generic-library/poco
1
0
Fork 0
mirror of https://github.com/pocoproject/poco.git synced 2025-10-28 03:20:11 +01:00
Code Issues Projects Releases Wiki Activity

NTLM (proxy) authentication support for HTTPClientSession

Browse Source
This commit is contained in:
Günter Obiltschnig
2019-03-18 16:58:57 +01:00
parent da7de5e586
commit 0f3f11a3b2
22 changed files with 1711 additions and 279 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
Net/include/Poco/Net/HTTPAuthenticationParams.h
View File

@@ -33,6 +33,9 @@ class HTTPResponse;
class Net_API HTTPAuthenticationParams: public NameValueCollection
/// Collection of name-value pairs of HTTP authentication header (i.e.
/// "realm", "qop", "nonce" in case of digest authentication header).
///
/// For NTLM, the base64-encoded NTLM message is available from
/// the "NTLM" property.
{
public:
HTTPAuthenticationParams();
@@ -89,6 +92,7 @@ public:
/// request or response authentication header.
static const std::string REALM;
static const std::string NTLM;
static const std::string WWW_AUTHENTICATE;
static const std::string PROXY_AUTHENTICATE;

92
Net/include/Poco/Net/HTTPClientSession.h
View File

@@ -20,6 +20,9 @@
#include "Poco/Net/Net.h"
#include "Poco/Net/HTTPSession.h"
#include "Poco/Net/HTTPBasicCredentials.h"
#include "Poco/Net/HTTPDigestCredentials.h"
#include "Poco/Net/HTTPNTLMCredentials.h"
#include "Poco/Net/SocketAddress.h"
#include "Poco/SharedPtr.h"
#include <istream>
@@ -62,11 +65,20 @@ class Net_API HTTPClientSession: public HTTPSession
/// set up a session through a proxy.
{
public:
enum ProxyAuthentication
{
PROXY_AUTH_NONE, /// No proxy authentication
PROXY_AUTH_HTTP_BASIC, /// HTTP Basic proxy authentication (default, if username and password are supplied)
PROXY_AUTH_HTTP_DIGEST, /// HTTP Digest proxy authentication
PROXY_AUTH_NTLM /// NTLMv2 proxy authentication
};
struct ProxyConfig
/// HTTP proxy server configuration.
{
ProxyConfig():
port(HTTP_PORT)
port(HTTP_PORT),
authMethod(PROXY_AUTH_HTTP_BASIC)
{
}
@@ -82,6 +94,9 @@ public:
/// A regular expression defining hosts for which the proxy should be bypassed,
/// e.g. "localhost|127\.0\.0\.1|192\.168\.0\.\d+". Can also be an empty
/// string to disable proxy bypassing.
ProxyAuthentication authMethod;
/// The authentication method to use - HTTP Basic or NTLM.
};
HTTPClientSession();
@@ -110,47 +125,47 @@ public:
///
/// The host must not be changed once there is an
/// open connection to the server.
const std::string& getHost() const;
/// Returns the host name of the target HTTP server.
void setPort(Poco::UInt16 port);
/// Sets the port number of the target HTTP server.
///
/// The port number must not be changed once there is an
/// open connection to the server.
Poco::UInt16 getPort() const;
/// Returns the port number of the target HTTP server.
void setProxy(const std::string& host, Poco::UInt16 port = HTTPSession::HTTP_PORT);
/// Sets the proxy host name and port number.
void setProxyHost(const std::string& host);
/// Sets the host name of the proxy server.
void setProxyPort(Poco::UInt16 port);
/// Sets the port number of the proxy server.
const std::string& getProxyHost() const;
/// Returns the proxy host name.
Poco::UInt16 getProxyPort() const;
/// Returns the proxy port number.
void setProxyCredentials(const std::string& username, const std::string& password);
/// Sets the username and password for proxy authentication.
/// Only Basic authentication is supported.
void setProxyUsername(const std::string& username);
/// Sets the username for proxy authentication.
/// Only Basic authentication is supported.
const std::string& getProxyUsername() const;
/// Returns the username for proxy authentication.
void setProxyPassword(const std::string& password);
/// Sets the password for proxy authentication.
/// Sets the password for proxy authentication.
/// Only Basic authentication is supported.
const std::string& getProxyPassword() const;
@@ -177,10 +192,10 @@ public:
void setKeepAliveTimeout(const Poco::Timespan& timeout);
/// Sets the connection timeout for HTTP connections.
const Poco::Timespan& getKeepAliveTimeout() const;
/// Returns the connection timeout for HTTP connections.
virtual std::ostream& sendRequest(HTTPRequest& request);
/// Sends the header for the given HTTP request to
