windows-nt/Source/XPSP1/NT/inetsrv/iis/staxinc/ntlmsspi.h

//+---------------------------------------------------------------------------
//
//  Copyright (c) 1993 Microsoft Corporation
//
//  File:       ntlmsspi.h
//
//  Contents:	Header file describing the interface to code common to the NT
//				Lanman Security Support Provider (NtLmSsp) Service and the DLL.
//
//  History:    SudK    Created     6/22/95
//
//----------------------------------------------------------------------------

#ifndef _SICILY_NTLMSSPI_INCLUDED_
#define _SICILY_NTLMSSPI_INCLUDED_


#define MSV1_0_CHALLENGE_LENGTH     8
    
//
// Maximum lifetime of a context
//
#define NTLMSSP_MAX_LIFETIME (2L*60L*1000L)    // 2 minutes

////////////////////////////////////////////////////////////////////////
//
// Opaque Messages passed between client and server
//
////////////////////////////////////////////////////////////////////////

#define NTLMSSP_SIGNATURE "NTLMSSP"
#define NTLMSSP_SIGN_VERSION   1

//
// MessageType for the following messages.
//

#ifndef WIN16_BUILD

typedef enum {
    NtLmNegotiate = 1,
    NtLmChallenge,
    NtLmAuthenticate,
	NtLmRedirect
} NTLM_MESSAGE_TYPE;

#else

#define NtLmNegotiate 1
#define NtLmChallenge 2
#define NtLmAuthenticate 3
#define NtLmRedirect 4

typedef long NTLM_MESSAGE_TYPE;

#endif // WIN16_BUILD

//
// Valid values of NegotiateFlags
//

#define NTLMSSP_NEGOTIATE_UNICODE    0x0001  // Text strings are in unicode
#define NTLMSSP_NEGOTIATE_OEM        0x0002  // Text strings are in OEM
#define NTLMSSP_REQUEST_TARGET       0x0004  // Server should return its
                                             // authentication realm
#define NTLMSSP_NEGOTIATE_SIGN        0x0010  // Request signature capability
#define NTLMSSP_NEGOTIATE_SEAL        0x0020  // Request confidentiality
#define NTLMSSP_RESERVED              0x0040  // reserved for past use
#define NTLMSSP_NEGOTIATE_LM_KEY      0x0080  // Use LM session key for sign/seal

#define NTLMSSP_NEGOTIATE_NETWARE    0x0100  // NetWare authentication
#define NTLMSSP_NEGOTIATE_NTLM       0x0200  // NTLM authentication

#define NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED  0x1000  // Domain Name supplied on negotiate
#define NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED  0x2000  // Workstation Name supplied on negotiate
#define NTLMSSP_NEGOTIATE_LOCAL_CALL  0x4000 // Indicates client/server are same machine
#define NTLMSSP_NEGOTIATE_ALWAYS_SIGN 0x8000 // Sign for all security levels


//
// Valid target types returned by the server in Negotiate Flags
//

#define NTLMSSP_TARGET_TYPE_DOMAIN 0x10000  // TargetName is a domain name
#define NTLMSSP_TARGET_TYPE_SERVER 0x20000  // TargetName is a server name
#define NTLMSSP_TARGET_TYPE_SHARE  0x40000  // TargetName is a share name

//
// Opaque message returned from first call to InitializeSecurityContext
//

#define SIC_MIN_STR_SIZE            sizeof(ULONG)
#define MSAP_EXTRA_STR_SIZE(nn)     \
                        ((nn > SIC_MIN_STR_SIZE) ? nn - SIC_MIN_STR_SIZE : 0)

// New Sicily 2.0 Negotiate message
//
typedef struct _SIC20_NEGOTIATE_MSG {
    UCHAR Signature[sizeof(NTLMSSP_SIGNATURE)];
    NTLM_MESSAGE_TYPE MessageType;
    ULONG NegotiateFlags;
    STRING OemDomainName;
    STRING OemWorkstationName;

    // Reserved for future Sicily enhancement

    ULONG  Reserved1;                   // for future multiple realm support
    ULONG  Reserved2;                   // for future multiple realm support
    CHAR   Reserved3[SIC_MIN_STR_SIZE]; // for future multiple realm support

} SIC20_NEGOTIATE_MSG, *PSIC20_NEGOTIATE_MSG;


typedef struct _NEGOTIATE_MESSAGE {
    UCHAR Signature[sizeof(NTLMSSP_SIGNATURE)];
    NTLM_MESSAGE_TYPE MessageType;
    ULONG NegotiateFlags;
    STRING OemDomainName;
    STRING OemWorkstationName;
} NEGOTIATE_MESSAGE, *PNEGOTIATE_MESSAGE;


//
// Old version of the message, for old clients
//

typedef struct _OLD_NEGOTIATE_MESSAGE {
    UCHAR Signature[sizeof(NTLMSSP_SIGNATURE)];
    NTLM_MESSAGE_TYPE MessageType;
    ULONG NegotiateFlags;
} OLD_NEGOTIATE_MESSAGE, *POLD_NEGOTIATE_MESSAGE;

