Your message dated Tue, 15 Apr 2014 10:25:12 -0700
with message-id
<CAMXH3QBw3B41qfFJabMBjvO+1fom-H8k=q5xausckkowewm...@mail.gmail.com>
and subject line libldap ntlm support working since 2.1.30-10
has caused the Debian Bug report #262604,
regarding PATCH: Low-level authentication hooks for NTLM auth
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
262604: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=262604
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libldap2
Version: 2.1.30-2
Severity: wishlist
Hi,
How do you feel about adding this third-party patch to allow the Ximian
Connector package (evolution-exchange) to do secure NTLM authentication
against Active Directory servers? It's certainly not Ximian Connector
specific, but then, I don't know of any other software using it. :-)
This would be *very* handy for users of Evolution's Exchange support. If
you don't think it's appropriate, I could package an alternative libldap
with this patch (as Ximian do for other distributions); that's going to
be a pain in the butt, though. :-)
Thanks,
- Jeff
CVS
===
http://cvs.gnome.org/viewcvs/*checkout*/evolution-exchange/docs/openldap-ntlm.diff?rev=1.1.1.1
Patch
=====
(Note that this patch is not useful on its own... it just adds some
hooks to work with the LDAP authentication process at a lower level
than the API otherwise allows. The code that calls these hooks and
actually drives the NTLM authentication process is in
lib/e2k-global-catalog.c, and the code that actually implements the
NTLM algorithms is in xntlm/.)
diff -Nrc -x '*~' -x '*.o' openldap-2.1.23.orig/include/ldap.h
openldap-2.1.23/include/ldap.h
*** openldap-2.1.23.orig/include/ldap.h Wed Mar 5 18:48:31 2003
--- openldap-2.1.23/include/ldap.h Mon Nov 17 13:46:23 2003
***************
*** 1645,1649 ****
--- 1645,1670 ----
LDAPControl **sctrls,
LDAPControl **cctrls ));
+ /*
+ * hacks for NTLM
+ */
+ #define LDAP_AUTH_NTLM_REQUEST ((ber_tag_t) 0x8aU)
+ #define LDAP_AUTH_NTLM_RESPONSE ((ber_tag_t) 0x8bU)
+ LDAP_F( int )
+ ldap_ntlm_bind LDAP_P((
+ LDAP *ld,
+ LDAP_CONST char *dn,
+ ber_tag_t tag,
+ struct berval *cred,
+ LDAPControl **sctrls,
+ LDAPControl **cctrls,
+ int *msgidp ));
+ LDAP_F( int )
+ ldap_parse_ntlm_bind_result LDAP_P((
+ LDAP *ld,
+ LDAPMessage *res,
+ struct berval *challenge));
+
+
LDAP_END_DECL
#endif /* _LDAP_H */
diff -Nrc -x '*~' -x '*.o' openldap-2.1.23.orig/libraries/libldap/Makefile.in
openldap-2.1.23/libraries/libldap/Makefile.in
*** openldap-2.1.23.orig/libraries/libldap/Makefile.in Sun Mar 30 09:47:09 2003
--- openldap-2.1.23/libraries/libldap/Makefile.in Mon Nov 17 13:48:02 2003
***************
*** 11,17 ****
SRCS = bind.c open.c result.c error.c compare.c search.c \
controls.c messages.c references.c extended.c cyrus.c \
modify.c add.c modrdn.c delete.c abandon.c \
! sasl.c sbind.c kbind.c unbind.c cancel.c cache.c \
filter.c free.c sort.c passwd.c whoami.c \
getdn.c getentry.c getattr.c getvalues.c addentry.c \
request.c os-ip.c url.c sortctrl.c vlvctrl.c \
--- 11,17 ----
SRCS = bind.c open.c result.c error.c compare.c search.c \
controls.c messages.c references.c extended.c cyrus.c \
modify.c add.c modrdn.c delete.c abandon.c \
! sasl.c sbind.c kbind.c ntlm.c unbind.c cancel.c cache.c \
filter.c free.c sort.c passwd.c whoami.c \
getdn.c getentry.c getattr.c getvalues.c addentry.c \
request.c os-ip.c url.c sortctrl.c vlvctrl.c \
***************
*** 20,26 ****
OBJS = bind.lo open.lo result.lo error.lo compare.lo search.lo \
controls.lo messages.lo references.lo extended.lo cyrus.lo \
modify.lo add.lo modrdn.lo delete.lo abandon.lo \
! sasl.lo sbind.lo kbind.lo unbind.lo cancel.lo cache.lo \
filter.lo free.lo sort.lo passwd.lo whoami.lo \
getdn.lo getentry.lo getattr.lo getvalues.lo addentry.lo \
request.lo os-ip.lo url.lo sortctrl.lo vlvctrl.lo \
--- 20,26 ----
OBJS = bind.lo open.lo result.lo error.lo compare.lo search.lo \
controls.lo messages.lo references.lo extended.lo cyrus.lo \
modify.lo add.lo modrdn.lo delete.lo abandon.lo \
! sasl.lo sbind.lo kbind.lo ntlm.lo unbind.lo cancel.lo cache.lo \
filter.lo free.lo sort.lo passwd.lo whoami.lo \
