* NTLM authentication support with the ntlm library, in Unix systems.

     Based on code provided by Maciej W. Rozycki.

7 files changed, 146 insertions, 5 deletions

diff --git a/imap/src/c-client/auth_ntl.c b/imap/src/c-client/auth_ntl.c
new file mode 100644
index 00000000..0afe99fc
--- /dev/null
+++ b/imap/src/c-client/auth_ntl.c
@@ -0,0 +1,112 @@
+/* ========================================================================
+ * Copyright 1988-2008 University of Washington
+ * Copyright 2015      Imagination Technologies
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *
+ * ========================================================================
+ */
+
+/*
+ * Program:	NT LAN Manager authenticator
+ *
+ * Author:	Maciej W. Rozycki
+ *
+ * Date:	25 January 2015
+ * Last Edited:	25 January 2015
+ */
+
+#include <ntlm.h>
+
+long auth_ntlm_client (authchallenge_t challenger,authrespond_t responder,
+			char *service,NETMBX *mb,void *stream,
+			unsigned long *trial,char *user);
+
+AUTHENTICATOR auth_ntl = {	/* secure, has full auth, hidden */
+  AU_SECURE | AU_AUTHUSER | AU_HIDE,
+  "NTLM",			/* authenticator name */
+  NIL,				/* always valid */
+  auth_ntlm_client,		/* client method */
+  NIL,				/* no server method */
+  NIL				/* next authenticator */
+};
+
+/* Client authenticator
+ * Accepts: challenger function
+ *	    responder function
+ *	    SASL service name
+ *	    parsed network mailbox structure
+ *	    stream argument for functions
+ *	    pointer to current trial count
+ *	    returned user name
+ * Returns: T if success, NIL otherwise, number of trials incremented if retry
+ */
+
+long auth_ntlm_client (authchallenge_t challenger, authrespond_t responder,
+		       char *service, NETMBX *mb, void *stream,
+		       unsigned long *trial, char *user)
+{
+  tSmbNtlmAuthChallenge *challenge;
+  tSmbNtlmAuthResponse response;
+  tSmbNtlmAuthRequest request;
+  char tbuf[MAILTMPLEN];
+  char ubuf[MAILTMPLEN];
+  char pass[MAILTMPLEN];
+  unsigned long clen;
+  unsigned long ulen;
+  unsigned long dlen;
+  long ret = NIL;
+  char *sep;
+
+				/* get initial (empty) challenge */
+  if (challenge = (*challenger) (stream, &clen)) {
+    fs_give ((void **) &challenge);
+    pass[0] = NIL;		/* prompt user */
+    mm_login (mb, user, pass, *trial);
+    if (!pass[0]) {		/* user requested abort */
+      (*responder) (stream, NIL, 0);
+      *trial = 0;		/* cancel subsequent attempts */
+      ret = LONGT;		/* will get a BAD response back */
+    } else {
+				/* translate domain\user to user@domain */
+				/* otherwise buildSmbNtlmAuthResponse */
+				/* will override the domain requested with */
+				/* one returned by the challenge message */
+      sep = strchr (user, '\\');
+      if (*sep) {
+	dlen = sep - user;
+	ulen = strlen (sep + 1);
+	memcpy (ubuf, sep + 1, ulen);
+	ubuf[ulen] = '@';
+	memcpy (ubuf + ulen + 1, user, dlen);
+	ubuf[ulen + dlen + 1] = '\0';
+	user = ubuf;
+      }
+      buildSmbNtlmAuthRequest (&request, user, NULL);
+				/* send a negotiate message */
+      if ((*responder) (stream, (void *) &request, SmbLength (&request)) &&
+	  (challenge = (*challenger) (stream, &clen))) {
+				/* interpret the challenge message */
+	buildSmbNtlmAuthResponse (challenge, &response, user, pass);
+        fs_give ((void **) &challenge);
+				/* send a response message */
+	if ((*responder) (stream, (void *) &response, SmbLength (&response))) {
+	  if (challenge = (*challenger) (stream, &clen))
+	    fs_give ((void **) &challenge);
+	  else {
+	    ++*trial;		/* can try again if necessary */
+	    ret = LONGT;	/* check the authentication */
+	  }
+	}
+      }
+    }
+  }
+  memset (pass,0,MAILTMPLEN);	/* erase password */
+  if (!ret) *trial = 65535;	/* don't retry if bad protocol */
+  return ret;
+}
diff --git a/imap/src/osdep/amiga/Makefile b/imap/src/osdep/amiga/Makefile
index 1f08e97e..60458e61 100644
--- a/imap/src/osdep/amiga/Makefile
+++ b/imap/src/osdep/amiga/Makefile
@@ -187,7 +187,7 @@ osdep.o:mail.h misc.h env.h fs.h ftl.h nl.h tcp.h \
 	osdep.c env_ami.c fs_ami.c ftl_ami.c nl_ami.c tcp_ami.c \
 	auths.c gethstid.c \
 	gr_waitp.c \
-	auth_log.c auth_md5.c auth_pla.c \
+	auth_log.c auth_md5.c auth_ntl.c auth_pla.c \
 	pmatch.c scandir.c \
 	tz_bsd.c \
 	write.c \
diff --git a/imap/src/osdep/nt/makefile.nt b/imap/src/osdep/nt/makefile.nt
index 0ea96e5a..a30dfc40 100644
--- a/imap/src/osdep/nt/makefile.nt
+++ b/imap/src/osdep/nt/makefile.nt
@@ -84,7 +84,7 @@ smtp.obj: mail.h smtp.h rfc822.h misc.h osdep.h smtp.c
 os_nt.obj: mail.h osdep.h env_nt.h fs.h ftl.h nl.h tcp.h tcp_nt.h yunchan.h \
 	os_nt.c fs_nt.c ftl_nt.c nl_nt.c env_nt.c ssl_nt.c ssl_none.c \
 	ip_nt.c tcp_nt.c yunchan.c pmatch.c write.c \
-	mailfile.h auth_md5.c auth_pla.c auth_log.c
+	mailfile.h auth_md5.c auth_ntl.c auth_pla.c auth_log.c
 
