src/auth/mech-ntlm.c

c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen/*
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen * NTLM and NTLMv2 authentication mechanism.
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen *
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen * Copyright (c) 2004 Andrey Panin <pazke@donpac.ru>
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen *
e074ffeaee1ce283bd42f167c6810e3d013f8218Timo Sirainen * This software is released under the MIT license.
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen */
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen
08d6658a4e2ec8104cd1307f6baa75fdb07a24f8Mark Washenberger#include "auth-common.h"
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen#include "mech.h"
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen#include "passdb.h"
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen#include "str.h"
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen#include "buffer.h"
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen#include "hex-binary.h"
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen#include "safe-memset.h"
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen#include "ntlm.h"
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainenstruct ntlm_auth_request {
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen    struct auth_request auth_request;
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen    pool_t pool;
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen    /* requested: */
6ef7e31619edfaa17ed044b45861d106a86191efTimo Sirainen    bool ntlm2_negotiated;
6ef7e31619edfaa17ed044b45861d106a86191efTimo Sirainen    bool unicode_negotiated;
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen    const unsigned char *challenge;
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen    /* received: */
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen    struct ntlmssp_response *response;
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen};
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen
b44650b0f48a4b5f0dc240ed836833a00b643b9fTimo Sirainenstatic bool lm_verify_credentials(struct ntlm_auth_request *request,
b44650b0f48a4b5f0dc240ed836833a00b643b9fTimo Sirainen                  const unsigned char *credentials, size_t size)
d43c646d4b84635aa795946555be04a553d5413aTimo Sirainen{
d43c646d4b84635aa795946555be04a553d5413aTimo Sirainen    const unsigned char *client_response;
d43c646d4b84635aa795946555be04a553d5413aTimo Sirainen    unsigned char lm_response[LM_RESPONSE_SIZE];
09ea3aa6bc03544a9e712d263f07976255aaaaf0Timo Sirainen    unsigned int response_length;
b44650b0f48a4b5f0dc240ed836833a00b643b9fTimo Sirainen
b44650b0f48a4b5f0dc240ed836833a00b643b9fTimo Sirainen    if (size != LM_HASH_SIZE) {
6135260095e1704ed6edff9d00bdfc043c11429cTimo Sirainen                auth_request_log_error(&request->auth_request, AUTH_SUBSYS_MECH,
6135260095e1704ed6edff9d00bdfc043c11429cTimo Sirainen                       "invalid LM credentials length");
b44650b0f48a4b5f0dc240ed836833a00b643b9fTimo Sirainen        return FALSE;
b44650b0f48a4b5f0dc240ed836833a00b643b9fTimo Sirainen    }
d43c646d4b84635aa795946555be04a553d5413aTimo Sirainen
09ea3aa6bc03544a9e712d263f07976255aaaaf0Timo Sirainen    response_length =
09ea3aa6bc03544a9e712d263f07976255aaaaf0Timo Sirainen        ntlmssp_buffer_length(request->response, lm_response);
09ea3aa6bc03544a9e712d263f07976255aaaaf0Timo Sirainen    client_response = ntlmssp_buffer_data(request->response, lm_response);
09ea3aa6bc03544a9e712d263f07976255aaaaf0Timo Sirainen
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen    if (response_length < LM_RESPONSE_SIZE) {
6135260095e1704ed6edff9d00bdfc043c11429cTimo Sirainen                auth_request_log_error(&request->auth_request, AUTH_SUBSYS_MECH,
78c471cb3d6467b7bb889330a86912cb8493e0fdTimo Sirainen            "LM response length is too small");
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen        return FALSE;
d43c646d4b84635aa795946555be04a553d5413aTimo Sirainen    }
d43c646d4b84635aa795946555be04a553d5413aTimo Sirainen
b44650b0f48a4b5f0dc240ed836833a00b643b9fTimo Sirainen    ntlmssp_v1_response(credentials, request->challenge, lm_response);
ace06232cfa0e99ecca1040e8553b3216d025768Timo Sirainen    return mem_equals_timing_safe(lm_response, client_response, LM_RESPONSE_SIZE);
d43c646d4b84635aa795946555be04a553d5413aTimo Sirainen}
d43c646d4b84635aa795946555be04a553d5413aTimo Sirainen
f968e62caa52a8924bd05ebf76ff515b5c18e17bTimo Sirainenstatic void
