mullender / python-ntlm Goto Github PK

class AbstractNtlmAuthHandler:
    def __init__(self, password_mgr=None, debuglevel=0):
        if password_mgr is None:
            password_mgr = HTTPPasswordMgr()

What steps will reproduce the problem?
1. Attempting to authenticate with a proxy server using NTLM

What is the expected output? What do you see instead?
Python-ntlm currently supports ntlm authentication via a proxy, but not 
authenticating with that proxy using ntlm.

What version of the product are you using? On what operating system?
Latest python-ntlm build, Python 2.7, any OS

Please provide any additional information below.
Included patch file adds support for ntlm proxy authentication.

What steps will reproduce the problem?
1. Enter u"DOMAIN\\User" as a username
2. Crash

What is the expected output? What do you see instead?
Success :)

This is a framework that will hopefully allow problems to be reproduced.  It 
allows the replay of captured HTTP transactions in a controlled environment, 
and should allow unit-tests to be created as issues are identified.

The PyPI package only supports Python 2. It's helpful to label this.

What steps will reproduce the problem?
1. Try to retrieve a ntlm secured url that respond with an error code,
example code 500.

What is the expected output? What do you see instead?

urllib2.HTTPError is not raised.

What version of the product are you using? On what operating system?

trunk

I'm at trying to authenticate with a server that uses NTLM.  However it
doesn't set the www-authenticate header.  The handler assumes this value
exists and tries set it to lower.  Since the server doesn't return that
header, python throws an exception about None not having a lower method.

Traceback (most recent call last):
  File "nyquist_scrape.py", line 24, in <module>
    response = urllib2.urlopen(url)
  File "/usr/lib/python2.5/urllib2.py", line 124, in urlopen
    return _opener.open(url, data)
  File "/usr/lib/python2.5/urllib2.py", line 387, in open
    response = meth(req, response)
  File "/usr/lib/python2.5/urllib2.py", line 498, in http_response
    'http', request, response, code, msg, hdrs)
  File "/usr/lib/python2.5/urllib2.py", line 419, in error
    result = self._call_chain(*args)
  File "/usr/lib/python2.5/urllib2.py", line 360, in _call_chain
    result = func(*args)
  File "/home/nickte/test/moderation/ntlm/HTTPNtlmAuthHandler.py", line 92,
in http_error_401
    return self.http_error_authentication_required('www-authenticate', req,
fp, headers)
  File "/home/nickte/test/moderation/ntlm/HTTPNtlmAuthHandler.py", line 30,
in http_error_authentication_required
    if 'ntlm' in auth_header_value.lower():
AttributeError: 'NoneType' object has no attribute 'lower'

Allow me to quote from the commit log:

"Handle HTTP responses with more than one WWW-Authenticate header.

Some servers send two WWW-Authenticate headers: one with the NTLM
challenge and another with the 'Negotiate' phrase. Make sure we
operate on the right header."

Color diff and patch:

https://github.com/bnoordhuis/python-ntlm/commit/75024ca
https://github.com/bnoordhuis/python-ntlm/commit/75024ca.patch

What steps will reproduce the problem?

1. sudo pip install python-ntlm
2. ntlm_example_simple
3. ntlm_example_extended

What is the expected output? What do you see instead?

$ ntlm_example_simple
Traceback (most recent call last):
  File "/usr/local/bin/ntlm_example_simple", line 9, in <module>
    load_entry_point('python-ntlm==1.0', 'console_scripts', 'ntlm_example_simple')()
  File "/usr/lib/python2.6/dist-packages/pkg_resources.py", line 299, in load_entry_point
    return get_distribution(dist).load_entry_point(group, name)
  File "/usr/lib/python2.6/dist-packages/pkg_resources.py", line 2229, in load_entry_point
    return ep.load()
  File "/usr/lib/python2.6/dist-packages/pkg_resources.py", line 1948, in load
    entry = __import__(self.module_name, globals(),globals(), ['__name__'])
ImportError: No module named ntlm_examples.simple


$ ntlm_example_extended
Traceback (most recent call last):
  File "/usr/local/bin/ntlm_example_extended", line 9, in <module>
    load_entry_point('python-ntlm==1.0', 'console_scripts', 'ntlm_example_extended')()
  File "/usr/lib/python2.6/dist-packages/pkg_resources.py", line 299, in load_entry_point
    return get_distribution(dist).load_entry_point(group, name)
  File "/usr/lib/python2.6/dist-packages/pkg_resources.py", line 2229, in load_entry_point
    return ep.load()
  File "/usr/lib/python2.6/dist-packages/pkg_resources.py", line 1948, in load
    entry = __import__(self.module_name, globals(),globals(), ['__name__'])
ImportError: No module named ntlm_examples.extended


What version of the product are you using? On what operating system?

