1 /** 2 * WinPR: Windows Portable Runtime 3 * NTLM Security Package 4 * 5 * Copyright 2011-2014 Marc-Andre Moreau <marcandre.moreau@gmail.com> 6 * 7 * Licensed under the Apache License, Version 2.0 (the "License"); 8 * you may not use this file except in compliance with the License. 9 * You may obtain a copy of the License at 10 * 11 * http://www.apache.org/licenses/LICENSE-2.0 12 * 13 * Unless required by applicable law or agreed to in writing, software 14 * distributed under the License is distributed on an "AS IS" BASIS, 15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 * See the License for the specific language governing permissions and 17 * limitations under the License. 18 */ 19 20 #ifndef WINPR_SSPI_NTLM_PRIVATE_H 21 #define WINPR_SSPI_NTLM_PRIVATE_H 22 23 #include <winpr/sspi.h> 24 #include <winpr/windows.h> 25 26 #include <winpr/nt.h> 27 #include <winpr/crypto.h> 28 #include <winpr/ntlm.h> 29 30 #include "../sspi.h" 31 32 #define MESSAGE_TYPE_NEGOTIATE 1 33 #define MESSAGE_TYPE_CHALLENGE 2 34 #define MESSAGE_TYPE_AUTHENTICATE 3 35 36 #define NTLMSSP_NEGOTIATE_56 0x80000000 /* W (0) */ 37 #define NTLMSSP_NEGOTIATE_KEY_EXCH 0x40000000 /* V (1) */ 38 #define NTLMSSP_NEGOTIATE_128 0x20000000 /* U (2) */ 39 #define NTLMSSP_RESERVED1 0x10000000 /* r1 (3) */ 40 #define NTLMSSP_RESERVED2 0x08000000 /* r2 (4) */ 41 #define NTLMSSP_RESERVED3 0x04000000 /* r3 (5) */ 42 #define NTLMSSP_NEGOTIATE_VERSION 0x02000000 /* T (6) */ 43 #define NTLMSSP_RESERVED4 0x01000000 /* r4 (7) */ 44 #define NTLMSSP_NEGOTIATE_TARGET_INFO 0x00800000 /* S (8) */ 45 #define NTLMSSP_REQUEST_NON_NT_SESSION_KEY 0x00400000 /* R (9) */ 46 #define NTLMSSP_RESERVED5 0x00200000 /* r5 (10) */ 47 #define NTLMSSP_NEGOTIATE_IDENTIFY 0x00100000 /* Q (11) */ 48 #define NTLMSSP_NEGOTIATE_EXTENDED_SESSION_SECURITY 0x00080000 /* P (12) */ 49 #define NTLMSSP_RESERVED6 0x00040000 /* r6 (13) */ 50 #define NTLMSSP_TARGET_TYPE_SERVER 0x00020000 /* O (14) */ 51 #define NTLMSSP_TARGET_TYPE_DOMAIN 0x00010000 /* N (15) */ 52 #define NTLMSSP_NEGOTIATE_ALWAYS_SIGN 0x00008000 /* M (16) */ 53 #define NTLMSSP_RESERVED7 0x00004000 /* r7 (17) */ 54 #define NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED 0x00002000 /* L (18) */ 55 #define NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED 0x00001000 /* K (19) */ 56 #define NTLMSSP_NEGOTIATE_ANONYMOUS 0x00000800 /* J (20) */ 57 #define NTLMSSP_RESERVED8 0x00000400 /* r8 (21) */ 58 #define NTLMSSP_NEGOTIATE_NTLM 0x00000200 /* H (22) */ 59 #define NTLMSSP_RESERVED9 0x00000100 /* r9 (23) */ 60 #define NTLMSSP_NEGOTIATE_LM_KEY 0x00000080 /* G (24) */ 61 #define NTLMSSP_NEGOTIATE_DATAGRAM 0x00000040 /* F (25) */ 62 #define NTLMSSP_NEGOTIATE_SEAL 0x00000020 /* E (26) */ 63 #define NTLMSSP_NEGOTIATE_SIGN 0x00000010 /* D (27) */ 64 #define NTLMSSP_RESERVED10 0x00000008 /* r10 (28) */ 65 #define NTLMSSP_REQUEST_TARGET 0x00000004 /* C (29) */ 66 #define NTLMSSP_NEGOTIATE_OEM 0x00000002 /* B (30) */ 67 #define