[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[elpa] externals/url-http-ntlm a55ae6c 01/42: url-http-ntlm: New package
From: |
Stefan Monnier |
Subject: |
[elpa] externals/url-http-ntlm a55ae6c 01/42: url-http-ntlm: New package |
Date: |
Sat, 28 Nov 2020 17:19:42 -0500 (EST) |
branch: externals/url-http-ntlm
commit a55ae6c54212fa240330833a730c5a405b446a62
Author: Tom Schutzer-Weissmann <tom.weissmann@gmail.com>
Commit: Thomas Fitzsimmons <fitzsim@fitzsim.org>
url-http-ntlm: New package
* url-http-ntlm.el: Import from
https://url-http-ntlm.googlecode.com/svn/trunk/url-http-ntlm.el,
revision r2.
---
url-http-ntlm.el | 213 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 213 insertions(+)
diff --git a/url-http-ntlm.el b/url-http-ntlm.el
new file mode 100644
index 0000000..b1cc645
--- /dev/null
+++ b/url-http-ntlm.el
@@ -0,0 +1,213 @@
+;;; url-http-ntlm.el --- NTLM authentication for the url library
+
+;; Copyright (C) 2008 Tom Schutzer-Weissmann
+
+;; Author: Tom Schutzer-Weissmann <tom@schutzer-weissmann.net>
+;; Keywords: comm, data, processes, hypermedia
+
+;; This program is free software; you can redistribute it and/or modify
+;; it under the terms of the GNU General Public License as published by
+;; the Free Software Foundation, either version 3 of the License, or
+;; (at your option) any later version.
+
+;; This program is distributed in the hope that it will be useful,
+;; but WITHOUT ANY WARRANTY; without even the implied warranty of
+;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+;; GNU General Public License for more details.
+
+;; You should have received a copy of the GNU General Public License
+;; along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+;;; Commentary:
+;;
+;; This package provides a NTLM handler for the URL package.
+;; It supports one username and password per server.
+;;
+;; Installation:
+;;
+;; Add the directory containing this file to the load path and then load the
url-http-ntlm
+;; package. One way would be to add something like the lines below to your
.emacs file:
+;;
+;; (add-to-list 'load-path ".emacs.d/url-http-ntlm")
+;; (require 'url-http-ntlm)
+;;
+;; Acknowledgements:
+;;
+;; Taro Kawagishi <tarok@transpulse.org> wrote ntlm.el and md4.el, which are
parts of FLIM
+;; (Faithful Library about Internet Message).
+;;
+;; http://stuff.mit.edu/afs/sipb/contrib/emacs/packages/flim-1.14.7/ntlm.el
+;; http://stuff.mit.edu/afs/sipb/contrib/emacs/packages/flim-1.14.7/md4.el
+
+;;; Code:
+(require 'url-auth)
+(require 'url-http)
+(require 'mail-parse)
+(require 'cl)
+(require 'ntlm)
+
+(defvar url-http-ntlm-auth-storage nil
+ "Authentication storage. An alist that maps a server name
+to a pair of \(<username> <ntlm hashes>\).
+
+The hashes are built using `ntlm-get-password-hashes'.
+The username can contain the domain name, in the form \"user@domain\".
+
+Note that for any server, only one user and password is ever stored.")
+
+(defun url-ntlm-auth (url &optional prompt overwrite realm args)
+ "Get the contents of the Authorization header for a HTTP
+ response using NTLM authentication, to access URL. Because
+ NTLM is a two-step process, this function expects to be called
+ twice, first to generate the NTLM type 1 message (request),
+ then to respond to the server's type 2 message (challenge) with
+ a suitable response.
+
+ PROMPT, OVERWRITE, and REALM are ignored.
+
+ ARGS is expected to contain the WWW-Authentication header from
+ the server's last response. These are used by
+ `url-http-get-stage' to determine what stage we are at."