- python-ntlm 1.0 egg
- Ubuntu Server 10.04 64 bit

Please provide any additional information below.

1. I searched pypi for ntlm and python-ntlm

What is the expected output? What do you see instead?

I expect this project to show up and provide an installable egg.
Instead I got nothing.

I'm needing to provide NTLM authentication to clients from a server.

This library could in theory support clients, proxies and servers, using
common classes for the message structures etc.

What steps will reproduce the problem?
1.
2.
3.

What is the expected output? What do you see instead?


What version of the product are you using? On what operating system?


Please provide any additional information below.

Because they don't work right now.

Color diff and patch:

https://github.com/bnoordhuis/python-ntlm/commit/03561b2
https://github.com/bnoordhuis/python-ntlm/commit/03561b2.patch

Having a public release:
 - allows for a common basis for bug reports
 - allows packaging of the release

I'm looking to package this for Ubuntu as I rely on it for the bzr-tfs project. 
However the absence of a release makes this much harder.

In the absence of a mailing list or active maintainers I suspect I will end up 
shipping a random revision.

What steps will reproduce the problem?
- try to set_http_debuglevel(100) on HTTPNtlmAuthHandler like following:

  import urllib2
  from ntlm import HTTPNtlmAuthHandler

  passman = urllib2.HTTPPasswordMgrWithDefaultRealm()
  # set url, user and password with the right values
  auth_NTLM = HTTPNtlmAuthHandler.HTTPNtlmAuthHandler(passman)
  opener = urllib2.build_opener(auth_NTLM)
  # suppose opener.handlers[6] is instance of
  #  ntlm.HTTPNtlmAuthHandler.HTTPNtlmAuthHandler
  opener.handlers[6].set_http_debuglevel(100)


What is the expected output?
- You can watch the client-server communication


The set_http_debuglevel method in AbstractNtlmAuthHandler class is missing.
I implemented it so I can supply my sollution. I think, this can be really
useful when developing.

I'm new in code.google.com so I'm not sure, if this issue-action is the
right way to contact project owner. If it's not excuse me please.

Using trunk.

In file "ntlm/HTTPNtlmAuthHandler.py", line 82
"raise URLError(err)" should be replaced by "raise urllib2.URLError(err)"

What steps will reproduce the problem?
1. Try to access an NTLM protected web page which is hosted on a Windows
2008 Server R2.

What is the expected output? What do you see instead?

The following error is thrown:

  File "C:\Python26\lib\urllib2.py", line 124, in urlopen
    return _opener.open(url, data, timeout)
  File "C:\Python26\lib\urllib2.py", line 395, in open
    response = meth(req, response)
  File "C:\Python26\lib\urllib2.py", line 508, in http_response
    'http', request, response, code, msg, hdrs)
  File "C:\Python26\lib\urllib2.py", line 427, in error
    result = self._call_chain(*args)
  File "C:\Python26\lib\urllib2.py", line 367, in _call_chain
    result = func(*args)
  File "C:\Python26\lib\ntlm\HTTPNtlmAuthHandler.py", line 96, in
http_error_401
    return self.http_error_authentication_required('www-authenticate', req,
fp, headers)
  File "C:\Python26\lib\ntlm\HTTPNtlmAuthHandler.py", line 35, in
http_error_authentication_required
    return self.retry_using_http_NTLM_auth(req, auth_header_field, None,
headers)
  File "C:\Python26\lib\ntlm\HTTPNtlmAuthHandler.py", line 69, in
retry_using_http_NTLM_auth
    (ServerChallenge, NegotiateFlags) =
ntlm.parse_NTLM_CHALLENGE_MESSAGE(auth_header_value[5:])
  File "C:\Python26\lib\ntlm\ntlm.py", line 224, in
parse_NTLM_CHALLENGE_MESSAGE
    msg2 = base64.decodestring(msg2)
  File "C:\Python26\lib\base64.py", line 321, in decodestring
    return binascii.a2b_base64(s)
Error: Incorrect padding


What version of the product are you using? On what operating system?