NTLMSSP_NEGOTIATE_UNICODE 0x00000001 /* A (31) */ 68 69 enum _NTLM_STATE 70 { 71 NTLM_STATE_INITIAL, 72 NTLM_STATE_NEGOTIATE, 73 NTLM_STATE_CHALLENGE, 74 NTLM_STATE_AUTHENTICATE, 75 NTLM_STATE_COMPLETION, 76 NTLM_STATE_FINAL 77 }; 78 typedef enum _NTLM_STATE NTLM_STATE; 79 80 enum _NTLM_AV_ID 81 { 82 MsvAvEOL, 83 MsvAvNbComputerName, 84 MsvAvNbDomainName, 85 MsvAvDnsComputerName, 86 MsvAvDnsDomainName, 87 MsvAvDnsTreeName, 88 MsvAvFlags, 89 MsvAvTimestamp, 90 MsvAvSingleHost, 91 MsvAvTargetName, 92 MsvChannelBindings 93 }; 94 typedef enum _NTLM_AV_ID NTLM_AV_ID; 95 96 struct _NTLM_AV_PAIR 97 { 98 UINT16 AvId; 99 UINT16 AvLen; 100 }; 101 typedef struct _NTLM_AV_PAIR NTLM_AV_PAIR; 102 103 #define MSV_AV_FLAGS_AUTHENTICATION_CONSTRAINED 0x00000001 104 #define MSV_AV_FLAGS_MESSAGE_INTEGRITY_CHECK 0x00000002 105 #define MSV_AV_FLAGS_TARGET_SPN_UNTRUSTED_SOURCE 0x00000004 106 107 #define WINDOWS_MAJOR_VERSION_5 0x05 108 #define WINDOWS_MAJOR_VERSION_6 0x06 109 #define WINDOWS_MINOR_VERSION_0 0x00 110 #define WINDOWS_MINOR_VERSION_1 0x01 111 #define WINDOWS_MINOR_VERSION_2 0x02 112 #define NTLMSSP_REVISION_W2K3 0x0F 113 114 struct _NTLM_VERSION_INFO 115 { 116 UINT8 ProductMajorVersion; 117 UINT8 ProductMinorVersion; 118 UINT16 ProductBuild; 119 BYTE Reserved[3]; 120 UINT8 NTLMRevisionCurrent; 121 }; 122 typedef struct _NTLM_VERSION_INFO NTLM_VERSION_INFO; 123 124 struct _NTLM_SINGLE_HOST_DATA 125 { 126 UINT32 Size; 127 UINT32 Z4; 128 UINT32 DataPresent; 129 UINT32 CustomData; 130 BYTE MachineID[32]; 131 }; 132 typedef struct _NTLM_SINGLE_HOST_DATA NTLM_SINGLE_HOST_DATA; 133 134 struct _NTLM_RESPONSE 135 { 136 BYTE Response[24]; 137 }; 138 typedef struct _NTLM_RESPONSE NTLM_RESPONSE; 139 140 struct _NTLMv2_CLIENT_CHALLENGE 141 { 142 UINT8 RespType; 143 UINT8 HiRespType; 144 UINT16 Reserved1; 145 UINT32 Reserved2; 146 BYTE Timestamp[8]; 147 BYTE ClientChallenge[8]; 148 UINT32 Reserved3; 149 NTLM_AV_PAIR* AvPairs; 150 UINT32 cbAvPairs; 151 }; 152 typedef struct _NTLMv2_CLIENT_CHALLENGE NTLMv2_CLIENT_CHALLENGE; 153 154 struct _NTLMv2_RESPONSE 155 { 156 BYTE Response[16]; 157 NTLMv2_CLIENT_CHALLENGE Challenge; 158 }; 159 typedef struct _NTLMv2_RESPONSE NTLMv2_RESPONSE; 160 161 struct _NTLM_MESSAGE_FIELDS 162 { 163 UINT16 Len; 164 UINT16 MaxLen; 165 PBYTE Buffer; 166 UINT32 BufferOffset; 167 }; 168 typedef struct _NTLM_MESSAGE_FIELDS NTLM_MESSAGE_FIELDS; 169 170 struct _NTLM_MESSAGE_HEADER 171 { 172 BYTE Signature[8]; 173 UINT32 MessageType; 174 }; 175 typedef struct _NTLM_MESSAGE_HEADER NTLM_MESSAGE_HEADER; 176 177 struct _NTLM_NEGOTIATE_MESSAGE 178 { 179 BYTE Signature[8]; 180 UINT32 MessageType; 181 UINT32 NegotiateFlags; 182 NTLM_VERSION_INFO Version; 183 NTLM_MESSAGE_FIELDS DomainName; 184 NTLM_MESSAGE_FIELDS Workstation; 185 }; 186 typedef struct _NTLM_NEGOTIATE_MESSAGE NTLM_NEGOTIATE_MESSAGE; 187 188 struct _NTLM_CHALLENGE_MESSAGE 189 { 190 BYTE Signature[8]; 191 UINT32 MessageType; 192 UINT32 NegotiateFlags; 193 BYTE ServerChallenge[8]; 