File indexing completed on 2024-05-05 16:14:08
0001 /* 0002 This file is part of the KDE libraries. 0003 SPDX-FileCopyrightText: 2004 Szombathelyi György <gyurco@freemail.hu> 0004 0005 SPDX-License-Identifier: LGPL-2.0-only 0006 */ 0007 0008 #ifndef KNTLM_H 0009 #define KNTLM_H 0010 0011 #include <QByteArray> 0012 #include <QString> 0013 0014 #include "kntlm_export.h" 0015 0016 #if KNTLM_ENABLE_DEPRECATED_SINCE(5, 91) 0017 /** 0018 * @short KNTLM class implements the NTLM authentication protocol. 0019 * 0020 * The KNTLM class is useful for creating the authentication structures which 0021 * can be used for various servers which implements NTLM type authentication. 0022 * A comprehensive description of the NTLM authentication protocol can be found 0023 * at https://davenport.sourceforge.net/ntlm.html 0024 * The class also contains methods to create the LanManager and NT (MD4) hashes 0025 * of a password. 0026 * This class doesn't maintain any state information, so all methods are static. 0027 * 0028 * @deprecated Since 5.91, no known users. 0029 */ 0030 class KNTLM_EXPORT KNTLM 0031 { 0032 public: 0033 enum Flags { 0034 Negotiate_Unicode = 0x00000001, 0035 Negotiate_OEM = 0x00000002, 0036 Request_Target = 0x00000004, 0037 Negotiate_Sign = 0x00000010, 0038 Negotiate_Seal = 0x00000020, 0039 Negotiate_Datagram_Style = 0x00000040, 0040 Negotiate_LM_Key = 0x00000080, 0041 Negotiate_Netware = 0x00000100, 0042 Negotiate_NTLM = 0x00000200, 0043 Negotiate_Domain_Supplied = 0x00001000, 0044 Negotiate_WS_Supplied = 0x00002000, 0045 Negotiate_Local_Call = 0x00004000, 0046 Negotiate_Always_Sign = 0x00008000, 0047 Target_Type_Domain = 0x00010000, 0048 Target_Type_Server = 0x00020000, 0049 Target_Type_Share = 0x00040000, 0050 Negotiate_NTLM2_Key = 0x00080000, 0051 Request_Init_Response = 0x00100000, 0052 Request_Accept_Response = 0x00200000, 0053 Request_NonNT_Key = 0x00400000, 0054 Negotiate_Target_Info = 0x00800000, 0055 Negotiate_128 = 0x20000000, 0056 Negotiate_Key_Exchange = 0x40000000, 0057 Negotiate_56 = 0x80000000, 0058 }; 0059 0060 /** 0061 * @see AuthFlags 0062 */ 0063 enum AuthFlag { 0064 Force_V1 = 0x1, 0065 Force_V2 = 0x2, 0066 Add_LM = 0x4, 0067 }; 0068 0069 /** 0070 * Stores a combination of #AuthFlag values. 0071 */ 0072 Q_DECLARE_FLAGS(AuthFlags, AuthFlag) 0073 0074 typedef struct { 0075 quint16 len; 0076 quint16 maxlen; 0077 quint32 offset; 0078 } SecBuf; 0079 0080 /** 0081 * The NTLM Type 1 structure 0082 */ 0083 typedef struct { 0084 char signature[8]; /* "NTLMSSP\0" */ 0085 quint32 msgType; /* 1 */ 0086 quint32 flags; 0087 SecBuf domain; 0088 SecBuf workstation; 0089 } Negotiate; 0090 0091 /** 0092 * The NTLM Type 2 structure 0093 */ 0094 typedef struct { 0095 char signature[8]; 0096 quint32 msgType; /* 2 */ 0097 SecBuf targetName; 0098 quint32 flags; 0099 quint8 challengeData[8]; 0100 quint32 context[2]; 0101 SecBuf targetInfo; 0102 } Challenge; 0103 0104 /** 0105 * The NTLM Type 3 structure 0106 */ 0107 typedef struct { 0108 char signature[8]; 0109 quint32 msgType; /* 3 */ 0110 SecBuf lmResponse; 0111 SecBuf ntResponse; 0112 SecBuf domain; 0113 SecBuf user; 0114 SecBuf workstation; 0115 SecBuf sessionKey; 0116 quint32 flags; 0117 } Auth; 0118 0119 typedef struct { 0120 quint32 signature; 0121 quint32 reserved; 0122 quint64 timestamp; 0123 quint8 challenge[8]; 0124 quint8 unknown[4]; 0125 // Target info block - variable length 0126 } Blob; 0127 0128 /** 0129 * Creates the initial message (type 1) which should be sent to the server. 0130 * 0131 * @param negotiate - a buffer where the Type 1 message will returned. 0132 * @param domain - the domain name which should be send with the message. 0133 * @param workstation - the workstation name which should be send with the message. 0134 * @param flags - various flags, in most cases the defaults will good. 0135 * 0136 * @return true if creating the structure succeeds, false otherwise. 0137 * 0138 * @deprecated Since 5.91, no known users. 0139 */ 0140 KNTLM_DEPRECATED_VERSION(5, 91, "No known users.") 0141 static bool getNegotiate(QByteArray &negotiate, 0142 const QString &domain = QString(), 0143 const QString &workstation = QString(), 0144 quint32 flags = Negotiate_Unicode | Request_Target | Negotiate_NTLM); 0145 /** 0146 * Creates the type 3 message which should be sent to the server after 0147 * the challenge (type 2) received. 