6 ntlmssp interface definition
10 pointer_default(unique),
11 helper("../librpc/ndr/ndr_ntlmssp.h"),
12 helpstring("NTLM messages"),
13 uuid("6e746c6d-7373-700a-0000-00000000")
17 typedef [v1_enum] enum {
18 NtLmNegotiate = 0x00000001,
19 NtLmChallenge = 0x00000002,
20 NtLmAuthenticate = 0x00000003
21 } ntlmssp_MessageType;
23 /* [MS-NLMP] 2.2.2.5 NEGOTIATE */
25 typedef [bitmap32bit] bitmap {
26 NTLMSSP_NEGOTIATE_UNICODE = 0x00000001,
27 NTLMSSP_NEGOTIATE_OEM = 0x00000002, /* NTLM_NEGOTIATE_OEM in MS-NLMP */
28 NTLMSSP_REQUEST_TARGET = 0x00000004,
29 NTLMSSP_NEGOTIATE_SIGN = 0x00000010, /* Message integrity */
30 NTLMSSP_NEGOTIATE_SEAL = 0x00000020, /* Message confidentiality */
31 NTLMSSP_NEGOTIATE_DATAGRAM = 0x00000040,
32 NTLMSSP_NEGOTIATE_LM_KEY = 0x00000080,
33 NTLMSSP_NEGOTIATE_NETWARE = 0x00000100, /* not mentioned in MS-NLMP */
34 NTLMSSP_NEGOTIATE_NTLM = 0x00000200,
35 NTLMSSP_NEGOTIATE_NT_ONLY = 0x00000400,
36 NTLMSSP_ANONYMOUS = 0x00000800, /* no symbol name in MS-NLMP */
37 NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED = 0x00001000,
38 NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED = 0x00002000,
39 NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL = 0x00004000, /* not mentioned in MS-NLMP */
40 NTLMSSP_NEGOTIATE_ALWAYS_SIGN = 0x00008000,
41 NTLMSSP_TARGET_TYPE_DOMAIN = 0x00010000,
42 NTLMSSP_TARGET_TYPE_SERVER = 0x00020000,
43 NTLMSSP_TARGET_TYPE_SHARE = 0x00040000,
44 NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY = 0x00080000,
45 NTLMSSP_NEGOTIATE_IDENTIFY = 0x00100000,
46 NTLMSSP_REQUEST_NON_NT_SESSION_KEY = 0x00400000,
47 NTLMSSP_NEGOTIATE_TARGET_INFO = 0x00800000,
48 NTLMSSP_NEGOTIATE_VERSION = 0x02000000,
49 NTLMSSP_NEGOTIATE_128 = 0x20000000, /* 128-bit encryption */
50 NTLMSSP_NEGOTIATE_KEY_EXCH = 0x40000000,
51 NTLMSSP_NEGOTIATE_56 = 0x80000000
54 /* convenience mapping */
55 const int NTLMSSP_NEGOTIATE_NTLM2 = NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY;
58 NTLMSSP_WINDOWS_MAJOR_VERSION_5: Windows XP SP2 and Server 2003
59 NTLMSSP_WINDOWS_MAJOR_VERSION_6: Windows Vista, Server 2008, 7, Server 2008 R2, 8, Server 2012, 8.1, Server 2012 R2
60 NTLMSSP_WINDOWS_MAJOR_VERSION_10: Windows 10, Windows Server 2016 Technical Preview
63 typedef [enum8bit] enum {
64 NTLMSSP_WINDOWS_MAJOR_VERSION_5 = 0x05,
65 NTLMSSP_WINDOWS_MAJOR_VERSION_6 = 0x06,
66 NTLMSSP_WINDOWS_MAJOR_VERSION_10 = 0x0A
67 } ntlmssp_WindowsMajorVersion;
70 NTLMSSP_WINDOWS_MINOR_VERSION_0: Windows Vista, 10, Server 2016 Technical Preview
71 NTLMSSP_WINDOWS_MINOR_VERSION_1: Windows XP SP2, 7, Server 2008 R2
72 NTLMSSP_WINDOWS_MINOR_VERSION_2: Windows Server 2003, 8, Server 2012
73 NTLMSSP_WINDOWS_MINOR_VERSION_3: Windows 8.1, Server 2012 R2
76 typedef [enum8bit] enum {
77 NTLMSSP_WINDOWS_MINOR_VERSION_0 = 0x00,
78 NTLMSSP_WINDOWS_MINOR_VERSION_1 = 0x01,
79 NTLMSSP_WINDOWS_MINOR_VERSION_2 = 0x02,