/// the server.
@@ -200,9 +215,9 @@ public:
/// be reused and persistent connections are enabled
/// to ensure a new connection will be set up
/// for the next request.
virtual std::istream& receiveResponse(HTTPResponse& response);
/// Receives the header for the response to the previous
/// Receives the header for the response to the previous
/// HTTP request.
///
/// The returned input stream can be used to read
@@ -213,7 +228,7 @@ public:
/// It must be ensured that the response stream
/// is fully consumed before sending a new request
/// and persistent connections are enabled. Otherwise,
/// the unread part of the response body may be treated as
/// the unread part of the response body may be treated as
/// part of the next request's response header, resulting
/// in a Poco::Net::MessageException being thrown.
///
@@ -224,17 +239,17 @@ public:
/// be reused and persistent connections are enabled
/// to ensure a new connection will be set up
/// for the next request.
virtual bool peekResponse(HTTPResponse& response);
/// If the request contains a "Expect: 100-continue" header,
/// (see HTTPRequest::setExpectContinue()) this method can be
/// used to check whether the server has sent a 100 Continue response
/// (see HTTPRequest::setExpectContinue()) this method can be
/// used to check whether the server has sent a 100 Continue response
/// before continuing with the request, i.e. sending the request body,
/// after calling sendRequest().
///
/// Returns true if the server has responded with 100 Continue,
/// otherwise false. The HTTPResponse object contains the
/// response sent by the server.
/// response sent by the server.
///
/// In any case, receiveResponse() must be called afterwards as well in
/// order to complete the request. The same HTTPResponse object
@@ -254,11 +269,11 @@ public:
/// or receiveResponse() throws an exception, or
/// the request or response stream changes into
/// fail or bad state, but not eof state).
virtual bool secure() const;
/// Return true iff the session uses SSL or TLS,
/// or false otherwise.
bool bypassProxy() const;
/// Returns true if the proxy should be bypassed
/// for the current host.
@@ -268,32 +283,45 @@ protected:
{
DEFAULT_KEEP_ALIVE_TIMEOUT = 8
};
void reconnect();
/// Connects the underlying socket to the HTTP server.
int write(const char* buffer, std::streamsize length);
/// Tries to re-connect if keep-alive is on.
std::ostream& sendRequestImpl(const HTTPRequest& request);
/// Sends the given HTTPRequest over an existing connection.
virtual std::string proxyRequestPrefix() const;
/// Returns the prefix prepended to the URI for proxy requests
/// (e.g., "http://myhost.com").
virtual bool mustReconnect() const;
/// Checks if we can reuse a persistent connection.
virtual void proxyAuthenticate(HTTPRequest& request);
/// Sets the proxy credentials (Proxy-Authorization header), if
/// proxy username and password have been set.
void proxyAuthenticateImpl(HTTPRequest& request);
void proxyAuthenticateImpl(HTTPRequest& request, const ProxyConfig& proxyConfig);
/// Sets the proxy credentials (Proxy-Authorization header), if
/// proxy username and password have been set.
void proxyAuthenticateDigest(HTTPRequest& request);
/// Initiates a HTTP Digest authentication handshake with the proxy.
void proxyAuthenticateNTLM(HTTPRequest& request);
/// Initiates a HTTP NTLM authentication handshake with the proxy.
void sendChallengeRequest(const HTTPRequest& request, HTTPResponse& response);
/// Sends a probe request for Digest and NTLM authentication
/// to obtain the server challenge.
StreamSocket proxyConnect();
/// Sends a CONNECT request to the proxy server and returns
/// a StreamSocket for the resulting connection.
void proxyTunnel();
/// Calls proxyConnect() and attaches the resulting StreamSocket
/// to the HTTPClientSession.
@@ -310,9 +338,13 @@ private:
bool _responseReceived;
Poco::SharedPtr<std::ostream> _pRequestStream;
Poco::SharedPtr<std::istream> _pResponseStream;
HTTPBasicCredentials _proxyBasicCreds;
HTTPDigestCredentials _proxyDigestCreds;
HTTPNTLMCredentials _proxyNTLMCreds;
bool _ntlmProxyAuthenticated;
static ProxyConfig _globalProxyConfig;
HTTPClientSession(const HTTPClientSession&);
HTTPClientSession& operator = (const HTTPClientSession&);

