a6d4807d02
With the use of the 'ntlm_auth' tool from the Samba project
156 lines
5.9 KiB
C
156 lines
5.9 KiB
C
#ifndef __HTTP_NTLM_H
|
|
#define __HTTP_NTLM_H
|
|
/***************************************************************************
|
|
* _ _ ____ _
|
|
* Project ___| | | | _ \| |
|
|
* / __| | | | |_) | |
|
|
* | (__| |_| | _ <| |___
|
|
* \___|\___/|_| \_\_____|
|
|
*
|
|
* Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
|
|
*
|
|
* This software is licensed as described in the file COPYING, which
|
|
* you should have received as part of this distribution. The terms
|
|
* are also available at http://curl.haxx.se/docs/copyright.html.
|
|
*
|
|
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
|
|
* copies of the Software, and permit persons to whom the Software is
|
|
* furnished to do so, under the terms of the COPYING file.
|
|
*
|
|
* This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
|
|
* KIND, either express or implied.
|
|
*
|
|
***************************************************************************/
|
|
|
|
typedef enum {
|
|
CURLNTLM_NONE, /* not a ntlm */
|
|
CURLNTLM_BAD, /* an ntlm, but one we don't like */
|
|
CURLNTLM_FIRST, /* the first 401-reply we got with NTLM */
|
|
CURLNTLM_FINE, /* an ntlm we act on */
|
|
|
|
CURLNTLM_LAST /* last entry in this enum, don't use */
|
|
} CURLntlm;
|
|
|
|
/* this is for ntlm header input */
|
|
CURLntlm Curl_input_ntlm(struct connectdata *conn, bool proxy,
|
|
const char *header);
|
|
|
|
/* this is for creating ntlm header output */
|
|
CURLcode Curl_output_ntlm(struct connectdata *conn, bool proxy);
|
|
|
|
#ifdef USE_NTLM_SSO
|
|
/* this is for creating ntlm header output by delegating challenge/response
|
|
* to a Samba's daemon helper ntlm_auth */
|
|
CURLcode Curl_output_ntlm_sso(struct connectdata *conn, bool proxy);
|
|
#endif
|
|
|
|
void Curl_ntlm_cleanup(struct connectdata *conn);
|
|
#ifndef USE_NTLM
|
|
#define Curl_ntlm_cleanup(x)
|
|
#endif
|
|
|
|
/* Flag bits definitions based on http://davenport.sourceforge.net/ntlm.html */
|
|
|
|
#define NTLMFLAG_NEGOTIATE_UNICODE (1<<0)
|
|
/* Indicates that Unicode strings are supported for use in security buffer
|
|
data. */
|
|
|
|
#define NTLMFLAG_NEGOTIATE_OEM (1<<1)
|
|
/* Indicates that OEM strings are supported for use in security buffer data. */
|
|
|
|
#define NTLMFLAG_REQUEST_TARGET (1<<2)
|
|
/* Requests that the server's authentication realm be included in the Type 2
|
|
message. */
|
|
|
|
/* unknown (1<<3) */
|
|
#define NTLMFLAG_NEGOTIATE_SIGN (1<<4)
|
|
/* Specifies that authenticated communication between the client and server
|
|
should carry a digital signature (message integrity). */
|
|
|
|
#define NTLMFLAG_NEGOTIATE_SEAL (1<<5)
|
|
/* Specifies that authenticated communication between the client and server
|
|
should be encrypted (message confidentiality). */
|
|
|
|
#define NTLMFLAG_NEGOTIATE_DATAGRAM_STYLE (1<<6)
|
|
/* Indicates that datagram authentication is being used. */
|
|
|
|
#define NTLMFLAG_NEGOTIATE_LM_KEY (1<<7)
|
|
