CVE-2016-2110: ntlmssp.idl: add NTLMSSP_MIC_{OFFSET,SIZE}
[samba.git] / librpc / idl / ntlmssp.idl
1 #include "idl_types.h"
2
3 import "security.idl";
4
5 /*
6   ntlmssp interface definition
7 */
8
9 [
10         pointer_default(unique),
11         helper("../librpc/ndr/ndr_ntlmssp.h"),
12         helpstring("NTLM messages"),
13         uuid("6e746c6d-7373-700a-0000-00000000")
14 ]
15 interface ntlmssp
16 {
17         typedef [v1_enum] enum {
18                 NtLmNegotiate           = 0x00000001,
19                 NtLmChallenge           = 0x00000002,
20                 NtLmAuthenticate        = 0x00000003
21         } ntlmssp_MessageType;
22
23         /* [MS-NLMP] 2.2.2.5 NEGOTIATE */
24
25         typedef [bitmap32bit] bitmap {
26                 NTLMSSP_NEGOTIATE_UNICODE                       = 0x00000001,
27                 NTLMSSP_NEGOTIATE_OEM                           = 0x00000002, /* NTLM_NEGOTIATE_OEM in MS-NLMP */
28                 NTLMSSP_REQUEST_TARGET                          = 0x00000004,
29                 NTLMSSP_NEGOTIATE_SIGN                          = 0x00000010, /* Message integrity */
30                 NTLMSSP_NEGOTIATE_SEAL                          = 0x00000020, /* Message confidentiality */
31                 NTLMSSP_NEGOTIATE_DATAGRAM                      = 0x00000040,
32                 NTLMSSP_NEGOTIATE_LM_KEY                        = 0x00000080,
33                 NTLMSSP_NEGOTIATE_NETWARE                       = 0x00000100, /* not mentioned in MS-NLMP */
34                 NTLMSSP_NEGOTIATE_NTLM                          = 0x00000200,
35                 NTLMSSP_NEGOTIATE_NT_ONLY                       = 0x00000400,
36                 NTLMSSP_ANONYMOUS                               = 0x00000800, /* no symbol name in MS-NLMP */
37                 NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED           = 0x00001000,
38                 NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED      = 0x00002000,
39                 NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL            = 0x00004000, /* not mentioned in MS-NLMP */
40                 NTLMSSP_NEGOTIATE_ALWAYS_SIGN                   = 0x00008000,
41                 NTLMSSP_TARGET_TYPE_DOMAIN                      = 0x00010000,
42                 NTLMSSP_TARGET_TYPE_SERVER                      = 0x00020000,
43                 NTLMSSP_TARGET_TYPE_SHARE                       = 0x00040000,
44                 NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY      = 0x00080000,
45                 NTLMSSP_NEGOTIATE_IDENTIFY                      = 0x00100000,
46                 NTLMSSP_REQUEST_NON_NT_SESSION_KEY              = 0x00400000,
47                 NTLMSSP_NEGOTIATE_TARGET_INFO                   = 0x00800000,
48                 NTLMSSP_NEGOTIATE_VERSION                       = 0x02000000,
49                 NTLMSSP_NEGOTIATE_128                           = 0x20000000, /* 128-bit encryption */
50                 NTLMSSP_NEGOTIATE_KEY_EXCH                      = 0x40000000,
51                 NTLMSSP_NEGOTIATE_56                            = 0x80000000
52         } NEGOTIATE;
53
54         /* convenience mapping */
55         const int NTLMSSP_NEGOTIATE_NTLM2 = NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY;
56
57         /*
58            NTLMSSP_WINDOWS_MAJOR_VERSION_5: Windows XP SP2 and Server 2003