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainenlm_credentials_callback(enum passdb_result result,
b44650b0f48a4b5f0dc240ed836833a00b643b9fTimo Sirainen            const unsigned char *credentials, size_t size,
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen            struct auth_request *auth_request)
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen{
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen    struct ntlm_auth_request *request =
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen        (struct ntlm_auth_request *)auth_request;
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen    switch (result) {
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen    case PASSDB_RESULT_OK:
b44650b0f48a4b5f0dc240ed836833a00b643b9fTimo Sirainen        if (lm_verify_credentials(request, credentials, size))
a10ed8c47534b4c6b6bf2711ccfe577e720a47b4Timo Sirainen            auth_request_success(auth_request, "", 0);
f968e62caa52a8924bd05ebf76ff515b5c18e17bTimo Sirainen        else
f968e62caa52a8924bd05ebf76ff515b5c18e17bTimo Sirainen            auth_request_fail(auth_request);
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen        break;
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen    case PASSDB_RESULT_INTERNAL_FAILURE:
e80203675151ef9d4f3f850cf02041042eb13096Timo Sirainen        auth_request_internal_failure(auth_request);
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen        break;
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen    default:
e80203675151ef9d4f3f850cf02041042eb13096Timo Sirainen        auth_request_fail(auth_request);
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen        break;
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen    }
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen}
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen
b44650b0f48a4b5f0dc240ed836833a00b643b9fTimo Sirainenstatic int
b44650b0f48a4b5f0dc240ed836833a00b643b9fTimo Sirainenntlm_verify_credentials(struct ntlm_auth_request *request,
b44650b0f48a4b5f0dc240ed836833a00b643b9fTimo Sirainen            const unsigned char *credentials, size_t size)
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen{
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen        struct auth_request *auth_request = &request->auth_request;
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen    const unsigned char *client_response;
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen    unsigned int response_length;
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen
09ea3aa6bc03544a9e712d263f07976255aaaaf0Timo Sirainen    response_length =
09ea3aa6bc03544a9e712d263f07976255aaaaf0Timo Sirainen        ntlmssp_buffer_length(request->response, ntlm_response);
09ea3aa6bc03544a9e712d263f07976255aaaaf0Timo Sirainen    client_response = ntlmssp_buffer_data(request->response, ntlm_response);
09ea3aa6bc03544a9e712d263f07976255aaaaf0Timo Sirainen
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen    if (response_length == 0) {
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen        /* try LM authentication unless NTLM2 was negotiated */
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen        return request->ntlm2_negotiated ? -1 : 0;
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen    }
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen
b44650b0f48a4b5f0dc240ed836833a00b643b9fTimo Sirainen    if (size != NTLMSSP_HASH_SIZE) {
6135260095e1704ed6edff9d00bdfc043c11429cTimo Sirainen                auth_request_log_error(&request->auth_request, AUTH_SUBSYS_MECH,
6135260095e1704ed6edff9d00bdfc043c11429cTimo Sirainen                       "invalid NTLM credentials length");
b44650b0f48a4b5f0dc240ed836833a00b643b9fTimo Sirainen        return -1;
78c471cb3d6467b7bb889330a86912cb8493e0fdTimo Sirainen    }
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen    if (response_length > NTLMSSP_RESPONSE_SIZE) {
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen        unsigned char ntlm_v2_response[NTLMSSP_V2_RESPONSE_SIZE];
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen        const unsigned char *blob =
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen            client_response + NTLMSSP_V2_RESPONSE_SIZE;
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen        /*
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen         * Authentication target == NULL because we are acting
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen         * as a standalone server, not as NT domain member.
