Commit | Line | Data |
---|---|---|
e2f34481 NJ |
1 | /* SPDX-License-Identifier: LGPL-2.1+ */ |
2 | /* | |
3 | * Copyright (c) International Business Machines Corp., 2002,2007 | |
4 | * Author(s): Steve French (sfrench@us.ibm.com) | |
5 | */ | |
6 | ||
7 | #ifndef __KSMBD_NTLMSSP_H | |
8 | #define __KSMBD_NTLMSSP_H | |
9 | ||
10 | #define NTLMSSP_SIGNATURE "NTLMSSP" | |
11 | ||
12 | /* Security blob target info data */ | |
13 | #define TGT_Name "KSMBD" | |
14 | ||
15 | /* | |
16 | * Size of the crypto key returned on the negotiate SMB in bytes | |
17 | */ | |
18 | #define CIFS_CRYPTO_KEY_SIZE (8) | |
19 | #define CIFS_KEY_SIZE (40) | |
20 | ||
21 | /* | |
22 | * Size of encrypted user password in bytes | |
23 | */ | |
24 | #define CIFS_ENCPWD_SIZE (16) | |
25 | #define CIFS_CPHTXT_SIZE (16) | |
26 | ||
27 | /* Message Types */ | |
28 | #define NtLmNegotiate cpu_to_le32(1) | |
29 | #define NtLmChallenge cpu_to_le32(2) | |
30 | #define NtLmAuthenticate cpu_to_le32(3) | |
31 | #define UnknownMessage cpu_to_le32(8) | |
32 | ||
33 | /* Negotiate Flags */ | |
34 | #define NTLMSSP_NEGOTIATE_UNICODE 0x01 /* Text strings are unicode */ | |
35 | #define NTLMSSP_NEGOTIATE_OEM 0x02 /* Text strings are in OEM */ | |
36 | #define NTLMSSP_REQUEST_TARGET 0x04 /* Srv returns its auth realm */ | |
37 | /* define reserved9 0x08 */ | |
38 | #define NTLMSSP_NEGOTIATE_SIGN 0x0010 /* Request signing capability */ | |
39 | #define NTLMSSP_NEGOTIATE_SEAL 0x0020 /* Request confidentiality */ | |
40 | #define NTLMSSP_NEGOTIATE_DGRAM 0x0040 | |
41 | #define NTLMSSP_NEGOTIATE_LM_KEY 0x0080 /* Use LM session key */ | |
42 | /* defined reserved 8 0x0100 */ | |
43 | #define NTLMSSP_NEGOTIATE_NTLM 0x0200 /* NTLM authentication */ | |
44 | #define NTLMSSP_NEGOTIATE_NT_ONLY 0x0400 /* Lanman not allowed */ | |
45 | #define NTLMSSP_ANONYMOUS 0x0800 | |
46 | #define NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED 0x1000 /* reserved6 */ | |
47 | #define NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED 0x2000 | |
48 | #define NTLMSSP_NEGOTIATE_LOCAL_CALL 0x4000 /* client/server same machine */ | |
49 | #define NTLMSSP_NEGOTIATE_ALWAYS_SIGN 0x8000 /* Sign. All security levels */ | |
50 | #define NTLMSSP_TARGET_TYPE_DOMAIN 0x10000 | |
51 | #define NTLMSSP_TARGET_TYPE_SERVER 0x20000 | |
52 | #define NTLMSSP_TARGET_TYPE_SHARE 0x40000 | |
53 | #define NTLMSSP_NEGOTIATE_EXTENDED_SEC 0x80000 /* NB:not related to NTLMv2 pwd*/ | |
54 | /* #define NTLMSSP_REQUEST_INIT_RESP 0x100000 */ | |
55 | #define NTLMSSP_NEGOTIATE_IDENTIFY 0x100000 | |
56 | #define NTLMSSP_REQUEST_ACCEPT_RESP 0x200000 /* reserved5 */ | |
57 | #define NTLMSSP_REQUEST_NON_NT_KEY 0x400000 | |
58 | #define NTLMSSP_NEGOTIATE_TARGET_INFO 0x800000 | |
59 | /* #define reserved4 0x1000000 */ | |
60 | #define NTLMSSP_NEGOTIATE_VERSION 0x2000000 /* we do not set */ | |
61 | /* #define reserved3 0x4000000 */ | |
62 | /* #define reserved2 0x8000000 */ | |
63 | /* #define reserved1 0x10000000 */ | |
64 | #define NTLMSSP_NEGOTIATE_128 0x20000000 | |
65 | #define NTLMSSP_NEGOTIATE_KEY_XCH 0x40000000 | |
66 | #define NTLMSSP_NEGOTIATE_56 0x80000000 | |
67 | ||
68 | /* Define AV Pair Field IDs */ | |
69 | enum av_field_type { | |
70 | NTLMSSP_AV_EOL = 0, | |
71 | NTLMSSP_AV_NB_COMPUTER_NAME, | |
72 | NTLMSSP_AV_NB_DOMAIN_NAME, | |
73 | NTLMSSP_AV_DNS_COMPUTER_NAME, | |
74 | NTLMSSP_AV_DNS_DOMAIN_NAME, | |
75 | NTLMSSP_AV_DNS_TREE_NAME, | |
76 | NTLMSSP_AV_FLAGS, | |
77 | NTLMSSP_AV_TIMESTAMP, | |
78 | NTLMSSP_AV_RESTRICTION, | |
