protobjs = rcfile_y.o rcfile_l.o socket.o getpass.o pop2.o pop3.o imap.o \
etrn.o fetchmail.o env.o options.o daemon.o driver.o sink.o \
rfc822.o smtp.o xmalloc.o uid.o mxget.o md5c.o md5ify.o rpa.o \
- interface.o netrc.o base64.o error.o unmime.o conf.o checkalias.o
+ interface.o netrc.o base64.o error.o unmime.o conf.o checkalias.o \
+ smbdes.o smbencrypt.o smbmd4.o smbutil.o
objs = $(protobjs) $(extras) $(EXTRAOBJ)
$(srcdir)/md5c.c $(srcdir)/md5ify.c $(srcdir)/rpa.c \
$(srcdir)/interface.c $(srcdir)/netrc.c $(srcdir)/base64.c \
$(srcdir)/error.c $(srcdir)/unmime.c $(srcdir)/conf.c \
- $(srcdir)/checkalias.c
+ $(srcdir)/checkalias.c $(srcdir)/smbdes.c $(srcdir)/smbencrypt.c \
+ $(srcdir)/smbmd4.c $(srcdir)/smbutil.c
.SUFFIXES:
.SUFFIXES: .o .c .h .y .l .ps .dvi .info .texi
headers = $(srcdir)/fetchmail.h $(srcdir)/socket.h $(srcdir)/smtp.h \
$(srcdir)/mx.h $(srcdir)/md5.h $(srcdir)/md5global.h \
$(srcdir)/netrc.h $(srcdir)/tunable.h $(srcdir)/i18n.h \
- $(srcdir)/aclocal.m4
+ $(srcdir)/aclocal.m4 $(srcdir)/ntlm.h $(srcdir)/smb.h \
+ $(srcdir)/smbbyteorder.h $(srcdir)/smbdes.h $(srcdir)/smbencrypt.h \
+ $(srcdir)/smbmd4.h
extra = $(srcdir)/alloca.c $(srcdir)/getopt.[ch] $(srcdir)/getopt1.c \
$(srcdir)/strcasecmp.c $(srcdir)/strstr.c $(srcdir)/memmove.c
docs = $(srcdir)/COPYING $(srcdir)/FEATURES $(srcdir)/fetchmail-features.html \
$(srcdir)/design-notes.html $(srcdir)/NOTES \
- $(srcdir)/INSTALL $(srcdir)/NEWS $(srcdir)/README \
- $(srcdir)/fetchmail.lsm $(srcdir)/sample.rcfile \
- $(srcdir)/*.man $(srcdir)/FAQ $(srcdir)/fetchmail-FAQ.html
+ $(srcdir)/INSTALL $(srcdir)/NEWS $(srcdir)/README \
+ $(srcdir)/README.NTLM $(srcdir)/fetchmail.lsm $(srcdir)/sample.rcfile \
+ $(srcdir)/*.man $(srcdir)/FAQ $(srcdir)/fetchmail-FAQ.html \
config = $(srcdir)/Makefile.in $(srcdir)/configure.in $(srcdir)/configure \
$(srcdir)/config.guess $(srcdir)/config.h.in $(srcdir)/config.sub \
$(srcdir)/acconfig.h
fetchmail-5.0.8 ():
* Todd Sabin's patch to accept spaces in CRAM-MD5 names.
-* Fix to endianness patch, by Dan Root via Lawrence Rogers.
+* Fix to CRAM endianness patch, by Dan Root via Lawrence Rogers.
* Suppress duplicates by message ID in multidrop mode.
+* NTLM support for querying Microsoft Exchange servers, from Grant Edwards.
+
+There are 263 people on fetchmail-friends and 441 on fetchmail-announce.
fetchmail-5.0.7 (Sat Aug 21 04:26:13 EDT 1999):
* RPA support works again.
