View Javadoc

1   /*
2    *  Licensed to the Apache Software Foundation (ASF) under one
3    *  or more contributor license agreements.  See the NOTICE file
4    *  distributed with this work for additional information
5    *  regarding copyright ownership.  The ASF licenses this file
6    *  to you under the Apache License, Version 2.0 (the
7    *  "License"); you may not use this file except in compliance
8    *  with the License.  You may obtain a copy of the License at
9    *
10   *    http://www.apache.org/licenses/LICENSE-2.0
11   *
12   *  Unless required by applicable law or agreed to in writing,
13   *  software distributed under the License is distributed on an
14   *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   *  KIND, either express or implied.  See the License for the
16   *  specific language governing permissions and limitations
17   *  under the License.
18   *
19   */
20  package org.apache.mina.proxy.handlers.http.ntlm;
21  
22  /**
23   * NTLMConstants.java - All NTLM constants.
24   * 
25   * @author The Apache MINA Project (dev@mina.apache.org)
26   * @version $Rev: 685703 $, $Date: 2008-08-14 00:14:47 +0200 (Thu, 14 Aug 2008) $
27   * @since MINA 2.0.0-M3
28   */
29  public interface NTLMConstants {
30      // Signature "NTLMSSP"+{0}
31      public final static byte[] NTLM_SIGNATURE = new byte[] { 0x4E, 0x54, 0x4C,
32              0x4D, 0x53, 0x53, 0x50, 0 };
33  
34      // Version 5.1.2600 a Windows XP version (ex: Build 2600.xpsp_sp2_gdr.050301-1519 : Service Pack 2)
35      public final static byte[] DEFAULT_OS_VERSION = new byte[] { 0x05, 0x01,
36              0x28, 0x0A, 0, 0, 0, 0x0F };
37  
38      /**
39       * Message types
40       */
41  
42      public final static int MESSAGE_TYPE_1 = 1;
43  
44      public final static int MESSAGE_TYPE_2 = 2;
45  
46      public final static int MESSAGE_TYPE_3 = 3;
47  
48      /**
49       * Message flags
50       */
51  
52      // Indicates that Unicode strings are supported for use in security buffer data
53      public final static int FLAG_NEGOTIATE_UNICODE = 0x00000001;
54  
55      // Indicates that OEM strings are supported for use in security buffer data
56      public final static int FLAG_NEGOTIATE_OEM = 0x00000002;
57  
58      // Requests that the server's authentication realm be included in the Type 2 message
59      public final static int FLAG_REQUEST_SERVER_AUTH_REALM = 0x00000004;
60  
61      // Specifies that authenticated communication between the client 
62      // and server should carry a digital signature (message integrity)
63      public final static int FLAG_NEGOTIATE_SIGN = 0x00000010;
64  
65      // Specifies that authenticated communication between the client 
66      // and server should be encrypted (message confidentiality)
67      public final static int FLAG_NEGOTIATE_SEAL = 0x00000020;
68  
69      // Indicates that datagram authentication is being used
70      public final static int FLAG_NEGOTIATE_DATAGRAM_STYLE = 0x00000040;
71  
72      // Indicates that the Lan Manager Session Key should be used for signing and 
73      // sealing authenticated communications
74      public final static int FLAG_NEGOTIATE_LAN_MANAGER_KEY = 0x00000080;
75  
76      // Indicates that NTLM authentication is being used
77      public final static int FLAG_NEGOTIATE_NTLM = 0x00000200;
78  
79      // Sent by the client in the Type 3 message to indicate that an anonymous context 
80      // has been established. This also affects the response fields
81      public final static int FLAG_NEGOTIATE_ANONYMOUS = 0x00000800;
82  
83      // Sent by the client in the Type 1 message to indicate that the name of the domain in which 
84      // the client workstation has membership is included in the message. This is used by the 
85      // server to determine whether the client is eligible for local authentication
86      public final static int FLAG_NEGOTIATE_DOMAIN_SUPPLIED = 0x00001000;
87  
88      // Sent by the client in the Type 1 message to indicate that the client workstation's name 
89      // is included in the message. This is used by the server to determine whether the client 
90      // is eligible for local authentication
91      public final static int FLAG_NEGOTIATE_WORKSTATION_SUPPLIED = 0x00002000;
92  
93      // Sent by the server to indicate that the server and client are on the same machine.
