[Dovecot] [PATCH 0/10] NTLM patchset submission

Andrey Panin pazke at donpac.ru
Thu Jul 29 13:04:03 EEST 2004 

On 211, 07 29, 2004 at 08:31:19AM +0400, Andrey Panin wrote:
> On 210, 07 28, 2004 at 11:33:40PM +1000, Joshua Goodall wrote:
> > On Wed, Jul 28, 2004 at 12:36:30AM +0300, Timo Sirainen wrote:
> > > On 27.7.2004, at 16:18, Andrey Panin wrote:
> > > 
> > > >It contains common code in src/lib-ntlm directory, Samba compatible
> > > >NTLM password scheme and authentication mechanism itself.
> > > 
> > > So now Dovecot has md4, md5, sha1 and des code. Maybe there should be a 
> > > lib-crypto or something similiar for those.
> > 
> > Yes.
> > 
> > Especially since I was thinking about doing a {BLOWFISH} for the
> > $2$ MCF this weekend.
> > 
> > Also, Timo, do you think it would be worth have a compatability
> > userdb/passdb for migrants from Courier's USERDB?
> > 
> > Andrey, how does the NTLM password scheme relate to OpenLDAP's
> > {LANMAN} scheme?  As far as I can tell, {NTLM} uses md4 whilst
> > {LANMAN} uses des.  Is that correct?
> 
> As i can guess from the {LANMAN} name, it probably uses older Lan
> Manager password hash format which is DES based. We can get support
> for it in ten minutes, all needed pieces are in place.

Well it taked a little more than ten minutes :)

If you are still interested attached patch adds OpenLDAP {LANMAN}
compatible (I hope) password scheme.

-- 
Andrey Panin		| Linux and UNIX system administrator
pazke at donpac.ru		| PGP key: wwwkeys.pgp.net
-------------- next part --------------
Index: src/auth/passdb.c
===================================================================
RCS file: /home/cvs/dovecot/src/auth/passdb.c,v
retrieving revision 1.20
diff -u -r1.20 passdb.c
--- src/auth/passdb.c	28 Jul 2004 15:39:29 -0000	1.20
+++ src/auth/passdb.c	29 Jul 2004 09:41:07 -0000
@@ -28,6 +28,8 @@
 		return "HMAC-MD5";
 	case PASSDB_CREDENTIALS_DIGEST_MD5:
 		return "DIGEST-MD5";
+	case PASSDB_CREDENTIALS_LANMAN:
+		return "LANMAN";
 	case PASSDB_CREDENTIALS_NTLM:
 		return "NTLM";
 	}
Index: src/auth/passdb.h
===================================================================
RCS file: /home/cvs/dovecot/src/auth/passdb.h,v
retrieving revision 1.11
diff -u -r1.11 passdb.h
--- src/auth/passdb.h	28 Jul 2004 15:39:29 -0000	1.11
+++ src/auth/passdb.h	29 Jul 2004 09:41:07 -0000
@@ -13,6 +13,7 @@
 	PASSDB_CREDENTIALS_CRYPT,
 	PASSDB_CREDENTIALS_CRAM_MD5,
 	PASSDB_CREDENTIALS_DIGEST_MD5,
+	PASSDB_CREDENTIALS_LANMAN,
 	PASSDB_CREDENTIALS_NTLM
 };
 
Index: src/auth/password-scheme-ntlm.c
===================================================================
RCS file: /home/cvs/dovecot/src/auth/password-scheme-ntlm.c,v
retrieving revision 1.1
diff -u -r1.1 password-scheme-ntlm.c
--- src/auth/password-scheme-ntlm.c	28 Jul 2004 15:39:29 -0000	1.1
+++ src/auth/password-scheme-ntlm.c	29 Jul 2004 09:41:07 -0000
@@ -5,11 +5,20 @@
 
 #include "ntlm.h"
 
-const char *password_generate_ntlm(const char *plaintext)
+const char *password_generate_lm(const char *pw)
 {
-	unsigned char hash[16];
+	unsigned char hash[LM_HASH_SIZE];
 
-	ntlm_v1_hash(plaintext, hash);
+	lm_hash(pw, hash);
+
+	return binary_to_hex_ucase(hash, sizeof(hash));
+}
+
+const char *password_generate_ntlm(const char *pw)
+{
+	unsigned char hash[NTLMSSP_HASH_SIZE];
+
+	ntlm_v1_hash(pw, hash);
 
 	return binary_to_hex_ucase(hash, sizeof(hash));
 }
Index: src/auth/password-scheme.c
===================================================================
RCS file: /home/cvs/dovecot/src/auth/password-scheme.c,v
retrieving revision 1.11
diff -u -r1.11 password-scheme.c
--- src/auth/password-scheme.c	28 Jul 2004 15:39:29 -0000	1.11
+++ src/auth/password-scheme.c	29 Jul 2004 09:41:07 -0000
@@ -400,10 +400,22 @@
 	return memcmp(md5_digest, data, 16) == 0;
 }
 
