[Pidgin] #2910: NTLM proxy authorization broken

Sun Sep 2 11:44:18 EDT 2007

#2910: NTLM proxy authorization broken
-----------------------+----------------------------------------------------
 Reporter:  thecrux    |       Type:  defect
   Status:  new        |   Priority:  minor 
Component:  libpurple  |    Version:  2.1.1 
 Keywords:  ntlm       |    Pending:  0     
-----------------------+----------------------------------------------------
 we have a proxy server Squid with ntlm authorization.

 1. It seems that pidgin cant authorizate via proxy, because of wrong NTLM
 flags used in NTLMSSP header that pidgin sent to proxy.

 From http://davenport.sourceforge.net/ntlm.html#theNtlmFlags :
 Negotiate Unicode (0x00000001) - The client sets this flag to indicate
 that it supports Unicode strings.

 This flag is set to 0 in all NTLMSSP headers, that pidgin send. So proxy
 read all strings as a 8bit strings, but they are unicode.

 2. Also, pidgin send wrong workstation name (insead of hostname it used
 proxy name).

 3. On windows platform pidgin can use SSPI service to transparently
 authorizate user (dont need to ask username and password)
 http://davenport.sourceforge.net/ntlm.html#ntlmsspAndSspi

-- 
Ticket URL: <http://developer.pidgin.im/ticket/2910>
Pidgin <http://pidgin.im>
Pidgin