[dovecot-cvs] dovecot/src/auth Makefile.am, 1.29, 1.30 mech-ntlm.c,
NONE, 1.1 mech.c, 1.28, 1.29 passdb.c, 1.19, 1.20 passdb.h,
1.10, 1.11 password-scheme-ntlm.c, NONE, 1.1 password-scheme.c,
1.10, 1.11 password-scheme.h, 1.4, 1.5
cras at dovecot.org
cras at dovecot.org
Wed Jul 28 18:39:32 EEST 2004
- Previous message: [dovecot-cvs]
dovecot/src/lib-ntlm .cvsignore, NONE, 1.1 Makefile.am,
NONE, 1.1 hmac-md5.c, NONE, 1.1 hmac-md5.h, NONE,
1.1 ntlm-byteorder.h, NONE, 1.1 ntlm-des.c, NONE,
1.1 ntlm-des.h, NONE, 1.1 ntlm-encrypt.c, NONE,
1.1 ntlm-encrypt.h, NONE, 1.1 ntlm-flags.h, NONE,
1.1 ntlm-message.c, NONE, 1.1 ntlm-message.h, NONE,
1.1 ntlm-types.h, NONE, 1.1 ntlm.h, NONE, 1.1
- Next message: [dovecot-cvs] dovecot/src/lib-index mail-cache.c,1.44,1.45
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Update of /home/cvs/dovecot/src/auth
In directory talvi:/tmp/cvs-serv28916/src/auth
Modified Files:
Makefile.am mech.c passdb.c passdb.h password-scheme.c
password-scheme.h
Added Files:
mech-ntlm.c password-scheme-ntlm.c
Log Message:
NTLM authentication. Patch by Andrey Panin
Index: Makefile.am
===================================================================
RCS file: /home/cvs/dovecot/src/auth/Makefile.am,v
retrieving revision 1.29
retrieving revision 1.30
diff -u -d -r1.29 -r1.30
--- Makefile.am 22 Jul 2004 13:42:02 -0000 1.29
+++ Makefile.am 28 Jul 2004 15:39:29 -0000 1.30
@@ -5,12 +5,14 @@
INCLUDES = \
-I$(top_srcdir)/src/lib \
-I$(top_srcdir)/src/lib-settings \
+ -I$(top_srcdir)/src/lib-ntlm \
-DAUTH_MODULE_DIR=\""$(moduledir)/auth"\" \
-DPKG_LIBEXECDIR=\""$(pkglibexecdir)"\" \
$(AUTH_CFLAGS)
dovecot_auth_LDADD = \
../lib-settings/libsettings.a \
+ ../lib-ntlm/libntlm.a \
../lib/liblib.a \
$(AUTH_LIBS) \
$(RAND_LIBS) \
@@ -32,6 +34,7 @@
mech-login.c \
mech-cram-md5.c \
mech-digest-md5.c \
+ mech-ntlm.c \
mech-apop.c \
mycrypt.c \
passdb.c \
@@ -48,6 +51,7 @@
password-scheme.c \
password-scheme-md5crypt.c \
password-scheme-cram-md5.c \
+ password-scheme-ntlm.c \
userdb.c \
userdb-ldap.c \
userdb-passwd.c \
--- NEW FILE: mech-ntlm.c ---
/*
* NTLM and NTLMv2 authentication mechanism.
*
* Copyright (c) 2004 Andrey Panin <pazke at donpac.ru>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published
* by the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*/
#include "common.h"
#include "mech.h"
#include "passdb.h"
#include "str.h"
#include "buffer.h"
#include "hex-binary.h"
#include "safe-memset.h"
#include "ntlm.h"
struct ntlm_auth_request {
struct auth_request auth_request;
pool_t pool;
/* requested: */
const unsigned char *challenge;
/* received: */
struct ntlmssp_response *response;
};
static void
ntlm_credentials_callback(const char *credentials,
struct auth_request *auth_request)
{
struct ntlm_auth_request *auth =
(struct ntlm_auth_request *)auth_request;
const unsigned char *client_response;
unsigned char hash[NTLMSSP_HASH_SIZE];
unsigned int response_length;
buffer_t *hash_buffer;
int ret;
if (credentials == NULL) {
mech_auth_finish(auth_request, NULL, 0, FALSE);
return;
}
hash_buffer = buffer_create_data(auth_request->pool,
hash, sizeof(hash));
hex_to_binary(credentials, hash_buffer);
response_length = ntlmssp_buffer_length(auth->response, ntlm_response);
client_response = ntlmssp_buffer_data(auth->response, ntlm_response);
if (response_length > NTLMSSP_RESPONSE_SIZE) {
unsigned char ntlm_v2_response[NTLMSSP_V2_RESPONSE_SIZE];
const unsigned char *blob =
client_response + NTLMSSP_V2_RESPONSE_SIZE;
/*
* Authentication target == NULL because we are acting
* as a standalone server, not as NT domain member.
