diff options
Diffstat (limited to 'libntlm-0.21/README')
| -rw-r--r-- | libntlm-0.21/README | 98 |
1 files changed, 98 insertions, 0 deletions
diff --git a/libntlm-0.21/README b/libntlm-0.21/README new file mode 100644 index 00000000..2ce20c39 --- /dev/null +++ b/libntlm-0.21/README @@ -0,0 +1,98 @@ + +This directory contains sources for a library which provides +routines to manipulate the structures used for the client end +of Microsoft NTLM authentication. + +This code was taken mostly from the Samba project and was +initially intended for use with Microsoft Exchange Server when +it is configured to require NTLM authentication for clients of +it's IMAP server. + +BUILDING + +If you want the library installed in /usr/local/lib and +the header in /usr/local/include, then + + $ make + $ make install + +will probably work. Not much effort has been put into making +this portable, and I only know for sure that it works on i386 +Linux glibc systems -- though there shouldn't be anything all +that system-specific anywhere. System byte order differences +should already be taken care of. + +TEST PROGRAM + +The test directory contains sources for a program named +"dumper" that will dump out base64 NTLM auth messages in a +readable format. It will also take a challenge and generate a +response if provided with a username and password. + +USAGE + +The application program must convert these structures to/from +base64 which is used to transfer data for IMAP authentication. +For example usage see the sources for the mutt MUA or the +fetchmail package. + +In general the usage is something like shown below (no, I don't +know if this code even compiles, but you get the idea +hopefully): + + +#include <ntlm.h> + +extern char *seqTag; /* IMAP sequence number */ + +int imap_auth_ntlm(char *user, char *domain, char *pass) +{ + tSmbNtlmAuthRequest request; + tSmbNtlmAuthChallenge challenge; + tSmbNtlmAuthResponse response; + char buffer[512]; + char tmpstr[32]; + + writeToServer("%s AUTHENTICATE NTLM\r\n",seqTag); + readFromServer(buffer) + + /* buffer should be "+", but we won't show code to check */ + + /* + * prepare the request, convert to base64, and send it to + * the the server. My server didn't care about domain, and NULL + * worked fine. + */ + + buildSmbNtlmAuthRequest(&request,user,domain); + convertToBase64(buffer, &request, SmbLength(&request)); + writeToServer("%s\r\n",buffer); + + /* read challange data from server, convert from base64 */ + + readFromServer(buffer); + + /* buffer should contain the string "+ [base 64 data]" */ + + convertFromBase64(&challenge, buffer+2); + + /* prepare response, convert to base64, send to server */ + + buildSmbNtlmAuthResponse(&challenge, &response, user, pass); + convertToBase64(buffer,&response,SmbLength(&response)); + writeToServer("%s\r\n",buffer); + + /* read line from server, it should be "[seq] OK blah blah blah" */ + + readFromServer(buffer); + + sprintf(tmpstr,"%s OK",seqTag); + + if (strncmp(buffer,tmpstr,strlen(tmpstr))) + { + /* login failed */ + return -1; + } + + return 0; +} |