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen         */
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen        ntlmssp_v2_response(auth_request->user, NULL,
b44650b0f48a4b5f0dc240ed836833a00b643b9fTimo Sirainen                    credentials, request->challenge, blob,
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen                    response_length - NTLMSSP_V2_RESPONSE_SIZE,
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen                    ntlm_v2_response);
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen
ace06232cfa0e99ecca1040e8553b3216d025768Timo Sirainen        return mem_equals_timing_safe(ntlm_v2_response, client_response,
ace06232cfa0e99ecca1040e8553b3216d025768Timo Sirainen                          NTLMSSP_V2_RESPONSE_SIZE) ? 1 : -1;
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen    } else {
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen        unsigned char ntlm_response[NTLMSSP_RESPONSE_SIZE];
88c2db95c4a0f8f7986a63cd57cf4b6850d76543Timo Sirainen        const unsigned char *client_lm_response =
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen            ntlmssp_buffer_data(request->response, lm_response);
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen        if (request->ntlm2_negotiated)
b44650b0f48a4b5f0dc240ed836833a00b643b9fTimo Sirainen            ntlmssp2_response(credentials, request->challenge,
88c2db95c4a0f8f7986a63cd57cf4b6850d76543Timo Sirainen                      client_lm_response,
88c2db95c4a0f8f7986a63cd57cf4b6850d76543Timo Sirainen                      ntlm_response);
88c2db95c4a0f8f7986a63cd57cf4b6850d76543Timo Sirainen        else
b44650b0f48a4b5f0dc240ed836833a00b643b9fTimo Sirainen            ntlmssp_v1_response(credentials, request->challenge,
88c2db95c4a0f8f7986a63cd57cf4b6850d76543Timo Sirainen                        ntlm_response);
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen
ace06232cfa0e99ecca1040e8553b3216d025768Timo Sirainen        return mem_equals_timing_safe(ntlm_response, client_response,
ace06232cfa0e99ecca1040e8553b3216d025768Timo Sirainen                          NTLMSSP_RESPONSE_SIZE) ? 1 : -1;
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen    }
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen}
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen
f968e62caa52a8924bd05ebf76ff515b5c18e17bTimo Sirainenstatic void
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainenntlm_credentials_callback(enum passdb_result result,
b44650b0f48a4b5f0dc240ed836833a00b643b9fTimo Sirainen              const unsigned char *credentials, size_t size,
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen              struct auth_request *auth_request)
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen{
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen    struct ntlm_auth_request *request =
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen        (struct ntlm_auth_request *)auth_request;
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen    int ret;
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen    switch (result) {
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen    case PASSDB_RESULT_OK:
b44650b0f48a4b5f0dc240ed836833a00b643b9fTimo Sirainen        ret = ntlm_verify_credentials(request, credentials, size);
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen        if (ret > 0) {
a10ed8c47534b4c6b6bf2711ccfe577e720a47b4Timo Sirainen            auth_request_success(auth_request, "", 0);
f968e62caa52a8924bd05ebf76ff515b5c18e17bTimo Sirainen            return;
f968e62caa52a8924bd05ebf76ff515b5c18e17bTimo Sirainen        }
f968e62caa52a8924bd05ebf76ff515b5c18e17bTimo Sirainen        if (ret < 0) {
f968e62caa52a8924bd05ebf76ff515b5c18e17bTimo Sirainen            auth_request_fail(auth_request);
f968e62caa52a8924bd05ebf76ff515b5c18e17bTimo Sirainen            return;
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen        }
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen        break;
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen    case PASSDB_RESULT_INTERNAL_FAILURE:
e80203675151ef9d4f3f850cf02041042eb13096Timo Sirainen        auth_request_internal_failure(auth_request);
f968e62caa52a8924bd05ebf76ff515b5c18e17bTimo Sirainen        return;
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen    default:
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen        break;
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen    }
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen    /* NTLM credentials not found or didn't want to use them,
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen       try with LM credentials */
a8e132559a7ebe54c8269d79ce29fa3338c76199Timo Sirainen    auth_request_lookup_credentials(auth_request, "LANMAN",
1e21e6be70994b1aa9e52ca0e2f51afefca6d0dfTimo Sirainen                    lm_credentials_callback);
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen}
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainenstatic void
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainenmech_ntlm_auth_continue(struct auth_request *auth_request,
78ed6a99e980228a75fa59cff84327dc0ea82857Timo Sirainen            const unsigned char *data, size_t data_size)
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen{
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen    struct ntlm_auth_request *request =
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen        (struct ntlm_auth_request *)auth_request;
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen    const char *error;
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen
23bdbb7b1831785c6ba6df190f6369da882d2b9dTimo Sirainen    if (request->challenge == NULL) {
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen        const struct ntlmssp_request *ntlm_request =
8d6cb44a0161d88743756733f83c4fb278485987Timo Sirainen            (const struct ntlmssp_request *)data;
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen        const struct ntlmssp_challenge *message;