80 NTLMSSP_WINDOWS_MINOR_VERSION_3 = 0x03
81 } ntlmssp_WindowsMinorVersion;
84 NTLMSSP_REVISION_W2K3_RC1:
85 NTLMSSP_REVISION_W2K3: Windows XP SP2, Server 2003, Vista, Server 2008, 7, Server 2008 R2
88 typedef [enum8bit] enum {
89 NTLMSSP_REVISION_W2K3_RC1 = 0x0A,
90 NTLMSSP_REVISION_W2K3 = 0x0F
91 } ntlmssp_NTLMRevisionCurrent;
93 /* [MS-NLMP] 2.2.2.10 VERSION */
95 typedef [public] struct {
96 ntlmssp_WindowsMajorVersion ProductMajorVersion;
97 ntlmssp_WindowsMinorVersion ProductMinorVersion;
100 ntlmssp_NTLMRevisionCurrent NTLMRevisionCurrent;
103 typedef [noprint,nodiscriminant] union {
104 [case(NTLMSSP_NEGOTIATE_VERSION)] ntlmssp_VERSION version;
108 /* [MS-NLMP] 2.2.1.1 NEGOTIATE_MESSAGE */
110 typedef [public] struct {
111 [charset(DOS),value("NTLMSSP")] uint8 Signature[8];
112 [value(NtLmNegotiate)] ntlmssp_MessageType MessageType;
113 NEGOTIATE NegotiateFlags;
114 [value(DomainName ? strlen(DomainName) : 0)] uint16 DomainNameLen;
115 [value(DomainNameLen)] uint16 DomainNameMaxLen;
116 [relative] [subcontext(0),subcontext_size(DomainNameLen)] [flag(ndr_ntlmssp_negotiated_string_flags(NTLMSSP_NEGOTIATE_OEM))] string *DomainName;
117 [value(Workstation ? strlen(Workstation) : 0)] uint16 WorkstationLen;
118 [value(WorkstationLen)] uint16 WorkstationMaxLen;
119 [relative] [subcontext(0),subcontext_size(WorkstationLen)] [flag(ndr_ntlmssp_negotiated_string_flags(NTLMSSP_NEGOTIATE_OEM))] string *Workstation;
120 [switch_is(NegotiateFlags & NTLMSSP_NEGOTIATE_VERSION)] ntlmssp_Version Version;
125 MsvAvNbComputerName = 1,
126 MsvAvNbDomainName = 2,
127 MsvAvDnsComputerName = 3,
128 MsvAvDnsDomainName = 4,
129 MsvAvDnsTreeName = 5,
134 MsvChannelBindings = 10
137 /* [MS-NLMP] 2.2.2.2 SingleHostData */
139 typedef [flag(NDR_PAHEX)] struct {
140 [value(8+ndr_size_LSAP_TOKEN_INFO_INTEGRITY(&r->token_info, 0)+r->remaining.length)] uint32 Size;
141 [value(0)] uint32 Z4;
142 LSAP_TOKEN_INFO_INTEGRITY token_info;
143 [flag(NDR_REMAINING)] DATA_BLOB remaining;
144 } ntlmssp_SingleHostData;
146 typedef [bitmap32bit] bitmap {
147 NTLMSSP_AVFLAG_CONSTRAINTED_ACCOUNT = 0x00000001,
148 NTLMSSP_AVFLAG_MIC_IN_AUTHENTICATE_MESSAGE = 0x00000002,
149 NTLMSSP_AVFLAG_TARGET_SPN_FROM_UNTRUSTED_SOURCE = 0x00000004
152 typedef [gensize,nodiscriminant,flag(NDR_NOALIGN)] union {
154 [case(MsvAvNbComputerName)] [flag(ndr_ntlmssp_negotiated_string_flags(NTLMSSP_NEGOTIATE_UNICODE))] string AvNbComputerName;
155 [case(MsvAvNbDomainName)] [flag(ndr_ntlmssp_negotiated_string_flags(NTLMSSP_NEGOTIATE_UNICODE))] string AvNbDomainName;
156 [case(MsvAvDnsComputerName)] [flag(ndr_ntlmssp_negotiated_string_flags(NTLMSSP_NEGOTIATE_UNICODE))] string AvDnsComputerName;
157 [case(MsvAvDnsDomainName)] [flag(ndr_ntlmssp_negotiated_string_flags(NTLMSSP_NEGOTIATE_UNICODE))] string AvDnsDomainName;
