2011-08-12 14:02:01 -04:00
|
|
|
#ifndef HEADER_CURL_NTLM_H
|
|
|
|
#define HEADER_CURL_NTLM_H
|
|
|
|
/***************************************************************************
|
|
|
|
* _ _ ____ _
|
|
|
|
* Project ___| | | | _ \| |
|
|
|
|
* / __| | | | |_) | |
|
|
|
|
* | (__| |_| | _ <| |___
|
|
|
|
* \___|\___/|_| \_\_____|
|
|
|
|
*
|
|
|
|
* Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
|
|
|
|
*
|
|
|
|
* This software is licensed as described in the file COPYING, which
|
|
|
|
* you should have received as part of this distribution. The terms
|
|
|
|
* are also available at http://curl.haxx.se/docs/copyright.html.
|
|
|
|
*
|
|
|
|
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
|
|
|
|
* copies of the Software, and permit persons to whom the Software is
|
|
|
|
* furnished to do so, under the terms of the COPYING file.
|
|
|
|
*
|
|
|
|
* This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
|
|
|
|
* KIND, either express or implied.
|
|
|
|
*
|
|
|
|
***************************************************************************/
|
|
|
|
|
|
|
|
#ifdef USE_NTLM
|
|
|
|
|
http NTLM: split http_ntlm.[ch] between http_ntlm.[ch] and curl_ntlm.[ch]
For modularity purposes, huge chunks of NTLM existing code is transformed into
functions to allow future internal code reuse.
Resulting three new libcurl private functions:
- Curl_ntlm_create_type1_message()
- Curl_ntlm_create_type3_message()
- Curl_ntlm_decode_type2_message()
Changing static ntlm_sspi_cleanup() into non-static Curl_ntlm_sspi_cleanup()
This 'refactoring' has been prepared by previous commits to allow that this
specific one does not introduce any change to existing code. All existing
goodness and badness previous to this commit should remain the same once it is
applied, the only difference should be that existing code is moved into
functions.
Given the quite big portions of code being moved around, and the importance of
change traceability, this commit has been done in such a way that it is
possible to perform a three-way diff from initial http_ntlm.[ch] to resulting
http_ntlm.[ch] and curl_ntlm.[ch] to actually verify that no functional change
is introduced here.
Notice that Steve Holme has provided several patches, but these included this
refactoring along with 'extra' fixes. I really wanted this 'clean' refactoring
done first, in order to allow discussion or committing of 'extra' fixes on a
case by case basis, so, I had to bite the bullet ;-)
Comments, line adjustments, compiler warning fixes, whatever, may follow
afterwards.
2011-08-14 09:45:19 -04:00
|
|
|
/* This is to generate a ntlm type-1 message */
|
|
|
|
CURLcode Curl_ntlm_create_type1_message(const char *userp,
|
|
|
|
const char *passwdp,
|
|
|
|
struct ntlmdata *ntlm,
|
|
|
|
unsigned char *ntlmbuf,
|
|
|
|
size_t *size);
|
|
|
|
|
|
|
|
/* This is to generate a ntlm type-3 message */
|
|
|
|
CURLcode Curl_ntlm_create_type3_message(struct SessionHandle *data,
|
|
|
|
const char *userp,
|
|
|
|
const char *passwdp,
|
|
|
|
struct ntlmdata *ntlm,
|
|
|
|
unsigned char *ntlmbuf,
|
|
|
|
size_t *size);
|
|
|
|
|
|
|
|
/* This is to decode a ntlm type-2 message */
|
|
|
|
CURLcode Curl_ntlm_decode_type2_message(struct SessionHandle *data,
|
|
|
|
const char* header,
|
|
|
|
struct ntlmdata* ntlm);
|
|
|
|
|
|
|
|
/* This is to clean up the ntlm data structure */
|
|
|
|
#ifdef USE_WINDOWS_SSPI
|
|
|
|
void Curl_ntlm_sspi_cleanup(struct ntlmdata *ntlm);
|
|
|
|
#endif
|
|
|
|
|
2011-08-12 14:02:01 -04:00
|
|
|
/* NTLM buffer fixed size, large enough for long user + host + domain */
|
|
|
|
#define NTLM_BUFSIZE 1024
|
|
|
|
|
|
|
|
/* Flag bits definitions based on http://davenport.sourceforge.net/ntlm.html */
|
|
|
|
|
|
|
|
#define NTLMFLAG_NEGOTIATE_UNICODE (1<<0)
|
|
|
|
/* Indicates that Unicode strings are supported for use in security buffer
|
|
|
|
data. */
|
|
|
|
|
|
|
|
#define NTLMFLAG_NEGOTIATE_OEM (1<<1)
|
|
|
|
/* Indicates that OEM strings are supported for use in security buffer data. */
|
|
|
|
|
|
|
|
#define NTLMFLAG_REQUEST_TARGET (1<<2)
|
|
|
|
/* Requests that the server's authentication realm be included in the Type 2
