2015-08-27 20:38:35 +00:00
|
|
|
package lfs
|
|
|
|
|
|
|
|
import (
|
|
|
|
"bytes"
|
2015-10-05 19:26:39 +00:00
|
|
|
"encoding/base64"
|
2015-10-07 18:30:53 +00:00
|
|
|
"errors"
|
2015-10-16 15:06:17 +00:00
|
|
|
"fmt"
|
2015-10-05 19:26:39 +00:00
|
|
|
"io"
|
2015-08-27 20:38:35 +00:00
|
|
|
"io/ioutil"
|
2015-10-05 19:26:39 +00:00
|
|
|
"net/http"
|
2015-10-05 19:38:16 +00:00
|
|
|
"strings"
|
2015-11-06 17:53:56 +00:00
|
|
|
|
|
|
|
"github.com/github/git-lfs/vendor/_nuts/github.com/ThomsonReutersEikon/go-ntlm/ntlm"
|
2015-08-27 20:38:35 +00:00
|
|
|
)
|
|
|
|
|
2015-10-07 18:30:53 +00:00
|
|
|
func (c *Configuration) ntlmClientSession(creds Creds) (ntlm.ClientSession, error) {
|
2015-08-27 20:38:35 +00:00
|
|
|
if c.ntlmSession != nil {
|
2015-10-07 18:30:53 +00:00
|
|
|
return c.ntlmSession, nil
|
2015-08-27 20:38:35 +00:00
|
|
|
}
|
2015-10-05 19:38:16 +00:00
|
|
|
splits := strings.Split(creds["username"], "\\")
|
2015-10-07 20:54:23 +00:00
|
|
|
|
|
|
|
if len(splits) != 2 {
|
2015-10-16 15:06:17 +00:00
|
|
|
errorMessage := fmt.Sprintf("Your user name must be of the form DOMAIN\\user. It is currently %s", creds["username"], "string")
|
|
|
|
return nil, errors.New(errorMessage)
|
2015-10-07 18:30:53 +00:00
|
|
|
}
|
2015-10-07 20:54:23 +00:00
|
|
|
|
2015-10-08 20:18:24 +00:00
|
|
|
session, err := ntlm.CreateClientSession(ntlm.Version2, ntlm.ConnectionOrientedMode)
|
2015-10-07 20:54:23 +00:00
|
|
|
|
|
|
|
if err != nil {
|
2015-10-07 18:30:53 +00:00
|
|
|
return nil, err
|
|
|
|
}
|
2015-10-07 20:54:23 +00:00
|
|
|
|
2015-10-05 19:55:24 +00:00
|
|
|
session.SetUserInfo(splits[1], creds["password"], strings.ToUpper(splits[0]))
|
2015-08-27 20:38:35 +00:00
|
|
|
c.ntlmSession = session
|
2015-10-07 18:30:53 +00:00
|
|
|
return session, nil
|
2015-08-27 20:38:35 +00:00
|
|
|
}
|
|
|
|
|
2015-10-07 20:54:23 +00:00
|
|
|
func DoNTLMRequest(request *http.Request, retry bool) (*http.Response, error) {
|
2015-10-07 18:30:53 +00:00
|
|
|
handReq, err := cloneRequest(request)
|
2015-10-07 20:54:23 +00:00
|
|
|
if err != nil {
|
2015-10-07 18:30:53 +00:00
|
|
|
return nil, err
|
|
|
|
}
|
2015-10-07 20:54:23 +00:00
|
|
|
|
2015-11-06 18:20:27 +00:00
|
|
|
res, err := Config.HttpClient().Do(handReq)
|
2015-10-07 20:54:23 +00:00
|
|
|
if err != nil && res == nil {
|
2015-10-08 20:18:24 +00:00
|
|
|
return nil, err
|
2015-10-07 18:30:53 +00:00
|
|
|
}
|
2015-10-05 19:26:39 +00:00
|
|
|
|
2015-08-27 20:38:35 +00:00
|
|
|
//If the status is 401 then we need to re-authenticate, otherwise it was successful
|
|
|
|
if res.StatusCode == 401 {
|
2015-10-07 20:54:23 +00:00
|
|
|
|
|
|
|
creds, err := getCredsForAPI(request)
|
|
|
|
if err != nil {
|
2015-10-07 18:30:53 +00:00
|
|
|
return nil, err
|
|
|
|
}
|
2015-10-07 20:54:23 +00:00
|
|
|
|
2015-10-07 18:30:53 +00:00
|
|
|
negotiateReq, err := cloneRequest(request)
|
2015-10-07 20:54:23 +00:00
