mirror of
https://github.com/pocoproject/poco.git
synced 2024-12-12 18:20:26 +01:00
added NTLM authentication to SMTPClientSession
This commit is contained in:
Günter Obiltschnig
parent
32ef30384a
commit
fa84db6d65
@ -101,9 +101,6 @@ private:
|
||||
HTTPNTLMCredentials& operator = (const HTTPNTLMCredentials&);
|
||||
|
||||
std::string createNTLMMessage(const std::string& ntlmChallengeBase64);
|
||||
static void splitUsername(const std::string& usernameAndDomain, std::string& username, std::string& domain);
|
||||
static std::string toBase64(const std::vector<unsigned char>& buffer);
|
||||
static std::vector<unsigned char> fromBase64(const std::string& base64);
|
||||
|
||||
std::string _username;
|
||||
std::string _password;
|
||||
|
||||
@ -160,6 +160,16 @@ public:
|
||||
static void writeBufferDesc(Poco::BinaryWriter& writer, const BufferDesc& desc);
|
||||
/// Writes a buffer descriptor.
|
||||
|
||||
static void splitUsername(const std::string& usernameAndDomain, std::string& username, std::string& domain);
|
||||
/// Splits a username containing a domain into plain username and domain.
|
||||
/// Supported formats are <DOMAIN>\<username> and <username>@<DOMAIN>.
|
||||
|
||||
static std::string toBase64(const std::vector<unsigned char>& buffer);
|
||||
/// Converts the buffer to a base64-encoded string.
|
||||
|
||||
static std::vector<unsigned char> fromBase64(const std::string& base64);
|
||||
/// Decodes the given base64-encoded string.
|
||||
|
||||
static const std::string NTLMSSP;
|
||||
/// Message signature string.
|
||||
};
|
||||
|
||||
@ -51,7 +51,8 @@ public:
|
||||
AUTH_CRAM_SHA1,
|
||||
AUTH_LOGIN,
|
||||
AUTH_PLAIN,
|
||||
AUTH_XOAUTH2
|
||||
AUTH_XOAUTH2,
|
||||
AUTH_NTLM
|
||||
};
|
||||
|
||||
explicit SMTPClientSession(const StreamSocket& socket);
|
||||
@ -184,6 +185,7 @@ protected:
|
||||
void loginUsingLogin(const std::string& username, const std::string& password);
|
||||
void loginUsingPlain(const std::string& username, const std::string& password);
|
||||
void loginUsingXOAUTH2(const std::string& username, const std::string& password);
|
||||
void loginUsingNTLM(const std::string& username, const std::string& password);
|
||||
DialogSocket& socket();
|
||||
|
||||
private:
|
||||
|
||||
@ -21,10 +21,6 @@
|
||||
#include "Poco/DateTime.h"
|
||||
#include "Poco/NumberFormatter.h"
|
||||
#include "Poco/Exception.h"
|
||||
#include "Poco/Base64Encoder.h"
|
||||
#include "Poco/Base64Decoder.h"
|
||||
#include "Poco/MemoryStream.h"
|
||||
#include <sstream>
|
||||
|
||||
|
||||
namespace Poco {
|
||||
@ -114,13 +110,13 @@ std::string HTTPNTLMCredentials::createNTLMMessage(const std::string& responseAu
|
||||
{
|
||||
NTLMCredentials::NegotiateMessage negotiateMsg;
|
||||
std::string username;
|
||||
splitUsername(_username, username, negotiateMsg.domain);
|
||||
NTLMCredentials::splitUsername(_username, username, negotiateMsg.domain);
|
||||
std::vector<unsigned char> negotiateBuf = NTLMCredentials::formatNegotiateMessage(negotiateMsg);
|
||||
return toBase64(negotiateBuf);
|
||||
return NTLMCredentials::toBase64(negotiateBuf);
|
||||
}
|
||||
else
|
||||
{
|
||||
std::vector<unsigned char> buffer = fromBase64(responseAuthParams);
|
||||
std::vector<unsigned char> buffer = NTLMCredentials::fromBase64(responseAuthParams);
|
||||
NTLMCredentials::ChallengeMessage challengeMsg;
|
||||
if (NTLMCredentials::parseChallengeMessage(&buffer[0], buffer.size(), challengeMsg))
|
||||
{
|
||||
@ -131,7 +127,7 @@ std::string HTTPNTLMCredentials::createNTLMMessage(const std::string& responseAu
|
||||
|
||||
std::string username;
|
||||
std::string domain;
|
||||
splitUsername(_username, username, domain);
|
||||
NTLMCredentials::splitUsername(_username, username, domain);
|
||||
|
||||
NTLMCredentials::AuthenticateMessage authenticateMsg;
|
||||
authenticateMsg.flags = challengeMsg.flags;
|
||||
@ -147,56 +143,11 @@ std::string HTTPNTLMCredentials::createNTLMMessage(const std::string& responseAu