+ (url-ntlm-ensure-keepalive)
+ (let ((stage (url-ntlm-get-stage args)))
+ (case stage
+ ;;
+ ;; NTLM Type 1 message: the request
+ (:request
+ (destructuring-bind (&optional server user hash)
+ (url-http-ntlm-authorisation url)
+ (when server
+ (url-http-ntlm-string (ntlm-build-auth-request user server)))))
+ ;;
+ ;; NTLM Type 3 message: the response
+ (:response
+ (let ((challenge (url-http-ntlm-get-challenge)))
+ (destructuring-bind (server user hash)
+ (url-http-ntlm-authorisation url)
+ (url-http-ntlm-string (ntlm-build-auth-response challenge
+ user
+ hash)))))
+ (:error
+ (url-http-ntlm-authorisation url :clear)))))
+
+
+(defun url-ntlm-ensure-keepalive ()
+ (assert url-http-attempt-keepalives
+ nil
+ "NTLM authentication won't work unless `url-http-attempt-keepalives'
is set!"))
+
+
+(defun url-ntlm-clean-headers ()
+ (setq url-http-extra-headers
+ (url-http-ntlm-rmssoc "Authorization" url-http-extra-headers)))
+
+
+(defvar url-ntlm-last-args nil
+ "Stores the last ARGS argument to `url-ntlm-get-stage' and the return value.
This is
+ used to detect multiple calls.")
+(make-variable-buffer-local 'url-ntlm-last-args)
+
+
+(defun url-ntlm-get-stage (args)
+ "Determine what stage of the NTLM handshake we are at.
+
+PROMPT and ARGS come from `url-ntlm-auth''s caller, `url-get-authentication'.
Their
+meaning depends on the current implementation - this function is well and
truly coupled...
+
+url-get-authentication' calls `url-ntlm-auth' once when checking what
authentication
+schemes are supported (PROMPT and ARGS are nil), and then twice for every
stage of the
+handshake: the first time PROMPT is nil, the second, t; ARGS contains the
server
+response's \"WWW-Authenticate\" header, munged by `url-parse-args'."
+ (let* ((response-rxp "^NTLM TlRMTVNTUAADAAA")
+ (challenge-rxp "^TLRMTVNTUAACAAA")
+ (auth-header (assoc "Authorization" url-http-extra-headers))
+ (case-fold-search t)
+ stage)
+ (if (eq args (car url-ntlm-last-args))
+ ;; multiple calls, return the same argument we returned last time
+ (cdr url-ntlm-last-args)
+ ;;
+ (let ((stage
+ (cond ((and auth-header (string-match response-rxp (cdr
auth-header)))
+ :error)
+ ((and (= (length args) 2)
+ (destructuring-bind (challenge ntlm) args
+ (and (string-equal "ntlm" (car ntlm))
+ (string-match challenge-rxp (car
challenge)))))
+ :response)
+ (t
+ :request))))
+ (url-ntlm-clean-headers)
+ (setq url-ntlm-last-args (cons args stage))
+ stage))))
+
+
+(defun url-http-ntlm-authorisation (url &optional clear)
+ "Get or clear NTLM authentication details for URL. If CLEAR is
+ non-nil, clear any saved credentials for server. Otherwise,
+ return the credentials, prompting the user if necessary.
+
+If URL contains a username and a password, they are used and
+stored credentials are not affected.
+
+Note that for any server, only one user and password is ever
+stored."
+ (let* ((href (if (stringp url)
+ (url-generic-parse-url url)
+ url))
+ (server (url-host href))
+ (user (url-user href))
+ (pass (url-password href))
+ (stored (assoc server url-http-ntlm-auth-storage))
+ (both (and user pass)))
+ (if clear
+ ;; clear
+ (unless both
+ (setq url-http-ntlm-auth-storage
+ (url-http-ntlm-rmssoc server url-http-ntlm-auth-storage))
+ nil)
+ ;; get
+ (if (or both
+ (and stored user (not (equal user (second stored))))
+ (not stored))
+ (let* ((user* (if both
+ user
+ (read-string (url-auth-user-prompt url realm)
+ (or user (user-real-login-name)))))
+ (pass* (if both
+ pass
+ (read-passwd "Password: ")))
+ (entry `(,server . (,user* ,(ntlm-get-password-hashes
pass*)))))
+ (unless both
+ (setq url-http-ntlm-auth-storage
+ (cons entry
+ (url-http-ntlm-rmssoc server
url-http-ntlm-auth-storage))))
+ entry)
+ ;;
+ stored))))
+
+
+(defun url-http-ntlm-get-challenge ()
+ "Return the NTLM Type-2 message in the WWW-Authenticate header,
+if it is there."
