manager session key should be used for signing and 96 sealing authenticated communications. */ 97 98#define NTLMFLAG_NEGOTIATE_NETWARE (1<<8) 99/* unknown purpose */ 100 101#define NTLMFLAG_NEGOTIATE_NTLM_KEY (1<<9) 102/* Indicates that NTLM authentication is being used. */ 103 104/* unknown (1<<10) */ 105 106#define NTLMFLAG_NEGOTIATE_ANONYMOUS (1<<11) 107/* Sent by the client in the Type 3 message to indicate that an anonymous 108 context has been established. This also affects the response fields. */ 109 110#define NTLMFLAG_NEGOTIATE_DOMAIN_SUPPLIED (1<<12) 111/* Sent by the client in the Type 1 message to indicate that a desired 112 authentication realm is included in the message. */ 113 114#define NTLMFLAG_NEGOTIATE_WORKSTATION_SUPPLIED (1<<13) 115/* Sent by the client in the Type 1 message to indicate that the client 116 workstation's name is included in the message. */ 117 118#define NTLMFLAG_NEGOTIATE_LOCAL_CALL (1<<14) 119/* Sent by the server to indicate that the server and client are on the same 120 machine. Implies that the client may use a pre-established local security 121 context rather than responding to the challenge. */ 122 123#define NTLMFLAG_NEGOTIATE_ALWAYS_SIGN (1<<15) 124/* Indicates that authenticated communication between the client and server 125 should be signed with a "dummy" signature. */ 126 127#define NTLMFLAG_TARGET_TYPE_DOMAIN (1<<16) 128/* Sent by the server in the Type 2 message to indicate that the target 129 authentication realm is a domain. */ 130 131#define NTLMFLAG_TARGET_TYPE_SERVER (1<<17) 132/* Sent by the server in the Type 2 message to indicate that the target 133 authentication realm is a server. */ 134 135#define NTLMFLAG_TARGET_TYPE_SHARE (1<<18) 136/* Sent by the server in the Type 2 message to indicate that the target 137 authentication realm is a share. Presumably, this is for share-level 138 authentication. Usage is unclear. */ 139 140#define NTLMFLAG_NEGOTIATE_NTLM2_KEY (1<<19) 141/* Indicates that the NTLM2 signing and sealing scheme should be used for 142 protecting authenticated communications. */ 143 144#define NTLMFLAG_REQUEST_INIT_RESPONSE (1<<20) 145/* unknown purpose */ 146 147#define NTLMFLAG_REQUEST_ACCEPT_RESPONSE (1<<21) 148/* unknown purpose */ 149 150#define NTLMFLAG_REQUEST_NONNT_SESSION_KEY (1<<22) 151/* unknown purpose */ 152 153#define NTLMFLAG_NEGOTIATE_TARGET_INFO (1<<23) 154/* Sent by the server in the Type 2 message to indicate that it is including a 155 Target Information block in the message. */ 156 157/* unknown (1<24) */ 158/* unknown (1<25) */ 159/* unknown (1<26) */ 160/* unknown (1<27) */ 161/* unknown (1<28) */ 162 163#define NTLMFLAG_NEGOTIATE_128 (1<<29) 164/* Indicates that 128-bit encryption is supported. */ 165 166#define NTLMFLAG_NEGOTIATE_KEY_EXCHANGE (1<<30) 167/* Indicates that the client will provide an encrypted master key in 168 the "Session Key" field of the Type 3 message. */ 169 170#define NTLMFLAG_NEGOTIATE_56 (1<<31) 171/* Indicates that 56-bit encryption is supported. */ 172 173#ifdef UNICODE 174# define SECFLAG_WINNT_AUTH_IDENTITY \ 175 (unsigned long)SEC_WINNT_AUTH_IDENTITY_UNICODE 176#else 177# define SECFLAG_WINNT_AUTH_IDENTITY \ 178 (unsigned long)SEC_WINNT_AUTH_IDENTITY_ANSI 179#endif 180 181#endif /* BUILDING_CURL_NTLM_MSGS_C */ 182 183#endif /* USE_NTLM */ 184 185#endif /* HEADER_CURL_NTLM_MSGS_H */ 186