59            NTLMSSP_WINDOWS_MAJOR_VERSION_6: Windows Vista, Server 2008, 7, Server 2008 R2, 8, Server 2012, 8.1, Server 2012 R2
60            NTLMSSP_WINDOWS_MAJOR_VERSION_10: Windows 10, Windows Server 2016 Technical Preview
61          */
62
63         typedef [enum8bit] enum {
64                 NTLMSSP_WINDOWS_MAJOR_VERSION_5 = 0x05,
65                 NTLMSSP_WINDOWS_MAJOR_VERSION_6 = 0x06,
66                 NTLMSSP_WINDOWS_MAJOR_VERSION_10 = 0x0A
67         } ntlmssp_WindowsMajorVersion;
68
69         /*
70            NTLMSSP_WINDOWS_MINOR_VERSION_0: Windows Vista, 10, Server 2016 Technical Preview
71            NTLMSSP_WINDOWS_MINOR_VERSION_1: Windows XP SP2, 7, Server 2008 R2
72            NTLMSSP_WINDOWS_MINOR_VERSION_2: Windows Server 2003, 8, Server 2012
73            NTLMSSP_WINDOWS_MINOR_VERSION_3: Windows 8.1, Server 2012 R2
74          */
75
76         typedef [enum8bit] enum {
77                 NTLMSSP_WINDOWS_MINOR_VERSION_0 = 0x00,
78                 NTLMSSP_WINDOWS_MINOR_VERSION_1 = 0x01,
79                 NTLMSSP_WINDOWS_MINOR_VERSION_2 = 0x02,
80                 NTLMSSP_WINDOWS_MINOR_VERSION_3 = 0x03
81         } ntlmssp_WindowsMinorVersion;
82
83         /*
84            NTLMSSP_REVISION_W2K3_RC1:
85            NTLMSSP_REVISION_W2K3: Windows XP SP2, Server 2003, Vista, Server 2008, 7, Server 2008 R2
86          */
87
88         typedef [enum8bit] enum {
89                 NTLMSSP_REVISION_W2K3_RC1       = 0x0A,
90                 NTLMSSP_REVISION_W2K3           = 0x0F
91         } ntlmssp_NTLMRevisionCurrent;
92
93         /* [MS-NLMP] 2.2.2.10 VERSION */
94
95         typedef [public] struct {
96                 ntlmssp_WindowsMajorVersion ProductMajorVersion;
97                 ntlmssp_WindowsMinorVersion ProductMinorVersion;
98                 uint16 ProductBuild;
99                 uint8 Reserved[3];
100                 ntlmssp_NTLMRevisionCurrent NTLMRevisionCurrent;
101         } ntlmssp_VERSION;
102
103         typedef [noprint,nodiscriminant] union {
104                 [case(NTLMSSP_NEGOTIATE_VERSION)] ntlmssp_VERSION version;
105                 [default];
106         } ntlmssp_Version;
107
108         /* [MS-NLMP] 2.2.1.1 NEGOTIATE_MESSAGE */
109
110         typedef [public] struct {
111                 [charset(DOS),value("NTLMSSP")] uint8 Signature[8];
112                 [value(NtLmNegotiate)] ntlmssp_MessageType MessageType;
113                 NEGOTIATE NegotiateFlags;
114                 [value(DomainName ? strlen(DomainName) : 0)] uint16 DomainNameLen;
115                 [value(DomainNameLen)] uint16 DomainNameMaxLen;
116                 [relative] [subcontext(0),subcontext_size(DomainNameLen)] [flag(ndr_ntlmssp_negotiated_string_flags(NTLMSSP_NEGOTIATE_OEM))] string *DomainName;
117                 [value(Workstation ? strlen(Workstation) : 0)] uint16 WorkstationLen;
118                 [value(WorkstationLen)] uint16 WorkstationMaxLen;
119                 [relative] [subcontext(0),subcontext_size(WorkstationLen)] [flag(ndr_ntlmssp_negotiated_string_flags(NTLMSSP_NEGOTIATE_OEM))] string *Workstation;
120                 [switch_is(NegotiateFlags & NTLMSSP_NEGOTIATE_VERSION)] ntlmssp_Version Version;
121         } NEGOTIATE_MESSAGE;
122
123         typedef enum {
124                 MsvAvEOL                = 0,
125                 MsvAvNbComputerName     = 1,
126                 MsvAvNbDomainName       = 2,
127                 MsvAvDnsComputerName    = 3,
128                 MsvAvDnsDomainName      = 4,