94      // Implies that the client may use the established local credentials for authentication 
95      // instead of calculating a response to the challenge
96      public final static int FLAG_NEGOTIATE_LOCAL_CALL = 0x00004000;
97  
98      // Indicates that authenticated communication between the client and server should 
99      // be signed with a "dummy" signature
100     public final static int FLAG_NEGOTIATE_ALWAYS_SIGN = 0x00008000;
101 
102     // Sent by the server in the Type 2 message to indicate that the target authentication 
103     // realm is a domain
104     public final static int FLAG_TARGET_TYPE_DOMAIN = 0x00010000;
105 
106     // Sent by the server in the Type 2 message to indicate that the target authentication 
107     // realm is a server
108     public final static int FLAG_TARGET_TYPE_SERVER = 0x00020000;
109 
110     // Sent by the server in the Type 2 message to indicate that the target authentication 
111     // realm is a share. Presumably, this is for share-level authentication. Usage is unclear
112     public final static int FLAG_TARGET_TYPE_SHARE = 0x00040000;
113 
114     // Indicates that the NTLM2 signing and sealing scheme should be used for protecting 
115     // authenticated communications. Note that this refers to a particular session security 
116     // scheme, and is not related to the use of NTLMv2 authentication. This flag can, however, 
117     // have an effect on the response calculations
118     public final static int FLAG_NEGOTIATE_NTLM2 = 0x00080000;
119 
120     // Sent by the server in the Type 2 message to indicate that it is including a Target 
121     // Information block in the message. The Target Information block is used in the 
122     // calculation of the NTLMv2 response
123     public final static int FLAG_NEGOTIATE_TARGET_INFO = 0x00800000;
124 
125     // Indicates that 128-bit encryption is supported
126     public final static int FLAG_NEGOTIATE_128_BIT_ENCRYPTION = 0x20000000;
127 
128     // Indicates that the client will provide an encrypted master key in the "Session Key" 
129     // field of the Type 3 message
130     public final static int FLAG_NEGOTIATE_KEY_EXCHANGE = 0x40000000;
131 
132     // Indicates that 56-bit encryption is supported
133     public final static int FLAG_NEGOTIATE_56_BIT_ENCRYPTION = 0x80000000;
134 
135     // WARN : These flags usage has not been identified
136     public final static int FLAG_UNIDENTIFIED_1 = 0x00000008;
137 
138     public final static int FLAG_UNIDENTIFIED_2 = 0x00000100; // Negotiate Netware ??!
139 
140     public final static int FLAG_UNIDENTIFIED_3 = 0x00000400;
141 
142     public final static int FLAG_UNIDENTIFIED_4 = 0x00100000; // Request Init Response ??!
143 
144     public final static int FLAG_UNIDENTIFIED_5 = 0x00200000; // Request Accept Response ??!
145 
146     public final static int FLAG_UNIDENTIFIED_6 = 0x00400000; // Request Non-NT Session Key ??!
147 
148     public final static int FLAG_UNIDENTIFIED_7 = 0x01000000;
149 
150     public final static int FLAG_UNIDENTIFIED_8 = 0x02000000;
151 
152     public final static int FLAG_UNIDENTIFIED_9 = 0x04000000;
153 
154     public final static int FLAG_UNIDENTIFIED_10 = 0x08000000;
155 
156     public final static int FLAG_UNIDENTIFIED_11 = 0x10000000;
157 
158     // Default minimal flag set
159     public final static int DEFAULT_FLAGS = FLAG_NEGOTIATE_OEM
160             | FLAG_NEGOTIATE_UNICODE | FLAG_NEGOTIATE_WORKSTATION_SUPPLIED
161             | FLAG_NEGOTIATE_DOMAIN_SUPPLIED;
162 
163     /** 
164      * Target Information sub blocks types. It may be that there are other 
165      * as-yet-unidentified sub block types as well.
166      */
167 
168     // Sub block terminator
169     public final static short TARGET_INFORMATION_SUBBLOCK_TERMINATOR_TYPE = 0x0000;
170 
171     // Server name
172     public final static short TARGET_INFORMATION_SUBBLOCK_SERVER_TYPE = 0x0100;
173 
174     // Domain name
175     public final static short TARGET_INFORMATION_SUBBLOCK_DOMAIN_TYPE = 0x0200;
176 
177     // Fully-qualified DNS host name (i.e., server.domain.com)
178     public final static short TARGET_INFORMATION_SUBBLOCK_FQDNS_HOSTNAME_TYPE = 0x0300;
179 
180     // DNS domain name (i.e., domain.com)
181     public final static short TARGET_INFORMATION_SUBBLOCK_DNS_DOMAIN_NAME_TYPE = 0x0400;
182 
183     // Apparently the "parent" DNS domain for servers in sub domains
184     public final static short TARGET_INFORMATION_SUBBLOCK_PARENT_DNS_DOMAIN_NAME_TYPE = 0x0500;
185 }