|
|
|
if err != nil {
|
2015-10-07 18:30:53 +00:00
|
|
|
return nil, err
|
|
|
|
}
|
2015-10-07 20:54:23 +00:00
|
|
|
|
2015-11-06 18:24:17 +00:00
|
|
|
challengeMessage, err := negotiate(negotiateReq, ntlmNegotiateMessage)
|
2015-10-07 20:54:23 +00:00
|
|
|
if err != nil {
|
2015-10-07 18:30:53 +00:00
|
|
|
return nil, err
|
|
|
|
}
|
2015-10-07 20:54:23 +00:00
|
|
|
|
2015-10-07 18:30:53 +00:00
|
|
|
challengeReq, err := cloneRequest(request)
|
2015-10-07 20:54:23 +00:00
|
|
|
if err != nil {
|
2015-10-07 18:30:53 +00:00
|
|
|
return nil, err
|
|
|
|
}
|
2015-10-07 20:54:23 +00:00
|
|
|
|
2015-10-07 18:30:53 +00:00
|
|
|
res, err := challenge(challengeReq, challengeMessage, creds)
|
2015-10-07 20:54:23 +00:00
|
|
|
if err != nil {
|
2015-10-08 20:18:24 +00:00
|
|
|
return nil, err
|
2015-10-07 18:30:53 +00:00
|
|
|
}
|
2015-10-07 20:54:23 +00:00
|
|
|
|
2015-09-01 14:28:43 +00:00
|
|
|
//If the status is 401 then we need to re-authenticate
|
|
|
|
if res.StatusCode == 401 && retry == true {
|
|
|
|
return DoNTLMRequest(challengeReq, false)
|
|
|
|
}
|
2015-10-07 20:54:23 +00:00
|
|
|
|
|
|
|
saveCredentials(creds, res)
|
|
|
|
|
|
|
|
return res, nil
|
2015-08-27 20:38:35 +00:00
|
|
|
}
|
2015-10-08 20:18:24 +00:00
|
|
|
return res, nil
|
2015-08-27 20:38:35 +00:00
|
|
|
}
|
|
|
|
|
2015-10-07 20:54:23 +00:00
|
|
|
func negotiate(request *http.Request, message string) ([]byte, error) {
|
2015-08-27 20:38:35 +00:00
|
|
|
request.Header.Add("Authorization", message)
|
2015-10-08 20:18:24 +00:00
|
|
|
res, err := Config.HttpClient().Do(request)
|
|
|
|
|
2015-10-16 15:41:28 +00:00
|
|
|
if res == nil && err != nil {
|
2015-10-08 20:18:24 +00:00
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
2015-11-06 18:20:46 +00:00
|
|
|
io.Copy(ioutil.Discard, res.Body)
|
|
|
|
res.Body.Close()
|
2015-10-07 20:54:23 +00:00
|
|
|
|
2015-11-06 18:20:46 +00:00
|
|
|
ret, err := parseChallengeResponse(res)
|
2015-10-07 20:54:23 +00:00
|
|
|
if err != nil {
|
2015-10-07 18:30:53 +00:00
|
|
|
return nil, err
|
2015-08-27 20:38:35 +00:00
|
|
|
}
|
2015-10-07 20:54:23 +00:00
|
|
|
|
2015-10-16 15:41:28 +00:00
|
|
|
return ret, nil
|
2015-08-27 20:38:35 +00:00
|
|
|
}
|
|
|
|
|
2015-10-07 20:54:23 +00:00
|
|
|
func challenge(request *http.Request, challengeBytes []byte, creds Creds) (*http.Response, error) {
|
2015-08-27 20:38:35 +00:00
|
|
|
challenge, err := ntlm.ParseChallengeMessage(challengeBytes)
|
|
|
|
if err != nil {
|
2015-10-07 18:30:53 +00:00
|
|
|
return nil, err
|
|
|
|
}
|
2015-10-07 20:54:23 +00:00
|
|
|
|
2015-10-07 18:30:53 +00:00
|
|
|
session, err := Config.ntlmClientSession(creds)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
2015-08-27 20:38:35 +00:00
|
|
|
}
|
2015-10-07 20:54:23 +00:00
|
|
|
|
2015-10-07 18:30:53 +00:00
|
|
|
session.ProcessChallengeMessage(challenge)
|
|
|
|
authenticate, err := session.GenerateAuthenticateMessage()
