mirror of
https://github.com/pocoproject/poco.git
synced 2024-12-13 18:45:10 +01:00
added NTLM authentication to SMTPClientSession
This commit is contained in:
parent
32ef30384a
commit
fa84db6d65
@ -101,9 +101,6 @@ private:
|
|||||||
HTTPNTLMCredentials& operator = (const HTTPNTLMCredentials&);
|
HTTPNTLMCredentials& operator = (const HTTPNTLMCredentials&);
|
||||||
|
|
||||||
std::string createNTLMMessage(const std::string& ntlmChallengeBase64);
|
std::string createNTLMMessage(const std::string& ntlmChallengeBase64);
|
||||||
static void splitUsername(const std::string& usernameAndDomain, std::string& username, std::string& domain);
|
|
||||||
static std::string toBase64(const std::vector<unsigned char>& buffer);
|
|
||||||
static std::vector<unsigned char> fromBase64(const std::string& base64);
|
|
||||||
|
|
||||||
std::string _username;
|
std::string _username;
|
||||||
std::string _password;
|
std::string _password;
|
||||||
|
@ -160,6 +160,16 @@ public:
|
|||||||
static void writeBufferDesc(Poco::BinaryWriter& writer, const BufferDesc& desc);
|
static void writeBufferDesc(Poco::BinaryWriter& writer, const BufferDesc& desc);
|
||||||
/// Writes a buffer descriptor.
|
/// Writes a buffer descriptor.
|
||||||
|
|
||||||
|
static void splitUsername(const std::string& usernameAndDomain, std::string& username, std::string& domain);
|
||||||
|
/// Splits a username containing a domain into plain username and domain.
|
||||||
|
/// Supported formats are <DOMAIN>\<username> and <username>@<DOMAIN>.
|
||||||
|
|
||||||
|
static std::string toBase64(const std::vector<unsigned char>& buffer);
|
||||||
|
/// Converts the buffer to a base64-encoded string.
|
||||||
|
|
||||||
|
static std::vector<unsigned char> fromBase64(const std::string& base64);
|
||||||
|
/// Decodes the given base64-encoded string.
|
||||||
|
|
||||||
static const std::string NTLMSSP;
|
static const std::string NTLMSSP;
|
||||||
/// Message signature string.
|
/// Message signature string.
|
||||||
};
|
};
|
||||||
|
@ -51,7 +51,8 @@ public:
|
|||||||
AUTH_CRAM_SHA1,
|
AUTH_CRAM_SHA1,
|
||||||
AUTH_LOGIN,
|
AUTH_LOGIN,
|
||||||
AUTH_PLAIN,
|
AUTH_PLAIN,
|
||||||
AUTH_XOAUTH2
|
AUTH_XOAUTH2,
|
||||||
|
AUTH_NTLM
|
||||||
};
|
};
|
||||||
|
|
||||||
explicit SMTPClientSession(const StreamSocket& socket);
|
explicit SMTPClientSession(const StreamSocket& socket);
|
||||||
@ -184,6 +185,7 @@ protected:
|
|||||||
void loginUsingLogin(const std::string& username, const std::string& password);
|
void loginUsingLogin(const std::string& username, const std::string& password);
|
||||||
void loginUsingPlain(const std::string& username, const std::string& password);
|
void loginUsingPlain(const std::string& username, const std::string& password);
|
||||||
void loginUsingXOAUTH2(const std::string& username, const std::string& password);
|
void loginUsingXOAUTH2(const std::string& username, const std::string& password);
|
||||||
|
void loginUsingNTLM(const std::string& username, const std::string& password);
|
||||||
DialogSocket& socket();
|
DialogSocket& socket();
|
||||||
|
|
||||||
private:
|
private:
|
||||||
|
@ -21,10 +21,6 @@
|
|||||||
#include "Poco/DateTime.h"
|
#include "Poco/DateTime.h"
|
||||||
#include "Poco/NumberFormatter.h"
|
#include "Poco/NumberFormatter.h"
|
||||||
#include "Poco/Exception.h"
|
#include "Poco/Exception.h"
|
||||||
#include "Poco/Base64Encoder.h"
|
|
||||||
#include "Poco/Base64Decoder.h"
|
|
||||||
#include "Poco/MemoryStream.h"
|
|
||||||
#include <sstream>
|
|
||||||
|
|
||||||
|
|
||||||
namespace Poco {
|
namespace Poco {
|
||||||
@ -114,13 +110,13 @@ std::string HTTPNTLMCredentials::createNTLMMessage(const std::string& responseAu
|
|||||||
{
|
{
|
||||||
NTLMCredentials::NegotiateMessage negotiateMsg;
|
NTLMCredentials::NegotiateMessage negotiateMsg;
