added NTLM authentication to SMTPClientSession

This commit is contained in:
Günter Obiltschnig 2019-04-02 16:47:12 +02:00
parent 32ef30384a
commit fa84db6d65
6 changed files with 148 additions and 85 deletions

View File

@ -101,9 +101,6 @@ private:
HTTPNTLMCredentials& operator = (const HTTPNTLMCredentials&); HTTPNTLMCredentials& operator = (const HTTPNTLMCredentials&);
std::string createNTLMMessage(const std::string& ntlmChallengeBase64); std::string createNTLMMessage(const std::string& ntlmChallengeBase64);
static void splitUsername(const std::string& usernameAndDomain, std::string& username, std::string& domain);
static std::string toBase64(const std::vector<unsigned char>& buffer);
static std::vector<unsigned char> fromBase64(const std::string& base64);
std::string _username; std::string _username;
std::string _password; std::string _password;

View File

@ -160,6 +160,16 @@ public:
static void writeBufferDesc(Poco::BinaryWriter& writer, const BufferDesc& desc); static void writeBufferDesc(Poco::BinaryWriter& writer, const BufferDesc& desc);
/// Writes a buffer descriptor. /// Writes a buffer descriptor.
static void splitUsername(const std::string& usernameAndDomain, std::string& username, std::string& domain);
/// Splits a username containing a domain into plain username and domain.
/// Supported formats are <DOMAIN>\<username> and <username>@<DOMAIN>.
static std::string toBase64(const std::vector<unsigned char>& buffer);
/// Converts the buffer to a base64-encoded string.
static std::vector<unsigned char> fromBase64(const std::string& base64);
/// Decodes the given base64-encoded string.
static const std::string NTLMSSP; static const std::string NTLMSSP;
/// Message signature string. /// Message signature string.
}; };

View File

@ -51,7 +51,8 @@ public:
AUTH_CRAM_SHA1, AUTH_CRAM_SHA1,
AUTH_LOGIN, AUTH_LOGIN,
AUTH_PLAIN, AUTH_PLAIN,
AUTH_XOAUTH2 AUTH_XOAUTH2,
AUTH_NTLM
}; };
explicit SMTPClientSession(const StreamSocket& socket); explicit SMTPClientSession(const StreamSocket& socket);
@ -184,6 +185,7 @@ protected:
void loginUsingLogin(const std::string& username, const std::string& password); void loginUsingLogin(const std::string& username, const std::string& password);
void loginUsingPlain(const std::string& username, const std::string& password); void loginUsingPlain(const std::string& username, const std::string& password);
void loginUsingXOAUTH2(const std::string& username, const std::string& password); void loginUsingXOAUTH2(const std::string& username, const std::string& password);
void loginUsingNTLM(const std::string& username, const std::string& password);
DialogSocket& socket(); DialogSocket& socket();
private: private:

