px: NTLM authentication no longer possible

Hi,

I think the latest pre-release is no longer able to authenticate against our proxy.

This is the current log:

Process-1: MainThread: 1519632465: verify_request: Client address: 127.0.0.1
Process-1: Thread_0: 1519632465: do_CONNECT: Entering
Process-1: Thread_0: 1519632465: do_transaction: Entering
Process-1: Thread_0: 1519632465: get_response: winkerberos SSPI
Process-1: Thread_0: 1519632465: do_socket: Entering
Process-1: Thread_0: 1519632465: do_socket_connect: New connection: ('proxy.rwe.com', 8080)
Process-1: Thread_0: 1519632465: do_socket: b'CONNECT github.com:443 HTTP/1.1\r\n'
Process-1: Thread_0: 1519632465: do_socket: Sending b'Host: github.com:443\r\n'
Process-1: Thread_0: 1519632465: do_socket: Sending b'User-Agent: git/2.15.0.windows.1\r\n'
Process-1: Thread_0: 1519632465: do_socket: Sending b'Proxy-Connection: Keep-Alive\r\n'
Process-1: Thread_0: 1519632465: do_socket: Sending extra b'Proxy-Authorization: Negotiate YIGeBgYrBgEFBQKggZM... and much more... olAmCpGQrZA=\r\n'
Process-1: Thread_0: 1519632465: do_socket: Reading response code
Process-1: Thread_0: 1519632466: do_socket: Response code: 407 False
Process-1: Thread_0: 1519632466: do_socket: Reading response headers
Process-1: Thread_0: 1519632466: do_socket: Received header Proxy-Authenticate = NEGOTIATE oRUwE6AD... and much more... BgjcCAgo=
Process-1: Thread_0: 1519632466: do_socket: Received header Cache-Control = no-cache
Process-1: Thread_0: 1519632466: do_socket: Received header Pragma = no-cache
Process-1: Thread_0: 1519632466: do_socket: Received header Content-Type = text/html; charset=utf-8
Process-1: Thread_0: 1519632466: do_socket: Received header Proxy-Connection = Keep-Alive
Process-1: Thread_0: 1519632466: do_socket: Received header Connection = Keep-Alive
Process-1: Thread_0: 1519632466: do_socket: Received header Content-Length = 2549
Process-1: Thread_0: 1519632466: do_socket: Reading response data
Process-1: Thread_0: 1519632466: do_socket: Content length 2549
Process-1: Thread_0: 1519632466: do_transaction: Auth required
Process-1: Thread_0: 1519632466: do_transaction: Didn't get challenge, not NTLM proxy
Process-1: Thread_0: 1519632466: do_CONNECT: Error 407
Process-1: Thread_0: 1519632466: log_message: code 407, message Proxy Authentication Required
Process-1: Thread_0: 1519632466: log_message: "CONNECT github.com:443 HTTP/1.1" 407 -
Process-1: Thread_0: 1519632466: do_CONNECT: Transferred 0 bytes
Process-1: Thread_0: 1519632466: do_CONNECT: Done

And this is from an older 0.2 release:

