# HG changeset patch # User Timo Sirainen # Date 1091151801 -10800 # Node ID 6531fd0f779fa96da2d1713474b5e4c364292203 # Parent 4e42d4213927841060988930aed72e58826e6d29 Added LANMAN password scheme. Patch by Andrey Panin diff -r 4e42d4213927 -r 6531fd0f779f src/auth/mech-ntlm.c --- a/src/auth/mech-ntlm.c Fri Jul 30 04:39:13 2004 +0300 +++ b/src/auth/mech-ntlm.c Fri Jul 30 04:43:21 2004 +0300 @@ -32,6 +32,36 @@ }; static void +lm_credentials_callback(const char *credentials, + struct auth_request *auth_request) +{ + struct ntlm_auth_request *auth = + (struct ntlm_auth_request *)auth_request; + const unsigned char *client_response; + unsigned char lm_response[LM_RESPONSE_SIZE]; + unsigned char hash[LM_HASH_SIZE]; + buffer_t *hash_buffer; + int ret; + + if (credentials == NULL) { + mech_auth_finish(auth_request, NULL, 0, FALSE); + return; + } + + hash_buffer = buffer_create_data(auth_request->pool, + hash, sizeof(hash)); + hex_to_binary(credentials, hash_buffer); + + client_response = ntlmssp_buffer_data(auth->response, lm_response); + + ntlmssp_v1_response(hash, auth->challenge, lm_response); + + ret = memcmp(lm_response, client_response, LM_RESPONSE_SIZE) == 0; + + mech_auth_finish(auth_request, NULL, 0, ret); +} + +static void ntlm_credentials_callback(const char *credentials, struct auth_request *auth_request) { @@ -44,7 +74,9 @@ int ret; if (credentials == NULL) { - mech_auth_finish(auth_request, NULL, 0, FALSE); + passdb->lookup_credentials(auth_request, + PASSDB_CREDENTIALS_LANMAN, + lm_credentials_callback); return; } diff -r 4e42d4213927 -r 6531fd0f779f src/auth/passdb.c --- a/src/auth/passdb.c Fri Jul 30 04:39:13 2004 +0300 +++ b/src/auth/passdb.c Fri Jul 30 04:43:21 2004 +0300 @@ -28,6 +28,8 @@ return "HMAC-MD5"; case PASSDB_CREDENTIALS_DIGEST_MD5: return "DIGEST-MD5"; + case PASSDB_CREDENTIALS_LANMAN: + return "LANMAN"; case PASSDB_CREDENTIALS_NTLM: return "NTLM"; } diff -r 4e42d4213927 -r 6531fd0f779f src/auth/passdb.h --- a/src/auth/passdb.h Fri Jul 30 04:39:13 2004 +0300 +++ b/src/auth/passdb.h Fri Jul 30 04:43:21 2004 +0300 @@ -13,6 +13,7 @@ PASSDB_CREDENTIALS_CRYPT, PASSDB_CREDENTIALS_CRAM_MD5, PASSDB_CREDENTIALS_DIGEST_MD5, + PASSDB_CREDENTIALS_LANMAN, PASSDB_CREDENTIALS_NTLM }; diff -r 4e42d4213927 -r 6531fd0f779f src/auth/password-scheme-ntlm.c --- a/src/auth/password-scheme-ntlm.c Fri Jul 30 04:39:13 2004 +0300 +++ b/src/auth/password-scheme-ntlm.c Fri Jul 30 04:43:21 2004 +0300 @@ -5,11 +5,20 @@ #include "ntlm.h" -const char *password_generate_ntlm(const char *plaintext) +const char *password_generate_lm(const char *pw) { - unsigned char hash[16]; + unsigned char hash[LM_HASH_SIZE]; - ntlm_v1_hash(plaintext, hash); + lm_hash(pw, hash); return binary_to_hex_ucase(hash, sizeof(hash)); } + +const char *password_generate_ntlm(const char *pw) +{ + unsigned char hash[NTLMSSP_HASH_SIZE]; + + ntlm_v1_hash(pw, hash); + + return binary_to_hex_ucase(hash, sizeof(hash)); +} diff -r 4e42d4213927 -r 6531fd0f779f src/auth/password-scheme.c --- a/src/auth/password-scheme.c Fri Jul 30 04:39:13 2004 +0300 +++ b/src/auth/password-scheme.c