tags:

views:

382

answers:

1
+3  Q: 

NTLM authentication in Python

I'm trying to implement NTLM authentication on IIS (Windows Server 2003) from Windows 7 with python. LAN Manager Authentication Level: Send NTLM response only.
Client machine and server are in the same domain.
Domain controller (AD) is on another server (also running Windows Server 2003).

I receive 401.1 - Unauthorized: Access is denied due to invalid credentials. Could you please help me find out what is wrong with this code and/or show me the other possible directions to solve this problem (using NTLM or Kerberos)?

import sys, httplib, base64, string
import urllib2
import win32api
import sspi 
import pywintypes
import socket

class WindoewNtlmMessageGenerator:
    def __init__(self,user=None):
        import win32api,sspi
        if not user:
            user = win32api.GetUserName()
        self.sspi_client = sspi.ClientAuth("NTLM",user)   

    def create_auth_req(self):
        import pywintypes
        output_buffer = None
        error_msg = None
        try:
            error_msg, output_buffer = self.sspi_client.authorize(None)            
        except pywintypes.error:
            return None
        auth_req = output_buffer[0].Buffer
        auth_req = base64.encodestring(auth_req)
        auth_req = string.replace(auth_req,'\012','')
        return auth_req 

    def create_challenge_response(self,challenge):
        import pywintypes
        output_buffer = None
        input_buffer = challenge
        error_msg = None        
        try:
            error_msg, output_buffer = self.sspi_client.authorize(input_buffer)
        except pywintypes.error:
            return None
        response_msg = output_buffer[0].Buffer       
        response_msg = base64.encodestring(response_msg)
        response_msg = string.replace(response_msg,'\012','')
        return response_msg 


fname='request.xml'
request = file(fname).read()
ip_host = '10.0.3.112'

ntlm_gen = WindoewNtlmMessageGenerator()
auth_req_msg = ntlm_gen.create_auth_req()
auth_req_msg_dec = base64.decodestring(auth_req_msg)
auth_req_msg = string.replace(auth_req_msg,'\012','')
webservice = httplib.HTTPConnection(ip_host) 
webservice.putrequest("POST", "/idc/idcplg")
webservice.putheader("Content-length", "%d" % len(request)) 
webservice.putheader('Authorization', 'NTLM'+' '+auth_req_msg) 
webservice.endheaders()
resp = webservice.getresponse()
resp.read()

challenge = resp.msg.get('WWW-Authenticate')
challenge_dec = base64.decodestring(challenge.split()[1])

msg3 = ntlm_gen.create_challenge_response(challenge_dec)
webservice = httplib.HTTP(ip_host) 
webservice.putrequest("POST", "/idc/idcplg?IdcService=LOGIN&Auth=Intranet")
webservice.putheader("Host", SHOD)
webservice.putheader("Content-length", "%d" % len(request))
webservice.putheader('Authorization', 'NTLM'+' '+msg3) 
webservice.putheader("Content-type", "text/xml; charset=\"UTF-8\"")
webservice.putheader("SOAPAction", "\"\"")
webservice.endheaders()
webservice.send(request)
statuscode, statusmessage, header = webservice.getreply()
res = webservice.getfile().read()
res_file = file('result.txt','wb')
res_file.write(res)
res_file.close()

sspi.py is available here: http://www.koders.com/python/fidF3B0061A07CD13BA35FF263E3E45252CFABFAA3B.aspx?s=timer

Thanks!

A: 

I've found out what was wrong. I should keeping the connection alive. That's the goods! Now this problem is solved.

class WindoewNtlmMessageGenerator:
   def __init__(self,user=None):
       import win32api,sspi
       if not user:
           user = win32api.GetUserName()
       self.sspi_client = sspi.ClientAuth("NTLM",user)   

   def create_auth_req(self):
       import pywintypes
       output_buffer = None
       error_msg = None
       try:
           error_msg, output_buffer = self.sspi_client.authorize(None)             
       except pywintypes.error:           
            return None
       auth_req = output_buffer[0].Buffer
       auth_req = base64.b64encode(auth_req)
       return auth_req 


  def create_challenge_response(self,challenge):
      import pywintypes
      output_buffer = None
      input_buffer = challenge
      error_msg = None
      try:
          error_msg, output_buffer = self.sspi_client.authorize(input_buffer)
      except pywintypes.error:
          return None
      response_msg = output_buffer[0].Buffer        
      response_msg = base64.b64encode(response_msg) 
      return response_msg 


