src/auth/mech-ntlm.c

	mech-ntlm.c revision 97c339398f1aba6f315b55a9b6ee6b020e33bea4
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen/*
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen * NTLM and NTLMv2 authentication mechanism.
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen *
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen * Copyright (c) 2004 Andrey Panin <pazke@donpac.ru>
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen *
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen * This program is free software; you can redistribute it and/or modify
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen * it under the terms of the GNU Lesser General Public License as published
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen * by the Free Software Foundation; either version 2 of the License, or
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen * (at your option) any later version.
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen */
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen#include "common.h"
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen#include "mech.h"
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen#include "passdb.h"
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen#include "str.h"
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen#include "buffer.h"
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen#include "hex-binary.h"
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen#include "safe-memset.h"
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen#include "ntlm.h"
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainenstruct ntlm_auth_request {
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen    struct auth_request auth_request;
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen    pool_t pool;
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen    /* requested: */
88c2db95c4a0f8f7986a63cd57cf4b6850d76543Timo Sirainen    int ntlm2_negotiated;
1704aa6b56b6a97bab6e995bcf7170b0c6527291Timo Sirainen    int unicode_negotiated;
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen    const unsigned char *challenge;
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen    /* received: */
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen    struct ntlmssp_response *response;
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen};
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainenstatic int lm_verify_credentials(struct ntlm_auth_request *request,
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen                 const char *credentials)
d43c646d4b84635aa795946555be04a553d5413aTimo Sirainen{
d43c646d4b84635aa795946555be04a553d5413aTimo Sirainen    const unsigned char *client_response;
d43c646d4b84635aa795946555be04a553d5413aTimo Sirainen    unsigned char lm_response[LM_RESPONSE_SIZE];
d43c646d4b84635aa795946555be04a553d5413aTimo Sirainen    unsigned char hash[LM_HASH_SIZE];
09ea3aa6bc03544a9e712d263f07976255aaaaf0Timo Sirainen    unsigned int response_length;
d43c646d4b84635aa795946555be04a553d5413aTimo Sirainen    buffer_t *hash_buffer;
d43c646d4b84635aa795946555be04a553d5413aTimo Sirainen
09ea3aa6bc03544a9e712d263f07976255aaaaf0Timo Sirainen    response_length =
09ea3aa6bc03544a9e712d263f07976255aaaaf0Timo Sirainen        ntlmssp_buffer_length(request->response, lm_response);
09ea3aa6bc03544a9e712d263f07976255aaaaf0Timo Sirainen    client_response = ntlmssp_buffer_data(request->response, lm_response);
09ea3aa6bc03544a9e712d263f07976255aaaaf0Timo Sirainen
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen    if (response_length < LM_RESPONSE_SIZE) {
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen        i_error("ntlm(%s): passdb credentials' length is too small",
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen            get_log_prefix(&request->auth_request));
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen        return FALSE;
d43c646d4b84635aa795946555be04a553d5413aTimo Sirainen    }
d43c646d4b84635aa795946555be04a553d5413aTimo Sirainen
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen    hash_buffer = buffer_create_data(request->auth_request.pool,
d43c646d4b84635aa795946555be04a553d5413aTimo Sirainen                     hash, sizeof(hash));
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen    if (hex_to_binary(credentials, hash_buffer) < 0) {
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen        i_error("ntlm(%s): passdb credentials are not in hex",
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen            get_log_prefix(&request->auth_request));
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen        return FALSE;
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen    }
d43c646d4b84635aa795946555be04a553d5413aTimo Sirainen
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen    ntlmssp_v1_response(hash, request->challenge, lm_response);
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen    return memcmp(lm_response, client_response, LM_RESPONSE_SIZE) == 0;
d43c646d4b84635aa795946555be04a553d5413aTimo Sirainen}
d43c646d4b84635aa795946555be04a553d5413aTimo Sirainen
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainenstatic void
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainenlm_credentials_callback(enum passdb_result result,
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen            const char *credentials,
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen            struct auth_request *auth_request)
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen{
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen    struct ntlm_auth_request *request =
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen        (struct ntlm_auth_request *)auth_request;
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen    switch (result) {
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen    case PASSDB_RESULT_OK:
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen        if (lm_verify_credentials(request, credentials))
e80203675151ef9d4f3f850cf02041042eb13096Timo Sirainen            auth_request_success(auth_request, NULL, 0);
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen        else
e80203675151ef9d4f3f850cf02041042eb13096Timo Sirainen            auth_request_fail(auth_request);
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen        break;
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen    case PASSDB_RESULT_INTERNAL_FAILURE:
e80203675151ef9d4f3f850cf02041042eb13096Timo Sirainen        auth_request_internal_failure(auth_request);
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen        break;
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen    default:
e80203675151ef9d4f3f850cf02041042eb13096Timo Sirainen        auth_request_fail(auth_request);
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen        break;
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen    }
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen}
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainenstatic int ntlm_verify_credentials(struct ntlm_auth_request *request,
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen                   const char *credentials)
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen{
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen        struct auth_request *auth_request = &request->auth_request;
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen    const unsigned char *client_response;
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen    unsigned char hash[NTLMSSP_HASH_SIZE];
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen    unsigned int response_length;
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen    buffer_t *hash_buffer;
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen
09ea3aa6bc03544a9e712d263f07976255aaaaf0Timo Sirainen    response_length =
09ea3aa6bc03544a9e712d263f07976255aaaaf0Timo Sirainen        ntlmssp_buffer_length(request->response, ntlm_response);
09ea3aa6bc03544a9e712d263f07976255aaaaf0Timo Sirainen    client_response = ntlmssp_buffer_data(request->response, ntlm_response);
09ea3aa6bc03544a9e712d263f07976255aaaaf0Timo Sirainen
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen    if (response_length == 0) {
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen        /* try LM authentication unless NTLM2 was negotiated */
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen        return request->ntlm2_negotiated ? -1 : 0;
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen    }
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen    hash_buffer = buffer_create_data(auth_request->pool,
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen                     hash, sizeof(hash));
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen    hex_to_binary(credentials, hash_buffer);
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen    if (response_length > NTLMSSP_RESPONSE_SIZE) {
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen        unsigned char ntlm_v2_response[NTLMSSP_V2_RESPONSE_SIZE];
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen        const unsigned char *blob =
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen            client_response + NTLMSSP_V2_RESPONSE_SIZE;
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen        /*
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen         * Authentication target == NULL because we are acting
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen         * as a standalone server, not as NT domain member.
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen         */
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen        ntlmssp_v2_response(auth_request->user, NULL,
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen                    hash, request->challenge, blob,
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen                    response_length - NTLMSSP_V2_RESPONSE_SIZE,
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen                    ntlm_v2_response);
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen        return memcmp(ntlm_v2_response, client_response,
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen                  NTLMSSP_V2_RESPONSE_SIZE) == 0 ? 1 : -1;
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen    } else {
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen        unsigned char ntlm_response[NTLMSSP_RESPONSE_SIZE];
88c2db95c4a0f8f7986a63cd57cf4b6850d76543Timo Sirainen        const unsigned char *client_lm_response =
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen            ntlmssp_buffer_data(request->response, lm_response);
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen        if (request->ntlm2_negotiated)
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen            ntlmssp2_response(hash, request->challenge,
88c2db95c4a0f8f7986a63cd57cf4b6850d76543Timo Sirainen                      client_lm_response,
88c2db95c4a0f8f7986a63cd57cf4b6850d76543Timo Sirainen                      ntlm_response);
88c2db95c4a0f8f7986a63cd57cf4b6850d76543Timo Sirainen        else
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen            ntlmssp_v1_response(hash, request->challenge,
88c2db95c4a0f8f7986a63cd57cf4b6850d76543Timo Sirainen                        ntlm_response);
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen        return memcmp(ntlm_response, client_response,
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen                  NTLMSSP_RESPONSE_SIZE) == 0 ? 1 : -1;
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen    }
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen}
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainenstatic void
