git-lfs/lfs/ntlm.go

package lfs

import (
	"bytes"
	"encoding/base64"
	"errors"
	"github.com/github/git-lfs/vendor/_nuts/github.com/ThomsonReutersEikon/go-ntlm/ntlm"	
	"io"
	"io/ioutil"
	"net/http"
	"strings"
)

func (c *Configuration) ntlmClientSession(creds Creds) (ntlm.ClientSession, error) {
	
	if c.ntlmSession != nil {
		return c.ntlmSession, nil
	}
	
	splits := strings.Split(creds["username"], "\\")
	
	if(len(splits) != 2){
		return nil, errors.New("Your user name must be of the form DOMAIN\\user.")
	}
	
	var session, err  = ntlm.CreateClientSession(ntlm.Version2, ntlm.ConnectionOrientedMode)
	
	if(err != nil){
		return nil, err
	}
	
	session.SetUserInfo(splits[1], creds["password"], strings.ToUpper(splits[0]))
	
	c.ntlmSession = session
	
	return session, nil
}

func DoNTLMRequest(request *http.Request, retry bool) (*http.Response, error) {					
	handReq, err := cloneRequest(request)
	if(err != nil){
		return nil, err
	}
		
		
	res, err := InitHandShake(handReq)
	
	if(err != nil && res == nil){
		return res, err
	}

	//If the status is 401 then we need to re-authenticate, otherwise it was successful
	if res.StatusCode == 401 {
		
		creds, err := getCredsForNTLM(request)		
		if(err != nil){
			return nil, err
		}
		
		negotiateReq, err := cloneRequest(request)
		if(err != nil){
			return nil, err
		}
		
		challengeMessage, err := negotiate(negotiateReq, getNegotiateMessage())
		if(err != nil){
			return nil, err
		}
		
		challengeReq, err := cloneRequest(request)
		if(err != nil){
			return nil, err
		}
		
		res, err := challenge(challengeReq, challengeMessage, creds)
		if(err != nil){
			return res, err
		}
		
		//If the status is 401 then we need to re-authenticate
		if res.StatusCode == 401 && retry == true {
			return DoNTLMRequest(challengeReq, false)
		}
		
		saveCredentials(creds, res)	
		
		return res, nil	
	}
	return res, err	
}

func InitHandShake(request *http.Request) (*http.Response, error){
	return Config.HttpClient().Do(request)
}

func negotiate(request *http.Request, message string) ([]byte, error){
	request.Header.Add("Authorization", message)
	var res, err = Config.HttpClient().Do(request)
	defer io.Copy(ioutil.Discard, res.Body)
	defer res.Body.Close()
	
	if err != nil{
		return nil, err
	}
	
	return parseChallengeResponse(res)
}

func challenge(request *http.Request, challengeBytes []byte, creds Creds) (*http.Response, error){
	challenge, err := ntlm.ParseChallengeMessage(challengeBytes)
	
	if err != nil {
		return nil, err
	}
	
	session, err := Config.ntlmClientSession(creds)
	if err != nil {
		return nil, err
	}
	
	session.ProcessChallengeMessage(challenge)
	authenticate, err := session.GenerateAuthenticateMessage()
	
	if err != nil {
		return nil, err
	}
	
	authenticateMessage := concatS("NTLM ", base64.StdEncoding.EncodeToString(authenticate.Bytes()))
	request.Header.Add("Authorization", authenticateMessage)
	return Config.HttpClient().Do(request)
}

func parseChallengeResponse(response *http.Response) ([]byte, error){
	header := response.Header.Get("Www-Authenticate")
		
