def handle_basic(req, user, password): '''Handle a request authenticated using the Basic Access Authentication mechanism (RFC2617). ''' req.log_error('Handling Basic Access Authentication for URI %s' % (req.unparsed_uri)) domain = req.get_options().get('Domain', req.auth_name()) client = NTLM_Client(user, domain, password) type1 = client.make_ntlm_negotiate() try: (proxy, type2) = connect_to_proxy(req, type1) except Exception, e: return apache.HTTP_INTERNAL_SERVER_ERROR
def ntlm_request(url, user, password, domain): if not url.startswith('http'): url = '//' + url (scheme, hostport, path, params, query, frag) = urlparse.urlparse(url) conn = httplib.HTTPConnection(hostport) conn.request('GET', path) resp = conn.getresponse() resp.read() if resp.status < 400: return 'Authorization' in headers if resp.status != 401: print "Error in HTTP request", resp.status, resp.reason return False if 'ntlm' not in resp.getheader('WWW-Authenticate').lower(): print "NTLM Authentication is not supported" return False conn.close() # Process 401 conn = httplib.HTTPConnection(hostport) client = NTLM_Client(user, domain, password) type1 = client.make_ntlm_negotiate() auth = "NTLM " + base64.b64encode(type1) headers = {'Authorization': auth} conn.request('GET', path, None, headers) resp = conn.getresponse() resp.read() if resp.status != 401: print "First round NTLM authentication for HTTP request failed", resp.status, resp.reason return False # Extract Type2, respond to challenge type2 = base64.b64decode(resp.getheader('WWW-Authenticate').split(' ')[1]) client.parse_ntlm_challenge(type2) type3 = client.make_ntlm_authenticate() auth = "NTLM " + base64.b64encode(type3) headers = {'Authorization': auth} conn.request('GET', path, None, headers) resp = conn.getresponse() resp.read() if resp.status >= 400: print "Second round NTLM authentication for HTTP request failed", resp.status, resp.reason return False return True
def ntlm_request(url, user, password, domain): if not url.startswith('http'): url = '//' + url (scheme, hostport, path, params, query, frag ) = urlparse.urlparse(url) conn = httplib.HTTPConnection(hostport) conn.request('GET',path) resp = conn.getresponse() resp.read() if resp.status<400: return 'Authorization' in headers if resp.status!=401: print "Error in HTTP request", resp.status, resp.reason return False if 'ntlm' not in resp.getheader('WWW-Authenticate').lower(): print "NTLM Authentication is not supported" return False conn.close() # Process 401 conn = httplib.HTTPConnection(hostport) client = NTLM_Client(user, domain, password) type1 = client.make_ntlm_negotiate() auth = "NTLM " + base64.b64encode(type1) headers = { 'Authorization' : auth } conn.request('GET',path,None,headers) resp = conn.getresponse() resp.read() if resp.status!=401: print "First round NTLM authentication for HTTP request failed", resp.status, resp.reason return False # Extract Type2, respond to challenge type2 = base64.b64decode(resp.getheader('WWW-Authenticate').split(' ')[1]) client.parse_ntlm_challenge(type2) type3 = client.make_ntlm_authenticate() auth = "NTLM " + base64.b64encode(type3) headers = { 'Authorization' : auth } conn.request('GET',path,None,headers) resp = conn.getresponse() resp.read() if resp.status>=400: print "Second round NTLM authentication for HTTP request failed", resp.status, resp.reason return False return True
def ntlm_request(url, user, password, domain, proxy): headers = {} if not url.startswith('http'): url = '//' + url (scheme, hostport, path, params, query, frag ) = urlparse.urlparse(url) connect_hostport = hostport authenticate_header = 'WWW-Authenticate' auth_header = 'Authorization' if proxy: if not url.startswith('http'): url = '//' + url (proxy_scheme, proxy_hostport, proxy_path, proxy_params, proxy_query, proxy_frag ) = urlparse.urlparse(proxy) connect_hostport = proxy_hostport auth_header = 'Proxy-Authorization' authenticate_header = 'proxy-authenticate' conn = httplib.HTTPConnection(connect_hostport) headers['Host'] = hostport conn.request('GET',path,None,headers) resp = conn.getresponse() resp.read() if resp.status<400: return 'Authorization' in headers elif resp.status not in (401, 407): print "Error in HTTP request", resp.status, resp.reason return False if 'ntlm' not in resp.getheader(authenticate_header).lower(): print "NTLM Authentication is not supported" return False conn.close() # Process 401/407 conn = httplib.HTTPConnection(connect_hostport) client = NTLM_Client(user, domain, password) type1 = client.make_ntlm_negotiate() auth = "NTLM " + base64.b64encode(type1) headers = { auth_header : auth, 'Host': hostport } conn.request('GET',path,None,headers) resp = conn.getresponse() resp.read() if resp.status not in (401, 407): print "First round NTLM authentication for HTTP request failed", resp.status, resp.reason return False # Extract Type2, respond to challenge type2 = base64.b64decode(resp.getheader(authenticate_header).split(' ')[1]) client.parse_ntlm_challenge(type2) type3 = client.make_ntlm_authenticate() auth = "NTLM " + base64.b64encode(type3) headers = { auth_header : auth, 'Host': hostport } conn.request('GET',path,None,headers) resp = conn.getresponse() resp.read() if resp.status>=400: print "Second round NTLM authentication for HTTP request failed", resp.status, resp.reason return False return True