def www_ntlm_authentication(self, connection):
""
connection.logger.log("*** Authorization in progress...\n")
connection.close_rserver()
# build an environment
env = self.build_env_dict(connection)
if env["NTLM_TO_BASIC"]:
got_credentials = self.translate_to_basic(env, connection, "401")
if not got_credentials:
connection.logger.log(
"*** Passing modified server's response to clent.\n")
connection.logger.log(
"*** End of firts stage of NTLM translation.\n")
return
connection.connect_rserver()
NTLM_msg1 = ntlm_messages.create_message1(env)
connection.logger_auth.log(ntlm_messages.debug_message1(NTLM_msg1))
tmp_client_head_obj = connection.client_head_obj.copy()
tmp_client_head_obj.replace_param_value("Connection", "Keep-Alive")
# tmp_client_head_obj.replace_param_value('Authorization', 'Negotiate ' + NTLM_msg1)
tmp_client_head_obj.replace_param_value("Authorization",
"NTLM " + NTLM_msg1)
connection.reset_rserver()
connection.rserver_buffer = ""
connection.logger.log("*** Remote server buffer flushed.\n")
# If we are POST/PUT-ing a large chunk of data we don't want
# to do this at this time, so we change the data to 'abc' with
# lenght = 3.
if connection.client_head_obj.get_http_method() in ("POST", "PUT"):
tmp_client_head_obj.replace_param_value("Content-Length", "3")
connection.logger.log("*** Fake NTLM header with Msg1:\n=====\n" +
tmp_client_head_obj.__repr__())
connection.logger.log(
"*** Sending Fake NTLM header (and body) with Msg1...")
tmp_client_head_obj.send(connection.rserver_socket)
if connection.client_head_obj.get_http_method() in ("POST", "PUT"):
try:
connection.rserver_socket.send("abc")
except:
# could not send data to remote server and have to end function
connection.rserver_socket_closed = 1
connection.logger.log(
"Failed.\n*** Could not send client data to remote server. Exception in send().\n"
)
return
connection.logger.log("Done.\n")
connection.logger.log(
"*** Waiting for message 2 from the remote server...\n")
while (not connection.rserver_all_got) and (
not connection.rserver_socket_closed):
select.select([connection.rserver_socket.fileno()], [], [], 2.0)
connection.run_rserver_loop()
if connection.config["DEBUG"]["SCR_DEBUG"]:
print("\b+")
if connection.rserver_head_obj:
connection.logger.log("*** Got NTLM message 2 from server.\n")
# connection.logger.log('*** Remote server header with NTLM Msg2:\n=====\n' + connection.rserver_head_obj.__repr__())
else:
# could not get response with msg2 from remote server and have to end function
connection.logger.log(
"*** Could not get response with msg2 from server.\n")
connection.logger.log("*** Stop Request = %d.\n" %
connection.stop_request)
return
auth = connection.rserver_head_obj.get_param_values("Www-Authenticate")
if auth:
# connection.logger.log('### %s\n' % auth)
msg2 = string.strip(string.split(auth[0])[1])
connection.logger_auth.log(ntlm_messages.debug_message2(msg2))
nonce = ntlm_messages.parse_message2(msg2)
NTLM_msg3 = ntlm_messages.create_message3(nonce, env)
connection.logger_auth.log(ntlm_messages.debug_message3(NTLM_msg3))
else:
NTLM_msg3 = ""
tmp_client_head_obj = connection.client_head_obj.copy()
# tmp_client_head_obj.replace_param_value('Authorization', 'Negotiate ' + NTLM_msg3)
tmp_client_head_obj.replace_param_value("Authorization",
"NTLM " + NTLM_msg3)
connection.reset_rserver()
connection.rserver_buffer = ""
connection.logger.log("*** Remote server buffer flushed.\n")
connection.logger.log(
"*** Sending Fake NTLM header (not body) with Msg3...")