29
Net/include/Poco/Net/HTTPCredentials.h
View File

@@ -20,6 +20,7 @@
#include "Poco/Net/HTTPDigestCredentials.h"
#include "Poco/Net/HTTPNTLMCredentials.h"
namespace Poco {
@@ -37,13 +38,13 @@ class HTTPResponse;
class Net_API HTTPCredentials
/// This is a utility class for working with HTTP
/// authentication (basic or digest) in HTTPRequest objects.
/// authentication (Basic, Digest or NTLM) in HTTPRequest objects.
///
/// Usage is as follows:
/// First, create a HTTPCredentials object containing
/// the username and password.
/// Poco::Net::HTTPCredentials creds("user", "s3cr3t");
///
///
/// Second, send the HTTP request with Poco::Net::HTTPClientSession.
/// Poco::Net::HTTPClientSession session("pocoproject.org");
/// Poco::Net::HTTPRequest request(HTTPRequest::HTTP_GET, "/index.html", HTTPMessage::HTTP_1_1);
@@ -51,7 +52,7 @@ class Net_API HTTPCredentials
/// Poco::Net::HTTPResponse;
/// std::istream& istr = session.receiveResponse(response);
///
/// If the server responds with a 401 status, authenticate the
/// If the server responds with a 401 status, authenticate the
/// request and resend it:
/// if (response.getStatus() == Poco::Net::HTTPResponse::HTTP_UNAUTHORIZED)
/// {
@@ -61,7 +62,7 @@ class Net_API HTTPCredentials
/// }
///
/// To perform multiple authenticated requests, call updateAuthInfo()
/// instead of authenticate() on subsequent requests.
/// instead of authenticate() on subsequent requests.
/// creds.updateAuthInfo(request);
/// session.sendRequest(request);
/// ...
@@ -132,17 +133,26 @@ public:
static bool isDigestCredentials(const std::string& header);
/// Returns true if authentication header is for Digest authentication.
static bool isNTLMCredentials(const std::string& header);
/// Returns true if authentication header is for NTLM authentication.
static bool hasBasicCredentials(const HTTPRequest& request);
/// Returns true if Authorization with Basic credentials header is present in the request.
/// Returns true if an Authorization header with Basic credentials is present in the request.
static bool hasDigestCredentials(const HTTPRequest& request);
/// Returns true if Authorization with Digest credentials header is present in the request.
/// Returns true if an Authorization header with Digest credentials is present in the request.
static bool hasNTLMCredentials(const HTTPRequest& request);
/// Returns true if an Authorization header with NTLM credentials is present in the request.
static bool hasProxyBasicCredentials(const HTTPRequest& request);
/// Returns true if Authorization with Basic credentials header is present in the request.
/// Returns true if a Proxy-Authorization header with Basic credentials is present in the request.
static bool hasProxyDigestCredentials(const HTTPRequest& request);
/// Returns true if Authorization with Digest credentials header is present in the request.
/// Returns true if a Proxy-Authorization header with Digest credentials is present in the request.
static bool hasProxyNTLMCredentials(const HTTPRequest& request);
/// Returns true if a Proxy-Authorization header with Digest credentials is present in the request.
static void extractCredentials(const std::string& userInfo, std::string& username, std::string& password);
/// Extracts username and password from user:password information string.
@@ -155,6 +165,7 @@ private:
HTTPCredentials& operator = (const HTTPCredentials&);
HTTPDigestCredentials _digest;
HTTPNTLMCredentials _ntlm;
};
@@ -172,7 +183,7 @@ inline const std::string& HTTPCredentials::getUsername() const
return _digest.getUsername();
}
inline void HTTPCredentials::setPassword(const std::string& password)
{
_digest.setPassword(password);