	//parse out the "NTLM " at the beginning of the response
	challenge := header[5:]
	val, err := base64.StdEncoding.DecodeString(challenge)
	
	if err != nil{
		return nil, err
	}
	return []byte(val), nil
}

func cloneRequest(request *http.Request) (*http.Request, error) {
	var rdr1, rdr2 myReader
	var clonedReq *http.Request
	var err error
	
	if request.Body != nil {
		//If we have a body (POST/PUT etc.)
		//We need to do some magic to copy the request without closing the body stream
		
		buf, err := ioutil.ReadAll(request.Body)
		
		if(err != nil){
			return nil, err
		}
		
		rdr1 = myReader{bytes.NewBuffer(buf)}
		rdr2 = myReader{bytes.NewBuffer(buf)}	
		request.Body = rdr2 // OK since rdr2 implements the io.ReadCloser interface	
		clonedReq, err = http.NewRequest(request.Method, request.URL.String(), rdr1)	
		
		if(err != nil){
			return nil, err
		}
		
	} else {
		clonedReq, err = http.NewRequest(request.Method, request.URL.String(), nil)
		
		if(err != nil){
			return nil, err
		}
	}
	
	for k, v := range request.Header {
		clonedReq.Header.Add(k,v[0])
	}
	
	clonedReq.ContentLength = request.ContentLength	
	
	return clonedReq, nil
}

func getNegotiateMessage() string{
	return "NTLM TlRMTVNTUAABAAAAB7IIogwADAAzAAAACwALACgAAAAKAAAoAAAAD1dJTExISS1NQUlOTk9SVEhBTUVSSUNB"
}

func concatS(ar ...string) string {
	
    var buffer bytes.Buffer

    for _, s := range ar{
        buffer.WriteString(s)
    }

    return buffer.String()
}

func concat(ar ...[]byte) []byte {
	return bytes.Join(ar, nil)
}

type myReader struct {
    *bytes.Buffer
}

// So that myReader implements the io.ReadCloser interface
func (m myReader) Close() error { return nil }
NTLM Toggle Switch and Basic Challenge/Response Code 2015-08-27 20:38:35 +00:00			`package lfs`

			`import (`
			`"bytes"`
Git Lfs NTLM Work * Switched the NTLM toggle to use the same url access pattern as private batch auth * Updated the NTLM session to pull the credentials from the cred helper 2015-10-05 19:26:39 +00:00			`"encoding/base64"`
Response to PR Feedback 2015-10-07 18:30:53 +00:00			`"errors"`
Update NTLM Import String To Vendor Location 2015-10-07 19:16:04 +00:00			`"github.com/github/git-lfs/vendor/_nuts/github.com/ThomsonReutersEikon/go-ntlm/ntlm"`
Git Lfs NTLM Work * Switched the NTLM toggle to use the same url access pattern as private batch auth * Updated the NTLM session to pull the credentials from the cred helper 2015-10-05 19:26:39 +00:00			`"io"`
NTLM Toggle Switch and Basic Challenge/Response Code 2015-08-27 20:38:35 +00:00			`"io/ioutil"`
Git Lfs NTLM Work * Switched the NTLM toggle to use the same url access pattern as private batch auth * Updated the NTLM session to pull the credentials from the cred helper 2015-10-05 19:26:39 +00:00			`"net/http"`
Adding Log To Split NTLM Domain and User 2015-10-05 19:38:16 +00:00			`"strings"`
NTLM Toggle Switch and Basic Challenge/Response Code 2015-08-27 20:38:35 +00:00			`)`

Response to PR Feedback 2015-10-07 18:30:53 +00:00			`func (c *Configuration) ntlmClientSession(creds Creds) (ntlm.ClientSession, error) {`
NTLM Toggle Switch and Basic Challenge/Response Code 2015-08-27 20:38:35 +00:00
			`if c.ntlmSession != nil {`
Response to PR Feedback 2015-10-07 18:30:53 +00:00			`return c.ntlmSession, nil`
NTLM Toggle Switch and Basic Challenge/Response Code 2015-08-27 20:38:35 +00:00			`}`

Adding Log To Split NTLM Domain and User 2015-10-05 19:38:16 +00:00			`splits := strings.Split(creds["username"], "\\")`
Response to PR Feedback 2015-10-07 18:30:53 +00:00
			`if(len(splits) != 2){`
			`return nil, errors.New("Your user name must be of the form DOMAIN\\user.")`
			`}`

