Adding NTLMv2 support for Cyrus SASL 2.1.23
Dhruva T S
dhruvats at tataelxsi.co.in
Wed Oct 14 00:44:09 EDT 2009
Ken,
Sorry for replying late.
I have hard coded the 'blob' structure as follows in ntlm_client_mech_step2()
inside plugins/ntlm.c:
/* should we send a NTLMv2 response? */
params->utils->getopt(params->utils->getopt_context,
"NTLM", "ntlm_v2", &sendv2, NULL);
/****************commented by dhruva - NTLMv2 support*/
/*if (sendv2 && (*sendv2 == '1' || *sendv2 == 'y' ||
(*sendv2 == 'o' && *sendv2 == 'n') || *sendv2 == 't'))*/
{
int bloblen;
char *blobbuf=NULL;
unsigned char signature[4];
unsigned char reserved[4];
unsigned char unknown[4];
unsigned char timestamp[8];
/* put the cnonce in place after the LMv2 HMAC */
char *cnonce = resp + MD5_DIGEST_LENGTH;
signature[0]=0x01;
signature[1]=0x01;
signature[2]=0x00;
signature[3]=0x00;
reserved[0]=0x00;
reserved[1]=0x00;
reserved[2]=0x00;
reserved[3]=0x00;
unknown[0]=0x00;
unknown[1]=0x00;
unknown[2]=0x00;
unknown[3]=0x00;
params->utils->log(NULL, SASL_LOG_DEBUG,
"calculating LMv2 response");
params->utils->rand(params->utils->rpool, cnonce, NTLM_NONCE_LENGTH);
unix_timestamp(timestamp);
bloblen=32+190;
blobbuf=malloc(bloblen);
memcpy(blobbuf,signature,4);
memcpy(blobbuf+4,reserved,4);
memcpy(blobbuf+8,timestamp,8);
memcpy(blobbuf+16,cnonce,8);
memcpy(blobbuf+24,unknown,4);
memcpy(blobbuf+28,serverin+64,190);
memcpy(blobbuf+28+190,unknown,4);
memcpy(blobbuf+28+190+4,unknown,4);
/* this is for LMv2 response*/
/*V2(resp, password, oparams->authid, domain,
serverin + NTLM_TYPE2_CHALLENGE_OFFSET, cnonce, NTLM_NONCE_LENGTH,
params->utils, &text->out_buf, &text->out_buf_len, &result);*/
/*for NTLMv2 response*/
V2(resp,password,oparams->authid,domain,serverin+NTLM_TYPE2_CHALLENGE_OFFSET,
blobbuf,bloblen,params->utils,&text->out_buf,&text->out_buf_len,&result);
//lm_resp = resp;
memcpy(resp+16,blobbuf,bloblen); /*first 16 bytes has hmac-md5(blobbuf) in 'resp'*/
nt_resp=resp;
}
The 'resp' buffer size in my case is 32+190+16 where 32 is the size of the
blob without TIB size, 190 is the TIB size and 16 is the size
of hmac-md5(blobbuf).
One of the parameter being passed in the line
"
/* should we send a NTLMv2 response? */
params->utils->getopt(params->utils->getopt_context,
"NTLM", "ntlm_v2", &sendv2, NULL);
"
is "ntlm_v2". When I checked, the "sendv2" value is not '1' or 'y'.
So the condition check "if (&sendv2 == ...)" fails. That is the reason I have
commented this check as above.
Can you please guide me about how to pass this check?
Sorry, I don't know how to create a patch file.
Thanks,
Dhruva
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.andrew.cmu.edu/pipermail/cyrus-sasl/attachments/20091014/eb8f5037/attachment.html
More information about the Cyrus-sasl
mailing list