From 4681adf1bb1d0a1313706d7d96a3ef930ebe5fd9 Mon Sep 17 00:00:00 2001 From: Eduardo Chappa Date: Fri, 29 Sep 2017 23:51:00 -0600 Subject: * NTLM authentication support with the ntlm library, in Unix systems. Based on code provided by Maciej W. Rozycki. --- imap/src/c-client/auth_ntl.c | 112 +++++++++++++++++++++++++++++++++++++++ imap/src/osdep/amiga/Makefile | 2 +- imap/src/osdep/nt/makefile.nt | 2 +- imap/src/osdep/nt/makefile.ntk | 3 +- imap/src/osdep/nt/makefile.w2k | 3 +- imap/src/osdep/unix/Makefile | 2 +- imap/src/osdep/unix/Makefile.ntl | 27 ++++++++++ 7 files changed, 146 insertions(+), 5 deletions(-) create mode 100644 imap/src/c-client/auth_ntl.c create mode 100644 imap/src/osdep/unix/Makefile.ntl (limited to 'imap/src') diff --git a/imap/src/c-client/auth_ntl.c b/imap/src/c-client/auth_ntl.c new file mode 100644 index 00000000..0afe99fc --- /dev/null +++ b/imap/src/c-client/auth_ntl.c @@ -0,0 +1,112 @@ +/* ======================================================================== + * Copyright 1988-2008 University of Washington + * Copyright 2015 Imagination Technologies + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * + * ======================================================================== + */ + +/* + * Program: NT LAN Manager authenticator + * + * Author: Maciej W. Rozycki + * + * Date: 25 January 2015 + * Last Edited: 25 January 2015 + */ + +#include + +long auth_ntlm_client (authchallenge_t challenger,authrespond_t responder, + char *service,NETMBX *mb,void *stream, + unsigned long *trial,char *user); + +AUTHENTICATOR auth_ntl = { /* secure, has full auth, hidden */ + AU_SECURE | AU_AUTHUSER | AU_HIDE, + "NTLM", /* authenticator name */ + NIL, /* always valid */ + auth_ntlm_client, /* client method */ + NIL, /* no server method */ + NIL /* next authenticator */ +}; + +/* Client authenticator + * Accepts: challenger function + * responder function + * SASL service name + * parsed network mailbox structure + * stream argument for functions + * pointer to current trial count + * returned user name + * Returns: T if success, NIL otherwise, number of trials incremented if retry + */ + +long auth_ntlm_client (authchallenge_t challenger, authrespond_t responder, + char *service, NETMBX *mb, void *stream, + unsigned long *trial, char *user) +{ + tSmbNtlmAuthChallenge *challenge; + tSmbNtlmAuthResponse response; + tSmbNtlmAuthRequest request; + char tbuf[MAILTMPLEN]; + char ubuf[MAILTMPLEN]; + char pass[MAILTMPLEN]; + unsigned long clen; + unsigned long ulen; + unsigned long dlen; + long ret = NIL; + char *sep; + + /* get initial (empty) challenge */ + if (challenge = (*challenger) (stream, &clen)) { + fs_give ((void **) &challenge); + pass[0] = NIL; /* prompt user */ + mm_login (mb, user, pass, *trial); + if (!pass[0]) { /* user requested abort */ + (*responder) (stream, NIL, 0); + *trial = 0; /* cancel subsequent attempts */ + ret = LONGT; /* will get a BAD response back */ + } else { + /* translate domain\user to user@domain */ + /* otherwise buildSmbNtlmAuthResponse */ + /* will override the domain requested with */ + /* one returned by the challenge message */ + sep = strchr (user, '\\'); + if (*sep) { + dlen = sep - user; + ulen = strlen (sep + 1); + memcpy (ubuf, sep + 1, ulen); + ubuf[ulen] = '@'; + memcpy (ubuf + ulen + 1, user, dlen); + ubuf[ulen + dlen + 1] = '\0'; + user = ubuf; + } + buildSmbNtlmAuthRequest (&request, user, NULL); + /* send a negotiate message */ + if ((*responder) (stream, (void *) &request, SmbLength (&request)) && + (challenge = (*challenger) (stream, &clen))) { + /* interpret the challenge message */ + buildSmbNtlmAuthResponse (challenge, &response, user, pass); + fs_give ((void **) &challenge); + /* send a response message */ + if ((*responder) (stream, (void *) &response, SmbLength (&response))) { + if (challenge = (*challenger) (stream, &clen)) + fs_give ((void **) &challenge); + else { + ++*trial; /* can