README.NTLM 2.42 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83
NTLM support by Grant Edwards <[email protected]>

This directory contains sources for a library which provides
routines to manipulate the structures used for the client end
of Microsoft NTLM authentication.

This code (the ntlm.h file and smb*.[ch] files) was taken mostly from
the Samba project and was initially intended for use with Microsoft
Exchange Server when it is configured to require NTLM authentication
for clients of its IMAP server.

Not much effort has been put into making this portable, and the author
only know for sure that it works on i386 Linux glibc systems -- though
there shouldn't be anything all that system-specific anywhere.  System
byte order differences should already be taken care of.

USAGE  
  
The application program must convert these structures to/from base64
which is used to transfer data for IMAP authentication.  For example
usage see the sources for the mutt MUA or here in the fetchmail
package.

In general the usage is something like shown below (no, I don't
know if this code even compiles, but you get the idea
hopefully):


#include <ntlm.h>

extern char *seqTag;  /* IMAP sequence number */

int imap_auth_ntlm(char *user, char *domain, char *pass)
{
  tSmbNtlmAuthRequest   request;              
  tSmbNtlmAuthChallenge challenge;
  tSmbNtlmAuthResponse  response;
  char buffer[512];
  char tmpstr[32];
  
  writeToServer("%s AUTHENTICATE NTLM\r\n",seqTag);
  readFromServer(buffer)
  
  /* buffer should be "+", but we won't show code to check */

  /* 
   * prepare the request, convert to base64, and send it to
   * the the server.  My server didn't care about domain, and NULL
   * worked fine.
   */

  buildSmbNtlmAuthRequest(&request,user,domain);
  convertToBase64(buffer, &request, SmbLength(&request));
  writeToServer("%s\r\n",buffer);
  
  /* read challange data from server, convert from base64 */
  
  readFromServer(buffer);
  
  /* buffer should contain the string "+ [base 64 data]" */
  
  convertFromBase64(&challenge, buffer+2);
  
  /* prepare response, convert to base64, send to server */
  
  buildSmbNtlmAuthResponse(&challenge, &response, user, pass);
  convertToBase64(buffer,&response,SmbLength(&response));
  writeToServer("%s\r\n",buffer);
  
  /* read line from server, it should be "[seq] OK blah blah blah" */
  
  readFromServer(buffer);
  
  sprintf(tmpstr,"%s OK",seqTag);
  
  if (strncmp(buffer,tmpstr,strlen(tmpstr)))
  {
    /* login failed */
    return -1;
  }
  
  return 0;
}