tmp_client_head_obj.send(connection.rserver_socket)
connection.logger.log("Done.\n")
connection.logger.log("*** Fake NTLM header with Msg3:\n=====\n" +
tmp_client_head_obj.__repr__())
# upon exit all the remote server variables are reset
# so new remote server response will be taken by the usual way in connection.run()
connection.logger.log("*** End of NTLM authorization process.\n")
def proxy_ntlm_authentication(self, connection):
""
connection.logger.log('*** Authorization in progress...\n')
connection.close_rserver()
# build an environment
env = self.build_env_dict(connection)
if env['NTLM_TO_BASIC']:
got_credentials = self.translate_to_basic(env, connection, '407')
if not got_credentials:
connection.logger.log("*** Passing modified server's response to clent.\n")
connection.logger.log('*** End of firts stage of NTLM translation.\n')
return
connection.connect_rserver()
NTLM_msg1 = ntlm_messages.create_message1(env)
connection.logger_auth.log(ntlm_messages.debug_message1(NTLM_msg1))
tmp_client_head_obj = connection.client_head_obj.copy()
tmp_client_head_obj.replace_param_value('Proxy-Connection', 'Keep-Alive')
tmp_client_head_obj.replace_param_value('Proxy-Authorization', 'NTLM ' + NTLM_msg1)
connection.reset_rserver()
connection.rserver_buffer = ''
connection.logger.log('*** Remote server buffer flushed.\n')
# If we are POST/PUT-ing a large chunk of data we don't want
# to do this at this time, so we change the data to 'abc' with
# lenght = 3.
if connection.client_head_obj.get_http_method() in ('POST', 'PUT'):
tmp_client_head_obj.replace_param_value('Content-Length', '3')
connection.logger.log('*** Fake NTLM header with Msg1:\n=====\n' + tmp_client_head_obj.__repr__())
connection.logger.log('*** Sending Fake NTLM header with Msg1...')
tmp_client_head_obj.send(connection.rserver_socket)
connection.logger.log('Done.\n')
if connection.client_head_obj.get_http_method() in ('POST', 'PUT'):
try:
connection.logger.log("*** Sending fake 'abc' bytes body...")
connection.rserver_socket.send('abc')
connection.logger.log("Done.\n")
except:
# could not send data to remote server and have to end function
connection.rserver_socket_closed = 1
connection.logger.log('Failed.\n*** Could not send client data to remote server. Exception in send().\n')
return
else:
connection.logger.log("*** There must be no body to send.\n")
connection.logger.log('*** Waiting for message 2 from remote server...\n')
while((not connection.rserver_all_got) and (not connection.rserver_socket_closed)):
select.select([connection.rserver_socket.fileno()], [], [], 2.0)
connection.run_rserver_loop()
if connection.config['DEBUG']['SCR_DEBUG']: print ' +',
if connection.rserver_head_obj:
connection.logger.log('*** Got NTLM message 2 from remote server.\n')
else:
# could not get response with msg2 from remote server and have to end function
connection.logger.log('*** Could not get response with msg2 from remote server.\n')
connection.logger.log('*** Stop Request = %d.\n' % connection.stop_request)
return
auth = connection.rserver_head_obj.get_param_values('Proxy-Authenticate')
if auth:
msg2 = string.strip(string.split(auth[0])[1])
connection.logger_auth.log(ntlm_messages.debug_message2(msg2))
nonce = ntlm_messages.parse_message2(msg2)
NTLM_msg3 = ntlm_messages.create_message3(nonce, env)
connection.logger_auth.log(ntlm_messages.debug_message3(NTLM_msg3))
else:
NTLM_msg3 = ''
tmp_client_head_obj = connection.client_head_obj.copy()
tmp_client_head_obj.replace_param_value('Proxy-Authorization', 'NTLM ' + NTLM_msg3)
connection.reset_rserver()
connection.rserver_buffer = ''
connection.logger.log('*** Remote server buffer flushed.\n')
connection.logger.log('*** Sending Fake NTLM header (not body) with Msg3...')
