README.NTLM - fetchmail in fetchmail

NTLM support by Grant Edwards <grante@visi.com>

This directory contains sources for a library which provides
routines to manipulate the structures used for the client end
of Microsoft NTLM authentication.

This code (the ntlm.h file and smb*.[ch] files) was taken mostly from
the Samba project and was initially intended for use with Microsoft
Exchange Server when it is configured to require NTLM authentication
for clients of its IMAP server.

Not much effort has been put into making this portable, and the author
only know for sure that it works on i386 Linux glibc systems -- though
there shouldn't be anything all that system-specific anywhere.  System
byte order differences should already be taken care of.

USAGE  
  
The application program must convert these structures to/from base64
which is used to transfer data for IMAP authentication.  For example
usage see the sources for the mutt MUA or here in the fetchmail
package.

In general the usage is something like shown below (no, I don't
know if this code even compiles, but you get the idea
hopefully):


#include <ntlm.h>

extern char *seqTag;  /* IMAP sequence number */

int imap_auth_ntlm(char *user, char *domain, char *pass)
{
  tSmbNtlmAuthRequest   request;              
  tSmbNtlmAuthChallenge challenge;
  tSmbNtlmAuthResponse  response;
  char buffer[512];
  char tmpstr[32];
  
  writeToServer("%s AUTHENTICATE NTLM\r\n",seqTag);
  readFromServer(buffer)
  
  /* buffer should be "+", but we won't show code to check */

  /* 
   * prepare the request, convert to base64, and send it to
   * the the server.  My server didn't care about domain, and NULL
   * worked fine.
   */

  buildSmbNtlmAuthRequest(&request,user,domain);
  convertToBase64(buffer, &request, SmbLength(&request));
  writeToServer("%s\r\n",buffer);
  
  /* read challange data from server, convert from base64 */
  
  readFromServer(buffer);
  
  /* buffer should contain the string "+ [base 64 data]" */
  
  convertFromBase64(&challenge, buffer+2);
  
  /* prepare response, convert to base64, send to server */
  
  buildSmbNtlmAuthResponse(&challenge, &response, user, pass);
  convertToBase64(buffer,&response,SmbLength(&response));
  writeToServer("%s\r\n",buffer);
  
  /* read line from server, it should be "[seq] OK blah blah blah" */
  
  readFromServer(buffer);
  
  sprintf(tmpstr,"%s OK",seqTag);
  
  if (strncmp(buffer,tmpstr,strlen(tmpstr)))
  {
    /* login failed */
    return -1;
  }
  
  return 0;
}

1	NTLM support by Grant Edwards <grante@visi.com>
2
3	This directory contains sources for a library which provides
4	routines to manipulate the structures used for the client end
5	of Microsoft NTLM authentication.
6
7	This code (the ntlm.h file and smb*.[ch] files) was taken mostly from
8	the Samba project and was initially intended for use with Microsoft
9	Exchange Server when it is configured to require NTLM authentication
10	for clients of its IMAP server.
11
12	Not much effort has been put into making this portable, and the author
13	only know for sure that it works on i386 Linux glibc systems -- though
14	there shouldn't be anything all that system-specific anywhere. System
15	byte order differences should already be taken care of.
16
17	USAGE
18
19	The application program must convert these structures to/from base64
20	which is used to transfer data for IMAP authentication. For example
21	usage see the sources for the mutt MUA or here in the fetchmail
22	package.
23
24	In general the usage is something like shown below (no, I don't
25	know if this code even compiles, but you get the idea
26	hopefully):
27
28
29	#include <ntlm.h>
30
31	extern char seqTag; / IMAP sequence number */
32
33	int imap_auth_ntlm(char user, char domain, char *pass)
34	{
35	tSmbNtlmAuthRequest request;
36	tSmbNtlmAuthChallenge challenge;
37	tSmbNtlmAuthResponse response;
38	char buffer[512];
39	char tmpstr[32];
40
41	writeToServer("%s AUTHENTICATE NTLM\r\n",seqTag);
42	readFromServer(buffer)
43
44	/* buffer should be "+", but we won't show code to check */
45
46	/*
47	* prepare the request, convert to base64, and send it to
48	* the the server. My server didn't care about domain, and NULL
49	* worked fine.
50	*/
51
52	buildSmbNtlmAuthRequest(&request,user,domain);
53	convertToBase64(buffer, &request, SmbLength(&request));
54	writeToServer("%s\r\n",buffer);
55
56	/* read challange data from server, convert from base64 */
57
58	readFromServer(buffer);
59
60	/* buffer should contain the string "+ [base 64 data]" */
61
62	convertFromBase64(&challenge, buffer+2);
63
64	/* prepare response, convert to base64, send to server */
65
66	buildSmbNtlmAuthResponse(&challenge, &response, user, pass);
67	convertToBase64(buffer,&response,SmbLength(&response));
68	writeToServer("%s\r\n",buffer);
69
70	/* read line from server, it should be "[seq] OK blah blah blah" */
71
72	readFromServer(buffer);
73
74	sprintf(tmpstr,"%s OK",seqTag);
75
76	if (strncmp(buffer,tmpstr,strlen(tmpstr)))
77	{
78	/* login failed */
79	return -1;
80	}
81
82	return 0;
83	}

Gitorious