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainenntlm_credentials_callback(enum passdb_result result,
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen              const char *credentials,
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen              struct auth_request *auth_request)
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen{
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen    struct ntlm_auth_request *request =
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen        (struct ntlm_auth_request *)auth_request;
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen    int ret;
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen    switch (result) {
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen    case PASSDB_RESULT_OK:
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen        ret = ntlm_verify_credentials(request, credentials);
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen        if (ret > 0) {
e80203675151ef9d4f3f850cf02041042eb13096Timo Sirainen            auth_request_success(auth_request, NULL, 0);
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen            return;
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen        }
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen        if (ret < 0) {
e80203675151ef9d4f3f850cf02041042eb13096Timo Sirainen            auth_request_fail(auth_request);
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen            return;
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen        }
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen        break;
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen    case PASSDB_RESULT_INTERNAL_FAILURE:
e80203675151ef9d4f3f850cf02041042eb13096Timo Sirainen        auth_request_internal_failure(auth_request);
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen        return;
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen    default:
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen        break;
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen    }
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen    /* NTLM credentials not found or didn't want to use them,
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen       try with LM credentials */
97c339398f1aba6f315b55a9b6ee6b020e33bea4Timo Sirainen    auth_request->auth->passdb->
97c339398f1aba6f315b55a9b6ee6b020e33bea4Timo Sirainen        lookup_credentials(auth_request, PASSDB_CREDENTIALS_LANMAN,
517d1e7142d57299c733b30423e35e7e1f8d01d6Timo Sirainen                   lm_credentials_callback);
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen}
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainenstatic void
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainenmech_ntlm_auth_continue(struct auth_request *auth_request,
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen            const unsigned char *data, size_t data_size,
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen            mech_callback_t *callback)
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen{
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen    struct ntlm_auth_request *request =
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen        (struct ntlm_auth_request *)auth_request;
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen    const char *error;
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen    auth_request->callback = callback;
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen    if (!request->challenge) {
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen        const struct ntlmssp_request *ntlm_request =
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen            (struct ntlmssp_request *)data;
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen        const struct ntlmssp_challenge *message;
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen        size_t message_size;
1704aa6b56b6a97bab6e995bcf7170b0c6527291Timo Sirainen        uint32_t flags;
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen        if (!ntlmssp_check_request(ntlm_request, data_size, &error)) {
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen            if (verbose) {
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen                i_info("ntlm(%s): invalid NTLM request, %s",
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen                       get_log_prefix(auth_request),
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen                       error);
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen            }
e80203675151ef9d4f3f850cf02041042eb13096Timo Sirainen            auth_request_fail(auth_request);
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen            return;
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen        }
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen        message = ntlmssp_create_challenge(request->pool, ntlm_request,
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen                           &message_size);
1704aa6b56b6a97bab6e995bcf7170b0c6527291Timo Sirainen        flags = read_le32(&message->flags);
1704aa6b56b6a97bab6e995bcf7170b0c6527291Timo Sirainen        request->ntlm2_negotiated = flags & NTLMSSP_NEGOTIATE_NTLM2;
1704aa6b56b6a97bab6e995bcf7170b0c6527291Timo Sirainen        request->unicode_negotiated = flags & NTLMSSP_NEGOTIATE_UNICODE;
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen        request->challenge = message->challenge;
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen        auth_request->callback(auth_request,
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen                       AUTH_CLIENT_RESULT_CONTINUE,
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen                       message, message_size);
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen    } else {
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen        const struct ntlmssp_response *response =
