Samba: include/ntlmssp.h ソースファイル

00001 /* 
00002    Unix SMB/CIFS implementation.
00003    SMB parameters and setup
00004    Copyright (C) Andrew Tridgell 1992-1997
00005    Copyright (C) Luke Kenneth Casson Leighton 1996-1997
00006    Copyright (C) Paul Ashton 1997
00007    
00008    This program is free software; you can redistribute it and/or modify
00009    it under the terms of the GNU General Public License as published by
00010    the Free Software Foundation; either version 2 of the License, or
00011    (at your option) any later version.
00012    
00013    This program is distributed in the hope that it will be useful,
00014    but WITHOUT ANY WARRANTY; without even the implied warranty of
00015    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
00016    GNU General Public License for more details.
00017    
00018    You should have received a copy of the GNU General Public License
00019    along with this program; if not, write to the Free Software
00020    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
00021 */
00022 
00023 /* NTLMSSP mode */
00024 enum NTLMSSP_ROLE
00025 {
00026         NTLMSSP_SERVER,
00027         NTLMSSP_CLIENT
00028 };
00029 
00030 /* NTLMSSP message types */
00031 enum NTLM_MESSAGE_TYPE
00032 {
00033         NTLMSSP_INITIAL = 0 /* samba internal state */,
00034         NTLMSSP_NEGOTIATE = 1,
00035         NTLMSSP_CHALLENGE = 2,
00036         NTLMSSP_AUTH      = 3,
00037         NTLMSSP_UNKNOWN   = 4,
00038         NTLMSSP_DONE      = 5 /* samba final state */
00039 };
00040 
00041 /* NTLMSSP negotiation flags */
00042 #define NTLMSSP_NEGOTIATE_UNICODE          0x00000001
00043 #define NTLMSSP_NEGOTIATE_OEM              0x00000002
00044 #define NTLMSSP_REQUEST_TARGET             0x00000004
00045 #define NTLMSSP_NEGOTIATE_SIGN             0x00000010 /* Message integrity */
00046 #define NTLMSSP_NEGOTIATE_SEAL             0x00000020 /* Message confidentiality */
00047 #define NTLMSSP_NEGOTIATE_DATAGRAM_STYLE   0x00000040
00048 #define NTLMSSP_NEGOTIATE_LM_KEY           0x00000080
00049 #define NTLMSSP_NEGOTIATE_NETWARE          0x00000100
00050 #define NTLMSSP_NEGOTIATE_NTLM             0x00000200
00051 #define NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED  0x00001000
00052 #define NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED 0x00002000
00053 #define NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL  0x00004000
00054 #define NTLMSSP_NEGOTIATE_ALWAYS_SIGN      0x00008000
00055 #define NTLMSSP_TARGET_TYPE_DOMAIN            0x10000
00056 #define NTLMSSP_TARGET_TYPE_SERVER            0x20000
00057 #define NTLMSSP_CHAL_INIT_RESPONSE         0x00010000
00058 
00059 #define NTLMSSP_CHAL_ACCEPT_RESPONSE       0x00020000
00060 #define NTLMSSP_CHAL_NON_NT_SESSION_KEY    0x00040000
00061 #define NTLMSSP_NEGOTIATE_NTLM2            0x00080000
00062 #define NTLMSSP_CHAL_TARGET_INFO           0x00800000
00063 #define NTLMSSP_UNKNOWN_02000000           0x02000000
00064 #define NTLMSSP_NEGOTIATE_128              0x20000000 /* 128-bit encryption */
00065 #define NTLMSSP_NEGOTIATE_KEY_EXCH         0x40000000
00066 #define NTLMSSP_NEGOTIATE_56               0x80000000
00067 
00068 #define NTLMSSP_FEATURE_SESSION_KEY        0x00000001
00069 #define NTLMSSP_FEATURE_SIGN               0x00000002
00070 #define NTLMSSP_FEATURE_SEAL               0x00000004
00071 
00072 #define NTLMSSP_NAME_TYPE_SERVER      0x01
00073 #define NTLMSSP_NAME_TYPE_DOMAIN      0x02
00074 #define NTLMSSP_NAME_TYPE_SERVER_DNS  0x03
00075 #define NTLMSSP_NAME_TYPE_DOMAIN_DNS  0x04
00076 
00077 #define NTLMSSP_SIG_SIZE 16
00078 
00079 typedef struct ntlmssp_state 
00080 {
00081         TALLOC_CTX *mem_ctx;
00082         unsigned int ref_count;
00083         enum NTLMSSP_ROLE role;
00084         enum server_types server_role;
00085         uint32 expected_state;
00086 
00087         BOOL unicode;
00088         BOOL use_ntlmv2;
