[twsocket] squid NTLM proxy support

Thu, 21 Jul 2011 04:17:47 -0700 

Hi,
in order to support squid proxy with NTLM auth, I've made some changes
to ics source code.
The problem I found was related to unicode, not supported by squid.
I'm using OverbyteIcsV7.

Is it possible to include my modifications inside ics official source code?
Or maybe there is another way to do the same thing...

My modifications are:

1.Implementation of class TNTLMParser

TNTLMParser=class
  protected
    //Msg2
    fMsg2:TNTLM_Message2;
    fMsg2_Unicode:boolean;
    function GetMsg2_Flags:cardinal;
  public
    constructor Create;
    destructor Destroy;override;
    procedure ParseMsg2(aMessage:string);
    property pMsg2_Unicode:boolean read fMsg2_Unicode;
    property pMsg2_Flags:cardinal read GetMsg2_Flags;
  end;

//------------------------------------------------------------------------------
//TNTLMParser.
//------------------------------------------------------------------------------
constructor TNTLMParser.Create;
begin
  inherited Create;
  FillChar(fMsg2,sizeof(fMsg2),0);
end;

destructor TNTLMParser.Destroy;
begin
  inherited Destroy;
end;

procedure TNTLMParser.ParseMsg2(aMessage:string);
var
  lMessage:AnsiString;
begin
  FillChar(fMsg2,sizeof(fMsg2),0);
  lMessage:=Base64DecodeStr(AnsiString(trim(aMessage)));
  if length(string(lMessage))>0 then
    move(lMessage[1],fMsg2,SizeOf(fMsg2));
  fMsg2_Unicode:=(fMsg2.Flags and $01)<>0;
end;

function TNTLMParser.GetMsg2_Flags:cardinal;
begin
  result:=fMsg2.Flags;
end;



2. Changes inside OverbyteIcsNtlmMsgs.pas
I,ve added the aProxySupportUnicode flag inside NtlmGetMessage3 function.

function NtlmGetMessage3(const ADomain, AHost, AUser, APassword: String;
    AChallenge: TArrayOf8Bytes;aProxySupportUnicode:boolean; ACodePage:
LongWord = CP_ACP): String;//ema

{* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
* *}
function NtlmGetMessage3(const ADomain, AHost, AUser,
  APassword: String; AChallenge: TArrayOf8Bytes;
aProxySupportUnicode:boolean; ACodePage: LongWord): String;//ema
var
    Msg        : TNTLM_Message3;
    MessageAux : AnsiString;
    LM_Resp    : String[30];
    NT_Resp    : String[30];
    UDomain    : AnsiString;
    UHost      : AnsiString;
    UUser      : AnsiString;
    UPassword  : AnsiString;
begin
{$IFNDEF COMPILER12_UP}
  //ema
  if aProxySupportUnicode then
  begin
    UDomain    := Unicode(ADomain, ACodePage);
    UHost      := Unicode(AHost, ACodePage);
    UUser      := Unicode(AUser, ACodePage);
    UPassword  := Unicode(APassword, ACodePage);
  end
  else
  begin
    UDomain    := ADomain;
    UHost      := AHost;
    UUser      := AUser;
    UPassword  := APassword;
  end;
{$ELSE}
...



3. Modifications inside OverbyteIcsHttpProt.pas
3.a. I've added the ProxyDomain param
3.b I use the TNTLMParser object inside THttpCli.StartProxyAuthNTLM
procedure
3.c I use the new version of NtlmGetMessage3 inside
THttpCli.GetNTLMMessage3 function


THttpCli = class(TIcsWndControl)
    protected
        ...
        FProxyUsername        : String;
        FProxyDomain          : String;//ema
        fNTLMParser:TNTLMParser;//ema
        FProxyPassword        : String;
        ...
    published
        ...
        property ProxyDomain     : String read FProxyDomain
                                   write FProxyDomain;//ema
        ...


constructor THttpCli.Create(Aowner:TComponent);
begin
    ...
    fNTLMParser:=TNTLMParser.Create;//ema
    fProxyDomain:='';//ema
end;

destructor THttpCli.Destroy;
begin
  ...
  if assigned(fNTLMParser) then//ema
    FreeAndNil(fNTLMParser);

    inherited Destroy;
end;

procedure THttpCli.StartProxyAuthNTLM;
var
    I : Integer;
begin
   ...
        NtlmGetMessage2(Copy(FDoAuthor.Strings[I], 6, 1000));
        fNTLMParser.ParseMsg2(Copy(FDoAuthor.Strings[I], 6, 1000));//ema
        FProxyAuthNTLMState := ntlmMsg3;
   ...
end;

function THttpCli.GetNTLMMessage3(const HttpMethod: String;
  const ForProxy: Boolean): String;
var
    Hostname : String;
begin
    { get local hostname }
    try
        Hostname := String(LocalHostName);
    except
        Hostname := '';
    end;

    { domain is not used             }
    { hostname is the local hostname }
    if ForProxy then
        Result := 'Proxy-Authorization: NTLM ' +
                  NtlmGetMessage3(fProxyDomain,//ema
                                  Hostname,
                                  FProxyUsername,
                                  FProxyPassword,
                                  FProxyNTLMMsg2Info.Challenge,
                                  fNTLMParser.pMsg2_Unicode)//ema

    else
        Result := 'Authorization: NTLM ' +
                  NtlmGetMessage3(fProxyDomain,//ema
                                  Hostname,
{                                 FNTLMUsercode, FNTLMPassword, }
                                  FCurrUsername, FCurrPassword,
                                  FNTLMMsg2Info.Challenge,
                                  fNTLMParser.pMsg2_Unicode);//ema
end;


Thankyou,
Emanuele

-- 
Ing. Emanuele Bizzarri
Software Development Department
e-works s.r.l.
41011 - Campogalliano - Modena - Italy
tel. +39 059 2929081 int. 23
fax +39 059 2925035

e-mail: e.bizza...@e-works.it - http://www.e-works.it
---------------------------------------------------------------------
La presente comunicazione, che potrebbe contenere informazioni riservate
e/o protette da segreto professionale, è indirizzata esclusivamente ai
destinatari della medesima qui indicati. Le opinioni, le conclusioni e
le altre informazioni qui contenute, che non siano relative alla nostra
attività caratteristica, devono essere considerate come non inviate né
avvalorate da noi. Tutti i pareri e le informazioni qui contenuti sono
soggetti ai termini ed alle condizioni previsti dagli accordi che
regolano il nostro rapporto con il cliente. Nel caso in cui abbiate
ricevuto per errore la presente comunicazione, vogliate cortesemente
darcene immediata notizia, rispondendo a questo stesso indirizzo di
e-mail, e poi procedere alla cancellazione di questo messaggio dal
Vostro sistema. E' strettamente proibito e potrebbe essere fonte di
violazione di legge qualsiasi uso, comunicazione, copia o diffusione dei
contenuti di questa comunicazione da parte di chi la abbia ricevuta per
errore o in violazione degli scopi della presente.
---------------------------------------------------------------------
This communication, that may contain confidential and/or legally
privileged information, is intended solely for the use of the intended
addressees. Opinions, conclusions and other information contained in
this message, that do not relate to the official business of this firm,
shall be considered as not given or endorsed by it. Every opinion or
advice contained in this communication is subject to the terms and
conditions provided by the agreement governing the engagement with such
a client. If you have received this communication in error, please
notify us immediately by responding to this email and then delete it
from your system. Any use, disclosure, copying or distribution of the
contents of this communication by a not-intended recipient or in
violation of the purposes of this communication is strictly prohibited
and may be unlawful.

--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be

Reply via email to