|
||||||
std::string username;
|
std::string username;
|
||||||
splitUsername(_username, username, negotiateMsg.domain);
|
NTLMCredentials::splitUsername(_username, username, negotiateMsg.domain);
|
||||||
std::vector<unsigned char> negotiateBuf = NTLMCredentials::formatNegotiateMessage(negotiateMsg);
|
std::vector<unsigned char> negotiateBuf = NTLMCredentials::formatNegotiateMessage(negotiateMsg);
|
||||||
return toBase64(negotiateBuf);
|
return NTLMCredentials::toBase64(negotiateBuf);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
std::vector<unsigned char> buffer = fromBase64(responseAuthParams);
|
std::vector<unsigned char> buffer = NTLMCredentials::fromBase64(responseAuthParams);
|
||||||
NTLMCredentials::ChallengeMessage challengeMsg;
|
NTLMCredentials::ChallengeMessage challengeMsg;
|
||||||
if (NTLMCredentials::parseChallengeMessage(&buffer[0], buffer.size(), challengeMsg))
|
if (NTLMCredentials::parseChallengeMessage(&buffer[0], buffer.size(), challengeMsg))
|
||||||
{
|
{
|
||||||
@ -131,7 +127,7 @@ std::string HTTPNTLMCredentials::createNTLMMessage(const std::string& responseAu
|
|||||||
|
|
||||||
std::string username;
|
std::string username;
|
||||||
std::string domain;
|
std::string domain;
|
||||||
splitUsername(_username, username, domain);
|
NTLMCredentials::splitUsername(_username, username, domain);
|
||||||
|
|
||||||
NTLMCredentials::AuthenticateMessage authenticateMsg;
|
NTLMCredentials::AuthenticateMessage authenticateMsg;
|
||||||
authenticateMsg.flags = challengeMsg.flags;
|
authenticateMsg.flags = challengeMsg.flags;
|
||||||
@ -147,56 +143,11 @@ std::string HTTPNTLMCredentials::createNTLMMessage(const std::string& responseAu
|
|||||||
authenticateMsg.ntlmResponse = NTLMCredentials::createNTLMv2Response(ntlm2Hash, challengeMsg.challenge, ntlmNonce, challengeMsg.targetInfo, timestamp);
|
authenticateMsg.ntlmResponse = NTLMCredentials::createNTLMv2Response(ntlm2Hash, challengeMsg.challenge, ntlmNonce, challengeMsg.targetInfo, timestamp);
|
||||||
|
|
||||||
std::vector<unsigned char> authenticateBuf = NTLMCredentials::formatAuthenticateMessage(authenticateMsg);
|
std::vector<unsigned char> authenticateBuf = NTLMCredentials::formatAuthenticateMessage(authenticateMsg);
|
||||||
return toBase64(authenticateBuf);
|
return NTLMCredentials::toBase64(authenticateBuf);
|
||||||
}
|
}
|
||||||
else throw HTTPException("Invalid NTLM challenge");
|
else throw HTTPException("Invalid NTLM challenge");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
void HTTPNTLMCredentials::splitUsername(const std::string& usernameAndDomain, std::string& username, std::string& domain)
|
|
||||||
{
|
|
||||||
std::string::size_type pos = usernameAndDomain.find('\\');
|
|
||||||
if (pos != std::string::npos)
|
|
||||||
{
|
|
||||||
domain.assign(usernameAndDomain, 0, pos);
|
|
||||||
username.assign(usernameAndDomain, pos + 1, std::string::npos);
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
pos = usernameAndDomain.find('@');
|
|
||||||
if (pos != std::string::npos)
|
|
||||||
{
|
|
||||||
username.assign(usernameAndDomain, 0, pos);
|
|
||||||
domain.assign(usernameAndDomain, pos + 1, std::string::npos);
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
username = usernameAndDomain;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
std::string HTTPNTLMCredentials::toBase64(const std::vector<unsigned char>& buffer)
|
|
||||||
{
|
|
||||||
std::ostringstream ostr;
|
|
||||||
Poco::Base64Encoder base64(ostr);
|
|
||||||
base64.rdbuf()->setLineLength(0);
|
|
||||||
base64.write(reinterpret_cast<const char*>(&buffer[0]), buffer.size());
|
|
||||||
base64.close();
|
|
||||||
return ostr.str();
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
std::vector<unsigned char> HTTPNTLMCredentials::fromBase64(const std::string& base64)
