git.samba.org / samba.git / blob
? search:


b9be7daea770142b0d72a21ee23f01045d78218a
[samba.git] / librpc / idl / ntlmssp.idl
1 #include "idl_types.h"
2
3 /*
4   ntlmssp interface definition
5 */
6
7 [
8         pointer_default(unique),
9         helper("../librpc/ndr/ndr_ntlmssp.h"),
10         helpstring("NTLM messages"),
11         uuid("6e746c6d-7373-700a-0000-00000000")
12 ]
13 interface ntlmssp
14 {
15         typedef [v1_enum] enum {
16                 NtLmNegotiate           = 0x00000001,
17                 NtLmChallenge           = 0x00000002,
18                 NtLmAuthenticate        = 0x00000003
19         } ntlmssp_MessageType;
20
21         /* [MS-NLMP] 2.2.2.5 NEGOTIATE */
22
23         typedef [bitmap32bit] bitmap {
24                 NTLMSSP_NEGOTIATE_UNICODE                       = 0x00000001,
25                 NTLMSSP_NEGOTIATE_OEM                           = 0x00000002, /* NTLM_NEGOTIATE_OEM in MS-NLMP */
26                 NTLMSSP_REQUEST_TARGET                          = 0x00000004,
27                 NTLMSSP_NEGOTIATE_SIGN                          = 0x00000010, /* Message integrity */
28                 NTLMSSP_NEGOTIATE_SEAL                          = 0x00000020, /* Message confidentiality */
29                 NTLMSSP_NEGOTIATE_DATAGRAM                      = 0x00000040,
30                 NTLMSSP_NEGOTIATE_LM_KEY                        = 0x00000080,
31                 NTLMSSP_NEGOTIATE_NETWARE                       = 0x00000100, /* not mentioned in MS-NLMP */
32                 NTLMSSP_NEGOTIATE_NTLM                          = 0x00000200,
33                 NTLMSSP_NEGOTIATE_NT_ONLY                       = 0x00000400,
34                 NTLMSSP_ANONYMOUS                               = 0x00000800, /* no symbol name in MS-NLMP */
35                 NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED           = 0x00001000,
36                 NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED      = 0x00002000,
37                 NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL            = 0x00004000, /* not mentioned in MS-NLMP */
38                 NTLMSSP_NEGOTIATE_ALWAYS_SIGN                   = 0x00008000,
39                 NTLMSSP_TARGET_TYPE_DOMAIN                      = 0x00010000,
40                 NTLMSSP_TARGET_TYPE_SERVER                      = 0x00020000,
41                 NTLMSSP_TARGET_TYPE_SHARE                       = 0x00040000,
42                 NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY      = 0x00080000,
43                 NTLMSSP_NEGOTIATE_IDENTIFY                      = 0x00100000,
44                 NTLMSSP_REQUEST_NON_NT_SESSION_KEY              = 0x00400000,
45                 NTLMSSP_NEGOTIATE_TARGET_INFO                   = 0x00800000,
46                 NTLMSSP_NEGOTIATE_VERSION                       = 0x02000000,
47                 NTLMSSP_NEGOTIATE_128                           = 0x20000000, /* 128-bit encryption */
48                 NTLMSSP_NEGOTIATE_KEY_EXCH                      = 0x40000000,
49                 NTLMSSP_NEGOTIATE_56                            = 0x80000000
50         } NEGOTIATE;
51
52         /* convenience mapping */
53         const int NTLMSSP_NEGOTIATE_NTLM2 = NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY;
54
55         /*