getdn.lo getentry.lo getattr.lo getvalues.lo addentry.lo \
request.lo os-ip.lo url.lo sortctrl.lo vlvctrl.lo \
diff -Nrc -x '*~' -x '*.o' openldap-2.1.23.orig/libraries/libldap/ntlm.c
openldap-2.1.23/libraries/libldap/ntlm.c
*** openldap-2.1.23.orig/libraries/libldap/ntlm.c Wed Dec 31 19:00:00 1969
--- openldap-2.1.23/libraries/libldap/ntlm.c Mon Nov 17 13:46:23 2003
***************
*** 0 ****
--- 1,141 ----
+ /* $OpenLDAP: pkg/ldap/libraries/libldap/ntlm.c,v 1.1.4.10 2002/01/04
20:38:21 kurt Exp $ */
+ /*
+ * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+ /* Mostly copied from sasl.c */
+
+ #include "portable.h"
+
+ #include <stdlib.h>
+ #include <stdio.h>
+
+ #include <ac/socket.h>
+ #include <ac/string.h>
+ #include <ac/time.h>
+ #include <ac/errno.h>
+
+ #include "ldap-int.h"
+
+ int
+ ldap_ntlm_bind(
+ LDAP *ld,
+ LDAP_CONST char *dn,
+ ber_tag_t tag,
+ struct berval *cred,
+ LDAPControl **sctrls,
+ LDAPControl **cctrls,
+ int *msgidp )
+ {
+ BerElement *ber;
+ int rc;
+
+ Debug( LDAP_DEBUG_TRACE, "ldap_ntlm_bind\n", 0, 0, 0 );
+
+ assert( ld != NULL );
+ assert( LDAP_VALID( ld ) );
+ assert( msgidp != NULL );
+
+ if( msgidp == NULL ) {
+ ld->ld_errno = LDAP_PARAM_ERROR;
+ return ld->ld_errno;
+ }
+
+ /* create a message to send */
+ if ( (ber = ldap_alloc_ber_with_options( ld )) == NULL ) {
+ ld->ld_errno = LDAP_NO_MEMORY;
+ return ld->ld_errno;
+ }
+
+ assert( LBER_VALID( ber ) );
+
+ rc = ber_printf( ber, "{it{istON}" /*}*/,
+ ++ld->ld_msgid, LDAP_REQ_BIND,
+ ld->ld_version, dn, tag,
+ cred );
+
+ /* Put Server Controls */
+ if( ldap_int_put_controls( ld, sctrls, ber ) != LDAP_SUCCESS ) {
+ ber_free( ber, 1 );
+ return ld->ld_errno;
+ }
+
+ if ( ber_printf( ber, /*{*/ "N}" ) == -1 ) {
+ ld->ld_errno = LDAP_ENCODING_ERROR;
+ ber_free( ber, 1 );
+ return ld->ld_errno;
+ }
+
+ #ifndef LDAP_NOCACHE
+ if ( ld->ld_cache != NULL ) {
+ ldap_flush_cache( ld );
+ }
+ #endif /* !LDAP_NOCACHE */
+
+ /* send the message */
+ *msgidp = ldap_send_initial_request( ld, LDAP_REQ_BIND, dn, ber );
+
+ if(*msgidp < 0)
+ return ld->ld_errno;
+
+ return LDAP_SUCCESS;
+ }
+
+ int
+ ldap_parse_ntlm_bind_result(
+ LDAP *ld,
+ LDAPMessage *res,
+ struct berval *challenge)
+ {
+ ber_int_t errcode;
+ ber_tag_t tag;
+ BerElement *ber;
+ ber_len_t len;
+
+ Debug( LDAP_DEBUG_TRACE, "ldap_parse_ntlm_bind_result\n", 0, 0, 0 );
+
+ assert( ld != NULL );
+ assert( LDAP_VALID( ld ) );
+ assert( res != NULL );
+
+ if ( ld == NULL || res == NULL ) {
+ return LDAP_PARAM_ERROR;
+ }
+
+ if( res->lm_msgtype != LDAP_RES_BIND ) {
+ ld->ld_errno = LDAP_PARAM_ERROR;
+ return ld->ld_errno;
+ }
+
+ if ( ld->ld_error ) {
+ LDAP_FREE( ld->ld_error );
+ ld->ld_error = NULL;
+ }
+ if ( ld->ld_matched ) {
+ LDAP_FREE( ld->ld_matched );
+ ld->ld_matched = NULL;
+ }
+
+ /* parse results */
+
+ ber = ber_dup( res->lm_ber );
+
+ if( ber == NULL ) {
+ ld->ld_errno = LDAP_NO_MEMORY;
+ return ld->ld_errno;
+ }
+
+ tag = ber_scanf( ber, "{ioa" /*}*/,
+ &errcode, challenge, &ld->ld_error );
+ ber_free( ber, 0 );
+
+ if( tag == LBER_ERROR ) {
+ ld->ld_errno = LDAP_DECODING_ERROR;
+ return ld->ld_errno;
+ }
+
+ ld->ld_errno = errcode;
+
+ return( ld->ld_errno );
+ }
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: powerpc (ppc)
Kernel: Linux 2.6.6
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8
Versions of packages libldap2 depends on:
ii libc6 2.3.2.ds1-13 GNU C Library: Shared libraries an
ii libgnutls10 1.0.4-7 GNU TLS library - runtime library
ii libsasl2 2.1.18-4.1 Authentication abstraction library
-- no debconf information
--- End Message ---
--- Begin Message ---
Version: 2.1.30-10
Hi Jeff,
If anyone was looking forward to this bug's 10th anniversary with no
replies: sorry to disappoint.
This looks to me like the same NTLM patch that was added and fixed
over several revisions: 2.1.30-4 (#283606), 2.1.30-6 (idem), and
finally 2.1.30-10 (#305559).
(Actually, this bug has sat long enough that evolution-exchange has
even been retired recently (#722164, #457374#20).)
I'm not able to actually test the NTLM support, but as far as I know
it's been working all this time.
thanks,
Ryan
--- End Message ---