|
|
||||||
{
|
|
||||||
Poco::MemoryInputStream istr(base64.data(), base64.size());
|
|
||||||
Poco::Base64Decoder debase64(istr);
|
|
||||||
std::vector<unsigned char> buffer(base64.size());
|
|
||||||
debase64.read(reinterpret_cast<char*>(&buffer[0]), buffer.size());
|
|
||||||
buffer.resize(static_cast<std::size_t>(debase64.gcount()));
|
|
||||||
return buffer;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
} } // namespace Poco::Net
|
} } // namespace Poco::Net
|
||||||
|
@ -25,6 +25,9 @@
|
|||||||
#include "Poco/Random.h"
|
#include "Poco/Random.h"
|
||||||
#include "Poco/Timestamp.h"
|
#include "Poco/Timestamp.h"
|
||||||
#include "Poco/MemoryStream.h"
|
#include "Poco/MemoryStream.h"
|
||||||
|
#include "Poco/Base64Encoder.h"
|
||||||
|
#include "Poco/Base64Decoder.h"
|
||||||
|
#include <sstream>
|
||||||
#include <cstring>
|
#include <cstring>
|
||||||
|
|
||||||
|
|
||||||
@ -326,4 +329,49 @@ void NTLMCredentials::writeBufferDesc(Poco::BinaryWriter& writer, const BufferDe
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
void NTLMCredentials::splitUsername(const std::string& usernameAndDomain, std::string& username, std::string& domain)
|
||||||
|
{
|
||||||
|
std::string::size_type pos = usernameAndDomain.find('\\');
|
||||||
|
if (pos != std::string::npos)
|
||||||
|
{
|
||||||
|
domain.assign(usernameAndDomain, 0, pos);
|
||||||
|
username.assign(usernameAndDomain, pos + 1, std::string::npos);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
pos = usernameAndDomain.find('@');
|
||||||
|
if (pos != std::string::npos)
|
||||||
|
{
|
||||||
|
username.assign(usernameAndDomain, 0, pos);
|
||||||
|
domain.assign(usernameAndDomain, pos + 1, std::string::npos);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
username = usernameAndDomain;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
std::string NTLMCredentials::toBase64(const std::vector<unsigned char>& buffer)
|
||||||
|
{
|
||||||
|
std::ostringstream ostr;
|
||||||
|
Poco::Base64Encoder base64(ostr);
|
||||||
|
base64.rdbuf()->setLineLength(0);
|
||||||
|
base64.write(reinterpret_cast<const char*>(&buffer[0]), buffer.size());
|
||||||
|
base64.close();
|
||||||
|
return ostr.str();
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
std::vector<unsigned char> NTLMCredentials::fromBase64(const std::string& base64)
|
||||||
|
{
|
||||||
|
Poco::MemoryInputStream istr(base64.data(), base64.size());
|
||||||
|
Poco::Base64Decoder debase64(istr);
|
||||||
|
std::vector<unsigned char> buffer(base64.size());
|
||||||
|
debase64.read(reinterpret_cast<char*>(&buffer[0]), buffer.size());
|
||||||
|
buffer.resize(static_cast<std::size_t>(debase64.gcount()));
|
||||||
|
return buffer;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
} } // namespace Poco::Net
|
} } // namespace Poco::Net
|
||||||
|
@ -19,8 +19,9 @@
|
|||||||
#include "Poco/Net/SocketAddress.h"
|
#include "Poco/Net/SocketAddress.h"
|
||||||
#include "Poco/Net/SocketStream.h"
|
#include "Poco/Net/SocketStream.h"
|
||||||
#include "Poco/Net/NetException.h"
|
#include "Poco/Net/NetException.h"
|
||||||
#include "Poco/Environment.h"
|
|
||||||
#include "Poco/Net/NetworkInterface.h"
|
#include "Poco/Net/NetworkInterface.h"
|
||||||
|
#include "Poco/Net/NTLMCredentials.h"
|
||||||
|
#include "Poco/Environment.h"
|
||||||
#include "Poco/HMACEngine.h"
|
#include "Poco/HMACEngine.h"
|
||||||
#include "Poco/MD5Engine.h"
|
#include "Poco/MD5Engine.h"
|
||||||
#include "Poco/SHA1Engine.h"
|
#include "Poco/SHA1Engine.h"
|
||||||
@ -236,6 +237,52 @@ void SMTPClientSession::loginUsingXOAUTH2(const std::string& username, const std
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
void SMTPClientSession::loginUsingNTLM(const std::string& username, const std::string& password)
