windows-nt/Source/XPSP1/NT/inetsrv/iis/staxinc/ntlmsspi.h
2020-09-26 16:20:57 +08:00

263 lines
7.9 KiB
C

//+---------------------------------------------------------------------------
//
// Copyright (c) 1993 Microsoft Corporation
//
// File: ntlmsspi.h
//
// Contents: Header file describing the interface to code common to the NT
// Lanman Security Support Provider (NtLmSsp) Service and the DLL.
//
// History: SudK Created 6/22/95
//
//----------------------------------------------------------------------------
#ifndef _SICILY_NTLMSSPI_INCLUDED_
#define _SICILY_NTLMSSPI_INCLUDED_
#define MSV1_0_CHALLENGE_LENGTH 8
//
// Maximum lifetime of a context
//
#define NTLMSSP_MAX_LIFETIME (2L*60L*1000L) // 2 minutes
////////////////////////////////////////////////////////////////////////
//
// Opaque Messages passed between client and server
//
////////////////////////////////////////////////////////////////////////
#define NTLMSSP_SIGNATURE "NTLMSSP"
#define NTLMSSP_SIGN_VERSION 1
//
// MessageType for the following messages.
//
#ifndef WIN16_BUILD
typedef enum {
NtLmNegotiate = 1,
NtLmChallenge,
NtLmAuthenticate,
NtLmRedirect
} NTLM_MESSAGE_TYPE;
#else
#define NtLmNegotiate 1
#define NtLmChallenge 2
#define NtLmAuthenticate 3
#define NtLmRedirect 4
typedef long NTLM_MESSAGE_TYPE;
#endif // WIN16_BUILD
//
// Valid values of NegotiateFlags
//
#define NTLMSSP_NEGOTIATE_UNICODE 0x0001 // Text strings are in unicode
#define NTLMSSP_NEGOTIATE_OEM 0x0002 // Text strings are in OEM
#define NTLMSSP_REQUEST_TARGET 0x0004 // Server should return its
// authentication realm
#define NTLMSSP_NEGOTIATE_SIGN 0x0010 // Request signature capability
#define NTLMSSP_NEGOTIATE_SEAL 0x0020 // Request confidentiality
#define NTLMSSP_RESERVED 0x0040 // reserved for past use
#define NTLMSSP_NEGOTIATE_LM_KEY 0x0080 // Use LM session key for sign/seal
#define NTLMSSP_NEGOTIATE_NETWARE 0x0100 // NetWare authentication
#define NTLMSSP_NEGOTIATE_NTLM 0x0200 // NTLM authentication
#define NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED 0x1000 // Domain Name supplied on negotiate
#define NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED 0x2000 // Workstation Name supplied on negotiate
#define NTLMSSP_NEGOTIATE_LOCAL_CALL 0x4000 // Indicates client/server are same machine
#define NTLMSSP_NEGOTIATE_ALWAYS_SIGN 0x8000 // Sign for all security levels
//
// Valid target types returned by the server in Negotiate Flags
//
#define NTLMSSP_TARGET_TYPE_DOMAIN 0x10000 // TargetName is a domain name
#define NTLMSSP_TARGET_TYPE_SERVER 0x20000 // TargetName is a server name
#define NTLMSSP_TARGET_TYPE_SHARE 0x40000 // TargetName is a share name
//
// Opaque message returned from first call to InitializeSecurityContext
//
#define SIC_MIN_STR_SIZE sizeof(ULONG)
#define MSAP_EXTRA_STR_SIZE(nn) \
((nn > SIC_MIN_STR_SIZE) ? nn - SIC_MIN_STR_SIZE : 0)
// New Sicily 2.0 Negotiate message
//
typedef struct _SIC20_NEGOTIATE_MSG {
UCHAR Signature[sizeof(NTLMSSP_SIGNATURE)];
NTLM_MESSAGE_TYPE MessageType;
ULONG NegotiateFlags;
STRING OemDomainName;
STRING OemWorkstationName;
// Reserved for future Sicily enhancement
ULONG Reserved1; // for future multiple realm support
ULONG Reserved2; // for future multiple realm support
CHAR Reserved3[SIC_MIN_STR_SIZE]; // for future multiple realm support
} SIC20_NEGOTIATE_MSG, *PSIC20_NEGOTIATE_MSG;
typedef struct _NEGOTIATE_MESSAGE {
UCHAR Signature[sizeof(NTLMSSP_SIGNATURE)];
NTLM_MESSAGE_TYPE MessageType;
ULONG NegotiateFlags;
STRING OemDomainName;
STRING OemWorkstationName;
} NEGOTIATE_MESSAGE, *PNEGOTIATE_MESSAGE;
//
// Old version of the message, for old clients
//
typedef struct _OLD_NEGOTIATE_MESSAGE {
UCHAR Signature[sizeof(NTLMSSP_SIGNATURE)];
NTLM_MESSAGE_TYPE MessageType;
ULONG NegotiateFlags;
} OLD_NEGOTIATE_MESSAGE, *POLD_NEGOTIATE_MESSAGE;
//
// Opaque message returned from first call to AcceptSecurityContext
//
typedef struct _SIC20_CHALLENGE_MSG {
UCHAR Signature[sizeof(NTLMSSP_SIGNATURE)];
NTLM_MESSAGE_TYPE MessageType;
STRING TargetName;
ULONG NegotiateFlags;
UCHAR Challenge[MSV1_0_CHALLENGE_LENGTH];
ULONG ServerContextHandleLower;
ULONG ServerContextHandleUpper;
// Reserved for future Sicily enhancement
ULONG Reserved1; // for future multiple realm support
ULONG Reserved2; // for future multiple realm support
ULONG RealmListSize; // list of comma seperated realms which server has
// ServerRealms consists of multiple Null terminated strings, each
// represent a realm. This list is terminated by 2 Null characters.
