def ntlm_request(url, user, password, domain): if not url.startswith('http'): url = '//' + url (scheme, hostport, path, params, query, frag ) = urlparse.urlparse(url) conn = httplib.HTTPConnection(hostport) conn.request('GET',path) resp = conn.getresponse() resp.read() if resp.status<400: return 'Authorization' in headers if resp.status!=401: print "Error in HTTP request", resp.status, resp.reason return False if 'ntlm' not in resp.getheader('WWW-Authenticate').lower(): print "NTLM Authentication is not supported" return False conn.close() # Process 401 conn = httplib.HTTPConnection(hostport) client = NTLM_Client(user, domain, password) type1 = client.make_ntlm_negotiate() auth = "NTLM " + base64.b64encode(type1) headers = { 'Authorization' : auth } conn.request('GET',path,None,headers) resp = conn.getresponse() resp.read() if resp.status!=401: print "First round NTLM authentication for HTTP request failed", resp.status, resp.reason return False # Extract Type2, respond to challenge type2 = base64.b64decode(resp.getheader('WWW-Authenticate').split(' ')[1]) client.parse_ntlm_challenge(type2) type3 = client.make_ntlm_authenticate() auth = "NTLM " + base64.b64encode(type3) headers = { 'Authorization' : auth } conn.request('GET',path,None,headers) resp = conn.getresponse() resp.read() if resp.status>=400: print "Second round NTLM authentication for HTTP request failed", resp.status, resp.reason return False return True
def handle_basic(req, user, password): '''Handle a request authenticated using the Basic Access Authentication mechanism (RFC2617). ''' req.log_error('Handling Basic Access Authentication for URI %s' % (req.unparsed_uri)) domain = req.get_options().get('Domain', req.auth_name()) client = NTLM_Client(user, domain, password) type1 = client.make_ntlm_negotiate() try: (proxy, type2) = connect_to_proxy(req, type1) except Exception, e: return apache.HTTP_INTERNAL_SERVER_ERROR