summaryrefslogtreecommitdiff
path: root/imap/src
diff options
context:
space:
mode:
authorEduardo Chappa <chappa@washington.edu>2017-09-29 23:51:00 -0600
committerEduardo Chappa <chappa@washington.edu>2017-09-29 23:51:00 -0600
commit4681adf1bb1d0a1313706d7d96a3ef930ebe5fd9 (patch)
treea0d1bfd05325921860e7578a54b7b4afb3112262 /imap/src
parent4ef47e8fa6934d003434f3a37875d0abb98636d8 (diff)
downloadalpine-4681adf1bb1d0a1313706d7d96a3ef930ebe5fd9.tar.xz
* NTLM authentication support with the ntlm library, in Unix systems.
Based on code provided by Maciej W. Rozycki.
Diffstat (limited to 'imap/src')
-rw-r--r--imap/src/c-client/auth_ntl.c112
-rw-r--r--imap/src/osdep/amiga/Makefile2
-rw-r--r--imap/src/osdep/nt/makefile.nt2
-rw-r--r--imap/src/osdep/nt/makefile.ntk3
-rw-r--r--imap/src/osdep/nt/makefile.w2k3
-rw-r--r--imap/src/osdep/unix/Makefile2
-rw-r--r--imap/src/osdep/unix/Makefile.ntl27
7 files changed, 146 insertions, 5 deletions
diff --git a/imap/src/c-client/auth_ntl.c b/imap/src/c-client/auth_ntl.c
new file mode 100644
index 00000000..0afe99fc
--- /dev/null
+++ b/imap/src/c-client/auth_ntl.c
@@ -0,0 +1,112 @@
+/* ========================================================================
+ * Copyright 1988-2008 University of Washington
+ * Copyright 2015 Imagination Technologies
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *
+ * ========================================================================
+ */
+
+/*
+ * Program: NT LAN Manager authenticator
+ *
+ * Author: Maciej W. Rozycki
+ *
+ * Date: 25 January 2015
+ * Last Edited: 25 January 2015
+ */
+
+#include <ntlm.h>
+
+long auth_ntlm_client (authchallenge_t challenger,authrespond_t responder,
+ char *service,NETMBX *mb,void *stream,
+ unsigned long *trial,char *user);
+
+AUTHENTICATOR auth_ntl = { /* secure, has full auth, hidden */
+ AU_SECURE | AU_AUTHUSER | AU_HIDE,
+ "NTLM", /* authenticator name */
+ NIL, /* always valid */
+ auth_ntlm_client, /* client method */
+ NIL, /* no server method */
+ NIL /* next authenticator */
+};
+
+/* Client authenticator
+ * Accepts: challenger function
+ * responder function
+ * SASL service name
+ * parsed network mailbox structure
+ * stream argument for functions
+ * pointer to current trial count
+ * returned user name
+ * Returns: T if success, NIL otherwise, number of trials incremented if retry
+ */
+
+long auth_ntlm_client (authchallenge_t challenger, authrespond_t responder,
+ char *service, NETMBX *mb, void *stream,
+ unsigned long *trial, char *user)
+{
+ tSmbNtlmAuthChallenge *challenge;
+ tSmbNtlmAuthResponse response;
+ tSmbNtlmAuthRequest request;
+ char tbuf[MAILTMPLEN];
+ char ubuf[MAILTMPLEN];
+ char pass[MAILTMPLEN];
+ unsigned long clen;
+ unsigned long ulen;
+ unsigned long dlen;
+ long ret = NIL;
+ char *sep;
+
+ /* get initial (empty) challenge */
+ if (challenge = (*challenger) (stream, &clen)) {
+ fs_give ((void **) &challenge);
+ pass[0] = NIL; /* prompt user */
+ mm_login (mb, user, pass, *trial);
+ if (!pass[0]) { /* user requested abort */
+ (*responder) (stream, NIL, 0);
+ *trial = 0; /* cancel subsequent attempts */
+ ret = LONGT; /* will get a BAD response back */
+ } else {
+ /* translate domain\user to user@domain */
+ /* otherwise buildSmbNtlmAuthResponse */
+ /* will override the domain requested with */
+ /* one returned by the challenge message */
+ sep = strchr (user, '\\');
+ if (*sep) {
+ dlen = sep - user;
+ ulen = strlen (sep + 1);
+ memcpy (ubuf, sep + 1, ulen);
+ ubuf[ulen] = '@';
+ memcpy (ubuf + ulen + 1, user, dlen);
+ ubuf[ulen + dlen + 1] = '\0';
+ user = ubuf;
+ }
+ buildSmbNtlmAuthRequest (&request, user, NULL);
+ /* send a negotiate message */
+ if ((*responder) (stream, (void *) &request, SmbLength (&request)) &&
+ (challenge = (*challenger) (stream, &clen))) {
+ /* interpret the challenge message */
+ buildSmbNtlmAuthResponse (challenge, &response, user, pass);
+ fs_give ((void **) &challenge);
+ /* send a response message */
+ if ((*responder) (stream, (void *) &response, SmbLength (&response))) {
