iPXE
ntlm.h
Go to the documentation of this file.
00001 #ifndef _IPXE_NTLM_H
00002 #define _IPXE_NTLM_H
00003 
00004 /** @file
00005  *
00006  * NT LAN Manager (NTLM) authentication
00007  *
00008  */
00009 
00010 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
00011 
00012 #include <stdint.h>
00013 #include <ipxe/crypto.h>
00014 #include <ipxe/md5.h>
00015 
00016 /** A message header */
00017 struct ntlm_header {
00018         /** Magic signature */
00019         uint8_t magic[8];
00020         /** Message type */
00021         uint32_t type;
00022 } __attribute__ (( packed ));
00023 
00024 /** Magic signature */
00025 #define NTLM_MAGIC { 'N', 'T', 'L', 'M', 'S', 'S', 'P', '\0' }
00026 
00027 /** Message types */
00028 enum ntlm_type {
00029         /** Negotiate message type */
00030         NTLM_NEGOTIATE = 0x00000001UL,
00031         /** Challenge message type */
00032         NTLM_CHALLENGE = 0x00000002UL,
00033         /** Authenticate message */
00034         NTLM_AUTHENTICATE = 0x00000003UL,
00035 };
00036 
00037 /** Negotiation flags */
00038 enum ntlm_flags {
00039         /** Negotiate key exchange */
00040         NTLM_NEGOTIATE_KEY_EXCH = 0x20000000UL,
00041         /** Negotiate extended security */
00042         NTLM_NEGOTIATE_EXTENDED_SESSIONSECURITY = 0x00080000UL,
00043         /** Negotiate always sign */
00044         NTLM_NEGOTIATE_ALWAYS_SIGN = 0x00008000UL,
00045         /** Negotiate NTLM key */
00046         NTLM_NEGOTIATE_NTLM = 0x00000200UL,
00047         /** Request target name and information */
00048         NTLM_REQUEST_TARGET = 0x00000004UL,
00049         /** Negotiate Unicode character encoding */
00050         NTLM_NEGOTIATE_UNICODE = 0x00000001UL,
00051 };
00052 
00053 /** A version descriptor */
00054 struct ntlm_version {
00055         /** Product major version */
00056         uint8_t major;
00057         /** Product minor version */
00058         uint8_t minor;
00059         /** Product build number */
00060         uint16_t build;
00061         /** Reserved */
00062         uint8_t reserved[3];
00063         /** NTLMSSP revision */
00064         uint8_t revision;
00065 } __attribute__ (( packed ));
00066 
00067 /** A nonce */
00068 struct ntlm_nonce {
00069         /** Raw bytes */
00070         uint8_t raw[8];
00071 } __attribute__ (( packed ));
00072 
00073 /** A variable-length data descriptor */
00074 struct ntlm_data {
00075         /** Length (in bytes) */
00076         uint16_t len;
00077         /** Maximum length (in bytes)
00078          *
00079          * Should always be set equal to the length; this field is
00080          * entirely superfluous.
00081          */
00082         uint16_t max_len;
00083         /** Offset from start of message header */
00084         uint32_t offset;
00085 } __attribute__ (( packed ));
00086 
00087 /** A Negotiate message */
00088 struct ntlm_negotiate {
00089         /** Message header */
00090         struct ntlm_header header;
00091         /** Negotiation flags */
00092         uint32_t flags;
00093         /** Domain name */
00094         struct ntlm_data domain;
00095         /** Workstation name */
00096         struct ntlm_data workstation;
00097 } __attribute__ (( packed ));
00098 
00099 /** A Challenge message */
00100 struct ntlm_challenge {
00101         /** Message header */
00102         struct ntlm_header header;
00103         /** Target name */
00104         struct ntlm_data name;
00105         /** Negotiation flags */
00106         uint32_t flags;
00107         /** Server nonce */
00108         struct ntlm_nonce nonce;
00109         /** Reserved */
00110         uint8_t reserved[8];
00111         /** Target information */
00112         struct ntlm_data info;
00113 } __attribute__ (( packed ));
00114 
00115 /** An Authenticate message */
00116 struct ntlm_authenticate {
00117         /** Message header */
00118         struct ntlm_header header;
00119         /** LAN Manager response */
00120         struct ntlm_data lm;
00121         /** NT response */
00122         struct ntlm_data nt;
00123         /** Domain name */
00124         struct ntlm_data domain;
00125         /** User name */
00126         struct ntlm_data user;
00127         /** Workstation name */
00128         struct ntlm_data workstation;
00129         /** Session key */
00130         struct ntlm_data session;
00131         /** Negotiation flags */
00132         uint32_t flags;
00133 } __attribute__ (( packed ));
00134 
00135 /** A LAN Manager response */
00136 struct ntlm_lm_response {
00137         /** HMAC-MD5 digest */
00138         uint8_t digest[MD5_DIGEST_SIZE];
00139         /** Client nonce */
00140         struct ntlm_nonce nonce;
00141 } __attribute__ (( packed ));
00142 
00143 /** An NT response */
00144 struct ntlm_nt_response {
00145         /** HMAC-MD5 digest */
00146         uint8_t digest[MD5_DIGEST_SIZE];
00147         /** Response version */
00148         uint8_t version;
00149         /** Highest response version */
00150         uint8_t high;
00151         /** Reserved */
00152         uint8_t reserved_a[6];
00153         /** Current time */
00154         uint64_t time;
00155         /** Client nonce */
00156         struct ntlm_nonce nonce;
00157         /** Must be zero */
00158         uint32_t zero;
00159 } __attribute__ (( packed ));
00160 
00161 /** NTLM version */
00162 #define NTLM_VERSION_NTLMV2 0x01
00163 
00164 /** NTLM challenge information */
00165 struct ntlm_challenge_info {
00166         /** Server nonce */
00167         struct ntlm_nonce *nonce;
00168         /** Target information */
00169         void *target;
00170         /** Length of target information */
00171         size_t len;
00172 };
00173 
00174 /** An NTLM verification key */
00175 struct ntlm_key {
00176         /** Raw bytes */
00177         uint8_t raw[MD5_DIGEST_SIZE];
00178 };
00179 
00180 extern const struct ntlm_negotiate ntlm_negotiate;
00181 extern int ntlm_challenge ( struct ntlm_challenge *challenge, size_t len,
00182                             struct ntlm_challenge_info *info );
00183 extern void ntlm_key ( const char *domain, const char *username,
00184                        const char *password, struct ntlm_key *key );
00185 extern void ntlm_response ( struct ntlm_challenge_info *info,
00186                             struct ntlm_key *key, struct ntlm_nonce *nonce,
00187                             struct ntlm_lm_response *lm,
00188                             struct ntlm_nt_response *nt );
00189 extern size_t ntlm_authenticate ( struct ntlm_challenge_info *info,
00190                                   const char *domain, const char *username,
00191                                   const char *workstation,
00192                                   struct ntlm_lm_response *lm,
00193                                   struct ntlm_nt_response *nt,
00194                                   struct ntlm_authenticate *auth );
00195 extern size_t ntlm_authenticate_len ( struct ntlm_challenge_info *info,
00196                                       const char *domain, const char *username,
00197                                       const char *workstation );
00198 
00199 #endif /* _IPXE_NTLM_H */