def ntlm_request(url, user, password, domain):
if not url.startswith('http'):
url = '//' + url
(scheme, hostport, path, params, query, frag ) = urlparse.urlparse(url)
conn = httplib.HTTPConnection(hostport)
conn.request('GET',path)
resp = conn.getresponse()
resp.read()
if resp.status<400:
return 'Authorization' in headers
if resp.status!=401:
print "Error in HTTP request", resp.status, resp.reason
return False
if 'ntlm' not in resp.getheader('WWW-Authenticate').lower():
print "NTLM Authentication is not supported"
return False
conn.close()
# Process 401
conn = httplib.HTTPConnection(hostport)
client = NTLM_Client(user, domain, password)
type1 = client.make_ntlm_negotiate()
auth = "NTLM " + base64.b64encode(type1)
headers = { 'Authorization' : auth }
conn.request('GET',path,None,headers)
resp = conn.getresponse()
resp.read()
if resp.status!=401:
print "First round NTLM authentication for HTTP request failed", resp.status, resp.reason
return False
# Extract Type2, respond to challenge
type2 = base64.b64decode(resp.getheader('WWW-Authenticate').split(' ')[1])
client.parse_ntlm_challenge(type2)
type3 = client.make_ntlm_authenticate()
auth = "NTLM " + base64.b64encode(type3)
headers = { 'Authorization' : auth }
conn.request('GET',path,None,headers)
resp = conn.getresponse()
resp.read()
if resp.status>=400:
print "Second round NTLM authentication for HTTP request failed", resp.status, resp.reason
return False
return True
def handle_basic(req, user, password):
'''Handle a request authenticated using the Basic Access Authentication
mechanism (RFC2617).
'''
req.log_error('Handling Basic Access Authentication for URI %s' % (req.unparsed_uri))
domain = req.get_options().get('Domain', req.auth_name())
client = NTLM_Client(user, domain, password)
type1 = client.make_ntlm_negotiate()
try:
(proxy, type2) = connect_to_proxy(req, type1)
except Exception, e:
return apache.HTTP_INTERNAL_SERVER_ERROR