194 BYTE Reserved[8]; 195 NTLM_VERSION_INFO Version; 196 NTLM_MESSAGE_FIELDS TargetName; 197 NTLM_MESSAGE_FIELDS TargetInfo; 198 }; 199 typedef struct _NTLM_CHALLENGE_MESSAGE NTLM_CHALLENGE_MESSAGE; 200 201 struct _NTLM_AUTHENTICATE_MESSAGE 202 { 203 BYTE Signature[8]; 204 UINT32 MessageType; 205 UINT32 NegotiateFlags; 206 NTLM_VERSION_INFO Version; 207 NTLM_MESSAGE_FIELDS DomainName; 208 NTLM_MESSAGE_FIELDS UserName; 209 NTLM_MESSAGE_FIELDS Workstation; 210 NTLM_MESSAGE_FIELDS LmChallengeResponse; 211 NTLM_MESSAGE_FIELDS NtChallengeResponse; 212 NTLM_MESSAGE_FIELDS EncryptedRandomSessionKey; 213 BYTE MessageIntegrityCheck[16]; 214 }; 215 typedef struct _NTLM_AUTHENTICATE_MESSAGE NTLM_AUTHENTICATE_MESSAGE; 216 217 struct _NTLM_CONTEXT 218 { 219 BOOL server; 220 BOOL NTLMv2; 221 BOOL UseMIC; 222 NTLM_STATE state; 223 int SendSeqNum; 224 int RecvSeqNum; 225 char* SamFile; 226 BYTE NtlmHash[16]; 227 BYTE NtlmV2Hash[16]; 228 BYTE MachineID[32]; 229 BOOL SendVersionInfo; 230 BOOL confidentiality; 231 WINPR_RC4_CTX* SendRc4Seal; 232 WINPR_RC4_CTX* RecvRc4Seal; 233 BYTE* SendSigningKey; 234 BYTE* RecvSigningKey; 235 BYTE* SendSealingKey; 236 BYTE* RecvSealingKey; 237 UINT32 NegotiateFlags; 238 BOOL UseSamFileDatabase; 239 int LmCompatibilityLevel; 240 int SuppressExtendedProtection; 241 BOOL SendWorkstationName; 242 UNICODE_STRING Workstation; 243 UNICODE_STRING ServicePrincipalName; 244 SSPI_CREDENTIALS* credentials; 245 BYTE* ChannelBindingToken; 246 BYTE ChannelBindingsHash[16]; 247 SecPkgContext_Bindings Bindings; 248 BOOL SendSingleHostData; 249 BOOL NegotiateKeyExchange; 250 NTLM_SINGLE_HOST_DATA SingleHostData; 251 NTLM_NEGOTIATE_MESSAGE NEGOTIATE_MESSAGE; 252 NTLM_CHALLENGE_MESSAGE CHALLENGE_MESSAGE; 253 NTLM_AUTHENTICATE_MESSAGE AUTHENTICATE_MESSAGE; 254 UINT32 MessageIntegrityCheckOffset; 255 SecBuffer NegotiateMessage; 256 SecBuffer ChallengeMessage; 257 SecBuffer AuthenticateMessage; 258 SecBuffer ChallengeTargetInfo; 259 SecBuffer AuthenticateTargetInfo; 260 SecBuffer TargetName; 261 SecBuffer NtChallengeResponse; 262 SecBuffer LmChallengeResponse; 263 NTLMv2_RESPONSE NTLMv2Response; 264 BYTE NtProofString[16]; 265 BYTE Timestamp[8]; 266 BYTE ChallengeTimestamp[8]; 267 BYTE ServerChallenge[8]; 268 BYTE ClientChallenge[8]; 269 BYTE SessionBaseKey[16]; 270 BYTE KeyExchangeKey[16]; 271 BYTE RandomSessionKey[16]; 272 BYTE ExportedSessionKey[16]; 273 BYTE EncryptedRandomSessionKey[16]; 274 BYTE ClientSigningKey[16]; 275 BYTE ClientSealingKey[16]; 276 BYTE ServerSigningKey[16]; 277 BYTE ServerSealingKey[16]; 278 psPeerComputeNtlmHash HashCallback; 279 void* HashCallbackArg; 280 }; 281 typedef struct _NTLM_CONTEXT NTLM_CONTEXT; 282 283 SECURITY_STATUS ntlm_computeProofValue(NTLM_CONTEXT* ntlm, SecBuffer* ntproof); 284 SECURITY_STATUS ntlm_computeMicValue(NTLM_CONTEXT* ntlm, SecBuffer* micvalue); 285 286 #ifdef WITH_DEBUG_NLA 287 #define WITH_DEBUG_NTLM 288 #endif 289 290 #endif /* FREERDP_SSPI_NTLM_PRIVATE_H */ 291