SHOD='qqq.yyy.dev'
answer='result.xml'
fname='request.xml'
try:
    a_file = open(fname, 'r')
    f=open(fname, 'r')
except IOError:
    sys.exit()
size = os.path.getsize(fname)
i=0
for line in f:
    i=i+1
count_string=i
f.close()
size=size-count_string+1


print '1' 

try:
    webservice = httplib.HTTPConnection(SHOD)     
    webservice.putrequest("POST", "/idc/idcplg?IdcService=LOGIN&Auth=Intranet")
    webservice.putheader("Content-length", "%d" % 0)
    webservice.putheader("Content-type", "text/xml")
    #webservice.putheader("User-Agent", 'Python-urllib/2.6')
    webservice.endheaders()
    res=webservice.getresponse()
except:
    msg= "unable to connect to URL:  "+ SHOD
    sys.exit()
if res.status == 401:
    auth_methods = [s.strip() for s in 
                    res.msg.get('WWW-Authenticate').split(",")]
    print auth_methods
if res.status <> 401:
    msg= "unable to connect to URL:  "+ SHOD_
    log_error(msg,answer)
    sys.exit()



print '2' 

ntlm_gen = WindoewNtlmMessageGenerator()
auth_req_msg = ntlm_gen.create_auth_req()
webservice.putrequest("POST", "/idc/idcplg?IdcService=LOGIN&Auth=Intranet")
webservice.putheader("Content-length", "%d" % 0)
webservice.putheader("Connection", "Keep-Alive")
#webservice.putheader("User-Agent", 'Python-urllib/2.6')
webservice.putheader('Authorization', 'NTLM'+' '+auth_req_msg) 
webservice.endheaders()
resp = webservice.getresponse()
resp.read()
print resp.status
challenge = resp.msg.get('WWW-Authenticate')
challenge_dec = base64.b64decode(challenge.split()[1])



print '3' 

msg3 = ntlm_gen.create_challenge_response(challenge_dec)
webservice.putrequest("POST", "/idc/idcplg?IdcService=LOGIN&Auth=Intranet")
webservice.putheader("Content-type", "text/xml; charset=UTF-8")
webservice.putheader("Content-length", "%d" %(size))
webservice.putheader("Connection", "Close")
webservice.putheader('Authorization', 'NTLM'+' '+msg3)
#webservice.putheader("User-Agent", 'Python-urllib/2.6') 
webservice.endheaders()
sable = a_file.read()     
webservice.send(sable)
resp = webservice.getresponse()
res=resp.read()
Svetlana  2010-09-03 11:10:37
You should mark this answer as accepted (click the green check mark next to it) so it doesn't get listed as an unanswered question.
Bill the Lizard  2010-09-22 15:26:15

related questions

Programmatically talking to a Serial Port in OS X or Linux
Best ways to teach a beginner to program?
Calling a Function From a String With the Function's Name in Python
An executable Python app
Text Editor For Linux (Besides Vi)?
What Hosting Service is best for Django applications?
File size differences after copying a file to a server vía FTP
Python: what is the difference between (1,2,3) and [1,2,3], and when should I use each?
Python: What OS am I running on?
How do I make a menu in python that does not require the user to press (enter) to make a selection?
How do you express binary literals in Python?
What is the most efficient graph data structure in Python?
Adding a Method to an Existing Object
How to learn Python: Good Example Code?
How do I use Python's itertools.groupby()?
Python and MySQL
Class views in Django
Is there an IDE that provides code completion for Python
Using 'in' to match an attribute of Python objects in an array
cx_Oracle - what is the best way to iterate over a result set?
cx_Oracle - How do I access Oracle from Python?
Continuous Integration System for a Python Codebase
Get a preview jpeg of a pdf on windows?
How can I find the full path to a font from its display name on a Mac?
XML Processing in Python