// For now, this only has one realm
//
CHAR ServerRealms[SIC_MIN_STR_SIZE];
} SIC20_CHALLENGE_MSG, *PSIC20_CHALLENGE_MSG;
typedef struct _CHALLENGE_MESSAGE {
UCHAR Signature[sizeof(NTLMSSP_SIGNATURE)];
NTLM_MESSAGE_TYPE MessageType;
STRING TargetName;
ULONG NegotiateFlags;
UCHAR Challenge[MSV1_0_CHALLENGE_LENGTH];
ULONG ServerContextHandleLower;
ULONG ServerContextHandleUpper;
} CHALLENGE_MESSAGE, *PCHALLENGE_MESSAGE;
//
// Old version of the challenge message
//
typedef struct _OLD_CHALLENGE_MESSAGE {
UCHAR Signature[sizeof(NTLMSSP_SIGNATURE)];
NTLM_MESSAGE_TYPE MessageType;
STRING TargetName;
ULONG NegotiateFlags;
UCHAR Challenge[MSV1_0_CHALLENGE_LENGTH];
} OLD_CHALLENGE_MESSAGE, *POLD_CHALLENGE_MESSAGE;
//
// Opaque message returned from second call to InitializeSecurityContext
//
typedef struct SIC20_AUTHENTICATE_MSG {
UCHAR Signature[sizeof(NTLMSSP_SIGNATURE)];
NTLM_MESSAGE_TYPE MessageType;
STRING LmChallengeResponse;
STRING NtChallengeResponse;
STRING DomainName;
STRING UserName;
STRING Workstation;
STRING Challenge; // This must be the last field for ease of
// backward compatibility
} SIC20_AUTHENTICATE_MSG, *PSIC20_AUTHENTICATE_MSG;
typedef struct _AUTHENTICATE_MESSAGE {
UCHAR Signature[sizeof(NTLMSSP_SIGNATURE)];
NTLM_MESSAGE_TYPE MessageType;
STRING LmChallengeResponse;
STRING NtChallengeResponse;
STRING DomainName;
STRING UserName;
STRING Workstation;
} AUTHENTICATE_MESSAGE, *PAUTHENTICATE_MESSAGE;
//
// Opaque message sent by SSL ISAPI extension which forces the SSPI to
// reuse the supplied credential handle, which was previously created
// through the accept security context API's.
//
typedef struct _REDIRECT_MESSAGE {
UCHAR Signature[sizeof(NTLMSSP_SIGNATURE)];
NTLM_MESSAGE_TYPE MessageType;
BYTE KeyData[4];
CredHandle OriginalHandle;
} REDIRECT_MESSAGE, *PREDIRECT_MESSAGE;
//
// Size of the largest message
// (The largest message is the AUTHENTICATE_MESSAGE)
//
#define DNLEN_SICILY 15
#define NTLMSSP_MAX_MESSAGE_SIZE (sizeof(AUTHENTICATE_MESSAGE) + \
LM_RESPONSE_LENGTH + \
NT_RESPONSE_LENGTH + \
(DNLEN_SICILY + 1) * sizeof(WCHAR) + \
(MAX_PATH + 1) * sizeof(WCHAR) + \
(MAX_PATH + 1) * sizeof(WCHAR))
#ifdef MAC
#define swaplongtype(Value,Type) \
Value = (Type)( ((((long)Value) & 0xFF000000) >> 24) \
| ((((long)Value) & 0x00FF0000) >> 8) \
| ((((long)Value) & 0x0000FF00) << 8) \
| ((((long)Value) & 0x000000FF) << 24))
#else
#define swaplongtype(value,type)
#endif
#ifdef MAC
#define swaplong(Value) \
Value = ( (((Value) & 0xFF000000) >> 24) \
| (((Value) & 0x00FF0000) >> 8) \
| (((Value) & 0x0000FF00) << 8) \
| (((Value) & 0x000000FF) << 24))
#else
#define swaplong(Value)
#endif
#ifdef MAC
#define swapshort(Value) \
Value = ( (((Value) & 0x00FF) << 8) \
| (((Value) & 0xFF00) >> 8))
#else
#define swapshort(Value)
#endif
#endif // ifndef _SICILY_NTLMSSPI_INCLUDED_