40
Net/include/Poco/Net/HTTPMessage.h
View File

@@ -39,22 +39,22 @@ class Net_API HTTPMessage: public MessageHeader
public:
void setVersion(const std::string& version);
/// Sets the HTTP version for this message.
const std::string& getVersion() const;
/// Returns the HTTP version for this message.
void setContentLength(std::streamsize length);
/// Sets the Content-Length header.
///
/// If length is UNKNOWN_CONTENT_LENGTH, removes
/// the Content-Length header.
std::streamsize getContentLength() const;
/// Returns the content length for this message,
/// which may be UNKNOWN_CONTENT_LENGTH if
/// no Content-Length header is present.
#if defined(POCO_HAVE_INT64)
#if defined(POCO_HAVE_INT64)
void setContentLength64(Poco::Int64 length);
/// Sets the Content-Length header.
///
@@ -89,30 +89,30 @@ public:
/// Normally, this is the value of the Transfer-Encoding
/// header field. If no such field is present,
/// returns IDENTITY_TRANSFER_CODING.
void setChunkedTransferEncoding(bool flag);
/// If flag is true, sets the Transfer-Encoding header to
/// chunked. Otherwise, removes the Transfer-Encoding
/// header.
bool getChunkedTransferEncoding() const;
/// Returns true if the Transfer-Encoding header is set
/// and its value is chunked.
void setContentType(const std::string& mediaType);
/// Sets the content type for this message.
///
/// Specify NO_CONTENT_TYPE to remove the
/// Content-Type header.
void setContentType(const MediaType& mediaType);
void setContentType(const MediaType& mediaType);
/// Sets the content type for this message.
const std::string& getContentType() const;
/// Returns the content type for this message.
///
/// If no Content-Type header is present,
/// returns UNKNOWN_CONTENT_TYPE.
/// If no Content-Type header is present,
/// returns UNKNOWN_CONTENT_TYPE.
void setKeepAlive(bool keepAlive);
/// Sets the value of the Connection header field.
@@ -134,12 +134,13 @@ public:
static const int UNKNOWN_CONTENT_LENGTH;
static const std::string UNKNOWN_CONTENT_TYPE;
static const std::string CONTENT_LENGTH;
static const std::string CONTENT_TYPE;
static const std::string TRANSFER_ENCODING;
static const std::string CONNECTION;
static const std::string PROXY_CONNECTION;
static const std::string CONNECTION_KEEP_ALIVE;
static const std::string CONNECTION_CLOSE;
@@ -153,13 +154,16 @@ protected:
/// Creates the HTTPMessage and sets
/// the version.
HTTPMessage(const HTTPMessage& other);
/// Copy constructor.
HTTPMessage& operator = (const HTTPMessage& other);
/// Assignment operator.
virtual ~HTTPMessage();
/// Destroys the HTTPMessage.
private:
HTTPMessage(const HTTPMessage&);
HTTPMessage& operator = (const HTTPMessage&);
std::string _version;
};

