1 #ifndef HEADER_VAUTH_NTLM_H 2 #define HEADER_VAUTH_NTLM_H 3 /*************************************************************************** 4 * _ _ ____ _ 5 * Project ___| | | | _ \| | 6 * / __| | | | |_) | | 7 * | (__| |_| | _ <| |___ 8 * \___|\___/|_| \_\_____| 9 * 10 * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al. 11 * 12 * This software is licensed as described in the file COPYING, which 13 * you should have received as part of this distribution. The terms 14 * are also available at https://curl.haxx.se/docs/copyright.html. 15 * 16 * You may opt to use, copy, modify, merge, publish, distribute and/or sell 17 * copies of the Software, and permit persons to whom the Software is 18 * furnished to do so, under the terms of the COPYING file. 19 * 20 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY 21 * KIND, either express or implied. 22 * 23 ***************************************************************************/ 24 25 #include "curl_setup.h" 26 27 #ifdef USE_NTLM 28 29 /* NTLM buffer fixed size, large enough for long user + host + domain */ 30 #define NTLM_BUFSIZE 1024 31 32 /* Stuff only required for curl_ntlm_msgs.c */ 33 #ifdef BUILDING_CURL_NTLM_MSGS_C 34 35 /* Flag bits definitions based on https://davenport.sourceforge.io/ntlm.html */ 36 37 #define NTLMFLAG_NEGOTIATE_UNICODE (1<<0) 38 /* Indicates that Unicode strings are supported for use in security buffer 39 data. */ 40 41 #define NTLMFLAG_NEGOTIATE_OEM (1<<1) 42 /* Indicates that OEM strings are supported for use in security buffer data. */ 43 44 #define NTLMFLAG_REQUEST_TARGET (1<<2) 45 /* Requests that the server's authentication realm be included in the Type 2 46 message. */ 47 48 /* unknown (1<<3) */ 49 #define NTLMFLAG_NEGOTIATE_SIGN (1<<4) 50 /* Specifies that authenticated communication between the client and server 51 should carry a digital signature (message integrity). */ 52 53 #define NTLMFLAG_NEGOTIATE_SEAL (1<<5) 54 /* Specifies that authenticated communication between the client and server 55 should be encrypted (message confidentiality). */ 56 57 #define NTLMFLAG_NEGOTIATE_DATAGRAM_STYLE (1<<6) 58 /* Indicates that datagram authentication is being used. */ 59 60 #define NTLMFLAG_NEGOTIATE_LM_KEY (1<<7) 61 /* Indicates that the LAN Manager session key should be used for signing and 62 sealing authenticated communications. */ 63 64 #define NTLMFLAG_NEGOTIATE_NETWARE (1<<8) 65 /* unknown purpose */ 66 67 #define NTLMFLAG_NEGOTIATE_NTLM_KEY (1<<9) 68 /* Indicates that NTLM authentication is being used. */ 69 70 /* unknown (1<<10) */ 71 72 #define NTLMFLAG_NEGOTIATE_ANONYMOUS (1<<11) 73 /* Sent by the client in the Type 3 message to indicate that an anonymous 74 context has been established. This also affects the response fields. */ 75 76 #define NTLMFLAG_NEGOTIATE_DOMAIN_SUPPLIED (1<<12) 77 /* Sent by the client in the Type 1 message to indicate that a desired 78 authentication realm is included in the message. */ 79 80 #define NTLMFLAG_NEGOTIATE_WORKSTATION_SUPPLIED (1<<13) 81 /* Sent by the client in the Type 1 message to indicate that the client 82 workstation's name is included in the message. */ 83 84 #define NTLMFLAG_NEGOTIATE_LOCAL_CALL (1<<14) 85 /* Sent by the server to indicate that the server and client are on the same 86 machine. Implies that the client may use a pre-established local security 87 context rather than responding to the challenge. */ 88 89 #define NTLMFLAG_NEGOTIATE_ALWAYS_SIGN (1<<15) 90 /* Indicates that authenticated communication between the client and server 91 should be signed with a "dummy" signature. */ 92 93 #define NTLMFLAG_TARGET_TYPE_DOMAIN (1<<16) 94 /* Sent by the server in the Type 2 message to indicate that the target 95 authentication realm is a domain. */ 96 97 #define NTLMFLAG_TARGET_TYPE_SERVER (1<<17) 98 /* Sent by the server in the Type 2 message to indicate that the target 99 authentication realm is a server. */ 100 101 #define NTLMFLAG_TARGET_TYPE_SHARE (1<<18) 102 /* Sent by the server in the Type 2 message to indicate that the target 103 authentication realm is a share. Presumably, this is for share-level 104 authentication. Usage is unclear. */ 105 106 #define NTLMFLAG_NEGOTIATE_NTLM2_KEY (1<<19) 107 /* Indicates that the NTLM2 signing and sealing scheme should be used for 108 protecting authenticated communications. */ 109 110 #define NTLMFLAG_REQUEST_INIT_RESPONSE (1<<20) 111 /* unknown purpose */ 112 113 #define NTLMFLAG_REQUEST_ACCEPT_RESPONSE (1<<21) 114 /* unknown purpose */ 115 116 #define NTLMFLAG_REQUEST_NONNT_SESSION_KEY (1<<22) 117 /* unknown purpose */ 118 119 #define NTLMFLAG_NEGOTIATE_TARGET_INFO (1<<23) 120 /* Sent by the server in the Type 2 message to indicate that it is including a 121 Target Information block in the message. */ 122 123 /* unknown (1<24) */ 124 /* unknown (1<25) */ 125 /* unknown (1<26) */ 126 /* unknown (1<27) */ 127 /* unknown (1<28) */ 128 129 #define NTLMFLAG_NEGOTIATE_128 (1<<29) 130 /* Indicates that 128-bit encryption is supported. */ 131 132 #define NTLMFLAG_NEGOTIATE_KEY_EXCHANGE (1<<30) 133 /* Indicates that the client will provide an encrypted master key in 134 the "Session Key" field of the Type 3 message. */ 135 136 #define NTLMFLAG_NEGOTIATE_56 (1<<31) 137 /* Indicates that 56-bit encryption is supported. */ 138 139 #endif /* BUILDING_CURL_NTLM_MSGS_C */ 140 141 #endif /* USE_NTLM */ 142 143 #endif /* HEADER_VAUTH_NTLM_H */ 144