#16 Some proxies do not advertise NTLM correctly

open
None
5
2006-01-26
2006-01-11
No

As a workaround for support item #1402210 I discovered
that some proxies do not advertise that they support
NTLM even though they do.

In the case that the server does not report any usable
methods, ntlmaps should just try to negotiate NTLM
anyway (a configurable option would be ideal).

For a workaround, I modified proxy_client.py and added
at line 595 (see >>>):

def auth_407(self):
auth =
self.rserver_head_obj.get_param_values('Proxy-Authenticate')
>>> auth = ['NTLM']
upper_auth = []
msg = ''

To spoof ntlmaps into thinking the server advertised
NTLM. This allows ntlmaps to work correctly for the way
the proxy here is configured, and it's possible others
could have the same issue.

Discussion

  • Darryl Dixon

    Darryl Dixon - 2006-01-26
    • assigned_to: nobody --> esrever_otua
     
  • Darryl Dixon

    Darryl Dixon - 2006-01-26

    Logged In: YES
    user_id=567623

    Hmmm, sounds sensible, I'll look at integrating something
    like this into the next release. Can I send to you to test?

    D

     
  • anatoly techtonik

    Logged In: YES
    user_id=669020

    I'd like to test this also. Seems like it is just the issue
    with subversion. I can connect to
    https://svn.collab.net/repos/svn/tags/1.1.4/doc/ through
    ntlmaps with browser without any problems, but when I try to
    make tunneled connection with subversion client - there is
    another response from the server.

    (btw, it also seems that ntlmaps shortens "User-Agent:"
    strings to 63 chars if they are substituted from server.cfg)

     
  • Nobody/Anonymous

    Logged In: NO

    I changed the patch to:

    def auth_407(self):
    ""
    auth = self.rserver_head_obj.get_param_values('Proxy-Authenticate')

    #----------Patch Starts----------
    if len(auth)==0:
    self.logger.log('auth is empty, adding NTLM\n')
    auth = ['NTLM']
    #----------Patch Ends----------

    upper_auth = []
    msg = ''

     
  • Scott Emmons

    Scott Emmons - 2007-05-09

    Logged In: YES
    user_id=30171
    Originator: YES

    Revised patch seems to work fine for me... Thanks!

     

Log in to post a comment.