Add support for Windows Auth (Kerberos + NTLM) #43
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Adds support for sending emails with Windows authentication protocols Kerberos or NTLM. This is only supported on Windows hosts due to its reliance on Windows APIs. Currently it also embeds an edited NSspi assembly that has been changed to include support for the SASL mechanisms needed by SMTP.
|
I've started rebuilding Mailozaurr in C# I got it mostly working for SMTP sending, including signature/encryption with SMIME - I guess it should be easier now. It's not yet ready, but at least most code for SMTP is C# now. |
|
The code here works, it just required changes in the underlying NSSPI library (which seems to be dead) to achieve. The SASL used with Kerberos needs to sign the payload after the auth which the NTLM one does not need to do. This is why you were able to do it there. I'll eventually get back to my GSSAPI/SSPI C# library but it's sitting in a pretty big TODO pile right now :) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Adds support for sending emails with Windows authentication protocols Kerberos or NTLM. This is only supported on Windows hosts due to its reliance on Windows APIs. Currently it also embeds an edited NSspi assembly that has been changed to include support for the SASL mechanisms needed by SMTP.
This is not really in a merge able position at the moment. It includes a custom NSspi assembly as the latest on nuget does not support channel binding token support antiduh/nsspi#28 and the decryption mechanism will not work with how SASL requires it here. I've included a diff for the changes I've made to the assembly just to show what is needed on their end. The last commit made to that repository was in 2019 so I'm not sure if it's actively maintained (it may still be). Might be worth looking at different options here.
I've also switched up the parameter sets a bit more by including an
-AuthType ...rather than a dedicated switch parameter for windows authentication. I didn't particularly want to add yet another parameter set to the parameters just for this feature but I'll let you decide on what you would like to do here.Cross platform support could technically still be done but it's even more work. Ultimately the work that is required here is quite a lot and without a compiled build, it is not really feasible to do it in pwsh scripts.