/* Define if you want RPA support compiled in */
#undef RPA_ENABLE
+/* Define if you want NTLM authentication */
+#undef NTLM_ENABLE
+
/* Define if you want SDPS support compiled in */
#undef SDPS_ENABLE
[with_RPA=no])
test "$with_RPA" = "yes" && AC_DEFINE(RPA_ENABLE)
+### use option --enable-NTLM to compile in the NTLM support
+AC_ARG_ENABLE(NTLM,
+ [ --enable-NTLM compile in NTLM authentication support],
+ [with_NTLM=$enableval],
+ [with_NTLM=no])
+test "$with_NTLM" = "yes" && AC_DEFINE(NTLM_ENABLE)
+
### use option --enable-SDPS to compile in the SDPS support
AC_ARG_ENABLE(SDPS,
[ --enable-SDPS compile in SDPS protocol support],
<table width="100%" cellpadding=0><tr>
<td width="30%">Back to <a href="index.html">Fetchmail Home Page</a>
<td width="30%" align=center>To <a href="/~esr/sitemap.html">Site Map</a>
-<td width="30%" align=right>$Date: 1999/08/21 06:04:18 $
+<td width="30%" align=right>$Date: 1999/09/14 07:38:00 $
</table>
<HR>
<H1>Frequently Asked Questions About Fetchmail</H1>
<hr>
<h2><a name="S2">S2. How can I use fetchmail with Microsoft Exchange?</a></h2>
+Fetchmail now supports the proprietary NTLM mode used with M$ Exchange
+servers. To enable this, configure fetchmail with the --enable-NTLM
+option and recompile it.<P>
+
M$ Exchange violates the POP3 RFCs. Its LIST command does not reveal
the real sizes of mail in the pop mailbox, but the sizes of the
compressed versions in the exchange mail database (thanks to Arjan De
This is a customer lock-in tactic; we recommend boycotting MSN as the
only appropriate response.<p>
+As of 5.0.8, we have support for the client side of NTLM
+authentication. It's possible this may enable fetchmail to talk to
+MSN; if so, somebody should report it so this FAQ can be corrected.<p>
+
<hr>
<h2><a name="S10">S10. How can I use fetchmail with SpryNet?</a></h2>
<table width="100%" cellpadding=0><tr>
<td width="30%">Back to <a href="index.html">Fetchmail Home Page</a>
<td width="30%" align=center>To <a href="/~esr/sitemap.html">Site Map</a>
-<td width="30%" align=right>$Date: 1999/08/21 06:04:18 $
+<td width="30%" align=right>$Date: 1999/09/14 07:38:00 $
</table>
<P><ADDRESS>Eric S. Raymond <A HREF="mailto:esr@thyrsus.com"><esr@snark.thyrsus.com></A></ADDRESS>
<table width="100%" cellpadding=0><tr>
<td width="30%">Back to <a href="index.html">Fetchmail Home Page</a>
<td width="30%" align=center>To <a href="/~esr/sitemap.html">Site Map</a>
-<td width="30%" align=right>$Date: 1999/06/08 07:20:17 $
+<td width="30%" align=right>$Date: 1999/09/14 07:38:00 $
</table>
<HR>
<H2>Since 5.0:</H2>
<UL>
+<LI>NTLM support, so fetchmail can query Microsoft Exchange servers.
+
<LI>Expunge option can now be used to break POP3 retrieval into subsessions.
<LI>Support for AUTH=CRAM-MD5 under IMAP, a la RFC2195.
<table width="100%" cellpadding=0><tr>
<td width="30%">Back to <a href="index.html">Fetchmail Home Page</a>
<td width="30%" align=center>To <a href="/~esr/sitemap.html">Site Map</a>
-<td width="30%" align=right>$Date: 1999/06/08 07:20:17 $
+<td width="30%" align=right>$Date: 1999/09/14 07:38:00 $
</table>
<P><ADDRESS>Eric S. Raymond <A HREF="mailto:esr@thyrsus.com"><esr@snark.thyrsus.com></A></ADDRESS>
#ifdef RPA_ENABLE
printf("+RPA");
#endif /* RPA_ENABLE */
+#ifdef NTLM_ENABLE
+ printf("+NTLM");
+#endif /* NTLM_ENABLE */
#ifdef SDPS_ENABLE
printf("+SDPS");
#endif /* SDPS_ENABLE */
authentication instead of sending over the password en clair if it
detects "@compuserve.com" in the hostname.
.PP
+Microsoft's NTLM authentication (used by Microsoft Exchange) is
+supported. If you compile in the support, \fIfetchmail\fR will try to
+perform an NTLM authentication (instead of sending over the
+password en clair) whenever the server returns AUTH=NTLM in its
+capability response.