|
|
|
|
message. */
|
|
|
|
|
|
|
|
/* unknown (1<<3) */
|
|
|
|
#define NTLMFLAG_NEGOTIATE_SIGN (1<<4)
|
|
|
|
/* Specifies that authenticated communication between the client and server
|
|
|
|
should carry a digital signature (message integrity). */
|
|
|
|
|
|
|
|
#define NTLMFLAG_NEGOTIATE_SEAL (1<<5)
|
|
|
|
/* Specifies that authenticated communication between the client and server
|
|
|
|
should be encrypted (message confidentiality). */
|
|
|
|
|
|
|
|
#define NTLMFLAG_NEGOTIATE_DATAGRAM_STYLE (1<<6)
|
|
|
|
/* Indicates that datagram authentication is being used. */
|
|
|
|
|
|
|
|
#define NTLMFLAG_NEGOTIATE_LM_KEY (1<<7)
|
|
|
|
/* Indicates that the LAN Manager session key should be used for signing and
|
|
|
|
sealing authenticated communications. */
|
|
|
|
|
|
|
|
#define NTLMFLAG_NEGOTIATE_NETWARE (1<<8)
|
|
|
|
/* unknown purpose */
|
|
|
|
|
|
|
|
#define NTLMFLAG_NEGOTIATE_NTLM_KEY (1<<9)
|
|
|
|
/* Indicates that NTLM authentication is being used. */
|
|
|
|
|
|
|
|
/* unknown (1<<10) */
|
|
|
|
|
|
|
|
#define NTLMFLAG_NEGOTIATE_ANONYMOUS (1<<11)
|
|
|
|
/* Sent by the client in the Type 3 message to indicate that an anonymous
|
|
|
|
context has been established. This also affects the response fields. */
|
|
|
|
|
|
|
|
#define NTLMFLAG_NEGOTIATE_DOMAIN_SUPPLIED (1<<12)
|
|
|
|
/* Sent by the client in the Type 1 message to indicate that a desired
|
|
|
|
authentication realm is included in the message. */
|
|
|
|
|
|
|
|
#define NTLMFLAG_NEGOTIATE_WORKSTATION_SUPPLIED (1<<13)
|
|
|
|
/* Sent by the client in the Type 1 message to indicate that the client
|
|
|
|
workstation's name is included in the message. */
|
|
|
|
|
|
|
|
#define NTLMFLAG_NEGOTIATE_LOCAL_CALL (1<<14)
|
|
|
|
/* Sent by the server to indicate that the server and client are on the same
|
|
|
|
machine. Implies that the client may use a pre-established local security
|
|
|
|
context rather than responding to the challenge. */
|
|
|
|
|
|
|
|
#define NTLMFLAG_NEGOTIATE_ALWAYS_SIGN (1<<15)
|
|
|
|
/* Indicates that authenticated communication between the client and server
|
|
|
|
should be signed with a "dummy" signature. */
|
|
|
|
|
|
|
|
#define NTLMFLAG_TARGET_TYPE_DOMAIN (1<<16)
|
|
|
|
/* Sent by the server in the Type 2 message to indicate that the target
|
|
|
|
authentication realm is a domain. */
|
|
|
|
|
|
|
|
#define NTLMFLAG_TARGET_TYPE_SERVER (1<<17)
|
|
|
|
/* Sent by the server in the Type 2 message to indicate that the target
|
|
|
|
authentication realm is a server. */
|
|
|
|
|
|
|
|
#define NTLMFLAG_TARGET_TYPE_SHARE (1<<18)
|
|
|
|
/* Sent by the server in the Type 2 message to indicate that the target
|
|
|
|
authentication realm is a share. Presumably, this is for share-level
|
|
|
|
authentication. Usage is unclear. */
|
|
|
|
|
|
|
|
#define NTLMFLAG_NEGOTIATE_NTLM2_KEY (1<<19)
|
|
|
|
/* Indicates that the NTLM2 signing and sealing scheme should be used for
|
|
|
|
protecting authenticated communications. */
|
|
|
|
|
|
|
|
#define NTLMFLAG_REQUEST_INIT_RESPONSE (1<<20)
|
|
|
|
/* unknown purpose */
|
|
|
|
|
|
|
|
#define NTLMFLAG_REQUEST_ACCEPT_RESPONSE (1<<21)
|
|
|
|
/* unknown purpose */
|
|
|
|
|
|
|
|
#define NTLMFLAG_REQUEST_NONNT_SESSION_KEY (1<<22)
|
|
|
|
/* unknown purpose */
|
|
|
|
|
|
|
|
#define NTLMFLAG_NEGOTIATE_TARGET_INFO (1<<23)
|
|
|
|
/* Sent by the server in the Type 2 message to indicate that it is including a
|
|
|
|
Target Information block in the message. */
|
|
|
|
|
|
|
|
/* unknown (1<24) */
|
|
|
|
/* unknown (1<25) */
|
|
|
|
/* unknown (1<26) */
|
|
|
|
/* unknown (1<27) */
|
|
|
|
/* unknown (1<28) */
|
|
|
|
|
|
|
|
#define NTLMFLAG_NEGOTIATE_128 (1<<29)
|
|
|
|
/* Indicates that 128-bit encryption is supported. */
|
|
|
|
|
|
|
|
#define NTLMFLAG_NEGOTIATE_KEY_EXCHANGE (1<<30)
|
|
|
|
/* Indicates that the client will provide an encrypted master key in
|
|
|
|
the "Session Key" field of the Type 3 message. */
|
|
|
|
|
|
|
|
#define NTLMFLAG_NEGOTIATE_56 (1<<31)
|
|
|
|
/* Indicates that 56-bit encryption is supported. */
|
|
|
|
|
|
|
|
#endif /* USE_NTLM */
|
|
|
|
|
|
|
|
#endif /* HEADER_CURL_NTLM_H */
|