+ (save-restriction
+ (mail-narrow-to-head)
+ (let ((www-authenticate (mail-fetch-field "www-authenticate")))
+ (when (string-match "NTLM\\s-+\\(\\S-+\\)"
+ www-authenticate)
+ (base64-decode-string (match-string 1 www-authenticate))))))
+
+
+(defun url-http-ntlm-rmssoc (key alist)
+ (remove* key alist :key 'car :test 'equal))
+
+
+(defun url-http-ntlm-string (data)
+ (concat "NTLM " (base64-encode-string data :nobreak)))
+
+
+(url-register-auth-scheme "ntlm" nil 8)
+
+
+(provide 'url-http-ntlm)
+;;; url-http-ntlm.el ends here
- [elpa] externals/url-http-ntlm 2d0a650 16/42: url-http-ntlm.el: Add comment headings, (continued)
- [elpa] externals/url-http-ntlm 2d0a650 16/42: url-http-ntlm.el: Add comment headings, Stefan Monnier, 2020/11/28
- [elpa] externals/url-http-ntlm 334222c 14/42: url-http-ntlm.el (url-http-ntlm-last-args): Group defvar with others, Stefan Monnier, 2020/11/28
- [elpa] externals/url-http-ntlm 48849b1 31/42: url-http-ntlm.el: Update copyright years, Stefan Monnier, 2020/11/28
- [elpa] externals/url-http-ntlm d070501 29/42: url-http-ntlm: Add cl-lib to Package-Requires, Stefan Monnier, 2020/11/28
- [elpa] externals/url-http-ntlm b92ef48 37/42: url-http-ntlm: Bump ntlm required version to 2.1.0, Stefan Monnier, 2020/11/28
- [elpa] externals/url-http-ntlm c7587cb 39/42: url-http-ntlm.el: Omit user and domain in Type 1 message, Stefan Monnier, 2020/11/28
- [elpa] externals/url-http-ntlm 5ca617f 40/42: url-http-ntlm: Bump version to 2.0.4, Stefan Monnier, 2020/11/28
- [elpa] externals/url-http-ntlm ec0acb3 30/42: url-http-ntlm.el: Bump version to 2.0.0, Stefan Monnier, 2020/11/28
- [elpa] externals/url-http-ntlm 4c2295b 35/42: Fix some quoting problems in doc strings, Stefan Monnier, 2020/11/28
- [elpa] externals/url-http-ntlm f5276f1 42/42: * .gitignore: New file, Stefan Monnier, 2020/11/28
- [elpa] externals/url-http-ntlm a55ae6c 01/42: url-http-ntlm: New package,
Stefan Monnier <=
- [elpa] externals/url-http-ntlm 9c79150 02/42: url-http-ntlm: Remove trailing whitespace, Stefan Monnier, 2020/11/28
- [elpa] externals/url-http-ntlm 530faf7 04/42: url-http-ntlm: Wrap lines at column 80, Stefan Monnier, 2020/11/28
- [elpa] externals/url-http-ntlm 722e32f 05/42: url-http-ntlm: Fix checkdoc errors, Stefan Monnier, 2020/11/28
- [elpa] externals/url-http-ntlm dd393b8 12/42: url-http-ntlm: Use url-http-ntlm namespace consistently, Stefan Monnier, 2020/11/28
- [elpa] externals/url-http-ntlm 5c47391 13/42: url-http-ntlm.el (url-ntlm-auth): Move defun near end of file, Stefan Monnier, 2020/11/28
- [elpa] externals/url-http-ntlm 0dad577 08/42: url-http-ntlm.el: Update copyright owner and years, Stefan Monnier, 2020/11/28
- [elpa] externals/url-http-ntlm 9813aea 19/42: url-http-ntlm: Prevent infinite loops, Stefan Monnier, 2020/11/28
- [elpa] externals/url-http-ntlm be85e0a 21/42: url-http-ntlm: Declare url-http-extra-headers special, Stefan Monnier, 2020/11/28
- [elpa] externals/url-http-ntlm 790fbd3 25/42: url-http-ntlm: Change spelling of authorization function, Stefan Monnier, 2020/11/28
- [elpa] externals/url-http-ntlm 2aed8ca 22/42: url-http-ntlm: Autoload url-ntlm-auth and its registration, Stefan Monnier, 2020/11/28