chisel
chisel copied to clipboard
jpillora
chisel do not support ntlm proxy authentication
is in roadmap the possibility to introduce support for ntlm proxy authentication ?
closing this issue because i solve the ntlm proxy auth with:
https://github.com/launchdarkly/go-ntlm-proxy-auth.git
i made a fork of chisel where i've implemented the above lib in chisel code. if someone else will have same necessity in future, keep an eye on my fork:
https://github.com/pariseed/chisel.git
@mpgn when i've opened this issue i've wait almost a month for an answer from @jpillora but while for other issue opened after that a response was provided for this issue nothing is come. So i decided to do it from myself, and i've intend the no response as an "i'm not interessed in that feature". If jpillora let me know he is interessed in that feature i will pleasure to send a PR to him, but until then if someone need ntml integration they can look at my fork.
Hey @pariseed I'd consider a PR, though I'd want to confirm the API beforehand, and also that we don't introduce many new dependencies
Hi @jpillora i understood, i think that if you're sure to use the API there is no sense to forward a PR. However you can see here the lines that i have added to the client in order to make ntlm work with chisel:
add new regex syntax to recognize ntlm invocation
If you change idea let me know and i will create a patch from this lines or a PR
A few things changes that I'd request:
-
github.com/launchdarkly/go-ntlm-proxy-auth uses https://github.com/launchdarkly/go-ntlmssp - it would be better to depend directly on Microsoft's module https://github.com/Azure/go-ntlmssp, and maybe add a small wrapper in chisel if needed
-
the user interface is essentially this regex
(NTLM)þ(.*):(.*):(.*)@, since there is nontlm:protocol, we could simply just use that. so it would be better to:- use the regex
ntlm:([^:]+):([^:]*):([^:]*)@ - this would be: domain required (+ not *), user, password (is user required?)
- note however this has the downside of not supporting
:colon characters
- use the regex
-
dial context can be shortened:
//optionally CONNECT proxy
if c.httpProxyURL != nil {
if isntlm == true {
ntlmDialContext := ntlm.WrapDialContext(daler.DialContext, ntlmurl, ntlmusr, ntlmpwd, ntlmdomain)
d.NetDialContext = ntlmDialContext
d.Proxy = func(*http.Request) (*url.URL, error) {
return c.httpProxyURL, nil
}
} else {
d.Proxy = func(*http.Request) (*url.URL, error) {
return c.httpProxyURL, nil
}
}
}
to
//optionally CONNECT proxy
if c.httpProxyURL != nil {
if isntlm {
d.NetDialContext = ntlm.WrapDialContext(daler.DialContext, ntlmurl, ntlmusr, ntlmpwd, ntlmdomain)
}
d.Proxy = func(*http.Request) (*url.URL, error) {
return c.httpProxyURL, nil
}
}
- also all of the above variables, formatting, etc should be updated to follow standard Go style
@jpillora i've just forwarded the PR 104 to you. I've followed all your suggestions except for the inclusion of the MS library, the launchdarkly fork have very small changes compared to the MS repo, other this i've encountered some problem trying to use MS go-ntlmssp and i was not able to perform any correct login with they, in fact seems that some negotiation flag are missing, but these flag was added into launchdarkly fork PR 1 so i decided to go forward with this library. Hope you will agree with this
Commented on the PR 👍
On Tue, 27 Apr 2021 at 12:59 am PD @.***> wrote:
Reopened this issue, because after one year and PR 204 https://github.com/jpillora/chisel/pull/204 ignored nothing is changed
— You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub https://github.com/jpillora/chisel/issues/149#issuecomment-826904761, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAE2X43AKSFUQLBLDTUUXMTTKV5VZANCNFSM4MEUJEGA .