|
||||
authenticateMsg.ntlmResponse = NTLMCredentials::createNTLMv2Response(ntlm2Hash, challengeMsg.challenge, ntlmNonce, challengeMsg.targetInfo, timestamp);
|
||||
|
||||
std::vector<unsigned char> authenticateBuf = NTLMCredentials::formatAuthenticateMessage(authenticateMsg);
|
||||
return toBase64(authenticateBuf);
|
||||
return NTLMCredentials::toBase64(authenticateBuf);
|
||||
}
|
||||
else throw HTTPException("Invalid NTLM challenge");
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
void HTTPNTLMCredentials::splitUsername(const std::string& usernameAndDomain, std::string& username, std::string& domain)
|
||||
{
|
||||
std::string::size_type pos = usernameAndDomain.find('\\');
|
||||
if (pos != std::string::npos)
|
||||
{
|
||||
domain.assign(usernameAndDomain, 0, pos);
|
||||
username.assign(usernameAndDomain, pos + 1, std::string::npos);
|
||||
return;
|
||||
}
|
||||
else
|
||||
{
|
||||
pos = usernameAndDomain.find('@');
|
||||
if (pos != std::string::npos)
|
||||
{
|
||||
username.assign(usernameAndDomain, 0, pos);
|
||||
domain.assign(usernameAndDomain, pos + 1, std::string::npos);
|
||||
return;
|
||||
}
|
||||
}
|
||||
username = usernameAndDomain;
|
||||
}
|
||||
|
||||
|
||||
std::string HTTPNTLMCredentials::toBase64(const std::vector<unsigned char>& buffer)
|
||||
{
|
||||
std::ostringstream ostr;
|
||||
Poco::Base64Encoder base64(ostr);
|
||||
base64.rdbuf()->setLineLength(0);
|
||||
base64.write(reinterpret_cast<const char*>(&buffer[0]), buffer.size());
|
||||
base64.close();
|
||||
return ostr.str();
|
||||
}
|
||||
|
||||
|
||||
std::vector<unsigned char> HTTPNTLMCredentials::fromBase64(const std::string& base64)
|
||||
{
|
||||
Poco::MemoryInputStream istr(base64.data(), base64.size());
|
||||
Poco::Base64Decoder debase64(istr);
|
||||
std::vector<unsigned char> buffer(base64.size());
|
||||
debase64.read(reinterpret_cast<char*>(&buffer[0]), buffer.size());
|
||||
buffer.resize(static_cast<std::size_t>(debase64.gcount()));
|
||||
return buffer;
|
||||
}
|
||||
|
||||
|
||||
} } // namespace Poco::Net
|
||||
|
||||
@ -25,6 +25,9 @@
|
||||
#include "Poco/Random.h"
|
||||
#include "Poco/Timestamp.h"
|
||||
#include "Poco/MemoryStream.h"
|
||||
#include "Poco/Base64Encoder.h"
|
||||
#include "Poco/Base64Decoder.h"
|
||||
#include <sstream>
|
||||
#include <cstring>
|
||||
|
||||
|
||||
@ -326,4 +329,49 @@ void NTLMCredentials::writeBufferDesc(Poco::BinaryWriter& writer, const BufferDe
|
||||
}
|
||||
|
||||
|
||||
void NTLMCredentials::splitUsername(const std::string& usernameAndDomain, std::string& username, std::string& domain)
|
||||
{
|
||||
std::string::size_type pos = usernameAndDomain.find('\\');
|
||||
if (pos != std::string::npos)
|
||||
{
|
||||
domain.assign(usernameAndDomain, 0, pos);
|
||||
username.assign(usernameAndDomain, pos + 1, std::string::npos);
|
||||
return;
|
||||
}
|
||||
else
|
||||
{
|
||||
pos = usernameAndDomain.find('@');
|
||||
if (pos != std::string::npos)
|
||||
{
|
||||
username.assign(usernameAndDomain, 0, pos);
|
||||
domain.assign(usernameAndDomain, pos + 1, std::string::npos);
|
||||
return;
|
||||
}
|
||||
}
|
||||
username = usernameAndDomain;
|
||||
}
|
||||
|
||||
|
||||
std::string NTLMCredentials::toBase64(const std::vector<unsigned char>& buffer)
|
||||
{
|
||||
std::ostringstream ostr;
|
||||
Poco::Base64Encoder base64(ostr);
|
||||
base64.rdbuf()->setLineLength(0);
|
||||
base64.write(reinterpret_cast<const char*>(&buffer[0]), buffer.size());
|
||||
base64.close();
|
||||
return ostr.str();
|
||||
}
|
||||
|
||||
|
||||
std::vector<unsigned char> NTLMCredentials::fromBase64(const std::string& base64)
|
||||
{
|
||||
Poco::MemoryInputStream istr(base64.data(), base64.size());
|
||||
Poco::Base64Decoder debase64(istr);
|
||||
std::vector<unsigned char> buffer(base64.size());
|
||||
debase64.read(reinterpret_cast<char*>(&buffer[0]), buffer.size());
|
