1 /* 2 * Licensed to the Apache Software Foundation (ASF) under one 3 * or more contributor license agreements. See the NOTICE file 4 * distributed with this work for additional information 5 * regarding copyright ownership. The ASF licenses this file 6 * to you under the Apache License, Version 2.0 (the 7 * "License"); you may not use this file except in compliance 8 * with the License. You may obtain a copy of the License at 9 * 10 * http://www.apache.org/licenses/LICENSE-2.0 11 * 12 * Unless required by applicable law or agreed to in writing, 13 * software distributed under the License is distributed on an 14 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 * KIND, either express or implied. See the License for the 16 * specific language governing permissions and limitations 17 * under the License. 18 * 19 */ 20 package org.apache.mina.proxy.handlers.http.ntlm; 21 22 /** 23 * NTLMConstants.java - All NTLM constants. 24 * 25 * @author The Apache MINA Project (dev@mina.apache.org) 26 * @version $Rev: 685703 $, $Date: 2008-08-14 00:14:47 +0200 (Thu, 14 Aug 2008) $ 27 * @since MINA 2.0.0-M3 28 */ 29 public interface NTLMConstants { 30 // Signature "NTLMSSP"+{0} 31 public final static byte[] NTLM_SIGNATURE = new byte[] { 0x4E, 0x54, 0x4C, 32 0x4D, 0x53, 0x53, 0x50, 0 }; 33 34 // Version 5.1.2600 a Windows XP version (ex: Build 2600.xpsp_sp2_gdr.050301-1519 : Service Pack 2) 35 public final static byte[] DEFAULT_OS_VERSION = new byte[] { 0x05, 0x01, 36 0x28, 0x0A, 0, 0, 0, 0x0F }; 37 38 /** 39 * Message types 40 */ 41 42 public final static int MESSAGE_TYPE_1 = 1; 43 44 public final static int MESSAGE_TYPE_2 = 2; 45 46 public final static int MESSAGE_TYPE_3 = 3; 47 48 /** 49 * Message flags 50 */ 51 52 // Indicates that Unicode strings are supported for use in security buffer data 53 public final static int FLAG_NEGOTIATE_UNICODE = 0x00000001; 54 55 // Indicates that OEM strings are supported for use in security buffer data 56 public final static int FLAG_NEGOTIATE_OEM = 0x00000002; 57 58 // Requests that the server's authentication realm be included in the Type 2 message 59 public final static int FLAG_REQUEST_SERVER_AUTH_REALM = 0x00000004; 60 61 // Specifies that authenticated communication between the client 62 // and server should carry a digital signature (message integrity) 63 public final static int FLAG_NEGOTIATE_SIGN = 0x00000010; 64 65 // Specifies that authenticated communication between the client 66 // and server should be encrypted (message confidentiality) 67 public final static int FLAG_NEGOTIATE_SEAL = 0x00000020; 68 69 // Indicates that datagram authentication is being used 70 public final static int FLAG_NEGOTIATE_DATAGRAM_STYLE = 0x00000040; 71 72 // Indicates that the Lan Manager Session Key should be used for signing and 73 // sealing authenticated communications 74 public final static int FLAG_NEGOTIATE_LAN_MANAGER_KEY = 0x00000080; 75 76 // Indicates that NTLM authentication is being used 77 public final static int FLAG_NEGOTIATE_NTLM = 0x00000200; 78 79 // Sent by the client in the Type 3 message to indicate that an anonymous context 80 // has been established. This also affects the response fields 81 public final static int FLAG_NEGOTIATE_ANONYMOUS = 0x00000800; 82 83 // Sent by the client in the Type 1 message to indicate that the name of the domain in which 84 // the client workstation has membership is included in the message. This is used by the 85 // server to determine whether the client is eligible for local authentication 86 public final static int FLAG_NEGOTIATE_DOMAIN_SUPPLIED = 0x00001000; 87 88 // Sent by the client in the Type 1 message to indicate that the client workstation's name 89 // is included in the message. This is used by the server to determine whether the client 90 // is eligible for local authentication 91 public final static int FLAG_NEGOTIATE_WORKSTATION_SUPPLIED = 0x00002000; 92 93 // Sent by the server to indicate that the server and client are on the same machine. 