Python 2.6, python-ntlm build 28th of October 2009.

It seems that Microsoft has upgraded their NTLM protocoll according to this
(German) site from Microsoft:
http://technet.microsoft.com/de-de/library/dd560653%28WS.10%29.aspx
They also say that old windows versions might not well work together with
new servers...

Hi, I'm one of the maintainers for the feedparser project.

I've just received a bug report that I have no way of helping troubleshoot nor 
test fixes:

https://code.google.com/p/feedparser/issues/detail?id=267

The relevant line in the feedparser project is:

    opener = apply(urllib2.build_opener, tuple(handlers + [_FeedURLHandler()]))

The NTLM handler is included in the single-element `handlers` list. 
`_FeedURLHandler` inherits from:

 * HTTPDigestAuthHandler
 * HTTPRedirectHandler
 * HTTPDefaultErrorHandler

which means that those three are not included in the implicit handler list, and 
are not tried before the NTLM handler. The original reporter has said that 
removing the reference to `FeedURLHandler` in the code above fixes the problem, 
so I'm suspecting that this has something to do with the order of the handlers 
maintained by the opener.

Is it possible for someone from the python-ntlm project to help me resolve this 
issue?

Before attempting to unpack TargetInfo structure presence flag must be checked

I noticed I could not use python-ntml for user accounts which existed on the 
server but not in 
active directory. 

Line #72 in HTTPNtlmAuthHandler.py tries to access the second item in the 
user_parts list. 
However, in my situation the list only had one item since there was no domain 
to be specified. 

The fix appears to be pretty simple and in testing on my own system is working 
really well. 

Change line #72 from:
UserName =  user_parts[1]
to:
UserName =  len(user_parts) > 1 and user_parts[1] or user_parts[0]

HTTPie is a command line HTTP client, written in Python. Alas, it doesn't work 
behind NTLM proxies (as in my office). https://github.com/jkbr/httpie/issues/76

Maybe you guys could fix that?

As stated in the GitHub issue, I will pay 20 USD for a fix.

What steps will reproduce the problem?
1. Client is running on a window 7 machine (Or an xp machine) opening a json 
url which should return a json string
2. have an apache tomcat which uses ntlm authentication running
   on a windows xp machine 
3. i am trying the Basic example usage

What is the expected output? a python string

What do you see instead?
File 
"D:\quartz\WINSLA~1\WIN32-~4\build\ext\noarch\lib\python2.6\ntlm\HTTPNtlmAuthHan
dler.py", line 96, in http_error_401
  File "D:\quartz\WINSLA~1\WIN32-~4\build\ext\noarch\lib\python2.6\ntlm\HTTPNtlmAuthHandler.py", line 35, in http_error_authentication_required
  File "D:\quartz\WINSLA~1\WIN32-~4\build\ext\noarch\lib\python2.6\ntlm\HTTPNtlmAuthHandler.py", line 69, in retry_using_http_NTLM_auth
  File "D:\quartz\WINSLA~1\WIN32-~4\build\ext\noarch\lib\python2.6\ntlm\ntlm.py", line 219, in parse_NTLM_CHALLENGE_MESSAGE
error: unpack requires a string argument of length 4

What version of the product are you using? On what operating system?

i don't know the exact version of python ntlm but i m running python version 2.6

i have tried also the extended usage, but it fails with the same problem

could anyone assist?

w/kindest regards
 marco

In ntlm there is no NTLM_TYPE1_FLAGS and those flags aren't needed in 
create_NTLM_NEGOTIATE_MESSAGE function.

What steps will reproduce the problem?
1. Installed python-ntlm on two images, Win7 and XP 
2. python>  import urllib2
3. python>  from ntlm import HTTPNtlmAuthHandler

What is the expected output? What do you see instead?
Traceback <most recent call last>:
   File "<stdin>", line 1, in <module>
ImportError: cannot import name HTTPNtlmAuthHandler

What version of the product are you using? On what operating system?
Python2.6
python_ntlm-1.0.1-py2.6.egg
Please provide any additional information below.
works fine on the W7, not on the XP --- very strange

Correct "ttype" to "type" and "TYPE"

What steps will reproduce the problem?
1. get a response using NTLM library
2. print response.code
3. print response.msg

What is the expected output? What do you see instead?

expected the response message, i.e. 'OK'
expected the response code, i.e. 200

What version of the product are you using? On what operating system?

revision 77. Python 2.4. Linux RHEL 4.6

Please provide any additional information below.