/* Indicates that the LAN Manager session key should be used for signing and
|
|
sealing authenticated communications. */
|
|
|
|
#define NTLMFLAG_NEGOTIATE_NETWARE (1<<8)
|
|
/* unknown purpose */
|
|
|
|
#define NTLMFLAG_NEGOTIATE_NTLM_KEY (1<<9)
|
|
/* Indicates that NTLM authentication is being used. */
|
|
|
|
/* unknown (1<<10) */
|
|
|
|
#define NTLMFLAG_NEGOTIATE_ANONYMOUS (1<<11)
|
|
/* Sent by the client in the Type 3 message to indicate that an anonymous
|
|
context has been established. This also affects the response fields. */
|
|
|
|
#define NTLMFLAG_NEGOTIATE_DOMAIN_SUPPLIED (1<<12)
|
|
/* Sent by the client in the Type 1 message to indicate that a desired
|
|
authentication realm is included in the message. */
|
|
|
|
#define NTLMFLAG_NEGOTIATE_WORKSTATION_SUPPLIED (1<<13)
|
|
/* Sent by the client in the Type 1 message to indicate that the client
|
|
workstation's name is included in the message. */
|
|
|
|
#define NTLMFLAG_NEGOTIATE_LOCAL_CALL (1<<14)
|
|
/* Sent by the server to indicate that the server and client are on the same
|
|
machine. Implies that the client may use a pre-established local security
|
|
context rather than responding to the challenge. */
|
|
|
|
#define NTLMFLAG_NEGOTIATE_ALWAYS_SIGN (1<<15)
|
|
/* Indicates that authenticated communication between the client and server
|
|
should be signed with a "dummy" signature. */
|
|
|
|
#define NTLMFLAG_TARGET_TYPE_DOMAIN (1<<16)
|
|
/* Sent by the server in the Type 2 message to indicate that the target
|
|
authentication realm is a domain. */
|
|
|
|
#define NTLMFLAG_TARGET_TYPE_SERVER (1<<17)
|
|
/* Sent by the server in the Type 2 message to indicate that the target
|
|
authentication realm is a server. */
|
|
|
|
#define NTLMFLAG_TARGET_TYPE_SHARE (1<<18)
|
|
/* Sent by the server in the Type 2 message to indicate that the target
|
|
authentication realm is a share. Presumably, this is for share-level
|
|
authentication. Usage is unclear. */
|
|
|
|
#define NTLMFLAG_NEGOTIATE_NTLM2_KEY (1<<19)
|
|
/* Indicates that the NTLM2 signing and sealing scheme should be used for
|
|
protecting authenticated communications. */
|
|
|
|
#define NTLMFLAG_REQUEST_INIT_RESPONSE (1<<20)
|
|
/* unknown purpose */
|
|
|
|
#define NTLMFLAG_REQUEST_ACCEPT_RESPONSE (1<<21)
|
|
/* unknown purpose */
|
|
|
|
#define NTLMFLAG_REQUEST_NONNT_SESSION_KEY (1<<22)
|
|
/* unknown purpose */
|
|
|
|
#define NTLMFLAG_NEGOTIATE_TARGET_INFO (1<<23)
|
|
/* Sent by the server in the Type 2 message to indicate that it is including a
|
|
Target Information block in the message. */
|
|
|
|
/* unknown (1<24) */
|
|
/* unknown (1<25) */
|
|
/* unknown (1<26) */
|
|
/* unknown (1<27) */
|
|
/* unknown (1<28) */
|
|
|
|
#define NTLMFLAG_NEGOTIATE_128 (1<<29)
|
|
/* Indicates that 128-bit encryption is supported. */
|
|
|
|
#define NTLMFLAG_NEGOTIATE_KEY_EXCHANGE (1<<30)
|
|
/* Indicates that the client will provide an encrypted master key in
|
|
the "Session Key" field of the Type 3 message. */
|
|
|
|
#define NTLMFLAG_NEGOTIATE_56 (1<<31)
|
|
/* Indicates that 56-bit encryption is supported. */
|
|
#endif
|