nathan/go-ntlmssp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #8 from lafriks/master

Browse Source 
Support for auth when server responds with Www-Authenticate: NTLM
This commit is contained in:
Paul Meyer
2017-02-06 11:08:56 -08:00
committed by GitHub
parent 2d5c786339 c70fcef895
commit 29affced64
2 changed files with 19 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
authheader.go
View File

@@ -15,6 +15,10 @@ func (h authheader) IsNegotiate() bool {
return strings.HasPrefix(string(h), "Negotiate") return strings.HasPrefix(string(h), "Negotiate")
} }
func (h authheader) IsNTLM() bool {
return strings.HasPrefix(string(h), "NTLM")
}
func (h authheader) GetData() ([]byte, error) { func (h authheader) GetData() ([]byte, error) {
p := strings.Split(string(h), " ") p := strings.Split(string(h), " ")
if len(p) < 2 { if len(p) < 2 {

20
negotiator.go
View File

@@ -48,7 +48,7 @@ func (l Negotiator) RoundTrip(req *http.Request) (res *http.Response, err error)
} }
resauth := authheader(res.Header.Get("Www-Authenticate")) resauth := authheader(res.Header.Get("Www-Authenticate"))
if !resauth.IsNegotiate() { if !resauth.IsNegotiate() && !resauth.IsNTLM() {
// Unauthorized, Negotiate not requested, let's try with basic auth // Unauthorized, Negotiate not requested, let's try with basic auth
req.Header.Set("Authorization", string(reqauth)) req.Header.Set("Authorization", string(reqauth))
io.Copy(ioutil.Discard, res.Body) io.Copy(ioutil.Discard, res.Body)
@@ -65,7 +65,7 @@ func (l Negotiator) RoundTrip(req *http.Request) (res *http.Response, err error)
resauth = authheader(res.Header.Get("Www-Authenticate")) resauth = authheader(res.Header.Get("Www-Authenticate"))
} }
if resauth.IsNegotiate() { if resauth.IsNegotiate() || resauth.IsNTLM() {
// 401 with request:Basic and response:Negotiate // 401 with request:Basic and response:Negotiate
io.Copy(ioutil.Discard, res.Body) io.Copy(ioutil.Discard, res.Body)
res.Body.Close() res.Body.Close()
@@ -78,7 +78,12 @@ func (l Negotiator) RoundTrip(req *http.Request) (res *http.Response, err error)
// send negotiate // send negotiate
negotiateMessage := NewNegotiateMessage() negotiateMessage := NewNegotiateMessage()
req.Header.Set("Authorization", "Negotiate "+base64.StdEncoding.EncodeToString(negotiateMessage)) if resauth.IsNTLM() {
req.Header.Set("Authorization", "NTLM "+base64.StdEncoding.EncodeToString(negotiateMessage))
} else {
req.Header.Set("Authorization", "Negotiate "+base64.StdEncoding.EncodeToString(negotiateMessage))
}
req.Body = ioutil.NopCloser(bytes.NewReader(body.Bytes())) req.Body = ioutil.NopCloser(bytes.NewReader(body.Bytes()))
res, err = rt.RoundTrip(req) res, err = rt.RoundTrip(req)
@@ -92,7 +97,7 @@ func (l Negotiator) RoundTrip(req *http.Request) (res *http.Response, err error)
if err != nil { if err != nil {
return nil, err return nil, err
} }
if !resauth.IsNegotiate() || len(challengeMessage) == 0 { if !(resauth.IsNegotiate() || resauth.IsNTLM()) || len(challengeMessage) == 0 {
// Negotiation failed, let client deal with response // Negotiation failed, let client deal with response
return res, nil return res, nil
} }
@@ -104,7 +109,12 @@ func (l Negotiator) RoundTrip(req *http.Request) (res *http.Response, err error)
if err != nil { if err != nil {
return nil, err return nil, err
} }
req.Header.Set("Authorization", "Negotiate "+base64.StdEncoding.EncodeToString(authenticateMessage)) if resauth.IsNTLM() {
req.Header.Set("Authorization", "NTLM "+base64.StdEncoding.EncodeToString(authenticateMessage))
} else {
req.Header.Set("Authorization", "Negotiate "+base64.StdEncoding.EncodeToString(authenticateMessage))
}
req.Body = ioutil.NopCloser(bytes.NewReader(body.Bytes())) req.Body = ioutil.NopCloser(bytes.NewReader(body.Bytes()))
res, err = rt.RoundTrip(req) res, err = rt.RoundTrip(req)