What steps will reproduce the problem?
1. build and install python 2.6.5 on suse linux
2. run the following python code
   digest = hashlib.new('md4', 'password'.encode('utf-16le')).digest()
3. you will see the following exception
  ... 
  File "/home/ejiaden/usr/local/lib/python2.6/hashlib.py", line 87, in __py_new
    return __get_builtin_constructor(name)(string)
  File "/home/ejiaden/usr/local/lib/python2.6/hashlib.py", line 80, in __get_builtin_constructor
    raise ValueError, "unsupported hash type"
ValueError: unsupported hash type


What is the expected output? What do you see instead?
you will see the exception that md4 hash type is not supported

What version of the product are you using? On what operating system?
python-ntlm revision 77, python 2.6.5 built on suse linux 2.6.16.60-0.21-smp

Please provide any additional information below.

for the quick patch, you need to install py-md4 from 
http://barryp.org/software/py-md4/ and apply the attached patch file ntlm.py

Python 3.4: bug: methodes req.get_host() and req.get_selector() not found

What steps will reproduce the problem?
1. Configure an NTLM PROXY server (I am using BlueCoat)
2. Attempt to authenticate against the proxy
3. I know these are bad steps, please read on....

What is the expected output? What do you see instead?

I was receiving HTTP 407 errors from the proxy.  After digging into the code 
and tcpdump, I noticed that NTLM Auth string was the same for the 1st and 2nd 
request.


What version of the product are you using? On what operating system?

Python 2.7.7 on CentOS.  python-ntlm version 1.0.1


Please provide any additional information below.

From what I saw on my setup, this was a simple case of the initial header being 
set as 'Proxy_authentication', then name.title() being called on the headers 
dict which turned 'Proxy_authentication' into 'Proxy_Authentication' (case 
change on the '_a').

So when it constructs the second response, instead of the auth header being 
replaced, it adds the upper case version.  So I had 'Proxy_authentication' and 
'Proxy_Authentication' in my headers dict.


I fixed it by changing line 109 in HTTPNtlmAuthHandler.py

- auth_header = 'Proxy-authorization'
+ auth_header = 'Proxy-Authorization' 

(Maybe calling .title() on it would be a better fix)

..That's it.  I feel like I am missing something obvious here as this seems 
like a simple fix that should have been caught by the first person to use this 
code.

What steps will reproduce the problem?

This line of code:

parsed_url = urlparse(self.href)

In the Extended Example refers to self.href but there is no 'self.'

I would like to be able to write code like this.
Note that I don't specify username and password. 
I want to make a request using NTLM authentication with the credentials of the 
user making the call. 
This should in theory be pretty easy to do (not easy for me though). I think 
there are some clues in this post
http://stackoverflow.com/questions/2916396/smtp-through-exchange-using-integrate
d-windows-authentication-ntlm-using-python

--- snip ---

import urllib2
from ntlm import HTTPNtlmAuthHandler

url = "http://ntlmprotectedserver/securedfile.html"
# create the NTLM authentication handler
# since we aren’t passing a password manager, use credentials
# of calling user
auth_NTLM = HTTPNtlmAuthHandler.HTTPNtlmAuthHandler()

# create and install the opener
opener = urllib2.build_opener(auth_NTLM)
urllib2.install_opener(opener)

# retrieve the result
response = urllib2.urlopen(url)
print(response.read())

When used with server-side authentication implemented by jcifs.http.NtlmSsp
(from Java JCIFS 1.2.13 library) on Tomcat, the handler fails with:

  File
"c:\snapshots\topl_pdn\fo_fip_plato\ToplTools\ToplChangeScripts\ntlm\ntlm.py",
line 229, in parse_NTLM_CHALLENGE_MESSAGE
    TargetInfoLen = struct.unpack("<H",msg2[40:42])[0]
  File "C:\Python25\lib\struct.py", line 87, in unpack
    return o.unpack(s)
struct.error: unpack requires a string argument of length 2

This is because the length of NTLMSSP data produced by JCIFS is 32 bytes.
The issue can be resolved by commenting out lines 228-242 in ntlm.py (r8).
These lines seem to be redundant anyway since they don't contribute to
parse_NTLM_CHALLENGE_MESSAGE() return value.