//
// Opaque message returned from first call to AcceptSecurityContext
//
typedef struct _SIC20_CHALLENGE_MSG {
    UCHAR Signature[sizeof(NTLMSSP_SIGNATURE)];
    NTLM_MESSAGE_TYPE MessageType;
    STRING TargetName;
    ULONG NegotiateFlags;
    UCHAR Challenge[MSV1_0_CHALLENGE_LENGTH];
    ULONG ServerContextHandleLower;
    ULONG ServerContextHandleUpper;

    // Reserved for future Sicily enhancement

    ULONG  Reserved1;       // for future multiple realm support
    ULONG  Reserved2;       // for future multiple realm support
    ULONG  RealmListSize;   // list of comma seperated realms which server has

    //  ServerRealms consists of multiple Null terminated strings, each 
    //  represent a realm. This list is terminated by 2 Null characters.
    //  For now, this only has one realm
    //
    CHAR   ServerRealms[SIC_MIN_STR_SIZE]; 

} SIC20_CHALLENGE_MSG, *PSIC20_CHALLENGE_MSG;

typedef struct _CHALLENGE_MESSAGE {
    UCHAR Signature[sizeof(NTLMSSP_SIGNATURE)];
    NTLM_MESSAGE_TYPE MessageType;
    STRING TargetName;
    ULONG NegotiateFlags;
    UCHAR Challenge[MSV1_0_CHALLENGE_LENGTH];
    ULONG ServerContextHandleLower;
    ULONG ServerContextHandleUpper;
} CHALLENGE_MESSAGE, *PCHALLENGE_MESSAGE;

//
// Old version of the challenge message
//

typedef struct _OLD_CHALLENGE_MESSAGE {
    UCHAR Signature[sizeof(NTLMSSP_SIGNATURE)];
    NTLM_MESSAGE_TYPE MessageType;
    STRING TargetName;
    ULONG NegotiateFlags;
    UCHAR Challenge[MSV1_0_CHALLENGE_LENGTH];
} OLD_CHALLENGE_MESSAGE, *POLD_CHALLENGE_MESSAGE;

//
// Opaque message returned from second call to InitializeSecurityContext
//
typedef struct SIC20_AUTHENTICATE_MSG {
    UCHAR Signature[sizeof(NTLMSSP_SIGNATURE)];
    NTLM_MESSAGE_TYPE MessageType;
    STRING LmChallengeResponse;
    STRING NtChallengeResponse;
    STRING DomainName;
    STRING UserName;
    STRING Workstation;
    STRING Challenge;       // This must be the last field for ease of 
                            // backward compatibility
} SIC20_AUTHENTICATE_MSG, *PSIC20_AUTHENTICATE_MSG;

typedef struct _AUTHENTICATE_MESSAGE {
    UCHAR Signature[sizeof(NTLMSSP_SIGNATURE)];
    NTLM_MESSAGE_TYPE MessageType;
    STRING LmChallengeResponse;
    STRING NtChallengeResponse;
    STRING DomainName;
    STRING UserName;
    STRING Workstation;
} AUTHENTICATE_MESSAGE, *PAUTHENTICATE_MESSAGE;

//
// Opaque message sent by SSL ISAPI extension which forces the SSPI to
// reuse the supplied credential handle, which was previously created 
// through the accept security context API's.
//

typedef struct _REDIRECT_MESSAGE {
    UCHAR Signature[sizeof(NTLMSSP_SIGNATURE)];
    NTLM_MESSAGE_TYPE MessageType;
	BYTE KeyData[4];
	CredHandle OriginalHandle;
} REDIRECT_MESSAGE, *PREDIRECT_MESSAGE;

//
// Size of the largest message
//  (The largest message is the AUTHENTICATE_MESSAGE)
//

#define DNLEN_SICILY 15

#define NTLMSSP_MAX_MESSAGE_SIZE (sizeof(AUTHENTICATE_MESSAGE) + \
                                  LM_RESPONSE_LENGTH +           \
                                  NT_RESPONSE_LENGTH +           \
                                  (DNLEN_SICILY + 1) * sizeof(WCHAR) +  \
                                  (MAX_PATH + 1) * sizeof(WCHAR) +  \
                                  (MAX_PATH + 1) * sizeof(WCHAR))

#ifdef MAC
#define swaplongtype(Value,Type) \
      	  Value =  (Type)(  ((((long)Value) & 0xFF000000) >> 24) \
             | ((((long)Value) & 0x00FF0000) >> 8) \
             | ((((long)Value) & 0x0000FF00) << 8) \
             | ((((long)Value) & 0x000000FF) << 24))
#else
#define swaplongtype(value,type)
#endif

#ifdef MAC
#define swaplong(Value) \
      	  Value =  (  (((Value) & 0xFF000000) >> 24) \
             | (((Value) & 0x00FF0000) >> 8) \
             | (((Value) & 0x0000FF00) << 8) \
             | (((Value) & 0x000000FF) << 24))
#else
#define swaplong(Value)
#endif

#ifdef MAC
#define swapshort(Value) \
   Value = (  (((Value) & 0x00FF) << 8) \
             | (((Value) & 0xFF00) >> 8))
#else
#define swapshort(Value)
#endif


#endif // ifndef _SICILY_NTLMSSPI_INCLUDED_