Process-1: MainThread: 1519632294: verify_request: Client address: 127.0.0.1
Process-1: Thread_0: 1519632294: do_CONNECT: Entering
Process-1: Thread_0: 1519632294: do_transaction: Entering
Process-1: Thread_0: 1519632294: get_response_wkb: winkerberos SSPI
Process-1: Thread_0: 1519632294: do_socket: Entering
Process-1: Thread_0: 1519632294: do_socket: New connection
Process-1: Thread_0: 1519632294: do_socket: b'CONNECT github.com:443 HTTP/1.1\r\n'
Process-1: Thread_0: 1519632294: do_socket: Sending b'Host: github.com:443\r\n'
Process-1: Thread_0: 1519632294: do_socket: Sending b'User-Agent: git/2.15.0.windows.1\r\n'
Process-1: Thread_0: 1519632294: do_socket: Sending b'Proxy-Connection: Keep-Alive\r\n'
Process-1: Thread_0: 1519632294: do_socket: Sending extra b'Proxy-Authorization: NTLM TlRMTVNTUAABAAAAl7II4gUA... and much more... BMDY1M0dST1VQ\r\n'
Process-1: Thread_0: 1519632294: do_socket: Reading response code
Process-1: Thread_0: 1519632294: do_socket: Response code: 407 False
Process-1: Thread_0: 1519632294: do_socket: Reading response headers
Process-1: Thread_0: 1519632294: do_socket: Received header Proxy-Authenticate = NTLM TlRMTVNTUAACAAAACgAKADgAAAAV... and much more... ABwAIAPmST3zYrtMBAAAAAA==
Process-1: Thread_0: 1519632294: do_socket: Received header Cache-Control = no-cache
Process-1: Thread_0: 1519632294: do_socket: Received header Pragma = no-cache
Process-1: Thread_0: 1519632294: do_socket: Received header Content-Type = text/html; charset=utf-8
Process-1: Thread_0: 1519632294: do_socket: Received header Proxy-Connection = Keep-Alive
Process-1: Thread_0: 1519632294: do_socket: Received header Connection = Keep-Alive
Process-1: Thread_0: 1519632294: do_socket: Received header Content-Length = 2549
Process-1: Thread_0: 1519632294: do_socket: Reading response data (nobody: False)
Process-1: Thread_0: 1519632294: do_socket: Content length 2549
Process-1: Thread_0: 1519632294: do_transaction: Auth required
Process-1: Thread_0: 1519632294: do_transaction: Challenged
Process-1: Thread_0: 1519632294: get_response_wkb: winkerberos SSPI
Process-1: Thread_0: 1519632294: do_socket: Entering
Process-1: Thread_0: 1519632294: do_socket: b'CONNECT github.com:443 HTTP/1.1\r\n'
Process-1: Thread_0: 1519632294: do_socket: Sending b'Host: github.com:443\r\n'
Process-1: Thread_0: 1519632294: do_socket: Sending b'User-Agent: git/2.15.0.windows.1\r\n'
Process-1: Thread_0: 1519632294: do_socket: Sending b'Proxy-Connection: Keep-Alive\r\n'
Process-1: Thread_0: 1519632294: do_socket: Sending extra b'Proxy-Authorization: NTLM TlRMTVNTUAADAAAAGAAYAIIAAA... and much more... J2HBxQa\r\n'
Process-1: Thread_0: 1519632294: do_socket: Reading response code
Process-1: Thread_0: 1519632294: do_socket: Response code: 200 True
Process-1: Thread_0: 1519632294: do_socket: Reading response headers
Process-1: Thread_0: 1519632294: do_socket: Reading response data (nobody: True)
Process-1: Thread_0: 1519632294: do_CONNECT: Tunneling through proxy
127.0.0.1 - - [26/Feb/2018 09:04:54] "CONNECT github.com:443 HTTP/1.1" 200 -
Process-1: Thread_0: 1519632295: do_CONNECT: Transferred 6094 bytes
Process-1: Thread_0: 1519632295: do_CONNECT: Done

Any idea!? This might be related to #22.

About this issue

  • Original URL
  • State: closed
  • Created 6 years ago
  • Comments: 21 (18 by maintainers)

Commits related to this issue

Most upvoted comments

First issue is quite simple.

px.py:470 if header[0] == "Proxy-Authenticate" and "Negotiate" in header[1]:

With our proxy it’s “NEGOTIATE” and not “Negotiate”. But even if I change the line to “NEGOTIATE”:

MainProcess: MainThread: 1519651281: verify_request: Client address: 127.0.0.1
MainProcess: Thread_0: 1519651281: do_CONNECT: Entering
MainProcess: Thread_0: 1519651281: do_transaction: Entering
MainProcess: Thread_0: 1519651281: get_response: winkerberos SSPI
MainProcess: Thread_0: 1519651281: do_socket: Entering
MainProcess: Thread_0: 1519651281: do_socket_connect: New connection: ('proxy.rwe.com', 8080)
MainProcess: Thread_0: 1519651282: do_socket: b'CONNECT github.com:443 HTTP/1.1\r\n'
MainProcess: Thread_0: 1519651282: do_socket: Sending b'Host: github.com:443\r\n'
MainProcess: Thread_0: 1519651282: do_socket: Sending b'User-Agent: git/2.15.0.windows.1\r\n'
MainProcess: Thread_0: 1519651282: do_socket: Sending b'Proxy-Connection: Keep-Alive\r\n'
MainProcess: Thread_0: 1519651282: do_socket: Sending extra b'Proxy-Authorization: Negotiate YIGeBgYrBgEF... and much more... pGQrZA=\r\n'
MainProcess: Thread_0: 1519651282: do_socket: Reading response code
MainProcess: Thread_0: 1519651282: do_socket: Response code: 407 False
MainProcess: Thread_0: 1519651282: do_socket: Reading response headers
MainProcess: Thread_0: 1519651282: do_socket: Received header Proxy-Authenticate = NEGOTIATE oRUwE... and much more... AQQBgjcCAgo=
MainProcess: Thread_0: 1519651282: do_socket: Received header Cache-Control = no-cache
MainProcess: Thread_0: 1519651282: do_socket: Received header Pragma = no-cache
MainProcess: Thread_0: 1519651282: do_socket: Received header Content-Type = text/html; charset=utf-8
MainProcess: Thread_0: 1519651282: do_socket: Received header Proxy-Connection = Keep-Alive
MainProcess: Thread_0: 1519651282: do_socket: Received header Connection = Keep-Alive
MainProcess: Thread_0: 1519651282: do_socket: Received header Content-Length = 2549
MainProcess: Thread_0: 1519651282: do_socket: Reading response data
MainProcess: Thread_0: 1519651282: do_socket: Content length 2549
MainProcess: Thread_0: 1519651282: do_transaction: Auth required
MainProcess: Thread_0: 1519651282: do_transaction: Challenged
MainProcess: Thread_0: 1519651282: get_response: winkerberos SSPI
MainProcess: Thread_0: 1519651282: do_socket: Entering
MainProcess: Thread_0: 1519651282: do_socket: b'CONNECT github.com:443 HTTP/1.1\r\n'
MainProcess: Thread_0: 1519651282: do_socket: Sending b'Host: github.com:443\r\n'
MainProcess: Thread_0: 1519651282: do_socket: Sending b'User-Agent: git/2.15.0.windows.1\r\n'
MainProcess: Thread_0: 1519651282: do_socket: Sending b'Proxy-Connection: Keep-Alive\r\n'
MainProcess: Thread_0: 1519651282: do_socket: Sending extra b'Proxy-Authorization: Negotiate oTMwMaA... and much more... QA
AAA8=\r\n'
MainProcess: Thread_0: 1519651282: do_socket: Reading response code
MainProcess: Thread_0: 1519651282: do_socket: Response code: 407 False
MainProcess: Thread_0: 1519651282: do_socket: Reading response headers
MainProcess: Thread_0: 1519651282: do_socket: Received header Proxy-Authenticate = NEGOTIATE oYHwMIHtoAMK... and much more... QSv0wEAAAAA
MainProcess: Thread_0: 1519651282: do_socket: Received header Cache-Control = no-cache
MainProcess: Thread_0: 1519651282: do_socket: Received header Pragma = no-cache
MainProcess: Thread_0: 1519651282: do_socket: Received header Content-Type = text/html; charset=utf-8
MainProcess: Thread_0: 1519651282: do_socket: Received header Proxy-Connection = Keep-Alive
MainProcess: Thread_0: 1519651282: do_socket: Received header Connection = Keep-Alive
MainProcess: Thread_0: 1519651282: do_socket: Received header Content-Length = 2549
MainProcess: Thread_0: 1519651282: do_socket: Reading response data
MainProcess: Thread_0: 1519651282: do_socket: Content length 2549
MainProcess: Thread_0: 1519651282: do_CONNECT: Error 407
MainProcess: Thread_0: 1519651282: log_message: code 407, message Proxy Authentication Required
MainProcess: Thread_0: 1519651282: log_message: "CONNECT github.com:443 HTTP/1.1" 407 -
MainProcess: Thread_0: 1519651282: do_CONNECT: Transferred 0 bytes
MainProcess: Thread_0: 1519651282: do_CONNECT: Done

I’m not familiar with NTLM, but It’s seems it’s all related to the Proxy-Authorization header. This was changed from “NTLM” to “Negotiate” in 03f6536dc68226cd5e65c53a5f3f435820d5abf2.

+1
ccbur on Feb 26, 2018
Read more comments on GitHub
← ugrep: random crash and hang in option --zmax>1 when nested jar has a decompression error
px: [WinError10053] An established connection was aborted by the software in your host machine →