+static int lm_verify(const char *plaintext, const char *password,
+		       const char *user __attr_unused__)
+{
+	return strcasecmp(password, password_generate_lm(plaintext)) == 0;
+}
+
+static const char *lm_generate(const char *plaintext,
+				 const char *user __attr_unused__)
+{
+	return password_generate_lm(plaintext);
+}
+
 static int ntlm_verify(const char *plaintext, const char *password,
 		       const char *user __attr_unused__)
 {
-	return strcmp(password, password_generate_ntlm(plaintext)) == 0;
+	return strcasecmp(password, password_generate_ntlm(plaintext)) == 0;
 }
 
 static const char *ntlm_generate(const char *plaintext,
@@ -425,6 +437,7 @@
 	{ "DIGEST-MD5", digest_md5_verify, digest_md5_generate },
 	{ "PLAIN-MD5", plain_md5_verify, plain_md5_generate },
 	{ "LDAP-MD5", ldap_md5_verify, ldap_md5_generate },
+	{ "LANMAN", lm_verify, lm_generate },
 	{ "NTLM", ntlm_verify, ntlm_generate },
 	{ NULL, NULL, NULL }
 };
Index: src/auth/password-scheme.h
===================================================================
RCS file: /home/cvs/dovecot/src/auth/password-scheme.h,v
retrieving revision 1.5
diff -u -r1.5 password-scheme.h
--- src/auth/password-scheme.h	28 Jul 2004 15:39:29 -0000	1.5
+++ src/auth/password-scheme.h	29 Jul 2004 09:41:07 -0000
@@ -30,6 +30,7 @@
 /* INTERNAL: */
 const char *password_generate_md5_crypt(const char *pw, const char *salt);
 const char *password_generate_cram_md5(const char *pw);
+const char *password_generate_lm(const char *pw);
 const char *password_generate_ntlm(const char *pw);
 
 #endif
Index: src/lib-ntlm/ntlm-encrypt.c
===================================================================
RCS file: /home/cvs/dovecot/src/lib-ntlm/ntlm-encrypt.c,v
retrieving revision 1.1
diff -u -r1.1 ntlm-encrypt.c
--- src/lib-ntlm/ntlm-encrypt.c	28 Jul 2004 15:39:30 -0000	1.1
+++ src/lib-ntlm/ntlm-encrypt.c	29 Jul 2004 09:41:07 -0000
@@ -46,6 +46,24 @@
 }
 
 const unsigned char *
+lm_hash(const char *passwd, unsigned char hash[LM_HASH_SIZE])
+{
+	static const unsigned char lm_magic[8] = "KGS!@#$%";
+	unsigned char buffer[14];
+	unsigned int i;
+
+	strncpy(buffer, passwd, sizeof(buffer));
+
+	for (i = 0; i < sizeof(buffer); i++)
+		buffer[i] = i_toupper(buffer[i]);
+
+	deshash(hash, buffer, lm_magic);
+	deshash(hash + 8, buffer + 7, lm_magic);
+
+	return hash;
+}
+
+const unsigned char *
 ntlm_v1_hash(const char *passwd, unsigned char hash[NTLMSSP_HASH_SIZE])
 {
 	size_t len;
Index: src/lib-ntlm/ntlm-encrypt.h
===================================================================
RCS file: /home/cvs/dovecot/src/lib-ntlm/ntlm-encrypt.h,v
retrieving revision 1.1
diff -u -r1.1 ntlm-encrypt.h
--- src/lib-ntlm/ntlm-encrypt.h	28 Jul 2004 15:39:30 -0000	1.1
+++ src/lib-ntlm/ntlm-encrypt.h	29 Jul 2004 09:41:07 -0000
@@ -2,6 +2,9 @@
 #define __NTLM_ENCRYPT__
 
 const unsigned char *
+lm_hash(const char *passwd, unsigned char hash[LM_HASH_SIZE]);
+
+const unsigned char *
 ntlm_v1_hash(const char *passwd, unsigned char hash[NTLMSSP_HASH_SIZE]);
 
 void ntlmssp_v1_response(const unsigned char *hash,
Index: src/lib-ntlm/ntlm-types.h
===================================================================
RCS file: /home/cvs/dovecot/src/lib-ntlm/ntlm-types.h,v
retrieving revision 1.1
diff -u -r1.1 ntlm-types.h
--- src/lib-ntlm/ntlm-types.h	28 Jul 2004 15:39:30 -0000	1.1
+++ src/lib-ntlm/ntlm-types.h	29 Jul 2004 09:41:08 -0000
@@ -20,6 +20,8 @@
 
 #define NTLMSSP_DES_KEY_LENGTH		7
 
+#define LM_HASH_SIZE			16
+
 #define NTLMSSP_CHALLENGE_SIZE		8
 
 #define NTLMSSP_HASH_SIZE		16
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://dovecot.org/pipermail/dovecot/attachments/20040729/c10b00e8/attachment-0001.bin>

More information about the dovecot mailing list