python-ntlm - Project Hosting on Google Code

Last 30 days Dec 17, 2009 issue 16 (response objects have no code, msg properties) commented on by mischko.scott - Sorry. What I get is "AttributeError: addinfourl instance has no attribute 'code'" and "AttributeError: addinfourl instance has no attribute 'msg'" Sorry. What I get is "AttributeError: addinfourl instance has no attribute 'code'" and "AttributeError: addinfourl instance has no attribute 'msg'" Dec 17, 2009 issue 16 (response objects have no code, msg properties) reported by mischko.scott - What steps will reproduce the problem? 1. get a response using NTLM library 2. print response.code 3. print response.msg What is the expected output? What do you see instead? expected the response message, i.e. 'OK' expected the response code, i.e. 200 What version of the product are you using? On what operating system? revision 77. Python 2.4. Linux RHEL 4.6 Please provide any additional information below. What steps will reproduce the problem? 1. get a response using NTLM library 2. print response.code 3. print response.msg What is the expected output? What do you see instead? expected the response message, i.e. 'OK' expected the response code, i.e. 200 What version of the product are you using? On what operating system? revision 77. Python 2.4. Linux RHEL 4.6 Please provide any additional information below. Dec 08, 2009 issue 14 (SMTP Auth) commented on by bernt.brenna - I implemented this. A patch is attached. Needs the patch from issue #15 applied first. Example: from ntlm.smtp import ntlm_authenticate import smtplib smtp = smtplib.SMTP("my.smtp.server") smtp.ehlo() ntlm_authenticate(smtp, r"DOMAIN\username", "password") I implemented this. A patch is attached. Needs the patch from issue #15 applied first. Example: from ntlm.smtp import ntlm_authenticate import smtplib smtp = smtplib.SMTP("my.smtp.server") smtp.ehlo() ntlm_authenticate(smtp, r"DOMAIN\username", "password") Dec 08, 2009 issue 14 (SMTP Auth) commented on by bernt.brenna - I implemented this. A patch is attached. Needs the patch from issue #15 applied first. Example: from ntlm.smtp import ntlm_authenticate import smtplib smtp = smtplib.SMTP("my.smtp.server") smtp.ehlo() ntlm_authenticate(smtp, r"DOMAIN\username", "password") I implemented this. A patch is attached. Needs the patch from issue #15 applied first. Example: from ntlm.smtp import ntlm_authenticate import smtplib smtp = smtplib.SMTP("my.smtp.server") smtp.ehlo() ntlm_authenticate(smtp, r"DOMAIN\username", "password") Dec 08, 2009 issue 15 (Patch that adds IMAP NTLM authentication) commented on by bernt.brenna - The patch needs a patch... Forgot an import in HTTPNtlmAuthHandler.py: diff --git a/HTTPNtlmAuthHandler.py b/HTTPNtlmAuthHandler.py index 6983c48..22c3d70 100644 --- a/HTTPNtlmAuthHandler.py +++ b/HTTPNtlmAuthHandler.py @@ -16,6 +16,7 @@ import base64 import httplib, socket from urllib import addinfourl import ntlm +import string class AbstractNtlmAuthHandler: def __init__(self, password_mgr=None, debuglevel=0): The patch needs a patch... Forgot an import in HTTPNtlmAuthHandler.py: diff --git a/HTTPNtlmAuthHandler.py b/HTTPNtlmAuthHandler.py index 6983c48..22c3d70 100644 --- a/HTTPNtlmAuthHandler.py +++ b/HTTPNtlmAuthHandler.py @@ -16,6 +16,7 @@ import base64 import httplib, socket from urllib import addinfourl import ntlm +import string class AbstractNtlmAuthHandler: def __init__(self, password_mgr=None, debuglevel=0): Dec 08, 2009 issue 15 (Patch that adds IMAP NTLM authentication) commented on by bernt.brenna - Forgot to set type when submitting. Should be Type-Enhancement. Don't know how to edit that. Project admin: Please edit the issue type. Forgot to set type when submitting. Should be Type-Enhancement. Don't know how to edit that. Project admin: Please edit the issue type. Dec 08, 2009 issue 15 (Patch that adds IMAP NTLM authentication) reported by bernt.brenna - Implemented a IMAPNtlmAuthHandler class for using NTML with IMAP. Example: from imaplib import IMAP4 from ntlm.IMAPNtlmAuthHandler import IMAPNtlmAuthHandler imap = IMAP4("my.imap.server") imap.authenticate("NTLM", IMapNtlmAuthHandler(r"DOMAIN\username", "password")) Notes: * I moved the base64 encoding/decoding to the HTTPNtlmAuthHandler.py module * I only did the change for 2.6, not 3.0 Implemented a IMAPNtlmAuthHandler class for using NTML with IMAP. Example: from imaplib import IMAP4 from ntlm.IMAPNtlmAuthHandler import IMAPNtlmAuthHandler imap = IMAP4("my.imap.server") imap.authenticate("NTLM", IMapNtlmAuthHandler(r"DOMAIN\username", "password")) Notes: * I moved the base64 encoding/decoding to the HTTPNtlmAuthHandler.py module * I only