Attached is a packet capture file showing the message produced by JCIFS.

The attached file implements ntlm support for httplib.
Python 2.5

There is some code (e.g. ComputeResponse) which looks like unfinished NTLMv2 
support and which is never called. To get proper NTLMv2 responses 
ComputeResponse should be fixed to use TargetInfo from type1 messages, various 
functions should pass TargetInfo around and 
create_NTLM_AUTHENTICATE_MESSAGEcreate_NTLM_AUTHENTICATE_MESSAGE should call 
ComputeResponse (with proper Time). This is very least, probably more things 
need to be changed.

What steps will reproduce the problem?
1. Install python-ntlm library `python setup.py install`
2. Run script `ntlm_example_simple.exe`

What do you see?

> ImportError: No module named ntlm_examples.simple

What steps will reproduce the problem?
1. Use the example usage in HTTPNtlmAuthHandler.py, modify url, user, and
password as needed. url points to a asp session based server
2. modify the code to enable httplib debug
3. run it an watch how the session cookie is dropped.

What is the expected output? What do you see instead?
I expect the session cookie to be sent back to the server. It was not.


What version of the product are you using? On what operating system?
Unknown version...pulled from svn. Ubuntu 8.10, fully up-to-date.


Please provide any additional information below.

1. It seems you are looking in the wrong place for the headers in
HTTPNtlmAuthHandler.py, in retry_using_http_NTLM_auth. One of the arguments
to this method is 'headers', and this contains the headers, while
req.headers is always empty.

2. The capitalization is wrong for the Set-Cookie header in
retry_using_http_NTLM_auth. You have "set-cookie", it should be
"Set-Cookie" (or possibly be made case-insensitive).

 3. Also in retry_using_http_NTLM_auth, you convert the headers to a dict
using the dict object's constructor. The problem with this is that you can
only support one cookie this way. When the servers send you three cookies,
you get three Set-Cookie headers, but putting them in a dict in this way
you only get the last one in the dict. Also, you should probably be using
cookielib to handle the cookies.


I'm working on fixes for all of these for my own use. I can submit a patch
once they are ready if you want, but I'll be out next week, so I could not
provide until September.

Thanks.

In ntlm.py create_NTLM_NEGOTIATE_MESSAGE

WorkstationBufferOffset = BODY_LENGTH when Workstation is empty (len=0)
DomainNameBufferOffset = BODY_LENGTH+WorkstationBufferOffset when DomainName is 
empty

When Workstation or DomainName value is empty, their corresponding BufferOffset 
values should be 0. Otherwise, server can respond with BAD REQUEST status code 
(this happens all the time in my case with some third-party webservice).

Attached patch fixes this issue.

What steps will reproduce the problem?

1. I manually installed haslib 20081119 from 
http://code.krypto.org/python/hashlib/

Using OpenSSL version 0x0090802f from
 Headers:       /usr/include
 Library:       /usr/lib/libssl.so
running install
running build
running build_py
creating build
creating build/lib.linux-x86_64-2.4
copying hashlib.py -> build/lib.linux-x86_64-2.4
running build_ext
building '_hashlib' extension
creating build/temp.linux-x86_64-2.4
creating build/temp.linux-x86_64-2.4/Modules
gcc -pthread -fno-strict-aliasing -DNDEBUG -O2 -g -pipe -Wall 
-Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector 
--param=ssp-buffer-size=4 -m64 -mtune=generic -D_GNU_SOURCE -fPIC -fPIC 
-I/usr/include -I/usr/include/python2.4 -c Modules/_hashopenssl.c -o 
build/temp.linux-x86_64-2.4/Modules/_hashopenssl.o
gcc -pthread -shared build/temp.linux-x86_64-2.4/Modules/_hashopenssl.o 
-L/usr/lib -lssl -lcrypto -o build/lib.linux-x86_64-2.4/_hashlib.so
/usr/bin/ld: skipping incompatible /usr/lib/libssl.so when searching for -lssl
/usr/bin/ld: skipping incompatible /usr/lib/libssl.a when searching for -lssl
/usr/bin/ld: skipping incompatible /usr/lib/libcrypto.so when searching for 
-lcrypto
/usr/bin/ld: skipping incompatible /usr/lib/libcrypto.a when searching for 
-lcrypto
/usr/bin/ld: skipping incompatible /usr/lib/libpthread.so when searching for 
-lpthread
/usr/bin/ld: skipping incompatible /usr/lib/libpthread.a when searching for 
-lpthread
/usr/bin/ld: skipping incompatible /usr/lib/libc.so when searching for -lc
/usr/bin/ld: skipping incompatible /usr/lib/libc.a when searching for -lc
running install_lib
copying build/lib.linux-x86_64-2.4/hashlib.py -> 
python/lib64/python2.4/site-packages
copying build/lib.linux-x86_64-2.4/_hashlib.so -> 
python/lib64/python2.4/site-packages
byte-compiling python/lib64/python2.4/site-packages/hashlib.py to hashlib.pyc


