1 /* 2 * Licensed to the Apache Software Foundation (ASF) under one 3 * or more contributor license agreements. See the NOTICE file 4 * distributed with this work for additional information 5 * regarding copyright ownership. The ASF licenses this file 6 * to you under the Apache License, Version 2.0 (the 7 * "License"); you may not use this file except in compliance 8 * with the License. You may obtain a copy of the License at 9 * 10 * http://www.apache.org/licenses/LICENSE-2.0 11 * 12 * Unless required by applicable law or agreed to in writing, 13 * software distributed under the License is distributed on an 14 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 * KIND, either express or implied. See the License for the 16 * specific language governing permissions and limitations 17 * under the License. 18 * 19 */ 20 package org.apache.mina.proxy.handlers.http.ntlm; 21 22 /** 23 * NTLMConstants.java - All NTLM constants. 24 * 25 * @author <a href="http://mina.apache.org">Apache MINA Project</a> 26 * @since MINA 2.0.0-M3 27 */ 28 public interface NTLMConstants { 29 /** Signature "NTLMSSP"+{0} */ 30 byte[] NTLM_SIGNATURE = new byte[] { 0x4E, 0x54, 0x4C, 0x4D, 0x53, 0x53, 0x50, 0 }; 31 32 /** Version 5.1.2600 a Windows XP version (ex: Build 2600.xpsp_sp2_gdr.050301-1519 : Service Pack 2) */ 33 byte[] DEFAULT_OS_VERSION = new byte[] { 0x05, 0x01, 0x28, 0x0A, 0, 0, 0, 0x0F }; 34 35 /** 36 * Message types 37 */ 38 /** Type 1 */ 39 int MESSAGE_TYPE_1 = 1; 40 41 /** Type 2 */ 42 int MESSAGE_TYPE_2 = 2; 43 44 /** Type 3 */ 45 int MESSAGE_TYPE_3 = 3; 46 47 /** 48 * Message flags 49 */ 50 51 /** Indicates that Unicode strings are supported for use in security buffer data */ 52 int FLAG_NEGOTIATE_UNICODE = 0x00000001; 53 54 /** Indicates that OEM strings are supported for use in security buffer data */ 55 int FLAG_NEGOTIATE_OEM = 0x00000002; 56 57 /** Requests that the server's authentication realm be included in the Type 2 message */ 58 int FLAG_REQUEST_SERVER_AUTH_REALM = 0x00000004; 59 60 /** 61 * Specifies that authenticated communication between the client 62 * and server should carry a digital signature (message integrity) 63 */ 64 int FLAG_NEGOTIATE_SIGN = 0x00000010; 65 66 /** 67 * Specifies that authenticated communication between the client 68 * and server should be encrypted (message confidentiality) 69 */ 70 int FLAG_NEGOTIATE_SEAL = 0x00000020; 71 72 /** Indicates that datagram authentication is being used */ 73 int FLAG_NEGOTIATE_DATAGRAM_STYLE = 0x00000040; 74 75 /** 76 * Indicates that the Lan Manager Session Key should be used for signing and 77 * sealing authenticated communications 78 */ 79 int FLAG_NEGOTIATE_LAN_MANAGER_KEY = 0x00000080; 80 81 /** Indicates that NTLM authentication is being used */ 82 int FLAG_NEGOTIATE_NTLM = 0x00000200; 83 84 /** 85 * Sent by the client in the Type 3 message to indicate that an anonymous context 86 * has been established. This also affects the response fields 87 **/ 88 int FLAG_NEGOTIATE_ANONYMOUS = 0x00000800; 89 90 /** 91 * Sent by the client in the Type 1 message to indicate that the name of the domain in which 92 * the client workstation has membership is included in the message. This is used by the 93 * server to determine whether the client is eligible for local authentication 94 */ 95 int FLAG_NEGOTIATE_DOMAIN_SUPPLIED = 0x00001000; 96 97 /** 98 * Sent by the client in the Type 1 message to indicate that the client workstation's name 99 * is included in the message. This is used by the server to determine whether the client 100 * is eligible for local authentication 101 */ 102 int FLAG_NEGOTIATE_WORKSTATION_SUPPLIED = 0x00002000; 103 104 /** 105 * Sent by the server to indicate that the server and client are on the same machine. 