View File

@ -21,10 +21,6 @@
#include "Poco/DateTime.h" #include "Poco/DateTime.h"
#include "Poco/NumberFormatter.h" #include "Poco/NumberFormatter.h"
#include "Poco/Exception.h" #include "Poco/Exception.h"
#include "Poco/Base64Encoder.h"
#include "Poco/Base64Decoder.h"
#include "Poco/MemoryStream.h"
#include <sstream>
namespace Poco { namespace Poco {
@ -114,13 +110,13 @@ std::string HTTPNTLMCredentials::createNTLMMessage(const std::string& responseAu
{ {
NTLMCredentials::NegotiateMessage negotiateMsg; NTLMCredentials::NegotiateMessage negotiateMsg;
std::string username; std::string username;
splitUsername(_username, username, negotiateMsg.domain); NTLMCredentials::splitUsername(_username, username, negotiateMsg.domain);
std::vector<unsigned char> negotiateBuf = NTLMCredentials::formatNegotiateMessage(negotiateMsg); std::vector<unsigned char> negotiateBuf = NTLMCredentials::formatNegotiateMessage(negotiateMsg);
return toBase64(negotiateBuf); return NTLMCredentials::toBase64(negotiateBuf);
} }
else else
{ {
std::vector<unsigned char> buffer = fromBase64(responseAuthParams); std::vector<unsigned char> buffer = NTLMCredentials::fromBase64(responseAuthParams);
NTLMCredentials::ChallengeMessage challengeMsg; NTLMCredentials::ChallengeMessage challengeMsg;
if (NTLMCredentials::parseChallengeMessage(&buffer[0], buffer.size(), challengeMsg)) if (NTLMCredentials::parseChallengeMessage(&buffer[0], buffer.size(), challengeMsg))
{ {
@ -131,7 +127,7 @@ std::string HTTPNTLMCredentials::createNTLMMessage(const std::string& responseAu
std::string username; std::string username;
std::string domain; std::string domain;
splitUsername(_username, username, domain); NTLMCredentials::splitUsername(_username, username, domain);
NTLMCredentials::AuthenticateMessage authenticateMsg; NTLMCredentials::AuthenticateMessage authenticateMsg;
authenticateMsg.flags = challengeMsg.flags; authenticateMsg.flags = challengeMsg.flags;
@ -147,56 +143,11 @@ std::string HTTPNTLMCredentials::createNTLMMessage(const std::string& responseAu
authenticateMsg.ntlmResponse = NTLMCredentials::createNTLMv2Response(ntlm2Hash, challengeMsg.challenge, ntlmNonce, challengeMsg.targetInfo, timestamp); authenticateMsg.ntlmResponse = NTLMCredentials::createNTLMv2Response(ntlm2Hash, challengeMsg.challenge, ntlmNonce, challengeMsg.targetInfo, timestamp);
std::vector<unsigned char> authenticateBuf = NTLMCredentials::formatAuthenticateMessage(authenticateMsg); std::vector<unsigned char> authenticateBuf = NTLMCredentials::formatAuthenticateMessage(authenticateMsg);
return toBase64(authenticateBuf); return NTLMCredentials::toBase64(authenticateBuf);
} }
else throw HTTPException("Invalid NTLM challenge"); else throw HTTPException("Invalid NTLM challenge");
} }
} }
void HTTPNTLMCredentials::splitUsername(const std::string& usernameAndDomain, std::string& username, std::string& domain)
{
std::string::size_type pos = usernameAndDomain.find('\\');
if (pos != std::string::npos)
{
domain.assign(usernameAndDomain, 0, pos);
username.assign(usernameAndDomain, pos + 1, std::string::npos);
return;
}
else
{
pos = usernameAndDomain.find('@');
if (pos != std::string::npos)
{
username.assign(usernameAndDomain, 0, pos);
domain.assign(usernameAndDomain, pos + 1, std::string::npos);
return;
}
}
username = usernameAndDomain;
}
std::string HTTPNTLMCredentials::toBase64(const std::vector<unsigned char>& buffer)
{
std::ostringstream ostr;
Poco::Base64Encoder base64(ostr);
base64.rdbuf()->setLineLength(0);
base64.write(reinterpret_cast<const char*>(&buffer[0]), buffer.size());
base64.close();
return ostr.str();
}
std::vector<unsigned char> HTTPNTLMCredentials::fromBase64(const std::string& base64)
{
Poco::MemoryInputStream istr(base64.data(), base64.size());
Poco::Base64Decoder debase64(istr);
std::vector<unsigned char> buffer(base64.size());
debase64.read(reinterpret_cast<char*>(&buffer[0]), buffer.size());
buffer.resize(static_cast<std::size_t>(debase64.gcount()));
return buffer;
}
} } // namespace Poco::Net } } // namespace Poco::Net

View File

@ -25,6 +25,9 @@
#include "Poco/Random.h" #include "Poco/Random.h"
#include "Poco/Timestamp.h" #include "Poco/Timestamp.h"
#include "Poco/MemoryStream.h" #include "Poco/MemoryStream.h"
#include "Poco/Base64Encoder.h"
#include "Poco/Base64Decoder.h"
#include <sstream>
#include <cstring> #include <cstring>
@ -326,4 +329,49 @@ void NTLMCredentials::writeBufferDesc(Poco::BinaryWriter& writer, const BufferDe
} }
void NTLMCredentials::splitUsername(const std::string& usernameAndDomain, std::string& username, std::string& domain)
{
std::string::size_type pos = usernameAndDomain.find('\\');
if (pos != std::string::npos)
{
domain.assign(usernameAndDomain, 0, pos);
username.assign(usernameAndDomain, pos + 1, std::string::npos);
return;
}
else
{
pos = usernameAndDomain.find('@');
if (pos != std::string::npos)
{
username.assign(usernameAndDomain, 0, pos);
domain.assign(usernameAndDomain, pos + 1, std::string::npos);
return;
}
}
username = usernameAndDomain;
}
std::string NTLMCredentials::toBase64(const std::vector<unsigned char>& buffer)
{
std::ostringstream ostr;
Poco::Base64Encoder base64(ostr);
base64.rdbuf()->setLineLength(0);
base64.write(reinterpret_cast<const char*>(&buffer[0]), buffer.size());
base64.close();
return ostr.str();
}
std::vector<unsigned char> NTLMCredentials::fromBase64(const std::string& base64)
{
Poco::MemoryInputStream istr(base64.data(), base64.size());
Poco::Base64Decoder debase64(istr);
std::vector<unsigned char> buffer(base64.size());
debase64.read(reinterpret_cast<char*>(&buffer[0]), buffer.size());
buffer.resize(static_cast<std::size_t>(debase64.gcount()));
return buffer;
}
} } // namespace Poco::Net } } // namespace Poco::Net