			`var session, err = ntlm.CreateClientSession(ntlm.Version2, ntlm.ConnectionOrientedMode)`

			`if(err != nil){`
			`return nil, err`
			`}`

Fix NTLM Domain Handling Logic 2015-10-05 19:55:24 +00:00			`session.SetUserInfo(splits[1], creds["password"], strings.ToUpper(splits[0]))`
NTLM Toggle Switch and Basic Challenge/Response Code 2015-08-27 20:38:35 +00:00
			`c.ntlmSession = session`

Response to PR Feedback 2015-10-07 18:30:53 +00:00			`return session, nil`
NTLM Toggle Switch and Basic Challenge/Response Code 2015-08-27 20:38:35 +00:00			`}`

Adding Log To Split NTLM Domain and User 2015-10-05 19:38:16 +00:00			`func DoNTLMRequest(request http.Request, retry bool) (http.Response, error) {`
Response to PR Feedback 2015-10-07 18:30:53 +00:00			`handReq, err := cloneRequest(request)`
			`if(err != nil){`
			`return nil, err`
			`}`


			`res, err := InitHandShake(handReq)`

			`if(err != nil && res == nil){`
			`return res, err`
			`}`
Git Lfs NTLM Work * Switched the NTLM toggle to use the same url access pattern as private batch auth * Updated the NTLM session to pull the credentials from the cred helper 2015-10-05 19:26:39 +00:00
NTLM Toggle Switch and Basic Challenge/Response Code 2015-08-27 20:38:35 +00:00			`//If the status is 401 then we need to re-authenticate, otherwise it was successful`
			`if res.StatusCode == 401 {`

Response to PR Feedback 2015-10-07 18:30:53 +00:00			`creds, err := getCredsForNTLM(request)`
			`if(err != nil){`
			`return nil, err`
			`}`

			`negotiateReq, err := cloneRequest(request)`
			`if(err != nil){`
			`return nil, err`
			`}`

			`challengeMessage, err := negotiate(negotiateReq, getNegotiateMessage())`
			`if(err != nil){`
			`return nil, err`
			`}`
Git Lfs NTLM Work * Switched the NTLM toggle to use the same url access pattern as private batch auth * Updated the NTLM session to pull the credentials from the cred helper 2015-10-05 19:26:39 +00:00
Response to PR Feedback 2015-10-07 18:30:53 +00:00			`challengeReq, err := cloneRequest(request)`
			`if(err != nil){`
			`return nil, err`
			`}`
NTLM Toggle Switch and Basic Challenge/Response Code 2015-08-27 20:38:35 +00:00
Response to PR Feedback 2015-10-07 18:30:53 +00:00			`res, err := challenge(challengeReq, challengeMessage, creds)`
			`if(err != nil){`
			`return res, err`
			`}`
NTLM Push 2015-08-28 20:40:41 +00:00
Clean Up Debugging Traces 2015-09-01 14:28:43 +00:00			`//If the status is 401 then we need to re-authenticate`
			`if res.StatusCode == 401 && retry == true {`
			`return DoNTLMRequest(challengeReq, false)`
			`}`

Git Lfs NTLM Work * Switched the NTLM toggle to use the same url access pattern as private batch auth * Updated the NTLM session to pull the credentials from the cred helper 2015-10-05 19:26:39 +00:00			`saveCredentials(creds, res)`

			`return res, nil`
NTLM Toggle Switch and Basic Challenge/Response Code 2015-08-27 20:38:35 +00:00			`}`
Response to PR Feedback 2015-10-07 18:30:53 +00:00			`return res, err`
NTLM Toggle Switch and Basic Challenge/Response Code 2015-08-27 20:38:35 +00:00			`}`

NTLM Push 2015-08-28 20:40:41 +00:00			`func InitHandShake(request http.Request) (http.Response, error){`
Response to PR Feedback 2015-10-07 18:30:53 +00:00			`return Config.HttpClient().Do(request)`
NTLM Toggle Switch and Basic Challenge/Response Code 2015-08-27 20:38:35 +00:00			`}`