106 * Implies that the client may use the established local credentials for authentication 107 * instead of calculating a response to the challenge 108 */ 109 int FLAG_NEGOTIATE_LOCAL_CALL = 0x00004000; 110 111 /** 112 * Indicates that authenticated communication between the client and server should 113 * be signed with a "dummy" signature 114 **/ 115 int FLAG_NEGOTIATE_ALWAYS_SIGN = 0x00008000; 116 117 /** 118 * Sent by the server in the Type 2 message to indicate that the target authentication 119 * realm is a domain 120 **/ 121 int FLAG_TARGET_TYPE_DOMAIN = 0x00010000; 122 123 /** 124 * Sent by the server in the Type 2 message to indicate that the target authentication 125 * realm is a server 126 */ 127 int FLAG_TARGET_TYPE_SERVER = 0x00020000; 128 129 /** 130 * Sent by the server in the Type 2 message to indicate that the target authentication 131 * realm is a share. Presumably, this is for share-level authentication. Usage is unclear 132 **/ 133 int FLAG_TARGET_TYPE_SHARE = 0x00040000; 134 135 /** 136 * Indicates that the NTLM2 signing and sealing scheme should be used for protecting 137 * authenticated communications. Note that this refers to a particular session security 138 * scheme, and is not related to the use of NTLMv2 authentication. This flag can, however, 139 * have an effect on the response calculations 140 **/ 141 int FLAG_NEGOTIATE_NTLM2 = 0x00080000; 142 143 /** 144 * Sent by the server in the Type 2 message to indicate that it is including a Target 145 * Information block in the message. The Target Information block is used in the 146 * calculation of the NTLMv2 response 147 */ 148 int FLAG_NEGOTIATE_TARGET_INFO = 0x00800000; 149 150 /** Indicates that 128-bit encryption is supported */ 151 int FLAG_NEGOTIATE_128_BIT_ENCRYPTION = 0x20000000; 152 153 /** 154 * Indicates that the client will provide an encrypted master key in the "Session Key" 155 * field of the Type 3 message 156 **/ 157 int FLAG_NEGOTIATE_KEY_EXCHANGE = 0x40000000; 158 159 /** Indicates that 56-bit encryption is supported */ 160 int FLAG_NEGOTIATE_56_BIT_ENCRYPTION = 0x80000000; 161 162 /** WARN : These flags usage has not been identified */ 163 int FLAG_UNIDENTIFIED_1 = 0x00000008; 164 165 /** Negotiate Netware ??! */ 166 int FLAG_UNIDENTIFIED_2 = 0x00000100; 167 168 /** Undefined */ 169 int FLAG_UNIDENTIFIED_3 = 0x00000400; 170 171 /** Request Init Response ??! */ 172 int FLAG_UNIDENTIFIED_4 = 0x00100000; 173 174 /** Request Accept Response ??! */ 175 int FLAG_UNIDENTIFIED_5 = 0x00200000; 176 177 /** Request Non-NT Session Key ??! */ 178 int FLAG_UNIDENTIFIED_6 = 0x00400000; 179 180 /** Undefined */ 181 int FLAG_UNIDENTIFIED_7 = 0x01000000; 182 183 /** Undefined */ 184 int FLAG_UNIDENTIFIED_8 = 0x02000000; 185 186 /** Undefined */ 187 int FLAG_UNIDENTIFIED_9 = 0x04000000; 188 189 /** Undefined */ 190 int FLAG_UNIDENTIFIED_10 = 0x08000000; 191 192 /** Undefined */ 193 int FLAG_UNIDENTIFIED_11 = 0x10000000; 194 195 /** Default minimal flag set */ 196 int DEFAULT_FLAGS = FLAG_NEGOTIATE_OEM | FLAG_NEGOTIATE_UNICODE 197 | FLAG_NEGOTIATE_WORKSTATION_SUPPLIED | FLAG_NEGOTIATE_DOMAIN_SUPPLIED; 198 199 /** 200 * Target Information sub blocks types. It may be that there are other 201 * as-yet-unidentified sub block types as well. 202 */ 203 204 /** Sub block terminator */ 205 short TARGET_INFORMATION_SUBBLOCK_TERMINATOR_TYPE = 0x0000; 206 207 /** Server name */ 208 short TARGET_INFORMATION_SUBBLOCK_SERVER_TYPE = 0x0100; 209 210 /** Domain name */ 211 short TARGET_INFORMATION_SUBBLOCK_DOMAIN_TYPE = 0x0200; 212 213 /** Fully-qualified DNS host name (i.e., server.domain.com) */ 214 short TARGET_INFORMATION_SUBBLOCK_FQDNS_HOSTNAME_TYPE = 0x0300; 215 216 /** DNS domain name (i.e., domain.com) */ 217 short TARGET_INFORMATION_SUBBLOCK_DNS_DOMAIN_NAME_TYPE = 0x0400; 218 219 /** Apparently the "parent" DNS domain for servers in sub domains */ 220 short TARGET_INFORMATION_SUBBLOCK_PARENT_DNS_DOMAIN_NAME_TYPE = 0x0500; 221 }