if len(config)<4:
print "Too few options specified."
print_help()
if 'member' in config and not 'group' in config:
print "Option '-m/--memeber can only be specified together with -g/--group'."
print_help()
if config['address'].startswith('ldap:'):
url = urlparse(config['address'])
port = url.port or 389
host = url.hostname
print "Using Active Directory (LDAP) to verify credentials: %s:%s." % (host,port)
logFn = None
if config['verbose']: logFn = lambda *msg: sys.stdout.write("* " + " ".join(map(str,msg)) + "\n")
proxy = NTLM_AD_Proxy(host, config['domain'], base=urllib.unquote(url.path)[1:], logFn = logFn, portAD=port)
else:
print "Using Domain Controller to verify credentials."
proxy = NTLM_DC_Proxy(config['address'], config['domain'], verbose=config['verbose'])
client = NTLM_Client(config['user'],config['domain'],config['password'])
type1 = client.make_ntlm_negotiate()
challenge = proxy.negotiate(type1)
if not challenge:
print "Did not get the challenge!"
sys.exit(-2)
client.parse_ntlm_challenge(challenge)
authenticate = client.make_ntlm_authenticate()
if proxy.authenticate(authenticate):
print "Verbose mode"
config['verbose'] = True
if len(config) < 4:
print "Too few options specified."
print_help()
if 'member' in config and not 'group' in config:
print "Option '-m/--memeber can only be specified together with -g/--group'."
print_help()
if config['address'].startswith('ldap:'):
print "Using Active Directory (LDAP) to verify credentials."
url = urlparse(config['address'])
proxy = NTLM_AD_Proxy(url.netloc,
config['domain'],
base=urllib.unquote(url.path)[1:],
verbose=config['verbose'])
else:
print "Using Domain Controller to verify credentials."
proxy = NTLM_DC_Proxy(config['address'],
config['domain'],
verbose=config['verbose'])
client = NTLM_Client(config['user'], config['domain'], config['password'])
type1 = client.make_ntlm_negotiate()
challenge = proxy.negotiate(type1)
if not challenge:
print "Did not get the challenge!"
sys.exit(-2)
if server.startswith('ldap:'):
url = urlparse(server)
decoded_path = urllib.unquote(url.path)[1:]
port = url.port
if port is None:
port = 389
req.log_error(
'PYTNLM: Initiating connection to Active Directory server %s:%s (domain %s) using base DN "%s".'
% (url.hostname, port, domain, decoded_path),
apache.APLOG_INFO)
logFn = lambda *msg: apache.log_error(
'PYNTLM_AD_PROXY: ' + " ".join(map(str, msg)), apache.
APLOG_INFO, req.server)
proxy = NTLM_AD_Proxy(url.hostname,
domain,
base=decoded_path,
portAD=port,
logFn=logFn)
else:
req.log_error(
'PYTNLM: Initiating connection to Domain Controller server %s (domain %s).'
% (server, domain), apache.APLOG_INFO)
proxy = NTLM_DC_Proxy(server, domain)
ntlm_challenge = proxy.negotiate(type1)
except Exception, e:
req.log_error(
'PYNTLM: Error when retrieving Type 2 message from server(%s) = %s'
% (server, str(e)), apache.APLOG_CRIT)
if ntlm_challenge: break
proxy.close()
else:
except KeyError, e:
req.log_error(
'PYNTLM: Incorrect configuration for pyntlm = %s' % str(e),
apache.APLOG_CRIT)
raise
ntlm_challenge = None
for server in (pdc, bdc):
if not server: continue
try:
if server.startswith('ldap:'):
url = urlparse(server)
decoded_path = urllib.unquote(url.path)[1:]
req.log_error(
'PYTNLM: Initiating connection to Active Directory server %s (domain %s) using base DN "%s".'
% (url.netloc, domain, decoded_path), apache.APLOG_INFO)
proxy = NTLM_AD_Proxy(url.netloc, domain, base=decoded_path)
else:
req.log_error(
'PYTNLM: Initiating connection to Domain Controller server %s (domain %s).'
% (server, domain), apache.APLOG_INFO)
proxy = NTLM_DC_Proxy(server, domain)
ntlm_challenge = proxy.negotiate(type1)
except Exception, e:
req.log_error(
'PYNTLM: Error when retrieving Type 2 message from server(%s) = %s'
% (server, str(e)), apache.APLOG_CRIT)
if ntlm_challenge: break
proxy.close()
else:
raise RuntimeError("None of the Domain Controllers are available.")
return (proxy, ntlm_challenge)
req.log_error('PYNTLM: Incorrect configuration for pyntlm = %s' % str(e), apache.APLOG_CRIT)
raise
ntlm_challenge = None
for server in (pdc, bdc):
if not server: continue
try:
if server.startswith('ldap:'):
url = urlparse(server)
decoded_path =urllib.unquote(url.path)[1:]
port = url.port;
if port is None:
port = 389
req.log_error('PYTNLM: Initiating connection to Active Directory server %s:%s (domain %s) using base DN "%s".' %
(url.hostname, port, domain, decoded_path), apache.APLOG_INFO)
logFn = lambda *msg: apache.log_error('PYNTLM_AD_PROXY: ' + " ".join(map(str,msg)),apache.APLOG_INFO,req.server)
proxy = NTLM_AD_Proxy(url.hostname, domain, base=decoded_path, portAD=port, logFn=logFn)
else:
req.log_error('PYTNLM: Initiating connection to Domain Controller server %s (domain %s).' %
(server, domain), apache.APLOG_INFO)
proxy = NTLM_DC_Proxy(server, domain)
ntlm_challenge = proxy.negotiate(type1)
except Exception, e:
req.log_error('PYNTLM: Error when retrieving Type 2 message from server(%s) = %s' % (server,str(e)), apache.APLOG_CRIT)
if ntlm_challenge: break
proxy.close()
else:
raise RuntimeError("None of the Domain Controllers are available.")
return (proxy, ntlm_challenge)
def handle_type1(req, ntlm_message):
'''Handle a Type1 NTLM message. Send it to the Domain Controller