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen            (struct ntlmssp_response *)data;
97c339398f1aba6f315b55a9b6ee6b020e33bea4Timo Sirainen        const char *username;
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen        if (!ntlmssp_check_response(response, data_size, &error)) {
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen            if (verbose) {
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen                i_info("ntlm(%s): invalid NTLM response, %s",
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen                       get_log_prefix(auth_request),
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen                       error);
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen            }
e80203675151ef9d4f3f850cf02041042eb13096Timo Sirainen            auth_request_fail(auth_request);
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen            return;
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen        }
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen        request->response = p_malloc(request->pool, data_size);
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen        memcpy(request->response, response, data_size);
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen
97c339398f1aba6f315b55a9b6ee6b020e33bea4Timo Sirainen        username = ntlmssp_t_str(request->response, user,
97c339398f1aba6f315b55a9b6ee6b020e33bea4Timo Sirainen                     request->unicode_negotiated);
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen
97c339398f1aba6f315b55a9b6ee6b020e33bea4Timo Sirainen        if (!auth_request_set_username(auth_request, username, &error)) {
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen            if (verbose) {
9abfe876fa81576f130f3f82f622ae936c21a716Timo Sirainen                i_info("ntlm(%s): %s",
9abfe876fa81576f130f3f82f622ae936c21a716Timo Sirainen                       get_log_prefix(auth_request), error);
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen            }
e80203675151ef9d4f3f850cf02041042eb13096Timo Sirainen            auth_request_fail(auth_request);
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen            return;
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen        }
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen
97c339398f1aba6f315b55a9b6ee6b020e33bea4Timo Sirainen        auth_request->auth->passdb->
97c339398f1aba6f315b55a9b6ee6b020e33bea4Timo Sirainen            lookup_credentials(auth_request,
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen                       PASSDB_CREDENTIALS_NTLM,
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen                       ntlm_credentials_callback);
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen    }
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen}
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainenstatic void
b97514e470fc4c78f6f1ce4660f1e5aec559c3b4Timo Sirainenmech_ntlm_auth_initial(struct auth_request *request,
b97514e470fc4c78f6f1ce4660f1e5aec559c3b4Timo Sirainen               const unsigned char *data, size_t data_size,
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen               mech_callback_t *callback)
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen{
b97514e470fc4c78f6f1ce4660f1e5aec559c3b4Timo Sirainen    if (data_size == 0)
b97514e470fc4c78f6f1ce4660f1e5aec559c3b4Timo Sirainen        callback(request, AUTH_CLIENT_RESULT_CONTINUE, NULL, 0);
b97514e470fc4c78f6f1ce4660f1e5aec559c3b4Timo Sirainen    else
b97514e470fc4c78f6f1ce4660f1e5aec559c3b4Timo Sirainen        mech_ntlm_auth_continue(request, data, data_size, callback);
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen}
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainenstatic void
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainenmech_ntlm_auth_free(struct auth_request *request)
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen{
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen    pool_unref(request->pool);
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen}
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainenstatic struct auth_request *mech_ntlm_auth_new(void)
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen{
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen    struct ntlm_auth_request *request;
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen    pool_t pool;
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen    pool = pool_alloconly_create("ntlm_auth_request", 256);
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen    request = p_new(pool, struct ntlm_auth_request, 1);
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen    request->pool = pool;
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen    request->auth_request.refcount = 1;
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen    request->auth_request.pool = pool;
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen    return &request->auth_request;
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen}
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainenconst struct mech_module mech_ntlm = {
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen    "NTLM",
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen    MEMBER(flags) MECH_SEC_DICTIONARY | MECH_SEC_ACTIVE,
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen    MEMBER(passdb_need_plain) FALSE,
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen    MEMBER(passdb_need_credentials) TRUE,
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen    mech_ntlm_auth_new,
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen    mech_ntlm_auth_initial,
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen    mech_ntlm_auth_continue,
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen    mech_ntlm_auth_free
c7480644202e5451fbed448508ea29a25cffc99cTimo Sirainen};