158 [case(MsvAvDnsTreeName)] [flag(ndr_ntlmssp_negotiated_string_flags(NTLMSSP_NEGOTIATE_UNICODE))] string AvDnsTreeName;
159 [case(MsvAvFlags)] ntlmssp_AvFlags AvFlags;
160 [case(MsvAvTimestamp)] NTTIME AvTimestamp;
161 [case(MsvAvSingleHost)] ntlmssp_SingleHostData AvSingleHost;
162 [case(MsvAvTargetName)] [flag(ndr_ntlmssp_negotiated_string_flags(NTLMSSP_NEGOTIATE_UNICODE))] string AvTargetName;
163 [case(MsvChannelBindings)] uint8 ChannelBindings[16];
164 [default] [flag(NDR_REMAINING)] DATA_BLOB blob;
167 /* [MS-NLMP] 2.2.2.1 AV_PAIR */
169 typedef [public,flag(NDR_NOALIGN)] struct {
171 [value(ndr_size_ntlmssp_AvValue(&r->Value, r->AvId, 0))] uint16 AvLen;
172 [subcontext(0),subcontext_size(AvLen),switch_is(AvId)] ntlmssp_AvValue Value;
175 typedef [gensize,nopush,nopull,flag(NDR_NOALIGN)] struct {
180 /* [MS-NLMP] 2.2.1.2 CHALLENGE_MESSAGE */
182 typedef [public,flag(NDR_PAHEX)] struct {
183 [charset(DOS),value("NTLMSSP")] uint8 Signature[8];
184 [value(NtLmChallenge)] ntlmssp_MessageType MessageType;
185 [value(ndr_ntlmssp_string_length(NegotiateFlags, TargetName))] uint16 TargetNameLen;
186 [value(TargetNameLen)] uint16 TargetNameMaxLen;
187 [relative] [subcontext(0),subcontext_size(TargetNameLen)] [flag(ndr_ntlmssp_negotiated_string_flags(r->NegotiateFlags))] string *TargetName;
188 NEGOTIATE NegotiateFlags;
189 uint8 ServerChallenge[8];
191 [value(ndr_size_AV_PAIR_LIST(TargetInfo, ndr->flags))] uint16 TargetInfoLen;
192 [value(TargetInfoLen)] uint16 TargetInfoMaxLen;
193 [relative] [subcontext(0),subcontext_size(TargetInfoLen)] AV_PAIR_LIST *TargetInfo;
194 [switch_is(NegotiateFlags & NTLMSSP_NEGOTIATE_VERSION)] ntlmssp_Version Version;
197 /* [MS-NLMP] 2.2.2.3 LM_RESPONSE */
199 typedef [public,flag(NDR_PAHEX)] struct {
203 /* [MS-NLMP] 2.2.2.4 LMv2_RESPONSE */
205 typedef [public,flag(NDR_PAHEX)] struct {
207 uint8 ChallengeFromClient[8];
210 typedef [nodiscriminant] union {
211 [case(24)] LM_RESPONSE v1;
213 } ntlmssp_LM_RESPONSE;
215 /* [MS-NLMP] 2.2.2.6 NTLM_RESPONSE */
217 typedef [public,flag(NDR_PAHEX)] struct {
221 /* [MS-NLMP] 2.2.2.7 NTLMv2_CLIENT_CHALLENGE */
223 typedef [flag(NDR_PAHEX)] struct {
224 [value(1)] uint8 RespType;
225 [value(1)] uint8 HiRespType;
229 uint8 ChallengeFromClient[8];
231 [subcontext(0)] [flag(NDR_REMAINING)] AV_PAIR_LIST AvPairs;
232 } NTLMv2_CLIENT_CHALLENGE;
234 /* [MS-NLMP] 2.2.2.8 NTLMv2_RESPONSE */
236 typedef [public,flag(NDR_PAHEX)] struct {
238 NTLMv2_CLIENT_CHALLENGE Challenge;
241 typedef [public,nodiscriminant] union {
243 [case(0x18)] NTLM_RESPONSE v1;
244 [default] NTLMv2_RESPONSE v2;
245 } ntlmssp_NTLM_RESPONSE;
247 typedef [flag(NDR_PAHEX)] struct {
251 /* [MS-NLMP] 2.2.1.3 AUTHENTICATE_MESSAGE */
253 typedef [public,flag(NDR_REMAINING)] struct {
254 [charset(DOS),value("NTLMSSP")] uint8 Signature[8];
255 [value(NtLmAuthenticate)] ntlmssp_MessageType MessageType;
256 uint16 LmChallengeResponseLen;
