Yee Man Chan > Authen-NTLM > Authen::NTLM::HTTP

Download:
Authen-NTLM-0.31.tar.gz

Dependencies

Annotate this POD

CPAN RT

Open  0
View/Report Bugs
Module Version: 0.31   Source  

NAME ^

Authen::NTLM::HTTP - Perl extension for NTLM-over-HTTP related computations

Background ^

NTLM-over-HTTP Handshake

Stage 1: Client requests a web page.

    1: C  --> S   GET ...

Stage 2: Server responds and says the client needs to authenticate in NTLM manner.

    2: C <--  S   401 Unauthorized
                  WWW-Authenticate: NTLM

Stage 3: Client responds with NTLM negotiate message that contains the identity and the domain of the client.

    3: C  --> S   GET ...
                  Authorization: NTLM <base64-encoded type-1-message>

Stage 4: Server challenges the client with a 8-bytes random number in the NTLM challenge message.

    4: C <--  S   401 Unauthorized
                  WWW-Authenticate: NTLM <base64-encoded type-2-message>

Stage 5: Client responds with a reply that uses its password to encrypt the 8-bytes random number.

    5: C  --> S   GET ...
                  Authorization: NTLM <base64-encoded type-3-message>

Stage 6: Authentication success. Server replies with the web page.

    6: C <--  S   200 Ok

SYNOPSIS ^

use Authen::NTLM (nt_hash lm_hash); use Authen::NTLM::HTTP;

    $my_pass = "mypassword";
# Note: To instantiate a client talking to a proxy, do 
# $client = new_client Authen::NTLM::HTTP(lm_hash($my_pass), nt_hash($my_pass), Authen::NTLM::HTTP::NTLMSSP_HTTP_PROXY);
    $client = new_client Authen::NTLM::HTTP(lm_hash($my_pass), nt_hash($my_pass));

# Stage 3 scenario: creates NTLM negotiate message and then # append $negotiate_msg to one of the tag lines in your HTTP # request header

# To compose a NTLM Negotiate Packet $flags = Authen::NTLM::NTLMSSP_NEGOTIATE_ALWAYS_SIGN | Authen::NTLM::NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED | Authen::NTLM::NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED | Authen::NTLM::NTLMSSP_NEGOTIATE_NTLM | Authen::NTLM::NTLMSSP_NEGOTIATE_UNICODE | Authen::NTLM::NTLMSSP_NEGOTIATE_OEM $negotiate_msg = $client->http_negotiate($flags);

# Stage 4 scenario: extract the line contains "Authorization: NTLM " # in the HTTP header. # Parses NTLM negotiate message and then generates # the NTLM challenge message.

# To instantiate a server to parse a NTLM negotiation # and compose a NTLM challenge # Note: To instantiate a proxy, do # $server = new_server Authen::NTLM::HTTP(Authen::NTLM::HTTP::NTLMSSP_HTTP_PROXY); $server = new_server Authen::NTLM::HTTP;

    ($flags, $domain, $machine) = 
        $server->http_parse_negotiate($negotiate_msg);

    $flags = Authen::NTLM::NTLMSSP_NEGOTIATE_ALWAYS_SIGN
           | Authen::NTLM::NTLMSSP_NEGOTIATE_NTLM
           | Authen::NTLM::NTLMSSP_NEGOTIATE_UNICODE;
    $challenge_msg = $server->http_challenge($flags);

# Stage 5 Scenario: Client receives NTLM challenge message # Extract the line that contains "WWW-Authenticate: NTLM " # Pass it to http_parse_challenge to obtain the nonce # Then use nonce to compose reply with http_auth

# client parse NTLM challenge ($domain, $flags, $nonce, $ctx_upper, $ctx_lower) = $client->http_parse_challenge($challenge_msg);

# To compose a NTLM Response Packet $flags = Authen::NTLM::NTLMSSP_NEGOTIATE_ALWAYS_SIGN | Authen::NTLM::NTLMSSP_NEGOTIATE_NTLM | Authen::NTLM::NTLMSSP_NEGOTIATE_UNICODE | Authen::NTLM::NTLMSSP_REQUEST_TARGET; $auth_msg = $client->http_auth($nonce, $flags);

# Stage 6 Scenario: Finally the server parses the reply # verify the authentication credentials.

# To parse a NTLM Response Packet ($flags, $lm_resp, $nt_resp, $user_domain, $username, $machine) = $server->http_parse_auth($auth_msg);

DESCRIPTION ^

This is an extension of the Authen::NTLM module written by Yee Man Chan. It was written due to popular requests. Yee Man Chan never tests it in any production environment but he is confident that it should work as expected.

DEPENDENCIES ^

To use this module, please install the following two modules:

1) Authen::NTLM module by Yee Man Chan (UMVUE)

2) MIME::Base64 module by Gisle Aas (GAAS).

TO-DO ^

Supposedly this implementation is complete. Improvements will be done on the underlying Authen::NTLM module. However, if you figure out something I missed, feel free to let me know.

BUGS ^

Nothing known.

AUTHOR ^

This implementation was written by Yee Man Chan (ymc@yahoo.com). Copyright (c) 2002 Yee Man Chan. All rights reserved. This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

SEE ALSO ^

Authen::NTLM(3), MIME::Base64(3), perl(1), m4(1).

syntax highlighting: