diff -urpNX /usr/share/dontdiff dovecot-1.0-test46.vanilla/src/auth/mech-ntlm.c dovecot-1.0-test46/src/auth/mech-ntlm.c --- dovecot-1.0-test46.vanilla/src/auth/mech-ntlm.c 2004-08-31 13:28:03.000000000 +0400 +++ dovecot-1.0-test46/src/auth/mech-ntlm.c 2004-09-28 23:45:46.000000000 +0400 @@ -25,6 +25,7 @@ struct ntlm_auth_request { pool_t pool; /* requested: */ + int ntlm2_negotiated; const unsigned char *challenge; /* received: */ @@ -73,7 +74,7 @@ ntlm_credentials_callback(const char *cr buffer_t *hash_buffer; int ret; - if (credentials == NULL) { + if ((credentials == NULL) && !auth->ntlm2_negotiated) { passdb->lookup_credentials(auth_request, PASSDB_CREDENTIALS_LANMAN, lm_credentials_callback); @@ -105,8 +106,16 @@ ntlm_credentials_callback(const char *cr NTLMSSP_V2_RESPONSE_SIZE) == 0; } else { unsigned char ntlm_response[NTLMSSP_RESPONSE_SIZE]; + const unsigned char *client_lm_response = + ntlmssp_buffer_data(auth->response, lm_response); - ntlmssp_v1_response(hash, auth->challenge, ntlm_response); + if (auth->ntlm2_negotiated) + ntlmssp2_response(hash, auth->challenge, + client_lm_response, + ntlm_response); + else + ntlmssp_v1_response(hash, auth->challenge, + ntlm_response); ret = memcmp(ntlm_response, client_response, NTLMSSP_RESPONSE_SIZE) == 0; @@ -145,6 +154,7 @@ mech_ntlm_auth_continue(struct auth_requ message = ntlmssp_create_challenge(auth->pool, request, &message_size); + auth->ntlm2_negotiated = message->flags & NTLMSSP_NEGOTIATE_NTLM2; auth->challenge = message->challenge; mech_init_auth_client_reply(&reply); diff -urpNX /usr/share/dontdiff dovecot-1.0-test46.vanilla/src/lib-ntlm/ntlm-encrypt.c dovecot-1.0-test46/src/lib-ntlm/ntlm-encrypt.c --- dovecot-1.0-test46.vanilla/src/lib-ntlm/ntlm-encrypt.c 2004-09-22 23:52:09.000000000 +0400 +++ dovecot-1.0-test46/src/lib-ntlm/ntlm-encrypt.c 2004-09-28 22:43:42.000000000 +0400 @@ -4,7 +4,7 @@ * Copyright (c) 2004 Andrey Panin * * This library is free software; you can redistribute it and/or modify - * it under the terms of the GNU Lesser General Public License as published + * it under the terms of the GNU Lesser General Public License as published * by the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. */ @@ -110,6 +110,23 @@ ntlmssp_v1_response(const unsigned char } void +ntlmssp2_response(const unsigned char *hash, + const unsigned char *server_challenge, + const unsigned char *client_challenge, + unsigned char response[NTLMSSP_RESPONSE_SIZE]) +{ + struct md5_context ctx; + unsigned char session_hash[16]; + + md5_init(&ctx); + md5_update(&ctx, server_challenge, NTLMSSP_CHALLENGE_SIZE); + md5_update(&ctx, client_challenge, NTLMSSP_CHALLENGE_SIZE); + md5_final(&ctx, session_hash); + + ntlmssp_v1_response(hash, session_hash, response); +} + +void ntlmssp_v2_response(const char *user, const char *target, const unsigned char *hash_v1, const unsigned char *challenge, diff -urpNX /usr/share/dontdiff dovecot-1.0-test46.vanilla/src/lib-ntlm/ntlm-encrypt.h dovecot-1.0-test46/src/lib-ntlm/ntlm-encrypt.h --- dovecot-1.0-test46.vanilla/src/lib-ntlm/ntlm-encrypt.h 2004-07-30 07:16:23.000000000 +0400 +++ dovecot-1.0-test46/src/lib-ntlm/ntlm-encrypt.h 2004-09-28 22:45:22.000000000 +0400 @@ -11,6 +11,11 @@ void ntlmssp_v1_response(const unsigned const unsigned char *challenge, unsigned char response[NTLMSSP_RESPONSE_SIZE]); +void ntlmssp2_response( const unsigned char *hash, + const unsigned char *server_challenge, + const unsigned char *client_challenge, + unsigned char response[NTLMSSP_RESPONSE_SIZE]); + void ntlmssp_v2_response(const char *user, const char *target, const unsigned char *hash_v1, const unsigned char *challenge, diff -urpNX /usr/share/dontdiff dovecot-1.0-test46.vanilla/src/lib-ntlm/ntlm-message.c dovecot-1.0-test46/src/lib-ntlm/ntlm-message.c --- dovecot-1.0-test46.vanilla/src/lib-ntlm/ntlm-message.c 2004-07-31 07:50:01.000000000 +0400 +++ dovecot-1.0-test46/src/lib-ntlm/ntlm-message.c 2004-09-28 23:42:45.000000000 +0400 @@ -119,6 +119,9 @@ static inline uint32_t ntlmssp_flags(uin NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_TARGET_INFO; + if (client_flags & NTLMSSP_NEGOTIATE_NTLM2) + flags |= NTLMSSP_NEGOTIATE_NTLM2; + if (client_flags & NTLMSSP_REQUEST_TARGET) flags |= NTLMSSP_REQUEST_TARGET | NTLMSSP_TARGET_TYPE_SERVER;