+.PP
If you are using IPsec, the -T (--netsec) option can be used to pass
an IP security request to be used when outgoing IP connections are
initialized. You can also do this using the `netsec' server option
MD5Final (response, &ctx);
}
+#if NTLM_ENABLE
+#include "ntlm.h"
+
+static tSmbNtlmAuthRequest request;
+static tSmbNtlmAuthChallenge challenge;
+static tSmbNtlmAuthResponse response;
+
+/*
+ * NTLM support by Grant Edwards.
+ *
+ * Handle MS-Exchange NTLM authentication method. This is the same
+ * as the NTLM auth used by Samba for SMB related services. We just
+ * encode the packets in base64 instead of sending them out via a
+ * network interface.
+ *
+ * Much source (ntlm.h, smb*.c smb*.h) was borrowed from Samba.
+ */
+
+static int do_imap_ntlm(int sock, struct query *ctl)
+{
+ char msgbuf[2048];
+ int result,len;
+
+ gen_send(sock, "AUTHENTICATE NTLM");
+
+ if ((result = gen_recv(sock, msgbuf, sizeof msgbuf)))
+ return result;
+
+ if (msgbuf[0] != '+')
+ return PS_AUTHFAIL;
+
+ buildSmbNtlmAuthRequest(&request,ctl->remotename,NULL);
+
+ if (outlevel >= O_DEBUG)
+ dumpSmbNtlmAuthRequest(stdout, &request);
+
+ memset(msgbuf,0,sizeof msgbuf);
+ to64frombits (msgbuf, (unsigned char*)&request, SmbLength(&request));
+
+ if (outlevel >= O_MONITOR)
+ report(stdout, "IMAP> %s\n", msgbuf);
+
+ strcat(msgbuf,"\r\n");
+ SockWrite (sock, msgbuf, strlen (msgbuf));
+
+ if ((gen_recv(sock, msgbuf, sizeof msgbuf)))
+ return result;
+
+ len = from64tobits ((unsigned char*)&challenge, msgbuf);
+
+ if (outlevel >= O_DEBUG)
+ dumpSmbNtlmAuthChallenge(stdout, &challenge);
+
+ buildSmbNtlmAuthResponse(&challenge, &response,ctl->remotename,ctl->password);
+
+ if (outlevel >= O_DEBUG)
+ dumpSmbNtlmAuthResponse(stdout, &response);
+
+ memset(msgbuf,0,sizeof msgbuf);
+ to64frombits (msgbuf, (unsigned char*)&response, SmbLength(&response));
+
+ if (outlevel >= O_MONITOR)
+ report(stdout, "IMAP> %s\n", msgbuf);
+
+ strcat(msgbuf,"\r\n");
+
+ SockWrite (sock, msgbuf, strlen (msgbuf));
+
+ if ((result = gen_recv (sock, msgbuf, sizeof msgbuf)))
+ return result;
+
+ if (strstr (msgbuf, "OK"))
+ return PS_SUCCESS;
+ else
+ return PS_AUTHFAIL;
+}
+#endif /* NTLM */
static int do_cram_md5 (int sock, struct query *ctl)
/* authenticate as per RFC2195 */
}
#endif /* KERBEROS_V4 */
- if (strstr (capabilities, "AUTH=CRAM-MD5"))
+ if (strstr(capabilities, "AUTH=CRAM-MD5"))
{
if (outlevel >= O_DEBUG)
report (stdout, _("CRAM-MD5 authentication is supported\n"));
return ok;
}
+#ifdef NTLM_ENABLE
+ if (strstr (capabilities, "AUTH=NTLM"))
+ {
+ if (outlevel >= O_DEBUG)
+ report (stdout, _("NTLM authentication is supported\n"));
+ if ((ok = do_imap_ntlm (sock, ctl)))
+ {
+ if (outlevel >= O_MONITOR)
+ report (stdout, "IMAP> *\n");
+ SockWrite (sock, "*\r\n", 3);
+ }
+ return ok;
+ }
+#endif /* NTLM_ENABLE */
+
#ifdef __UNUSED__ /* The Cyrus IMAP4rev1 server chokes on this */
/* this handles either AUTH=LOGIN or AUTH-LOGIN */
if ((imap_version >= IMAP4rev1) && (!strstr(capabilities, "LOGIN"))) {
projects / ~andy / fetchmail / commitdiff