Response to PR Feedback 2015-10-07 18:30:53 +00:00			`func negotiate(request *http.Request, message string) ([]byte, error){`
NTLM Toggle Switch and Basic Challenge/Response Code 2015-08-27 20:38:35 +00:00			`request.Header.Add("Authorization", message)`
Response to PR Feedback 2015-10-07 18:30:53 +00:00			`var res, err = Config.HttpClient().Do(request)`
			`defer io.Copy(ioutil.Discard, res.Body)`
			`defer res.Body.Close()`
NTLM Toggle Switch and Basic Challenge/Response Code 2015-08-27 20:38:35 +00:00
			`if err != nil{`
Response to PR Feedback 2015-10-07 18:30:53 +00:00			`return nil, err`
NTLM Toggle Switch and Basic Challenge/Response Code 2015-08-27 20:38:35 +00:00			`}`

Response to PR Feedback 2015-10-07 18:30:53 +00:00			`return parseChallengeResponse(res)`
NTLM Toggle Switch and Basic Challenge/Response Code 2015-08-27 20:38:35 +00:00			`}`

Git Lfs NTLM Work * Switched the NTLM toggle to use the same url access pattern as private batch auth * Updated the NTLM session to pull the credentials from the cred helper 2015-10-05 19:26:39 +00:00			`func challenge(request http.Request, challengeBytes []byte, creds Creds) (http.Response, error){`
NTLM Toggle Switch and Basic Challenge/Response Code 2015-08-27 20:38:35 +00:00			`challenge, err := ntlm.ParseChallengeMessage(challengeBytes)`

			`if err != nil {`
Response to PR Feedback 2015-10-07 18:30:53 +00:00			`return nil, err`
			`}`

			`session, err := Config.ntlmClientSession(creds)`
			`if err != nil {`
			`return nil, err`
NTLM Toggle Switch and Basic Challenge/Response Code 2015-08-27 20:38:35 +00:00			`}`

Response to PR Feedback 2015-10-07 18:30:53 +00:00			`session.ProcessChallengeMessage(challenge)`
			`authenticate, err := session.GenerateAuthenticateMessage()`
NTLM Toggle Switch and Basic Challenge/Response Code 2015-08-27 20:38:35 +00:00
			`if err != nil {`
Response to PR Feedback 2015-10-07 18:30:53 +00:00			`return nil, err`
NTLM Toggle Switch and Basic Challenge/Response Code 2015-08-27 20:38:35 +00:00			`}`

Git Lfs NTLM Work * Switched the NTLM toggle to use the same url access pattern as private batch auth * Updated the NTLM session to pull the credentials from the cred helper 2015-10-05 19:26:39 +00:00			`authenticateMessage := concatS("NTLM ", base64.StdEncoding.EncodeToString(authenticate.Bytes()))`
NTLM Toggle Switch and Basic Challenge/Response Code 2015-08-27 20:38:35 +00:00			`request.Header.Add("Authorization", authenticateMessage)`
Response to PR Feedback 2015-10-07 18:30:53 +00:00			`return Config.HttpClient().Do(request)`
NTLM Toggle Switch and Basic Challenge/Response Code 2015-08-27 20:38:35 +00:00			`}`

Response to PR Feedback 2015-10-07 18:30:53 +00:00			`func parseChallengeResponse(response *http.Response) ([]byte, error){`
			`header := response.Header.Get("Www-Authenticate")`
NTLM Toggle Switch and Basic Challenge/Response Code 2015-08-27 20:38:35 +00:00
Response to PR Feedback 2015-10-07 18:30:53 +00:00			`//parse out the "NTLM " at the beginning of the response`
			`challenge := header[5:]`
			`val, err := base64.StdEncoding.DecodeString(challenge)`
NTLM Toggle Switch and Basic Challenge/Response Code 2015-08-27 20:38:35 +00:00
Response to PR Feedback 2015-10-07 18:30:53 +00:00			`if err != nil{`
			`return nil, err`
			`}`
			`return []byte(val), nil`
NTLM Toggle Switch and Basic Challenge/Response Code 2015-08-27 20:38:35 +00:00			`}`

