1 /*
2 * Licensed to the Apache Software Foundation (ASF) under one
3 * or more contributor license agreements. See the NOTICE file
4 * distributed with this work for additional information
5 * regarding copyright ownership. The ASF licenses this file
6 * to you under the Apache License, Version 2.0 (the
7 * "License"); you may not use this file except in compliance
8 * with the License. You may obtain a copy of the License at
9 *
10 * http://www.apache.org/licenses/LICENSE-2.0
11 *
12 * Unless required by applicable law or agreed to in writing,
13 * software distributed under the License is distributed on an
14 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15 * KIND, either express or implied. See the License for the
16 * specific language governing permissions and limitations
17 * under the License.
18 *
19 */
20 package org.apache.mina.proxy.handlers.http.ntlm;
21
22 /**
23 * NTLMConstants.java - All NTLM constants.
24 *
25 * @author <a href="http://mina.apache.org">Apache MINA Project</a>
26 * @since MINA 2.0.0-M3
27 */
28 public interface NTLMConstants {
29 /** Signature "NTLMSSP"+{0} */
30 byte[] NTLM_SIGNATURE = new byte[] { 0x4E, 0x54, 0x4C, 0x4D, 0x53, 0x53, 0x50, 0 };
31
32 /** Version 5.1.2600 a Windows XP version (ex: Build 2600.xpsp_sp2_gdr.050301-1519 : Service Pack 2) */
33 byte[] DEFAULT_OS_VERSION = new byte[] { 0x05, 0x01, 0x28, 0x0A, 0, 0, 0, 0x0F };
34
35 /**
36 * Message types
37 */
38 /** Type 1 */
39 int MESSAGE_TYPE_1 = 1;
40
41 /** Type 2 */
42 int MESSAGE_TYPE_2 = 2;
43
44 /** Type 3 */
45 int MESSAGE_TYPE_3 = 3;
46
47 /**
48 * Message flags
49 */
50
51 /** Indicates that Unicode strings are supported for use in security buffer data */
52 int FLAG_NEGOTIATE_UNICODE = 0x00000001;
53
54 /** Indicates that OEM strings are supported for use in security buffer data */
55 int FLAG_NEGOTIATE_OEM = 0x00000002;
56
57 /** Requests that the server's authentication realm be included in the Type 2 message */
58 int FLAG_REQUEST_SERVER_AUTH_REALM = 0x00000004;
59
60 /**
61 * Specifies that authenticated communication between the client
62 * and server should carry a digital signature (message integrity)
63 */
64 int FLAG_NEGOTIATE_SIGN = 0x00000010;
65
66 /**
67 * Specifies that authenticated communication between the client
68 * and server should be encrypted (message confidentiality)
69 */
70 int FLAG_NEGOTIATE_SEAL = 0x00000020;
71
72 /** Indicates that datagram authentication is being used */
73 int FLAG_NEGOTIATE_DATAGRAM_STYLE = 0x00000040;
74
75 /**
76 * Indicates that the Lan Manager Session Key should be used for signing and
77 * sealing authenticated communications
78 */
79 int FLAG_NEGOTIATE_LAN_MANAGER_KEY = 0x00000080;
80
81 /** Indicates that NTLM authentication is being used */
82 int FLAG_NEGOTIATE_NTLM = 0x00000200;
83
84 /**
85 * Sent by the client in the Type 3 message to indicate that an anonymous context
86 * has been established. This also affects the response fields
87 **/
88 int FLAG_NEGOTIATE_ANONYMOUS = 0x00000800;
89
90 /**
91 * Sent by the client in the Type 1 message to indicate that the name of the domain in which
92 * the client workstation has membership is included in the message. This is used by the
93 * server to determine whether the client is eligible for local authentication
94 */
95 int FLAG_NEGOTIATE_DOMAIN_SUPPLIED = 0x00001000;
96
97 /**
98 * Sent by the client in the Type 1 message to indicate that the client workstation's name
99 * is included in the message. This is used by the server to determine whether the client
100 * is eligible for local authentication
101 */
102 int FLAG_NEGOTIATE_WORKSTATION_SUPPLIED = 0x00002000;
103
104 /**
105 * Sent by the server to indicate that the server and client are on the same machine.
