patch for ntlm.c to fix Mac OSX Entourage

From: Evaldas Auryla (evaldas dot auryla at pheur dot org)
Date: Thu Jun 24 2004 - 04:38:59 EDT

  • Next message: Ali dot Naddaf at trilogy dot com: "Problem using non-plain SASL + Postfix + LDAP"

    Hello,

    I just wanted to share some experience in making Mac OSX Entourage mail
    client to work with Cyrus SASL NTLM plugin.

    Entourage version used: 10.1.4 (030702)
    Cyrus SASL version: 2.1.18
    server - Cyrus IMAPD version: 2.2.5

    Problem description: If mail server shows "NTLM" in response to allowed
    authentication mechanisms during initial greetings, Entourage will use it,
    but will always fail and server process will end with signal 11 (I had core
    dumps on FreeBSD). 2 issues here:

    - Entourage sets flag NTLM_USE_UNICODE, but does not actually use it, so
    decoding fails.

    - If domain part in NTLM response is empty (if you configure simply
    "Username", not "Domain\Username" as login), domain pointer is set to NULL
    and smb_session_setup() routine in NTLM module may not like it (signal 11,
    code dump).

    It looks like Entourage sets flag 0x08000 (Outlook uses 0x0b000), so I took
    a risk to use this flag to identify Entourage as client and ignore its
    request for unicode, that's seems to be ok in our environment, but surely
    need to be tested for other clients.

    Below is a quick patch to fix these 2 issues.

    Regards,
    Evaldas

    =======================================================
    --- ntlm.c.orig Fri Jun 18 10:41:40 2004
    +++ ntlm.c Fri Jun 18 10:43:54 2004
    @@ -162,6 +162,7 @@
         NTLM_USE_ASCII = 0x00002,
         NTLM_ASK_TARGET = 0x00004,
         NTLM_AUTH_NTLM = 0x00200,
    + NTLM_ENTOURAGE = 0x08000,
         NTLM_TARGET_IS_DOMAIN = 0x10000,
         NTLM_TARGET_IS_SERVER = 0x20000,
         NTLM_FLAGS_MASK = 0x0ffff
    @@ -1116,7 +1117,7 @@
     }

     static int smb_session_setup(const sasl_utils_t *utils, server_context_t
    *text,
    - const char *authid, char *domain,
    + const char *authid, char **domain,
             unsigned char *lm_resp, unsigned lm_resp_len,
             unsigned char *nt_resp, unsigned nt_resp_len)
     {
    @@ -1199,7 +1200,7 @@
         }
         iov[n].iov_base = (char*) authid;
         iov[n++].iov_len = strlen(authid) + 1;
    - iov[n].iov_base = domain;
    + iov[n].iov_base = (char*) domain;
         iov[n++].iov_len = strlen(domain) + 1;
         iov[n].iov_base = osbuf;
         iov[n++].iov_len = strlen(osbuf) + 1;
    @@ -1481,13 +1482,15 @@

         result = unload_buffer(sparams->utils, clientin +
    NTLM_TYPE3_DOMAIN_OFFSET,
           (u_char **) &domain, &domain_len,
    - text->flags & NTLM_USE_UNICODE,
    + /* === MacOSX Entourage sets Unicode flag, but does not use it,
    workaround this === */
    + (text->flags & NTLM_USE_UNICODE) && ((text->flags & 0x0F000) !=
    NTLM_ENTOURAGE),
           clientin, clientinlen);
         if (result != SASL_OK) goto cleanup;

         result = unload_buffer(sparams->utils, clientin +
    NTLM_TYPE3_USER_OFFSET,
           (u_char **) &authid, &authid_len,
    - text->flags & NTLM_USE_UNICODE,
    + /* === MacOSX Entourage sets Unicode flag, but does not use it,
    workaround this === */
    + (text->flags & NTLM_USE_UNICODE) && ((text->flags & 0x0F000) !=
    NTLM_ENTOURAGE),
           clientin, clientinlen);
         if (result != SASL_OK) goto cleanup;

    @@ -1615,7 +1618,7 @@
         }
         else {
      /* proxy the response */
    - result = smb_session_setup(sparams->utils, text, authid, domain,
    + result = smb_session_setup(sparams->utils, text, authid, &domain,
            lm_resp, lm_resp_len, nt_resp, nt_resp_len);
      if (result != SASL_OK) goto cleanup;
    =======================================================


  • Next message: Ali dot Naddaf at trilogy dot com: "Problem using non-plain SASL + Postfix + LDAP"





    Hosted Email Solutions

    Invaluement Anti-Spam DNSBLs



    Powered By FreeBSD   Powered By FreeBSD