2. I had to change the setup.py file to use the newer hashlib version. 
Installed python-ntlm without any issues. (by the way, setup installs the newer 
hashlib whether it's already in the PYTHONPATH or not). 

3. Ran the extended test script with small modifications

import urllib2
from urlparse import urlparse, urlunparse
from ntlm import HTTPNtlmAuthHandler

user = 'DOMAIN\login'
password = "****"
url = "http://server/"
# determine a base_uri for which the username and password can be used
# parsed_url = urlparse(url)
# base_uri = urlunparse((parsed_url[0],parsed_url[1],"","","",""))
base_uri = url

passman = urllib2.HTTPPasswordMgrWithDefaultRealm()
passman.add_password(None, base_uri, user, password)
# create the NTLM authentication handler
auth_NTLM = HTTPNtlmAuthHandler.HTTPNtlmAuthHandler(passman)

# other authentication handlers
auth_basic = urllib2.HTTPBasicAuthHandler(passman)
auth_digest = urllib2.HTTPDigestAuthHandler(passman)

# disable proxies (if you want to stay within the corporate network)
proxy_handler = urllib2.ProxyHandler({})

# create and install the opener
opener = urllib2.build_opener(proxy_handler, auth_NTLM, auth_digest, auth_basic)
urllib2.install_opener(opener)

# retrieve the result
response = urllib2.urlopen(url)
print(response.read())



What is the expected output? What do you see instead?

Traceback (most recent call last):
  File "./test_advanced.py", line 32, in ?
    response = urllib2.urlopen(url)
  File "/usr/lib64/python2.4/urllib2.py", line 130, in urlopen
    return _opener.open(url, data)
  File "/usr/lib64/python2.4/urllib2.py", line 364, in open
    response = meth(req, response)
  File "/usr/lib64/python2.4/urllib2.py", line 471, in http_response
    response = self.parent.error(
  File "/usr/lib64/python2.4/urllib2.py", line 396, in error
    result = self._call_chain(*args)
  File "/usr/lib64/python2.4/urllib2.py", line 337, in _call_chain
    result = func(*args)
  File "/usr/lib64/python2.4/urllib2.py", line 554, in http_error_302
    return self.parent.open(new)
  File "/usr/lib64/python2.4/urllib2.py", line 364, in open
    response = meth(req, response)
  File "/usr/lib64/python2.4/urllib2.py", line 471, in http_response
    response = self.parent.error(
  File "/usr/lib64/python2.4/urllib2.py", line 396, in error
    result = self._call_chain(*args)
  File "/usr/lib64/python2.4/urllib2.py", line 337, in _call_chain
    result = func(*args)
  File "/usr/lib64/python2.4/urllib2.py", line 916, in http_error_401
    host, req, headers)
  File "/usr/lib64/python2.4/urllib2.py", line 807, in http_error_auth_reqed
    raise ValueError("AbstractDigestAuthHandler doesn't know "
ValueError: AbstractDigestAuthHandler doesn't know about Negotiate,


What version of the product are you using? On what operating system?

Using the latest code from the site for python26.

Please provide any additional information below.



Thanks in advance. 

What steps will reproduce the problem?
1. Attempt to login with '[email protected]' (required for hosted exchange)
2. Initiate connection

Received Traceback:

  File "/home/red15/code/pyex/local/lib/python2.7/site-packages/ntlm/HTTPNtlmAuthHandler.py", line 72, in retry_using_http_NTLM_auth
    UserName = user_parts[1]
IndexError: list index out of range


What version of the product are you using? On what operating system?
(pip install ntlm) date June 12 2014

Please provide any additional information below.