tmp_client_head_obj.send(connection.rserver_socket)
connection.logger.log('Done.\n')
connection.logger.log('*** Fake NTLM header with Msg3:\n=====\n' + tmp_client_head_obj.__repr__())
# upon exit all the remote server variables are reset
# so new remote server response will be taken by the usual way in connection.run()
connection.logger.log('*** End of NTLM authorization process.\n')
def proxy_ntlm_authentication(self, connection):
""
connection.logger.log('*** Authorization in progress...\n')
connection.close_rserver()
# build an environment
env = self.build_env_dict(connection)
if env['NTLM_TO_BASIC']:
got_credentials = self.translate_to_basic(env, connection, '407')
if not got_credentials:
connection.logger.log("*** Passing modified server's response to clent.\n")
connection.logger.log('*** End of firts stage of NTLM translation.\n')
return
connection.connect_rserver()
NTLM_msg1 = ntlm_messages.create_message1(env)
connection.logger_auth.log(ntlm_messages.debug_message1(NTLM_msg1))
tmp_client_head_obj = connection.client_head_obj.copy()
tmp_client_head_obj.replace_param_value('Proxy-Connection', 'Keep-Alive')
tmp_client_head_obj.replace_param_value('Proxy-Authorization', 'NTLM ' + NTLM_msg1)
connection.reset_rserver()
connection.rserver_buffer = ''
connection.logger.log('*** Remote server buffer flushed.\n')
# If we are POST/PUT-ing a large chunk of data we don't want
# to do this at this time, so we change the data to 'abc' with
# lenght = 3.
if connection.client_head_obj.get_http_method() in ('POST', 'PUT'):
tmp_client_head_obj.replace_param_value('Content-Length', '3')
connection.logger.log('*** Fake NTLM header with Msg1:\n=====\n' + tmp_client_head_obj.__repr__())
connection.logger.log('*** Sending Fake NTLM header with Msg1...')
tmp_client_head_obj.send(connection.rserver_socket)
connection.logger.log('Done.\n')
if connection.client_head_obj.get_http_method() in ('POST', 'PUT'):
try:
connection.logger.log("*** Sending fake 'abc' bytes body...")
connection.rserver_socket.send('abc')
connection.logger.log("Done.\n")
except:
# could not send data to remote server and have to end function
connection.rserver_socket_closed = 1
connection.logger.log('Failed.\n*** Could not send client data to remote server. Exception in send().\n')
return
else:
connection.logger.log("*** There must be no body to send.\n")
connection.logger.log('*** Waiting for message 2 from remote server...\n')
while((not connection.rserver_all_got) and (not connection.rserver_socket_closed)):
select.select([connection.rserver_socket.fileno()], [], [], 2.0)
connection.run_rserver_loop()
if connection.config['DEBUG']['SCR_DEBUG']: print '\b+',
if connection.rserver_head_obj:
connection.logger.log('*** Got NTLM message 2 from remote server.\n')
else:
# could not get response with msg2 from remote server and have to end function
connection.logger.log('*** Could not get response with msg2 from remote server.\n')
connection.logger.log('*** Stop Request = %d.\n' % connection.stop_request)
return
auth = connection.rserver_head_obj.get_param_values('Proxy-Authenticate')
if auth:
msg2 = string.strip(string.split(auth[0])[1])
connection.logger_auth.log(ntlm_messages.debug_message2(msg2))
nonce = ntlm_messages.parse_message2(msg2)
NTLM_msg3 = ntlm_messages.create_message3(nonce, env)
connection.logger_auth.log(ntlm_messages.debug_message3(NTLM_msg3))
else:
NTML_msg3 = ''
tmp_client_head_obj = connection.client_head_obj.copy()
tmp_client_head_obj.replace_param_value('Proxy-Authorization', 'NTLM ' + NTLM_msg3)
connection.reset_rserver()
connection.rserver_buffer = ''
connection.logger.log('*** Remote server buffer flushed.\n')
connection.logger.log('*** Sending Fake NTLM header (not body) with Msg3...')
tmp_client_head_obj.send(connection.rserver_socket)
connection.logger.log('Done.\n')
connection.logger.log('*** Fake NTLM header with Msg3:\n=====\n' + tmp_client_head_obj.__repr__())
# upon exit all the remote server variables are reset
# so new remote server response will be taken by the usual way in connection.run()
connection.logger.log('*** End of NTLM authorization process.\n')