xref: /curl/lib/vauth/ntlm.h (revision 2bc1d775)
1 #ifndef HEADER_VAUTH_NTLM_H
2 #define HEADER_VAUTH_NTLM_H
3 /***************************************************************************
4  *                                  _   _ ____  _
5  *  Project                     ___| | | |  _ \| |
6  *                             / __| | | | |_) | |
7  *                            | (__| |_| |  _ <| |___
8  *                             \___|\___/|_| \_\_____|
9  *
10  * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
11  *
12  * This software is licensed as described in the file COPYING, which
13  * you should have received as part of this distribution. The terms
14  * are also available at https://curl.se/docs/copyright.html.
15  *
16  * You may opt to use, copy, modify, merge, publish, distribute and/or sell
17  * copies of the Software, and permit persons to whom the Software is
18  * furnished to do so, under the terms of the COPYING file.
19  *
20  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
21  * KIND, either express or implied.
22  *
23  * SPDX-License-Identifier: curl
24  *
25  ***************************************************************************/
26 
27 #include "curl_setup.h"
28 
29 #ifdef USE_NTLM
30 
31 /* NTLM buffer fixed size, large enough for long user + host + domain */
32 #define NTLM_BUFSIZE 1024
33 
34 /* Stuff only required for curl_ntlm_msgs.c */
35 #ifdef BUILDING_CURL_NTLM_MSGS_C
36 
37 /* Flag bits definitions based on
38    https://davenport.sourceforge.net/ntlm.html */
39 
40 #define NTLMFLAG_NEGOTIATE_UNICODE               (1<<0)
41 /* Indicates that Unicode strings are supported for use in security buffer
42    data. */
43 
44 #define NTLMFLAG_NEGOTIATE_OEM                   (1<<1)
45 /* Indicates that OEM strings are supported for use in security buffer data. */
46 
47 #define NTLMFLAG_REQUEST_TARGET                  (1<<2)
48 /* Requests that the server's authentication realm be included in the Type 2
49    message. */
50 
51 /* unknown (1<<3) */
52 #define NTLMFLAG_NEGOTIATE_SIGN                  (1<<4)
53 /* Specifies that authenticated communication between the client and server
54    should carry a digital signature (message integrity). */
55 
56 #define NTLMFLAG_NEGOTIATE_SEAL                  (1<<5)
57 /* Specifies that authenticated communication between the client and server
58    should be encrypted (message confidentiality). */
59 
60 #define NTLMFLAG_NEGOTIATE_DATAGRAM_STYLE        (1<<6)
61 /* Indicates that datagram authentication is being used. */
62 
63 #define NTLMFLAG_NEGOTIATE_LM_KEY                (1<<7)
64 /* Indicates that the LAN Manager session key should be used for signing and
65    sealing authenticated communications. */
66 
67 #define NTLMFLAG_NEGOTIATE_NTLM_KEY              (1<<9)
68 /* Indicates that NTLM authentication is being used. */
69 
70 /* unknown (1<<10) */
71 
72 #define NTLMFLAG_NEGOTIATE_ANONYMOUS             (1<<11)
73 /* Sent by the client in the Type 3 message to indicate that an anonymous
74    context has been established. This also affects the response fields. */
75 
76 #define NTLMFLAG_NEGOTIATE_DOMAIN_SUPPLIED       (1<<12)
77 /* Sent by the client in the Type 1 message to indicate that a desired
78    authentication realm is included in the message. */
79 
80 #define NTLMFLAG_NEGOTIATE_WORKSTATION_SUPPLIED  (1<<13)
81 /* Sent by the client in the Type 1 message to indicate that the client
82    workstation's name is included in the message. */
83 
84 #define NTLMFLAG_NEGOTIATE_LOCAL_CALL            (1<<14)
85 /* Sent by the server to indicate that the server and client are on the same
86    machine. Implies that the client may use a pre-established local security
87    context rather than responding to the challenge. */
88 
89 #define NTLMFLAG_NEGOTIATE_ALWAYS_SIGN           (1<<15)
90 /* Indicates that authenticated communication between the client and server
91    should be signed with a "dummy" signature. */
92 
93 #define NTLMFLAG_TARGET_TYPE_DOMAIN              (1<<16)
94 /* Sent by the server in the Type 2 message to indicate that the target
95    authentication realm is a domain. */
96 
97 #define NTLMFLAG_TARGET_TYPE_SERVER              (1<<17)
98 /* Sent by the server in the Type 2 message to indicate that the target
99    authentication realm is a server. */
100 
101 #define NTLMFLAG_TARGET_TYPE_SHARE               (1<<18)
102 /* Sent by the server in the Type 2 message to indicate that the target
103    authentication realm is a share. Presumably, this is for share-level
104    authentication. Usage is unclear. */
105 
106 #define NTLMFLAG_NEGOTIATE_NTLM2_KEY             (1<<19)
107 /* Indicates that the NTLM2 signing and sealing scheme should be used for
108    protecting authenticated communications. */
109 
110 #define NTLMFLAG_REQUEST_INIT_RESPONSE           (1<<20)
111 /* unknown purpose */
112 
113 #define NTLMFLAG_REQUEST_ACCEPT_RESPONSE         (1<<21)
114 /* unknown purpose */
115 
116 #define NTLMFLAG_REQUEST_NONNT_SESSION_KEY       (1<<22)
117 /* unknown purpose */
118 
119 #define NTLMFLAG_NEGOTIATE_TARGET_INFO           (1<<23)
120 /* Sent by the server in the Type 2 message to indicate that it is including a
121    Target Information block in the message. */
122 
123 /* unknown (1<24) */
124 /* unknown (1<25) */
125 /* unknown (1<26) */
126 /* unknown (1<27) */
127 /* unknown (1<28) */
128 
129 #define NTLMFLAG_NEGOTIATE_128                   (1<<29)
130 /* Indicates that 128-bit encryption is supported. */
131 
132 #define NTLMFLAG_NEGOTIATE_KEY_EXCHANGE          (1<<30)
133 /* Indicates that the client will provide an encrypted master key in
134    the "Session Key" field of the Type 3 message. */
135 
136 #define NTLMFLAG_NEGOTIATE_56                    (1<<31)
137 /* Indicates that 56-bit encryption is supported. */
138 
139 #endif /* BUILDING_CURL_NTLM_MSGS_C */
140 
141 #endif /* USE_NTLM */
142 
143 #endif /* HEADER_VAUTH_NTLM_H */
144