 mbxnt.obj: mail.h misc.h osdep.h mbxnt.c
 
diff --git a/imap/src/osdep/nt/makefile.ntk b/imap/src/osdep/nt/makefile.ntk
index e383e0f8..507d7541 100644
--- a/imap/src/osdep/nt/makefile.ntk
+++ b/imap/src/osdep/nt/makefile.ntk
@@ -84,7 +84,8 @@ smtp.obj: mail.h smtp.h rfc822.h misc.h osdep.h smtp.c
 os_ntk.obj: mail.h osdep.h env_nt.h fs.h ftl.h nl.h tcp.h tcp_nt.h yunchan.h \
 	os_ntk.c fs_nt.c ftl_nt.c nl_nt.c env_nt.c ssl_nt.c ssl_none.c \
 	ip_nt.c tcp_nt.c yunchan.c pmatch.c write.c \
-	mailfile.h auth_gss.c auth_md5.c auth_pla.c auth_log.c kerb_mit.c
+	mailfile.h auth_gss.c auth_md5.c auth_ntl.c auth_pla.c auth_log.c \
+	kerb_mit.c
 
 mbxnt.obj: mail.h misc.h osdep.h mbxnt.c
 
diff --git a/imap/src/osdep/nt/makefile.w2k b/imap/src/osdep/nt/makefile.w2k
index a3d62ad6..a58f0274 100644
--- a/imap/src/osdep/nt/makefile.w2k
+++ b/imap/src/osdep/nt/makefile.w2k
@@ -85,7 +85,8 @@ smtp.obj: mail.h smtp.h rfc822.h misc.h osdep.h smtp.c
 os_w2k.obj: mail.h osdep.h env_nt.h fs.h ftl.h nl.h tcp.h tcp_nt.h yunchan.h \
 	os_w2k.c fs_nt.c ftl_nt.c nl_nt.c env_nt.c ssl_w2k.c ssl_none.c \
 	ip_nt.c tcp_nt.c yunchan.c pmatch.c write.c \
-	mailfile.h auth_gss.c auth_md5.c auth_pla.c auth_log.c kerb_w2k.c
+	mailfile.h auth_gss.c auth_md5.c auth_ntl.c auth_pla.c auth_log.c \
+	kerb_w2k.c
 
 mbxnt.obj: mail.h misc.h osdep.h mbxnt.c
 
diff --git a/imap/src/osdep/unix/Makefile b/imap/src/osdep/unix/Makefile
index 14975c82..8d740bb4 100644
--- a/imap/src/osdep/unix/Makefile
+++ b/imap/src/osdep/unix/Makefile
@@ -922,7 +922,7 @@ osdep.o:mail.h misc.h env.h fs.h ftl.h nl.h tcp.h \
 	gethstid.c getspnam.c \
 	gr_wait.c gr_wait4.c gr_waitp.c \
 	kerb_mit.c \
-	auth_ext.c auth_gss.c auth_log.c auth_md5.c auth_pla.c \
+	auth_ext.c auth_gss.c auth_log.c auth_md5.c auth_ntl.c auth_pla.c \
 	pmatch.c scandir.c setpgrp.c strerror.c truncate.c write.c \
 	memmove.c memmove2.c memset.c \
 	tz_bsd.c tz_nul.c tz_sv4.c \
diff --git a/imap/src/osdep/unix/Makefile.ntl b/imap/src/osdep/unix/Makefile.ntl
new file mode 100644
index 00000000..2ffa78ff
--- /dev/null
+++ b/imap/src/osdep/unix/Makefile.ntl
@@ -0,0 +1,27 @@
+# ========================================================================
+# Copyright 1988-2007 University of Washington
+# Copyright 2015      Imagination Technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+#
+# ========================================================================
+
+# Program:	NTLM makefile
+#
+# Author:	Maciej W. Rozycki
+#
+# Date:		25 January 2015
+# Last Edited:	25 January 2015
+
+
+# Extended flags needed for additional authenticators.  You may need to modify.
+
+NTLMLDFLAGS= -lntlm
+
+ntl:	# NTLM flags
+	echo $(NTLMLDFLAGS) >> LDFLAGS