--------------------- PatchSet 510 Date: 2000/08/08 13:19:08 Author: kinkie Branch: ntlm Tag: (none) Log: Microsoft seems to think that a challenge can be at most 300 bytes... it's their call anyways. Added NTLMSSP flags management. Clearified a few holes. Removed MOD_NTLM stuff, it's bungled anyways. Members: ntlm_auth_modules/NTLMSSP/ntlm.h:1.1.2.2->1.1.2.3 Index: squid/ntlm_auth_modules/NTLMSSP/ntlm.h =================================================================== RCS file: /cvsroot/squid-sf//squid/ntlm_auth_modules/NTLMSSP/Attic/ntlm.h,v retrieving revision 1.1.2.2 retrieving revision 1.1.2.3 diff -u -r1.1.2.2 -r1.1.2.3 --- squid/ntlm_auth_modules/NTLMSSP/ntlm.h 6 Aug 2000 01:17:36 -0000 1.1.2.2 +++ squid/ntlm_auth_modules/NTLMSSP/ntlm.h 8 Aug 2000 13:19:08 -0000 1.1.2.3 @@ -29,7 +29,6 @@ #endif #define DEBUG -#define USE_MOD_NTLM_STUFF #include @@ -57,7 +56,7 @@ #define debug(char *format, ...) {} /* Too lazy to write va_args stuff */ #endif -#define MAX_FIELD_LENGTH 1024 /* max length of an NTLMSSP field */ +#define MAX_FIELD_LENGTH 300 /* max length of an NTLMSSP field */ /* NTLM request types that we know about */ #define NTLM_NEGOTIATE 1 @@ -65,9 +64,37 @@ #define NTLM_CHALLENGE_HEADER_OFFSET 48 #define NTLM_AUTHENTICATE 3 +#define NONCE_LEN 8 + #define FLAGS_UNICODE 0x01 #define FLAGS_ASCII 0x02 +/* negotiate request flags */ +#define NEGOTIATE_UNICODE 0x0001 +#define NEGOTIATE_ASCII 0x0002 +#define NEGOTIATE_REQUEST_TARGET 0x0004 +#define NEGOTIATE_REQUEST_SIGN 0x0010 +#define NEGOTIATE_REQUEST_SEAL 0x0020 +#define NEGOTIATE_DATAGRAM_STYLE 0x0040 +#define NEGOTIATE_USE_LM 0x0080 +#define NEGOTIATE_USE_NETWARE 0x0100 +#define NEGOTIATE_USE_NTLM 0x0200 +#define NEGOTIATE_DOMAIN_SUPPLIED 0x1000 +#define NEGOTIATE_WORKSTATION_SUPPLIED 0x2000 +#define NEGOTIATE_THIS_IS_LOCAL_CALL 0x4000 +#define NEGOTIATE_ALWAYS_SIGN 0x8000 + +/* challenge request flags */ +#define CHALLENGE_TARGET_IS_DOMAIN 0x10000 +#define CHALLENGE_TARGET_IS_SERVER 0x20000 +#define CHALLENGE_TARGET_IS_SHARE 0x40000 + +/* these are marked as "extra" fields */ +#define REQUEST_INIT_RESPONSE 0x100000 +#define REQUEST_ACCEPT_RESPONSE 0x200000 +#define REQUEST_NON_NT_SESSION_KEY 0x400000 + + /* Header proceeding each request */ typedef struct ntlmhdr { char signature[8]; /* NTLMSSP */ @@ -84,33 +111,22 @@ /* Negotiation request sent by client */ struct ntlm_negotiate { ntlmhdr hdr; /* NTLM header */ - int32_t flags; /* Request flags */ + u_int32_t flags; /* Request flags */ strhdr domain; /* Domain we wish to authenticate in */ strhdr workstation; /* Client workstation name */ char pad[256]; /* String data */ }; -#ifndef USE_MOD_NTLM_STUFF /* Challenge request sent by server. */ struct ntlm_challenge { ntlmhdr hdr; /* NTLM header */ strhdr target; /* Authentication target (domain/server ...) */ - int32_t flags; /* Request flags */ - u_char challenge[8]; /* Challenge string */ - int16_t unknown[8]; /* Some sort of context data */ + u_int32_t flags; /* Request flags */ + u_char challenge[NONCE_LEN]; /* Challenge string */ + u_int32_t context_low; /* LS part of the server context handle */ + u_int32_t context_high; /* MS part of the server context handle */ char pad[256]; /* String data */ }; -#else /* USE_MOD_NTLM_STUFF */ -struct ntlm_challenge { - ntlmhdr hdr; - u_char pad1[4]; -// strhdr target; /* 8 char*/ /* Authentication target (domain/server ...) */ - u_int32_t len; //4 char - u_int32_t flags; - u_char challenge[8]; - u_char pad[128]; -}; -#endif /* USE_MOD_NTLM_STUFF */ /* Authentication request sent by client in response to challenge */ struct ntlm_authenticate { @@ -143,8 +159,6 @@ lstring nt; } ntlmssp; -#define NONCE_LEN 8 - typedef struct ntlm_config_struct { unsigned int ntlm_on; unsigned int ntlm_authoritative;