Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Mirror of Simon Josefsson's Libntlm

444 commits 3 branches 31 tags 1.4 MiB

Shell 60.7%
C 28.4%
Makefile 7.1%
M4 3.8%

Find a file

Simon Josefsson 7dc46da7db Version 1.8.		2024年04月13日 12:04:33 +02:00
doc	Announcement for v1.7.	2023年12月31日 14:29:02 +01:00
examples	Rename test/ directory, contains old example CLI code.	2020年11月19日 10:00:25 +01:00
.gitignore	maint: Use GNULIB_REVISION in bootstrap.conf instead of gnulib submodule.	2024年04月13日 11:57:25 +02:00
.gitlab-ci.yml	cicd: Check reproducability of artifacts. Various improvements.	2024年04月13日 12:00:06 +02:00
AUTHORS	Run 'make update-copyright'.	2024年01月01日 10:36:49 +01:00
bootstrap	Run ./bootstrap --bootstrap-sync. Drop autogen.sh/autopull.sh.	2023年12月31日 01:55:43 +01:00
bootstrap-funclib.sh	Run ./bootstrap --bootstrap-sync. Drop autogen.sh/autopull.sh.	2023年12月31日 01:55:43 +01:00
bootstrap.conf	maint: Use GNULIB_REVISION in bootstrap.conf instead of gnulib submodule.	2024年04月13日 11:57:25 +02:00
cfg.mk	maint: Sign git tags.	2024年04月13日 12:04:28 +02:00
ChangeLog	maint: Drop dynamically generated ChangeLog content due to reproducability.	2024年04月13日 11:54:09 +02:00
configure.ac	Run 'make update-copyright'.	2024年01月01日 10:36:49 +01:00
CONTRIBUTING.md	CONTRIBUTING.md: Fix release info.	2024年04月13日 11:59:52 +02:00
COPYING	Update gnulib files. Fix syntax-check rules.	2011年06月20日 10:55:35 +02:00
libntlm.pc.in	Run 'make update-copyright'.	2024年01月01日 10:36:49 +01:00
libntlm.spec.in	Indent and fix syntax-check rule.	2020年11月19日 10:10:26 +01:00
libntlm4win.mk	libntlm4win.mk: Fix URL. Don't use TAR_OPTIONS. Drop obsolete upload rule.	2024年04月13日 11:59:37 +02:00
Makefile.am	maint: Make tarball mtime reproducible.	2024年04月13日 11:58:54 +02:00
NEWS	Version 1.8.	2024年04月13日 12:04:33 +02:00
ntlm.h.in	Improve namespace.	2020年04月19日 09:33:48 +02:00
README	Markdown README.	2022年11月01日 12:18:04 +01:00
README.md	Version 1.8.	2024年04月13日 12:04:33 +02:00
smbencrypt.c	Run 'make update-copyright'.	2024年01月01日 10:36:49 +01:00
smbutil.c	Run 'make update-copyright'.	2024年01月01日 10:36:49 +01:00
test.txt	Update, from Frediano Ziglio.	2004年09月30日 10:27:22 +00:00
test_CVE-2019-17455.c	Run 'make update-copyright'.	2024年01月01日 10:36:49 +01:00
test_ntlm.c	Run 'make update-copyright'.	2024年01月01日 10:36:49 +01:00
THANKS	Run 'make update-copyright'.	2024年01月01日 10:36:49 +01:00

README.md

Libntlm README -- Introduction information

Libntlm is a client-side Microsoft NTLM authentication library.

References for the NTLM protocol are:

The NTLM Authentication Protocol, by Eric Glass.
NTLM Authentication Scheme for HTTP, by Ronald Tschalär.

Warning! NTLM is not a secure authentication protocol -- it uses MD4 and single-DES. MD4 has been broken, and single-DES have a too small key size to be considered secure against brute-force attacks. You should only use Libntlm for interoperability purposes, not to achieve any kind of security.

License

Libntlm is licensed under the GNU Lesser General Public License version 2.1 or (at your option) any later version, see COPYING.

This code was initially taken mostly from the Samba project and was initially intended for use with Microsoft Exchange Server when it is configured to require NTLM authentication for clients of it's IMAP server. Today, libntlm contain re-written code, so that the license is now LGPLv2+ instead of the GPL that would be inherited from the Samba files.

Support

The Libntlm project page at GitLab provides git repository, issue tracker, CI/CD and more.

The Libntlm project page at Savannah manages the tarball distribution and the mailing list.

If you want to discuss something related to Libntlm we have a mailing list reachable at libntlm@nongnu.org. Old discussions are available from the Libntlm mailing list archive.

History

The old libntlm (note lower case) was a library that implement Microsoft's NTLM authentication. However, the packaging of libntlm lacked certain things, such as having build problems, lacking shared library support, lacking autoconf macro for use in other applications, lacking pkg-config support, and more. So this page distributes an improved version of the library; called Libntlm (note upper case L to differentiate it from the original libntlm). Compared to the original releases, the current version has been entirely re-written and only shares the same function interfaces.

