File indexing completed on 2024-05-05 16:14:08 

0001 /*
0002     This file is part of the KDE libraries.
0003     SPDX-FileCopyrightText: 2004 Szombathelyi György <gyurco@freemail.hu>
0004 
0005     SPDX-License-Identifier: LGPL-2.0-only
0006 */
0007 
0008 #ifndef KNTLM_H
0009 #define KNTLM_H
0010 
0011 #include <QByteArray>
0012 #include <QString>
0013 
0014 #include "kntlm_export.h"
0015 
0016 #if KNTLM_ENABLE_DEPRECATED_SINCE(5, 91)
0017 /**
0018  * @short KNTLM class implements the NTLM authentication protocol.
0019  *
0020  * The KNTLM class is useful for creating the authentication structures which
0021  * can be used for various servers which implements NTLM type authentication.
0022  * A comprehensive description of the NTLM authentication protocol can be found
0023  * at https://davenport.sourceforge.net/ntlm.html
0024  * The class also contains methods to create the LanManager and NT (MD4) hashes
0025  * of a password.
0026  * This class doesn't maintain any state information, so all methods are static.
0027  *
0028  * @deprecated Since 5.91, no known users.
0029  */
0030 class KNTLM_EXPORT KNTLM
0031 {
0032 public:
0033     enum Flags {
0034         Negotiate_Unicode = 0x00000001,
0035         Negotiate_OEM = 0x00000002,
0036         Request_Target = 0x00000004,
0037         Negotiate_Sign = 0x00000010,
0038         Negotiate_Seal = 0x00000020,
0039         Negotiate_Datagram_Style = 0x00000040,
0040         Negotiate_LM_Key = 0x00000080,
0041         Negotiate_Netware = 0x00000100,
0042         Negotiate_NTLM = 0x00000200,
0043         Negotiate_Domain_Supplied = 0x00001000,
0044         Negotiate_WS_Supplied = 0x00002000,
0045         Negotiate_Local_Call = 0x00004000,
0046         Negotiate_Always_Sign = 0x00008000,
0047         Target_Type_Domain = 0x00010000,
0048         Target_Type_Server = 0x00020000,
0049         Target_Type_Share = 0x00040000,
0050         Negotiate_NTLM2_Key = 0x00080000,
0051         Request_Init_Response = 0x00100000,
0052         Request_Accept_Response = 0x00200000,
0053         Request_NonNT_Key = 0x00400000,
0054         Negotiate_Target_Info = 0x00800000,
0055         Negotiate_128 = 0x20000000,
0056         Negotiate_Key_Exchange = 0x40000000,
0057         Negotiate_56 = 0x80000000,
0058     };
0059 
0060     /**
0061      * @see AuthFlags
0062      */
0063     enum AuthFlag {
0064         Force_V1 = 0x1,
0065         Force_V2 = 0x2,
0066         Add_LM = 0x4,
0067     };
0068 
0069     /**
0070      * Stores a combination of #AuthFlag values.
0071      */
0072     Q_DECLARE_FLAGS(AuthFlags, AuthFlag)
0073 
0074     typedef struct {
0075         quint16 len;
0076         quint16 maxlen;
0077         quint32 offset;
0078     } SecBuf;
0079 
0080     /**
0081      * The NTLM Type 1 structure
0082      */
0083     typedef struct {
0084         char signature[8]; /* "NTLMSSP\0" */
0085         quint32 msgType; /* 1 */
0086         quint32 flags;
0087         SecBuf domain;
0088         SecBuf workstation;
0089     } Negotiate;
0090 
0091     /**
0092      * The NTLM Type 2 structure
0093      */
0094     typedef struct {
0095         char signature[8];
0096         quint32 msgType; /* 2 */
0097         SecBuf targetName;
0098         quint32 flags;
0099         quint8 challengeData[8];
0100         quint32 context[2];
0101         SecBuf targetInfo;
0102     } Challenge;
0103 
0104     /**
0105      * The NTLM Type 3 structure
0106      */
0107     typedef struct {
0108         char signature[8];
0109         quint32 msgType; /* 3 */
0110         SecBuf lmResponse;
0111         SecBuf ntResponse;
0112         SecBuf domain;
0113         SecBuf user;
0114         SecBuf workstation;
0115         SecBuf sessionKey;
0116         quint32 flags;
0117     } Auth;
0118 
0119     typedef struct {
0120         quint32 signature;
0121         quint32 reserved;
0122         quint64 timestamp;
0123         quint8 challenge[8];
0124         quint8 unknown[4];
0125         // Target info block - variable length
0126     } Blob;
0127 
0128     /**
0129      * Creates the initial message (type 1) which should be sent to the server.
0130      *
0131      * @param negotiate - a buffer where the Type 1 message will returned.
0132      * @param domain - the domain name which should be send with the message.
0133      * @param workstation - the workstation name which should be send with the message.
0134      * @param flags - various flags, in most cases the defaults will good.
0135      *
0136      * @return true if creating the structure succeeds, false otherwise.
0137      *
0138      * @deprecated Since 5.91, no known users.
