Wireshark  4.3.0
The Wireshark network protocol analyzer
packet-ntlmssp.h
1 /* packet-ntlmssp.h
2  * Declarations for NTLM Secure Service Provider
3  * Copyright 2003, Tim Potter <tpot@samba.org>
4  *
5  * Wireshark - Network traffic analyzer
6  * By Gerald Combs <gerald@wireshark.org>
7  * Copyright 1998 Gerald Combs
8  *
9  * SPDX-License-Identifier: GPL-2.0-or-later
10  */
11 
12 #ifndef __PACKET_NTLMSSP_H__
13 #define __PACKET_NTLMSSP_H__
14 
15 /* Message types */
16 
17 #define NTLMSSP_NEGOTIATE 1
18 #define NTLMSSP_CHALLENGE 2
19 #define NTLMSSP_AUTH 3
20 #define NTLMSSP_UNKNOWN 4
21 
22 #define NTLMSSP_KEY_LEN 16
23 
24 #define NTLMSSP_MAX_ORIG_LEN 256
25 
26 typedef struct _md4_pass {
27  guint8 md4[NTLMSSP_KEY_LEN];
28  char key_origin[NTLMSSP_MAX_ORIG_LEN+1];
29 } md4_pass;
30 
31 guint32
32 get_md4pass_list(wmem_allocator_t *pool, md4_pass** p_pass_list);
33 
34 /* Dissect a ntlmv2 response */
35 
36 int
37 dissect_ntlmv2_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ntlmssp_tree, int offset, int len);
38 
39 /* the ntlmssp data passed to tap listeners */
40 typedef struct _ntlmssp_header_t {
41  guint32 type;
42  const guint8 *domain_name;
43  const guint8 *acct_name;
44  const guint8 *host_name;
45  guint8 session_key[NTLMSSP_KEY_LEN];
47 
48 #define NTLMSSP_BLOB_MAX_SIZE 10240
49 typedef struct _ntlmssp_blob {
50  guint16 length;
51  guint8* contents;
52 } ntlmssp_blob;
53 
54 void
55 ntlmssp_create_session_key(packet_info *pinfo,
56  proto_tree *tree,
57  ntlmssp_header_t *ntlmssph,
58  int flags,
59  const guint8 *server_challenge,
60  const guint8 *encryptedsessionkey,
61  const ntlmssp_blob *ntlm_response,
62  const ntlmssp_blob *lm_response);
63 
64 int
65 dissect_ntlmssp_NTLM_REMOTE_SUPPLEMENTAL_CREDENTIAL(tvbuff_t *tvb, int offset, proto_tree *tree);
66 
67 #endif
Definition: packet-ntlmssp.h:26
Definition: packet-ntlmssp.h:49
Definition: packet-ntlmssp.h:40
Definition: packet_info.h:44
Definition: proto.h:904
Definition: wmem_allocator.h:27
Definition: tvbuff-int.h:35