mirror of
https://github.com/pocoproject/poco.git
synced 2025-07-05 18:01:38 +02:00
154 lines
4.2 KiB
C++
154 lines
4.2 KiB
C++
//
|
|
// HTTPNTLMCredentials.cpp
|
|
//
|
|
// Library: Net
|
|
// Package: HTTP
|
|
// Module: HTTPNTLMCredentials
|
|
//
|
|
// Copyright (c) 2019, Applied Informatics Software Engineering GmbH.
|
|
// and Contributors.
|
|
//
|
|
// SPDX-License-Identifier: BSL-1.0
|
|
//
|
|
|
|
|
|
#include "Poco/Net/HTTPNTLMCredentials.h"
|
|
#include "Poco/Net/NTLMCredentials.h"
|
|
#include "Poco/Net/HTTPAuthenticationParams.h"
|
|
#include "Poco/Net/HTTPRequest.h"
|
|
#include "Poco/Net/HTTPResponse.h"
|
|
#include "Poco/Net/NetException.h"
|
|
#include "Poco/DateTime.h"
|
|
#include "Poco/NumberFormatter.h"
|
|
#include "Poco/Exception.h"
|
|
|
|
|
|
namespace Poco {
|
|
namespace Net {
|
|
|
|
|
|
const std::string HTTPNTLMCredentials::SCHEME = "NTLM";
|
|
|
|
|
|
HTTPNTLMCredentials::HTTPNTLMCredentials()
|
|
{
|
|
}
|
|
|
|
|
|
HTTPNTLMCredentials::HTTPNTLMCredentials(const std::string& username, const std::string& password):
|
|
_username(username),
|
|
_password(password)
|
|
{
|
|
}
|
|
|
|
|
|
HTTPNTLMCredentials::~HTTPNTLMCredentials()
|
|
{
|
|
}
|
|
|
|
|
|
void HTTPNTLMCredentials::reset()
|
|
{
|
|
}
|
|
|
|
|
|
void HTTPNTLMCredentials::setUsername(const std::string& username)
|
|
{
|
|
_username = username;
|
|
}
|
|
|
|
|
|
void HTTPNTLMCredentials::setPassword(const std::string& password)
|
|
{
|
|
_password = password;
|
|
}
|
|
|
|
|
|
void HTTPNTLMCredentials::authenticate(HTTPRequest& request, const HTTPResponse& response)
|
|
{
|
|
HTTPAuthenticationParams params(response);
|
|
authenticate(request, params.get(HTTPAuthenticationParams::NTLM, ""));
|
|
}
|
|
|
|
|
|
void HTTPNTLMCredentials::authenticate(HTTPRequest& request, const std::string& ntlmChallengeBase64)
|
|
{
|
|
std::string ntlmMessage = createNTLMMessage(ntlmChallengeBase64);
|
|
request.setCredentials(SCHEME, ntlmMessage);
|
|
}
|
|
|
|
|
|
void HTTPNTLMCredentials::updateAuthInfo(HTTPRequest& request)
|
|
{
|
|
request.removeCredentials();
|
|
}
|
|
|
|
|
|
void HTTPNTLMCredentials::proxyAuthenticate(HTTPRequest& request, const HTTPResponse& response)
|
|
{
|
|
HTTPAuthenticationParams params(response, HTTPAuthenticationParams::PROXY_AUTHENTICATE);
|
|
proxyAuthenticate(request, params.get(HTTPAuthenticationParams::NTLM, ""));
|
|
}
|
|
|
|
|
|
void HTTPNTLMCredentials::proxyAuthenticate(HTTPRequest& request, const std::string& ntlmChallengeBase64)
|
|
{
|
|
std::string ntlmMessage = createNTLMMessage(ntlmChallengeBase64);
|
|
request.setProxyCredentials(SCHEME, ntlmMessage);
|
|
}
|
|
|
|
|
|
void HTTPNTLMCredentials::updateProxyAuthInfo(HTTPRequest& request)
|
|
{
|
|
request.removeProxyCredentials();
|
|
}
|
|
|
|
|
|
std::string HTTPNTLMCredentials::createNTLMMessage(const std::string& responseAuthParams)
|
|
{
|
|
if (responseAuthParams.empty())
|
|
{
|
|
NTLMCredentials::NegotiateMessage negotiateMsg;
|
|
std::string username;
|
|
NTLMCredentials::splitUsername(_username, username, negotiateMsg.domain);
|
|
std::vector<unsigned char> negotiateBuf = NTLMCredentials::formatNegotiateMessage(negotiateMsg);
|
|
return NTLMCredentials::toBase64(negotiateBuf);
|
|
}
|
|
else
|
|
{
|
|
std::vector<unsigned char> buffer = NTLMCredentials::fromBase64(responseAuthParams);
|
|
NTLMCredentials::ChallengeMessage challengeMsg;
|
|
if (NTLMCredentials::parseChallengeMessage(&buffer[0], buffer.size(), challengeMsg))
|
|
{
|
|
if ((challengeMsg.flags & NTLMCredentials::NTLM_FLAG_NEGOTIATE_NTLM2_KEY) == 0)
|
|
{
|
|
throw HTTPException("Proxy does not support NTLMv2 authentication");
|
|
}
|
|
|
|
std::string username;
|
|
std::string domain;
|
|
NTLMCredentials::splitUsername(_username, username, domain);
|
|
|
|
NTLMCredentials::AuthenticateMessage authenticateMsg;
|
|
authenticateMsg.flags = challengeMsg.flags;
|
|
authenticateMsg.target = challengeMsg.target;
|
|
authenticateMsg.username = username;
|
|
|
|
std::vector<unsigned char> lmNonce = NTLMCredentials::createNonce();
|
|
std::vector<unsigned char> ntlmNonce = NTLMCredentials::createNonce();
|
|
Poco::UInt64 timestamp = NTLMCredentials::createTimestamp();
|
|
std::vector<unsigned char> ntlm2Hash = NTLMCredentials::createNTLMv2Hash(username, challengeMsg.target, _password);
|
|
|
|
authenticateMsg.lmResponse = NTLMCredentials::createLMv2Response(ntlm2Hash, challengeMsg.challenge, lmNonce);
|
|
authenticateMsg.ntlmResponse = NTLMCredentials::createNTLMv2Response(ntlm2Hash, challengeMsg.challenge, ntlmNonce, challengeMsg.targetInfo, timestamp);
|
|
|
|
std::vector<unsigned char> authenticateBuf = NTLMCredentials::formatAuthenticateMessage(authenticateMsg);
|
|
return NTLMCredentials::toBase64(authenticateBuf);
|
|
}
|
|
else throw HTTPException("Invalid NTLM challenge");
|
|
}
|
|
}
|
|
|
|
|
|
} } // namespace Poco::Net
|