[dovecot-cvs] dovecot/src/auth mech-ntlm.c,1.8,1.9
cras at dovecot.org
cras at dovecot.org
Thu Nov 11 19:45:06 EET 2004
Update of /var/lib/cvs/dovecot/src/auth
In directory talvi:/tmp/cvs-serv10286/src/auth
Modified Files:
mech-ntlm.c
Log Message:
allow LM authentication for older (Win9x) clients
which do not pass NTLM response in type 3 message. fixes
crash in dovecot-auth (empty credentials could be passed to
hex_to_binary function if NTLM2 was negotiated). Patch by Andrey Panin
Index: mech-ntlm.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/mech-ntlm.c,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -d -r1.8 -r1.9
--- mech-ntlm.c 22 Oct 2004 13:34:06 -0000 1.8
+++ mech-ntlm.c 11 Nov 2004 17:45:03 -0000 1.9
@@ -42,10 +42,15 @@
const unsigned char *client_response;
unsigned char lm_response[LM_RESPONSE_SIZE];
unsigned char hash[LM_HASH_SIZE];
+ unsigned int response_length;
buffer_t *hash_buffer;
int ret;
- if (credentials == NULL) {
+ response_length =
+ ntlmssp_buffer_length(request->response, lm_response);
+ client_response = ntlmssp_buffer_data(request->response, lm_response);
+
+ if (credentials == NULL || response_length < LM_RESPONSE_SIZE) {
mech_auth_finish(auth_request, NULL, 0, FALSE);
return;
}
@@ -54,8 +59,6 @@
hash, sizeof(hash));
hex_to_binary(credentials, hash_buffer);
- client_response = ntlmssp_buffer_data(request->response, lm_response);
-
ntlmssp_v1_response(hash, request->challenge, lm_response);
ret = memcmp(lm_response, client_response, LM_RESPONSE_SIZE) == 0;
@@ -75,10 +78,18 @@
buffer_t *hash_buffer;
int ret;
- if (credentials == NULL && !request->ntlm2_negotiated) {
- passdb->lookup_credentials(auth_request,
- PASSDB_CREDENTIALS_LANMAN,
- lm_credentials_callback);
+ response_length =
+ ntlmssp_buffer_length(request->response, ntlm_response);
+ client_response = ntlmssp_buffer_data(request->response, ntlm_response);
+
+ if (credentials == NULL || response_length == 0) {
+ /* We can't use LM authentication if NTLM2 was negotiated */
+ if (request->ntlm2_negotiated)
+ mech_auth_finish(auth_request, NULL, 0, FALSE);
+ else
+ passdb->lookup_credentials(auth_request,
+ PASSDB_CREDENTIALS_LANMAN,
+ lm_credentials_callback);
return;
}
@@ -86,9 +97,6 @@
hash, sizeof(hash));
hex_to_binary(credentials, hash_buffer);
- response_length =
- ntlmssp_buffer_length(request->response, ntlm_response);
- client_response = ntlmssp_buffer_data(request->response, ntlm_response);
if (response_length > NTLMSSP_RESPONSE_SIZE) {
unsigned char ntlm_v2_response[NTLMSSP_V2_RESPONSE_SIZE];
More information about the dovecot-cvs
mailing list