56            NTLMSSP_WINDOWS_MAJOR_VERSION_5: Windows XP SP2 and Server 2003
57            NTLMSSP_WINDOWS_MAJOR_VERSION_6: Windows Vista, Server 2008, 7 and Server 2008 R2
58          */
59
60         typedef [enum8bit] enum {
61                 NTLMSSP_WINDOWS_MAJOR_VERSION_5 = 0x05,
62                 NTLMSSP_WINDOWS_MAJOR_VERSION_6 = 0x06
63         } ntlmssp_WindowsMajorVersion;
64
65         /*
66            NTLMSSP_WINDOWS_MINOR_VERSION_0: Windows Vista, Server 2008, 7, Server 2008 R2
67            NTLMSSP_WINDOWS_MINOR_VERSION_1: Windows XP SP2
68            NTLMSSP_WINDOWS_MINOR_VERSION_2: Windows Server 2003
69          */
70
71         typedef [enum8bit] enum {
72                 NTLMSSP_WINDOWS_MINOR_VERSION_0 = 0x00,
73                 NTLMSSP_WINDOWS_MINOR_VERSION_1 = 0x01,
74                 NTLMSSP_WINDOWS_MINOR_VERSION_2 = 0x02
75         } ntlmssp_WindowsMinorVersion;
76
77         /*
78            NTLMSSP_REVISION_W2K3_RC1:
79            NTLMSSP_REVISION_W2K3: Windows XP SP2, Server 2003, Vista, Server 2008, 7, Server 2008 R2
80          */
81
82         typedef [enum8bit] enum {
83                 NTLMSSP_REVISION_W2K3_RC1       = 0x0A,
84                 NTLMSSP_REVISION_W2K3           = 0x0F
85         } ntlmssp_NTLMRevisionCurrent;
86
87         /* [MS-NLMP] 2.2.2.10 VERSION */
88
89         typedef [public] struct {
90                 ntlmssp_WindowsMajorVersion ProductMajorVersion;
91                 ntlmssp_WindowsMinorVersion ProductMinorVersion;
92                 uint16 ProductBuild;
93                 uint8 Reserved[3];
94                 ntlmssp_NTLMRevisionCurrent NTLMRevisionCurrent;
95         } VERSION;
96
97         typedef [noprint,nodiscriminant] union {
98                 [case(NTLMSSP_NEGOTIATE_VERSION)] VERSION version;
99                 [default];
100         } ntlmssp_Version;
101
102         /* [MS-NLMP] 2.2.1.1 NEGOTIATE_MESSAGE */
103
104         typedef [public] struct {
105                 [charset(DOS),value("NTLMSSP")] uint8 Signature[8];
106                 [value(NtLmNegotiate)] ntlmssp_MessageType MessageType;
107                 NEGOTIATE NegotiateFlags;
108                 [value(DomainName ? strlen(DomainName) : 0)] uint16 DomainNameLen;
109                 [value(DomainNameLen)] uint16 DomainNameMaxLen;
110                 [relative] [subcontext(0),subcontext_size(DomainNameLen)] [flag(ndr_ntlmssp_negotiated_string_flags(NTLMSSP_NEGOTIATE_OEM))] string *DomainName;
111                 [value(Workstation ? strlen(Workstation) : 0)] uint16 WorkstationLen;
112                 [value(WorkstationLen)] uint16 WorkstationMaxLen;
113                 [relative] [subcontext(0),subcontext_size(WorkstationLen)] [flag(ndr_ntlmssp_negotiated_string_flags(NTLMSSP_NEGOTIATE_OEM))] string *Workstation;
114                 [switch_is(NegotiateFlags & NTLMSSP_NEGOTIATE_VERSION)] ntlmssp_Version Version;
115         } NEGOTIATE_MESSAGE;
116
117         typedef enum {
118                 MsvAvEOL                = 0,
119                 MsvAvNbComputerName     = 1,
120                 MsvAvNbDomainName       = 2,
121                 MsvAvDnsComputerName    = 3,
122                 MsvAvDnsDomainName      = 4,
123                 MsvAvDnsTreeName        = 5,
124                 MsvAvFlags              = 6,