did the change for 2.6, not 3.0 Earlier this year Nov 12, 2009 issue 14 (SMTP Auth) reported by jbochi - Please include SMTP NTLM support Please include SMTP NTLM support Nov 01, 2009 issue 13 (Bug: HTTPPasswordMgr is not defined) reported by andres.riancho - class AbstractNtlmAuthHandler: def __init__(self, password_mgr=None, debuglevel=0): if password_mgr is None: password_mgr = HTTPPasswordMgr() class AbstractNtlmAuthHandler: def __init__(self, password_mgr=None, debuglevel=0): if password_mgr is None: password_mgr = HTTPPasswordMgr() Oct 29, 2009 issue 12 (Local (none Domain Accounts) can not be used) reported by scottwater - I noticed I could not use python-ntml for user accounts which existed on the server but not in active directory. Line #72 in HTTPNtlmAuthHandler.py tries to access the second item in the user_parts list. However, in my situation the list only had one item since there was no domain to be specified. The fix appears to be pretty simple and in testing on my own system is working really well. Change line #72 from: UserName = user_parts[1] to: UserName = len(user_parts) > 1 and user_parts[1] or user_parts[0] I noticed I could not use python-ntml for user accounts which existed on the server but not in active directory. Line #72 in HTTPNtlmAuthHandler.py tries to access the second item in the user_parts list. However, in my situation the list only had one item since there was no domain to be specified. The fix appears to be pretty simple and in testing on my own system is working really well. Change line #72 from: UserName = user_parts[1] to: UserName = len(user_parts) > 1 and user_parts[1] or user_parts[0] Oct 16, 2009 issue 11 (Missing support for set_http_debuglevel) Status changed by Matthijs.Mullender - Closed in r77 Status: Fixed Closed in r77 Status: Fixed Oct 16, 2009 issue 11 (Missing support for set_http_debuglevel) commented on by Matthijs.Mullender - Your patch was received and will be added to the repository. I removed the specific author information from the file itself (because I do not want to list all contributors in the source code), but will make sure to credit you in the commit message. I hope this is acceptable. Matthijs Your patch was received and will be added to the repository. I removed the specific author information from the file itself (because I do not want to list all contributors in the source code), but will make sure to credit you in the commit message. I hope this is acceptable. Matthijs Oct 16, 2009 r77 (closes #11 "Missing support for set_http_debuglevel" Contri...) committed by Matthijs.Mullender - closes #11 "Missing support for set_http_debuglevel" Contribution by Jakub Tomany HTTP debuging enabled by implementing set_http_debuglevel method Author: Jakub Tomany Date: 14.10.2009 Keyword: set_http_debuglevel closes #11 "Missing support for set_http_debuglevel" Contribution by Jakub Tomany HTTP debuging enabled by implementing set_http_debuglevel method Author: Jakub Tomany Date: 14.10.2009 Keyword: set_http_debuglevel Oct 16, 2009 issue 11 (Missing support for set_http_debuglevel) commented on by jakub.tomany - Sollution sent (hope to the right recipient). I see "attach file" on this screen just now, so I attach the sollution right here (and I'm sorry for bothering through email) changed file: HTTPNtlmAuthHandler.py changes are commented with the keyword "set_http_debuglevel" Jakub Sollution sent (hope to the right recipient). I see "attach file" on this screen just now, so I attach the sollution right here (and I'm sorry for bothering through email) changed file: HTTPNtlmAuthHandler.py changes are commented with the keyword "set_http_debuglevel" Jakub Oct 16, 2009 issue 11 (Missing support for set_http_debuglevel) Status changed by Matthijs.Mullender - Status: Accepted Status: Accepted Oct 16, 2009 issue 11 (Missing support for set_http_debuglevel) Owner changed by Matthijs.Mullender - Jakob, Thank you for subitting the bug report, the issue list is the way to go. Can you supply the patch you created, so I can integrate it into the codebase? Matthijs Owner: Matthijs.Mullender Jakob, Thank you for subitting the bug report, the issue list is the way to go. Can you supply the patch you created, so I can integrate it into the codebase? Matthijs Owner: Matthijs.Mullender Oct 14, 2009 issue 11 (Missing support for set_http_debuglevel) reported by jakub.to...