Authentication

Modules
	Encryption Algorithms
	Security Mechanisms
	Security Password Type

Data Structures
struct	AMDomainA
struct	AMDomain
struct	AMCredentialsA
struct	AMCredentials

Macros
#define	AM_MAXSECURITYLEVEL   4

Functions
NQ_BOOL	amStart (void)
void	amShutdown (void)
void	amClientDefineLevel (NQ_UINT level, NQ_UINT crypter1, NQ_UINT crypter2, NQ_UINT32 mehanisms)
void	amSetNonSecureAuthentication (NQ_BOOL enableNonSecureAuthentication)
void	amCredentialsAsciiiToW (AMCredentials *to, const AMCredentialsA *from)
void	amCredentialsInit (AMCredentials *creds, const NQ_WCHAR *domain, const NQ_WCHAR *user, const NQ_WCHAR *password, NQ_UINT type)
void	amCredentialsInitA (AMCredentialsA *creds, const NQ_CHAR *domain, const NQ_CHAR *user, const NQ_CHAR *password, NQ_UINT type)

Detailed Description

Macro Definition Documentation

#define AM_MAXSECURITYLEVEL   4

Maximum security level. Security levels are counted from zero to this value. Used by amClientDefineLevel()

Function Documentation

NQ_BOOL amStart

(

void

)

This function initializes this module.

Returns

TRUE on success and FALSE on failure.

void amShutdown

(

void

)

This function disposes resources used by this module.

void amClientDefineLevel	(	NQ_UINT	level,
		NQ_UINT	crypter1,
		NQ_UINT	crypter2,
		NQ_UINT32	mehanisms
	)

NQ Authentication module conveys authentication according to the required level of security.

This function assigns parameters for one authentication level:

• NQ combines two encryption algorithms in one authentication blob. User can choose between LM, NTLM and NTLMv2 encryptions.
• User can choose security mechanisms for extended security negotiations. Currently, the available mechanisms are: NTLMSSP and Kerberos.

Parameters

level	Authentication level to define. This value should be greater or equal to zero and it should not exceed the maximum security level as defined in AM_MAXSECURITYLEVEL. An illegal value will have no effect.
crypter1	The first encryption algorithm. Available values are: AM_CRYPTER_LM AM_CRYPTER_NTLM AM_CRYPTER_LM2 AM_CRYPTER_NTLM2 AM_CRYPTER_NONE
crypter2	The second encryption algorithm. Available values are: AM_CRYPTER_LM AM_CRYPTER_NTLM AM_CRYPTER_LM2 AM_CRYPTER_NTLM2 AM_CRYPTER_NONE
mehanisms	Available security mechanisms. This value is a bit mask of the following: AM_MECH_KERBEROS AM_MECH_NTLMSSP User can specify one of those masks, both or none. When two masks are specified, Kerberos is considered first.

Note

• Level parameters are assigned globally so that two concurrent applications using the same level are sharing the same parameters. If one of them assigns new parameters this also affects the second one.
• This function is not thread-safe.
• The default per-level parameters are:

Level	Crypter 1	Crypter 2	NTLMSSP	KERBEROS
0	LM	none	-	-
1	LM	NTLM	-	-
2	LM	NTLM	Yes	Yes
3	LMv2	NTLMv2	Yes	-
4	LMv2	NTLMv2	Yes	Yes

void amSetNonSecureAuthentication

(

NQ_BOOL

enableNonSecureAuthentication

)

Some old authentication methods - used in SMB 1 only - are considered today non secure. By default those non secure methods will be disabled. Use this function to enable / disable non secure methods.

Parameters

enableNonSecureAuthentication

TRUE - non secure authentication will be used. FALSE - non secure authentication will not be used.

Note

• This function uses amClientDefineLevel() to set authentication algorithms. The amClientDefineLevel() call can be used to further modify the levels set by this function.
• See also notes in amClientDefineLevel().

void amCredentialsAsciiiToW	(	AMCredentials *	to,
		const AMCredentialsA *	from
	)

Copy and convert the ASCII credentials struct to a Unicode credentials struct.

Parameters

to	A Unicode credentials struct
from	An ASCII credentials struct

void amCredentialsInit	(	AMCredentials *	creds,
		const NQ_WCHAR *	domain,
		const NQ_WCHAR *	user,
		const NQ_WCHAR *	password,
		NQ_UINT	type
	)

Init UNICODE credentials.

Parameters

creds	A pointer to a Unicode credentials struct to initialize.
domain	A Unicode format domain name.
user	A Unicode format username.
password	A Unicode format password
type	password type, available values are: AM_CREDENTIALS_PASSWORD_PLAINTEXT AM_CREDENTIALS_PASSWORD_MD4

Note

In order to use anonymous credentials pass empty strings to amCredentialsInit(): amCredentialsInit(credentials, "", "", "", 0). In order to use anonymous credentials with password pass empty strings and password to amCredentialsInit(): amCredentialsInit(credentials, "", "", passwordString, 0).

void amCredentialsInitA	(	AMCredentialsA *	creds,
		const NQ_CHAR *	domain,
		const NQ_CHAR *	user,
		const NQ_CHAR *	password,
		NQ_UINT	type
	)

Init ASCII credentials.

Parameters

creds	A pointer to a ASCII credentials struct to initialize.
domain	An ASCII format domain name.
user	An ASCII format username.
password	An ASCII format password
type	password type, available values are: AM_CREDENTIALS_PASSWORD_PLAINTEXT AM_CREDENTIALS_PASSWORD_MD4

Note

In order to use anonymous credentials pass empty strings to amCredentialsInitA(): amCredentialsInitA(credentials, "", "", "", 0). In order to use anonymous credentials with password pass empty strings and password to amCredentialsInitA(): amCredentialsInitA(credentials, "", "", passwordString, 0).