79 | NTLMSSP_AV_TARGET_NAME, | |
80 | NTLMSSP_AV_CHANNEL_BINDINGS | |
81 | }; | |
82 | ||
83 | /* Although typedefs are not commonly used for structure definitions */ | |
84 | /* in the Linux kernel, in this particular case they are useful */ | |
85 | /* to more closely match the standards document for NTLMSSP from */ | |
86 | /* OpenGroup and to make the code more closely match the standard in */ | |
87 | /* appearance */ | |
88 | ||
89 | struct security_buffer { | |
90 | __le16 Length; | |
91 | __le16 MaximumLength; | |
92 | __le32 BufferOffset; /* offset to buffer */ | |
93 | } __packed; | |
94 | ||
95 | struct target_info { | |
96 | __le16 Type; | |
97 | __le16 Length; | |
5224f790 | 98 | __u8 Content[]; |
e2f34481 NJ |
99 | } __packed; |
100 | ||
101 | struct negotiate_message { | |
102 | __u8 Signature[sizeof(NTLMSSP_SIGNATURE)]; | |
103 | __le32 MessageType; /* NtLmNegotiate = 1 */ | |
104 | __le32 NegotiateFlags; | |
105 | struct security_buffer DomainName; /* RFC 1001 style and ASCII */ | |
106 | struct security_buffer WorkstationName; /* RFC 1001 and ASCII */ | |
107 | /* | |
108 | * struct security_buffer for version info not present since we | |
109 | * do not set the version is present flag | |
110 | */ | |
5224f790 | 111 | char DomainString[]; |
e2f34481 NJ |
112 | /* followed by WorkstationString */ |
113 | } __packed; | |
114 | ||
115 | struct challenge_message { | |
116 | __u8 Signature[sizeof(NTLMSSP_SIGNATURE)]; | |
117 | __le32 MessageType; /* NtLmChallenge = 2 */ | |
118 | struct security_buffer TargetName; | |
119 | __le32 NegotiateFlags; | |
120 | __u8 Challenge[CIFS_CRYPTO_KEY_SIZE]; | |
121 | __u8 Reserved[8]; | |
122 | struct security_buffer TargetInfoArray; | |
123 | /* | |
124 | * struct security_buffer for version info not present since we | |
125 | * do not set the version is present flag | |
126 | */ | |
127 | } __packed; | |
128 | ||
129 | struct authenticate_message { | |
130 | __u8 Signature[sizeof(NTLMSSP_SIGNATURE)]; | |
131 | __le32 MessageType; /* NtLmsAuthenticate = 3 */ | |
132 | struct security_buffer LmChallengeResponse; | |
133 | struct security_buffer NtChallengeResponse; | |
134 | struct security_buffer DomainName; | |
135 | struct security_buffer UserName; | |
136 | struct security_buffer WorkstationName; | |
137 | struct security_buffer SessionKey; | |
138 | __le32 NegotiateFlags; | |
139 | /* | |
140 | * struct security_buffer for version info not present since we | |
141 | * do not set the version is present flag | |
142 | */ | |
5224f790 | 143 | char UserString[]; |
e2f34481 NJ |
144 | } __packed; |
145 | ||
146 | struct ntlmv2_resp { | |
147 | char ntlmv2_hash[CIFS_ENCPWD_SIZE]; | |
148 | __le32 blob_signature; | |
149 | __u32 reserved; | |
150 | __le64 time; | |
151 | __u64 client_chal; /* random */ | |
152 | __u32 reserved2; | |
153 | /* array of name entries could follow ending in minimum 4 byte struct */ | |
154 | } __packed; | |
155 | ||
156 | /* per smb session structure/fields */ | |
157 | struct ntlmssp_auth { | |
158 | /* whether session key is per smb session */ | |
159 | bool sesskey_per_smbsess; | |
160 | /* sent by client in type 1 ntlmsssp exchange */ | |
161 | __u32 client_flags; | |
162 | /* sent by server in type 2 ntlmssp exchange */ | |
163 | __u32 conn_flags; | |
164 | /* sent to server */ | |
165 | unsigned char ciphertext[CIFS_CPHTXT_SIZE]; | |
166 | /* used by ntlmssp */ | |
167 | char cryptkey[CIFS_CRYPTO_KEY_SIZE]; | |
168 | }; | |
169 | #endif /* __KSMBD_NTLMSSP_H */ |