Source code

001/*
002 *  Licensed to the Apache Software Foundation (ASF) under one
003 *  or more contributor license agreements.  See the NOTICE file
004 *  distributed with this work for additional information
005 *  regarding copyright ownership.  The ASF licenses this file
006 *  to you under the Apache License, Version 2.0 (the
007 *  "License"); you may not use this file except in compliance
008 *  with the License.  You may obtain a copy of the License at
009 *
010 *    http://www.apache.org/licenses/LICENSE-2.0
011 *
012 *  Unless required by applicable law or agreed to in writing,
013 *  software distributed under the License is distributed on an
014 *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
015 *  KIND, either express or implied.  See the License for the
016 *  specific language governing permissions and limitations
017 *  under the License.
018 *
019 */
020package org.apache.mina.proxy.handlers.http.ntlm;
021
022/**
023 * NTLMConstants.java - All NTLM constants.
024 * 
025 * @author <a href="http://mina.apache.org">Apache MINA Project</a>
026 * @since MINA 2.0.0-M3
027 */
028public interface NTLMConstants {
029    // Signature "NTLMSSP"+{0}
030    byte[] NTLM_SIGNATURE = new byte[] { 0x4E, 0x54, 0x4C, 0x4D, 0x53, 0x53, 0x50, 0 };
031
032    // Version 5.1.2600 a Windows XP version (ex: Build 2600.xpsp_sp2_gdr.050301-1519 : Service Pack 2)
033    byte[] DEFAULT_OS_VERSION = new byte[] { 0x05, 0x01, 0x28, 0x0A, 0, 0, 0, 0x0F };
034
035    /**
036     * Message types
037     */
038    int MESSAGE_TYPE_1 = 1;
039
040    int MESSAGE_TYPE_2 = 2;
041
042    int MESSAGE_TYPE_3 = 3;
043
044    /**
045     * Message flags
046     */
047
048    // Indicates that Unicode strings are supported for use in security buffer data
049    int FLAG_NEGOTIATE_UNICODE = 0x00000001;
050
051    // Indicates that OEM strings are supported for use in security buffer data
052    int FLAG_NEGOTIATE_OEM = 0x00000002;
053
054    // Requests that the server's authentication realm be included in the Type 2 message
055    int FLAG_REQUEST_SERVER_AUTH_REALM = 0x00000004;
056
057    // Specifies that authenticated communication between the client 
058    // and server should carry a digital signature (message integrity)
059    int FLAG_NEGOTIATE_SIGN = 0x00000010;
060
061    // Specifies that authenticated communication between the client 
062    // and server should be encrypted (message confidentiality)
063    int FLAG_NEGOTIATE_SEAL = 0x00000020;
064
065    // Indicates that datagram authentication is being used
066    int FLAG_NEGOTIATE_DATAGRAM_STYLE = 0x00000040;
067
068    // Indicates that the Lan Manager Session Key should be used for signing and 
069    // sealing authenticated communications
070    int FLAG_NEGOTIATE_LAN_MANAGER_KEY = 0x00000080;
071
072    // Indicates that NTLM authentication is being used
073    int FLAG_NEGOTIATE_NTLM = 0x00000200;
074
075    // Sent by the client in the Type 3 message to indicate that an anonymous context 
076    // has been established. This also affects the response fields
077    int FLAG_NEGOTIATE_ANONYMOUS = 0x00000800;
078
079    // Sent by the client in the Type 1 message to indicate that the name of the domain in which 
080    // the client workstation has membership is included in the message. This is used by the 
081    // server to determine whether the client is eligible for local authentication
082    int FLAG_NEGOTIATE_DOMAIN_SUPPLIED = 0x00001000;
083
084    // Sent by the client in the Type 1 message to indicate that the client workstation's name 
085    // is included in the message. This is used by the server to determine whether the client 
086    // is eligible for local authentication
087    int FLAG_NEGOTIATE_WORKSTATION_SUPPLIED = 0x00002000;
088
089    // Sent by the server to indicate that the server and client are on the same machine.