*/
ntlmssp_v2_response(auth_request->user, NULL,
hash, auth->challenge, blob,
response_length - NTLMSSP_V2_RESPONSE_SIZE,
ntlm_v2_response);
ret = memcmp(ntlm_v2_response, client_response,
NTLMSSP_V2_RESPONSE_SIZE) == 0;
} else {
unsigned char ntlm_response[NTLMSSP_RESPONSE_SIZE];
ntlmssp_v1_response(hash, auth->challenge, ntlm_response);
ret = memcmp(ntlm_response, client_response,
NTLMSSP_RESPONSE_SIZE) == 0;
}
mech_auth_finish(auth_request, NULL, 0, ret);
}
static int
mech_ntlm_auth_continue(struct auth_request *auth_request,
const unsigned char *data, size_t data_size,
mech_callback_t *callback)
{
struct ntlm_auth_request *auth =
(struct ntlm_auth_request *)auth_request;
struct auth_client_request_reply reply;
const char *error;
auth_request->callback = callback;
if (!auth->challenge) {
const struct ntlmssp_request *request =
(struct ntlmssp_request *)data;
const struct ntlmssp_challenge *message;
size_t message_size;
if (!ntlmssp_check_request(request, data_size, &error)) {
if (verbose) {
i_info("ntlm(%s): invalid NTLM request, %s",
get_log_prefix(auth_request),
error);
}
mech_auth_finish(auth_request, NULL, 0, FALSE);
return TRUE;
}
message = ntlmssp_create_challenge(auth->pool, request,
&message_size);
auth->challenge = message->challenge;
mech_init_auth_client_reply(&reply);
reply.id = auth_request->id;
reply.result = AUTH_CLIENT_RESULT_CONTINUE;
reply.reply_idx = 0;
reply.data_size = message_size;
callback(&reply, message, auth_request->conn);
} else {
const struct ntlmssp_response *response =
(struct ntlmssp_response *)data;
char *username;
if (!ntlmssp_check_response(response, data_size, &error)) {
if (verbose) {
i_info("ntlm(%s): invalid NTLM response, %s",
get_log_prefix(auth_request),
error);
}
mech_auth_finish(auth_request, NULL, 0, FALSE);
return TRUE;
}
auth->response = p_malloc(auth->pool, data_size);
memcpy(auth->response, response, data_size);
username = p_strdup(auth_request->pool,
ntlmssp_t_str(auth->response, user));
if (!mech_is_valid_username(username)) {
if (verbose) {
i_info("ntlm(%s): invalid username",
get_log_prefix(auth_request));
}
mech_auth_finish(auth_request, NULL, 0, FALSE);
return TRUE;
}
auth_request->user = username;
passdb->lookup_credentials(auth_request,
PASSDB_CREDENTIALS_NTLM,
ntlm_credentials_callback);
}
return TRUE;
}
static int
mech_ntlm_auth_initial(struct auth_request *auth_request,
struct auth_client_request_new *request,
const unsigned char *data __attr_unused__,
mech_callback_t *callback)
{
struct auth_client_request_reply reply;
mech_init_auth_client_reply(&reply);
reply.id = request->id;
reply.result = AUTH_CLIENT_RESULT_CONTINUE;
reply.reply_idx = 0;
reply.data_size = 0;
callback(&reply, "", auth_request->conn);
return TRUE;
}
static void
mech_ntlm_auth_free(struct auth_request *auth_request)
{
pool_unref(auth_request->pool);
}
static struct auth_request *mech_ntlm_auth_new(void)
{
struct ntlm_auth_request *auth;
pool_t pool;
pool = pool_alloconly_create("ntlm_auth_request", 256);
auth = p_new(pool, struct ntlm_auth_request, 1);
auth->pool = pool;
auth->auth_request.refcount = 1;
auth->auth_request.pool = pool;
auth->auth_request.auth_initial = mech_ntlm_auth_initial;
auth->auth_request.auth_continue = mech_ntlm_auth_continue;
auth->auth_request.auth_free = mech_ntlm_auth_free;
return &auth->auth_request;
}
const struct mech_module mech_ntlm = {
"NTLM",
MEMBER(plaintext) FALSE,
MEMBER(advertise) TRUE,
MEMBER(passdb_need_plain) FALSE,
MEMBER(passdb_need_credentials) TRUE,
mech_ntlm_auth_new,
};
Index: mech.c
===================================================================
RCS file: /home/cvs/dovecot/src/auth/mech.c,v
retrieving revision 1.28
retrieving revision 1.29
diff -u -d -r1.28 -r1.29
--- mech.c 22 Jul 2004 13:42:02 -0000 1.28
+++ mech.c 28 Jul 2004 15:39:29 -0000 1.29
@@ -388,6 +388,7 @@
extern struct mech_module mech_apop;
extern struct mech_module mech_cram_md5;
extern struct mech_module mech_digest_md5;
+extern struct mech_module mech_ntlm;
extern struct mech_module mech_anonymous;
void mech_init(void)
