2004-08-02 23:14:32 +00:00
|
|
|
/* packet-ntlmssp.h
|
|
|
|
* Declarations for NTLM Secure Service Provider
|
|
|
|
* Copyright 2003, Tim Potter <tpot@samba.org>
|
|
|
|
*
|
2006-05-21 04:49:01 +00:00
|
|
|
* Wireshark - Network traffic analyzer
|
|
|
|
* By Gerald Combs <gerald@wireshark.org>
|
2004-08-02 23:14:32 +00:00
|
|
|
* Copyright 1998 Gerald Combs
|
|
|
|
*
|
2018-02-12 11:23:27 +00:00
|
|
|
* SPDX-License-Identifier: GPL-2.0-or-later
|
2004-08-02 23:14:32 +00:00
|
|
|
*/
|
|
|
|
|
|
|
|
#ifndef __PACKET_NTLMSSP_H__
|
|
|
|
#define __PACKET_NTLMSSP_H__
|
|
|
|
|
2012-08-16 17:03:07 +00:00
|
|
|
/* Message types */
|
|
|
|
|
|
|
|
#define NTLMSSP_NEGOTIATE 1
|
|
|
|
#define NTLMSSP_CHALLENGE 2
|
|
|
|
#define NTLMSSP_AUTH 3
|
|
|
|
#define NTLMSSP_UNKNOWN 4
|
|
|
|
|
|
|
|
#define NTLMSSP_KEY_LEN 16
|
|
|
|
|
2020-03-13 11:36:17 +00:00
|
|
|
#define NTLMSSP_MAX_ORIG_LEN 256
|
|
|
|
|
|
|
|
typedef struct _md4_pass {
|
|
|
|
guint8 md4[NTLMSSP_KEY_LEN];
|
|
|
|
char key_origin[NTLMSSP_MAX_ORIG_LEN+1];
|
|
|
|
} md4_pass;
|
|
|
|
|
|
|
|
guint32
|
2021-07-28 19:50:57 +00:00
|
|
|
get_md4pass_list(wmem_allocator_t *pool, md4_pass** p_pass_list);
|
2020-03-13 11:36:17 +00:00
|
|
|
|
2004-08-02 23:14:32 +00:00
|
|
|
/* Dissect a ntlmv2 response */
|
|
|
|
|
|
|
|
int
|
2013-09-05 04:57:33 +00:00
|
|
|
dissect_ntlmv2_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ntlmssp_tree, int offset, int len);
|
2004-08-02 23:14:32 +00:00
|
|
|
|
2005-12-07 13:09:42 +00:00
|
|
|
/* the ntlmssp data passed to tap listeners */
|
|
|
|
typedef struct _ntlmssp_header_t {
|
|
|
|
guint32 type;
|
2019-06-12 19:01:13 +00:00
|
|
|
const guint8 *domain_name;
|
|
|
|
const guint8 *acct_name;
|
|
|
|
const guint8 *host_name;
|
2012-08-16 17:03:07 +00:00
|
|
|
guint8 session_key[NTLMSSP_KEY_LEN];
|
2005-12-07 13:09:42 +00:00
|
|
|
} ntlmssp_header_t;
|
|
|
|
|
2020-03-13 12:53:59 +00:00
|
|
|
#define NTLMSSP_BLOB_MAX_SIZE 10240
|
|
|
|
typedef struct _ntlmssp_blob {
|
|
|
|
guint16 length;
|
|
|
|
guint8* contents;
|
|
|
|
} ntlmssp_blob;
|
|
|
|
|
|
|
|
void
|
|
|
|
ntlmssp_create_session_key(packet_info *pinfo,
|
|
|
|
proto_tree *tree,
|
|
|
|
ntlmssp_header_t *ntlmssph,
|
|
|
|
int flags,
|
|
|
|
const guint8 *server_challenge,
|
|
|
|
const guint8 *encryptedsessionkey,
|
|
|
|
const ntlmssp_blob *ntlm_response,
|
|
|
|
const ntlmssp_blob *lm_response);
|
|
|
|
|
2021-06-20 19:28:36 +00:00
|
|
|
int
|
|
|
|
dissect_ntlmssp_NTLM_REMOTE_SUPPLEMENTAL_CREDENTIAL(tvbuff_t *tvb, int offset, proto_tree *tree);
|
|
|
|
|
2004-08-02 23:14:32 +00:00
|
|
|
#endif
|