def handle_basic(req, user, password):
'''Handle a request authenticated using the Basic Access Authentication
mechanism (RFC2617).
'''
req.log_error('Handling Basic Access Authentication for URI %s' % (req.unparsed_uri))
domain = req.get_options().get('Domain', req.auth_name())
client = NTLM_Client(user, domain, password)
type1 = client.make_ntlm_negotiate()
try:
(proxy, type2) = connect_to_proxy(req, type1)
except Exception, e:
return apache.HTTP_INTERNAL_SERVER_ERROR
def ntlm_request(url, user, password, domain):
if not url.startswith('http'):
url = '//' + url
(scheme, hostport, path, params, query, frag ) = urlparse.urlparse(url)
conn = httplib.HTTPConnection(hostport)
conn.request('GET',path)
resp = conn.getresponse()
resp.read()
if resp.status<400:
return 'Authorization' in headers
if resp.status!=401:
print "Error in HTTP request", resp.status, resp.reason
return False
if 'ntlm' not in resp.getheader('WWW-Authenticate').lower():
print "NTLM Authentication is not supported"
return False
conn.close()
# Process 401
conn = httplib.HTTPConnection(hostport)
client = NTLM_Client(user, domain, password)
type1 = client.make_ntlm_negotiate()
auth = "NTLM " + base64.b64encode(type1)
headers = { 'Authorization' : auth }
conn.request('GET',path,None,headers)
resp = conn.getresponse()
resp.read()
if resp.status!=401:
print "First round NTLM authentication for HTTP request failed", resp.status, resp.reason
return False
# Extract Type2, respond to challenge
type2 = base64.b64decode(resp.getheader('WWW-Authenticate').split(' ')[1])
client.parse_ntlm_challenge(type2)
type3 = client.make_ntlm_authenticate()
auth = "NTLM " + base64.b64encode(type3)
headers = { 'Authorization' : auth }
conn.request('GET',path,None,headers)
resp = conn.getresponse()
resp.read()
if resp.status>=400:
print "Second round NTLM authentication for HTTP request failed", resp.status, resp.reason
return False
return True
def handle_basic(req, user, password):
'''Handle a request authenticated using the Basic Access Authentication
mechanism (RFC2617).
'''
req.log_error('Handling Basic Access Authentication for URI %s' % (req.unparsed_uri))
domain = req.get_options().get('Domain', req.auth_name())
client = NTLM_Client(user, domain, password)
type1 = client.make_ntlm_negotiate()
try:
(proxy, type2) = connect_to_proxy(req, type1)
except Exception, e:
return apache.HTTP_INTERNAL_SERVER_ERROR
def ntlm_request(url, user, password, domain):
if not url.startswith('http'):
url = '//' + url
(scheme, hostport, path, params, query, frag) = urlparse.urlparse(url)
conn = httplib.HTTPConnection(hostport)
conn.request('GET', path)
resp = conn.getresponse()
resp.read()
if resp.status < 400:
return 'Authorization' in headers
if resp.status != 401:
print "Error in HTTP request", resp.status, resp.reason
return False
if 'ntlm' not in resp.getheader('WWW-Authenticate').lower():
print "NTLM Authentication is not supported"
return False
conn.close()
# Process 401
conn = httplib.HTTPConnection(hostport)
client = NTLM_Client(user, domain, password)
type1 = client.make_ntlm_negotiate()
auth = "NTLM " + base64.b64encode(type1)
headers = {'Authorization': auth}
conn.request('GET', path, None, headers)
resp = conn.getresponse()
resp.read()
if resp.status != 401:
print "First round NTLM authentication for HTTP request failed", resp.status, resp.reason
return False
# Extract Type2, respond to challenge
type2 = base64.b64decode(resp.getheader('WWW-Authenticate').split(' ')[1])
client.parse_ntlm_challenge(type2)
type3 = client.make_ntlm_authenticate()
auth = "NTLM " + base64.b64encode(type3)
headers = {'Authorization': auth}
conn.request('GET', path, None, headers)
resp = conn.getresponse()
resp.read()
if resp.status >= 400:
print "Second round NTLM authentication for HTTP request failed", resp.status, resp.reason
return False
return True
def ntlm_request(url, user, password, domain, proxy):
headers = {}
if not url.startswith('http'):
url = '//' + url
(scheme, hostport, path, params, query, frag ) = urlparse.urlparse(url)
connect_hostport = hostport
authenticate_header = 'WWW-Authenticate'
auth_header = 'Authorization'
if proxy:
if not url.startswith('http'):
url = '//' + url
(proxy_scheme, proxy_hostport, proxy_path, proxy_params,
proxy_query, proxy_frag ) = urlparse.urlparse(proxy)
connect_hostport = proxy_hostport
auth_header = 'Proxy-Authorization'
authenticate_header = 'proxy-authenticate'
conn = httplib.HTTPConnection(connect_hostport)
headers['Host'] = hostport
conn.request('GET',path,None,headers)
resp = conn.getresponse()
resp.read()
if resp.status<400:
return 'Authorization' in headers
elif resp.status not in (401, 407):
print "Error in HTTP request", resp.status, resp.reason
return False
if 'ntlm' not in resp.getheader(authenticate_header).lower():
print "NTLM Authentication is not supported"
return False
conn.close()
# Process 401/407
conn = httplib.HTTPConnection(connect_hostport)
client = NTLM_Client(user, domain, password)
type1 = client.make_ntlm_negotiate()
auth = "NTLM " + base64.b64encode(type1)
headers = {
auth_header : auth,
'Host': hostport }
conn.request('GET',path,None,headers)
resp = conn.getresponse()
resp.read()
if resp.status not in (401, 407):
print "First round NTLM authentication for HTTP request failed", resp.status, resp.reason
return False
# Extract Type2, respond to challenge
type2 = base64.b64decode(resp.getheader(authenticate_header).split(' ')[1])
client.parse_ntlm_challenge(type2)
type3 = client.make_ntlm_authenticate()
auth = "NTLM " + base64.b64encode(type3)
headers = { auth_header : auth,
'Host': hostport }
conn.request('GET',path,None,headers)
resp = conn.getresponse()
resp.read()
if resp.status>=400:
print "Second round NTLM authentication for HTTP request failed", resp.status, resp.reason
return False
return True
