xref: /third_party/curl/lib/vauth/ntlm.h (revision 13498266) 
1#ifndef HEADER_VAUTH_NTLM_H
2#define HEADER_VAUTH_NTLM_H
3/***************************************************************************
4 *                                  _   _ ____  _
5 *  Project                     ___| | | |  _ \| |
6 *                             / __| | | | |_) | |
7 *                            | (__| |_| |  _ <| |___
8 *                             \___|\___/|_| \_\_____|
9 *
10 * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
11 *
12 * This software is licensed as described in the file COPYING, which
13 * you should have received as part of this distribution. The terms
14 * are also available at https://curl.se/docs/copyright.html.
15 *
16 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
17 * copies of the Software, and permit persons to whom the Software is
18 * furnished to do so, under the terms of the COPYING file.
19 *
20 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
21 * KIND, either express or implied.
22 *
23 * SPDX-License-Identifier: curl
24 *
25 ***************************************************************************/
26
27#include "curl_setup.h"
28
29#ifdef USE_NTLM
30
31/* NTLM buffer fixed size, large enough for long user + host + domain */
32#define NTLM_BUFSIZE 1024
33
34/* Stuff only required for curl_ntlm_msgs.c */
35#ifdef BUILDING_CURL_NTLM_MSGS_C
36
37/* Flag bits definitions based on
38   https://davenport.sourceforge.net/ntlm.html */
39
40#define NTLMFLAG_NEGOTIATE_UNICODE               (1<<0)
41/* Indicates that Unicode strings are supported for use in security buffer
42   data. */
43
44#define NTLMFLAG_NEGOTIATE_OEM                   (1<<1)
45/* Indicates that OEM strings are supported for use in security buffer data. */
46
47#define NTLMFLAG_REQUEST_TARGET                  (1<<2)
48/* Requests that the server's authentication realm be included in the Type 2
49   message. */
50
51/* unknown (1<<3) */
52#define NTLMFLAG_NEGOTIATE_SIGN                  (1<<4)
53/* Specifies that authenticated communication between the client and server
54   should carry a digital signature (message integrity). */
55
56#define NTLMFLAG_NEGOTIATE_SEAL                  (1<<5)
57/* Specifies that authenticated communication between the client and server
58   should be encrypted (message confidentiality). */
59
60#define NTLMFLAG_NEGOTIATE_DATAGRAM_STYLE        (1<<6)
61/* Indicates that datagram authentication is being used. */
62
63#define NTLMFLAG_NEGOTIATE_LM_KEY                (1<<7)
64/* Indicates that the LAN Manager session key should be used for signing and
65   sealing authenticated communications. */
66
67#define NTLMFLAG_NEGOTIATE_NTLM_KEY              (1<<9)
68/* Indicates that NTLM authentication is being used. */
69
70/* unknown (1<<10) */
71
72#define NTLMFLAG_NEGOTIATE_ANONYMOUS             (1<<11)
73/* Sent by the client in the Type 3 message to indicate that an anonymous
74   context has been established. This also affects the response fields. */
75
76#define NTLMFLAG_NEGOTIATE_DOMAIN_SUPPLIED       (1<<12)
77/* Sent by the client in the Type 1 message to indicate that a desired
78   authentication realm is included in the message. */
79
80#define NTLMFLAG_NEGOTIATE_WORKSTATION_SUPPLIED  (1<<13)
81/* Sent by the client in the Type 1 message to indicate that the client
82   workstation's name is included in the message. */
83
84#define NTLMFLAG_NEGOTIATE_LOCAL_CALL            (1<<14)
85/* Sent by the server to indicate that the server and client are on the same
86   machine. Implies that the client may use a pre-established local security
87   context rather than responding to the challenge. */
88
89#define NTLMFLAG_NEGOTIATE_ALWAYS_SIGN           (1<<15)
90/* Indicates that authenticated communication between the client and server
91   should be signed with a "dummy" signature. */
92
93#define NTLMFLAG_TARGET_TYPE_DOMAIN              (1<<16)
94/* Sent by the server in the Type 2 message to indicate that the target
95   authentication realm is a domain. */
96
97#define NTLMFLAG_TARGET_TYPE_SERVER              (1<<17)
98/* Sent by the server in the Type 2 message to indicate that the target
99   authentication realm is a server. */
100
101#define NTLMFLAG_TARGET_TYPE_SHARE               (1<<18)
102/* Sent by the server in the Type 2 message to indicate that the target
103   authentication realm is a share. Presumably, this is for share-level
104   authentication. Usage is unclear. */
105
106#define NTLMFLAG_NEGOTIATE_NTLM2_KEY             (1<<19)
107/* Indicates that the NTLM2 signing and sealing scheme should be used for
108   protecting authenticated communications. */
109
110#define NTLMFLAG_REQUEST_INIT_RESPONSE           (1<<20)
111/* unknown purpose */
112
113#define NTLMFLAG_REQUEST_ACCEPT_RESPONSE         (1<<21)
114/* unknown purpose */
115
116#define NTLMFLAG_REQUEST_NONNT_SESSION_KEY       (1<<22)
117/* unknown purpose */
118
119#define NTLMFLAG_NEGOTIATE_TARGET_INFO           (1<<23)
120/* Sent by the server in the Type 2 message to indicate that it is including a
121   Target Information block in the message. */
122
123/* unknown (1<24) */
124/* unknown (1<25) */
125/* unknown (1<26) */
126/* unknown (1<27) */
127/* unknown (1<28) */
128
129#define NTLMFLAG_NEGOTIATE_128                   (1<<29)
130/* Indicates that 128-bit encryption is supported. */
131
132#define NTLMFLAG_NEGOTIATE_KEY_EXCHANGE          (1<<30)
133/* Indicates that the client will provide an encrypted master key in
134   the "Session Key" field of the Type 3 message. */
135
136#define NTLMFLAG_NEGOTIATE_56                    (1<<31)
137/* Indicates that 56-bit encryption is supported. */
138
139#endif /* BUILDING_CURL_NTLM_MSGS_C */
140
141#endif /* USE_NTLM */
142
143#endif /* HEADER_VAUTH_NTLM_H */
144