/usr/include/kio/kntlm.h is in kdelibs5-dev 4:4.14.2-5+deb8u2.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 | /*
This file is part of the KDE libraries.
Copyright (c) 2004 Szombathelyi György <gyurco@freemail.hu>
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Library General Public
License version 2 as published by the Free Software Foundation.
This library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Library General Public License for more details.
You should have received a copy of the GNU Library General Public License
along with this library; see the file COPYING.LIB. If not, write to
the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
Boston, MA 02110-1301, USA.
*/
#ifndef KNTLM_H
#define KNTLM_H
#include <QtCore/QString>
#include <QtCore/QByteArray>
#include "kntlm_export.h"
/**
* @short KNTLM class implements the NTLM authentication protocol.
*
* The KNTLM class is useful for creating the authentication structures which
* can be used for various servers which implements NTLM type authentication.
* A comprehensive description of the NTLM authentication protocol can be found
* at http://davenport.sourceforge.net/ntlm.html
* The class also contains methods to create the LanManager and NT (MD4) hashes
* of a password.
* This class doesn't maintain any state information, so all methods are static.
*/
class KNTLM_EXPORT KNTLM
{
public:
enum Flags {
Negotiate_Unicode = 0x00000001,
Negotiate_OEM = 0x00000002,
Request_Target = 0x00000004,
Negotiate_Sign = 0x00000010,
Negotiate_Seal = 0x00000020,
Negotiate_Datagram_Style = 0x00000040,
Negotiate_LM_Key = 0x00000080,
Negotiate_Netware = 0x00000100,
Negotiate_NTLM = 0x00000200,
Negotiate_Domain_Supplied = 0x00001000,
Negotiate_WS_Supplied = 0x00002000,
Negotiate_Local_Call = 0x00004000,
Negotiate_Always_Sign = 0x00008000,
Target_Type_Domain = 0x00010000,
Target_Type_Server = 0x00020000,
Target_Type_Share = 0x00040000,
Negotiate_NTLM2_Key = 0x00080000,
Request_Init_Response = 0x00100000,
Request_Accept_Response = 0x00200000,
Request_NonNT_Key = 0x00400000,
Negotiate_Target_Info = 0x00800000,
Negotiate_128 = 0x20000000,
Negotiate_Key_Exchange = 0x40000000,
Negotiate_56 = 0x80000000
};
enum AuthFlag {
Force_V1 = 0x1,
Force_V2 = 0x2,
Add_LM = 0x4
};
Q_DECLARE_FLAGS( AuthFlags, AuthFlag )
typedef struct {
quint16 len;
quint16 maxlen;
quint32 offset;
} SecBuf;
/**
* The NTLM Type 1 structure
*/
typedef struct {
char signature[8]; /* "NTLMSSP\0" */
quint32 msgType; /* 1 */
quint32 flags;
SecBuf domain;
SecBuf workstation;
} Negotiate;
/**
* The NTLM Type 2 structure
*/
typedef struct {
char signature[8];
quint32 msgType; /* 2 */
SecBuf targetName;
quint32 flags;
quint8 challengeData[8];
quint32 context[2];
SecBuf targetInfo;
} Challenge;
/**
* The NTLM Type 3 structure
*/
typedef struct {
char signature[8];
quint32 msgType; /* 3 */
SecBuf lmResponse;
SecBuf ntResponse;
SecBuf domain;
SecBuf user;
SecBuf workstation;
SecBuf sessionKey;
quint32 flags;
} Auth;
typedef struct {
quint32 signature;
quint32 reserved;
quint64 timestamp;
quint8 challenge[8];
quint8 unknown[4];
//Target info block - variable length
} Blob;
/**
* Creates the initial message (type 1) which should be sent to the server.
*
* @param negotiate - a buffer where the Type 1 message will returned.
* @param domain - the domain name which should be send with the message.
* @param workstation - the workstation name which should be send with the message.
* @param flags - various flags, in most cases the defaults will good.
*
* @return true if creating the structure succeeds, false otherwise.
*/
static bool getNegotiate( QByteArray &negotiate, const QString &domain = QString(),
const QString &workstation = QString(),
quint32 flags = Negotiate_Unicode | Request_Target | Negotiate_NTLM );
/**
* Creates the type 3 message which should be sent to the server after
* the challenge (type 2) received.
*
* @param auth - a buffer where the Type 3 message will returned.
* @param challenge - the Type 2 message returned by the server.
* @param user - user's name.
* @param password - user's password.
* @param domain - the target domain. If left empty, it will be extracted
* from the challenge.
* @param workstation - the user's workstation.
* @param authflags - AuthFlags flags that changes the response generation behavior.
* Force_V1 or Force_V2 forces (NT)LMv1 or (NT)LMv2 responses generation, otherwise it's
* autodetected from the challenge. Add_LM adds LMv1 or LMv2 responses additional to the
* NTLM response.
*
* @return true if auth filled with the Type 3 message, false if an error occurred
* (challenge data invalid, NTLMv2 authentication forced, but the challenge data says
* no NTLMv2 supported, or no NTLM supported at all, and Add_LM not specified).
*/
static bool getAuth( QByteArray &auth, const QByteArray &challenge, const QString &user,
const QString &password, const QString &domain = QString(),
const QString &workstation = QString(), AuthFlags authflags = Add_LM );
/**
* Returns the LanManager response from the password and the server challenge.
*/
static QByteArray getLMResponse( const QString &password, const unsigned char *challenge );
/**
* Calculates the LanManager hash of the specified password.
*/
static QByteArray lmHash( const QString &password );
/**
* Calculates the LanManager response from the LanManager hash and the server challenge.
*/
static QByteArray lmResponse( const QByteArray &hash, const unsigned char *challenge );
/**
* Returns the NTLM response from the password and the server challenge.
*/
static QByteArray getNTLMResponse( const QString &password, const unsigned char *challenge );
/**
* Returns the NTLM hash (MD4) from the password.
*/
static QByteArray ntlmHash( const QString &password );
/**
* Calculates the NTLMv2 response.
*/
static QByteArray getNTLMv2Response( const QString &target, const QString &user,
const QString &password, const QByteArray &targetInformation,
const unsigned char *challenge );
/**
* Calculates the LMv2 response.
*/
static QByteArray getLMv2Response( const QString &target, const QString &user,
const QString &password, const unsigned char *challenge );
/**
* Returns the NTLMv2 hash.
*/
static QByteArray ntlmv2Hash( const QString &target, const QString &user, const QString &password );
/**
* Calculates the LMv2 response.
*/
static QByteArray lmv2Response( const QByteArray &hash,
const QByteArray &clientData, const unsigned char *challenge );
};
Q_DECLARE_OPERATORS_FOR_FLAGS( KNTLM::AuthFlags )
#endif /* KNTLM_H */
|