Share via

6.3 Appendix A.3: NTLM.IDL

The full syntax of the NTLM message types IDL is as follows:

 import "ms-dtyp.idl";
  
 #include "ms-rdpear_remoteguardcallids.h"
  
 #define MSV1_0_CREDENTIAL_KEY_LENGTH 20
 #define MSV1_0_CHALLENGE_LENGTH 8
 #define MSV1_0_RESPONSE_LENGTH 24
 #define MSV1_0_NTLM3_RESPONSE_LENGTH 16
 #define MSV1_0_USER_SESSION_KEY_LENGTH 16
  
 typedef struct _NT_CHALLENGE{
     UCHAR Data[MSV1_0_CHALLENGE_LENGTH];
 } NT_CHALLENGE, *PNT_CHALLENGE;
  
     typedef struct _NT_RESPONSE{
     UCHAR Data[MSV1_0_RESPONSE_LENGTH];
 } NT_RESPONSE, *PNT_RESPONSE;
  
 typedef struct {
     UCHAR Response[MSV1_0_NTLM3_RESPONSE_LENGTH];
     UCHAR ChallengeFromClient[MSV1_0_CHALLENGE_LENGTH];
 } MSV1_0_LM3_RESPONSE, *PMSV1_0_LM3_RESPONSE;
  
 typedef struct {
     UCHAR Data[MSV1_0_USER_SESSION_KEY_LENGTH];
 } USER_SESSION_KEY, *PUSER_SESSION_KEY;
  
 typedef NT_CHALLENGE LM_SESSION_KEY;
  
 typedef enum _MSV1_0_CREDENTIAL_KEY_TYPE{
     InvalidCredKey,        // reserved 
     IUMCredKey,            // reserved 
     DomainUserCredKey, 
     LocalUserCredKey,      // For internal use only - should never be present in
                            // MSV1_0_REMOTE_ENCRYPTED_SECRETS
     ExternallySuppliedCredKey // reserved
 } MSV1_0_CREDENTIAL_KEY_TYPE;
  
 typedef struct _MSV1_0_CREDENTIAL_KEY {
     UCHAR Data[MSV1_0_CREDENTIAL_KEY_LENGTH];
 } MSV1_0_CREDENTIAL_KEY, *PMSV1_0_CREDENTIAL_KEY;
 
 typedef struct _MSV1_0_REMOTE_ENCRYPTED_SECRETS{
     BOOLEAN reserved1;
     BOOLEAN reserved2;
     BOOLEAN reserved3;
     MSV1_0_CREDENTIAL_KEY_TYPE reserved4;
     MSV1_0_CREDENTIAL_KEY reserved5;
     ULONG reservedSize;
     [size_is(reservedSize)] UCHAR* reserved6;
} MSV1_0_REMOTE_ENCRYPTED_SECRETS, *PMSV1_0_REMOTE_ENCRYPTED_SECRETS;
 
 // Note: in this documentation, "server" refers to the LSA server
 // (which is providing access to credentials) and "client" refers to
 // the LSA client (which is using the credentials provided by the server).
 // This is the opposite of the RDP view.
 typedef struct _NtlmCredIsoRemoteInput
 {
     RemoteGuardCallId CallId;
     [switch_type(RemoteGuardCallId), switch_is(CallId)] union
     {
         // Used to negotiate the protocol version that will be used.
         // Client sends that maximum version it supports; server replies
         // with the version that will actually be used.
         [case(RemoteCallNtlmNegotiateVersion)] struct
         {
             ULONG MaxSupportedVersion;
         } NegotiateVersion;
  
         // Use the provided credential and challenge to generate the 
         // NT and LM response for the NTLM v2 authentication protocol.
         [case(RemoteCallNtlmLm20GetNtlm3ChallengeResponse)] struct
         {
             PMSV1_0_REMOTE_ENCRYPTED_SECRETS Credential;
             PRPC_UNICODE_STRING UserName;
             PRPC_UNICODE_STRING LogonDomainName;
             PRPC_UNICODE_STRING ServerName;
             UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH];
         } Lm20GetNtlm3ChallengeResponse;
  
         // Use the provided credential to calculate a response 
         // to this challenge according to the NTLM v1 protocol.
         [case(RemoteCallNtlmCalculateNtResponse)] struct
         {
             PNT_CHALLENGE NtChallenge;
             PMSV1_0_REMOTE_ENCRYPTED_SECRETS Credential;
         } CalculateNtResponse;
  
         // Use the provided credential and response to calculate
         // a session key according to the NTLM v1 protocol.
         [case(RemoteCallNtlmCalculateUserSessionKeyNt)] struct
         {
             PNT_RESPONSE NtResponse;
             PMSV1_0_REMOTE_ENCRYPTED_SECRETS Credential;
         } CalculateUserSessionKeyNt;
  
         // Compare the provided credentials to determine whether
         // they're identical.
         [case(RemoteCallNtlmCompareCredentials)] struct
         {
             PMSV1_0_REMOTE_ENCRYPTED_SECRETS LhsCredential;
             PMSV1_0_REMOTE_ENCRYPTED_SECRETS RhsCredential;
         } CompareCredentials;
     };
 } NtlmCredIsoRemoteInput, *PNtlmCredIsoRemoteInput;
  
 typedef struct _NtlmCredIsoRemoteOutput
 {
     RemoteGuardCallId CallId;
     NTSTATUS Status;
     [switch_type(RemoteGuardCallId), switch_is(CallId)] union
     {
         [case(RemoteCallNtlmNegotiateVersion)] struct
         {
             ULONG VersionToUse;
         } NegotiateVersion;
 
         [case(RemoteCallNtlmLm20GetNtlm3ChallengeResponse)] struct
         {
             USHORT Ntlm3ResponseLength;
             [size_is(Ntlm3ResponseLength)] BYTE *Ntlm3Response;
             MSV1_0_LM3_RESPONSE Lm3Response;
             USER_SESSION_KEY UserSessionKey;
             LM_SESSION_KEY LmSessionKey;
         } Lm20GetNtlm3ChallengeResponse;
  
         [case(RemoteCallNtlmCalculateNtResponse)] struct
         {
             NT_RESPONSE NtResponse;
         } CalculateNtResponse;
  
         [case(RemoteCallNtlmCalculateUserSessionKeyNt)] struct
         {
             USER_SESSION_KEY UserSessionKey;
         } CalculateUserSessionKeyNt;
  
         [case(RemoteCallNtlmCompareCredentials)] struct
         {
             BOOL AreNtOwfsEqual;
             BOOL AreLmOwfsEqual;
             BOOL AreShaOwfsEqual;
         } CompareCredentials;
     };
 } NtlmCredIsoRemoteOutput, *PNtlmCredIsoRemoteOutput;