]> code.delx.au - gnu-emacs-elpa/blob - packages/url-http-ntlm/url-http-ntlm.el
delx.au / code / gnu-emacs-elpa / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
url-http-ntlm: Wrap lines at column 80
[gnu-emacs-elpa] / packages / url-http-ntlm / url-http-ntlm.el
1 ;;; url-http-ntlm.el --- NTLM authentication for the url library
2
3 ;; Copyright (C) 2008 Tom Schutzer-Weissmann
4
5 ;; Author: Tom Schutzer-Weissmann <tom@schutzer-weissmann.net>
6 ;; Keywords: comm, data, processes, hypermedia
7
8 ;; This program is free software; you can redistribute it and/or modify
9 ;; it under the terms of the GNU General Public License as published by
10 ;; the Free Software Foundation, either version 3 of the License, or
11 ;; (at your option) any later version.
12
13 ;; This program is distributed in the hope that it will be useful,
14 ;; but WITHOUT ANY WARRANTY; without even the implied warranty of
15 ;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 ;; GNU General Public License for more details.
17
18 ;; You should have received a copy of the GNU General Public License
19 ;; along with this program. If not, see <http://www.gnu.org/licenses/>.
20
21 ;;; Commentary:
22 ;;
23 ;; This package provides a NTLM handler for the URL package.
24 ;; It supports one username and password per server.
25 ;;
26 ;; Installation:
27 ;;
28 ;; Add the directory containing this file to the load path and then
29 ;; load the url-http-ntlm package. One way would be to add something
30 ;; like the lines below to your .emacs file:
31 ;;
32 ;; (add-to-list 'load-path ".emacs.d/url-http-ntlm")
33 ;; (require 'url-http-ntlm)
34 ;;
35 ;; Acknowledgements:
36 ;;
37 ;; Taro Kawagishi <tarok@transpulse.org> wrote ntlm.el and md4.el,
38 ;; which are parts of FLIM (Faithful Library about Internet Message).
39 ;;
40 ;; http://stuff.mit.edu/afs/sipb/contrib/emacs/packages/flim-1.14.7/ntlm.el
41 ;; http://stuff.mit.edu/afs/sipb/contrib/emacs/packages/flim-1.14.7/md4.el
42
43 ;;; Code:
44 (require 'url-auth)
45 (require 'url-http)
46 (require 'mail-parse)
47 (require 'cl)
48 (require 'ntlm)
49
50 (defvar url-http-ntlm-auth-storage nil
51 "Authentication storage. An alist that maps a server name
52 to a pair of \(<username> <ntlm hashes>\).
53
54 The hashes are built using `ntlm-get-password-hashes'.
55 The username can contain the domain name, in the form \"user@domain\".
56
57 Note that for any server, only one user and password is ever stored.")
58
59 (defun url-ntlm-auth (url &optional prompt overwrite realm args)
60 "Get the contents of the Authorization header for a HTTP
61 response using NTLM authentication, to access URL. Because
62 NTLM is a two-step process, this function expects to be called
63 twice, first to generate the NTLM type 1 message (request),
64 then to respond to the server's type 2 message (challenge) with
65 a suitable response.
66
67 PROMPT, OVERWRITE, and REALM are ignored.
68
69 ARGS is expected to contain the WWW-Authentication header from
70 the server's last response. These are used by
71 `url-http-get-stage' to determine what stage we are at."
72 (url-ntlm-ensure-keepalive)
73 (let ((stage (url-ntlm-get-stage args)))
74 (case stage
75 ;;
76 ;; NTLM Type 1 message: the request
77 (:request
78 (destructuring-bind (&optional server user hash)
79 (url-http-ntlm-authorisation url)
80 (when server
81 (url-http-ntlm-string (ntlm-build-auth-request user server)))))
82 ;;
83 ;; NTLM Type 3 message: the response
84 (:response
85 (let ((challenge (url-http-ntlm-get-challenge)))
86 (destructuring-bind (server user hash)
87 (url-http-ntlm-authorisation url)
88 (url-http-ntlm-string (ntlm-build-auth-response challenge
89 user
90 hash)))))
91 (:error
92 (url-http-ntlm-authorisation url :clear)))))
93
94 (defun url-ntlm-ensure-keepalive ()
95 (assert url-http-attempt-keepalives
96 nil
97 (concat "NTLM authentication won't work unless"
98 " `url-http-attempt-keepalives' is set!")))
