From: Evaldas Auryla (evaldas dot auryla at pheur dot org)
Date: Thu Jun 24 2004 - 04:38:59 EDT
Hello,
I just wanted to share some experience in making Mac OSX Entourage mail
client to work with Cyrus SASL NTLM plugin.
Entourage version used: 10.1.4 (030702)
Cyrus SASL version: 2.1.18
server - Cyrus IMAPD version: 2.2.5
Problem description: If mail server shows "NTLM" in response to allowed
authentication mechanisms during initial greetings, Entourage will use it,
but will always fail and server process will end with signal 11 (I had core
dumps on FreeBSD). 2 issues here:
- Entourage sets flag NTLM_USE_UNICODE, but does not actually use it, so
decoding fails.
- If domain part in NTLM response is empty (if you configure simply
"Username", not "Domain\Username" as login), domain pointer is set to NULL
and smb_session_setup() routine in NTLM module may not like it (signal 11,
code dump).
It looks like Entourage sets flag 0x08000 (Outlook uses 0x0b000), so I took
a risk to use this flag to identify Entourage as client and ignore its
request for unicode, that's seems to be ok in our environment, but surely
need to be tested for other clients.
Below is a quick patch to fix these 2 issues.
Regards,
Evaldas
=======================================================
--- ntlm.c.orig Fri Jun 18 10:41:40 2004
+++ ntlm.c Fri Jun 18 10:43:54 2004
@@ -162,6 +162,7 @@
NTLM_USE_ASCII = 0x00002,
NTLM_ASK_TARGET = 0x00004,
NTLM_AUTH_NTLM = 0x00200,
+ NTLM_ENTOURAGE = 0x08000,
NTLM_TARGET_IS_DOMAIN = 0x10000,
NTLM_TARGET_IS_SERVER = 0x20000,
NTLM_FLAGS_MASK = 0x0ffff
@@ -1116,7 +1117,7 @@
}
static int smb_session_setup(const sasl_utils_t *utils, server_context_t
*text,
- const char *authid, char *domain,
+ const char *authid, char **domain,
unsigned char *lm_resp, unsigned lm_resp_len,
unsigned char *nt_resp, unsigned nt_resp_len)
{
@@ -1199,7 +1200,7 @@
}
iov[n].iov_base = (char*) authid;
iov[n++].iov_len = strlen(authid) + 1;
- iov[n].iov_base = domain;
+ iov[n].iov_base = (char*) domain;
iov[n++].iov_len = strlen(domain) + 1;
iov[n].iov_base = osbuf;
iov[n++].iov_len = strlen(osbuf) + 1;
@@ -1481,13 +1482,15 @@
result = unload_buffer(sparams->utils, clientin +
NTLM_TYPE3_DOMAIN_OFFSET,
(u_char **) &domain, &domain_len,
- text->flags & NTLM_USE_UNICODE,
+ /* === MacOSX Entourage sets Unicode flag, but does not use it,
workaround this === */
+ (text->flags & NTLM_USE_UNICODE) && ((text->flags & 0x0F000) !=
NTLM_ENTOURAGE),
clientin, clientinlen);
if (result != SASL_OK) goto cleanup;
result = unload_buffer(sparams->utils, clientin +
NTLM_TYPE3_USER_OFFSET,
(u_char **) &authid, &authid_len,
- text->flags & NTLM_USE_UNICODE,
+ /* === MacOSX Entourage sets Unicode flag, but does not use it,
workaround this === */
+ (text->flags & NTLM_USE_UNICODE) && ((text->flags & 0x0F000) !=
NTLM_ENTOURAGE),
clientin, clientinlen);
if (result != SASL_OK) goto cleanup;
@@ -1615,7 +1618,7 @@
}
else {
/* proxy the response */
- result = smb_session_setup(sparams->utils, text, authid, domain,
+ result = smb_session_setup(sparams->utils, text, authid, &domain,
lm_resp, lm_resp_len, nt_resp, nt_resp_len);
if (result != SASL_OK) goto cleanup;
=======================================================
|
|
|