It worked when I added following patch in HTTPNtlmAuthHandler.py

What steps will reproduce the problem?
1. Try to retrieve a ntlm secured url that redirects to a second url
2. Currently only the first response to the first url is retrieved
3. The response then needs to be processed to locate the second url

What is the expected output? What do you see instead?
I expect to see the reponse from the second url

License is LGPL according to homepage https://code.google.com/p/python-ntlm/

Committed changes to python26 and python30.

Purpose of code changes on this branch: Adding support for pass-the-hash 
authentication. This allows you to authenticate with users NTLM hash instead of 
password. This is useful for penetration testers.


When reviewing my code changes, please focus on: Make sure it doesn't break 
anything. Rather than allowing users to specify a hash or a password by adding 
a hash parameter, I just added a regex to the nt and lm hash generation 
functions that check if the password already looks like a hash 
`^[\w]{32}:[\w]{32}$`. I think this is acceptable, but I would be interested if 
anyone disagrees.

I apologize if I wasn't supposed to commit to trunk. I'm a git user and am not 
so proficient and svn. 

Implemented a IMAPNtlmAuthHandler class for using NTML with IMAP.

Example:

from imaplib import IMAP4
from ntlm.IMAPNtlmAuthHandler import IMAPNtlmAuthHandler

imap = IMAP4("my.imap.server")
imap.authenticate("NTLM", IMapNtlmAuthHandler(r"DOMAIN\username", "password"))

Notes:
* I moved the base64 encoding/decoding to the HTTPNtlmAuthHandler.py module
* I only did the change for 2.6, not 3.0

Using Python 3.4.1 with the latest version of the python30 directory as of July 
23, 2014. get_selector() and get_host() were deprecated in Python 3.3 and 
removed in 3.4, so HTTPNtlmAuthHandler throws an AttributeError. get_selector() 
should be replaced with request.selector and get_host() with request.host.

Please include SMTP NTLM support

What steps will reproduce the problem?
1. Try to authenticate to a server that sends WWW-Authenticate as follows:
send: 'GET /EWS/Services.wsdl HTTP/1.1\r\nAccept-Encoding: identity\r\nHost: 
mymail.qualcomm.com\r\nConnection: Keep-Alive\r\nAuthorization: NTLM 
TlRMTVNTUAABAAAAB7IIogIAAgAwAAAACAAIACgAAAAFASgKAAAAD09XTkVSLUhQTkE=\r\nUser-Age
nt: Python-urllib/2.7\r\n\r\n'

reply: 'HTTP/1.1 401 Unauthorized\r\n'

header: Server: Microsoft-IIS/7.5
header: WWW-Authenticate: NTLM 
TlRMTVNTUAACAAAABAAEADgAAAAFgomi3k7KRx+HGYQAAAAAAAAAALQAtAA8AAAABgGwHQAAAA9OAEEA
AgAEAE4AQQABABYATgBBAFMAQQBOAEUAWABIAEMAMAA0AAQAHgBuAGEALgBxAHUAYQBsAGMAbwBtAG0A
LgBjAG8AbQADADYAbgBhAHMAYQBuAGUAeABoAGMAMAA0AC4AbgBhAC4AcQB1AGEAbABjAG8AbQBtAC4A
YwBvAG0ABQAiAGMAbwByAHAALgBxAHUAYQBsAGMAbwBtAG0ALgBjAG8AbQAHAAgADXHouNLjzAEAAAAA
header: WWW-Authenticate: Negotiate
header: X-Powered-By: ASP.NET
header: Date: Sun, 05 Feb 2012 06:52:26 GMT
header: Content-Length: 0

2. httplib appends the two WWW-Authenticates into a comma delimited string like 
so:
getting request headers using r.getheader(auth_header_field, None) : NTLM 
TlRMTVNTUAACAAAABAAEADgAAAAFgomi3k7KRx+HGYQAAAAAAAAAALQAtAA8AAAABgGwHQAAAA9OAEEA
AgAEAE4AQQABABYATgBBAFMAQQBOAEUAWABIAEMAMAA0AAQAHgBuAGEALgBxAHUAYQBsAGMAbwBtAG0A
LgBjAG8AbQADADYAbgBhAHMAYQBuAGUAeABoAGMAMAA0AC4AbgBhAC4AcQB1AGEAbABjAG8AbQBtAC4A
YwBvAG0ABQAiAGMAbwByAHAALgBxAHUAYQBsAGMAbwBtAG0ALgBjAG8AbQAHAAgADXHouNLjzAEAAAAA
, Negotiate

