Ntlm proxy auth

[pariseed]

following almost all the suggestion argued in issue 149 this pull request enable chisel to connect on ntlm v2 proxies

[jpillora]

hey @pariseed thanks for the PR, can you run go mod tidy in the project root and commit the changed go mod/sum?

[pariseed]

Hi @jpillora done, let me know if it's ok :)

[jpillora]

Thanks! hopefully can merge soon

[jpillora]

Hey guys I remember looking into this and was going to make a few changes myself (though ran out of time):

1. use https://github.com/Azure/go-ntlmssp as a dependency rather than an unknown fork
2. put changes required for 1. into a separate ntlm file
3. move variables into an ntlm configuration struct
4. fix regex

@pariseed feel free to make these changes if you're up for it

[pariseed]

@jpillora as explained in the issue 149 i was not able to successfully use https://github.com/Azure/go-ntlmssp in order to correctly authenticate on ntlm proxys and in the issue i've already explained why this happen, beyond that the guys from launchdarkly didn't do anything of strange on their fork adding only the negotiations flag needed to let authentication work and if they in the future for any reason will messed up their things will be very easily for us untie from them.
Putting all ntlm stuff with the required changes in one separated file i think is not a good idea because it will take a lot work and at the end will lead us to create an our fork without any kind of benefit and making difficult update they if on the main repo other commit will be added.
Regarding the regex interface instead, i used exactly the one that you've requested on issue 149 regex comment so why after so long time you're requesting change on they ? And what kind of fix do you need ?
After one year i think that some more explanations is due.
Do not take me wrong but i've already spend a lot of time working on that, i understand that you want to do things in your way and as better they can, but since day1 i see that you've zero interest in this implementation and the time passed by i think that prove that, so i will not put any further effort on this implementation.
Hope you can figure out.

[jpillora]

1. "i used exactly the one that you've requested onissue 149 regex comment "

htt.*:// no, this is wrong

if len(ntlmfind) == 0 {
         ;;
 } else {

why?

                        c.Isntlm = true
                         c.Ntlmdomain = ntlmfind[1]
                         c.Ntlmusr = ntlmfind[2]
                         c.Ntlmpwd = ntlmfind[3]

variable casing is wrong
why are they public?

---

oct 2020 i said that i want to make sure "we don't introduce many new dependencies"

id be okay accepting a single dependency from Microsoft (Azure) - this means we copy the changes that launchdarkly introduced ("A little copying is better than a little dependency."). i said this back then because 1. we get official fixes from microsoft - we dont rely on launchdarkly, and 2. the changes are minimal: its essentially this file, where the default flags have been changed. so instead of using his fork where he changes 2 lines to get different defaults in order to change the internal behaviour of ntlmssp.NewNegotiateMessage - you just construct your own a NegotiateMessage yourself.

in summary, the PR should include be the changes you've got right now, plus the fixes, plus this 100 line file from launchdarkly/go-ntlm-proxy-auth with the flag changes so we can use the original azure repo.

i do open source in my free time, and time is very valuable, so if someone wants custom enhancements, then i need that someone to put in the work - while keeping chisel stable, without introducing bad dependencies, bugs, and bad code