128
Net/include/Poco/Net/HTTPNTLMCredentials.h Normal file
View File

@@ -0,0 +1,128 @@
//
// HTTPNTLMCredentials.h
//
// Library: Net
// Package: HTTP
// Module: HTTPNTLMCredentials
//
// Definition of the HTTPNTLMCredentials class.
//
// Copyright (c) 2019, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// SPDX-License-Identifier: BSL-1.0
//
#ifndef Net_HTTPNTLMCredentials_INCLUDED
#define Net_HTTPNTLMCredentials_INCLUDED
#include "Poco/Net/Net.h"
namespace Poco {
namespace Net {
class HTTPRequest;
class HTTPResponse;
class Net_API HTTPNTLMCredentials
/// This is a utility class for working with
/// HTTP NTLMv2 Authentication in HTTPRequest
/// objects.
{
public:
HTTPNTLMCredentials();
/// Creates an empty HTTPNTLMCredentials object.
HTTPNTLMCredentials(const std::string& username, const std::string& password);
/// Creates a HTTPNTLMCredentials object with the given username and password.
~HTTPNTLMCredentials();
/// Destroys the HTTPNTLMCredentials.
void reset();
/// Resets the HTTPNTLMCredentials object to a clean state.
void setUsername(const std::string& username);
/// Sets the username.
const std::string& getUsername() const;
/// Returns the username.
void setPassword(const std::string& password);
/// Sets the password.
const std::string& getPassword() const;
/// Returns the password.
void authenticate(HTTPRequest& request, const HTTPResponse& response);
/// Parses WWW-Authenticate header of the HTTPResponse, initializes
/// internal state, and adds authentication information to the given HTTPRequest.
void authenticate(HTTPRequest& request, const std::string& ntlmChallengeBase64);
/// Initializes internal state according to information from the
/// ntlmChallengeBase64, and adds authentication
/// information to the given HTTPRequest.
///
/// Throws InvalidArgumentException if responseAuthParams is
/// invalid.
void updateAuthInfo(HTTPRequest& request);
/// Updates internal state and adds authentication information to
/// the given HTTPRequest.
void proxyAuthenticate(HTTPRequest& request, const HTTPResponse& response);
/// Parses Proxy-Authenticate header of the HTTPResponse, initializes
/// internal state, and adds proxy authentication information to the given HTTPRequest.
void proxyAuthenticate(HTTPRequest& request, const std::string& ntlmChallengeBase64);
/// Initializes internal state according to information from the
/// HTTPAuthenticationParams of the response, and adds proxy authentication
/// information to the given HTTPRequest.
///
/// Throws InvalidArgumentException if HTTPAuthenticationParams is
/// invalid or some required parameter is missing.
/// Throws NotImplementedException in case of unsupported digest
/// algorithm or quality of protection method.
void updateProxyAuthInfo(HTTPRequest& request);
/// Updates internal state and adds proxy authentication information to
/// the given HTTPRequest.
static const std::string SCHEME;
private:
HTTPNTLMCredentials(const HTTPNTLMCredentials&);
HTTPNTLMCredentials& operator = (const HTTPNTLMCredentials&);
std::string createNTLMMessage(const std::string& ntlmChallengeBase64);
static void splitUsername(const std::string& usernameAndDomain, std::string& username, std::string& domain);
std::string _username;
std::string _password;
};
//
// inlines
//
inline const std::string& HTTPNTLMCredentials::getUsername() const
{
return _username;
}
inline const std::string& HTTPNTLMCredentials::getPassword() const
{
return _password;
}
} } // namespace Poco::Net
#endif // Net_HTTPNTLMCredentials_INCLUDED

