[dovecot-cvs] dovecot/src/auth mech-ntlm.c,1.8,1.9

[cras at dovecot.org]

Update of /var/lib/cvs/dovecot/src/auth
In directory talvi:/tmp/cvs-serv10286/src/auth

Modified Files:
	mech-ntlm.c 
Log Message:
allow LM authentication for older (Win9x) clients
which do not pass NTLM response in type 3 message. fixes
crash in dovecot-auth (empty credentials could be passed to 
hex_to_binary function if NTLM2 was negotiated). Patch by Andrey Panin



Index: mech-ntlm.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/auth/mech-ntlm.c,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -d -r1.8 -r1.9
--- mech-ntlm.c	22 Oct 2004 13:34:06 -0000	1.8
+++ mech-ntlm.c	11 Nov 2004 17:45:03 -0000	1.9
@@ -42,10 +42,15 @@
 	const unsigned char *client_response;
 	unsigned char lm_response[LM_RESPONSE_SIZE];
 	unsigned char hash[LM_HASH_SIZE];
+	unsigned int response_length;
 	buffer_t *hash_buffer;
 	int ret;
 
-	if (credentials == NULL) {
+	response_length =
+		ntlmssp_buffer_length(request->response, lm_response);
+	client_response = ntlmssp_buffer_data(request->response, lm_response);
+
+	if (credentials == NULL || response_length < LM_RESPONSE_SIZE) {
 		mech_auth_finish(auth_request, NULL, 0, FALSE);
 		return;
 	}
@@ -54,8 +59,6 @@
 					 hash, sizeof(hash));
 	hex_to_binary(credentials, hash_buffer);
 
-	client_response = ntlmssp_buffer_data(request->response, lm_response);
-
 	ntlmssp_v1_response(hash, request->challenge, lm_response);
 
 	ret = memcmp(lm_response, client_response, LM_RESPONSE_SIZE) == 0;
@@ -75,10 +78,18 @@
 	buffer_t *hash_buffer;
 	int ret;
 
-	if (credentials == NULL && !request->ntlm2_negotiated) {
-		passdb->lookup_credentials(auth_request,
-					   PASSDB_CREDENTIALS_LANMAN,
-					   lm_credentials_callback);
+	response_length =
+		ntlmssp_buffer_length(request->response, ntlm_response);
+	client_response = ntlmssp_buffer_data(request->response, ntlm_response);
+
+	if (credentials == NULL || response_length == 0) {
+		/* We can't use LM authentication if NTLM2 was negotiated */
+		if (request->ntlm2_negotiated)
+			mech_auth_finish(auth_request, NULL, 0, FALSE);
+		else
+			passdb->lookup_credentials(auth_request,
+						   PASSDB_CREDENTIALS_LANMAN,
+						   lm_credentials_callback);
 		return;
 	}
 
@@ -86,9 +97,6 @@
 					 hash, sizeof(hash));
 	hex_to_binary(credentials, hash_buffer);
 
-	response_length =
-		ntlmssp_buffer_length(request->response, ntlm_response);
-	client_response = ntlmssp_buffer_data(request->response, ntlm_response);
 
 	if (response_length > NTLMSSP_RESPONSE_SIZE) {
 		unsigned char ntlm_v2_response[NTLMSSP_V2_RESPONSE_SIZE];