Git Product home page Git Product logo

Comments (4)

jschwartzenberg avatar jschwartzenberg commented on August 26, 2024

I didn't know there was a feature to authenticate against non-proxy servers.

It would seem best to remove that code indeed. If there is any documentation hinting at authentication against non-proxy servers, it should be removed along with it.

from cntlm.

fralken avatar fralken commented on August 26, 2024

Indeed the original documentation claims that it supports transparent connection to ntlm authenticated servers:

Cntlm integrates TCP/IP port forwarding (HTTP tunneling), SOCKS5 proxy mode, standalone proxy allowing you to browse intranet as well as Internet and to access corporate web servers with NTLM protection.

So authentication against target servers is an advertised feature, and the original author tested a lot.

Cntlm has been tested against various ISA servers, WinGate, NetCache, Squid and Tinyproxy with and without NTLM auth.

I guess the issue is with POST requests, where you need to send the body request twice (the second time after you completed the authentication sequence). For sure it works with GET requests (without a body).

So for now I change the title of this issue. Let's see if there is a way to keep this feature and make it more robust (maybe disabling the authentication for POST requests).

from cntlm.

jschwartzenberg avatar jschwartzenberg commented on August 26, 2024

So for now I change the title of this issue. Let's see if there is a way to keep this feature and make it more robust (maybe disabling the authentication for POST requests).

It depends on the complexity of the code. HTTP without SSL is disappearing, so at some point this code would not really be used while it does contribute to the complexity of the program.

from cntlm.

fralken avatar fralken commented on August 26, 2024

Yes, a quick fix is to add a test that the request body is empty:

if (loop == 1 && data[1]->code == 401 && hlist_subcmp_all(data[1]->headers, "WWW-Authenticate", "NTLM") && !http_has_body(data[0], NULL)) {

In this case the feature is still working, and does not break with POST requests.

I agree that this requirement is obsolete, probably nowadays there are no more clients not able to deal with ntlm authentication, but since the code is there and a quick fix prevents it from breaking, I think for now we can keep it.

from cntlm.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.