||||
buffer.resize(static_cast<std::size_t>(debase64.gcount()));
|
||||
return buffer;
|
||||
}
|
||||
|
||||
|
||||
} } // namespace Poco::Net
|
||||
|
||||
@ -19,8 +19,9 @@
|
||||
#include "Poco/Net/SocketAddress.h"
|
||||
#include "Poco/Net/SocketStream.h"
|
||||
#include "Poco/Net/NetException.h"
|
||||
#include "Poco/Environment.h"
|
||||
#include "Poco/Net/NetworkInterface.h"
|
||||
#include "Poco/Net/NTLMCredentials.h"
|
||||
#include "Poco/Environment.h"
|
||||
#include "Poco/HMACEngine.h"
|
||||
#include "Poco/MD5Engine.h"
|
||||
#include "Poco/SHA1Engine.h"
|
||||
@ -236,6 +237,52 @@ void SMTPClientSession::loginUsingXOAUTH2(const std::string& username, const std
|
||||
}
|
||||
|
||||
|
||||
void SMTPClientSession::loginUsingNTLM(const std::string& username, const std::string& password)
|
||||
{
|
||||
NTLMCredentials::NegotiateMessage negotiateMsg;
|
||||
std::string user;
|
||||
std::string domain;
|
||||
NTLMCredentials::splitUsername(username, user, domain);
|
||||
negotiateMsg.domain = domain;
|
||||
std::vector<unsigned char> negotiateBuf = NTLMCredentials::formatNegotiateMessage(negotiateMsg);
|
||||
|
||||
std::string response;
|
||||
int status = sendCommand("AUTH NTLM", NTLMCredentials::toBase64(negotiateBuf), response);
|
||||
if (status == 334)
|
||||
{
|
||||
std::vector<unsigned char> buffer = NTLMCredentials::fromBase64(response);
|
||||
NTLMCredentials::ChallengeMessage challengeMsg;
|
||||
if (NTLMCredentials::parseChallengeMessage(&buffer[0], buffer.size(), challengeMsg))
|
||||
{
|
||||
if ((challengeMsg.flags & NTLMCredentials::NTLM_FLAG_NEGOTIATE_NTLM2_KEY) == 0)
|
||||
{
|
||||
throw SMTPException("Server does not support NTLMv2 authentication");
|
||||
}
|
||||
|
||||
NTLMCredentials::AuthenticateMessage authenticateMsg;
|
||||
authenticateMsg.flags = challengeMsg.flags;
|
||||
authenticateMsg.target = challengeMsg.target;
|
||||
authenticateMsg.username = user;
|
||||
|
||||
std::vector<unsigned char> lmNonce = NTLMCredentials::createNonce();
|
||||
std::vector<unsigned char> ntlmNonce = NTLMCredentials::createNonce();
|
||||
Poco::UInt64 timestamp = NTLMCredentials::createTimestamp();
|
||||
std::vector<unsigned char> ntlm2Hash = NTLMCredentials::createNTLMv2Hash(user, challengeMsg.target, password);
|
||||
|
||||
authenticateMsg.lmResponse = NTLMCredentials::createLMv2Response(ntlm2Hash, challengeMsg.challenge, lmNonce);
|
||||
authenticateMsg.ntlmResponse = NTLMCredentials::createNTLMv2Response(ntlm2Hash, challengeMsg.challenge, ntlmNonce, challengeMsg.targetInfo, timestamp);
|
||||
|
||||
std::vector<unsigned char> authenticateBuf = NTLMCredentials::formatAuthenticateMessage(authenticateMsg);
|
||||
|
||||
status = sendCommand(NTLMCredentials::toBase64(authenticateBuf), response);
|
||||
if (status != 235) throw SMTPException("NTLM authentication failed", response, status);
|
||||
}
|
||||
else throw SMTPException("Invalid NTLM challenge");
|
||||
}
|
||||
else throw SMTPException("Server does not support NTLM authentication");
|
||||
}
|
||||
|
||||
|
||||
void SMTPClientSession::login(LoginMethod loginMethod, const std::string& username, const std::string& password)
|
||||
{
|
||||
login(Environment::nodeName(), loginMethod, username, password);
|
||||
@ -287,6 +334,14 @@ void SMTPClientSession::login(const std::string& hostname, LoginMethod loginMeth
|
||||
}
|
||||
else throw SMTPException("The mail service does not support XOAUTH2 authentication", response);
|
||||
}
|
||||
else if (loginMethod == AUTH_NTLM)
|
||||
{
|
||||
if (response.find("NTLM", 0) != std::string::npos)
|
||||
{
|
||||
loginUsingNTLM(username, password);
|
||||
}
|
||||
else throw SMTPException("The mail service does not support NTLM authentication", response);
|
||||
}
|
||||
else if (loginMethod != AUTH_NONE)
|
||||
{
|
||||
throw SMTPException("The autentication method is not supported");
|
||||
|
||||
Loading…
Reference in New Issue
Block a user