[Pidgin] #2910: NTLM proxy authorization broken

Pidgin trac at pidgin.im
Tue Sep 4 03:47:41 EDT 2007


#2910: NTLM proxy authorization broken
------------------------+---------------------------------------------------
  Reporter:  thecrux    |       Owner:       
      Type:  defect     |      Status:  new  
  Priority:  minor      |   Milestone:  2.2.0
 Component:  libpurple  |     Version:  2.1.1
Resolution:             |    Keywords:  ntlm 
   Pending:  0          |  
------------------------+---------------------------------------------------
Comment (by thecrux):

 Replying to [comment:1 datallah]:
 > It seems to me that it should only be using the SSPI on windows when
 using "environmental" proxy settings; if there is a specific configuration
 specified, it should use that instead.

 Ok. I modified patch.

 But there is a issue with authorization: pidgin send both Basic and NTLM
 auth scheme header without knowing what type of authorization proxy
 required. This is not good. Firstly pidgin must send request without auth
 stuff, and after discover what type of authorization scheme supported by
 proxy choose a most stronger type.
 This is not simple to implement, because proxy close connection after
 sending 407 error and we must init new connection with correct proxy-
 authorization header. Design of code in libpurple/proxy.c does not provide
 several connections, all authorization negotiation must be within only one
 connection session.

 For example, if proxy server squid configured to accept only ntlm auth, it
 will write error in logs about unknown basic auth and will not accept
 connection (even if NTLM auth header exist in pidgins request, but set
 after basic).

-- 
Ticket URL: <http://developer.pidgin.im/ticket/2910#comment:2>
Pidgin <http://pidgin.im>
Pidgin


More information about the Tracker mailing list