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen        size_t message_size;
1704aa6b56b6a97bab6e995bcf7170b0c6527291Timo Sirainen        uint32_t flags;
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen        if (!ntlmssp_check_request(ntlm_request, data_size, &error)) {
6135260095e1704ed6edff9d00bdfc043c11429cTimo Sirainen            auth_request_log_info(auth_request, AUTH_SUBSYS_MECH,
49e513d090753ccbf95560b2f3a21f081a5b6c51Timo Sirainen                "invalid NTLM request: %s", error);
e80203675151ef9d4f3f850cf02041042eb13096Timo Sirainen            auth_request_fail(auth_request);
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen            return;
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen        }
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen        message = ntlmssp_create_challenge(request->pool, ntlm_request,
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen                           &message_size);
1704aa6b56b6a97bab6e995bcf7170b0c6527291Timo Sirainen        flags = read_le32(&message->flags);
23bdbb7b1831785c6ba6df190f6369da882d2b9dTimo Sirainen        request->ntlm2_negotiated = (flags & NTLMSSP_NEGOTIATE_NTLM2) != 0;
23bdbb7b1831785c6ba6df190f6369da882d2b9dTimo Sirainen        request->unicode_negotiated = (flags & NTLMSSP_NEGOTIATE_UNICODE) != 0;
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen        request->challenge = message->challenge;
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen
50782de8a9d5ebe11ee61496b4e695a1d3875230Timo Sirainen        auth_request_handler_reply_continue(auth_request, message,
50782de8a9d5ebe11ee61496b4e695a1d3875230Timo Sirainen                            message_size);
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen    } else {
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen        const struct ntlmssp_response *response =
8d6cb44a0161d88743756733f83c4fb278485987Timo Sirainen            (const struct ntlmssp_response *)data;
97c339398f1aba6f315b55a9b6ee6b020e33bea4Timo Sirainen        const char *username;
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen        if (!ntlmssp_check_response(response, data_size, &error)) {
6135260095e1704ed6edff9d00bdfc043c11429cTimo Sirainen            auth_request_log_info(auth_request, AUTH_SUBSYS_MECH,
49e513d090753ccbf95560b2f3a21f081a5b6c51Timo Sirainen                "invalid NTLM response: %s", error);
e80203675151ef9d4f3f850cf02041042eb13096Timo Sirainen            auth_request_fail(auth_request);
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen            return;
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen        }
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen        request->response = p_malloc(request->pool, data_size);
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen        memcpy(request->response, response, data_size);
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen
97c339398f1aba6f315b55a9b6ee6b020e33bea4Timo Sirainen        username = ntlmssp_t_str(request->response, user,
97c339398f1aba6f315b55a9b6ee6b020e33bea4Timo Sirainen                     request->unicode_negotiated);
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen
97c339398f1aba6f315b55a9b6ee6b020e33bea4Timo Sirainen        if (!auth_request_set_username(auth_request, username, &error)) {
6135260095e1704ed6edff9d00bdfc043c11429cTimo Sirainen            auth_request_log_info(auth_request, AUTH_SUBSYS_MECH,
49e513d090753ccbf95560b2f3a21f081a5b6c51Timo Sirainen                          "%s", error);
e80203675151ef9d4f3f850cf02041042eb13096Timo Sirainen            auth_request_fail(auth_request);
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen            return;
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen        }
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen
a8e132559a7ebe54c8269d79ce29fa3338c76199Timo Sirainen        auth_request_lookup_credentials(auth_request, "NTLM",
1e21e6be70994b1aa9e52ca0e2f51afefca6d0dfTimo Sirainen                        ntlm_credentials_callback);
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen    }
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen}
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen
4ac5448461b63de9637de839fbc611a3d503287cTimo Sirainenstatic struct auth_request *mech_ntlm_auth_new(void)
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen{
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen    struct ntlm_auth_request *request;
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen    pool_t pool;
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen
1b81b28b2e7856748cffd7d01052a944b6c80b23Timo Sirainen    pool = pool_alloconly_create(MEMPOOL_GROWING"ntlm_auth_request", 2048);
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen    request = p_new(pool, struct ntlm_auth_request, 1);
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen    request->pool = pool;
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen    request->auth_request.pool = pool;
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen    return &request->auth_request;
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen}
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainenconst struct mech_module mech_ntlm = {
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen    "NTLM",
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen
7bafda1813454621e03615e83d55bccfa7cc56bdTimo Sirainen    .flags = MECH_SEC_DICTIONARY | MECH_SEC_ACTIVE,
7bafda1813454621e03615e83d55bccfa7cc56bdTimo Sirainen    .passdb_need = MECH_PASSDB_NEED_LOOKUP_CREDENTIALS,
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen    mech_ntlm_auth_new,
e70d5895795732b8247ab9abb045b438e954bc46Timo Sirainen    mech_generic_auth_initial,
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen    mech_ntlm_auth_continue,
e70d5895795732b8247ab9abb045b438e954bc46Timo Sirainen    mech_generic_auth_free
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen};