1 /*
2  * Copyright (c) Edward Thomson.  All rights reserved.
3  *
4  * This file is part of ntlmclient, distributed under the MIT license.
5  * For full terms and copyright information, and for third-party
6  * copyright information, see the included LICENSE.txt file.
7  */
8 
9 #ifndef PRIVATE_NTLM_H__
10 #define PRIVATE_NTLM_H__
11 
12 #include "ntlmclient.h"
13 #include "unicode.h"
14 #include "crypt.h"
15 #include "compat.h"
16 
17 #define NTLM_LM_RESPONSE_LEN 24
18 #define NTLM_NTLM_RESPONSE_LEN 24
19 #define NTLM_NTLM_HASH_LEN 16
20 #define NTLM_NTLM2_HASH_LEN 16
21 
22 #define NTLM_SIGNATURE { 'N', 'T', 'L', 'M', 'S', 'S', 'P', 0x00 }
23 
24 #define NTLM_LM_PLAINTEXT { 0x4b, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25 }
25 
26 typedef enum {
27 	NTLM_STATE_NEGOTIATE = 0,
28 	NTLM_STATE_CHALLENGE = 1,
29 	NTLM_STATE_RESPONSE = 2,
30 	NTLM_STATE_ERROR = 3,
31 	NTLM_STATE_COMPLETE = 4,
32 } ntlm_state;
33 
34 typedef struct {
35 	unsigned char *buf;
36 	size_t pos;
37 	size_t len;
38 } ntlm_buf;
39 
40 typedef struct {
41 	uint8_t major;
42 	uint8_t minor;
43 	uint16_t build;
44 	uint32_t reserved;
45 } ntlm_version;
46 
47 typedef struct {
48 	uint32_t flags;
49 	uint64_t nonce;
50 	ntlm_version target_version;
51 
52 	/* The unparsed target information from the server */
53 	unsigned char *target_info;
54 	size_t target_info_len;
55 
56 	/* The target information parsed into usable strings */
57 	char *target;
58 	char *target_server;
59 	char *target_domain;
60 	char *target_server_dns;
61 	char *target_domain_dns;
62 } ntlm_challenge;
63 
64 struct ntlm_client {
65 	ntlm_client_flags flags;
66 
67 	ntlm_state state;
68 
69 	/* crypto contexts */
70 	ntlm_hmac_ctx *hmac_ctx;
71 	ntlm_unicode_ctx *unicode_ctx;
72 
73 	/* error message as set by the library */
74 	const char *errmsg;
75 
76 	char *hostname;
77 	char *hostdomain;
78 	ntlm_version host_version;
79 
80 	char *target;
81 
82 	char *username;
83 	char *username_upper;
84 	char *userdomain;
85 	char *password;
86 
87 	/* strings as converted to utf16 */
88 	char *target_utf16;
89 	char *username_utf16;
90 	char *username_upper_utf16;
91 	char *userdomain_utf16;
92 	char *hostname_utf16;
93 	char *password_utf16;
94 
95 	/* timestamp and nonce; only for debugging */
96 	uint64_t nonce;
97 	uint64_t timestamp;
98 
99 	size_t username_utf16_len;
100 	size_t username_upper_utf16_len;
101 	size_t userdomain_utf16_len;
102 	size_t hostname_utf16_len;
103 	size_t password_utf16_len;
104 	size_t target_utf16_len;
105 
106 	unsigned char lm_response[NTLM_LM_RESPONSE_LEN];
107 	size_t lm_response_len;
108 
109 	unsigned char ntlm_response[NTLM_NTLM_RESPONSE_LEN];
110 	size_t ntlm_response_len;
111 
112 	unsigned char *ntlm2_response;
113 	size_t ntlm2_response_len;
114 
115 	ntlm_buf negotiate;
116 	ntlm_challenge challenge;
117 	ntlm_buf response;
118 };
119 
120 typedef enum {
121 	NTLM_ENABLE_HOSTVERSION = (1 << 31),
122 } ntlm_client_internal_flags;
123 
124 typedef enum {
125 	NTLM_TARGET_INFO_END = 0,
126 	NTLM_TARGET_INFO_SERVER = 1,
127 	NTLM_TARGET_INFO_DOMAIN = 2,
128 	NTLM_TARGET_INFO_SERVER_DNS = 3,
129 	NTLM_TARGET_INFO_DOMAIN_DNS = 4,
130 } ntlm_target_info_type_t;
131 
132 typedef enum {
133 	/* Unicode strings are supported in security buffers */
134 	NTLM_NEGOTIATE_UNICODE = 0x00000001,
135 
136 	/* OEM (ANSI) strings are supported in security buffers */
137 	NTLM_NEGOTIATE_OEM = 0x00000002,
138 
139 	/* Request the target realm from the server */
140 	NTLM_NEGOTIATE_REQUEST_TARGET = 0x00000004,
141 
142 	/* NTLM authentication is supported */
143 	NTLM_NEGOTIATE_NTLM = 0x00000200,
144 
145 	/* Negotiate domain name */
146 	NTLM_NEGOTIATE_DOMAIN_SUPPLIED = 0x00001000,
147 
148 	/* Negotiate workstation (client) name */
149 	NTLM_NEGOTIATE_WORKSTATION_SUPPLIED = 0x00002000,
150 
151 	/* Indicates that a local context is available */
152 	NTLM_NEGOTIATE_LOCAL_CALL = 0x00004000,
153 
154 	/* Request a dummy signature */
155 	NTLM_NEGOTIATE_ALWAYS_SIGN = 0x00008000,
156 
157 	/* Target (server) is a domain */
158 	NTLM_NEGOTIATE_TYPE_DOMAIN = 0x00010000,
159 
160 	/* NTLM2 signing and sealing is supported */
161 	NTLM_NEGOTIATE_NTLM2_SIGN_AND_SEAL = 0x00080000,
162 
163 	/* A target information block is included */
164 	NTLM_NEGOTIATE_TARGET_INFO = 0x00800000,
165 
166 	/* Version information should be provided */
167 	NTLM_NEGOTIATE_VERSION = 0x01000000,
168 } ntlm_negotiate_t;
169 
170 extern int ntlm_client_set_nonce(ntlm_client *ntlm, uint64_t nonce);
171 extern int ntlm_client_set_timestamp(ntlm_client *ntlm, uint64_t timestamp);
172 extern void ntlm_client_set_errmsg(ntlm_client *ntlm, const char *errmsg);
173 
174 #endif /* PRIVATE_NTLM_H__ */
175