090    // Implies that the client may use the established local credentials for authentication 
091    // instead of calculating a response to the challenge
092    int FLAG_NEGOTIATE_LOCAL_CALL = 0x00004000;
093
094    // Indicates that authenticated communication between the client and server should 
095    // be signed with a "dummy" signature
096    int FLAG_NEGOTIATE_ALWAYS_SIGN = 0x00008000;
097
098    // Sent by the server in the Type 2 message to indicate that the target authentication 
099    // realm is a domain
100    int FLAG_TARGET_TYPE_DOMAIN = 0x00010000;
101
102    // Sent by the server in the Type 2 message to indicate that the target authentication 
103    // realm is a server
104    int FLAG_TARGET_TYPE_SERVER = 0x00020000;
105
106    // Sent by the server in the Type 2 message to indicate that the target authentication 
107    // realm is a share. Presumably, this is for share-level authentication. Usage is unclear
108    int FLAG_TARGET_TYPE_SHARE = 0x00040000;
109
110    // Indicates that the NTLM2 signing and sealing scheme should be used for protecting 
111    // authenticated communications. Note that this refers to a particular session security 
112    // scheme, and is not related to the use of NTLMv2 authentication. This flag can, however, 
113    // have an effect on the response calculations
114    int FLAG_NEGOTIATE_NTLM2 = 0x00080000;
115
116    // Sent by the server in the Type 2 message to indicate that it is including a Target 
117    // Information block in the message. The Target Information block is used in the 
118    // calculation of the NTLMv2 response
119    int FLAG_NEGOTIATE_TARGET_INFO = 0x00800000;
120
121    // Indicates that 128-bit encryption is supported
122    int FLAG_NEGOTIATE_128_BIT_ENCRYPTION = 0x20000000;
123
124    // Indicates that the client will provide an encrypted master key in the "Session Key" 
125    // field of the Type 3 message
126    int FLAG_NEGOTIATE_KEY_EXCHANGE = 0x40000000;
127
128    // Indicates that 56-bit encryption is supported
129    int FLAG_NEGOTIATE_56_BIT_ENCRYPTION = 0x80000000;
130
131    // WARN : These flags usage has not been identified
132    int FLAG_UNIDENTIFIED_1 = 0x00000008;
133
134    int FLAG_UNIDENTIFIED_2 = 0x00000100; // Negotiate Netware ??!
135
136    int FLAG_UNIDENTIFIED_3 = 0x00000400;
137
138    int FLAG_UNIDENTIFIED_4 = 0x00100000; // Request Init Response ??!
139
140    int FLAG_UNIDENTIFIED_5 = 0x00200000; // Request Accept Response ??!
141
142    int FLAG_UNIDENTIFIED_6 = 0x00400000; // Request Non-NT Session Key ??!
143
144    int FLAG_UNIDENTIFIED_7 = 0x01000000;
145
146    int FLAG_UNIDENTIFIED_8 = 0x02000000;
147
148    int FLAG_UNIDENTIFIED_9 = 0x04000000;
149
150    int FLAG_UNIDENTIFIED_10 = 0x08000000;
151
152    int FLAG_UNIDENTIFIED_11 = 0x10000000;
153
154    // Default minimal flag set
155    int DEFAULT_FLAGS = FLAG_NEGOTIATE_OEM | FLAG_NEGOTIATE_UNICODE
156            | FLAG_NEGOTIATE_WORKSTATION_SUPPLIED | FLAG_NEGOTIATE_DOMAIN_SUPPLIED;
157
158    /** 
159     * Target Information sub blocks types. It may be that there are other 
160     * as-yet-unidentified sub block types as well.
161     */
162
163    // Sub block terminator
164    short TARGET_INFORMATION_SUBBLOCK_TERMINATOR_TYPE = 0x0000;
165
166    // Server name
167    short TARGET_INFORMATION_SUBBLOCK_SERVER_TYPE = 0x0100;
168
169    // Domain name
170    short TARGET_INFORMATION_SUBBLOCK_DOMAIN_TYPE = 0x0200;
171
172    // Fully-qualified DNS host name (i.e., server.domain.com)
173    short TARGET_INFORMATION_SUBBLOCK_FQDNS_HOSTNAME_TYPE = 0x0300;
174
175    // DNS domain name (i.e., domain.com)
176    short TARGET_INFORMATION_SUBBLOCK_DNS_DOMAIN_NAME_TYPE = 0x0400;
177
178    // Apparently the "parent" DNS domain for servers in sub domains
179    short TARGET_INFORMATION_SUBBLOCK_PARENT_DNS_DOMAIN_NAME_TYPE = 0x0500;
180}