125                 MsvAvTimestamp          = 7,
126                 MsAvRestrictions        = 8,
127                 MsvAvTargetName         = 9,
128                 MsvChannelBindings      = 10
129         } ntlmssp_AvId;
130
131         /* [MS-NLMP] 2.2.2.2 Restriction_Encoding */
132
133         typedef struct {
134                 uint32 Size;
135                 [value(0)] uint32 Z4;
136                 boolean32 IntegrityLevel;
137                 uint32 SubjectIntegrityLevel;
138                 uint8 MachineId[32];
139         } Restriction_Encoding;
140
141         typedef [bitmap32bit] bitmap {
142                 NTLMSSP_AVFLAG_CONSTRAINTED_ACCOUNT             = 0x00000001,
143                 NTLMSSP_AVFLAG_MIC_IN_AUTHENTICATE_MESSAGE      = 0x00000002
144         } ntlmssp_AvFlags;
145
146         typedef [gensize,nodiscriminant,flag(NDR_NOALIGN)] union {
147                 [case(MsvAvEOL)]                ;
148                 [case(MsvAvNbComputerName)]     [flag(ndr_ntlmssp_negotiated_string_flags(NTLMSSP_NEGOTIATE_UNICODE))] string AvNbComputerName;
149                 [case(MsvAvNbDomainName)]       [flag(ndr_ntlmssp_negotiated_string_flags(NTLMSSP_NEGOTIATE_UNICODE))] string AvNbDomainName;
150                 [case(MsvAvDnsComputerName)]    [flag(ndr_ntlmssp_negotiated_string_flags(NTLMSSP_NEGOTIATE_UNICODE))] string AvDnsComputerName;
151                 [case(MsvAvDnsDomainName)]      [flag(ndr_ntlmssp_negotiated_string_flags(NTLMSSP_NEGOTIATE_UNICODE))] string AvDnsDomainName;
152                 [case(MsvAvDnsTreeName)]        [flag(ndr_ntlmssp_negotiated_string_flags(NTLMSSP_NEGOTIATE_UNICODE))] string AvDnsTreeName;
153                 [case(MsvAvFlags)]              ntlmssp_AvFlags AvFlags;
154                 [case(MsvAvTimestamp)]          NTTIME AvTimestamp;
155                 [case(MsAvRestrictions)]        Restriction_Encoding AvRestrictions;
156                 [case(MsvAvTargetName)]         [flag(ndr_ntlmssp_negotiated_string_flags(NTLMSSP_NEGOTIATE_UNICODE))] string AvTargetName;
157                 [case(MsvChannelBindings)]      uint8 ChannelBindings[16];
158                 [default]                       [flag(NDR_REMAINING)] DATA_BLOB blob;
159         } ntlmssp_AvValue;
160
161         /* [MS-NLMP] 2.2.2.1 AV_PAIR */
162
163         typedef [public,flag(NDR_NOALIGN)] struct {
164                 ntlmssp_AvId AvId;
165                 [value(ndr_size_ntlmssp_AvValue(&r->Value, r->AvId, 0))] uint16 AvLen;
166                 [subcontext(0),subcontext_size(AvLen),switch_is(AvId)] ntlmssp_AvValue Value;
167         } AV_PAIR;
168
169         typedef [gensize,nopush,nopull,flag(NDR_NOALIGN)] struct {
170                 uint32 count;
171                 AV_PAIR pair[count];
172         } AV_PAIR_LIST;
173
174         /* [MS-NLMP] 2.2.1.2 CHALLENGE_MESSAGE */
175
176         typedef [public,flag(NDR_PAHEX)] struct {
177                 [charset(DOS),value("NTLMSSP")] uint8 Signature[8];
178                 [value(NtLmChallenge)] ntlmssp_MessageType MessageType;
179                 [value(ndr_ntlmssp_string_length(NegotiateFlags, TargetName))] uint16 TargetNameLen;
180                 [value(TargetNameLen)] uint16 TargetNameMaxLen;
181                 [relative] [subcontext(0),subcontext_size(TargetNameLen)] [flag(ndr_ntlmssp_negotiated_string_flags(r->NegotiateFlags))] string *TargetName;
