Adding NTLMv2 support for Cyrus SASL 2.1.23

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Title: Adding NTLMv2 support for Cyrus SASL 2.1.23

Ken,

Sorry for replying late.

I have hard coded the 'blob' structure as follows in ntlm_client_mech_step2()
inside plugins/ntlm.c:


 /* should we send a NTLMv2 response? */
    params->utils->getopt(params->utils->getopt_context,
                          "NTLM", "ntlm_v2", &sendv2, NULL);

 /****************commented by dhruva - NTLMv2 support*/
   /*if (sendv2 && (*sendv2 == '1' || *sendv2 == 'y' ||
         (*sendv2 == 'o' && *sendv2 == 'n') || *sendv2 == 't'))*/
   {

         int bloblen;
         char *blobbuf=NULL;
         unsigned char signature[4];
         unsigned char reserved[4];
         unsigned char unknown[4];
         unsigned char timestamp[8];
        
       /* put the cnonce in place after the LMv2 HMAC */
        char *cnonce = resp + MD5_DIGEST_LENGTH;
       
               
        signature[0]=0x01;
        signature[1]=0x01;
        signature[2]=0x00;
        signature[3]=0x00;
        reserved[0]=0x00;
        reserved[1]=0x00;
        reserved[2]=0x00;
        reserved[3]=0x00;
        unknown[0]=0x00;
        unknown[1]=0x00;
        unknown[2]=0x00;
        unknown[3]=0x00;

      
        params->utils->log(NULL, SASL_LOG_DEBUG,
                         "calculating LMv2 response");

        params->utils->rand(params->utils->rpool, cnonce, NTLM_NONCE_LENGTH);

  
        unix_timestamp(timestamp); 
        bloblen=32+190;
        blobbuf=malloc(bloblen);
        memcpy(blobbuf,signature,4);
        memcpy(blobbuf+4,reserved,4);
        memcpy(blobbuf+8,timestamp,8);
        memcpy(blobbuf+16,cnonce,8);
        memcpy(blobbuf+24,unknown,4);
        memcpy(blobbuf+28,serverin+64,190);
        memcpy(blobbuf+28+190,unknown,4);
        memcpy(blobbuf+28+190+4,unknown,4);
 
         /* this is for LMv2 response*/
        /*V2(resp, password, oparams->authid, domain,
         serverin + NTLM_TYPE2_CHALLENGE_OFFSET, cnonce, NTLM_NONCE_LENGTH,
         params->utils, &text->out_buf, &text->out_buf_len, &result);*/
        
         /*for NTLMv2 response*/
        V2(resp,password,oparams->authid,domain,serverin+NTLM_TYPE2_CHALLENGE_OFFSET,
            blobbuf,bloblen,params->utils,&text->out_buf,&text->out_buf_len,&result);

        //lm_resp = resp;
        memcpy(resp+16,blobbuf,bloblen); /*first 16 bytes has hmac-md5(blobbuf) in 'resp'*/
        nt_resp=resp;
    }

The 'resp' buffer size in my case is 32+190+16 where 32 is the size of the
blob without TIB size, 190 is the TIB size and 16 is the size
of hmac-md5(blobbuf).

       
One of the parameter being passed in the line
  "
   /* should we send a NTLMv2 response? */
    params->utils->getopt(params->utils->getopt_context,
                          "NTLM", "ntlm_v2", &sendv2, NULL);
  "
is "ntlm_v2". When I checked, the "sendv2" value is not '1' or 'y'.
So the condition check "if (&sendv2 == ...)" fails. That is the reason I have
commented this check as above.
Can you please guide me about how to pass this check?


Sorry, I don't know how to create a patch file.


Thanks,
Dhruva 





















[Index of Archives]
 
 
[Info Cyrus]
 
 
[Squirrel Mail]
 
 
[Linux Media]
 
 
[Yosemite News]
 
 
[gtk]
 
 
[KDE]
 
 
[Gimp on Windows]
 
 
[Steve's Art]


















 
Powered by Linux