Beispiel #1
0
def handle_basic(req, user, password):
    '''Handle a request authenticated using the Basic Access Authentication
    mechanism (RFC2617).
    '''
    req.log_error('Handling Basic Access Authentication for URI %s' % (req.unparsed_uri))

    domain = req.get_options().get('Domain', req.auth_name())
    client = NTLM_Client(user, domain, password)
    type1 = client.make_ntlm_negotiate()

    try:
        (proxy, type2) = connect_to_proxy(req, type1)
    except Exception, e:
        return apache.HTTP_INTERNAL_SERVER_ERROR
Beispiel #2
0
def ntlm_request(url, user, password, domain):
    
    if not url.startswith('http'):
        url = '//' + url
    (scheme, hostport, path, params, query, frag ) = urlparse.urlparse(url)

    conn = httplib.HTTPConnection(hostport)

    conn.request('GET',path)
    resp = conn.getresponse()
    resp.read()
    if resp.status<400:
        return 'Authorization' in headers
    if resp.status!=401:
        print "Error in HTTP request", resp.status, resp.reason
        return False
    if 'ntlm' not in resp.getheader('WWW-Authenticate').lower():
        print "NTLM Authentication is not supported"
        return False
    conn.close()
    
    # Process 401
    conn = httplib.HTTPConnection(hostport)
    client = NTLM_Client(user, domain, password)

    type1 = client.make_ntlm_negotiate()
    auth = "NTLM " + base64.b64encode(type1)
    headers = { 'Authorization' : auth }
    conn.request('GET',path,None,headers)
    resp = conn.getresponse()
    resp.read()
    if resp.status!=401:
        print "First round NTLM authentication for HTTP request failed", resp.status, resp.reason
        return False

    # Extract Type2, respond to challenge
    type2 = base64.b64decode(resp.getheader('WWW-Authenticate').split(' ')[1])
    client.parse_ntlm_challenge(type2)
    type3 = client.make_ntlm_authenticate()

    auth = "NTLM " + base64.b64encode(type3)
    headers = { 'Authorization' : auth }
    conn.request('GET',path,None,headers)
    resp = conn.getresponse()
    resp.read()
    if resp.status>=400:
        print "Second round NTLM authentication for HTTP request failed", resp.status, resp.reason
        return False

    return True
Beispiel #3
0
def handle_basic(req, user, password):
    '''Handle a request authenticated using the Basic Access Authentication
    mechanism (RFC2617).
    '''
    req.log_error('Handling Basic Access Authentication for URI %s' % (req.unparsed_uri))

    domain = req.get_options().get('Domain', req.auth_name())
    client = NTLM_Client(user, domain, password)
    type1 = client.make_ntlm_negotiate()

    try:
        (proxy, type2) = connect_to_proxy(req, type1)
    except Exception, e:
        return apache.HTTP_INTERNAL_SERVER_ERROR
Beispiel #4
0
def ntlm_request(url, user, password, domain):

    if not url.startswith('http'):
        url = '//' + url
    (scheme, hostport, path, params, query, frag) = urlparse.urlparse(url)

    conn = httplib.HTTPConnection(hostport)

    conn.request('GET', path)
    resp = conn.getresponse()
    resp.read()
    if resp.status < 400:
        return 'Authorization' in headers
    if resp.status != 401:
        print "Error in HTTP request", resp.status, resp.reason
        return False
    if 'ntlm' not in resp.getheader('WWW-Authenticate').lower():
        print "NTLM Authentication is not supported"
        return False
    conn.close()

    # Process 401
    conn = httplib.HTTPConnection(hostport)
    client = NTLM_Client(user, domain, password)

    type1 = client.make_ntlm_negotiate()
    auth = "NTLM " + base64.b64encode(type1)
    headers = {'Authorization': auth}
    conn.request('GET', path, None, headers)
    resp = conn.getresponse()
    resp.read()
    if resp.status != 401:
        print "First round NTLM authentication for HTTP request failed", resp.status, resp.reason
        return False

    # Extract Type2, respond to challenge
    type2 = base64.b64decode(resp.getheader('WWW-Authenticate').split(' ')[1])
    client.parse_ntlm_challenge(type2)
    type3 = client.make_ntlm_authenticate()

    auth = "NTLM " + base64.b64encode(type3)
    headers = {'Authorization': auth}
    conn.request('GET', path, None, headers)
    resp = conn.getresponse()
    resp.read()
    if resp.status >= 400:
        print "Second round NTLM authentication for HTTP request failed", resp.status, resp.reason
        return False

    return True
Beispiel #5
0
def ntlm_request(url, user, password, domain, proxy):

    headers = {}

    if not url.startswith('http'):
        url = '//' + url
    (scheme, hostport, path, params, query, frag ) = urlparse.urlparse(url)
    connect_hostport = hostport
    authenticate_header = 'WWW-Authenticate'
    auth_header = 'Authorization'

    if proxy:
        if not url.startswith('http'):
            url = '//' + url
        (proxy_scheme, proxy_hostport, proxy_path, proxy_params,
                proxy_query, proxy_frag ) = urlparse.urlparse(proxy)
        connect_hostport = proxy_hostport
        auth_header = 'Proxy-Authorization'
        authenticate_header = 'proxy-authenticate'

    conn = httplib.HTTPConnection(connect_hostport)

    headers['Host'] = hostport
    conn.request('GET',path,None,headers)
    resp = conn.getresponse()
    resp.read()
    if resp.status<400:
        return 'Authorization' in headers
    elif resp.status not in (401, 407):
        print "Error in HTTP request", resp.status, resp.reason
        return False

    if 'ntlm' not in resp.getheader(authenticate_header).lower():
        print "NTLM Authentication is not supported"
        return False
    conn.close()

    # Process 401/407
    conn = httplib.HTTPConnection(connect_hostport)
    client = NTLM_Client(user, domain, password)

    type1 = client.make_ntlm_negotiate()
    auth = "NTLM " + base64.b64encode(type1)

    headers = {
            auth_header : auth,
            'Host': hostport }
    conn.request('GET',path,None,headers)
    resp = conn.getresponse()
    resp.read()
    if resp.status not in (401, 407):
        print "First round NTLM authentication for HTTP request failed", resp.status, resp.reason
        return False

    # Extract Type2, respond to challenge
    type2 = base64.b64decode(resp.getheader(authenticate_header).split(' ')[1])
    client.parse_ntlm_challenge(type2)
    type3 = client.make_ntlm_authenticate()

    auth = "NTLM " + base64.b64encode(type3)
    headers = { auth_header : auth,
            'Host': hostport }
    conn.request('GET',path,None,headers)
    resp = conn.getresponse()
    resp.read()
    if resp.status>=400:
        print "Second round NTLM authentication for HTTP request failed", resp.status, resp.reason
        return False

    return True