1 /* packet-ntlmssp.h 2 * Declarations for NTLM Secure Service Provider 3 * Copyright 2003, Tim Potter <tpot@samba.org> 4 * 5 * Wireshark - Network traffic analyzer 6 * By Gerald Combs <gerald@wireshark.org> 7 * Copyright 1998 Gerald Combs 8 * 9 * SPDX-License-Identifier: GPL-2.0-or-later 10 */ 11 12 #ifndef __PACKET_NTLMSSP_H__ 13 #define __PACKET_NTLMSSP_H__ 14 15 /* Message types */ 16 17 #define NTLMSSP_NEGOTIATE 1 18 #define NTLMSSP_CHALLENGE 2 19 #define NTLMSSP_AUTH 3 20 #define NTLMSSP_UNKNOWN 4 21 22 #define NTLMSSP_KEY_LEN 16 23 24 #define NTLMSSP_MAX_ORIG_LEN 256 25 26 typedef struct _md4_pass { 27 guint8 md4[NTLMSSP_KEY_LEN]; 28 char key_origin[NTLMSSP_MAX_ORIG_LEN+1]; 29 } md4_pass; 30 31 guint32 32 get_md4pass_list(wmem_allocator_t *pool, md4_pass** p_pass_list); 33 34 /* Dissect a ntlmv2 response */ 35 36 int 37 dissect_ntlmv2_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ntlmssp_tree, int offset, int len); 38 39 /* the ntlmssp data passed to tap listeners */ 40 typedef struct _ntlmssp_header_t { 41 guint32 type; 42 const guint8 *domain_name; 43 const guint8 *acct_name; 44 const guint8 *host_name; 45 guint8 session_key[NTLMSSP_KEY_LEN]; 46 } ntlmssp_header_t; 47 48 #define NTLMSSP_BLOB_MAX_SIZE 10240 49 typedef struct _ntlmssp_blob { 50 guint16 length; 51 guint8* contents; 52 } ntlmssp_blob; 53 54 void 55 ntlmssp_create_session_key(packet_info *pinfo, 56 proto_tree *tree, 57 ntlmssp_header_t *ntlmssph, 58 int flags, 59 const guint8 *server_challenge, 60 const guint8 *encryptedsessionkey, 61 const ntlmssp_blob *ntlm_response, 62 const ntlmssp_blob *lm_response); 63 64 int 65 dissect_ntlmssp_NTLM_REMOTE_SUPPLEMENTAL_CREDENTIAL(tvbuff_t *tvb, int offset, proto_tree *tree); 66 67 #endif 68