+ if (challenge = (*challenger) (stream, &clen))
+ fs_give ((void **) &challenge);
+ else {
+ ++*trial; /* can try again if necessary */
+ ret = LONGT; /* check the authentication */
+ }
+ }
+ }
+ }
+ }
+ memset (pass,0,MAILTMPLEN); /* erase password */
+ if (!ret) *trial = 65535; /* don't retry if bad protocol */
+ return ret;
+}
diff --git a/imap/src/osdep/amiga/Makefile b/imap/src/osdep/amiga/Makefile
index 1f08e97e..60458e61 100644
--- a/imap/src/osdep/amiga/Makefile
+++ b/imap/src/osdep/amiga/Makefile
@@ -187,7 +187,7 @@ osdep.o:mail.h misc.h env.h fs.h ftl.h nl.h tcp.h \
osdep.c env_ami.c fs_ami.c ftl_ami.c nl_ami.c tcp_ami.c \
auths.c gethstid.c \
gr_waitp.c \
- auth_log.c auth_md5.c auth_pla.c \
+ auth_log.c auth_md5.c auth_ntl.c auth_pla.c \
pmatch.c scandir.c \
tz_bsd.c \
write.c \
diff --git a/imap/src/osdep/nt/makefile.nt b/imap/src/osdep/nt/makefile.nt
index 0ea96e5a..a30dfc40 100644
--- a/imap/src/osdep/nt/makefile.nt
+++ b/imap/src/osdep/nt/makefile.nt
@@ -84,7 +84,7 @@ smtp.obj: mail.h smtp.h rfc822.h misc.h osdep.h smtp.c
os_nt.obj: mail.h osdep.h env_nt.h fs.h ftl.h nl.h tcp.h tcp_nt.h yunchan.h \
os_nt.c fs_nt.c ftl_nt.c nl_nt.c env_nt.c ssl_nt.c ssl_none.c \
ip_nt.c tcp_nt.c yunchan.c pmatch.c write.c \
- mailfile.h auth_md5.c auth_pla.c auth_log.c
+ mailfile.h auth_md5.c auth_ntl.c auth_pla.c auth_log.c
mbxnt.obj: mail.h misc.h osdep.h mbxnt.c
diff --git a/imap/src/osdep/nt/makefile.ntk b/imap/src/osdep/nt/makefile.ntk
index e383e0f8..507d7541 100644
--- a/imap/src/osdep/nt/makefile.ntk
+++ b/imap/src/osdep/nt/makefile.ntk
@@ -84,7 +84,8 @@ smtp.obj: mail.h smtp.h rfc822.h misc.h osdep.h smtp.c
os_ntk.obj: mail.h osdep.h env_nt.h fs.h ftl.h nl.h tcp.h tcp_nt.h yunchan.h \
os_ntk.c fs_nt.c ftl_nt.c nl_nt.c env_nt.c ssl_nt.c ssl_none.c \
ip_nt.c tcp_nt.c yunchan.c pmatch.c write.c \
- mailfile.h auth_gss.c auth_md5.c auth_pla.c auth_log.c kerb_mit.c
+ mailfile.h auth_gss.c auth_md5.c auth_ntl.c auth_pla.c auth_log.c \
+ kerb_mit.c
mbxnt.obj: mail.h misc.h osdep.h mbxnt.c
diff --git a/imap/src/osdep/nt/makefile.w2k b/imap/src/osdep/nt/makefile.w2k
index a3d62ad6..a58f0274 100644
--- a/imap/src/osdep/nt/makefile.w2k
+++ b/imap/src/osdep/nt/makefile.w2k
@@ -85,7 +85,8 @@ smtp.obj: mail.h smtp.h rfc822.h misc.h osdep.h smtp.c
os_w2k.obj: mail.h osdep.h env_nt.h fs.h ftl.h nl.h tcp.h tcp_nt.h yunchan.h \
os_w2k.c fs_nt.c ftl_nt.c nl_nt.c env_nt.c ssl_w2k.c ssl_none.c \
ip_nt.c tcp_nt.c yunchan.c pmatch.c write.c \
- mailfile.h auth_gss.c auth_md5.c auth_pla.c auth_log.c kerb_w2k.c
+ mailfile.h auth_gss.c auth_md5.c auth_ntl.c auth_pla.c auth_log.c \
+ kerb_w2k.c
mbxnt.obj: mail.h misc.h osdep.h mbxnt.c
diff --git a/imap/src/osdep/unix/Makefile b/imap/src/osdep/unix/Makefile
index 14975c82..8d740bb4 100644
--- a/imap/src/osdep/unix/Makefile
+++ b/imap/src/osdep/unix/Makefile
@@ -922,7 +922,7 @@ osdep.o:mail.h misc.h env.h fs.h ftl.h nl.h tcp.h \
gethstid.c getspnam.c \
gr_wait.c gr_wait4.c gr_waitp.c \
kerb_mit.c \
- auth_ext.c auth_gss.c auth_log.c auth_md5.c auth_pla.c \
+ auth_ext.c auth_gss.c auth_log.c auth_md5.c auth_ntl.c auth_pla.c \
pmatch.c scandir.c setpgrp.c strerror.c truncate.c write.c \
memmove.c memmove2.c memset.c \
tz_bsd.c tz_nul.c tz_sv4.c \
diff --git a/imap/src/osdep/unix/Makefile.ntl b/imap/src/osdep/unix/Makefile.ntl
new file mode 100644
index 00000000..2ffa78ff
--- /dev/null
+++ b/imap/src/osdep/unix/Makefile.ntl
@@ -0,0 +1,27 @@
+# ========================================================================
+# Copyright 1988-2007 University of Washington
+# Copyright 2015 Imagination Technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+#
+# ========================================================================
+
+# Program: NTLM makefile
+#
+# Author: Maciej W. Rozycki
+#
+# Date: 25 January 2015
+# Last Edited: 25 January 2015
+
+
+# Extended flags needed for additional authenticators. You may need to modify.
+
+NTLMLDFLAGS= -lntlm
+
+ntl: # NTLM flags
+ echo $(NTLMLDFLAGS) >> LDFLAGS