See NEWS for more detailed release information, however brief updates related to the project are here:

2024年04月13日: Version 1.8 released. Reproducible tarball.
2023年12月31日: Version 1.7 released. Maintainance fixes.
2020年04月19日: Version 1.6 released. Security bugfix for buffer overflow. CVE-2019-17455.
2018年08月24日: Version 1.5 released. LTO/gcc8 support. Git repository moved to GitLab.
2013年07月08日: Version 1.4 released. Build fixes.
2011年06月20日: Version 1.3 released. Proving the project is still alive.
2009年11月06日: Version 1.2 released. Fixes MinGW cross-compile bug.
2009年05月08日: Version 1.1 released. No significant changes.
2008年04月12日: Version 1.0 released. Declared stable.
2008年03月05日: Version 0.4.2 released. Portability fixes for big-endian platforms.
2008年03月05日: Development (source code and web pages) moved to savannah.
2007年10月29日: Version 0.4.1 released. Maintainance release.
2007年09月23日: Version 0.4.0 released. Gnulib files updated, only public API is exported in shared library. Approaching a stable v1.0.
2007年09月23日: Developed in Git instead of CVS.
2007年03月27日: Version 0.3.13 released. Minor portability fixes, by updating from gnulib.
2006年06月24日: Version 0.3.12 released. Minor portability fixes, by updating from gnulib.
2006年05月16日: Version 0.3.11 released. Now works on 64-bit platforms.
2006年03月24日: Version 0.3.10 released. Exports the ntlm_smb_encrypt and ntlm_smb_nt_encrypt APIs.
2005年10月23日: Version 0.3.9 released. The DES and MD4 functions are now shared with gnulib, to simplify maintenance.
2005年09月27日: Version 0.3.8 released. APIs to build requests/responses for usernames with @ in them (earlier an @ was used to separate the username from the realm). Build fixes.
2005年07月15日: Version 0.3.7 released. A spec file was added. Compiler warnings fixed, thanks to Frediano Ziglio. Gnulib is used, currently only for a more robust ntlm_check_version.
2004年09月30日: Version 0.3.6 released. Various cleanups, thanks to Frediano Ziglio.
2004年09月23日: Version 0.3.5 released. Ported to many platforms.
2004年09月23日: Version 0.3.4 released. License changed to LGPL, thanks to rewrites by Frediano Ziglio.
2004年09月18日: Version 0.3.3 released. Use of 'const' in function prototypes. Source code indented according to GNU Coding Standard.
2003年03月17日: Version 0.3.2 released. Only build changes.
2002年10月17日: Version 0.3.1 released. No code changes, but uses automake 1.7, gnits and pkg-config.
2002年10月04日: Anonymous CVS is available via pserver.
2002年10月01日: Version 0.3.0 released. No code changes compared to the last official 0.21 release.

Download

Tarball releases are available from https://download.savannah.nongnu.org/releases/libntlm/.

The tarballs are signed with Simon Josefsson's OpenPGP key:

ed25519 2019年03月20日 [SC] Simon Josefsson <simon@josefsson.org>
B1D2 BD13 75BE CB78 4CF4 F8C4 D73C F638 C53C 06BE

Older releases are signed with Simon Josefsson's OpenPGP key with fingerprint B565716F or Simon Josefsson's OpenPGP key with fingerprint 54265E8C.

Building

Build instructions are in INSTALL. Typically, the following is sufficient:

./configure
make
make check
sudo make install

Development

Clone the source code and bootstrap it as follows:

git clone https://gitlab.com/gsasl/libntlm.git
cd libntlm
./bootstrap

Then build it as usual. See CONTRIBUTING.md for more information.

Usage

The application program must convert these structures to/from base64 which is used to transfer data for IMAP authentication. For example usage see the sources for the mutt MUA or the fetchmail package.

In general the usage is something like shown below (no, I don't know if this code even compiles, but you get the idea hopefully):

#include <ntlm.h>
extern char *seqTag; /* IMAP sequence number */
int imap_auth_ntlm(char *user, char *domain, char *pass)
{
 tSmbNtlmAuthRequest request;
 tSmbNtlmAuthChallenge challenge;
 tSmbNtlmAuthResponse response;
 char buffer[512];
 char tmpstr[32];
 writeToServer("%s AUTHENTICATE NTLM\r\n",seqTag);
 readFromServer(buffer)
 /* buffer should be "+", but we won't show code to check */
 /*
 * prepare the request, convert to base64, and send it to
 * the server. My server didn't care about domain, and NULL
 * worked fine.
 */
 buildSmbNtlmAuthRequest(&request,user,domain);
 convertToBase64(buffer, &request, SmbLength(&request));
 writeToServer("%s\r\n",buffer);
 /* read challange data from server, convert from base64 */
 readFromServer(buffer);
 /* buffer should contain the string "+ [base 64 data]" */
 convertFromBase64(&challenge, buffer+2);
 /* prepare response, convert to base64, send to server */
 buildSmbNtlmAuthResponse(&challenge, &response, user, pass);
 convertToBase64(buffer,&response,SmbLength(&response));
 writeToServer("%s\r\n",buffer);
 /* read line from server, it should be "[seq] OK blah blah blah" */
 readFromServer(buffer);
 sprintf(tmpstr,"%s OK",seqTag);
 if (strncmp(buffer,tmpstr,strlen(tmpstr)))
 {
 /* login failed */
 return -1;
 }
 return 0;
}

Copyright (C) 2002-2024 Simon Josefsson
Copyright (C) 1999 Grant Edwards
Copying and distribution of this file, with or without modification,
are permitted in any medium without royalty provided the copyright
notice and this notice are preserved.