1 (Note that this patch is not useful on its own... it just adds some
2 hooks to work with the LDAP authentication process at a lower level
3 than the API otherwise allows. The code that calls these hooks and
4 actually drives the NTLM authentication process is in
5 lib/e2k-global-catalog.c, and the code that actually implements the
6 NTLM algorithms is in xntlm/.)
8 This is a patch against OpenLDAP 2.2.6. Apply with -p0
11 --- include/ldap.h.orig 2004-01-01 13:16:28.000000000 -0500
12 +++ include/ldap.h 2004-07-14 11:58:49.000000000 -0400
13 @@ -1753,5 +1753,26 @@
14 LDAPControl **cctrls ));
20 +#define LDAP_AUTH_NTLM_REQUEST ((ber_tag_t) 0x8aU)
21 +#define LDAP_AUTH_NTLM_RESPONSE ((ber_tag_t) 0x8bU)
23 +ldap_ntlm_bind LDAP_P((
25 + LDAP_CONST char *dn,
27 + struct berval *cred,
28 + LDAPControl **sctrls,
29 + LDAPControl **cctrls,
32 +ldap_parse_ntlm_bind_result LDAP_P((
35 + struct berval *challenge));
40 --- libraries/libldap/Makefile.in.orig 2004-01-01 13:16:29.000000000 -0500
41 +++ libraries/libldap/Makefile.in 2004-07-14 13:37:23.000000000 -0400
43 SRCS = bind.c open.c result.c error.c compare.c search.c \
44 controls.c messages.c references.c extended.c cyrus.c \
45 modify.c add.c modrdn.c delete.c abandon.c \
46 - sasl.c gssapi.c sbind.c unbind.c cancel.c \
47 + sasl.c gssapi.c ntlm.c sbind.c unbind.c cancel.c \
48 filter.c free.c sort.c passwd.c whoami.c \
49 getdn.c getentry.c getattr.c getvalues.c addentry.c \
50 request.c os-ip.c url.c sortctrl.c vlvctrl.c \
52 OBJS = bind.lo open.lo result.lo error.lo compare.lo search.lo \
53 controls.lo messages.lo references.lo extended.lo cyrus.lo \
54 modify.lo add.lo modrdn.lo delete.lo abandon.lo \
55 - sasl.lo gssapi.lo sbind.lo unbind.lo cancel.lo \
56 + sasl.lo gssapi.lo ntlm.lo sbind.lo unbind.lo cancel.lo \
57 filter.lo free.lo sort.lo passwd.lo whoami.lo \
58 getdn.lo getentry.lo getattr.lo getvalues.lo addentry.lo \
59 request.lo os-ip.lo url.lo sortctrl.lo vlvctrl.lo \
60 --- /dev/null 2004-06-30 15:04:37.000000000 -0400
61 +++ libraries/libldap/ntlm.c 2004-07-14 13:44:18.000000000 -0400
63 +/* $OpenLDAP: pkg/ldap/libraries/libldap/ntlm.c,v 1.1.4.10 2002/01/04 20:38:21 kurt Exp $ */
65 + * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved.
66 + * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
69 +/* Mostly copied from sasl.c */
71 +#include "portable.h"
76 +#include <ac/socket.h>
77 +#include <ac/string.h>
79 +#include <ac/errno.h>
81 +#include "ldap-int.h"
86 + LDAP_CONST char *dn,
88 + struct berval *cred,
89 + LDAPControl **sctrls,
90 + LDAPControl **cctrls,
97 + Debug( LDAP_DEBUG_TRACE, "ldap_ntlm_bind\n", 0, 0, 0 );
99 + assert( ld != NULL );
100 + assert( LDAP_VALID( ld ) );
101 + assert( msgidp != NULL );
103 + if( msgidp == NULL ) {
104 + ld->ld_errno = LDAP_PARAM_ERROR;
105 + return ld->ld_errno;
108 + /* create a message to send */
109 + if ( (ber = ldap_alloc_ber_with_options( ld )) == NULL ) {
110 + ld->ld_errno = LDAP_NO_MEMORY;
111 + return ld->ld_errno;
114 + assert( LBER_VALID( ber ) );
116 + LDAP_NEXT_MSGID( ld, id );
117 + rc = ber_printf( ber, "{it{istON}" /*}*/,
119 + ld->ld_version, dn, tag,
122 + /* Put Server Controls */
123 + if( ldap_int_put_controls( ld, sctrls, ber ) != LDAP_SUCCESS ) {
124 + ber_free( ber, 1 );
125 + return ld->ld_errno;
128 + if ( ber_printf( ber, /*{*/ "N}" ) == -1 ) {
129 + ld->ld_errno = LDAP_ENCODING_ERROR;
130 + ber_free( ber, 1 );
131 + return ld->ld_errno;
134 + /* send the message */
135 + *msgidp = ldap_send_initial_request( ld, LDAP_REQ_BIND, dn, ber, id );
138 + return ld->ld_errno;
140 + return LDAP_SUCCESS;
144 +ldap_parse_ntlm_bind_result(
147 + struct berval *challenge)
154 + Debug( LDAP_DEBUG_TRACE, "ldap_parse_ntlm_bind_result\n", 0, 0, 0 );
156 + assert( ld != NULL );
157 + assert( LDAP_VALID( ld ) );
158 + assert( res != NULL );
160 + if ( ld == NULL || res == NULL ) {
161 + return LDAP_PARAM_ERROR;
164 + if( res->lm_msgtype != LDAP_RES_BIND ) {
165 + ld->ld_errno = LDAP_PARAM_ERROR;
166 + return ld->ld_errno;
169 + if ( ld->ld_error ) {
170 + LDAP_FREE( ld->ld_error );
171 + ld->ld_error = NULL;
173 + if ( ld->ld_matched ) {
174 + LDAP_FREE( ld->ld_matched );
175 + ld->ld_matched = NULL;
178 + /* parse results */
180 + ber = ber_dup( res->lm_ber );
182 + if( ber == NULL ) {
183 + ld->ld_errno = LDAP_NO_MEMORY;
184 + return ld->ld_errno;
187 + tag = ber_scanf( ber, "{ioa" /*}*/,
188 + &errcode, challenge, &ld->ld_error );
189 + ber_free( ber, 0 );
191 + if( tag == LBER_ERROR ) {
192 + ld->ld_errno = LDAP_DECODING_ERROR;
193 + return ld->ld_errno;
196 + ld->ld_errno = errcode;
198 + return( ld->ld_errno );