if len(config)<4: print "Too few options specified." print_help() if 'member' in config and not 'group' in config: print "Option '-m/--memeber can only be specified together with -g/--group'." print_help() if config['address'].startswith('ldap:'): url = urlparse(config['address']) port = url.port or 389 host = url.hostname print "Using Active Directory (LDAP) to verify credentials: %s:%s." % (host,port) logFn = None if config['verbose']: logFn = lambda *msg: sys.stdout.write("* " + " ".join(map(str,msg)) + "\n") proxy = NTLM_AD_Proxy(host, config['domain'], base=urllib.unquote(url.path)[1:], logFn = logFn, portAD=port) else: print "Using Domain Controller to verify credentials." proxy = NTLM_DC_Proxy(config['address'], config['domain'], verbose=config['verbose']) client = NTLM_Client(config['user'],config['domain'],config['password']) type1 = client.make_ntlm_negotiate() challenge = proxy.negotiate(type1) if not challenge: print "Did not get the challenge!" sys.exit(-2) client.parse_ntlm_challenge(challenge) authenticate = client.make_ntlm_authenticate() if proxy.authenticate(authenticate):
print "Verbose mode" config['verbose'] = True if len(config) < 4: print "Too few options specified." print_help() if 'member' in config and not 'group' in config: print "Option '-m/--memeber can only be specified together with -g/--group'." print_help() if config['address'].startswith('ldap:'): print "Using Active Directory (LDAP) to verify credentials." url = urlparse(config['address']) proxy = NTLM_AD_Proxy(url.netloc, config['domain'], base=urllib.unquote(url.path)[1:], verbose=config['verbose']) else: print "Using Domain Controller to verify credentials." proxy = NTLM_DC_Proxy(config['address'], config['domain'], verbose=config['verbose']) client = NTLM_Client(config['user'], config['domain'], config['password']) type1 = client.make_ntlm_negotiate() challenge = proxy.negotiate(type1) if not challenge: print "Did not get the challenge!" sys.exit(-2)
if server.startswith('ldap:'): url = urlparse(server) decoded_path = urllib.unquote(url.path)[1:] port = url.port if port is None: port = 389 req.log_error( 'PYTNLM: Initiating connection to Active Directory server %s:%s (domain %s) using base DN "%s".' % (url.hostname, port, domain, decoded_path), apache.APLOG_INFO) logFn = lambda *msg: apache.log_error( 'PYNTLM_AD_PROXY: ' + " ".join(map(str, msg)), apache. APLOG_INFO, req.server) proxy = NTLM_AD_Proxy(url.hostname, domain, base=decoded_path, portAD=port, logFn=logFn) else: req.log_error( 'PYTNLM: Initiating connection to Domain Controller server %s (domain %s).' % (server, domain), apache.APLOG_INFO) proxy = NTLM_DC_Proxy(server, domain) ntlm_challenge = proxy.negotiate(type1) except Exception, e: req.log_error( 'PYNTLM: Error when retrieving Type 2 message from server(%s) = %s' % (server, str(e)), apache.APLOG_CRIT) if ntlm_challenge: break proxy.close() else:
except KeyError, e: req.log_error( 'PYNTLM: Incorrect configuration for pyntlm = %s' % str(e), apache.APLOG_CRIT) raise ntlm_challenge = None for server in (pdc, bdc): if not server: continue try: if server.startswith('ldap:'): url = urlparse(server) decoded_path = urllib.unquote(url.path)[1:] req.log_error( 'PYTNLM: Initiating connection to Active Directory server %s (domain %s) using base DN "%s".' % (url.netloc, domain, decoded_path), apache.APLOG_INFO) proxy = NTLM_AD_Proxy(url.netloc, domain, base=decoded_path) else: req.log_error( 'PYTNLM: Initiating connection to Domain Controller server %s (domain %s).' % (server, domain), apache.APLOG_INFO) proxy = NTLM_DC_Proxy(server, domain) ntlm_challenge = proxy.negotiate(type1) except Exception, e: req.log_error( 'PYNTLM: Error when retrieving Type 2 message from server(%s) = %s' % (server, str(e)), apache.APLOG_CRIT) if ntlm_challenge: break proxy.close() else: raise RuntimeError("None of the Domain Controllers are available.") return (proxy, ntlm_challenge)
req.log_error('PYNTLM: Incorrect configuration for pyntlm = %s' % str(e), apache.APLOG_CRIT) raise ntlm_challenge = None for server in (pdc, bdc): if not server: continue try: if server.startswith('ldap:'): url = urlparse(server) decoded_path =urllib.unquote(url.path)[1:] port = url.port; if port is None: port = 389 req.log_error('PYTNLM: Initiating connection to Active Directory server %s:%s (domain %s) using base DN "%s".' % (url.hostname, port, domain, decoded_path), apache.APLOG_INFO) logFn = lambda *msg: apache.log_error('PYNTLM_AD_PROXY: ' + " ".join(map(str,msg)),apache.APLOG_INFO,req.server) proxy = NTLM_AD_Proxy(url.hostname, domain, base=decoded_path, portAD=port, logFn=logFn) else: req.log_error('PYTNLM: Initiating connection to Domain Controller server %s (domain %s).' % (server, domain), apache.APLOG_INFO) proxy = NTLM_DC_Proxy(server, domain) ntlm_challenge = proxy.negotiate(type1) except Exception, e: req.log_error('PYNTLM: Error when retrieving Type 2 message from server(%s) = %s' % (server,str(e)), apache.APLOG_CRIT) if ntlm_challenge: break proxy.close() else: raise RuntimeError("None of the Domain Controllers are available.") return (proxy, ntlm_challenge) def handle_type1(req, ntlm_message): '''Handle a Type1 NTLM message. Send it to the Domain Controller