iPXE
|
00001 #ifndef _IPXE_NTLM_H 00002 #define _IPXE_NTLM_H 00003 00004 /** @file 00005 * 00006 * NT LAN Manager (NTLM) authentication 00007 * 00008 */ 00009 00010 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); 00011 00012 #include <stdint.h> 00013 #include <ipxe/crypto.h> 00014 #include <ipxe/md5.h> 00015 00016 /** A message header */ 00017 struct ntlm_header { 00018 /** Magic signature */ 00019 uint8_t magic[8]; 00020 /** Message type */ 00021 uint32_t type; 00022 } __attribute__ (( packed )); 00023 00024 /** Magic signature */ 00025 #define NTLM_MAGIC { 'N', 'T', 'L', 'M', 'S', 'S', 'P', '\0' } 00026 00027 /** Message types */ 00028 enum ntlm_type { 00029 /** Negotiate message type */ 00030 NTLM_NEGOTIATE = 0x00000001UL, 00031 /** Challenge message type */ 00032 NTLM_CHALLENGE = 0x00000002UL, 00033 /** Authenticate message */ 00034 NTLM_AUTHENTICATE = 0x00000003UL, 00035 }; 00036 00037 /** Negotiation flags */ 00038 enum ntlm_flags { 00039 /** Negotiate key exchange */ 00040 NTLM_NEGOTIATE_KEY_EXCH = 0x20000000UL, 00041 /** Negotiate extended security */ 00042 NTLM_NEGOTIATE_EXTENDED_SESSIONSECURITY = 0x00080000UL, 00043 /** Negotiate always sign */ 00044 NTLM_NEGOTIATE_ALWAYS_SIGN = 0x00008000UL, 00045 /** Negotiate NTLM key */ 00046 NTLM_NEGOTIATE_NTLM = 0x00000200UL, 00047 /** Request target name and information */ 00048 NTLM_REQUEST_TARGET = 0x00000004UL, 00049 /** Negotiate Unicode character encoding */ 00050 NTLM_NEGOTIATE_UNICODE = 0x00000001UL, 00051 }; 00052 00053 /** A version descriptor */ 00054 struct ntlm_version { 00055 /** Product major version */ 00056 uint8_t major; 00057 /** Product minor version */ 00058 uint8_t minor; 00059 /** Product build number */ 00060 uint16_t build; 00061 /** Reserved */ 00062 uint8_t reserved[3]; 00063 /** NTLMSSP revision */ 00064 uint8_t revision; 00065 } __attribute__ (( packed )); 00066 00067 /** A nonce */ 00068 struct ntlm_nonce { 00069 /** Raw bytes */ 00070 uint8_t raw[8]; 00071 } __attribute__ (( packed )); 00072 00073 /** A variable-length data descriptor */ 00074 struct ntlm_data { 00075 /** Length (in bytes) */ 00076 uint16_t len; 00077 /** Maximum length (in bytes) 00078 * 00079 * Should always be set equal to the length; this field is 00080 * entirely superfluous. 00081 */ 00082 uint16_t max_len; 00083 /** Offset from start of message header */ 00084 uint32_t offset; 00085 } __attribute__ (( packed )); 00086 00087 /** A Negotiate message */ 00088 struct ntlm_negotiate { 00089 /** Message header */ 00090 struct ntlm_header header; 00091 /** Negotiation flags */ 00092 uint32_t flags; 00093 /** Domain name */ 00094 struct ntlm_data domain; 00095 /** Workstation name */ 00096 struct ntlm_data workstation; 00097 } __attribute__ (( packed )); 00098 00099 /** A Challenge message */ 00100 struct ntlm_challenge { 00101 /** Message header */ 00102 struct ntlm_header header; 00103 /** Target name */ 00104 struct ntlm_data name; 00105 /** Negotiation flags */ 00106 uint32_t flags; 00107 /** Server nonce */ 00108 struct ntlm_nonce nonce; 00109 /** Reserved */ 00110 uint8_t reserved[8]; 00111 /** Target information */ 00112 struct ntlm_data info; 00113 } __attribute__ (( packed )); 00114 00115 /** An Authenticate message */ 00116 struct ntlm_authenticate { 00117 /** Message header */ 00118 struct ntlm_header header; 00119 /** LAN Manager response */ 00120 struct ntlm_data lm; 00121 /** NT response */ 00122 struct ntlm_data nt; 00123 /** Domain name */ 00124 struct ntlm_data domain; 00125 /** User name */ 00126 struct ntlm_data user; 00127 /** Workstation name */ 00128 struct ntlm_data workstation; 00129 /** Session key */ 00130 struct ntlm_data session; 00131 /** Negotiation flags */ 00132 uint32_t flags; 00133 } __attribute__ (( packed )); 00134 00135 /** A LAN Manager response */ 00136 struct ntlm_lm_response { 00137 /** HMAC-MD5 digest */ 00138 uint8_t digest[MD5_DIGEST_SIZE]; 00139 /** Client nonce */ 00140 struct ntlm_nonce nonce; 00141 } __attribute__ (( packed )); 00142 00143 /** An NT response */ 00144 struct ntlm_nt_response { 00145 /** HMAC-MD5 digest */ 00146 uint8_t digest[MD5_DIGEST_SIZE]; 00147 /** Response version */ 00148 uint8_t version; 00149 /** Highest response version */ 00150 uint8_t high; 00151 /** Reserved */ 00152 uint8_t reserved_a[6]; 00153 /** Current time */ 00154 uint64_t time; 00155 /** Client nonce */ 00156 struct ntlm_nonce nonce; 00157 /** Must be zero */ 00158 uint32_t zero; 00159 } __attribute__ (( packed )); 00160 00161 /** NTLM version */ 00162 #define NTLM_VERSION_NTLMV2 0x01 00163 00164 /** NTLM challenge information */ 00165 struct ntlm_challenge_info { 00166 /** Server nonce */ 00167 struct ntlm_nonce *nonce; 00168 /** Target information */ 00169 void *target; 00170 /** Length of target information */ 00171 size_t len; 00172 }; 00173 00174 /** An NTLM verification key */ 00175 struct ntlm_key { 00176 /** Raw bytes */ 00177 uint8_t raw[MD5_DIGEST_SIZE]; 00178 }; 00179 00180 extern const struct ntlm_negotiate ntlm_negotiate; 00181 extern int ntlm_challenge ( struct ntlm_challenge *challenge, size_t len, 00182 struct ntlm_challenge_info *info ); 00183 extern void ntlm_key ( const char *domain, const char *username, 00184 const char *password, struct ntlm_key *key ); 00185 extern void ntlm_response ( struct ntlm_challenge_info *info, 00186 struct ntlm_key *key, struct ntlm_nonce *nonce, 00187 struct ntlm_lm_response *lm, 00188 struct ntlm_nt_response *nt ); 00189 extern size_t ntlm_authenticate ( struct ntlm_challenge_info *info, 00190 const char *domain, const char *username, 00191 const char *workstation, 00192 struct ntlm_lm_response *lm, 00193 struct ntlm_nt_response *nt, 00194 struct ntlm_authenticate *auth ); 00195 extern size_t ntlm_authenticate_len ( struct ntlm_challenge_info *info, 00196 const char *domain, const char *username, 00197 const char *workstation ); 00198 00199 #endif /* _IPXE_NTLM_H */