123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199 |
- #ifndef _IPXE_NTLM_H
- #define _IPXE_NTLM_H
-
- /** @file
- *
- * NT LAN Manager (NTLM) authentication
- *
- */
-
- FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
-
- #include <stdint.h>
- #include <ipxe/crypto.h>
- #include <ipxe/md5.h>
-
- /** A message header */
- struct ntlm_header {
- /** Magic signature */
- uint8_t magic[8];
- /** Message type */
- uint32_t type;
- } __attribute__ (( packed ));
-
- /** Magic signature */
- #define NTLM_MAGIC { 'N', 'T', 'L', 'M', 'S', 'S', 'P', '\0' }
-
- /** Message types */
- enum ntlm_type {
- /** Negotiate message type */
- NTLM_NEGOTIATE = 0x00000001UL,
- /** Challenge message type */
- NTLM_CHALLENGE = 0x00000002UL,
- /** Authenticate message */
- NTLM_AUTHENTICATE = 0x00000003UL,
- };
-
- /** Negotiation flags */
- enum ntlm_flags {
- /** Negotiate key exchange */
- NTLM_NEGOTIATE_KEY_EXCH = 0x20000000UL,
- /** Negotiate extended security */
- NTLM_NEGOTIATE_EXTENDED_SESSIONSECURITY = 0x00080000UL,
- /** Negotiate always sign */
- NTLM_NEGOTIATE_ALWAYS_SIGN = 0x00008000UL,
- /** Negotiate NTLM key */
- NTLM_NEGOTIATE_NTLM = 0x00000200UL,
- /** Request target name and information */
- NTLM_REQUEST_TARGET = 0x00000004UL,
- /** Negotiate Unicode character encoding */
- NTLM_NEGOTIATE_UNICODE = 0x00000001UL,
- };
-
- /** A version descriptor */
- struct ntlm_version {
- /** Product major version */
- uint8_t major;
- /** Product minor version */
- uint8_t minor;
- /** Product build number */
- uint16_t build;
- /** Reserved */
- uint8_t reserved[3];
- /** NTLMSSP revision */
- uint8_t revision;
- } __attribute__ (( packed ));
-
- /** A nonce */
- struct ntlm_nonce {
- /** Raw bytes */
- uint8_t raw[8];
- } __attribute__ (( packed ));
-
- /** A variable-length data descriptor */
- struct ntlm_data {
- /** Length (in bytes) */
- uint16_t len;
- /** Maximum length (in bytes)
- *
- * Should always be set equal to the length; this field is
- * entirely superfluous.
- */
- uint16_t max_len;
- /** Offset from start of message header */
- uint32_t offset;
- } __attribute__ (( packed ));
-
- /** A Negotiate message */
- struct ntlm_negotiate {
- /** Message header */
- struct ntlm_header header;
- /** Negotiation flags */
- uint32_t flags;
- /** Domain name */
- struct ntlm_data domain;
- /** Workstation name */
- struct ntlm_data workstation;
- } __attribute__ (( packed ));
-
- /** A Challenge message */
- struct ntlm_challenge {
- /** Message header */
- struct ntlm_header header;
- /** Target name */
- struct ntlm_data name;
- /** Negotiation flags */
- uint32_t flags;
- /** Server nonce */
- struct ntlm_nonce nonce;
- /** Reserved */
- uint8_t reserved[8];
- /** Target information */
- struct ntlm_data info;
- } __attribute__ (( packed ));
-
- /** An Authenticate message */
- struct ntlm_authenticate {
- /** Message header */
- struct ntlm_header header;
- /** LAN Manager response */
- struct ntlm_data lm;
- /** NT response */
- struct ntlm_data nt;
- /** Domain name */
- struct ntlm_data domain;
- /** User name */
- struct ntlm_data user;
- /** Workstation name */
- struct ntlm_data workstation;
- /** Session key */
- struct ntlm_data session;
- /** Negotiation flags */
- uint32_t flags;
- } __attribute__ (( packed ));
-
- /** A LAN Manager response */
- struct ntlm_lm_response {
- /** HMAC-MD5 digest */
- uint8_t digest[MD5_DIGEST_SIZE];
- /** Client nonce */
- struct ntlm_nonce nonce;
- } __attribute__ (( packed ));
-
- /** An NT response */
- struct ntlm_nt_response {
- /** HMAC-MD5 digest */
- uint8_t digest[MD5_DIGEST_SIZE];
- /** Response version */
- uint8_t version;
- /** Highest response version */
- uint8_t high;
- /** Reserved */
- uint8_t reserved_a[6];
- /** Current time */
- uint64_t time;
- /** Client nonce */
- struct ntlm_nonce nonce;
- /** Must be zero */
- uint32_t zero;
- } __attribute__ (( packed ));
-
- /** NTLM version */
- #define NTLM_VERSION_NTLMV2 0x01
-
- /** NTLM challenge information */
- struct ntlm_challenge_info {
- /** Server nonce */
- struct ntlm_nonce *nonce;
- /** Target information */
- void *target;
- /** Length of target information */
- size_t len;
- };
-
- /** An NTLM verification key */
- struct ntlm_key {
- /** Raw bytes */
- uint8_t raw[MD5_DIGEST_SIZE];
- };
-
- extern const struct ntlm_negotiate ntlm_negotiate;
- extern int ntlm_challenge ( struct ntlm_challenge *challenge, size_t len,
- struct ntlm_challenge_info *info );
- extern void ntlm_key ( const char *domain, const char *username,
- const char *password, struct ntlm_key *key );
- extern void ntlm_response ( struct ntlm_challenge_info *info,
- struct ntlm_key *key, struct ntlm_nonce *nonce,
- struct ntlm_lm_response *lm,
- struct ntlm_nt_response *nt );
- extern size_t ntlm_authenticate ( struct ntlm_challenge_info *info,
- const char *domain, const char *username,
- const char *workstation,
- struct ntlm_lm_response *lm,
- struct ntlm_nt_response *nt,
- struct ntlm_authenticate *auth );
- extern size_t ntlm_authenticate_len ( struct ntlm_challenge_info *info,
- const char *domain, const char *username,
- const char *workstation );
-
- #endif /* _IPXE_NTLM_H */
|