git-lfs/lfsapi/ntlm_auth_nix.go

// +build !windows

package lfsapi

import (
	"encoding/base64"
	"fmt"
	"net/http"

	"github.com/git-lfs/go-ntlm/ntlm"
)

func (c *Client) ntlmAuthenticateRequest(req *http.Request, creds *ntmlCredentials) (*http.Response, error) {
	negotiate, err := base64.StdEncoding.DecodeString(ntlmNegotiateMessage)
	if err != nil {
		return nil, err
	}

	chRes, challengeMsg, err := c.ntlmSendType1Message(req, negotiate)
	if err != nil {
		return chRes, err
	}

	challenge, err := ntlm.ParseChallengeMessage(challengeMsg)
	if err != nil {
		return nil, err
	}

	session, err := c.ntlmClientSession(creds)
	if err != nil {
		return nil, err
	}

	session.ProcessChallengeMessage(challenge)
	authenticate, err := session.GenerateAuthenticateMessage()
	if err != nil {
		return nil, err
	}

	return c.ntlmSendType3Message(req, authenticate.Bytes())
}

func (c *Client) ntlmClientSession(creds *ntmlCredentials) (ntlm.ClientSession, error) {
	c.ntlmMu.Lock()
	defer c.ntlmMu.Unlock()

	if creds == nil {
		return nil, fmt.Errorf("Your user name must be of the form DOMAIN\\user. Single-sign-on is not supported.")
	}

	if c.ntlmSessions == nil {
		c.ntlmSessions = make(map[string]ntlm.ClientSession)
	}

	if ses, ok := c.ntlmSessions[creds.domain]; ok {
		return ses, nil
	}

	session, err := ntlm.CreateClientSession(ntlm.Version2, ntlm.ConnectionOrientedMode)
	if err != nil {
		return nil, err
	}

	session.SetUserInfo(creds.username, creds.password, creds.domain)
	c.ntlmSessions[creds.domain] = session
	return session, nil
}

const ntlmNegotiateMessage = "TlRMTVNTUAABAAAAB7IIogwADAAzAAAACwALACgAAAAKAAAoAAAAD1dJTExISS1NQUlOTk9SVEhBTUVSSUNB"
Use SSPI ntlm authentication on windows: This brings support for SingleSignOn on windows using the default credentials of the currently logged in user if an empty username and empty password is provided from gitcredentials. This plays well with the Git for windows implementation which stores an empty username and password if it should use the default credentials. 2018-02-16 06:54:34 +00:00			`// +build !windows`

Split ntlm implementation into a generic ntlm handling and a ntlm authentication process 2018-02-15 18:57:43 +00:00			`package lfsapi`

			`import (`
			`"encoding/base64"`
			`"fmt"`
			`"net/http"`

Use git-lfs version of go-ntlm The upstream of go-ntlm has archived its repository and is no longer doing releases. Because this dependency is required for Git LFS, we've created our own fork to ensure that the upstream repo doesn't disappear on us. Use our own copy of go-ntlm within Git LFS. 2019-04-01 19:00:38 +00:00			`"github.com/git-lfs/go-ntlm/ntlm"`
Split ntlm implementation into a generic ntlm handling and a ntlm authentication process 2018-02-15 18:57:43 +00:00			`)`

Use SSPI ntlm authentication on windows: This brings support for SingleSignOn on windows using the default credentials of the currently logged in user if an empty username and empty password is provided from gitcredentials. This plays well with the Git for windows implementation which stores an empty username and password if it should use the default credentials. 2018-02-16 06:54:34 +00:00			`func (c Client) ntlmAuthenticateRequest(req http.Request, creds ntmlCredentials) (http.Response, error) {`
Split ntlm implementation into a generic ntlm handling and a ntlm authentication process 2018-02-15 18:57:43 +00:00			`negotiate, err := base64.StdEncoding.DecodeString(ntlmNegotiateMessage)`
			`if err != nil {`
			`return nil, err`
			`}`

			`chRes, challengeMsg, err := c.ntlmSendType1Message(req, negotiate)`
			`if err != nil {`
			`return chRes, err`
			`}`

			`challenge, err := ntlm.ParseChallengeMessage(challengeMsg)`
			`if err != nil {`
			`return nil, err`
			`}`

			`session, err := c.ntlmClientSession(creds)`
			`if err != nil {`
			`return nil, err`
			`}`

			`session.ProcessChallengeMessage(challenge)`
			`authenticate, err := session.GenerateAuthenticateMessage()`
			`if err != nil {`
			`return nil, err`
			`}`

			`return c.ntlmSendType3Message(req, authenticate.Bytes())`
			`}`

Use SSPI ntlm authentication on windows: This brings support for SingleSignOn on windows using the default credentials of the currently logged in user if an empty username and empty password is provided from gitcredentials. This plays well with the Git for windows implementation which stores an empty username and password if it should use the default credentials. 2018-02-16 06:54:34 +00:00			`func (c Client) ntlmClientSession(creds ntmlCredentials) (ntlm.ClientSession, error) {`
Split ntlm implementation into a generic ntlm handling and a ntlm authentication process 2018-02-15 18:57:43 +00:00			`c.ntlmMu.Lock()`
			`defer c.ntlmMu.Unlock()`

Use SSPI ntlm authentication on windows: This brings support for SingleSignOn on windows using the default credentials of the currently logged in user if an empty username and empty password is provided from gitcredentials. This plays well with the Git for windows implementation which stores an empty username and password if it should use the default credentials. 2018-02-16 06:54:34 +00:00			`if creds == nil {`
			`return nil, fmt.Errorf("Your user name must be of the form DOMAIN\\user. Single-sign-on is not supported.")`
Split ntlm implementation into a generic ntlm handling and a ntlm authentication process 2018-02-15 18:57:43 +00:00			`}`

			`if c.ntlmSessions == nil {`
			`c.ntlmSessions = make(map[string]ntlm.ClientSession)`
			`}`

Use SSPI ntlm authentication on windows: This brings support for SingleSignOn on windows using the default credentials of the currently logged in user if an empty username and empty password is provided from gitcredentials. This plays well with the Git for windows implementation which stores an empty username and password if it should use the default credentials. 2018-02-16 06:54:34 +00:00			`if ses, ok := c.ntlmSessions[creds.domain]; ok {`
Split ntlm implementation into a generic ntlm handling and a ntlm authentication process 2018-02-15 18:57:43 +00:00			`return ses, nil`
			`}`

			`session, err := ntlm.CreateClientSession(ntlm.Version2, ntlm.ConnectionOrientedMode)`
			`if err != nil {`
			`return nil, err`
			`}`

Use SSPI ntlm authentication on windows: This brings support for SingleSignOn on windows using the default credentials of the currently logged in user if an empty username and empty password is provided from gitcredentials. This plays well with the Git for windows implementation which stores an empty username and password if it should use the default credentials. 2018-02-16 06:54:34 +00:00			`session.SetUserInfo(creds.username, creds.password, creds.domain)`
			`c.ntlmSessions[creds.domain] = session`
Split ntlm implementation into a generic ntlm handling and a ntlm authentication process 2018-02-15 18:57:43 +00:00			`return session, nil`
			`}`

			`const ntlmNegotiateMessage = "TlRMTVNTUAABAAAAB7IIogwADAAzAAAACwALACgAAAAKAAAoAAAAD1dJTExISS1NQUlOTk9SVEhBTUVSSUNB"`