[Pidgin] #2910: NTLM proxy authorization broken
Pidgin
trac at pidgin.im
Tue Sep 4 03:47:41 EDT 2007
#2910: NTLM proxy authorization broken
------------------------+---------------------------------------------------
Reporter: thecrux | Owner:
Type: defect | Status: new
Priority: minor | Milestone: 2.2.0
Component: libpurple | Version: 2.1.1
Resolution: | Keywords: ntlm
Pending: 0 |
------------------------+---------------------------------------------------
Comment (by thecrux):
Replying to [comment:1 datallah]:
> It seems to me that it should only be using the SSPI on windows when
using "environmental" proxy settings; if there is a specific configuration
specified, it should use that instead.
Ok. I modified patch.
But there is a issue with authorization: pidgin send both Basic and NTLM
auth scheme header without knowing what type of authorization proxy
required. This is not good. Firstly pidgin must send request without auth
stuff, and after discover what type of authorization scheme supported by
proxy choose a most stronger type.
This is not simple to implement, because proxy close connection after
sending 407 error and we must init new connection with correct proxy-
authorization header. Design of code in libpurple/proxy.c does not provide
several connections, all authorization negotiation must be within only one
connection session.
For example, if proxy server squid configured to accept only ntlm auth, it
will write error in logs about unknown basic auth and will not accept
connection (even if NTLM auth header exist in pidgins request, but set
after basic).
--
Ticket URL: <http://developer.pidgin.im/ticket/2910#comment:2>
Pidgin <http://pidgin.im>
Pidgin
More information about the Tracker
mailing list