0148 * 0149 * @param auth - a buffer where the Type 3 message will returned. 0150 * @param challenge - the Type 2 message returned by the server. 0151 * @param user - user's name. 0152 * @param password - user's password. 0153 * @param domain - the target domain. If left NULL (i.e. QString()), it will be extracted 0154 * from the challenge. If set to an empty string (QString("")) an empty domain will be used. 0155 * @param workstation - the user's workstation. 0156 * @param authflags - AuthFlags flags that changes the response generation behavior. 0157 * Force_V1 or Force_V2 forces (NT)LMv1 or (NT)LMv2 responses generation, otherwise it's 0158 * autodetected from the challenge. Add_LM adds LMv1 or LMv2 responses additional to the 0159 * NTLM response. 0160 * 0161 * @return true if auth filled with the Type 3 message, false if an error occurred 0162 * (challenge data invalid, NTLMv2 authentication forced, but the challenge data says 0163 * no NTLMv2 supported, or no NTLM supported at all, and Add_LM not specified). 0164 * 0165 * @deprecated Since 5.91, no known users. 0166 */ 0167 KNTLM_DEPRECATED_VERSION(5, 91, "No known users.") 0168 static bool getAuth(QByteArray &auth, 0169 const QByteArray &challenge, 0170 const QString &user, 0171 const QString &password, 0172 const QString &domain = QString(), 0173 const QString &workstation = QString(), 0174 AuthFlags authflags = Add_LM); 0175 0176 /** 0177 * Returns the LanManager response from the password and the server challenge. 0178 * 0179 * @deprecated Since 5.91, no known users. 0180 */ 0181 KNTLM_DEPRECATED_VERSION(5, 91, "No known users.") 0182 static QByteArray getLMResponse(const QString &password, const unsigned char *challenge); 0183 0184 /** 0185 * Calculates the LanManager hash of the specified password. 0186 * 0187 * @deprecated Since 5.91, no known users. 0188 */ 0189 KNTLM_DEPRECATED_VERSION(5, 91, "No known users.") 0190 static QByteArray lmHash(const QString &password); 0191 0192 /** 0193 * Calculates the LanManager response from the LanManager hash and the server challenge. 0194 * 0195 * @deprecated Since 5.91, no known users. 0196 */ 0197 KNTLM_DEPRECATED_VERSION(5, 91, "No known users.") 0198 static QByteArray lmResponse(const QByteArray &hash, const unsigned char *challenge); 0199 0200 /** 0201 * Returns the NTLM response from the password and the server challenge. 0202 * 0203 * @deprecated Since 5.91, no known users. 0204 */ 0205 KNTLM_DEPRECATED_VERSION(5, 91, "No known users.") 0206 static QByteArray getNTLMResponse(const QString &password, const unsigned char *challenge); 0207 0208 /** 0209 * Returns the NTLM hash (MD4) from the password. 0210 * 0211 * @deprecated Since 5.91, no known users. 0212 */ 0213 KNTLM_DEPRECATED_VERSION(5, 91, "No known users.") 0214 static QByteArray ntlmHash(const QString &password); 0215 0216 /** 0217 * Calculates the NTLMv2 response. 0218 * 0219 * @deprecated Since 5.91, no known users. 0220 */ 0221 KNTLM_DEPRECATED_VERSION(5, 91, "No known users.") 0222 static QByteArray 0223 getNTLMv2Response(const QString &target, const QString &user, const QString &password, const QByteArray &targetInformation, const unsigned char *challenge); 0224 0225 /** 0226 * Calculates the LMv2 response. 0227 * 0228 * @deprecated Since 5.91, no known users. 0229 */ 0230 KNTLM_DEPRECATED_VERSION(5, 91, "No known users.") 0231 static QByteArray getLMv2Response(const QString &target, const QString &user, const QString &password, const unsigned char *challenge); 0232 0233 /** 0234 * Returns the NTLMv2 hash. 0235 * 0236 * @deprecated Since 5.91, no known users. 0237 */ 0238 KNTLM_DEPRECATED_VERSION(5, 91, "No known users.") 0239 static QByteArray ntlmv2Hash(const QString &target, const QString &user, const QString &password); 0240 0241 /** 0242 * Calculates the LMv2 response. 0243 * 0244 * @deprecated Since 5.91, no known users. 0245 */ 0246 KNTLM_DEPRECATED_VERSION(5, 91, "No known users.") 0247 static QByteArray lmv2Response(const QByteArray &hash, const QByteArray &clientData, const unsigned char *challenge); 0248 }; 0249 0250 Q_DECLARE_OPERATORS_FOR_FLAGS(KNTLM::AuthFlags) 0251 0252 #endif // KNTLM_ENABLE_DEPRECATED_SINCE(5, 91) 0253 0254 #endif /* KNTLM_H */