00089         char *user;
00090         char *domain;
00091         char *workstation;
00092         unsigned char *nt_hash;
00093         unsigned char *lm_hash;
00094         char *server_domain;
00095 
00096         DATA_BLOB internal_chal; /* Random challenge as supplied to the client for NTLM authentication */
00097 
00098         DATA_BLOB chal; /* Random challenge as input into the actual NTLM (or NTLM2) authentication */
00099         DATA_BLOB lm_resp;
00100         DATA_BLOB nt_resp;
00101         DATA_BLOB session_key;
00102         
00103         uint32 neg_flags; /* the current state of negotiation with the NTLMSSP partner */
00104         
00105         void *auth_context;
00106 
00107         /**
00108          * Callback to get the 'challenge' used for NTLM authentication.  
00109          *
00110          * @param ntlmssp_state This structure
00111          * @return 8 bytes of challnege data, determined by the server to be the challenge for NTLM authentication
00112          *
00113          */
00114         const uint8 *(*get_challenge)(const struct ntlmssp_state *ntlmssp_state);
00115 
00116         /**
00117          * Callback to find if the challenge used by NTLM authentication may be modified 
00118          *
00119          * The NTLM2 authentication scheme modifies the effective challenge, but this is not compatiable with the
00120          * current 'security=server' implementation..  
00121          *
00122          * @param ntlmssp_state This structure
00123          * @return Can the challenge be set to arbitary values?
00124          *
00125          */
00126         BOOL (*may_set_challenge)(const struct ntlmssp_state *ntlmssp_state);
00127 
00128         /**
00129          * Callback to set the 'challenge' used for NTLM authentication.  
00130          *
00131          * The callback may use the void *auth_context to store state information, but the same value is always available
00132          * from the DATA_BLOB chal on this structure.
00133          *
00134          * @param ntlmssp_state This structure
00135          * @param challenge 8 bytes of data, agreed by the client and server to be the effective challenge for NTLM2 authentication
00136          *
00137          */
00138         NTSTATUS (*set_challenge)(struct ntlmssp_state *ntlmssp_state, DATA_BLOB *challenge);
00139 
00140         /**
00141          * Callback to check the user's password.  
00142          *
00143          * The callback must reads the feilds of this structure for the information it needs on the user 
00144          * @param ntlmssp_state This structure
00145          * @param nt_session_key If an NT session key is returned by the authentication process, return it here
00146          * @param lm_session_key If an LM session key is returned by the authentication process, return it here
00147          *
00148          */
00149         NTSTATUS (*check_password)(struct ntlmssp_state *ntlmssp_state, DATA_BLOB *nt_session_key, DATA_BLOB *lm_session_key);
00150 
00151         const char *(*get_global_myname)(void);
00152         const char *(*get_domain)(void);
00153 
00154         /* ntlmv2 */
00155 
00156         unsigned char send_sign_key[16];
00157         unsigned char send_seal_key[16];
00158         unsigned char recv_sign_key[16];
00159         unsigned char recv_seal_key[16];
00160 
00161         unsigned char send_seal_arc4_state[258];
00162         unsigned char recv_seal_arc4_state[258];
00163 
00164         uint32 ntlm2_send_seq_num;
00165         uint32 ntlm2_recv_seq_num;
00166 
00167         /* ntlmv1 */
00168         unsigned char ntlmv1_arc4_state[258];
00169         uint32 ntlmv1_seq_num;
00170 
00171         /* it turns out that we don't always get the
00172            response in at the time we want to process it.
00173            Store it here, until we need it */
00174         DATA_BLOB stored_response; 
00175         
00176 } NTLMSSP_STATE;