ddelazerda · December 23, 2015 21:22
diff --git a/go-ntlmssp.diff b/go-ntlmssp.diff
 diff --git a/authheader.go b/authheader.go
 index 4ca6f1b..959a811 100644
 --- a/authheader.go
 +++ b/authheader.go
 @@ -15,6 +15,11 @@ func (h authheader) IsNegotiate() bool {
 	return strings.HasPrefix(string(h), "Negotiate")
 }
 
 +func (h authheader) IsChallenge() bool {
 +	p := strings.Split(string(h), " ")
 +	return len(p) == 2 && len(p[1]) > 0 && strings.HasPrefix(p[0], "NTLM")
 +}
 +
 func (h authheader) GetData() ([]byte, error) {
 	p := strings.Split(string(h), " ")
 	if len(p) < 2 {
 diff --git a/negotiator.go b/negotiator.go
 index 8e15558..215da31 100644
 --- a/negotiator.go
 +++ b/negotiator.go
 @@ -15,12 +15,15 @@ type Negotiator struct{ http.RoundTripper }
 //re-sends as needed.
 func (l Negotiator) RoundTrip(req *http.Request) (res *http.Response, err error) {
 	body := bytes.Buffer{}
 -	_, err = body.ReadFrom(req.Body)
 -	if err != nil {
 -		return nil, err
 +
 +	if req.Body != nil {
 +		_, err = body.ReadFrom(req.Body)
 +		if err != nil {
 +			return nil, err
 +		}
 +		req.Body.Close()
 	}
 
 -	req.Body.Close()
 	req.Body = ioutil.NopCloser(bytes.NewReader(body.Bytes()))
 
 	reqauth := authheader(req.Header.Get("Authorization"))
 @@ -65,7 +68,11 @@ func (l Negotiator) RoundTrip(req *http.Request) (res *http.Response, err error)
 
 			// send negotiate
 			negotiateMessage := NewNegotiateMessage()
 -			req.Header.Set("Authorization", "Negotiate "+base64.StdEncoding.EncodeToString(negotiateMessage))
 +
 +			// format for the Authorization request header is found here:
 +			// http://davenport.sourceforge.net/ntlm.html#ntlmHttpAuthentication
 +			// and https://msdn.microsoft.com/en-us/library/cc237505.aspx
 +			req.Header.Set("Authorization", "NTLM " + base64.StdEncoding.EncodeToString(negotiateMessage))
 			req.Body = ioutil.NopCloser(bytes.NewReader(body.Bytes()))
 
 			res, err = l.RoundTripper.RoundTrip(req)
 @@ -73,13 +80,26 @@ func (l Negotiator) RoundTrip(req *http.Request) (res *http.Response, err error)
 				return nil, err
 			}
 
 +			// The body contents need to be read because the default Transport
 +			// does not attempt to reuse HTTP/1.0 or HTTP/1.1 TCP connections
 +			// ("keep-alive") unless the Body is read to completion and is closed.
 +			// Without this, the subsequent request will be treated as a brand new
 +			// tcp connection, which resets the NTLM handshake.
 +			// Reference: https://godoc.org/net/http#Response
 +			if res.Body != nil {
 +				_, err = body.ReadFrom(res.Body)
 +				if err != nil {
 +					return nil, err
 +				}
 +			}
 +
 			// receive challenge?
 			resauth = authheader(res.Header.Get("Www-Authenticate"))
 			challengeMessage, err := resauth.GetData()
 			if err != nil {
 				return nil, err
 			}
 -			if !resauth.IsNegotiate() || len(challengeMessage) == 0 {
 +			if !resauth.IsChallenge() || len(challengeMessage) == 0 {
 				// Negotiation failed, let client deal with response
 				return res, nil
 			}
 @@ -90,7 +110,11 @@ func (l Negotiator) RoundTrip(req *http.Request) (res *http.Response, err error)
 			if err != nil {
 				return nil, err
 			}
 -			req.Header.Set("Authorization", "Negotiate "+base64.StdEncoding.EncodeToString(authenticateMessage))
 +
 +			// format for the Authorization request header is found here:
 +			// http://davenport.sourceforge.net/ntlm.html#ntlmHttpAuthentication
 +			// and https://msdn.microsoft.com/en-us/library/cc237505.aspx
 +			req.Header.Set("Authorization", "NTLM " + base64.StdEncoding.EncodeToString(authenticateMessage))
 			req.Body = ioutil.NopCloser(bytes.NewReader(body.Bytes()))
 
 			res, err = l.RoundTripper.RoundTrip(req)
	diff --git a/authheader.go b/authheader.go
	index 4ca6f1b..959a811 100644
	--- a/authheader.go
	+++ b/authheader.go
	@@ -15,6 +15,11 @@ func (h authheader) IsNegotiate() bool {
	return strings.HasPrefix(string(h), "Negotiate")
	}

