1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
|
This directory contains sources for a library which provides
routines to manipulate the structures used for the client end
of Microsoft NTLM authentication.
This code was taken mostly from the Samba project and was
initially intended for use with Microsoft Exchange Server when
it is configured to require NTLM authentication for clients of
it's IMAP server.
BUILDING
If you want the library installed in /usr/local/lib and
the header in /usr/local/include, then
$ make
$ make install
will probably work. Not much effort has been put into making
this portable, and I only know for sure that it works on i386
Linux glibc systems -- though there shouldn't be anything all
that system-specific anywhere. System byte order differences
should already be taken care of.
TEST PROGRAM
The test directory contains sources for a program named
"dumper" that will dump out base64 NTLM auth messages in a
readable format. It will also take a challenge and generate a
response if provided with a username and password.
USAGE
The application program must convert these structures to/from
base64 which is used to transfer data for IMAP authentication.
For example usage see the sources for the mutt MUA or the
fetchmail package.
In general the usage is something like shown below (no, I don't
know if this code even compiles, but you get the idea
hopefully):
#include <ntlm.h>
extern char *seqTag; /* IMAP sequence number */
int imap_auth_ntlm(char *user, char *domain, char *pass)
{
tSmbNtlmAuthRequest request;
tSmbNtlmAuthChallenge challenge;
tSmbNtlmAuthResponse response;
char buffer[512];
char tmpstr[32];
writeToServer("%s AUTHENTICATE NTLM\r\n",seqTag);
readFromServer(buffer)
/* buffer should be "+", but we won't show code to check */
/*
* prepare the request, convert to base64, and send it to
* the the server. My server didn't care about domain, and NULL
* worked fine.
*/
buildSmbNtlmAuthRequest(&request,user,domain);
convertToBase64(buffer, &request, SmbLength(&request));
writeToServer("%s\r\n",buffer);
/* read challange data from server, convert from base64 */
readFromServer(buffer);
/* buffer should contain the string "+ [base 64 data]" */
convertFromBase64(&challenge, buffer+2);
/* prepare response, convert to base64, send to server */
buildSmbNtlmAuthResponse(&challenge, &response, user, pass);
convertToBase64(buffer,&response,SmbLength(&response));
writeToServer("%s\r\n",buffer);
/* read line from server, it should be "[seq] OK blah blah blah" */
readFromServer(buffer);
sprintf(tmpstr,"%s OK",seqTag);
if (strncmp(buffer,tmpstr,strlen(tmpstr)))
{
/* login failed */
return -1;
}
return 0;
}
|