129                 MsvAvDnsTreeName        = 5,
130                 MsvAvFlags              = 6,
131                 MsvAvTimestamp          = 7,
132                 MsvAvSingleHost         = 8,
133                 MsvAvTargetName         = 9,
134                 MsvChannelBindings      = 10
135         } ntlmssp_AvId;
136
137         /* [MS-NLMP] 2.2.2.2 SingleHostData */
138
139         typedef [flag(NDR_PAHEX)] struct {
140                 [value(8+ndr_size_LSAP_TOKEN_INFO_INTEGRITY(&r->token_info, 0)+r->remaining.length)] uint32 Size;
141                 [value(0)] uint32 Z4;
142                 LSAP_TOKEN_INFO_INTEGRITY token_info;
143                 [flag(NDR_REMAINING)] DATA_BLOB remaining;
144         } ntlmssp_SingleHostData;
145
146         typedef [bitmap32bit] bitmap {
147                 NTLMSSP_AVFLAG_CONSTRAINTED_ACCOUNT             = 0x00000001,
148                 NTLMSSP_AVFLAG_MIC_IN_AUTHENTICATE_MESSAGE      = 0x00000002,
149                 NTLMSSP_AVFLAG_TARGET_SPN_FROM_UNTRUSTED_SOURCE = 0x00000004
150         } ntlmssp_AvFlags;
151
152         typedef [gensize,nodiscriminant,flag(NDR_NOALIGN)] union {
153                 [case(MsvAvEOL)]                ;
154                 [case(MsvAvNbComputerName)]     [flag(ndr_ntlmssp_negotiated_string_flags(NTLMSSP_NEGOTIATE_UNICODE))] string AvNbComputerName;
155                 [case(MsvAvNbDomainName)]       [flag(ndr_ntlmssp_negotiated_string_flags(NTLMSSP_NEGOTIATE_UNICODE))] string AvNbDomainName;
156                 [case(MsvAvDnsComputerName)]    [flag(ndr_ntlmssp_negotiated_string_flags(NTLMSSP_NEGOTIATE_UNICODE))] string AvDnsComputerName;
157                 [case(MsvAvDnsDomainName)]      [flag(ndr_ntlmssp_negotiated_string_flags(NTLMSSP_NEGOTIATE_UNICODE))] string AvDnsDomainName;
158                 [case(MsvAvDnsTreeName)]        [flag(ndr_ntlmssp_negotiated_string_flags(NTLMSSP_NEGOTIATE_UNICODE))] string AvDnsTreeName;
159                 [case(MsvAvFlags)]              ntlmssp_AvFlags AvFlags;
160                 [case(MsvAvTimestamp)]          NTTIME AvTimestamp;
161                 [case(MsvAvSingleHost)]         ntlmssp_SingleHostData AvSingleHost;
162                 [case(MsvAvTargetName)]         [flag(ndr_ntlmssp_negotiated_string_flags(NTLMSSP_NEGOTIATE_UNICODE))] string AvTargetName;
163                 [case(MsvChannelBindings)]      uint8 ChannelBindings[16];
164                 [default]                       [flag(NDR_REMAINING)] DATA_BLOB blob;
165         } ntlmssp_AvValue;
166
167         /* [MS-NLMP] 2.2.2.1 AV_PAIR */
168
169         typedef [public,flag(NDR_NOALIGN)] struct {
170                 ntlmssp_AvId AvId;
171                 [value(ndr_size_ntlmssp_AvValue(&r->Value, r->AvId, 0))] uint16 AvLen;
172                 [subcontext(0),subcontext_size(AvLen),switch_is(AvId)] ntlmssp_AvValue Value;
173         } AV_PAIR;
174
175         typedef [public,gensize,nopush,nopull,flag(NDR_NOALIGN)] struct {
176                 uint32 count;
177                 AV_PAIR pair[count];
178         } AV_PAIR_LIST;
179
180         /* [MS-NLMP] 2.2.1.2 CHALLENGE_MESSAGE */
181
182         typedef [public,flag(NDR_PAHEX)] struct {
183                 [charset(DOS),value("NTLMSSP")] uint8 Signature[8];
184                 [value(NtLmChallenge)] ntlmssp_MessageType MessageType;
185                 [value(ndr_ntlmssp_string_length(NegotiateFlags, TargetName))] uint16 TargetNameLen;