@@ -421,6 +422,8 @@
mech_register_module(&mech_cram_md5);
else if (strcasecmp(*mechanisms, "DIGEST-MD5") == 0)
mech_register_module(&mech_digest_md5);
+ else if (strcasecmp(*mechanisms, "NTLM") == 0)
+ mech_register_module(&mech_ntlm);
else if (strcasecmp(*mechanisms, "ANONYMOUS") == 0) {
if (anonymous_username == NULL) {
i_fatal("ANONYMOUS listed in mechanisms, "
@@ -481,5 +484,6 @@
mech_unregister_module(&mech_apop);
mech_unregister_module(&mech_cram_md5);
mech_unregister_module(&mech_digest_md5);
+ mech_unregister_module(&mech_ntlm);
mech_unregister_module(&mech_anonymous);
}
Index: passdb.c
===================================================================
RCS file: /home/cvs/dovecot/src/auth/passdb.c,v
retrieving revision 1.19
retrieving revision 1.20
diff -u -d -r1.19 -r1.20
--- passdb.c 26 Jul 2004 16:21:30 -0000 1.19
+++ passdb.c 28 Jul 2004 15:39:29 -0000 1.20
@@ -28,6 +28,8 @@
return "HMAC-MD5";
case PASSDB_CREDENTIALS_DIGEST_MD5:
return "DIGEST-MD5";
+ case PASSDB_CREDENTIALS_NTLM:
+ return "NTLM";
}
return "??";
Index: passdb.h
===================================================================
RCS file: /home/cvs/dovecot/src/auth/passdb.h,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -d -r1.10 -r1.11
--- passdb.h 18 Jun 2004 03:40:12 -0000 1.10
+++ passdb.h 28 Jul 2004 15:39:29 -0000 1.11
@@ -12,7 +12,8 @@
PASSDB_CREDENTIALS_PLAINTEXT,
PASSDB_CREDENTIALS_CRYPT,
PASSDB_CREDENTIALS_CRAM_MD5,
- PASSDB_CREDENTIALS_DIGEST_MD5
+ PASSDB_CREDENTIALS_DIGEST_MD5,
+ PASSDB_CREDENTIALS_NTLM
};
enum passdb_result {
--- NEW FILE: password-scheme-ntlm.c ---
#include "lib.h"
#include "hex-binary.h"
#include "password-scheme.h"
#include "ntlm.h"
const char *password_generate_ntlm(const char *plaintext)
{
unsigned char hash[16];
ntlm_v1_hash(plaintext, hash);
return binary_to_hex_ucase(hash, sizeof(hash));
}
Index: password-scheme.c
===================================================================
RCS file: /home/cvs/dovecot/src/auth/password-scheme.c,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -d -r1.10 -r1.11
--- password-scheme.c 26 Jul 2004 16:21:30 -0000 1.10
+++ password-scheme.c 28 Jul 2004 15:39:29 -0000 1.11
@@ -400,6 +400,18 @@
return memcmp(md5_digest, data, 16) == 0;
}
+static int ntlm_verify(const char *plaintext, const char *password,
+ const char *user __attr_unused__)
+{
+ return strcmp(password, password_generate_ntlm(plaintext)) == 0;
+}
+
+static const char *ntlm_generate(const char *plaintext,
+ const char *user __attr_unused__)
+{
+ return password_generate_ntlm(plaintext);
+}
+
static const struct password_scheme default_schemes[] = {
{ "CRYPT", crypt_verify, crypt_generate },
{ "MD5", md5_verify, md5_generate },
@@ -413,6 +425,7 @@
{ "DIGEST-MD5", digest_md5_verify, digest_md5_generate },
{ "PLAIN-MD5", plain_md5_verify, plain_md5_generate },
{ "LDAP-MD5", ldap_md5_verify, ldap_md5_generate },
+ { "NTLM", ntlm_verify, ntlm_generate },
{ NULL, NULL, NULL }
};
Index: password-scheme.h
===================================================================
RCS file: /home/cvs/dovecot/src/auth/password-scheme.h,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -d -r1.4 -r1.5
--- password-scheme.h 26 Jul 2004 16:21:30 -0000 1.4
+++ password-scheme.h 28 Jul 2004 15:39:29 -0000 1.5
@@ -30,5 +30,6 @@
/* INTERNAL: */
const char *password_generate_md5_crypt(const char *pw, const char *salt);
const char *password_generate_cram_md5(const char *pw);
+const char *password_generate_ntlm(const char *pw);
#endif
- Previous message: [dovecot-cvs]
dovecot/src/lib-ntlm .cvsignore, NONE, 1.1 Makefile.am,
NONE, 1.1 hmac-md5.c, NONE, 1.1 hmac-md5.h, NONE,
1.1 ntlm-byteorder.h, NONE, 1.1 ntlm-des.c, NONE,
1.1 ntlm-des.h, NONE, 1.1 ntlm-encrypt.c, NONE,
1.1 ntlm-encrypt.h, NONE, 1.1 ntlm-flags.h, NONE,
1.1 ntlm-message.c, NONE, 1.1 ntlm-message.h, NONE,
1.1 ntlm-types.h, NONE, 1.1 ntlm.h, NONE, 1.1
- Next message: [dovecot-cvs] dovecot/src/lib-index mail-cache.c,1.44,1.45
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the dovecot-cvs
mailing list