49
Net/include/Poco/Net/HTTPRequest.h
View File

@@ -38,20 +38,26 @@ class Net_API HTTPRequest: public HTTPMessage
public:
HTTPRequest();
/// Creates a GET / HTTP/1.0 HTTP request.
HTTPRequest(const std::string& version);
explicit HTTPRequest(const std::string& version);
/// Creates a GET / HTTP/1.x request with
/// the given version (HTTP/1.0 or HTTP/1.1).
HTTPRequest(const std::string& method, const std::string& uri);
/// Creates a HTTP/1.0 request with the given method and URI.
HTTPRequest(const std::string& method, const std::string& uri, const std::string& version);
/// Creates a HTTP request with the given method, URI and version.
HTTPRequest(const HTTPRequest& other);
/// Creates a HTTP request by copying another one.
virtual ~HTTPRequest();
/// Destroys the HTTPRequest.
HTTPRequest& operator = (const HTTPRequest&);
/// Assignment operator.
void setMethod(const std::string& method);
/// Sets the method.
@@ -60,20 +66,20 @@ public:
void setURI(const std::string& uri);
/// Sets the request URI.
const std::string& getURI() const;
/// Returns the request URI.
void setHost(const std::string& host);
/// Sets the value of the Host header field.
void setHost(const std::string& host, Poco::UInt16 port);
/// Sets the value of the Host header field.
///
/// If the given port number is a non-standard
/// port number (other than 80 or 443), it is
/// included in the Host header field.
const std::string& getHost() const;
/// Returns the value of the Host header field.
///
@@ -83,7 +89,7 @@ public:
void setCookies(const NameValueCollection& cookies);
/// Adds a Cookie header with the names and
/// values from cookies.
void getCookies(NameValueCollection& cookies) const;
/// Fills cookies with the cookies extracted
/// from the Cookie headers in the request.
@@ -91,18 +97,21 @@ public:
bool hasCredentials() const;
/// Returns true iff the request contains authentication
/// information in the form of an Authorization header.
void getCredentials(std::string& scheme, std::string& authInfo) const;
/// Returns the authentication scheme and additional authentication
/// information contained in this request.
///
/// Throws a NotAuthenticatedException if no authentication information
/// is contained in the request.
void setCredentials(const std::string& scheme, const std::string& authInfo);
/// Sets the authentication scheme and information for
/// this request.
void removeCredentials();
/// Removes any credentials from the request.
bool getExpectContinue() const;
/// Returns true if the request contains an
/// "Expect: 100-continue" header.
@@ -110,22 +119,25 @@ public:
void setExpectContinue(bool expectContinue);
/// Adds a "Expect: 100-continue" header to the request if
/// expectContinue is true, otherwise removes the Expect header.
bool hasProxyCredentials() const;
/// Returns true iff the request contains proxy authentication
/// information in the form of an Proxy-Authorization header.
void getProxyCredentials(std::string& scheme, std::string& authInfo) const;
/// Returns the proxy authentication scheme and additional proxy authentication
/// information contained in this request.
///
/// Throws a NotAuthenticatedException if no proxy authentication information
/// is contained in the request.
void setProxyCredentials(const std::string& scheme, const std::string& authInfo);
/// Sets the proxy authentication scheme and information for
/// this request.
void removeProxyCredentials();
/// Removes any proxy credentials from the request.
void write(std::ostream& ostr) const;
/// Writes the HTTP request to the given
/// output stream.
@@ -133,7 +145,7 @@ public:
void read(std::istream& istr);
/// Reads the HTTP request from the
/// given input stream.
static const std::string HTTP_GET;
static const std::string HTTP_HEAD;
static const std::string HTTP_PUT;
@@ -143,7 +155,7 @@ public:
static const std::string HTTP_TRACE;
static const std::string HTTP_CONNECT;
static const std::string HTTP_PATCH;
static const std::string HOST;
static const std::string COOKIE;
static const std::string AUTHORIZATION;
@@ -158,7 +170,7 @@ protected:
///
/// Throws a NotAuthenticatedException if no authentication information
/// is contained in the request.
void setCredentials(const std::string& header, const std::string& scheme, const std::string& authInfo);
/// Writes the authentication scheme and information for
/// this request to the given header.
@@ -170,12 +182,9 @@ private:
MAX_URI_LENGTH = 16384,
MAX_VERSION_LENGTH = 8
};
std::string _method;
std::string _uri;
HTTPRequest(const HTTPRequest&);
HTTPRequest& operator = (const HTTPRequest&);
};

