Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chisel do not support ntlm proxy authentication #149

Open
pariseed opened this issue Apr 9, 2020 · 9 comments
Open

chisel do not support ntlm proxy authentication #149

pariseed opened this issue Apr 9, 2020 · 9 comments

Comments

@pariseed
Copy link

pariseed commented Apr 9, 2020

is in roadmap the possibility to introduce support for ntlm proxy authentication ?
@pariseed
Copy link
Author

closing this issue because i solve the ntlm proxy auth with:

https://github.com/launchdarkly/go-ntlm-proxy-auth.git

i made a fork of chisel where i've implemented the above lib in chisel code.
if someone else will have same necessity in future, keep an eye on my fork:

https://github.com/pariseed/chisel.git

@mpgn
Copy link

mpgn commented Oct 17, 2020
edited
Loading

@pariseed why not a PR ? This issue is still valid and should not be closed

@mpgn mpgn mentioned this issue Oct 17, 2020
Open
@pariseed
Copy link
Author

@mpgn when i've opened this issue i've wait almost a month for an answer from @jpillora but while for other issue opened after that a response was provided for this issue nothing is come.
So i decided to do it from myself, and i've intend the no response as an "i'm not interessed in that feature".
If jpillora let me know he is interessed in that feature i will pleasure to send a PR to him, but until then if someone need ntml integration they can look at my fork.

@jpillora
Copy link
Owner

Hey @pariseed I'd consider a PR, though I'd want to confirm the API beforehand, and also that we don't introduce many new dependencies

@pariseed
Copy link
Author

Hi @jpillora i understood, i think that if you're sure to use the API there is no sense to forward a PR.
However you can see here the lines that i have added to the client in order to make ntlm work with chisel:

include ntlm lib

add new regex syntax to recognize ntlm invocation

adding the ntlmDialContext

If you change idea let me know and i will create a patch from this lines or a PR

@jpillora
Copy link
Owner

A few things changes that I'd request:

  • github.com/launchdarkly/go-ntlm-proxy-auth uses https://github.com/launchdarkly/go-ntlmssp - it would be better to depend directly on Microsoft's module https://github.com/Azure/go-ntlmssp, and maybe add a small wrapper in chisel if needed

  • the user interface is essentially this regex (NTLM)þ(.*):(.*):(.*)@, since there is no ntlm: protocol, we could simply just use that. so it would be better to:

    • use the regex ntlm:([^:]+):([^:]*):([^:]*)@
    • this would be: domain required (+ not *), user, password (is user required?)
    • note however this has the downside of not supporting : colon characters

  • dial context can be shortened:

		//optionally CONNECT proxy
		if c.httpProxyURL != nil {

			if isntlm == true {
				ntlmDialContext := ntlm.WrapDialContext(daler.DialContext, ntlmurl, ntlmusr, ntlmpwd, ntlmdomain)
				d.NetDialContext = ntlmDialContext

				d.Proxy = func(*http.Request) (*url.URL, error) {
					return c.httpProxyURL, nil
				}
			} else {
				d.Proxy = func(*http.Request) (*url.URL, error) {
					return c.httpProxyURL, nil
				}
			}
		}

to

		//optionally CONNECT proxy
		if c.httpProxyURL != nil {
			if isntlm {
				d.NetDialContext = ntlm.WrapDialContext(daler.DialContext, ntlmurl, ntlmusr, ntlmpwd, ntlmdomain)
			}
			d.Proxy = func(*http.Request) (*url.URL, error) {
				return c.httpProxyURL, nil
			}
		}
  • also all of the above variables, formatting, etc should be updated to follow standard Go style

@pariseed pariseed mentioned this issue Oct 20, 2020
Open
@pariseed
Copy link
Author

pariseed commented Oct 20, 2020
edited
Loading

@jpillora i've just forwarded the PR 104 to you.
I've followed all your suggestions except for the inclusion of the MS library, the launchdarkly fork have very small changes compared to the MS repo, other this i've encountered some problem trying to use MS go-ntlmssp and i was not able to perform any correct login with they, in fact seems that some negotiation flag are missing, but these flag was added into launchdarkly fork PR 1 so i decided to go forward with this library.
Hope you will agree with this

@pariseed
Copy link
Author

Reopened this issue, because after one year and PR 204 ignored nothing is changed

@pariseed pariseed reopened this Apr 26, 2021
@jpillora
Copy link
Owner

jpillora commented Apr 26, 2021 via email

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jpillora @mpgn @pariseed