106 * Implies that the client may use the established local credentials for authentication
107 * instead of calculating a response to the challenge
108 */
109 int FLAG_NEGOTIATE_LOCAL_CALL = 0x00004000;
110
111 /**
112 * Indicates that authenticated communication between the client and server should
113 * be signed with a "dummy" signature
114 **/
115 int FLAG_NEGOTIATE_ALWAYS_SIGN = 0x00008000;
116
117 /**
118 * Sent by the server in the Type 2 message to indicate that the target authentication
119 * realm is a domain
120 **/
121 int FLAG_TARGET_TYPE_DOMAIN = 0x00010000;
122
123 /**
124 * Sent by the server in the Type 2 message to indicate that the target authentication
125 * realm is a server
126 */
127 int FLAG_TARGET_TYPE_SERVER = 0x00020000;
128
129 /**
130 * Sent by the server in the Type 2 message to indicate that the target authentication
131 * realm is a share. Presumably, this is for share-level authentication. Usage is unclear
132 **/
133 int FLAG_TARGET_TYPE_SHARE = 0x00040000;
134
135 /**
136 * Indicates that the NTLM2 signing and sealing scheme should be used for protecting
137 * authenticated communications. Note that this refers to a particular session security
138 * scheme, and is not related to the use of NTLMv2 authentication. This flag can, however,
139 * have an effect on the response calculations
140 **/
141 int FLAG_NEGOTIATE_NTLM2 = 0x00080000;
142
143 /**
144 * Sent by the server in the Type 2 message to indicate that it is including a Target
145 * Information block in the message. The Target Information block is used in the
146 * calculation of the NTLMv2 response
147 */
148 int FLAG_NEGOTIATE_TARGET_INFO = 0x00800000;
149
150 /** Indicates that 128-bit encryption is supported */
151 int FLAG_NEGOTIATE_128_BIT_ENCRYPTION = 0x20000000;
152
153 /**
154 * Indicates that the client will provide an encrypted master key in the "Session Key"
155 * field of the Type 3 message
156 **/
157 int FLAG_NEGOTIATE_KEY_EXCHANGE = 0x40000000;
158
159 /** Indicates that 56-bit encryption is supported */
160 int FLAG_NEGOTIATE_56_BIT_ENCRYPTION = 0x80000000;
161
162 /** WARN : These flags usage has not been identified */
163 int FLAG_UNIDENTIFIED_1 = 0x00000008;
164
165 /** Negotiate Netware ??! */
166 int FLAG_UNIDENTIFIED_2 = 0x00000100;
167
168 /** Undefined */
169 int FLAG_UNIDENTIFIED_3 = 0x00000400;
170
171 /** Request Init Response ??! */
172 int FLAG_UNIDENTIFIED_4 = 0x00100000;
173
174 /** Request Accept Response ??! */
175 int FLAG_UNIDENTIFIED_5 = 0x00200000;
176
177 /** Request Non-NT Session Key ??! */
178 int FLAG_UNIDENTIFIED_6 = 0x00400000;
179
180 /** Undefined */
181 int FLAG_UNIDENTIFIED_7 = 0x01000000;
182
183 /** Undefined */
184 int FLAG_UNIDENTIFIED_8 = 0x02000000;
185
186 /** Undefined */
187 int FLAG_UNIDENTIFIED_9 = 0x04000000;
188
189 /** Undefined */
190 int FLAG_UNIDENTIFIED_10 = 0x08000000;
191
192 /** Undefined */
193 int FLAG_UNIDENTIFIED_11 = 0x10000000;
194
195 /** Default minimal flag set */
196 int DEFAULT_FLAGS = FLAG_NEGOTIATE_OEM | FLAG_NEGOTIATE_UNICODE
197 | FLAG_NEGOTIATE_WORKSTATION_SUPPLIED | FLAG_NEGOTIATE_DOMAIN_SUPPLIED;
198
199 /**
200 * Target Information sub blocks types. It may be that there are other
201 * as-yet-unidentified sub block types as well.
202 */
203
204 /** Sub block terminator */
205 short TARGET_INFORMATION_SUBBLOCK_TERMINATOR_TYPE = 0x0000;
206
207 /** Server name */
208 short TARGET_INFORMATION_SUBBLOCK_SERVER_TYPE = 0x0100;
209
210 /** Domain name */
211 short TARGET_INFORMATION_SUBBLOCK_DOMAIN_TYPE = 0x0200;
212
213 /** Fully-qualified DNS host name (i.e., server.domain.com) */
214 short TARGET_INFORMATION_SUBBLOCK_FQDNS_HOSTNAME_TYPE = 0x0300;
215
216 /** DNS domain name (i.e., domain.com) */
217 short TARGET_INFORMATION_SUBBLOCK_DNS_DOMAIN_NAME_TYPE = 0x0400;
218
219 /** Apparently the "parent" DNS domain for servers in sub domains */
220 short TARGET_INFORMATION_SUBBLOCK_PARENT_DNS_DOMAIN_NAME_TYPE = 0x0500;
221 }