View File

@ -19,8 +19,9 @@
#include "Poco/Net/SocketAddress.h" #include "Poco/Net/SocketAddress.h"
#include "Poco/Net/SocketStream.h" #include "Poco/Net/SocketStream.h"
#include "Poco/Net/NetException.h" #include "Poco/Net/NetException.h"
#include "Poco/Environment.h"
#include "Poco/Net/NetworkInterface.h" #include "Poco/Net/NetworkInterface.h"
#include "Poco/Net/NTLMCredentials.h"
#include "Poco/Environment.h"
#include "Poco/HMACEngine.h" #include "Poco/HMACEngine.h"
#include "Poco/MD5Engine.h" #include "Poco/MD5Engine.h"
#include "Poco/SHA1Engine.h" #include "Poco/SHA1Engine.h"
@ -236,6 +237,52 @@ void SMTPClientSession::loginUsingXOAUTH2(const std::string& username, const std
} }
void SMTPClientSession::loginUsingNTLM(const std::string& username, const std::string& password)
{
NTLMCredentials::NegotiateMessage negotiateMsg;
std::string user;
std::string domain;
NTLMCredentials::splitUsername(username, user, domain);
negotiateMsg.domain = domain;
std::vector<unsigned char> negotiateBuf = NTLMCredentials::formatNegotiateMessage(negotiateMsg);
std::string response;
int status = sendCommand("AUTH NTLM", NTLMCredentials::toBase64(negotiateBuf), response);
if (status == 334)
{
std::vector<unsigned char> buffer = NTLMCredentials::fromBase64(response);
NTLMCredentials::ChallengeMessage challengeMsg;
if (NTLMCredentials::parseChallengeMessage(&buffer[0], buffer.size(), challengeMsg))
{
if ((challengeMsg.flags & NTLMCredentials::NTLM_FLAG_NEGOTIATE_NTLM2_KEY) == 0)
{
throw SMTPException("Server does not support NTLMv2 authentication");
}
NTLMCredentials::AuthenticateMessage authenticateMsg;
authenticateMsg.flags = challengeMsg.flags;
authenticateMsg.target = challengeMsg.target;
authenticateMsg.username = user;
std::vector<unsigned char> lmNonce = NTLMCredentials::createNonce();
std::vector<unsigned char> ntlmNonce = NTLMCredentials::createNonce();
Poco::UInt64 timestamp = NTLMCredentials::createTimestamp();
std::vector<unsigned char> ntlm2Hash = NTLMCredentials::createNTLMv2Hash(user, challengeMsg.target, password);
authenticateMsg.lmResponse = NTLMCredentials::createLMv2Response(ntlm2Hash, challengeMsg.challenge, lmNonce);
authenticateMsg.ntlmResponse = NTLMCredentials::createNTLMv2Response(ntlm2Hash, challengeMsg.challenge, ntlmNonce, challengeMsg.targetInfo, timestamp);
std::vector<unsigned char> authenticateBuf = NTLMCredentials::formatAuthenticateMessage(authenticateMsg);
status = sendCommand(NTLMCredentials::toBase64(authenticateBuf), response);
if (status != 235) throw SMTPException("NTLM authentication failed", response, status);
}
else throw SMTPException("Invalid NTLM challenge");
}
else throw SMTPException("Server does not support NTLM authentication");
}
void SMTPClientSession::login(LoginMethod loginMethod, const std::string& username, const std::string& password) void SMTPClientSession::login(LoginMethod loginMethod, const std::string& username, const std::string& password)
{ {
login(Environment::nodeName(), loginMethod, username, password); login(Environment::nodeName(), loginMethod, username, password);
@ -287,6 +334,14 @@ void SMTPClientSession::login(const std::string& hostname, LoginMethod loginMeth
} }
else throw SMTPException("The mail service does not support XOAUTH2 authentication", response); else throw SMTPException("The mail service does not support XOAUTH2 authentication", response);
} }
else if (loginMethod == AUTH_NTLM)
{
if (response.find("NTLM", 0) != std::string::npos)
{
loginUsingNTLM(username, password);
}
else throw SMTPException("The mail service does not support NTLM authentication", response);
}
else if (loginMethod != AUTH_NONE) else if (loginMethod != AUTH_NONE)
{ {
throw SMTPException("The autentication method is not supported"); throw SMTPException("The autentication method is not supported");