NAME
   Authen::NTLM - Perl extension for NTLM related computations

SYNOPSIS
   use Authen::NTLM qw(nt_hash lm_hash);

       $my_pass = "mypassword";
       $client = new_client Authen::NTLM(lm_hash($my_pass), nt_hash($my_pass));

   # To compose a NTLM Negotiate Packet $flags =
   Authen::NTLM::NTLMSSP_NEGOTIATE_80000000 |
   Authen::NTLM::NTLMSSP_NEGOTIATE_128 |
   Authen::NTLM::NTLMSSP_NEGOTIATE_ALWAYS_SIGN |
   Authen::NTLM::NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED |
   Authen::NTLM::NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED |
   Authen::NTLM::NTLMSSP_NEGOTIATE_NTLM |
   Authen::NTLM::NTLMSSP_NEGOTIATE_UNICODE |
   Authen::NTLM::NTLMSSP_NEGOTIATE_OEM |
   Authen::NTLM::NTLMSSP_REQUEST_TARGET; $negotiate_msg =
   $client->negotiate_msg($flags);

   # To instantiate a server to parse a NTLM negotiation # and compose a
   NTLM challenge $server = new_server Authen::NTLM;

       ($flags, $domain, $machine) =
           $server->parse_negotiate($negotiate_msg);

       $flags = Authen::NTLM::NTLMSSP_NEGOTIATE_ALWAYS_SIGN
              | Authen::NTLM::NTLMSSP_NEGOTIATE_NTLM
              | Authen::NTLM::NTLMSSP_REQUEST_INIT_RESPONSE
              | Authen::NTLM::NTLMSSP_NEGOTIATE_UNICODE
              | Authen::NTLM::NTLMSSP_REQUEST_TARGET;
       $challenge_msg = $server->challenge_msg($flags);

   # client parse NTLM challenge ($domain, $flags, $nonce, $ctx_upper,
   $ctx_lower) = $client->parse_challenge($challenge_msg);

   # To compose a NTLM Response Packet $flags =
   Authen::NTLM::NTLMSSP_NEGOTIATE_ALWAYS_SIGN |
   Authen::NTLM::NTLMSSP_NEGOTIATE_NTLM |
   Authen::NTLM::NTLMSSP_NEGOTIATE_UNICODE |
   Authen::NTLM::NTLMSSP_REQUEST_TARGET; $auth_msg =
   $client->auth_msg($nonce, $flags);

   # To parse a NTLM Response Packet ($flags, $lm_resp, $nt_resp,
   $user_domain, $username, $machine) = $server->parse_auth($auth_msg);

DESCRIPTION
   The NTLM (Windows NT LAN Manager) authentication scheme is the
   authentication algorithm used by Microsoft.

   NTLM authentication scheme is used in DCOM and HTTP environment. It is
   used to authenticate DCE RPC packets in DCOM. It is also used to
   authenticate HTTP packets to MS Web Proxy or MS Web Server.

   Currently, it is the authentication scheme Internet Explorer chooses to
   authenticate itself to proxies/web servers that supports NTLM.

   As of this version, NTLM module only provides the client side functions
   to calculate NT response and LM response. The next revision will provide
   the server side functions that computes the nonce and verify the NTLM
   responses.

   This module was written without the knowledge of Mark Bush's (MARKBUSH)
   NTLM implementation. It was used by Yee Man Chan to implement a Perl
   DCOM client.

DEPENDENCIES
   To use this module, please install the one of the following two sets of
   DES and MD4 modules:

   1) Crypt::DES module by Dave Paris (DPARIS) and Digest::MD4 module by
   Mike McCauley (MIKEM) first. These two modules are implemented in C.

   2) Crypt::DES_PP module by Guido Flohr (GUIDO) and Digest::Perl::MD4
   module by Ted Anderson (OTAKA). These two modules are implemented in
   Perl.

   The first set of modules will be preferred by NTLM because they are
   supposedly faster.

TO-DO
   1) A function to compute session key.

   2) Implement the module in C.

BUGS
   Nothing known.

AUTHOR
   This implementation was written by Yee Man Chan ([email protected]).
   Copyright (c) 2002 Yee Man Chan. All rights reserved. This program is
   free software; you can redistribute it and/or modify it under the same
   terms as Perl itself.

SEE ALSO
   Digest::MD4(3), Crypt::DES(3), perl(1), m4(1).

NAME
   Authen::NTLM::HTTP - Perl extension for NTLM-over-HTTP related
   computations

Background
   NTLM-over-HTTP Handshake

   Stage 1: Client requests a web page.

       1: C  --> S   GET ...

   Stage 2: Server responds and says the client needs to authenticate in
   NTLM manner.

