Tomas Doran > Authen-NTLM-HTTP-0.33 > Authen::NTLM::HTTP

Download:
Authen-NTLM-HTTP-0.33.tar.gz

Dependencies

Annotate this POD

View/Report Bugs
Module Version: 0.33   Source  

NAME ^

Authen::NTLM::HTTP - Perl extension for NTLM-over-HTTP related computations

Background ^

NTLM-over-HTTP Handshake

Stage 1: Client requests a web page.

    1: C  --> S   GET ...

Stage 2: Server responds and says the client needs to authenticate in NTLM manner.

    2: C <--  S   401 Unauthorized
                  WWW-Authenticate: NTLM

Stage 3: Client responds with NTLM negotiate message that contains the identity and the domain of the client.

    3: C  --> S   GET ...
                  Authorization: NTLM <base64-encoded type-1-message>

Stage 4: Server challenges the client with a 8-bytes random number in the NTLM challenge message.

    4: C <--  S   401 Unauthorized
                  WWW-Authenticate: NTLM <base64-encoded type-2-message>

Stage 5: Client responds with a reply that uses its password to encrypt the 8-bytes random number.

    5: C  --> S   GET ...
                  Authorization: NTLM <base64-encoded type-3-message>

Stage 6: Authentication success. Server replies with the web page.

    6: C <--  S   200 Ok

SYNOPSIS ^

use Authen::NTLM (nt_hash lm_hash); use Authen::NTLM::HTTP;

    $my_pass = "mypassword";
# Note: To instantiate a client talking to a proxy, do
# $client = new_client Authen::NTLM::HTTP(lm_hash($my_pass), nt_hash($my_pass), Authen::NTLM::HTTP::NTLMSSP_HTTP_PROXY);
    $client = new_client Authen::NTLM::HTTP(lm_hash($my_pass), nt_hash($my_pass));

# Stage 3 scenario: creates NTLM negotiate message and then # append $negotiate_msg to one of the tag lines in your HTTP # request header

# To compose a NTLM Negotiate Packet $flags = Authen::NTLM::NTLMSSP_NEGOTIATE_ALWAYS_SIGN | Authen::NTLM::NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED | Authen::NTLM::NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED | Authen::NTLM::NTLMSSP_NEGOTIATE_NTLM | Authen::NTLM::NTLMSSP_NEGOTIATE_UNICODE | Authen::NTLM::NTLMSSP_NEGOTIATE_OEM $negotiate_msg = $client->http_negotiate($flags);

# Stage 4 scenario: extract the line contains "Authorization: NTLM " # in the HTTP header. # Parses NTLM negotiate message and then generates # the NTLM challenge message.

# To instantiate a server to parse a NTLM negotiation # and compose a NTLM challenge # Note: To instantiate a proxy, do # $server = new_server Authen::NTLM::HTTP(Authen::NTLM::HTTP::NTLMSSP_HTTP_PROXY); $server = new_server Authen::NTLM::HTTP;

    ($flags, $domain, $machine) =
        $server->http_parse_negotiate($negotiate_msg);

    $flags = Authen::NTLM::NTLMSSP_NEGOTIATE_ALWAYS_SIGN
           | Authen::NTLM::NTLMSSP_NEGOTIATE_NTLM
           | Authen::NTLM::NTLMSSP_NEGOTIATE_UNICODE;
    $challenge_msg = $server->http_challenge($flags);

# Stage 5 Scenario: Client receives NTLM challenge message # Extract the line that contains "WWW-Authenticate: NTLM " # Pass it to http_parse_challenge to obtain the nonce # Then use nonce to compose reply with http_auth

# client parse NTLM challenge ($domain, $flags, $nonce, $ctx_upper, $ctx_lower) = $client->http_parse_challenge($challenge_msg);

# To compose a NTLM Response Packet $flags = Authen::NTLM::NTLMSSP_NEGOTIATE_ALWAYS_SIGN | Authen::NTLM::NTLMSSP_NEGOTIATE_NTLM | Authen::NTLM::NTLMSSP_NEGOTIATE_UNICODE | Authen::NTLM::NTLMSSP_REQUEST_TARGET; $auth_msg = $client->http_auth($nonce, $flags);

# Stage 6 Scenario: Finally the server parses the reply # verify the authentication credentials.

# To parse a NTLM Response Packet ($flags, $lm_resp, $nt_resp, $user_domain, $username, $machine) = $server->http_parse_auth($auth_msg);

SEE ALSO ^

Authen::NTLM(3), MIME::Base64(3), perl(1), m4(1).

AUTHOR ^

This implementation was written by Yee Man Chan (ymc@yahoo.com). Copyright (c) 2002 Yee Man Chan. Some rights reserved.

LICENSE ^

This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

syntax highlighting: