# HG changeset patch # User Timo Sirainen # Date 1097006465 -10800 # Node ID 1065a557516b4b437ffe5f85e1e499537c336ff6 # Parent 46f879c46b450b448e7195d948870fa47df63ba4 NTLM2 authentication support. Patch by Andrey Panin diff -r 46f879c46b45 -r 1065a557516b src/auth/mech-ntlm.c --- a/src/auth/mech-ntlm.c Tue Oct 05 19:00:18 2004 +0300 +++ b/src/auth/mech-ntlm.c Tue Oct 05 23:01:05 2004 +0300 @@ -25,6 +25,7 @@ pool_t pool; /* requested: */ + int ntlm2_negotiated; const unsigned char *challenge; /* received: */ @@ -73,7 +74,7 @@ buffer_t *hash_buffer; int ret; - if (credentials == NULL) { + if (credentials == NULL && !auth->ntlm2_negotiated) { passdb->lookup_credentials(auth_request, PASSDB_CREDENTIALS_LANMAN, lm_credentials_callback); @@ -105,8 +106,16 @@ NTLMSSP_V2_RESPONSE_SIZE) == 0; } else { unsigned char ntlm_response[NTLMSSP_RESPONSE_SIZE]; + const unsigned char *client_lm_response = + ntlmssp_buffer_data(auth->response, lm_response); - ntlmssp_v1_response(hash, auth->challenge, ntlm_response); + if (auth->ntlm2_negotiated) + ntlmssp2_response(hash, auth->challenge, + client_lm_response, + ntlm_response); + else + ntlmssp_v1_response(hash, auth->challenge, + ntlm_response); ret = memcmp(ntlm_response, client_response, NTLMSSP_RESPONSE_SIZE) == 0; @@ -145,6 +154,7 @@ message = ntlmssp_create_challenge(auth->pool, request, &message_size); + auth->ntlm2_negotiated = message->flags & NTLMSSP_NEGOTIATE_NTLM2; auth->challenge = message->challenge; mech_init_auth_client_reply(&reply); diff -r 46f879c46b45 -r 1065a557516b src/lib-ntlm/ntlm-encrypt.c --- a/src/lib-ntlm/ntlm-encrypt.c Tue Oct 05 19:00:18 2004 +0300 +++ b/src/lib-ntlm/ntlm-encrypt.c Tue Oct 05 23:01:05 2004 +0300 @@ -4,7 +4,7 @@ * Copyright (c) 2004 Andrey Panin * * This library is free software; you can redistribute it and/or modify - * it under the terms of the GNU Lesser General Public License as published + * it under the terms of the GNU Lesser General Public License as published * by the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. */ @@ -110,6 +110,23 @@ } void +ntlmssp2_response(const unsigned char *hash, + const unsigned char *server_challenge, + const unsigned char *client_challenge, + unsigned char response[NTLMSSP_RESPONSE_SIZE]) +{ + struct md5_context ctx; + unsigned char session_hash[16]; + + md5_init(&ctx); + md5_update(&ctx, server_challenge, NTLMSSP_CHALLENGE_SIZE); + md5_update(&ctx, client_challenge, NTLMSSP_CHALLENGE_SIZE); + md5_final(&ctx, session_hash); + + ntlmssp_v1_response(hash, session_hash, response); +} + +void ntlmssp_v2_response(const char *user, const char *target, const unsigned char *hash_v1, const unsigned char *challenge, diff -r 46f879c46b45 -r 1065a557516b src/lib-ntlm/ntlm-encrypt.h --- a/src/lib-ntlm/ntlm-encrypt.h Tue Oct 05 19:00:18 2004 +0300 +++ b/src/lib-ntlm/ntlm-encrypt.h Tue Oct 05 23:01:05 2004 +0300 @@ -11,6 +11,11 @@ const unsigned char *challenge, unsigned char response[NTLMSSP_RESPONSE_SIZE]); +void ntlmssp2_response( const unsigned char *hash, + const unsigned char *server_challenge, + const unsigned char *client_challenge, + unsigned char response[NTLMSSP_RESPONSE_SIZE]); + void ntlmssp_v2_response(const char *user, const char *target, const unsigned char *hash_v1, const unsigned char *challenge, diff -r 46f879c46b45 -r 1065a557516b src/lib-ntlm/ntlm-message.c --- a/src/lib-ntlm/ntlm-message.c Tue Oct 05 19:00:18 2004 +0300 +++ b/src/lib-ntlm/ntlm-message.c Tue Oct 05 23:01:05 2004 +0300 @@ -119,6 +119,9 @@ NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_TARGET_INFO; + if (client_flags & NTLMSSP_NEGOTIATE_NTLM2) + flags |= NTLMSSP_NEGOTIATE_NTLM2; + if (client_flags & NTLMSSP_REQUEST_TARGET) flags |= NTLMSSP_REQUEST_TARGET | NTLMSSP_TARGET_TYPE_SERVER;