186                 [value(TargetNameLen)] uint16 TargetNameMaxLen;
187                 [relative] [subcontext(0),subcontext_size(TargetNameLen)] [flag(ndr_ntlmssp_negotiated_string_flags(r->NegotiateFlags))] string *TargetName;
188                 NEGOTIATE NegotiateFlags;
189                 uint8 ServerChallenge[8];
190                 uint8 Reserved[8];
191                 [value(ndr_size_AV_PAIR_LIST(TargetInfo, ndr->flags))] uint16 TargetInfoLen;
192                 [value(TargetInfoLen)] uint16 TargetInfoMaxLen;
193                 [relative] [subcontext(0),subcontext_size(TargetInfoLen)] AV_PAIR_LIST *TargetInfo;
194                 [switch_is(NegotiateFlags & NTLMSSP_NEGOTIATE_VERSION)] ntlmssp_Version Version;
195         } CHALLENGE_MESSAGE;
196
197         /* [MS-NLMP] 2.2.2.3 LM_RESPONSE */
198
199         typedef [public,flag(NDR_PAHEX)] struct {
200                 uint8 Response[24];
201         } LM_RESPONSE;
202
203         /* [MS-NLMP] 2.2.2.4 LMv2_RESPONSE */
204
205         typedef [public,flag(NDR_PAHEX)] struct {
206                 uint8 Response[16];
207                 uint8 ChallengeFromClient[8];
208         } LMv2_RESPONSE;
209
210         typedef [nodiscriminant] union {
211                 [case(24)] LM_RESPONSE v1;
212                 [default];
213         } ntlmssp_LM_RESPONSE;
214
215         /* [MS-NLMP] 2.2.2.6 NTLM_RESPONSE */
216
217         typedef [public,flag(NDR_PAHEX)] struct {
218                 uint8 Response[24];
219         } NTLM_RESPONSE;
220
221         /* [MS-NLMP] 2.2.2.7 NTLMv2_CLIENT_CHALLENGE */
222
223         typedef [flag(NDR_PAHEX)] struct {
224                 [value(1)] uint8 RespType;
225                 [value(1)] uint8 HiRespType;
226                 uint16 Reserved1;
227                 uint32 Reserved2;
228                 NTTIME TimeStamp;
229                 uint8 ChallengeFromClient[8];
230                 uint32 Reserved3;
231                 [subcontext(0)] [flag(NDR_REMAINING)] AV_PAIR_LIST AvPairs;
232         } NTLMv2_CLIENT_CHALLENGE;
233
234         /* [MS-NLMP] 2.2.2.8 NTLMv2_RESPONSE */
235
236         typedef [public,flag(NDR_PAHEX)] struct {
237                 uint8 Response[16];
238                 NTLMv2_CLIENT_CHALLENGE Challenge;
239         } NTLMv2_RESPONSE;
240
241         typedef [public,nodiscriminant] union {
242                 [case(0)] ;
243                 [case(0x18)] NTLM_RESPONSE v1;
244                 [default] NTLMv2_RESPONSE v2;
245         } ntlmssp_NTLM_RESPONSE;
246
247         const int NTLMSSP_MIC_OFFSET = 72;
248         const int NTLMSSP_MIC_SIZE = 16;
249
250         typedef [flag(NDR_PAHEX)] struct {
251                 uint8 MIC[NTLMSSP_MIC_SIZE];
252         } ntlmssp_MIC;
253
254         /* [MS-NLMP] 2.2.1.3 AUTHENTICATE_MESSAGE */
255
256         typedef [public,flag(NDR_REMAINING)] struct {
257                 [charset(DOS),value("NTLMSSP")] uint8 Signature[8];
258                 [value(NtLmAuthenticate)] ntlmssp_MessageType MessageType;
259                 uint16 LmChallengeResponseLen;
260                 [value(LmChallengeResponseLen)] uint16 LmChallengeResponseMaxLen;
261                 [relative] [subcontext(0),subcontext_size(LmChallengeResponseLen),switch_is(LmChallengeResponseLen)] ntlmssp_LM_RESPONSE *LmChallengeResponse;
262                 uint16 NtChallengeResponseLen;
263                 [value(NtChallengeResponseLen)] uint16 NtChallengeResponseMaxLen;