99
100 (defun url-ntlm-clean-headers ()
101 (setq url-http-extra-headers
102 (url-http-ntlm-rmssoc "Authorization" url-http-extra-headers)))
103
104 (defvar url-ntlm-last-args nil
105 "Stores the last ARGS argument to `url-ntlm-get-stage' and the return value.
106 This is used to detect multiple calls.")
107 (make-variable-buffer-local 'url-ntlm-last-args)
108
109 (defun url-ntlm-get-stage (args)
110 "Determine what stage of the NTLM handshake we are at.
111 PROMPT and ARGS come from `url-ntlm-auth''s caller,
112 `url-get-authentication'. Their meaning depends on the current
113 implementation - this function is well and truly coupled.
114
115 url-get-authentication' calls `url-ntlm-auth' once when checking
116 what authentication schemes are supported (PROMPT and ARGS are
117 nil), and then twice for every stage of the handshake: the first
118 time PROMPT is nil, the second, t; ARGS contains the server
119 response's \"WWW-Authenticate\" header, munged by
120 `url-parse-args'."
121 (let* ((response-rxp "^NTLM TlRMTVNTUAADAAA")
122 (challenge-rxp "^TLRMTVNTUAACAAA")
123 (auth-header (assoc "Authorization" url-http-extra-headers))
124 (case-fold-search t)
125 stage)
126 (if (eq args (car url-ntlm-last-args))
127 ;; multiple calls, return the same argument we returned last time
128 (cdr url-ntlm-last-args)
129 ;;
130 (let ((stage
131 (cond ((and auth-header (string-match response-rxp
132 (cdr auth-header)))
133 :error)
134 ((and (= (length args) 2)
135 (destructuring-bind (challenge ntlm) args
136 (and (string-equal "ntlm" (car ntlm))
137 (string-match challenge-rxp
138 (car challenge)))))
139 :response)
140 (t
141 :request))))
142 (url-ntlm-clean-headers)
143 (setq url-ntlm-last-args (cons args stage))
144 stage))))
145
146 (defun url-http-ntlm-authorisation (url &optional clear)
147 "Get or clear NTLM authentication details for URL. If CLEAR is
148 non-nil, clear any saved credentials for server. Otherwise,
149 return the credentials, prompting the user if necessary.
150
151 If URL contains a username and a password, they are used and
152 stored credentials are not affected.
153
154 Note that for any server, only one user and password is ever
155 stored."
156 (let* ((href (if (stringp url)
157 (url-generic-parse-url url)
158 url))
159 (server (url-host href))
160 (user (url-user href))
161 (pass (url-password href))
162 (stored (assoc server url-http-ntlm-auth-storage))
163 (both (and user pass)))
164 (if clear
165 ;; clear
166 (unless both
167 (setq url-http-ntlm-auth-storage
168 (url-http-ntlm-rmssoc server url-http-ntlm-auth-storage))
169 nil)
170 ;; get
171 (if (or both
172 (and stored user (not (equal user (second stored))))
173 (not stored))
174 (let* ((user* (if both
175 user
176 (read-string (url-auth-user-prompt url realm)
177 (or user (user-real-login-name)))))
178 (pass* (if both
179 pass
180 (read-passwd "Password: ")))
181 (entry `(,server . (,user*
182 ,(ntlm-get-password-hashes pass*)))))
183 (unless both
184 (setq url-http-ntlm-auth-storage
185 (cons entry
186 (url-http-ntlm-rmssoc server
187 url-http-ntlm-auth-storage))))
188 entry)
189 ;;
190 stored))))
191
192 (defun url-http-ntlm-get-challenge ()
193 "Return the NTLM Type-2 message in the WWW-Authenticate header,
194 if it is there."
195 (save-restriction
196 (mail-narrow-to-head)
197 (let ((www-authenticate (mail-fetch-field "www-authenticate")))
198 (when (string-match "NTLM\\s-+\\(\\S-+\\)"
199 www-authenticate)
200 (base64-decode-string (match-string 1 www-authenticate))))))
201
202 (defun url-http-ntlm-rmssoc (key alist)
203 (remove* key alist :key 'car :test 'equal))
204
205 (defun url-http-ntlm-string (data)
206 (concat "NTLM " (base64-encode-string data :nobreak)))
207
208 (url-register-auth-scheme "ntlm" nil 8)
209
210 (provide 'url-http-ntlm)
211
212 ;;; url-http-ntlm.el ends here