182                 NEGOTIATE NegotiateFlags;
183                 uint8 ServerChallenge[8];
184                 uint8 Reserved[8];
185                 [value(ndr_size_AV_PAIR_LIST(TargetInfo, ndr->flags))] uint16 TargetInfoLen;
186                 [value(TargetInfoLen)] uint16 TargetNameInfoMaxLen;
187                 [relative] [subcontext(0),subcontext_size(TargetInfoLen)] AV_PAIR_LIST *TargetInfo;
188                 [switch_is(NegotiateFlags & NTLMSSP_NEGOTIATE_VERSION)] ntlmssp_Version Version;
189         } CHALLENGE_MESSAGE;
190
191         /* [MS-NLMP] 2.2.2.3 LM_RESPONSE */
192
193         typedef [public,flag(NDR_PAHEX)] struct {
194                 uint8 Response[24];
195         } LM_RESPONSE;
196
197         /* [MS-NLMP] 2.2.2.4 LMv2_RESPONSE */
198
199         typedef [public,flag(NDR_PAHEX)] struct {
200                 uint8 Response[16];
201                 uint8 ChallengeFromClient[8];
202         } LMv2_RESPONSE;
203
204         typedef [nodiscriminant] union {
205                 [case(24)] LM_RESPONSE v1;
206                 [default];
207         } ntlmssp_LM_RESPONSE;
208
209         /* [MS-NLMP] 2.2.2.6 NTLM_RESPONSE */
210
211         typedef [public,flag(NDR_PAHEX)] struct {
212                 uint8 Response[24];
213         } NTLM_RESPONSE;
214
215         /* [MS-NLMP] 2.2.2.7 NTLMv2_CLIENT_CHALLENGE */
216
217         typedef [flag(NDR_PAHEX)] struct {
218                 [value(1)] uint8 RespType;
219                 [value(1)] uint8 HiRespType;
220                 uint16 Reserved1;
221                 uint32 Reserved2;
222                 NTTIME TimeStamp;
223                 uint8 ChallengeFromClient[8];
224                 uint32 Reserved3;
225                 [subcontext(0)] [flag(NDR_REMAINING)] AV_PAIR_LIST AvPairs;
226         } NTLMv2_CLIENT_CHALLENGE;
227
228         /* [MS-NLMP] 2.2.2.8 NTLMv2_RESPONSE */
229
230         typedef [public,flag(NDR_PAHEX)] struct {
231                 uint8 Response[16];
232                 NTLMv2_CLIENT_CHALLENGE Challenge;
233         } NTLMv2_RESPONSE;
234
235         typedef [public,nodiscriminant] union {
236                 [case(0)] ;
237                 [case(0x18)] NTLM_RESPONSE v1;
238                 [default] NTLMv2_RESPONSE v2;
239         } ntlmssp_NTLM_RESPONSE;
240
241         typedef [flag(NDR_PAHEX)] struct {
242                 uint8 MIC[16];
243         } MIC;
244
245         /* [MS-NLMP] 2.2.1.3 AUTHENTICATE_MESSAGE */
246
247         typedef [public,flag(NDR_REMAINING)] struct {
248                 [charset(DOS),value("NTLMSSP")] uint8 Signature[8];
249                 [value(NtLmAuthenticate)] ntlmssp_MessageType MessageType;
250                 uint16 LmChallengeResponseLen;
251                 [value(LmChallengeResponseLen)] uint16 LmChallengeResponseMaxLen;
252                 [relative] [subcontext(0),subcontext_size(LmChallengeResponseLen),switch_is(LmChallengeResponseLen)] ntlmssp_LM_RESPONSE *LmChallengeResponse;
253                 uint16 NtChallengeResponseLen;
254                 [value(NtChallengeResponseLen)] uint16 NtChallengeResponseMaxLen;
255                 [relative] [subcontext(0),subcontext_size(NtChallengeResponseMaxLen),switch_is(NtChallengeResponseLen)] ntlmssp_NTLM_RESPONSE *NtChallengeResponse;
