2a166fd94e
This brings support for SingleSignOn on windows using the default credentials of the currently logged in user if an empty username and empty password is provided from gitcredentials. This plays well with the Git for windows implementation which stores an empty username and password if it should use the default credentials.
70 lines
1.6 KiB
Go
70 lines
1.6 KiB
Go
// +build !windows
|
|
|
|
package lfsapi
|
|
|
|
import (
|
|
"encoding/base64"
|
|
"fmt"
|
|
"net/http"
|
|
|
|
"github.com/ThomsonReutersEikon/go-ntlm/ntlm"
|
|
)
|
|
|
|
func (c *Client) ntlmAuthenticateRequest(req *http.Request, creds *ntmlCredentials) (*http.Response, error) {
|
|
negotiate, err := base64.StdEncoding.DecodeString(ntlmNegotiateMessage)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
chRes, challengeMsg, err := c.ntlmSendType1Message(req, negotiate)
|
|
if err != nil {
|
|
return chRes, err
|
|
}
|
|
|
|
challenge, err := ntlm.ParseChallengeMessage(challengeMsg)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
session, err := c.ntlmClientSession(creds)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
session.ProcessChallengeMessage(challenge)
|
|
authenticate, err := session.GenerateAuthenticateMessage()
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return c.ntlmSendType3Message(req, authenticate.Bytes())
|
|
}
|
|
|
|
func (c *Client) ntlmClientSession(creds *ntmlCredentials) (ntlm.ClientSession, error) {
|
|
c.ntlmMu.Lock()
|
|
defer c.ntlmMu.Unlock()
|
|
|
|
if creds == nil {
|
|
return nil, fmt.Errorf("Your user name must be of the form DOMAIN\\user. Single-sign-on is not supported.")
|
|
}
|
|
|
|
if c.ntlmSessions == nil {
|
|
c.ntlmSessions = make(map[string]ntlm.ClientSession)
|
|
}
|
|
|
|
if ses, ok := c.ntlmSessions[creds.domain]; ok {
|
|
return ses, nil
|
|
}
|
|
|
|
session, err := ntlm.CreateClientSession(ntlm.Version2, ntlm.ConnectionOrientedMode)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
session.SetUserInfo(creds.username, creds.password, creds.domain)
|
|
c.ntlmSessions[creds.domain] = session
|
|
return session, nil
|
|
}
|
|
|
|
const ntlmNegotiateMessage = "TlRMTVNTUAABAAAAB7IIogwADAAzAAAACwALACgAAAAKAAAoAAAAD1dJTExISS1NQUlOTk9SVEhBTUVSSUNB"
|