|
||||||
|
{
|
||||||
|
NTLMCredentials::NegotiateMessage negotiateMsg;
|
||||||
|
std::string user;
|
||||||
|
std::string domain;
|
||||||
|
NTLMCredentials::splitUsername(username, user, domain);
|
||||||
|
negotiateMsg.domain = domain;
|
||||||
|
std::vector<unsigned char> negotiateBuf = NTLMCredentials::formatNegotiateMessage(negotiateMsg);
|
||||||
|
|
||||||
|
std::string response;
|
||||||
|
int status = sendCommand("AUTH NTLM", NTLMCredentials::toBase64(negotiateBuf), response);
|
||||||
|
if (status == 334)
|
||||||
|
{
|
||||||
|
std::vector<unsigned char> buffer = NTLMCredentials::fromBase64(response);
|
||||||
|
NTLMCredentials::ChallengeMessage challengeMsg;
|
||||||
|
if (NTLMCredentials::parseChallengeMessage(&buffer[0], buffer.size(), challengeMsg))
|
||||||
|
{
|
||||||
|
if ((challengeMsg.flags & NTLMCredentials::NTLM_FLAG_NEGOTIATE_NTLM2_KEY) == 0)
|
||||||
|
{
|
||||||
|
throw SMTPException("Server does not support NTLMv2 authentication");
|
||||||
|
}
|
||||||
|
|
||||||
|
NTLMCredentials::AuthenticateMessage authenticateMsg;
|
||||||
|
authenticateMsg.flags = challengeMsg.flags;
|
||||||
|
authenticateMsg.target = challengeMsg.target;
|
||||||
|
authenticateMsg.username = user;
|
||||||
|
|
||||||
|
std::vector<unsigned char> lmNonce = NTLMCredentials::createNonce();
|
||||||
|
std::vector<unsigned char> ntlmNonce = NTLMCredentials::createNonce();
|
||||||
|
Poco::UInt64 timestamp = NTLMCredentials::createTimestamp();
|
||||||
|
std::vector<unsigned char> ntlm2Hash = NTLMCredentials::createNTLMv2Hash(user, challengeMsg.target, password);
|
||||||
|
|
||||||
|
authenticateMsg.lmResponse = NTLMCredentials::createLMv2Response(ntlm2Hash, challengeMsg.challenge, lmNonce);
|
||||||
|
authenticateMsg.ntlmResponse = NTLMCredentials::createNTLMv2Response(ntlm2Hash, challengeMsg.challenge, ntlmNonce, challengeMsg.targetInfo, timestamp);
|
||||||
|
|
||||||
|
std::vector<unsigned char> authenticateBuf = NTLMCredentials::formatAuthenticateMessage(authenticateMsg);
|
||||||
|
|
||||||
|
status = sendCommand(NTLMCredentials::toBase64(authenticateBuf), response);
|
||||||
|
if (status != 235) throw SMTPException("NTLM authentication failed", response, status);
|
||||||
|
}
|
||||||
|
else throw SMTPException("Invalid NTLM challenge");
|
||||||
|
}
|
||||||
|
else throw SMTPException("Server does not support NTLM authentication");
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
void SMTPClientSession::login(LoginMethod loginMethod, const std::string& username, const std::string& password)
|
void SMTPClientSession::login(LoginMethod loginMethod, const std::string& username, const std::string& password)
|
||||||
{
|
{
|
||||||
login(Environment::nodeName(), loginMethod, username, password);
|
login(Environment::nodeName(), loginMethod, username, password);
|
||||||
@ -287,6 +334,14 @@ void SMTPClientSession::login(const std::string& hostname, LoginMethod loginMeth
|
|||||||
}
|
}
|
||||||
else throw SMTPException("The mail service does not support XOAUTH2 authentication", response);
|
else throw SMTPException("The mail service does not support XOAUTH2 authentication", response);
|
||||||
}
|
}
|
||||||
|
else if (loginMethod == AUTH_NTLM)
|
||||||
|
{
|
||||||
|
if (response.find("NTLM", 0) != std::string::npos)
|
||||||
|
{
|
||||||
|
loginUsingNTLM(username, password);
|
||||||
|
}
|
||||||
|
else throw SMTPException("The mail service does not support NTLM authentication", response);
|
||||||
|
}
|
||||||
else if (loginMethod != AUTH_NONE)
|
else if (loginMethod != AUTH_NONE)
|
||||||
{
|
{
|
||||||
throw SMTPException("The autentication method is not supported");
|
throw SMTPException("The autentication method is not supported");
|
||||||
|
Loading…
Reference in New Issue
Block a user