Added modified ntlm vendor lib (with fixed negotiation message)

2018-04-03 11:46:34 +02:00
parent 944b8a356d
commit 0c1c63e20e
23 changed files with 2996 additions and 0 deletions
--- a/src/calanonsync/vendor/github.com/vadimi/go-http-ntlm/LICENSE
+++ b/src/calanonsync/vendor/github.com/vadimi/go-http-ntlm/LICENSE
@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2016 Vadim Ivanou
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
--- a/src/calanonsync/vendor/github.com/vadimi/go-http-ntlm/negotiator.go
+++ b/src/calanonsync/vendor/github.com/vadimi/go-http-ntlm/negotiator.go
@@ -0,0 +1,45 @@
+package httpntlm
+
+import (
+	"encoding/base64"
+	"encoding/binary"
+)
+
+const (
+	negotiateUnicode    = 0x0001 // Text strings are in unicode
+	negotiateOEM        = 0x0002 // Text strings are in OEM
+	requestTarget       = 0x0004 // Server return its auth realm
+	negotiateSign       = 0x0010 // Request signature capability
+	negotiateSeal       = 0x0020 // Request confidentiality
+	negotiateLMKey      = 0x0080 // Generate session key
+	negotiateNTLM       = 0x0200 // NTLM authentication
+	negotiateLocalCall  = 0x4000 // client/server on same machine
+	negotiateAlwaysSign = 0x8000 // Sign for all security levels
+	negotiateIdentify   = 0x80000
+)
+
+var (
+	put32     = binary.LittleEndian.PutUint32
+	put16     = binary.LittleEndian.PutUint16
+	encBase64 = base64.StdEncoding.EncodeToString
+	decBase64 = base64.StdEncoding.DecodeString
+)
+
+// generates NTLM Negotiate type-1 message
+// for details see http://www.innovation.ch/personal/ronald/ntlm.html
+func negotiate() []byte {
+	ret := make([]byte, 32)
+	flags := negotiateAlwaysSign | negotiateNTLM | requestTarget | negotiateOEM | negotiateUnicode | negotiateIdentify
+
+	copy(ret, []byte("NTLMSSP\x00")) // protocol
+	put32(ret[8:], 1)                // type
+	put32(ret[12:], uint32(flags))   // flags
+	put16(ret[16:], 0)               // NT domain name length
+	put16(ret[18:], 0)               // NT domain name max length
+	put32(ret[20:], 20)              // NT domain name offset
+	put16(ret[24:], 0)               // local workstation name length
+	put16(ret[26:], 0)               // local workstation name max length
+	put32(ret[28:], 20)              // local workstation name offset
+
+	return ret
+}
--- a/src/calanonsync/vendor/github.com/vadimi/go-http-ntlm/ntlmtransport.go
+++ b/src/calanonsync/vendor/github.com/vadimi/go-http-ntlm/ntlmtransport.go
@@ -0,0 +1,103 @@
+package httpntlm
+
+import (
+	"crypto/tls"
+	"errors"
+	"io"
+	"io/ioutil"
+	"net"
+	"net/http"
+	"strings"
+	"time"
+
+	"github.com/ThomsonReutersEikon/go-ntlm/ntlm"
+)
+
+// NtlmTransport is implementation of http.RoundTripper interface
+type NtlmTransport struct {
+	TLSClientConfig *tls.Config
+	Domain          string
+	User            string
+	Password        string
+}
+
+// RoundTrip method send http request and tries to perform NTLM authentication
+func (t NtlmTransport) RoundTrip(req *http.Request) (res *http.Response, err error) {
+	// first send NTLM Negotiate header
+	r, _ := http.NewRequest("GET", req.URL.String(), strings.NewReader(""))
+	r.Header.Add("Authorization", "NTLM "+encBase64(negotiate()))
+
+	client := http.Client{Transport: &http.Transport{
