Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
NTLM Support for TidSMTP
#1
Is this something that is currently supported, downloaded the latest source after coming across AV's with this SASL processing and it looks like this is not enabled?

Code:
AV was with this line: setup_des_key(PDES_cblock(Integer(Akeys) + 7)^, ks);


Is there any information on NTLM support now or is that gone?

Looks like IdFIPS.pas disables NTLM by default now:

Code:
function DefLoadNTLMLibrary: Boolean;
begin
  Result := False;
end;



Thanks
Matt
Reply
#2
(11-10-2024, 08:05 PM)Matt G Wrote: Is this something that is currently supported

No, NTLM over SASL has never been supported. Although there is a TIdSASLNTLM component in the IdSASL_NTLM.pas unit of the IndyProtocols package, it has never been tested or registered on the IDE's component Palette.

(11-10-2024, 08:05 PM)Matt G Wrote: downloaded the latest source after coming across AV's with this SASL processing and it looks like this is not enabled?

Code:
AV was with this line: setup_des_key(PDES_cblock(Integer(Akeys) + 7)^, ks);

That particular line of code is present only in the IdNTLMv2.pas unit, which was never finished, and is used only by TIdSASLNTLM. Also, that code doesn't look like it was ever re-written to handle 64bit builds.

(11-10-2024, 08:05 PM)Matt G Wrote: Is there any information on NTLM support now or is that gone?

NTLM is (and always has been) supported only for HTTP, not for SASL. I don't have any immediate plans to finish NTLM support for SASL. If someone else wants to finish it, I can incorporate it. However, Microsoft officially deprecated NTLM in 2023 and will be dropping it completely probably in 2025, so I don't think it is really worth the effort at this point.

(11-10-2024, 08:05 PM)Matt G Wrote: Looks like IdFIPS.pas disables NTLM by default now:

Code:
function DefLoadNTLMLibrary: Boolean;
begin
  Result := False;
end;

What you are seeing is just a default. Portions of Indy's NTLM code is (and always has been) handled by OpenSSL. IdFIPS.pas and IdNTLM.pas were simply refactored a few months ago (in preparation for moving OpenSSL from the main Indy library into its own separate package). Code in IdNTLM.pas that was directly calling a few OpenSSL functions has been moved into the IdSSLOpenSSLHeaders.pas unit, and is callable by IdNTLM.pas through some new function pointers added to IdFIPS.pas. The new logic is meant to help abstract NTLM access so users can substitute OpenSSL with another NTLM library if they desire.

Reply
#3
Thanks ok, that's understandable shame its been added but never finished i spent several hours looking why my customers email was not working with this. Im not sure if it was a new server or old maybe.
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)