37
Net/include/Poco/Net/HTTPResponse.h
View File

@@ -113,7 +113,7 @@ public:
HTTPResponse();
/// Creates the HTTPResponse with OK status.
HTTPResponse(HTTPStatus status, const std::string& reason);
/// Creates the HTTPResponse with the given status
/// and reason phrase.
@@ -121,41 +121,47 @@ public:
HTTPResponse(const std::string& version, HTTPStatus status, const std::string& reason);
/// Creates the HTTPResponse with the given version, status
/// and reason phrase.
HTTPResponse(HTTPStatus status);
explicit HTTPResponse(HTTPStatus status);
/// Creates the HTTPResponse with the given status
/// an an appropriate reason phrase.
/// and an appropriate reason phrase.
HTTPResponse(const std::string& version, HTTPStatus status);
/// Creates the HTTPResponse with the given version, status
/// an an appropriate reason phrase.
/// and an appropriate reason phrase.
HTTPResponse(const HTTPResponse& other);
/// Creates the HTTPResponse by copying another one.
virtual ~HTTPResponse();
/// Destroys the HTTPResponse.
HTTPResponse& operator = (const HTTPResponse& other);
/// Assignment operator.
void setStatus(HTTPStatus status);
/// Sets the HTTP status code.
///
/// Does not change the reason phrase.
HTTPStatus getStatus() const;
/// Returns the HTTP status code.
void setStatus(const std::string& status);
/// Sets the HTTP status code.
///
/// The string must contain a valid
/// HTTP numerical status code.
void setReason(const std::string& reason);
/// Sets the HTTP reason phrase.
const std::string& getReason() const;
/// Returns the HTTP reason phrase.
void setStatusAndReason(HTTPStatus status, const std::string& reason);
/// Sets the HTTP status code and reason phrase.
void setStatusAndReason(HTTPStatus status);
/// Sets the HTTP status code and reason phrase.
///
@@ -163,7 +169,7 @@ public:
void setDate(const Poco::Timestamp& dateTime);
/// Sets the Date header to the given date/time value.
Poco::Timestamp getDate() const;
/// Returns the value of the Date header.
@@ -187,7 +193,7 @@ public:
/// given input stream.
///
/// 100 Continue responses are ignored.
static const std::string& getReasonForStatus(HTTPStatus status);
/// Returns an appropriate reason phrase
/// for the given status code.
@@ -254,7 +260,7 @@ public:
static const std::string HTTP_REASON_NOT_EXTENDED;
static const std::string HTTP_REASON_NETWORK_AUTHENTICATION_REQUIRED;
static const std::string HTTP_REASON_UNKNOWN;
static const std::string DATE;
static const std::string SET_COOKIE;
@@ -265,12 +271,9 @@ private:
MAX_STATUS_LENGTH = 3,
MAX_REASON_LENGTH = 512
};
HTTPStatus _status;
std::string _reason;
HTTPResponse(const HTTPResponse&);
HTTPResponse& operator = (const HTTPResponse&);
};

