200 lines
4.9 KiB
Diff
200 lines
4.9 KiB
Diff
(Note that this patch is not useful on its own... it just adds some
|
|
hooks to work with the LDAP authentication process at a lower level
|
|
than the API otherwise allows. The code that calls these hooks and
|
|
actually drives the NTLM authentication process is in
|
|
lib/e2k-global-catalog.c, and the code that actually implements the
|
|
NTLM algorithms is in xntlm/.)
|
|
|
|
This is a patch against OpenLDAP 2.2.6. Apply with -p0
|
|
|
|
|
|
--- include/ldap.h.orig 2004-01-01 13:16:28.000000000 -0500
|
|
+++ include/ldap.h 2004-07-14 11:58:49.000000000 -0400
|
|
@@ -1753,5 +1753,26 @@
|
|
LDAPControl **cctrls ));
|
|
|
|
|
|
+/*
|
|
+ * hacks for NTLM
|
|
+ */
|
|
+#define LDAP_AUTH_NTLM_REQUEST ((ber_tag_t) 0x8aU)
|
|
+#define LDAP_AUTH_NTLM_RESPONSE ((ber_tag_t) 0x8bU)
|
|
+LDAP_F( int )
|
|
+ldap_ntlm_bind LDAP_P((
|
|
+ LDAP *ld,
|
|
+ LDAP_CONST char *dn,
|
|
+ ber_tag_t tag,
|
|
+ struct berval *cred,
|
|
+ LDAPControl **sctrls,
|
|
+ LDAPControl **cctrls,
|
|
+ int *msgidp ));
|
|
+LDAP_F( int )
|
|
+ldap_parse_ntlm_bind_result LDAP_P((
|
|
+ LDAP *ld,
|
|
+ LDAPMessage *res,
|
|
+ struct berval *challenge));
|
|
+
|
|
+
|
|
LDAP_END_DECL
|
|
#endif /* _LDAP_H */
|
|
--- libraries/libldap/Makefile.in.orig 2004-01-01 13:16:29.000000000 -0500
|
|
+++ libraries/libldap/Makefile.in 2004-07-14 13:37:23.000000000 -0400
|
|
@@ -20,7 +20,7 @@
|
|
SRCS = bind.c open.c result.c error.c compare.c search.c \
|
|
controls.c messages.c references.c extended.c cyrus.c \
|
|
modify.c add.c modrdn.c delete.c abandon.c \
|
|
- sasl.c sbind.c kbind.c unbind.c cancel.c \
|
|
+ sasl.c ntlm.c sbind.c kbind.c unbind.c cancel.c \
|
|
filter.c free.c sort.c passwd.c whoami.c \
|
|
getdn.c getentry.c getattr.c getvalues.c addentry.c \
|
|
request.c os-ip.c url.c sortctrl.c vlvctrl.c \
|
|
@@ -29,7 +29,7 @@
|
|
OBJS = bind.lo open.lo result.lo error.lo compare.lo search.lo \
|
|
controls.lo messages.lo references.lo extended.lo cyrus.lo \
|
|
modify.lo add.lo modrdn.lo delete.lo abandon.lo \
|
|
- sasl.lo sbind.lo kbind.lo unbind.lo cancel.lo \
|
|
+ sasl.lo ntlm.lo sbind.lo kbind.lo unbind.lo cancel.lo \
|
|
filter.lo free.lo sort.lo passwd.lo whoami.lo \
|
|
getdn.lo getentry.lo getattr.lo getvalues.lo addentry.lo \
|
|
request.lo os-ip.lo url.lo sortctrl.lo vlvctrl.lo \
|
|
--- /dev/null 2004-06-30 15:04:37.000000000 -0400
|
|
+++ libraries/libldap/ntlm.c 2004-07-14 13:44:18.000000000 -0400
|
|
@@ -0,0 +1,137 @@
|
|
+/* $OpenLDAP: pkg/ldap/libraries/libldap/ntlm.c,v 1.1.4.10 2002/01/04 20:38:21 kurt Exp $ */
|
|
+/*
|
|
+ * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved.