0139      */
0140     KNTLM_DEPRECATED_VERSION(5, 91, "No known users.")
0141     static bool getNegotiate(QByteArray &negotiate,
0142                              const QString &domain = QString(),
0143                              const QString &workstation = QString(),
0144                              quint32 flags = Negotiate_Unicode | Request_Target | Negotiate_NTLM);
0145     /**
0146      * Creates the type 3 message which should be sent to the server after
0147      * the challenge (type 2) received.
0148      *
0149      * @param auth - a buffer where the Type 3 message will returned.
0150      * @param challenge - the Type 2 message returned by the server.
0151      * @param user - user's name.
0152      * @param password - user's password.
0153      * @param domain - the target domain. If left NULL (i.e. QString()), it will be extracted
0154      * from the challenge. If set to an empty string (QString("")) an empty domain will be used.
0155      * @param workstation - the user's workstation.
0156      * @param authflags - AuthFlags flags that changes the response generation behavior.
0157      * Force_V1 or Force_V2 forces (NT)LMv1 or (NT)LMv2 responses generation, otherwise it's
0158      * autodetected from the challenge. Add_LM adds LMv1 or LMv2 responses additional to the
0159      * NTLM response.
0160      *
0161      * @return true if auth filled with the Type 3 message, false if an error occurred
0162      * (challenge data invalid, NTLMv2 authentication forced, but the challenge data says
0163      * no NTLMv2 supported, or no NTLM supported at all, and Add_LM not specified).
0164      *
0165      * @deprecated Since 5.91, no known users.
0166      */
0167     KNTLM_DEPRECATED_VERSION(5, 91, "No known users.")
0168     static bool getAuth(QByteArray &auth,
0169                         const QByteArray &challenge,
0170                         const QString &user,
0171                         const QString &password,
0172                         const QString &domain = QString(),
0173                         const QString &workstation = QString(),
0174                         AuthFlags authflags = Add_LM);
0175 
0176     /**
0177      * Returns the LanManager response from the password and the server challenge.
0178      *
0179      * @deprecated Since 5.91, no known users.
0180      */
0181     KNTLM_DEPRECATED_VERSION(5, 91, "No known users.")
0182     static QByteArray getLMResponse(const QString &password, const unsigned char *challenge);
0183 
0184     /**
0185      * Calculates the LanManager hash of the specified password.
0186      *
0187      * @deprecated Since 5.91, no known users.
0188      */
0189     KNTLM_DEPRECATED_VERSION(5, 91, "No known users.")
0190     static QByteArray lmHash(const QString &password);
0191 
0192     /**
0193      * Calculates the LanManager response from the LanManager hash and the server challenge.
0194      *
0195      * @deprecated Since 5.91, no known users.
0196      */
0197     KNTLM_DEPRECATED_VERSION(5, 91, "No known users.")
0198     static QByteArray lmResponse(const QByteArray &hash, const unsigned char *challenge);
0199 
0200     /**
0201      * Returns the NTLM response from the password and the server challenge.
0202      *
0203      * @deprecated Since 5.91, no known users.
0204      */
0205     KNTLM_DEPRECATED_VERSION(5, 91, "No known users.")
0206     static QByteArray getNTLMResponse(const QString &password, const unsigned char *challenge);
0207 
0208     /**
0209      * Returns the NTLM hash (MD4) from the password.
0210      *
0211      * @deprecated Since 5.91, no known users.
0212      */
0213     KNTLM_DEPRECATED_VERSION(5, 91, "No known users.")
0214     static QByteArray ntlmHash(const QString &password);
0215 
0216     /**
0217      * Calculates the NTLMv2 response.
0218      *
0219      * @deprecated Since 5.91, no known users.
0220      */
0221     KNTLM_DEPRECATED_VERSION(5, 91, "No known users.")
0222     static QByteArray
0223     getNTLMv2Response(const QString &target, const QString &user, const QString &password, const QByteArray &targetInformation, const unsigned char *challenge);
0224 
0225     /**
0226      * Calculates the LMv2 response.
0227      *
0228      * @deprecated Since 5.91, no known users.
0229      */
0230     KNTLM_DEPRECATED_VERSION(5, 91, "No known users.")
0231     static QByteArray getLMv2Response(const QString &target, const QString &user, const QString &password, const unsigned char *challenge);
0232 
0233     /**
0234      * Returns the NTLMv2 hash.
0235      *
0236      * @deprecated Since 5.91, no known users.
0237      */
0238     KNTLM_DEPRECATED_VERSION(5, 91, "No known users.")
0239     static QByteArray ntlmv2Hash(const QString &target, const QString &user, const QString &password);
0240 
0241     /**
0242      * Calculates the LMv2 response.
0243      *
0244      * @deprecated Since 5.91, no known users.
0245      */
0246     KNTLM_DEPRECATED_VERSION(5, 91, "No known users.")
0247     static QByteArray lmv2Response(const QByteArray &hash, const QByteArray &clientData, const unsigned char *challenge);
0248 };
0249 
0250 Q_DECLARE_OPERATORS_FOR_FLAGS(KNTLM::AuthFlags)
0251 
0252 #endif // KNTLM_ENABLE_DEPRECATED_SINCE(5, 91)
0253 
0254 #endif /* KNTLM_H */