Response to PR Feedback 2015-10-07 18:30:53 +00:00			`func cloneRequest(request http.Request) (http.Request, error) {`
NTLM Fetch 2015-08-31 18:34:17 +00:00			`var rdr1, rdr2 myReader`
			`var clonedReq *http.Request`
Response to PR Feedback 2015-10-07 18:30:53 +00:00			`var err error`
NTLM Fetch 2015-08-31 18:34:17 +00:00
			`if request.Body != nil {`
Clean Up Debugging Traces 2015-09-01 14:28:43 +00:00			`//If we have a body (POST/PUT etc.)`
NTLM Fetch 2015-08-31 18:34:17 +00:00			`//We need to do some magic to copy the request without closing the body stream`

Response to PR Feedback 2015-10-07 18:30:53 +00:00			`buf, err := ioutil.ReadAll(request.Body)`

			`if(err != nil){`
			`return nil, err`
			`}`

NTLM Fetch 2015-08-31 18:34:17 +00:00			`rdr1 = myReader{bytes.NewBuffer(buf)}`
			`rdr2 = myReader{bytes.NewBuffer(buf)}`
			`request.Body = rdr2 // OK since rdr2 implements the io.ReadCloser interface`
Response to PR Feedback 2015-10-07 18:30:53 +00:00			`clonedReq, err = http.NewRequest(request.Method, request.URL.String(), rdr1)`

			`if(err != nil){`
			`return nil, err`
			`}`

			`} else {`
			`clonedReq, err = http.NewRequest(request.Method, request.URL.String(), nil)`

			`if(err != nil){`
			`return nil, err`
			`}`
NTLM Fetch 2015-08-31 18:34:17 +00:00			`}`
NTLM Push 2015-08-28 20:40:41 +00:00
			`for k, v := range request.Header {`
			`clonedReq.Header.Add(k,v[0])`
			`}`

			`clonedReq.ContentLength = request.ContentLength`

Response to PR Feedback 2015-10-07 18:30:53 +00:00			`return clonedReq, nil`
NTLM Push 2015-08-28 20:40:41 +00:00			`}`

NTLM Toggle Switch and Basic Challenge/Response Code 2015-08-27 20:38:35 +00:00			`func getNegotiateMessage() string{`
			`return "NTLM TlRMTVNTUAABAAAAB7IIogwADAAzAAAACwALACgAAAAKAAAoAAAAD1dJTExISS1NQUlOTk9SVEhBTUVSSUNB"`
			`}`

Git Lfs NTLM Work * Switched the NTLM toggle to use the same url access pattern as private batch auth * Updated the NTLM session to pull the credentials from the cred helper 2015-10-05 19:26:39 +00:00			`func concatS(ar ...string) string {`
NTLM Push 2015-08-28 20:40:41 +00:00
			`var buffer bytes.Buffer`

			`for _, s := range ar{`
			`buffer.WriteString(s)`
			`}`

			`return buffer.String()`
			`}`

Git Lfs NTLM Work * Switched the NTLM toggle to use the same url access pattern as private batch auth * Updated the NTLM session to pull the credentials from the cred helper 2015-10-05 19:26:39 +00:00			`func concat(ar ...[]byte) []byte {`
NTLM Toggle Switch and Basic Challenge/Response Code 2015-08-27 20:38:35 +00:00			`return bytes.Join(ar, nil)`
Git Lfs NTLM Work * Switched the NTLM toggle to use the same url access pattern as private batch auth * Updated the NTLM session to pull the credentials from the cred helper 2015-10-05 19:26:39 +00:00			`}`

			`type myReader struct {`
			`*bytes.Buffer`
			`}`

			`// So that myReader implements the io.ReadCloser interface`
Add Nut Dependencies for NTLM 2015-10-07 20:18:58 +00:00			`func (m myReader) Close() error { return nil }`