diff options
| -rw-r--r-- | Makefile.in | 16 | ||||
| -rw-r--r-- | NEWS | 5 | ||||
| -rw-r--r-- | acconfig.h | 3 | ||||
| -rw-r--r-- | configure.in | 7 | ||||
| -rw-r--r-- | fetchmail-FAQ.html | 12 | ||||
| -rw-r--r-- | fetchmail-features.html | 6 | ||||
| -rw-r--r-- | fetchmail.c | 3 | ||||
| -rw-r--r-- | fetchmail.man | 6 | ||||
| -rw-r--r-- | imap.c | 94 |
9 files changed, 140 insertions, 12 deletions
diff --git a/Makefile.in b/Makefile.in index 0a96c59b..519b642e 100644 --- a/Makefile.in +++ b/Makefile.in @@ -85,7 +85,8 @@ CTAGS = ctags protobjs = rcfile_y.o rcfile_l.o socket.o getpass.o pop2.o pop3.o imap.o \ etrn.o fetchmail.o env.o options.o daemon.o driver.o sink.o \ rfc822.o smtp.o xmalloc.o uid.o mxget.o md5c.o md5ify.o rpa.o \ - interface.o netrc.o base64.o error.o unmime.o conf.o checkalias.o + interface.o netrc.o base64.o error.o unmime.o conf.o checkalias.o \ + smbdes.o smbencrypt.o smbmd4.o smbutil.o objs = $(protobjs) $(extras) $(EXTRAOBJ) @@ -98,7 +99,8 @@ srcs = $(srcdir)/socket.c $(srcdir)/getpass.c $(srcdir)/pop2.c \ $(srcdir)/md5c.c $(srcdir)/md5ify.c $(srcdir)/rpa.c \ $(srcdir)/interface.c $(srcdir)/netrc.c $(srcdir)/base64.c \ $(srcdir)/error.c $(srcdir)/unmime.c $(srcdir)/conf.c \ - $(srcdir)/checkalias.c + $(srcdir)/checkalias.c $(srcdir)/smbdes.c $(srcdir)/smbencrypt.c \ + $(srcdir)/smbmd4.c $(srcdir)/smbutil.c .SUFFIXES: .SUFFIXES: .o .c .h .y .l .ps .dvi .info .texi @@ -220,14 +222,16 @@ parser = $(srcdir)/rcfile_l.l $(srcdir)/rcfile_y.y headers = $(srcdir)/fetchmail.h $(srcdir)/socket.h $(srcdir)/smtp.h \ $(srcdir)/mx.h $(srcdir)/md5.h $(srcdir)/md5global.h \ $(srcdir)/netrc.h $(srcdir)/tunable.h $(srcdir)/i18n.h \ - $(srcdir)/aclocal.m4 + $(srcdir)/aclocal.m4 $(srcdir)/ntlm.h $(srcdir)/smb.h \ + $(srcdir)/smbbyteorder.h $(srcdir)/smbdes.h $(srcdir)/smbencrypt.h \ + $(srcdir)/smbmd4.h extra = $(srcdir)/alloca.c $(srcdir)/getopt.[ch] $(srcdir)/getopt1.c \ $(srcdir)/strcasecmp.c $(srcdir)/strstr.c $(srcdir)/memmove.c docs = $(srcdir)/COPYING $(srcdir)/FEATURES $(srcdir)/fetchmail-features.html \ $(srcdir)/design-notes.html $(srcdir)/NOTES \ - $(srcdir)/INSTALL $(srcdir)/NEWS $(srcdir)/README \ - $(srcdir)/fetchmail.lsm $(srcdir)/sample.rcfile \ - $(srcdir)/*.man $(srcdir)/FAQ $(srcdir)/fetchmail-FAQ.html + $(srcdir)/INSTALL $(srcdir)/NEWS $(srcdir)/README \ + $(srcdir)/README.NTLM $(srcdir)/fetchmail.lsm $(srcdir)/sample.rcfile \ + $(srcdir)/*.man $(srcdir)/FAQ $(srcdir)/fetchmail-FAQ.html \ config = $(srcdir)/Makefile.in $(srcdir)/configure.in $(srcdir)/configure \ $(srcdir)/config.guess $(srcdir)/config.h.in $(srcdir)/config.sub \ $(srcdir)/acconfig.h @@ -10,8 +10,11 @@ fetchmail-5.0.8 (): * Todd Sabin's patch to accept spaces in CRAM-MD5 names. -* Fix to endianness patch, by Dan Root via Lawrence Rogers. +* Fix to CRAM endianness patch, by Dan Root via Lawrence Rogers. * Suppress duplicates by message ID in multidrop mode. +* NTLM support for querying Microsoft Exchange servers, from Grant Edwards. + +There are 263 people on fetchmail-friends and 441 on fetchmail-announce. fetchmail-5.0.7 (Sat Aug 21 04:26:13 EDT 1999): * RPA support works again. @@ -94,6 +94,9 @@ /* Define if you want RPA support compiled in */ #undef RPA_ENABLE +/* Define if you want NTLM authentication */ +#undef NTLM_ENABLE + /* Define if you want SDPS support compiled in */ #undef SDPS_ENABLE diff --git a/configure.in b/configure.in index 642d45e9..ace29821 100644 --- a/configure.in +++ b/configure.in @@ -262,6 +262,13 @@ AC_ARG_ENABLE(RPA, [with_RPA=no]) test "$with_RPA" = "yes" && AC_DEFINE(RPA_ENABLE) +### use option --enable-NTLM to compile in the NTLM support +AC_ARG_ENABLE(NTLM, + [ --enable-NTLM compile in NTLM authentication support], + [with_NTLM=$enableval], + [with_NTLM=no]) +test "$with_NTLM" = "yes" && AC_DEFINE(NTLM_ENABLE) + ### use option --enable-SDPS to compile in the SDPS support AC_ARG_ENABLE(SDPS, [ --enable-SDPS compile in SDPS protocol support], diff --git a/fetchmail-FAQ.html b/fetchmail-FAQ.html index 4f66e801..a184b953 100644 --- a/fetchmail-FAQ.html +++ b/fetchmail-FAQ.html @@ -10,7 +10,7 @@ <table width="100%" cellpadding=0><tr> <td width="30%">Back to <a href="index.html">Fetchmail Home Page</a> <td width="30%" align=center>To <a href="/~esr/sitemap.html">Site Map</a> -<td width="30%" align=right>$Date: 1999/08/21 06:04:18 $ +<td width="30%" align=right>$Date: 1999/09/14 07:38:00 $ </table> <HR> <H1>Frequently Asked Questions About Fetchmail</H1> @@ -1181,6 +1181,10 @@ for details. The solution is to upgrade your fetchmail.<p> <hr> <h2><a name="S2">S2. How can I use fetchmail with Microsoft Exchange?</a></h2> +Fetchmail now supports the proprietary NTLM mode used with M$ Exchange +servers. To enable this, configure fetchmail with the --enable-NTLM +option and recompile it.<P> + M$ Exchange violates the POP3 RFCs. Its LIST command does not reveal the real sizes of mail in the pop mailbox, but the sizes of the compressed versions in the exchange mail database (thanks to Arjan De @@ -1414,6 +1418,10 @@ document it, so nobody but their Windows clients can speak it.<p> This is a customer lock-in tactic; we recommend boycotting MSN as the only appropriate response.<p> +As of 5.0.8, we have support for the client side of NTLM +authentication. It's possible this may enable fetchmail to talk to +MSN; if so, somebody should report it so this FAQ can be corrected.<p> + <hr> <h2><a name="S10">S10. How can I use fetchmail with SpryNet?</a></h2> @@ -2457,7 +2465,7 @@ inactivity timeout.<p> <table width="100%" cellpadding=0><tr> <td width="30%">Back to <a href="index.html">Fetchmail Home Page</a> <td width="30%" align=center>To <a href="/~esr/sitemap.html">Site Map</a> -<td width="30%" align=right>$Date: 1999/08/21 06:04:18 $ +<td width="30%" align=right>$Date: 1999/09/14 07:38:00 $ </table> <P><ADDRESS>Eric S. Raymond <A HREF="mailto:esr@thyrsus.com"><esr@snark.thyrsus.com></A></ADDRESS> diff --git a/fetchmail-features.html b/fetchmail-features.html index b607de57..1cc54ab2 100644 --- a/fetchmail-features.html +++ b/fetchmail-features.html @@ -10,7 +10,7 @@ <table width="100%" cellpadding=0><tr> <td width="30%">Back to <a href="index.html">Fetchmail Home Page</a> <td width="30%" align=center>To <a href="/~esr/sitemap.html">Site Map</a> -<td width="30%" align=right>$Date: 1999/06/08 07:20:17 $ +<td width="30%" align=right>$Date: 1999/09/14 07:38:00 $ </table> <HR> @@ -18,6 +18,8 @@ <H2>Since 5.0:</H2> <UL> +<LI>NTLM support, so fetchmail can query Microsoft Exchange servers. + <LI>Expunge option can now be used to break POP3 retrieval into subsessions. <LI>Support for AUTH=CRAM-MD5 under IMAP, a la RFC2195. @@ -175,7 +177,7 @@ get-mail, gwpop, pimp-1.0, pop-perl5-1.2, popc, popmail-1.6 and upop.<P> <table width="100%" cellpadding=0><tr> <td width="30%">Back to <a href="index.html">Fetchmail Home Page</a> <td width="30%" align=center>To <a href="/~esr/sitemap.html">Site Map</a> -<td width="30%" align=right>$Date: 1999/06/08 07:20:17 $ +<td width="30%" align=right>$Date: 1999/09/14 07:38:00 $ </table> <P><ADDRESS>Eric S. Raymond <A HREF="mailto:esr@thyrsus.com"><esr@snark.thyrsus.com></A></ADDRESS> diff --git a/fetchmail.c b/fetchmail.c index 28c7515c..ceccfacf 100644 --- a/fetchmail.c +++ b/fetchmail.c @@ -211,6 +211,9 @@ int main(int argc, char **argv) #ifdef RPA_ENABLE printf("+RPA"); #endif /* RPA_ENABLE */ +#ifdef NTLM_ENABLE + printf("+NTLM"); +#endif /* NTLM_ENABLE */ #ifdef SDPS_ENABLE printf("+SDPS"); #endif /* SDPS_ENABLE */ diff --git a/fetchmail.man b/fetchmail.man index 2c2ac746..6747ab40 100644 --- a/fetchmail.man +++ b/fetchmail.man @@ -650,6 +650,12 @@ compile in the support, \fIfetchmail\fR will try to perform an RPA pass-phrase authentication instead of sending over the password en clair if it detects "@compuserve.com" in the hostname. .PP +Microsoft's NTLM authentication (used by Microsoft Exchange) is +supported. If you compile in the support, \fIfetchmail\fR will try to +perform an NTLM authentication (instead of sending over the +password en clair) whenever the server returns AUTH=NTLM in its +capability response. +.PP If you are using IPsec, the -T (--netsec) option can be used to pass an IP security request to be used when outgoing IP connections are initialized. You can also do this using the `netsec' server option @@ -666,6 +666,83 @@ static void hmac_md5 (unsigned char *password, size_t pass_len, MD5Final (response, &ctx); } +#if NTLM_ENABLE +#include "ntlm.h" + +static tSmbNtlmAuthRequest request; +static tSmbNtlmAuthChallenge challenge; +static tSmbNtlmAuthResponse response; + +/* + * NTLM support by Grant Edwards. + * + * Handle MS-Exchange NTLM authentication method. This is the same + * as the NTLM auth used by Samba for SMB related services. We just + * encode the packets in base64 instead of sending them out via a + * network interface. + * + * Much source (ntlm.h, smb*.c smb*.h) was borrowed from Samba. + */ + +static int do_imap_ntlm(int sock, struct query *ctl) +{ + char msgbuf[2048]; + int result,len; + + gen_send(sock, "AUTHENTICATE NTLM"); + + if ((result = gen_recv(sock, msgbuf, sizeof msgbuf))) + return result; + + if (msgbuf[0] != '+') + return PS_AUTHFAIL; + + buildSmbNtlmAuthRequest(&request,ctl->remotename,NULL); + + if (outlevel >= O_DEBUG) + dumpSmbNtlmAuthRequest(stdout, &request); + + memset(msgbuf,0,sizeof msgbuf); + to64frombits (msgbuf, (unsigned char*)&request, SmbLength(&request)); + + if (outlevel >= O_MONITOR) + report(stdout, "IMAP> %s\n", msgbuf); + + strcat(msgbuf,"\r\n"); + SockWrite (sock, msgbuf, strlen (msgbuf)); + + if ((gen_recv(sock, msgbuf, sizeof msgbuf))) + return result; + + len = from64tobits ((unsigned char*)&challenge, msgbuf); + + if (outlevel >= O_DEBUG) + dumpSmbNtlmAuthChallenge(stdout, &challenge); + + buildSmbNtlmAuthResponse(&challenge, &response,ctl->remotename,ctl->password); + + if (outlevel >= O_DEBUG) + dumpSmbNtlmAuthResponse(stdout, &response); + + memset(msgbuf,0,sizeof msgbuf); + to64frombits (msgbuf, (unsigned char*)&response, SmbLength(&response)); + + if (outlevel >= O_MONITOR) + report(stdout, "IMAP> %s\n", msgbuf); + + strcat(msgbuf,"\r\n"); + + SockWrite (sock, msgbuf, strlen (msgbuf)); + + if ((result = gen_recv (sock, msgbuf, sizeof msgbuf))) + return result; + + if (strstr (msgbuf, "OK")) + return PS_SUCCESS; + else + return PS_AUTHFAIL; +} +#endif /* NTLM */ static int do_cram_md5 (int sock, struct query *ctl) /* authenticate as per RFC2195 */ @@ -869,7 +946,7 @@ int imap_getauth(int sock, struct query *ctl, char *greeting) } #endif /* KERBEROS_V4 */ - if (strstr (capabilities, "AUTH=CRAM-MD5")) + if (strstr(capabilities, "AUTH=CRAM-MD5")) { if (outlevel >= O_DEBUG) report (stdout, _("CRAM-MD5 authentication is supported\n")); @@ -882,6 +959,21 @@ int imap_getauth(int sock, struct query *ctl, char *greeting) return ok; } +#ifdef NTLM_ENABLE + if (strstr (capabilities, "AUTH=NTLM")) + { + if (outlevel >= O_DEBUG) + report (stdout, _("NTLM authentication is supported\n")); + if ((ok = do_imap_ntlm (sock, ctl))) + { + if (outlevel >= O_MONITOR) + report (stdout, "IMAP> *\n"); + SockWrite (sock, "*\r\n", 3); + } + return ok; + } +#endif /* NTLM_ENABLE */ + #ifdef __UNUSED__ /* The Cyrus IMAP4rev1 server chokes on this */ /* this handles either AUTH=LOGIN or AUTH-LOGIN */ if ((imap_version >= IMAP4rev1) && (!strstr(capabilities, "LOGIN"))) { |