|
2015-08-27 20:38:35 +00:00
|
|
|
if err != nil {
|
2015-10-07 18:30:53 +00:00
|
|
|
return nil, err
|
2015-08-27 20:38:35 +00:00
|
|
|
}
|
2015-10-07 20:54:23 +00:00
|
|
|
|
2015-11-06 18:20:27 +00:00
|
|
|
authMsg := base64.StdEncoding.EncodeToString(authenticate.Bytes())
|
|
|
|
request.Header.Add("Authorization", "NTLM "+authMsg)
|
2015-10-07 18:30:53 +00:00
|
|
|
return Config.HttpClient().Do(request)
|
2015-08-27 20:38:35 +00:00
|
|
|
}
|
|
|
|
|
2015-10-07 20:54:23 +00:00
|
|
|
func parseChallengeResponse(response *http.Response) ([]byte, error) {
|
2015-10-07 18:30:53 +00:00
|
|
|
header := response.Header.Get("Www-Authenticate")
|
2015-11-06 18:20:35 +00:00
|
|
|
if len(header) < 6 {
|
|
|
|
return nil, fmt.Errorf("Invalid NTLM challenge response: %q", header)
|
|
|
|
}
|
2015-10-07 20:54:23 +00:00
|
|
|
|
2015-10-07 18:30:53 +00:00
|
|
|
//parse out the "NTLM " at the beginning of the response
|
|
|
|
challenge := header[5:]
|
|
|
|
val, err := base64.StdEncoding.DecodeString(challenge)
|
2015-10-07 20:54:23 +00:00
|
|
|
|
|
|
|
if err != nil {
|
2015-10-07 18:30:53 +00:00
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
return []byte(val), nil
|
2015-08-27 20:38:35 +00:00
|
|
|
}
|
|
|
|
|
2015-10-07 18:30:53 +00:00
|
|
|
func cloneRequest(request *http.Request) (*http.Request, error) {
|
2015-11-06 18:49:13 +00:00
|
|
|
cloneReqBody, err := cloneRequestBody(request)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
2015-10-07 20:54:23 +00:00
|
|
|
|
2015-11-06 18:49:13 +00:00
|
|
|
clonedReq, err := http.NewRequest(request.Method, request.URL.String(), cloneReqBody)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
2015-10-07 20:54:23 +00:00
|
|
|
|
2015-11-06 18:49:13 +00:00
|
|
|
for k, _ := range request.Header {
|
|
|
|
clonedReq.Header.Add(k, request.Header.Get(k))
|
|
|
|
}
|
2015-10-07 20:54:23 +00:00
|
|
|
|
2015-11-06 18:49:13 +00:00
|
|
|
clonedReq.ContentLength = request.ContentLength
|
2015-10-07 20:54:23 +00:00
|
|
|
|
2015-11-06 18:49:13 +00:00
|
|
|
return clonedReq, nil
|
|
|
|
}
|
2015-10-07 20:54:23 +00:00
|
|
|
|
2015-11-06 18:49:13 +00:00
|
|
|
func cloneRequestBody(req *http.Request) (io.ReadCloser, error) {
|
|
|
|
if req.Body == nil {
|
|
|
|
return nil, nil
|
2015-08-31 18:34:17 +00:00
|
|
|
}
|
2015-10-07 20:54:23 +00:00
|
|
|
|
2015-11-06 18:49:13 +00:00
|
|
|
buf, err := ioutil.ReadAll(req.Body)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
2015-08-28 20:40:41 +00:00
|
|
|
}
|
2015-10-07 20:54:23 +00:00
|
|
|
|
2015-11-06 18:49:13 +00:00
|
|
|
req.Body = ioutil.NopCloser(bytes.NewBuffer(buf))
|
|
|
|
return ioutil.NopCloser(bytes.NewBuffer(buf)), nil
|
2015-08-28 20:40:41 +00:00
|
|
|
}
|
|
|
|
|
2015-11-06 18:24:17 +00:00
|
|
|
const ntlmNegotiateMessage = "NTLM TlRMTVNTUAABAAAAB7IIogwADAAzAAAACwALACgAAAAKAAAoAAAAD1dJTExISS1NQUlOTk9SVEhBTUVSSUNB"
|