From 8044d617b8dfd1e16dbb18ecf5b8a1ab753b3545 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=94=D0=B8=D0=BB=D1=8F=D0=BD=20=D0=9F=D0=B0=D0=BB=D0=B0?= =?UTF-8?q?=D1=83=D0=B7=D0=BE=D0=B2?= Date: Sat, 23 Mar 2024 10:17:01 +0000 Subject: [PATCH] Remove support for NTLM As it is removed upstream from cyrus-sasl https://github.com/cyrusimap/cyrus-sasl/commit/60f2b06ca13f8f1390a11139083104e5a52e1ab0 --- docsrc/imap/download/installation/manage-dav.rst | 4 ++-- docsrc/imap/rfc-support.rst | 2 -- imap/http_proxy.c | 2 +- imap/httpd.c | 4 +--- imap/httpd.h | 7 +++---- imtest/imtest.c | 2 +- 6 files changed, 8 insertions(+), 13 deletions(-) diff --git a/docsrc/imap/download/installation/manage-dav.rst b/docsrc/imap/download/installation/manage-dav.rst index 1a50869231..960aa5a501 100644 --- a/docsrc/imap/download/installation/manage-dav.rst +++ b/docsrc/imap/download/installation/manage-dav.rst @@ -85,8 +85,8 @@ authentication does not depend on a Cyrus SASL plugin. The advertisement of the other HTTP authentication schemes is controlled by the :ref:`SASL mech_list option ` option. For Cyrus httpd -the GSS-SPNEGO, NTLM, SCRAM-SHA-1, and SCRAM-SHA-256 values enable -support for the Negotiate (Kerberos only), NTLM, SCRAM-SHA-1, and +the GSS-SPNEGO, SCRAM-SHA-1, and SCRAM-SHA-256 values enable +support for the Negotiate (Kerberos only), SCRAM-SHA-1, and SCRAM-SHA-256 authentication schemes respectively, provided that the plugins are installed on the server. diff --git a/docsrc/imap/rfc-support.rst b/docsrc/imap/rfc-support.rst index 416cde263f..105ad88014 100644 --- a/docsrc/imap/rfc-support.rst +++ b/docsrc/imap/rfc-support.rst @@ -959,8 +959,6 @@ draft-murchison-lmtp-ignorequota LMTP Service Extension for Ignoring Recipient Quotas -[MS-NTHT] NTLM Over HTTP Protocol Specification - draft-ietf-sieve-regex Sieve Email Filtering -- Regular Expression Extension diff --git a/imap/http_proxy.c b/imap/http_proxy.c index d9e3eb8ec6..fbacf10447 100644 --- a/imap/http_proxy.c +++ b/imap/http_proxy.c @@ -458,7 +458,7 @@ static int login(struct backend *s, const char *userid, serverin = base64; } - /* SASL mech (SCRAM-*, Digest, Negotiate, NTLM) */ + /* SASL mech (SCRAM-*, Digest, Negotiate) */ r = sasl_client_step(s->saslconn, serverin, serverinlen, NULL, /* no prompts */ &clientout, &clientoutlen); diff --git a/imap/httpd.c b/imap/httpd.c index e1cb8431a0..85a8f50147 100644 --- a/imap/httpd.c +++ b/imap/httpd.c @@ -451,8 +451,6 @@ struct auth_scheme_t auth_schemes[] = { { AUTH_SCRAM_SHA1, "SCRAM-SHA-1", "SCRAM-SHA-1", AUTH_NEED_PERSIST | AUTH_SERVER_FIRST | AUTH_BASE64 | AUTH_REALM_PARAM | AUTH_DATA_PARAM }, - { AUTH_NTLM, "NTLM", "NTLM", - AUTH_NEED_PERSIST | AUTH_BASE64 }, { AUTH_BEARER, "Bearer", NULL, AUTH_SERVER_FIRST | AUTH_REALM_PARAM }, AUTH_SCHEME_BASIC, @@ -4302,7 +4300,7 @@ static int http_auth(const char *creds, struct transaction_t *txn) httpd_authstate = auth_newstate(user); } else { - /* SASL-based authentication (SCRAM_*, Digest, Negotiate, NTLM) */ + /* SASL-based authentication (SCRAM_*, Digest, Negotiate) */ const char *serverout = NULL; unsigned int serveroutlen = 0; unsigned int auth_params_len = 0; diff --git a/imap/httpd.h b/imap/httpd.h index 0d796350be..b9ee1b8755 100644 --- a/imap/httpd.h +++ b/imap/httpd.h @@ -182,10 +182,9 @@ struct auth_scheme_t { enum { AUTH_BASIC = (1<<0), AUTH_SPNEGO = (1<<1), - AUTH_NTLM = (1<<2), - AUTH_BEARER = (1<<3), - AUTH_SCRAM_SHA1 = (1<<4), - AUTH_SCRAM_SHA256 = (1<<5) + AUTH_BEARER = (1<<2), + AUTH_SCRAM_SHA1 = (1<<3), + AUTH_SCRAM_SHA256 = (1<<4) }; /* Auth scheme flags */ diff --git a/imtest/imtest.c b/imtest/imtest.c index b517f3288d..f431718dfd 100644 --- a/imtest/imtest.c +++ b/imtest/imtest.c @@ -2703,7 +2703,7 @@ static void usage(char *prog, char *prot) else if (!strcasecmp(prot, "nntp")) printf(" (\"user\" for AUTHINFO USER/PASS\n"); else if (!strcasecmp(prot, "http")) - printf(" (\"basic\", \"digest\", \"negotiate\", \"ntlm\")\n"); + printf(" (\"basic\", \"digest\", \"negotiate\")\n"); printf(" -f file : pipe file into connection after authentication\n"); printf(" -r realm : realm\n"); #ifdef HAVE_SSL