Fri Jul 30 04:43:21 2004 +0300 @@ -400,10 +400,22 @@ return memcmp(md5_digest, data, 16) == 0; } +static int lm_verify(const char *plaintext, const char *password, + const char *user __attr_unused__) +{ + return strcasecmp(password, password_generate_lm(plaintext)) == 0; +} + +static const char *lm_generate(const char *plaintext, + const char *user __attr_unused__) +{ + return password_generate_lm(plaintext); +} + static int ntlm_verify(const char *plaintext, const char *password, const char *user __attr_unused__) { - return strcmp(password, password_generate_ntlm(plaintext)) == 0; + return strcasecmp(password, password_generate_ntlm(plaintext)) == 0; } static const char *ntlm_generate(const char *plaintext, @@ -425,6 +437,7 @@ { "DIGEST-MD5", digest_md5_verify, digest_md5_generate }, { "PLAIN-MD5", plain_md5_verify, plain_md5_generate }, { "LDAP-MD5", ldap_md5_verify, ldap_md5_generate }, + { "LANMAN", lm_verify, lm_generate }, { "NTLM", ntlm_verify, ntlm_generate }, { NULL, NULL, NULL } }; diff -r 4e42d4213927 -r 6531fd0f779f src/auth/password-scheme.h --- a/src/auth/password-scheme.h Fri Jul 30 04:39:13 2004 +0300 +++ b/src/auth/password-scheme.h Fri Jul 30 04:43:21 2004 +0300 @@ -30,6 +30,7 @@ /* INTERNAL: */ const char *password_generate_md5_crypt(const char *pw, const char *salt); const char *password_generate_cram_md5(const char *pw); +const char *password_generate_lm(const char *pw); const char *password_generate_ntlm(const char *pw); #endif diff -r 4e42d4213927 -r 6531fd0f779f src/lib-ntlm/ntlm-encrypt.c --- a/src/lib-ntlm/ntlm-encrypt.c Fri Jul 30 04:39:13 2004 +0300 +++ b/src/lib-ntlm/ntlm-encrypt.c Fri Jul 30 04:43:21 2004 +0300 @@ -46,6 +46,26 @@ } const unsigned char * +lm_hash(const char *passwd, unsigned char hash[LM_HASH_SIZE]) +{ + static const unsigned char lm_magic[8] = "KGS!@#$%"; + unsigned char buffer[14]; + unsigned int i; + + strncpy(buffer, passwd, sizeof(buffer)); + + for (i = 0; i < sizeof(buffer); i++) + buffer[i] = i_toupper(buffer[i]); + + deshash(hash, buffer, lm_magic); + deshash(hash + 8, buffer + 7, lm_magic); + + safe_memset(buffer, 0, sizeof(buffer)); + + return hash; +} + +const unsigned char * ntlm_v1_hash(const char *passwd, unsigned char hash[NTLMSSP_HASH_SIZE]) { size_t len; diff -r 4e42d4213927 -r 6531fd0f779f src/lib-ntlm/ntlm-encrypt.h --- a/src/lib-ntlm/ntlm-encrypt.h Fri Jul 30 04:39:13 2004 +0300 +++ b/src/lib-ntlm/ntlm-encrypt.h Fri Jul 30 04:43:21 2004 +0300 @@ -2,6 +2,9 @@ #define __NTLM_ENCRYPT__ const unsigned char * +lm_hash(const char *passwd, unsigned char hash[LM_HASH_SIZE]); + +const unsigned char * ntlm_v1_hash(const char *passwd, unsigned char hash[NTLMSSP_HASH_SIZE]); void ntlmssp_v1_response(const unsigned char *hash, diff -r 4e42d4213927 -r 6531fd0f779f src/lib-ntlm/ntlm-types.h --- a/src/lib-ntlm/ntlm-types.h Fri Jul 30 04:39:13 2004 +0300 +++ b/src/lib-ntlm/ntlm-types.h Fri Jul 30 04:43:21 2004 +0300 @@ -22,6 +22,9 @@ #define NTLMSSP_CHALLENGE_SIZE 8 +#define LM_HASH_SIZE 16 +#define LM_RESPONSE_SIZE 24 + #define NTLMSSP_HASH_SIZE 16 #define NTLMSSP_RESPONSE_SIZE 24