256                 [value(ndr_ntlmssp_string_length(NegotiateFlags, DomainName))] uint16 DomainNameLen;
257                 [value(DomainNameLen)] uint16 DomainNameMaxLen;
258                 [relative] [subcontext(0),subcontext_size(DomainNameLen)] [flag(ndr_ntlmssp_negotiated_string_flags(r->NegotiateFlags))] string *DomainName;
259                 [value(ndr_ntlmssp_string_length(NegotiateFlags, UserName))] uint16 UserNameLen;
260                 [value(UserNameLen)] uint16 UserNameMaxLen;
261                 [relative] [subcontext(0),subcontext_size(UserNameLen)] [flag(ndr_ntlmssp_negotiated_string_flags(r->NegotiateFlags))] string *UserName;
262                 [value(ndr_ntlmssp_string_length(NegotiateFlags, Workstation))] uint16 WorkstationLen;
263                 [value(WorkstationLen)] uint16 WorkstationMaxLen;
264                 [relative] [subcontext(0),subcontext_size(WorkstationLen)] [flag(ndr_ntlmssp_negotiated_string_flags(r->NegotiateFlags))] string *Workstation;
265                 [value(EncryptedRandomSessionKey->length)] uint16 EncryptedRandomSessionKeyLen;
266                 [value(EncryptedRandomSessionKeyLen)] uint16 EncryptedRandomSessionKeyMaxLen;
267                 [relative] [subcontext(0),subcontext_size(EncryptedRandomSessionKeyLen)] DATA_BLOB *EncryptedRandomSessionKey;
268                 NEGOTIATE NegotiateFlags;
269                 [switch_is(NegotiateFlags & NTLMSSP_NEGOTIATE_VERSION)] ntlmssp_Version Version;
270                 /* MIC (Message Integrity) is only included when the client has
271                  * sent a timestap Av struct in the CHALLENGE_MESSAGE AvPair */
272                 /* [flag(NDR_REMAINING)] MIC mic; */
273         } AUTHENTICATE_MESSAGE;
274
275         /* NTLMSSP signature version */
276         const int NTLMSSP_SIGN_VERSION = 0x01;
277
278         /* NTLMSSP signature size */
279         const int NTLMSSP_SIG_SIZE = 16;
280
281         /* [MS-NLMP] 2.2.2.9.1 NTLMSSP_MESSAGE_SIGNATURE */
282
283         typedef [public] struct {
284                  [value(NTLMSSP_SIGN_VERSION)] uint32 Version;
285                  uint32 RandomPad;
286                  uint32 Checksum;
287                  uint32 SeqNum;
288         } NTLMSSP_MESSAGE_SIGNATURE;
289
290         /* [MS-NLMP] 2.2.2.9.2 NTLMSSP_MESSAGE_SIGNATURE for Extended Session Security */
291
292         typedef [public,flag(NDR_PAHEX)] struct {
293                  [value(NTLMSSP_SIGN_VERSION)] uint32 Version;
294                  uint8 Checksum[8];
295                  uint32 SeqNum;
296         } NTLMSSP_MESSAGE_SIGNATURE_NTLMv2;
297
298         /* some ndrdump helpers */
299
300         void decode_NEGOTIATE_MESSAGE(
301                 [in] NEGOTIATE_MESSAGE negotiate
302                 );
303
304         void decode_CHALLENGE_MESSAGE(
305                 [in] CHALLENGE_MESSAGE challenge
306                 );
307
308         void decode_AUTHENTICATE_MESSAGE(
309                 [in] AUTHENTICATE_MESSAGE authenticate
310                 );
311
312         void decode_NTLMv2_CLIENT_CHALLENGE(
313                 [in] NTLMv2_CLIENT_CHALLENGE challenge
314                 );
315
316         void decode_NTLMv2_RESPONSE(
317                 [in] NTLMv2_RESPONSE response
318                 );
319
320 }
Samba Shared Repository