|
|
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
|
|
+ */
|
|
+
|
|
+/* Mostly copied from sasl.c */
|
|
+
|
|
+#include "portable.h"
|
|
+
|
|
+#include <stdlib.h>
|
|
+#include <stdio.h>
|
|
+
|
|
+#include <ac/socket.h>
|
|
+#include <ac/string.h>
|
|
+#include <ac/time.h>
|
|
+#include <ac/errno.h>
|
|
+
|
|
+#include "ldap-int.h"
|
|
+
|
|
+int
|
|
+ldap_ntlm_bind(
|
|
+ LDAP *ld,
|
|
+ LDAP_CONST char *dn,
|
|
+ ber_tag_t tag,
|
|
+ struct berval *cred,
|
|
+ LDAPControl **sctrls,
|
|
+ LDAPControl **cctrls,
|
|
+ int *msgidp )
|
|
+{
|
|
+ BerElement *ber;
|
|
+ int rc;
|
|
+ ber_int_t id;
|
|
+
|
|
+ Debug( LDAP_DEBUG_TRACE, "ldap_ntlm_bind\n", 0, 0, 0 );
|
|
+
|
|
+ assert( ld != NULL );
|
|
+ assert( LDAP_VALID( ld ) );
|
|
+ assert( msgidp != NULL );
|
|
+
|
|
+ if( msgidp == NULL ) {
|
|
+ ld->ld_errno = LDAP_PARAM_ERROR;
|
|
+ return ld->ld_errno;
|
|
+ }
|
|
+
|
|
+ /* create a message to send */
|
|
+ if ( (ber = ldap_alloc_ber_with_options( ld )) == NULL ) {
|
|
+ ld->ld_errno = LDAP_NO_MEMORY;
|
|
+ return ld->ld_errno;
|
|
+ }
|
|
+
|
|
+ assert( LBER_VALID( ber ) );
|
|
+
|
|
+ LDAP_NEXT_MSGID( ld, id );
|
|
+ rc = ber_printf( ber, "{it{istON}" /*}*/,
|
|
+ id, LDAP_REQ_BIND,
|
|
+ ld->ld_version, dn, tag,
|
|
+ cred );
|
|
+
|
|
+ /* Put Server Controls */
|
|
+ if( ldap_int_put_controls( ld, sctrls, ber ) != LDAP_SUCCESS ) {
|
|
+ ber_free( ber, 1 );
|
|
+ return ld->ld_errno;
|
|
+ }
|
|
+
|
|
+ if ( ber_printf( ber, /*{*/ "N}" ) == -1 ) {
|
|
+ ld->ld_errno = LDAP_ENCODING_ERROR;
|
|
+ ber_free( ber, 1 );
|
|
+ return ld->ld_errno;
|
|
+ }
|
|
+
|
|
+ /* send the message */
|
|
+ *msgidp = ldap_send_initial_request( ld, LDAP_REQ_BIND, dn, ber, id );
|
|
+
|
|
+ if(*msgidp < 0)
|
|
+ return ld->ld_errno;
|
|
+
|
|
+ return LDAP_SUCCESS;
|
|
+}
|
|
+
|
|
+int
|
|
+ldap_parse_ntlm_bind_result(
|
|
+ LDAP *ld,
|
|
+ LDAPMessage *res,
|
|
+ struct berval *challenge)
|
|
+{
|
|
+ ber_int_t errcode;
|
|
+ ber_tag_t tag;
|
|
+ BerElement *ber;
|
|
+ ber_len_t len;
|
|
+
|
|
+ Debug( LDAP_DEBUG_TRACE, "ldap_parse_ntlm_bind_result\n", 0, 0, 0 );
|
|
+
|
|
+ assert( ld != NULL );
|
|
+ assert( LDAP_VALID( ld ) );
|
|
+ assert( res != NULL );
|
|
+
|
|
+ if ( ld == NULL || res == NULL ) {
|
|
+ return LDAP_PARAM_ERROR;
|
|
+ }
|
|
+
|
|
+ if( res->lm_msgtype != LDAP_RES_BIND ) {
|
|
+ ld->ld_errno = LDAP_PARAM_ERROR;
|
|
+ return ld->ld_errno;
|
|
+ }
|
|
+
|
|
+ if ( ld->ld_error ) {
|
|
+ LDAP_FREE( ld->ld_error );
|
|
+ ld->ld_error = NULL;
|
|
+ }
|
|
+ if ( ld->ld_matched ) {
|
|
+ LDAP_FREE( ld->ld_matched );
|
|
+ ld->ld_matched = NULL;
|
|
+ }
|
|
+
|
|
+ /* parse results */
|
|
+
|
|
+ ber = ber_dup( res->lm_ber );
|
|
+
|
|
+ if( ber == NULL ) {
|
|
+ ld->ld_errno = LDAP_NO_MEMORY;
|
|
+ return ld->ld_errno;
|
|
+ }
|
|
+
|
|
+ tag = ber_scanf( ber, "{ioa" /*}*/,
|
|
+ &errcode, challenge, &ld->ld_error );
|
|
+ ber_free( ber, 0 );
|
|
+
|
|
+ if( tag == LBER_ERROR ) {
|
|
+ ld->ld_errno = LDAP_DECODING_ERROR;
|
|
+ return ld->ld_errno;
|
|
+ }
|
|
+
|
|
+ ld->ld_errno = errcode;
|
|
+
|
|
+ return( ld->ld_errno );
|
|
+}
|