mcs/class/System/Mono.Http/NtlmClient.cs

   1 //
   2 // Mono.Http.NtlmClient
   3 //
   4 // Authors:
   5 //      Gonzalo Paniagua Javier (gonzalo@ximian.com)
   6 //
   7 // (c) 2003 Novell, Inc. (http://www.novell.com)
   8 //
   9
  10 //
  11 // Permission is hereby granted, free of charge, to any person obtaining
  12 // a copy of this software and associated documentation files (the
  13 // "Software"), to deal in the Software without restriction, including
  14 // without limitation the rights to use, copy, modify, merge, publish,
  15 // distribute, sublicense, and/or sell copies of the Software, and to
  16 // permit persons to whom the Software is furnished to do so, subject to
  17 // the following conditions:
  18 //
  19 // The above copyright notice and this permission notice shall be
  20 // included in all copies or substantial portions of the Software.
  21 //
  22 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
  23 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
  24 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
  25 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
  26 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
  27 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
  28 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
  29 //
  30
  31 #if SECURITY_DEP
  32 using System;
  33 using System.Collections;
  34 using System.Net;
  35 using Mono.Security.Protocol.Ntlm;
  36
  37 namespace Mono.Http
  38 {
  39         class NtlmSession
  40         {
  41                 MessageBase message;
  42
  43                 public NtlmSession ()
  44                 {
  45                 }
  46
  47                 public Authorization Authenticate (string challenge, WebRequest webRequest, ICredentials credentials)
  48                 {
  49                         HttpWebRequest request = webRequest as HttpWebRequest;
  50                         if (request == null)
  51                                 return null;
  52
  53                         NetworkCredential cred = credentials.GetCredential (request.RequestUri, "NTLM");
  54                         if (cred == null)
  55                                 return null;
  56
  57                         string userName = cred.UserName;
  58                         string domain = cred.Domain;
  59                         string password = cred.Password;
  60                         if (userName == null || userName == "")
  61                                 return null;
  62                         domain = domain != null && domain.Length > 0 ? domain : request.Headers ["Host"];
  63
  64                         bool completed = false;
  65                         if (message == null) {
  66                                 Type1Message type1 = new Type1Message ();
  67                                 type1.Domain = domain;
  68                                 message = type1;
  69                         } else if (message.Type == 1) {
  70                                 // Should I check the credentials?
  71                                 if (challenge == null) {
  72                                         message = null;
  73                                         return null;
  74                                 }
  75
  76                                 Type2Message type2 = new Type2Message (Convert.FromBase64String (challenge));
  77                                 if (password == null)
  78                                         password = "";
  79
  80                                 Type3Message type3 = new Type3Message ();
  81                                 type3.Domain = domain;
  82                                 type3.Username = userName;
  83                                 type3.Challenge = type2.Nonce;
  84                                 type3.Password = password;
  85                                 message = type3;
  86                                 completed = true;
  87                         } else {
  88                                 // Should I check the credentials?
  89                                 // type must be 3 here
  90                                 if (challenge == null || challenge == String.Empty) {
  91                                         Type1Message type1 = new Type1Message ();
  92                                         type1.Domain = domain;
  93                                         message = type1;
  94                                 } else {
  95                                         completed = true;
  96                                 }
  97                         }
  98
  99                         string token = "NTLM " + Convert.ToBase64String (message.GetBytes ());
 100                         return new Authorization (token, completed);
 101                 }
 102         }
 103
 104         class NtlmClient : IAuthenticationModule
 105         {
 106                 static Hashtable cache;
 107
 108                 static NtlmClient ()
 109                 {
 110                         cache = new Hashtable ();
 111                 }
 112
 113                 public NtlmClient () {}
 114
 115                 public Authorization Authenticate (string challenge, WebRequest webRequest, ICredentials credentials)
 116                 {
 117                         if (credentials == null || challenge == null)
 118                                 return null;
 119
 120                         string header = challenge.Trim ();
 121                         int idx = header.ToLower ().IndexOf ("ntlm");
 122                         if (idx == -1)
 123                                 return null;
 124
 125                         idx = header.IndexOfAny (new char [] {' ', '\t'});
 126                         if (idx != -1) {
 127                                 header = header.Substring (idx).Trim ();
 128                         } else {
 129                                 header = null;
 130                         }
 131
 132                         HttpWebRequest request = webRequest as HttpWebRequest;
 133                         if (request == null)
 134                                 return null;
 135
 136                         lock (cache) {
 137                                 NtlmSession ds = (NtlmSession) cache [request.RequestUri];
 138                                 if (ds == null) {
 139                                         ds = new NtlmSession ();
 140                                         cache.Add (request.RequestUri, ds);
 141                                 }
 142
 143                                 return ds.Authenticate (header, webRequest, credentials);
 144                         }
 145                 }
 146
 147                 public Authorization PreAuthenticate (WebRequest webRequest, ICredentials credentials)
 148                 {
 149                         return null;
 150                 }
 151
 152                 public string AuthenticationType {
 153                         get { return "NTLM"; }
 154                 }
 155
 156                 public bool CanPreAuthenticate {
 157                         get { return false; }
 158                 }
 159         }
 160 }
 161 #endif