	+func (h authheader) IsChallenge() bool {
	+ p := strings.Split(string(h), " ")
	+ return len(p) == 2 && len(p[1]) > 0 && strings.HasPrefix(p[0], "NTLM")
	+}
	+
	func (h authheader) GetData() ([]byte, error) {
	p := strings.Split(string(h), " ")
	if len(p) < 2 {
	diff --git a/negotiator.go b/negotiator.go
	index 8e15558..215da31 100644
	--- a/negotiator.go
	+++ b/negotiator.go
	@@ -15,12 +15,15 @@ type Negotiator struct{ http.RoundTripper }
	//re-sends as needed.
	func (l Negotiator) RoundTrip(req http.Request) (res http.Response, err error) {
	body := bytes.Buffer{}
	- _, err = body.ReadFrom(req.Body)
	- if err != nil {
	- return nil, err
	+
	+ if req.Body != nil {
	+ _, err = body.ReadFrom(req.Body)
	+ if err != nil {
	+ return nil, err
	+ }
	+ req.Body.Close()
	}

	- req.Body.Close()
	req.Body = ioutil.NopCloser(bytes.NewReader(body.Bytes()))

	reqauth := authheader(req.Header.Get("Authorization"))
	@@ -65,7 +68,11 @@ func (l Negotiator) RoundTrip(req http.Request) (res http.Response, err error)

	// send negotiate
	negotiateMessage := NewNegotiateMessage()
	- req.Header.Set("Authorization", "Negotiate "+base64.StdEncoding.EncodeToString(negotiateMessage))
	+
	+ // format for the Authorization request header is found here:
	+ // http://davenport.sourceforge.net/ntlm.html#ntlmHttpAuthentication
	+ // and https://msdn.microsoft.com/en-us/library/cc237505.aspx
	+ req.Header.Set("Authorization", "NTLM " + base64.StdEncoding.EncodeToString(negotiateMessage))
	req.Body = ioutil.NopCloser(bytes.NewReader(body.Bytes()))

	res, err = l.RoundTripper.RoundTrip(req)
	@@ -73,13 +80,26 @@ func (l Negotiator) RoundTrip(req http.Request) (res http.Response, err error)
	return nil, err
	}

	+ // The body contents need to be read because the default Transport
	+ // does not attempt to reuse HTTP/1.0 or HTTP/1.1 TCP connections
	+ // ("keep-alive") unless the Body is read to completion and is closed.
	+ // Without this, the subsequent request will be treated as a brand new
	+ // tcp connection, which resets the NTLM handshake.
	+ // Reference: https://godoc.org/net/http#Response
	+ if res.Body != nil {
	+ _, err = body.ReadFrom(res.Body)
	+ if err != nil {
	+ return nil, err
	+ }
	+ }
	+
	// receive challenge?
	resauth = authheader(res.Header.Get("Www-Authenticate"))
	challengeMessage, err := resauth.GetData()
	if err != nil {
	return nil, err
	}
	- if !resauth.IsNegotiate() \|\| len(challengeMessage) == 0 {
	+ if !resauth.IsChallenge() \|\| len(challengeMessage) == 0 {
	// Negotiation failed, let client deal with response
	return res, nil
	}
	@@ -90,7 +110,11 @@ func (l Negotiator) RoundTrip(req http.Request) (res http.Response, err error)
	if err != nil {
	return nil, err
	}
	- req.Header.Set("Authorization", "Negotiate "+base64.StdEncoding.EncodeToString(authenticateMessage))
	+
	+ // format for the Authorization request header is found here:
	+ // http://davenport.sourceforge.net/ntlm.html#ntlmHttpAuthentication
	+ // and https://msdn.microsoft.com/en-us/library/cc237505.aspx
	+ req.Header.Set("Authorization", "NTLM " + base64.StdEncoding.EncodeToString(authenticateMessage))
	req.Body = ioutil.NopCloser(bytes.NewReader(body.Bytes()))

	res, err = l.RoundTripper.RoundTrip(req)