auth: Remove ntlm mechanism & the LANMAN and NTLM password schemes

dovecot · Nov 6, 2020 · bf7952d · bf7952d
1 parent d3d02fd
commit bf7952d
Show file tree

Hide file tree

Showing 20 changed files with 2 additions and 1,701 deletions.
diff --git a/COPYING b/COPYING
@@ -1,8 +1,7 @@
 See AUTHORS file for list of copyright holders.
 
-Everything in src/lib/, src/auth/, src/lib-sql/ and src/lib-ntlm/ is under
-MIT license (see COPYING.MIT) unless otherwise mentioned at the beginning
-of the file.
+Everything in src/lib/, src/auth/, and src/lib-sql/ is under MIT license
+(see COPYING.MIT) unless otherwise mentioned at the beginning of the file.
 
 Everything else is LGPLv2.1 (see COPYING.LGPL) unless otherwise mentioned
 at the beginning of the file.

diff --git a/configure.ac b/configure.ac
@@ -836,7 +836,6 @@ src/lib-ldap/Makefile
 src/lib-lua/Makefile
 src/lib-mail/Makefile
 src/lib-master/Makefile
-src/lib-ntlm/Makefile
 src/lib-program-client/Makefile
 src/lib-otp/Makefile
 src/lib-dovecot/Makefile

diff --git a/src/Makefile.am b/src/Makefile.am
@@ -40,7 +40,6 @@ SUBDIRS = \
 	lib-index \
 	lib-storage \
 	lib-sql \
-	lib-ntlm \
 	lib-otp \
 	lib-lda \
 	lib-dict-backend \

diff --git a/src/auth/Makefile.am b/src/auth/Makefile.am
@@ -32,7 +32,6 @@ AM_CPPFLAGS = \
 	-I$(top_srcdir)/src/lib-sql \
 	-I$(top_srcdir)/src/lib-settings \
 	-I$(top_srcdir)/src/lib-old-stats \
-	-I$(top_srcdir)/src/lib-ntlm \
 	-I$(top_srcdir)/src/lib-otp \
 	-I$(top_srcdir)/src/lib-master \
 	-I$(top_srcdir)/src/lib-oauth2 \
@@ -72,7 +71,6 @@ auth_libs = \
 	libauth.la \
 	libstats_auth.la \
 	libpassword.la \
-	../lib-ntlm/libntlm.la \
 	../lib-otp/libotp.la \
 	$(LIBDOVECOT_LUA) \
 	$(LIBDOVECOT_SQL)
@@ -119,7 +117,6 @@ libauth_la_SOURCES = \
 	mech-digest-md5.c \
 	mech-external.c \
 	mech-gssapi.c \
-	mech-ntlm.c \
 	mech-otp.c \
 	mech-scram.c \
 	mech-apop.c \
@@ -258,7 +255,6 @@ test_libs = \
 test_libpassword_SOURCES = test-libpassword.c
 test_libpassword_LDADD = \
 	libpassword.la \
-	../lib-ntlm/libntlm.la \
         ../lib-otp/libotp.la \
 	$(CRYPT_LIBS) \
 	$(LIBDOVECOT_SQL) \

diff --git a/src/auth/mech-ntlm.c b/src/auth/mech-ntlm.c
diff --git a/src/auth/mech.c b/src/auth/mech.c
@@ -71,7 +71,6 @@ extern const struct mech_module mech_apop;
 extern const struct mech_module mech_cram_md5;
 extern const struct mech_module mech_digest_md5;
 extern const struct mech_module mech_external;
-extern const struct mech_module mech_ntlm;
 extern const struct mech_module mech_otp;
 extern const struct mech_module mech_scram_sha1;
 extern const struct mech_module mech_scram_sha256;
@@ -203,7 +202,6 @@ void mech_init(const struct auth_settings *set)
 		mech_register_module(&mech_winbind_ntlm);
 		mech_register_module(&mech_winbind_spnego);
 	} else {
-		mech_register_module(&mech_ntlm);
 #if defined(HAVE_GSSAPI_SPNEGO) && defined(BUILTIN_GSSAPI)
 		mech_register_module(&mech_gssapi_spnego);
 #endif
@@ -231,7 +229,6 @@ void mech_deinit(const struct auth_settings *set)
 		mech_unregister_module(&mech_winbind_ntlm);
 		mech_unregister_module(&mech_winbind_spnego);
 	} else {
-		mech_unregister_module(&mech_ntlm);
 #if defined(HAVE_GSSAPI_SPNEGO) && defined(BUILTIN_GSSAPI)
 		mech_unregister_module(&mech_gssapi_spnego);
 #endif

diff --git a/src/auth/password-scheme.c b/src/auth/password-scheme.c
@@ -9,7 +9,6 @@
 #include "md5.h"
 #include "hmac.h"
 #include "hmac-cram-md5.h"
-#include "ntlm.h"
 #include "mycrypt.h"
 #include "randgen.h"
 #include "sha1.h"
@@ -710,32 +709,6 @@ plain_md5_generate(const char *plaintext, const struct password_generate_params
 	*size_r = MD5_RESULTLEN;
 }
 
-static void
-lm_generate(const char *plaintext, const struct password_generate_params *params ATTR_UNUSED,
-	    const unsigned char **raw_password_r, size_t *size_r)
-{
-	unsigned char *digest;
-
-	digest = t_malloc_no0(LM_HASH_SIZE);
-	lm_hash(plaintext, digest);
-
-	*raw_password_r = digest;
-	*size_r = LM_HASH_SIZE;
-}
-
-static void
-ntlm_generate(const char *plaintext, const struct password_generate_params *params ATTR_UNUSED,
-	      const unsigned char **raw_password_r, size_t *size_r)
-{
-	unsigned char *digest;
-
-	digest = t_malloc_no0(NTLMSSP_HASH_SIZE);
-	ntlm_v1_hash(plaintext, digest);
-
-	*raw_password_r = digest;
-	*size_r = NTLMSSP_HASH_SIZE;
-}
-
 static int otp_verify(const char *plaintext, const struct password_generate_params *params ATTR_UNUSED,
 		      const unsigned char *raw_password, size_t size,
 		      const char **error_r)
@@ -797,8 +770,6 @@ static const struct password_scheme builtin_schemes[] = {
 	  NULL, plain_md5_generate },
 	{ "LDAP-MD5", PW_ENCODING_BASE64, MD5_RESULTLEN,
 	  NULL, plain_md5_generate },
-	{ "LANMAN", PW_ENCODING_HEX, LM_HASH_SIZE, NULL, lm_generate },
-	{ "NTLM", PW_ENCODING_HEX, NTLMSSP_HASH_SIZE, NULL, ntlm_generate },
 	{ "OTP", PW_ENCODING_NONE, 0, otp_verify, otp_generate },
         { "PBKDF2", PW_ENCODING_NONE, 0, pbkdf2_verify, pbkdf2_generate },
 };