257 [value(LmChallengeResponseLen)] uint16 LmChallengeResponseMaxLen;
258 [relative] [subcontext(0),subcontext_size(LmChallengeResponseLen),switch_is(LmChallengeResponseLen)] ntlmssp_LM_RESPONSE *LmChallengeResponse;
259 uint16 NtChallengeResponseLen;
260 [value(NtChallengeResponseLen)] uint16 NtChallengeResponseMaxLen;
261 [relative] [subcontext(0),subcontext_size(NtChallengeResponseMaxLen),switch_is(NtChallengeResponseLen)] ntlmssp_NTLM_RESPONSE *NtChallengeResponse;
262 [value(ndr_ntlmssp_string_length(NegotiateFlags, DomainName))] uint16 DomainNameLen;
263 [value(DomainNameLen)] uint16 DomainNameMaxLen;
264 [relative] [subcontext(0),subcontext_size(DomainNameLen)] [flag(ndr_ntlmssp_negotiated_string_flags(r->NegotiateFlags))] string *DomainName;
265 [value(ndr_ntlmssp_string_length(NegotiateFlags, UserName))] uint16 UserNameLen;
266 [value(UserNameLen)] uint16 UserNameMaxLen;
267 [relative] [subcontext(0),subcontext_size(UserNameLen)] [flag(ndr_ntlmssp_negotiated_string_flags(r->NegotiateFlags))] string *UserName;
268 [value(ndr_ntlmssp_string_length(NegotiateFlags, Workstation))] uint16 WorkstationLen;
269 [value(WorkstationLen)] uint16 WorkstationMaxLen;
270 [relative] [subcontext(0),subcontext_size(WorkstationLen)] [flag(ndr_ntlmssp_negotiated_string_flags(r->NegotiateFlags))] string *Workstation;
271 [value(EncryptedRandomSessionKey->length)] uint16 EncryptedRandomSessionKeyLen;
272 [value(EncryptedRandomSessionKeyLen)] uint16 EncryptedRandomSessionKeyMaxLen;
273 [relative] [subcontext(0),subcontext_size(EncryptedRandomSessionKeyLen)] DATA_BLOB *EncryptedRandomSessionKey;
274 NEGOTIATE NegotiateFlags;
275 [switch_is(NegotiateFlags & NTLMSSP_NEGOTIATE_VERSION)] ntlmssp_Version Version;
276 /* MIC (Message Integrity) is only included when the client has
277 * sent a timestap Av struct in the CHALLENGE_MESSAGE AvPair */
278 /* [flag(NDR_REMAINING)] MIC mic; */
279 } AUTHENTICATE_MESSAGE;
281 /* NTLMSSP signature version */
282 const int NTLMSSP_SIGN_VERSION = 0x01;
284 /* NTLMSSP signature size */
285 const int NTLMSSP_SIG_SIZE = 16;
287 /* [MS-NLMP] 2.2.2.9.1 NTLMSSP_MESSAGE_SIGNATURE */
289 typedef [public] struct {
290 [value(NTLMSSP_SIGN_VERSION)] uint32 Version;
294 } NTLMSSP_MESSAGE_SIGNATURE;
296 /* [MS-NLMP] 2.2.2.9.2 NTLMSSP_MESSAGE_SIGNATURE for Extended Session Security */
298 typedef [public,flag(NDR_PAHEX)] struct {
299 [value(NTLMSSP_SIGN_VERSION)] uint32 Version;
302 } NTLMSSP_MESSAGE_SIGNATURE_NTLMv2;
304 /* some ndrdump helpers */
306 void decode_NEGOTIATE_MESSAGE(
307 [in] NEGOTIATE_MESSAGE negotiate
310 void decode_CHALLENGE_MESSAGE(
311 [in] CHALLENGE_MESSAGE challenge
314 void decode_AUTHENTICATE_MESSAGE(
315 [in] AUTHENTICATE_MESSAGE authenticate
318 void decode_NTLMv2_CLIENT_CHALLENGE(
319 [in] NTLMv2_CLIENT_CHALLENGE challenge
322 void decode_NTLMv2_RESPONSE(
323 [in] NTLMv2_RESPONSE response