fs/ksmbd/ntlmssp.h

0001 /* SPDX-License-Identifier: LGPL-2.1+ */
0002 /*
0003  *   Copyright (c) International Business Machines  Corp., 2002,2007
0004  *   Author(s): Steve French (sfrench@us.ibm.com)
0005  */
0006
0007 #ifndef __KSMBD_NTLMSSP_H
0008 #define __KSMBD_NTLMSSP_H
0009
0010 #define NTLMSSP_SIGNATURE "NTLMSSP"
0011
0012 /* Security blob target info data */
0013 #define TGT_Name        "KSMBD"
0014
0015 /*
0016  * Size of the crypto key returned on the negotiate SMB in bytes
0017  */
0018 #define CIFS_CRYPTO_KEY_SIZE    (8)
0019 #define CIFS_KEY_SIZE   (40)
0020
0021 /*
0022  * Size of encrypted user password in bytes
0023  */
0024 #define CIFS_ENCPWD_SIZE    (16)
0025 #define CIFS_CPHTXT_SIZE    (16)
0026
0027 /* Message Types */
0028 #define NtLmNegotiate     cpu_to_le32(1)
0029 #define NtLmChallenge     cpu_to_le32(2)
0030 #define NtLmAuthenticate  cpu_to_le32(3)
0031 #define UnknownMessage    cpu_to_le32(8)
0032
0033 /* Negotiate Flags */
0034 #define NTLMSSP_NEGOTIATE_UNICODE         0x01 /* Text strings are unicode */
0035 #define NTLMSSP_NEGOTIATE_OEM             0x02 /* Text strings are in OEM */
0036 #define NTLMSSP_REQUEST_TARGET            0x04 /* Srv returns its auth realm */
0037 /* define reserved9                       0x08 */
0038 #define NTLMSSP_NEGOTIATE_SIGN          0x0010 /* Request signing capability */
0039 #define NTLMSSP_NEGOTIATE_SEAL          0x0020 /* Request confidentiality */
0040 #define NTLMSSP_NEGOTIATE_DGRAM         0x0040
0041 #define NTLMSSP_NEGOTIATE_LM_KEY        0x0080 /* Use LM session key */
0042 /* defined reserved 8                   0x0100 */
0043 #define NTLMSSP_NEGOTIATE_NTLM          0x0200 /* NTLM authentication */
0044 #define NTLMSSP_NEGOTIATE_NT_ONLY       0x0400 /* Lanman not allowed */
0045 #define NTLMSSP_ANONYMOUS               0x0800
0046 #define NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED 0x1000 /* reserved6 */
0047 #define NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED 0x2000
0048 #define NTLMSSP_NEGOTIATE_LOCAL_CALL    0x4000 /* client/server same machine */
0049 #define NTLMSSP_NEGOTIATE_ALWAYS_SIGN   0x8000 /* Sign. All security levels  */
0050 #define NTLMSSP_TARGET_TYPE_DOMAIN     0x10000
0051 #define NTLMSSP_TARGET_TYPE_SERVER     0x20000
0052 #define NTLMSSP_TARGET_TYPE_SHARE      0x40000
0053 #define NTLMSSP_NEGOTIATE_EXTENDED_SEC 0x80000 /* NB:not related to NTLMv2 pwd*/
0054 /* #define NTLMSSP_REQUEST_INIT_RESP     0x100000 */
0055 #define NTLMSSP_NEGOTIATE_IDENTIFY    0x100000
0056 #define NTLMSSP_REQUEST_ACCEPT_RESP   0x200000 /* reserved5 */
0057 #define NTLMSSP_REQUEST_NON_NT_KEY    0x400000
0058 #define NTLMSSP_NEGOTIATE_TARGET_INFO 0x800000
0059 /* #define reserved4                 0x1000000 */
0060 #define NTLMSSP_NEGOTIATE_VERSION    0x2000000 /* we do not set */
0061 /* #define reserved3                 0x4000000 */
0062 /* #define reserved2                 0x8000000 */
0063 /* #define reserved1                0x10000000 */
0064 #define NTLMSSP_NEGOTIATE_128       0x20000000
0065 #define NTLMSSP_NEGOTIATE_KEY_XCH   0x40000000
0066 #define NTLMSSP_NEGOTIATE_56        0x80000000
0067
0068 /* Define AV Pair Field IDs */
0069 enum av_field_type {
0070     NTLMSSP_AV_EOL = 0,
0071     NTLMSSP_AV_NB_COMPUTER_NAME,
0072     NTLMSSP_AV_NB_DOMAIN_NAME,
0073     NTLMSSP_AV_DNS_COMPUTER_NAME,
0074     NTLMSSP_AV_DNS_DOMAIN_NAME,
0075     NTLMSSP_AV_DNS_TREE_NAME,
