1 /* packet-ntlmssp.h
2  * Declarations for NTLM Secure Service Provider
3  * Copyright 2003, Tim Potter <tpot@samba.org>
4  *
5  * Wireshark - Network traffic analyzer
6  * By Gerald Combs <gerald@wireshark.org>
7  * Copyright 1998 Gerald Combs
8  *
9  * SPDX-License-Identifier: GPL-2.0-or-later
10  */
11 
12 #ifndef __PACKET_NTLMSSP_H__
13 #define __PACKET_NTLMSSP_H__
14 
15 /* Message types */
16 
17 #define NTLMSSP_NEGOTIATE 1
18 #define NTLMSSP_CHALLENGE 2
19 #define NTLMSSP_AUTH      3
20 #define NTLMSSP_UNKNOWN   4
21 
22 #define NTLMSSP_KEY_LEN 16
23 
24 #define NTLMSSP_MAX_ORIG_LEN 256
25 
26 typedef struct _md4_pass {
27   guint8 md4[NTLMSSP_KEY_LEN];
28   char key_origin[NTLMSSP_MAX_ORIG_LEN+1];
29 } md4_pass;
30 
31 guint32
32 get_md4pass_list(wmem_allocator_t *pool, md4_pass** p_pass_list);
33 
34 /* Dissect a ntlmv2 response */
35 
36 int
37 dissect_ntlmv2_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ntlmssp_tree, int offset, int len);
38 
39 /* the ntlmssp data passed to tap listeners */
40 typedef struct _ntlmssp_header_t {
41 	guint32		type;
42 	const guint8	*domain_name;
43 	const guint8	*acct_name;
44 	const guint8	*host_name;
45 	guint8		session_key[NTLMSSP_KEY_LEN];
46 } ntlmssp_header_t;
47 
48 #define NTLMSSP_BLOB_MAX_SIZE 10240
49 typedef struct _ntlmssp_blob {
50   guint16 length;
51   guint8* contents;
52 } ntlmssp_blob;
53 
54 void
55 ntlmssp_create_session_key(packet_info *pinfo,
56                            proto_tree *tree,
57                            ntlmssp_header_t *ntlmssph,
58                            int flags,
59                            const guint8 *server_challenge,
60                            const guint8 *encryptedsessionkey,
61                            const ntlmssp_blob *ntlm_response,
62                            const ntlmssp_blob *lm_response);
63 
64 int
65 dissect_ntlmssp_NTLM_REMOTE_SUPPLEMENTAL_CREDENTIAL(tvbuff_t *tvb, int offset, proto_tree *tree);
66 
67 #endif
68