try again if necessary */ + ret = LONGT; /* check the authentication */ + } + } + } + } + } + memset (pass,0,MAILTMPLEN); /* erase password */ + if (!ret) *trial = 65535; /* don't retry if bad protocol */ + return ret; +} diff --git a/imap/src/osdep/amiga/Makefile b/imap/src/osdep/amiga/Makefile index 1f08e97e..60458e61 100644 --- a/imap/src/osdep/amiga/Makefile +++ b/imap/src/osdep/amiga/Makefile @@ -187,7 +187,7 @@ osdep.o:mail.h misc.h env.h fs.h ftl.h nl.h tcp.h \ osdep.c env_ami.c fs_ami.c ftl_ami.c nl_ami.c tcp_ami.c \ auths.c gethstid.c \ gr_waitp.c \ - auth_log.c auth_md5.c auth_pla.c \ + auth_log.c auth_md5.c auth_ntl.c auth_pla.c \ pmatch.c scandir.c \ tz_bsd.c \ write.c \ diff --git a/imap/src/osdep/nt/makefile.nt b/imap/src/osdep/nt/makefile.nt index 0ea96e5a..a30dfc40 100644 --- a/imap/src/osdep/nt/makefile.nt +++ b/imap/src/osdep/nt/makefile.nt @@ -84,7 +84,7 @@ smtp.obj: mail.h smtp.h rfc822.h misc.h osdep.h smtp.c os_nt.obj: mail.h osdep.h env_nt.h fs.h ftl.h nl.h tcp.h tcp_nt.h yunchan.h \ os_nt.c fs_nt.c ftl_nt.c nl_nt.c env_nt.c ssl_nt.c ssl_none.c \ ip_nt.c tcp_nt.c yunchan.c pmatch.c write.c \ - mailfile.h auth_md5.c auth_pla.c auth_log.c + mailfile.h auth_md5.c auth_ntl.c auth_pla.c auth_log.c mbxnt.obj: mail.h misc.h osdep.h mbxnt.c diff --git a/imap/src/osdep/nt/makefile.ntk b/imap/src/osdep/nt/makefile.ntk index e383e0f8..507d7541 100644 --- a/imap/src/osdep/nt/makefile.ntk +++ b/imap/src/osdep/nt/makefile.ntk @@ -84,7 +84,8 @@ smtp.obj: mail.h smtp.h rfc822.h misc.h osdep.h smtp.c os_ntk.obj: mail.h osdep.h env_nt.h fs.h ftl.h nl.h tcp.h tcp_nt.h yunchan.h \ os_ntk.c fs_nt.c ftl_nt.c nl_nt.c env_nt.c ssl_nt.c ssl_none.c \ ip_nt.c tcp_nt.c yunchan.c pmatch.c write.c \ - mailfile.h auth_gss.c auth_md5.c auth_pla.c auth_log.c kerb_mit.c + mailfile.h auth_gss.c auth_md5.c auth_ntl.c auth_pla.c auth_log.c \ + kerb_mit.c mbxnt.obj: mail.h misc.h osdep.h mbxnt.c diff --git a/imap/src/osdep/nt/makefile.w2k b/imap/src/osdep/nt/makefile.w2k index a3d62ad6..a58f0274 100644 --- a/imap/src/osdep/nt/makefile.w2k +++ b/imap/src/osdep/nt/makefile.w2k @@ -85,7 +85,8 @@ smtp.obj: mail.h smtp.h rfc822.h misc.h osdep.h smtp.c os_w2k.obj: mail.h osdep.h env_nt.h fs.h ftl.h nl.h tcp.h tcp_nt.h yunchan.h \ os_w2k.c fs_nt.c ftl_nt.c nl_nt.c env_nt.c ssl_w2k.c ssl_none.c \ ip_nt.c tcp_nt.c yunchan.c pmatch.c write.c \ - mailfile.h auth_gss.c auth_md5.c auth_pla.c auth_log.c kerb_w2k.c + mailfile.h auth_gss.c auth_md5.c auth_ntl.c auth_pla.c auth_log.c \ + kerb_w2k.c mbxnt.obj: mail.h misc.h osdep.h mbxnt.c diff --git a/imap/src/osdep/unix/Makefile b/imap/src/osdep/unix/Makefile index 14975c82..8d740bb4 100644 --- a/imap/src/osdep/unix/Makefile +++ b/imap/src/osdep/unix/Makefile @@ -922,7 +922,7 @@ osdep.o:mail.h misc.h env.h fs.h ftl.h nl.h tcp.h \ gethstid.c getspnam.c \ gr_wait.c gr_wait4.c gr_waitp.c \ kerb_mit.c \ - auth_ext.c auth_gss.c auth_log.c auth_md5.c auth_pla.c \ + auth_ext.c auth_gss.c auth_log.c auth_md5.c auth_ntl.c auth_pla.c \ pmatch.c scandir.c setpgrp.c strerror.c truncate.c write.c \ memmove.c memmove2.c memset.c \ tz_bsd.c tz_nul.c tz_sv4.c \ diff --git a/imap/src/osdep/unix/Makefile.ntl b/imap/src/osdep/unix/Makefile.ntl new file mode 100644 index 00000000..2ffa78ff --- /dev/null +++ b/imap/src/osdep/unix/Makefile.ntl @@ -0,0 +1,27 @@ +# ======================================================================== +# Copyright 1988-2007 University of Washington +# Copyright 2015 Imagination Technologies +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# +# ======================================================================== + +# Program: NTLM makefile +# +# Author: Maciej W. Rozycki +# +# Date: 25 January 2015 +# Last Edited: 25 January 2015 + + +# Extended flags needed for additional authenticators. You may need to modify. + +NTLMLDFLAGS= -lntlm + +ntl: # NTLM flags + echo $(NTLMLDFLAGS) >> LDFLAGS -- cgit v1.2.3-54-g00ecf