264                 [relative] [subcontext(0),subcontext_size(NtChallengeResponseMaxLen),switch_is(NtChallengeResponseLen)] ntlmssp_NTLM_RESPONSE *NtChallengeResponse;
265                 [value(ndr_ntlmssp_string_length(NegotiateFlags, DomainName))] uint16 DomainNameLen;
266                 [value(DomainNameLen)] uint16 DomainNameMaxLen;
267                 [relative] [subcontext(0),subcontext_size(DomainNameLen)] [flag(ndr_ntlmssp_negotiated_string_flags(r->NegotiateFlags))] string *DomainName;
268                 [value(ndr_ntlmssp_string_length(NegotiateFlags, UserName))] uint16 UserNameLen;
269                 [value(UserNameLen)] uint16 UserNameMaxLen;
270                 [relative] [subcontext(0),subcontext_size(UserNameLen)] [flag(ndr_ntlmssp_negotiated_string_flags(r->NegotiateFlags))] string *UserName;
271                 [value(ndr_ntlmssp_string_length(NegotiateFlags, Workstation))] uint16 WorkstationLen;
272                 [value(WorkstationLen)] uint16 WorkstationMaxLen;
273                 [relative] [subcontext(0),subcontext_size(WorkstationLen)] [flag(ndr_ntlmssp_negotiated_string_flags(r->NegotiateFlags))] string *Workstation;
274                 [value(EncryptedRandomSessionKey->length)] uint16 EncryptedRandomSessionKeyLen;
275                 [value(EncryptedRandomSessionKeyLen)] uint16 EncryptedRandomSessionKeyMaxLen;
276                 [relative] [subcontext(0),subcontext_size(EncryptedRandomSessionKeyLen)] DATA_BLOB *EncryptedRandomSessionKey;
277                 NEGOTIATE NegotiateFlags;
278                 [switch_is(NegotiateFlags & NTLMSSP_NEGOTIATE_VERSION)] ntlmssp_Version Version;
279                 /* MIC (Message Integrity) is only included when the client has
280                  * sent a timestap Av struct in the CHALLENGE_MESSAGE AvPair */
281                 /* [flag(NDR_REMAINING)] ntlmssp_MIC mic; */
282         } AUTHENTICATE_MESSAGE;
283
284         /* NTLMSSP signature version */
285         const int NTLMSSP_SIGN_VERSION = 0x01;
286
287         /* NTLMSSP signature size */
288         const int NTLMSSP_SIG_SIZE = 16;
289
290         /* [MS-NLMP] 2.2.2.9.1 NTLMSSP_MESSAGE_SIGNATURE */
291
292         typedef [public] struct {
293                  [value(NTLMSSP_SIGN_VERSION)] uint32 Version;
294                  uint32 RandomPad;
295                  uint32 Checksum;
296                  uint32 SeqNum;
297         } NTLMSSP_MESSAGE_SIGNATURE;
298
299         /* [MS-NLMP] 2.2.2.9.2 NTLMSSP_MESSAGE_SIGNATURE for Extended Session Security */
300
301         typedef [public,flag(NDR_PAHEX)] struct {
302                  [value(NTLMSSP_SIGN_VERSION)] uint32 Version;
303                  uint8 Checksum[8];
304                  uint32 SeqNum;
305         } NTLMSSP_MESSAGE_SIGNATURE_NTLMv2;
306
307         /* some ndrdump helpers */
308
309         void decode_NEGOTIATE_MESSAGE(
310                 [in] NEGOTIATE_MESSAGE negotiate
311                 );
312
313         void decode_CHALLENGE_MESSAGE(
314                 [in] CHALLENGE_MESSAGE challenge
315                 );
316
317         void decode_AUTHENTICATE_MESSAGE(
318                 [in] AUTHENTICATE_MESSAGE authenticate
319                 );
320
321         void decode_NTLMv2_CLIENT_CHALLENGE(
322                 [in] NTLMv2_CLIENT_CHALLENGE challenge
323                 );
324
325         void decode_NTLMv2_RESPONSE(
326                 [in] NTLMv2_RESPONSE response
327                 );
328
329 }