Add ntlm authentication support for mail (#23811)

YT315 · yangtan_win · silverwind · web-flow · commit 8be6da3e2fd0 · 2023-05-02T17:40:46.000-04:00
Add ntlm authentication support for mail
use "github.com/Azure/go-ntlmssp"

---------

Co-authored-by: yangtan_win &lt;YangTan@Fitsco.com.cn&gt;
Co-authored-by: silverwind &lt;me@silverwind.io&gt;
diff --git a/go.mod b/go.mod
@@ -14,6 +14,7 @@ require (
 	gitea.com/lunny/dingtalk_webhook v0.0.0-20171025031554-e3534c89ef96
 	gitea.com/lunny/levelqueue v0.4.2-0.20220729054728-f020868cc2f7
 	github.com/42wim/sshsig v0.0.0-20211121163825-841cf5bbc121
+	github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358
 	github.com/NYTimes/gziphandler v1.1.1
 	github.com/PuerkitoBio/goquery v1.8.0
 	github.com/alecthomas/chroma/v2 v2.5.0
@@ -127,7 +128,6 @@ require (
 	cloud.google.com/go/compute v1.18.0 // indirect
 	cloud.google.com/go/compute/metadata v0.2.3 // indirect
 	git.sr.ht/~mariusor/go-xsd-duration v0.0.0-20220703122237-02e73435a078 // indirect
-	github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 // indirect
 	github.com/Masterminds/goutils v1.1.1 // indirect
 	github.com/Masterminds/semver/v3 v3.2.0 // indirect
 	github.com/Masterminds/sprig/v3 v3.2.3 // indirect
diff --git a/services/mailer/mailer.go b/services/mailer/mailer.go
@@ -26,6 +26,7 @@ import (
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/templates"
 
+	ntlmssp "github.com/Azure/go-ntlmssp"
 	"github.com/jaytaylor/html2text"
 	"gopkg.in/gomail.v2"
 )
@@ -145,6 +146,35 @@ func (a *loginAuth) Next(fromServer []byte, more bool) ([]byte, error) {
 	return nil, nil
 }
 
+type ntlmAuth struct {
+	username, password, domain string
+	domainNeeded               bool
+}
+
+// NtlmAuth SMTP AUTH NTLM Auth Handler
+func NtlmAuth(username, password string) smtp.Auth {
+	user, domain, domainNeeded := ntlmssp.GetDomain(username)
+	return &ntlmAuth{user, password, domain, domainNeeded}
+}
+
+// Start starts SMTP NTLM Auth
+func (a *ntlmAuth) Start(server *smtp.ServerInfo) (string, []byte, error) {
+	negotiateMessage, err := ntlmssp.NewNegotiateMessage(a.domain, "")
+	return "NTLM", negotiateMessage, err
+}
+
+// Next next step of SMTP ntlm auth
+func (a *ntlmAuth) Next(fromServer []byte, more bool) ([]byte, error) {
+	if more {
+		if len(fromServer) == 0 {
+			return nil, fmt.Errorf("ntlm ChallengeMessage is empty")
+		}
+		authenticateMessage, err := ntlmssp.ProcessChallenge(fromServer, a.username, a.password, a.domainNeeded)
+		return authenticateMessage, err
+	}
+	return nil, nil
+}
+
 // Sender SMTP mail sender
 type smtpSender struct{}
 
@@ -237,6 +267,8 @@ func (s *smtpSender) Send(from string, to []string, msg io.WriterTo) error {
 		} else if strings.Contains(options, "LOGIN") {
 			// Patch for AUTH LOGIN
 			auth = LoginAuth(opts.User, opts.Passwd)
+		} else if strings.Contains(options, "NTLM") {
+			auth = NtlmAuth(opts.User, opts.Passwd)
 		}
 
 		if auth != nil {
