Some proxies do not advertise NTLM correctly
Brought to you by:
jpmcc
Menu
▾
▴
#16 Some proxies do not advertise NTLM correctly
As a workaround for support item #1402210 I discovered
that some proxies do not advertise that they support
NTLM even though they do.
In the case that the server does not report any usable
methods, ntlmaps should just try to negotiate NTLM
anyway (a configurable option would be ideal).
For a workaround, I modified proxy_client.py and added
at line 595 (see >>>):
def auth_407(self):
auth =
self.rserver_head_obj.get_param_values('Proxy-Authenticate')
>>> auth = ['NTLM']
upper_auth = []
msg = ''
To spoof ntlmaps into thinking the server advertised
NTLM. This allows ntlmaps to work correctly for the way
the proxy here is configured, and it's possible others
could have the same issue.
Logged In: YES
user_id=567623
Hmmm, sounds sensible, I'll look at integrating something
like this into the next release. Can I send to you to test?
D
Logged In: YES
user_id=669020
I'd like to test this also. Seems like it is just the issue
with subversion. I can connect to
https://svn.collab.net/repos/svn/tags/1.1.4/doc/ through
ntlmaps with browser without any problems, but when I try to
make tunneled connection with subversion client - there is
another response from the server.
(btw, it also seems that ntlmaps shortens "User-Agent:"
strings to 63 chars if they are substituted from server.cfg)
Logged In: YES
user_id=669020
Files -
http://pastebin.co.uk/593 browser request
http://pastebin.co.uk/594 subversion request
Logged In: NO
I changed the patch to:
def auth_407(self):
""
auth = self.rserver_head_obj.get_param_values('Proxy-Authenticate')
#----------Patch Starts----------
if len(auth)==0:
self.logger.log('auth is empty, adding NTLM\n')
auth = ['NTLM']
#----------Patch Ends----------
upper_auth = []
msg = ''
Logged In: YES
user_id=30171
Originator: YES
Revised patch seems to work fine for me... Thanks!