3. This causes the parser to crash with the following message:
Traceback (most recent call last):
  File "app.py", line 39, in <module>
    response = urllib2.urlopen(url)
  File "C:\Python27\lib\urllib2.py", line 126, in urlopen
    return _opener.open(url, data, timeout)
  File "C:\Python27\lib\urllib2.py", line 397, in open
    response = meth(req, response)
  File "C:\Python27\lib\urllib2.py", line 510, in http_response
    'http', request, response, code, msg, hdrs)
  File "C:\Python27\lib\urllib2.py", line 429, in error
    result = self._call_chain(*args)
  File "C:\Python27\lib\urllib2.py", line 369, in _call_chain
    result = func(*args)
  File "C:\Python27\lib\site-packages\python_ntlm-1.0.1-py2.7.egg\ntlm\HTTPNtlmAuthHandler.py", line 116, in http_error_401
    return self.http_error_authentication_required('www-authenticate', req, fp, headers)
  File "C:\Python27\lib\site-packages\python_ntlm-1.0.1-py2.7.egg\ntlm\HTTPNtlmAuthHandler.py", line 35, in http_error_authentication_required
    return self.retry_using_http_NTLM_auth(req, auth_header_field, None, headers)
  File "C:\Python27\lib\site-packages\python_ntlm-1.0.1-py2.7.egg\ntlm\HTTPNtlmAuthHandler.py", line 86, in retry_using_http_NTLM_auth
    (ServerChallenge, NegotiateFlags) = ntlm.parse_NTLM_CHALLENGE_MESSAGE(auth_header_value[5:])
  File "C:\Python27\lib\site-packages\python_ntlm-1.0.1-py2.7.egg\ntlm\ntlm.py", line 217, in parse_NTLM_CHALLENGE_MESSAGE
    msg2 = base64.decodestring(msg2)
  File "C:\Python27\lib\base64.py", line 321, in decodestring
    return binascii.a2b_base64(s)
binascii.Error: Incorrect padding

What is the expected output? What do you see instead?
Transaction should abstract out any glitches like multiple headers

What version of the product are you using? On what operating system?
ntlm-1.0.1 python26 branch. OS: Win7. Python Version 2.7.1

Please provide any additional information below.
Diff for the FIX that I have made included. Please review and add into the code.

in the function create_NTLM_NEGOTIATE_MESSAGE of ntml.py, you split the user 
into parts and then take the first part as the domain.

eg:

DOMAIN\username is split into DOMAIN and username.

However, when the user string has no domain (eg on my Mac), there is only 1 
part which contains the user name.

eg

username splits into username

so username is taken as the domain name, which is not correct ;-)

[deleted issue]

I'm using python-ntlm with python-suds as shown on this blog post:

http://cbess.blogspot.com/2009/01/python-suds-with-windows-
authentication.html

When I do that however, as soon as the SUDS code tries to read cookies 
from the request, I get an error saying that the request has no 'info' 
attribute. Comparing the source to the urllib2.AbstractHTTPHandler.do_open 
code, it looks like the retry_using_http_NTLM_auth needs to be augmented a 
bit to return the same types of responses as other urllib2 handlers.

I've modified my copy of transport.py as follows and it seems to work well:

            try:
                h.request(req.get_method(), req.get_selector(), req.data, 
headers)
                # none of the configured handlers are triggered, for 
example redirect-responses are not handled!
                r = h.getresponse()

                # copied from urllib2.AbstractHTTPHandler.do_open
                r.recv = r.read
                fp = socket._fileobject(r, close=True)

                from urllib import addinfourl
                resp = addinfourl(fp, r.msg, req.get_full_url())
                resp.code = r.status
                resp.msg = r.reason
                return resp

Please let me know if there is anything else I should include in the bug 
report.

Thanks! Michael

Hi. According to the homepage, this library is Python 3 compatible. However if 
you try to install it from PyPI eg. with the command `pip install python-ntlm` 
then installation fails with syntax errors (print function missing brackets and 
so on).

The problem is the package at https://pypi.python.org/pypi/python-ntlm has only 
works on Python 2 AND has no compatibility information in its metadata.

Please upload a Python 3 compatible package to PyPI. You could have one package 
that's compatible with both Python 2 and 3, or two separate packages, so long 
as you set the version metadata appropriately.

Thanks. This would be really appreciated. 
-Matt