171
Net/include/Poco/Net/NTLMCredentials.h Normal file
View File

@@ -0,0 +1,171 @@
//
// NTLMCredentials.h
//
// Library: Net
// Package: HTTP
// Module: NTLMCredentials
//
// Definition of the NTLMCredentials class.
//
// Copyright (c) 2019, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// SPDX-License-Identifier: BSL-1.0
//
#ifndef Net_NTLMCredentials_INCLUDED
#define Net_NTLMCredentials_INCLUDED
#include "Poco/Net/Net.h"
#include "Poco/BinaryReader.h"
#include "Poco/BinaryWriter.h"
#include <vector>
namespace Poco {
namespace Net {
class Net_API NTLMCredentials
/// This is a utility class for working with
/// NTLMv2 Authentication.
///
/// Note: This implementation is based on the
/// "The NTLM Authentication Protocol and Security Support Provider"
/// document written by Eric Glass and avilable from
/// http://davenport.sourceforge.net/ntlm.html
/// and the NT LAN Manager (NTLM) Authentication Protocol
/// [MS-NLMP] document by Microsoft.
{
public:
enum
{
NTLM_MESSAGE_TYPE_NEGOTIATE = 0x01,
NTLM_MESSAGE_TYPE_CHALLENGE = 0x02,
NTLM_MESSAGE_TYPE_AUTHENTICATE = 0x03
};
enum
{
NTLM_FLAG_NEGOTIATE_UNICODE = 0x00000001,
NTLM_FLAG_NEGOTIATE_OEM = 0x00000002,
NTLM_FLAG_REQUEST_TARGET = 0x00000004,
NTLM_FLAG_NEGOTIATE_NTLM = 0x00000200,
NTLM_FLAG_DOMAIN_SUPPLIED = 0x00001000,
NTLM_FLAG_WORKST_SUPPLIED = 0x00002000,
NTLM_FLAG_NEGOTIATE_LOCAL = 0x00004000,
NTLM_FLAG_NEGOTIATE_ALWAYS_SIGN = 0x00008000,
NTLM_FLAG_NEGOTIATE_NTLM2_KEY = 0x00080000,
NTLM_FLAG_TARGET_DOMAIN = 0x00010000,
NTLM_FLAG_TARGET_SERVER = 0x00020000,
NTLM_FLAG_TARGET_SHARE = 0x00040000,
NTLM_FLAG_NEGOTIATE_TARGET = 0x00800000,
NTLM_FLAG_NEGOTIATE_128 = 0x20000000,
NTLM_FLAG_NEGOTIATE_56 = 0x80000000
};
struct NegotiateMessage
/// This message is sent from the client to initiate NTLM authentication.
{
NegotiateMessage(): flags(0) {}
Poco::UInt32 flags;
std::string domain;
std::string workstation;
};
struct ChallengeMessage
/// This message is sent back by the server and contains the NTLM challenge.
{
ChallengeMessage(): flags(0) {}
Poco::UInt32 flags;
std::vector<unsigned char> challenge;
std::string target;
std::vector<unsigned char> targetInfo;
};
struct AuthenticateMessage
/// This message is sent from the client to authenticate itself by providing
/// a response to the server challenge.
{
AuthenticateMessage(): flags(0) {}
Poco::UInt32 flags;
std::vector<unsigned char> lmResponse;
std::vector<unsigned char> ntlmResponse;
std::string target;
std::string username;
std::string workstation;
};
struct BufferDesc
{
BufferDesc():
length(0),
reserved(0),
offset(0)
{
}
BufferDesc(Poco::UInt16 len, Poco::UInt32 off):
length(len),
reserved(len),
offset(off)
{
}
Poco::UInt16 length;
Poco::UInt16 reserved;
Poco::UInt32 offset;
};
static std::vector<unsigned char> createNonce();
/// Creates an 8-byte client nonce for NTLM authentication.
static Poco::UInt64 createTimestamp();
/// Creates the NTLM timestamp in tenths of a microsecond since January 1, 1601,
/// using the current system time.
static std::vector<unsigned char> createPasswordHash(const std::string& password);
/// Creates the NTLM password hash (MD4 of UTF-16-converted password).
static std::vector<unsigned char> createNTLMv2Hash(const std::string& username, const std::string& target, const std::string& password);
/// Creates the NTLMv2 hash, which is the HMAC-MD5 of the concatenated UTF-16 uppercase username and target,
/// using the password hash as HMAC passphrase.
static std::vector<unsigned char> createLMv2Response(const std::vector<unsigned char>& ntlm2Hash, const std::vector<unsigned char>& challenge, const std::vector<unsigned char>& nonce);
/// Creates the LMv2 response by computing the HMAC-MD5 of the challenge and nonce, using the
/// ntlm2Hash (see createNTLMv2Hash()) as HMAC passphrase.
static std::vector<unsigned char> createNTLMv2Response(const std::vector<unsigned char>& ntlm2Hash, const std::vector<unsigned char>& challenge, const std::vector<unsigned char>& nonce, const std::vector<unsigned char>& targetInfo, Poco::UInt64 timestamp);
/// Creates the NTLMv2 response by creating the "blob" and prepending its HMAC-MD5, using the ntlm2Hash as HMAC passphrase.
static std::vector<unsigned char> formatNegotiateMessage(const NegotiateMessage& message);
/// Creates the NTLM Type 1 Negotiate message used for initiating NTLM authentication from the client.
static bool parseChallengeMessage(const unsigned char* buffer, std::size_t size, ChallengeMessage& message);
/// Parses a NTLM Type 2 Challenge message.
///
/// Returns true if the message was parsed successfully, otherwise false.
static std::vector<unsigned char> formatAuthenticateMessage(const AuthenticateMessage& message);
/// Creates the NTLM Type 1 Authenticate message used for initiating NTLM authentication from the client.
static void readBufferDesc(Poco::BinaryReader& reader, BufferDesc& desc);
/// Reads a buffer descriptor.
static void writeBufferDesc(Poco::BinaryWriter& writer, const BufferDesc& desc);
/// Writes a buffer descriptor.
static const std::string NTLMSSP;
/// Message signature string.
};
} } // namespace Poco::Net
#endif // Net_NTLMCredentials_INCLUDED