94 // Implies that the client may use the established local credentials for authentication 95 // instead of calculating a response to the challenge 96 public final static int FLAG_NEGOTIATE_LOCAL_CALL = 0x00004000; 97 98 // Indicates that authenticated communication between the client and server should 99 // be signed with a "dummy" signature 100 public final static int FLAG_NEGOTIATE_ALWAYS_SIGN = 0x00008000; 101 102 // Sent by the server in the Type 2 message to indicate that the target authentication 103 // realm is a domain 104 public final static int FLAG_TARGET_TYPE_DOMAIN = 0x00010000; 105 106 // Sent by the server in the Type 2 message to indicate that the target authentication 107 // realm is a server 108 public final static int FLAG_TARGET_TYPE_SERVER = 0x00020000; 109 110 // Sent by the server in the Type 2 message to indicate that the target authentication 111 // realm is a share. Presumably, this is for share-level authentication. Usage is unclear 112 public final static int FLAG_TARGET_TYPE_SHARE = 0x00040000; 113 114 // Indicates that the NTLM2 signing and sealing scheme should be used for protecting 115 // authenticated communications. Note that this refers to a particular session security 116 // scheme, and is not related to the use of NTLMv2 authentication. This flag can, however, 117 // have an effect on the response calculations 118 public final static int FLAG_NEGOTIATE_NTLM2 = 0x00080000; 119 120 // Sent by the server in the Type 2 message to indicate that it is including a Target 121 // Information block in the message. The Target Information block is used in the 122 // calculation of the NTLMv2 response 123 public final static int FLAG_NEGOTIATE_TARGET_INFO = 0x00800000; 124 125 // Indicates that 128-bit encryption is supported 126 public final static int FLAG_NEGOTIATE_128_BIT_ENCRYPTION = 0x20000000; 127 128 // Indicates that the client will provide an encrypted master key in the "Session Key" 129 // field of the Type 3 message 130 public final static int FLAG_NEGOTIATE_KEY_EXCHANGE = 0x40000000; 131 132 // Indicates that 56-bit encryption is supported 133 public final static int FLAG_NEGOTIATE_56_BIT_ENCRYPTION = 0x80000000; 134 135 // WARN : These flags usage has not been identified 136 public final static int FLAG_UNIDENTIFIED_1 = 0x00000008; 137 138 public final static int FLAG_UNIDENTIFIED_2 = 0x00000100; // Negotiate Netware ??! 139 140 public final static int FLAG_UNIDENTIFIED_3 = 0x00000400; 141 142 public final static int FLAG_UNIDENTIFIED_4 = 0x00100000; // Request Init Response ??! 143 144 public final static int FLAG_UNIDENTIFIED_5 = 0x00200000; // Request Accept Response ??! 145 146 public final static int FLAG_UNIDENTIFIED_6 = 0x00400000; // Request Non-NT Session Key ??! 147 148 public final static int FLAG_UNIDENTIFIED_7 = 0x01000000; 149 150 public final static int FLAG_UNIDENTIFIED_8 = 0x02000000; 151 152 public final static int FLAG_UNIDENTIFIED_9 = 0x04000000; 153 154 public final static int FLAG_UNIDENTIFIED_10 = 0x08000000; 155 156 public final static int FLAG_UNIDENTIFIED_11 = 0x10000000; 157 158 // Default minimal flag set 159 public final static int DEFAULT_FLAGS = FLAG_NEGOTIATE_OEM 160 | FLAG_NEGOTIATE_UNICODE | FLAG_NEGOTIATE_WORKSTATION_SUPPLIED 161 | FLAG_NEGOTIATE_DOMAIN_SUPPLIED; 162 163 /** 164 * Target Information sub blocks types. It may be that there are other 165 * as-yet-unidentified sub block types as well. 166 */ 167 168 // Sub block terminator 169 public final static short TARGET_INFORMATION_SUBBLOCK_TERMINATOR_TYPE = 0x0000; 170 171 // Server name 172 public final static short TARGET_INFORMATION_SUBBLOCK_SERVER_TYPE = 0x0100; 173 174 // Domain name 175 public final static short TARGET_INFORMATION_SUBBLOCK_DOMAIN_TYPE = 0x0200; 176 177 // Fully-qualified DNS host name (i.e., server.domain.com) 178 public final static short TARGET_INFORMATION_SUBBLOCK_FQDNS_HOSTNAME_TYPE = 0x0300; 179 180 // DNS domain name (i.e., domain.com) 181 public final static short TARGET_INFORMATION_SUBBLOCK_DNS_DOMAIN_NAME_TYPE = 0x0400; 182 183 // Apparently the "parent" DNS domain for servers in sub domains 184 public final static short TARGET_INFORMATION_SUBBLOCK_PARENT_DNS_DOMAIN_NAME_TYPE = 0x0500; 185 }