0076     NTLMSSP_AV_FLAGS,
0077     NTLMSSP_AV_TIMESTAMP,
0078     NTLMSSP_AV_RESTRICTION,
0079     NTLMSSP_AV_TARGET_NAME,
0080     NTLMSSP_AV_CHANNEL_BINDINGS
0081 };
0082
0083 /* Although typedefs are not commonly used for structure definitions */
0084 /* in the Linux kernel, in this particular case they are useful      */
0085 /* to more closely match the standards document for NTLMSSP from     */
0086 /* OpenGroup and to make the code more closely match the standard in */
0087 /* appearance */
0088
0089 struct security_buffer {
0090     __le16 Length;
0091     __le16 MaximumLength;
0092     __le32 BufferOffset;    /* offset to buffer */
0093 } __packed;
0094
0095 struct target_info {
0096     __le16 Type;
0097     __le16 Length;
0098     __u8 Content[];
0099 } __packed;
0100
0101 struct negotiate_message {
0102     __u8 Signature[sizeof(NTLMSSP_SIGNATURE)];
0103     __le32 MessageType;     /* NtLmNegotiate = 1 */
0104     __le32 NegotiateFlags;
0105     struct security_buffer DomainName;  /* RFC 1001 style and ASCII */
0106     struct security_buffer WorkstationName; /* RFC 1001 and ASCII */
0107     /*
0108      * struct security_buffer for version info not present since we
0109      * do not set the version is present flag
0110      */
0111     char DomainString[];
0112     /* followed by WorkstationString */
0113 } __packed;
0114
0115 struct challenge_message {
0116     __u8 Signature[sizeof(NTLMSSP_SIGNATURE)];
0117     __le32 MessageType;   /* NtLmChallenge = 2 */
0118     struct security_buffer TargetName;
0119     __le32 NegotiateFlags;
0120     __u8 Challenge[CIFS_CRYPTO_KEY_SIZE];
0121     __u8 Reserved[8];
0122     struct security_buffer TargetInfoArray;
0123     /*
0124      * struct security_buffer for version info not present since we
0125      * do not set the version is present flag
0126      */
0127 } __packed;
0128
0129 struct authenticate_message {
0130     __u8 Signature[sizeof(NTLMSSP_SIGNATURE)];
0131     __le32 MessageType;  /* NtLmsAuthenticate = 3 */
0132     struct security_buffer LmChallengeResponse;
0133     struct security_buffer NtChallengeResponse;
0134     struct security_buffer DomainName;
0135     struct security_buffer UserName;
0136     struct security_buffer WorkstationName;
0137     struct security_buffer SessionKey;
0138     __le32 NegotiateFlags;
0139     /*
0140      * struct security_buffer for version info not present since we
0141      * do not set the version is present flag
0142      */
0143     char UserString[];
0144 } __packed;
0145
0146 struct ntlmv2_resp {
0147     char ntlmv2_hash[CIFS_ENCPWD_SIZE];
0148     __le32 blob_signature;
0149     __u32  reserved;
0150     __le64  time;
0151     __u64  client_chal; /* random */
0152     __u32  reserved2;
0153     /* array of name entries could follow ending in minimum 4 byte struct */
0154 } __packed;
0155
0156 /* per smb session structure/fields */
0157 struct ntlmssp_auth {
0158     /* whether session key is per smb session */
0159     bool        sesskey_per_smbsess;
0160     /* sent by client in type 1 ntlmsssp exchange */
0161     __u32       client_flags;
0162     /* sent by server in type 2 ntlmssp exchange */
0163     __u32       conn_flags;
0164     /* sent to server */
0165     unsigned char   ciphertext[CIFS_CPHTXT_SIZE];
0166     /* used by ntlmssp */
0167     char        cryptkey[CIFS_CRYPTO_KEY_SIZE];
0168 };
0169 #endif /* __KSMBD_NTLMSSP_H */