       2: C <--  S   401 Unauthorized
                     WWW-Authenticate: NTLM

   Stage 3: Client responds with NTLM negotiate message that contains the
   identity and the domain of the client.

       3: C  --> S   GET ...
                     Authorization: NTLM <base64-encoded type-1-message>

   Stage 4: Server challenges the client with a 8-bytes random number in
   the NTLM challenge message.

       4: C <--  S   401 Unauthorized
                     WWW-Authenticate: NTLM <base64-encoded type-2-message>

   Stage 5: Client responds with a reply that uses its password to encrypt
   the 8-bytes random number.

       5: C  --> S   GET ...
                     Authorization: NTLM <base64-encoded type-3-message>

   Stage 6: Authentication success. Server replies with the web page.

       6: C <--  S   200 Ok

SYNOPSIS
   use Authen::NTLM (nt_hash lm_hash); use Authen::NTLM::HTTP;

       $my_pass = "mypassword";
       $client = new_client Authen::NTLM::HTTP(lm_hash($my_pass), nt_hash($my_pass));

   # Stage 3 scenario: creates NTLM negotiate message and then # append
   $negotiate_msg to one of the tag lines in your HTTP # request header

   # To compose a NTLM Negotiate Packet $flags =
   Authen::NTLM::NTLMSSP_NEGOTIATE_ALWAYS_SIGN |
   Authen::NTLM::NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED |
   Authen::NTLM::NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED |
   Authen::NTLM::NTLMSSP_NEGOTIATE_NTLM |
   Authen::NTLM::NTLMSSP_NEGOTIATE_UNICODE |
   Authen::NTLM::NTLMSSP_NEGOTIATE_OEM $negotiate_msg =
   $client->http_negotiate($flags);

   # Stage 4 scenario: extract the line contains "Authorization: NTLM " #
   in the HTTP header. # Parses NTLM negotiate message and then generates #
   the NTLM challenge message.

   # To instantiate a server to parse a NTLM negotiation # and compose a
   NTLM challenge $server = new_server Authen::NTLM::HTTP;

       ($flags, $domain, $machine) =
           $server->http_parse_negotiate($negotiate_msg);

       $flags = Authen::NTLM::NTLMSSP_NEGOTIATE_ALWAYS_SIGN
              | Authen::NTLM::NTLMSSP_NEGOTIATE_NTLM
              | Authen::NTLM::NTLMSSP_NEGOTIATE_UNICODE;
       $challenge_msg = $server->http_challenge($flags);

   # Stage 5 Scenario: Client receives NTLM challenge message # Extract the
   line that contains "WWW-Authenticate: NTLM " # Pass it to
   http_parse_challenge to obtain the nonce # Then use nonce to compose
   reply with http_auth

   # client parse NTLM challenge ($domain, $flags, $nonce, $ctx_upper,
   $ctx_lower) = $client->http_parse_challenge($challenge_msg);

   # To compose a NTLM Response Packet $flags =
   Authen::NTLM::NTLMSSP_NEGOTIATE_ALWAYS_SIGN |
   Authen::NTLM::NTLMSSP_NEGOTIATE_NTLM |
   Authen::NTLM::NTLMSSP_NEGOTIATE_UNICODE |
   Authen::NTLM::NTLMSSP_REQUEST_TARGET; $auth_msg =
   $client->http_auth($nonce, $flags);

   # Stage 6 Scenario: Finally the server parses the reply # verify the
   authentication credentials.

   # To parse a NTLM Response Packet ($flags, $lm_resp, $nt_resp,
   $user_domain, $username, $machine) =
   $server->http_parse_auth($auth_msg);

DESCRIPTION
   This is an extension of the Authen::NTLM module written by Yee Man Chan.
   It was written due to popular requests. Yee Man Chan never tests it in
   any production environment but he is confident that it should work as
   expected.

DEPENDENCIES
   To use this module, please install the following two modules:

   1) Authen::NTLM module by Yee Man Chan (UMVUE)

   2) MIME::Base64 module by Gisle Aas (GAAS).

TO-DO
   Supposedly this implementation is complete. Improvements will be done on
   the underlying Authen::NTLM module. However, if you figure out something
   I missed, feel free to let me know.

BUGS
   Nothing known.

AUTHOR
   This implementation was written by Yee Man Chan ([email protected]).
   Copyright (c) 2002 Yee Man Chan. All rights reserved. This program is
   free software; you can redistribute it and/or modify it under the same
   terms as Perl itself.

SEE ALSO
   Authen::NTLM(3), MIME::Base64(3), perl(1), m4(1).

You are viewing proxied material from ftp.icm.edu.pl. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.