+		Proxy: http.ProxyFromEnvironment,
+		DialContext: (&net.Dialer{
+			Timeout:   30 * time.Second,
+			KeepAlive: 30 * time.Second,
+			DualStack: true,
+		}).DialContext,
+		MaxIdleConns:          100,
+		IdleConnTimeout:       90 * time.Second,
+		TLSHandshakeTimeout:   10 * time.Second,
+		ExpectContinueTimeout: 1 * time.Second,
+		TLSClientConfig:       t.TLSClientConfig,
+	}}
+
+	resp, err := client.Do(r)
+	if err != nil {
+		return nil, err
+	}
+
+	if err == nil && resp.StatusCode == http.StatusUnauthorized {
+		// it's necessary to reuse the same http connection
+		// in order to do that it's required to read Body and close it
+		_, err = io.Copy(ioutil.Discard, resp.Body)
+		if err != nil {
+			return nil, err
+		}
+		err = resp.Body.Close()
+		if err != nil {
+			return nil, err
+		}
+
+		// retrieve Www-Authenticate header from response
+		ntlmChallengeHeader := resp.Header.Get("WWW-Authenticate")
+		if ntlmChallengeHeader == "" {
+			return nil, errors.New("Wrong WWW-Authenticate header")
+		}
+
+		ntlmChallengeString := strings.Replace(ntlmChallengeHeader, "NTLM ", "", -1)
+		challengeBytes, err := decBase64(ntlmChallengeString)
+		if err != nil {
+			return nil, err
+		}
+
+		session, err := ntlm.CreateClientSession(ntlm.Version2, ntlm.ConnectionlessMode)
+		if err != nil {
+			return nil, err
+		}
+
+		session.SetUserInfo(t.User, t.Password, t.Domain)
+
+		// parse NTLM challenge
+		challenge, err := ntlm.ParseChallengeMessage(challengeBytes)
+		if err != nil {
+			return nil, err
+		}
+
+		err = session.ProcessChallengeMessage(challenge)
+		if err != nil {
+			return nil, err
+		}
+
+		// authenticate user
+		authenticate, err := session.GenerateAuthenticateMessage()
+		if err != nil {
+			return nil, err
+		}
+
+		// set NTLM Authorization header
+		req.Header.Set("Authorization", "NTLM "+encBase64(authenticate.Bytes()))
+		resp, err = client.Do(req)
+	}
+
+	return resp, err
+}
--- a/src/calanonsync/vendor/github.com/vadimi/go-http-ntlm/readme.md
+++ b/src/calanonsync/vendor/github.com/vadimi/go-http-ntlm/readme.md
@@ -0,0 +1,53 @@
+# go-http-ntlm
+go-http-ntlm is a Go package that contains NTLM transport (`http.RoundTripper` implementation) for `http.Client` to make NTLM auth protected http requests.
+
+It is based on [https://github.com/ThomsonReutersEikon/go-ntlm](https://github.com/ThomsonReutersEikon/go-ntlm) library.
+
+
+## Usage example
+
+```go
+package main
+
+import (
+    "io/ioutil"
+    "log"
+    "net/http"
+    "strings"
+
+    "github.com/vadimi/go-http-ntlm"
+)
+
+func main() {
+
+    // configure http client
+    client := http.Client{
+        Transport: &httpntlm.NtlmTransport{
+            Domain:   "mydomain",
+            User:     "testuser",
+            Password: "fish",
+        },
+    }
+
+    req, err := http.NewRequest("GET", "http://server/ntlm-auth-resource", strings.NewReader(""))
+    resp, err := client.Do(req)
+
+    if err != nil {
+        log.Fatal(err)
+    }
+
+    defer func() {
+        err := resp.Body.Close()
+        if err != nil {
+            log.Fatal(err)
+        }
+    }()
+
+    body, err := ioutil.ReadAll(resp.Body)
+    if err != nil {
+        log.Fatal(err)
+    }
+
+    log.Println(body)
+}
+```