@seznam.cz - What steps will reproduce the problem? - try to set_http_debuglevel(100) on HTTPNtlmAuthHandler like following: import urllib2 from ntlm import HTTPNtlmAuthHandler passman = urllib2.HTTPPasswordMgrWithDefaultRealm() # set url, user and password with the right values auth_NTLM = HTTPNtlmAuthHandler.HTTPNtlmAuthHandler(passman) opener = urllib2.build_opener(auth_NTLM) # suppose opener.handlers[6] is instance of # ntlm.HTTPNtlmAuthHandler.HTTPNtlmAuthHandler opener.handlers[6].set_http_debuglevel(100) What is the expected output? - You can watch the client-server communication The set_http_debuglevel method in AbstractNtlmAuthHandler class is missing. I implemented it so I can supply my sollution. I think, this can be really useful when developing. I'm new in code.google.com so I'm not sure, if this issue-action is the right way to contact project owner. If it's not excuse me please. What steps will reproduce the problem? - try to set_http_debuglevel(100) on HTTPNtlmAuthHandler like following: import urllib2 from ntlm import HTTPNtlmAuthHandler passman = urllib2.HTTPPasswordMgrWithDefaultRealm() # set url, user and password with the right values auth_NTLM = HTTPNtlmAuthHandler.HTTPNtlmAuthHandler(passman) opener = urllib2.build_opener(auth_NTLM) # suppose opener.handlers[6] is instance of # ntlm.HTTPNtlmAuthHandler.HTTPNtlmAuthHandler opener.handlers[6].set_http_debuglevel(100) What is the expected output? - You can watch the client-server communication The set_http_debuglevel method in AbstractNtlmAuthHandler class is missing. I implemented it so I can supply my sollution. I think, this can be really useful when developing. I'm new in code.google.com so I'm not sure, if this issue-action is the right way to contact project owner. If it's not excuse me please. Aug 20, 2009 issue 10 (Cookie handling is borked) commented on by Matthijs.Mullender - Thank you for reporting and looking into this bug. If you come up with solutions along the line you are suggesting I will be glad to include them into the repository. Thank you for reporting and looking into this bug. If you come up with solutions along the line you are suggesting I will be glad to include them into the repository. Aug 20, 2009 issue 10 (Cookie handling is borked) reported by scherbi - What steps will reproduce the problem? 1. Use the example usage in HTTPNtlmAuthHandler.py, modify url, user, and password as needed. url points to a asp session based server 2. modify the code to enable httplib debug 3. run it an watch how the session cookie is dropped. What is the expected output? What do you see instead? I expect the session cookie to be sent back to the server. It was not. What version of the product are you using? On what operating system? Unknown version...pulled from svn. Ubuntu 8.10, fully up-to-date. Please provide any additional information below. 1. It seems you are looking in the wrong place for the headers in HTTPNtlmAuthHandler.py, in retry_using_http_NTLM_auth. One of the arguments to this method is 'headers', and this contains the headers, while req.headers is always empty. 2. The capitalization is wrong for the Set-Cookie header in retry_using_http_NTLM_auth. You have "set-cookie", it should be "Set-Cookie" (or possibly be made case-insensitive). 3. Also in retry_using_http_NTLM_auth, you convert the headers to a dict using the dict object's constructor. The problem with this is that you can only support one cookie this way. When the servers send you three cookies, you get three Set-Cookie headers, but putting them in a dict in this way you only get the last one in the dict. Also, you should probably be using cookielib to handle the cookies. I'm working on fixes for all of these for my own use. I can submit a patch once they are ready if you want, but I'll be out next week, so I could not provide until September. Thanks. What steps will reproduce the problem? 1. Use the example usage in HTTPNtlmAuthHandler.py, modify url, user, and password as needed. url points to a asp session based server 2. modify the code to enable httplib debug 3. run it an watch how the session cookie is dropped. What is the expected output? What do you see instead? I expect the session cookie to be sent back to the server. It was not. What version of the product are you using? On what operating system? Unknown version...pulled from svn. Ubuntu 8.10, fully up-to-date. Please provide any additional information below. 1. It seems you are looking in the wrong place for the headers in HTTPNtlmAuthHandler.py, in retry_using_http_NTLM_auth. One of the arguments to this method is 'headers', and this contains the headers, while req.headers is always empty. 2. The capitalization is wrong for the Set-Cookie header in retry_using_http_NTLM_auth. You have "set-cookie", it should be "Set-Cookie" (or possibly be made case-insensitive). 3. Also in retry_using_http_NTLM_auth, you convert the headers to a dict using the dict object's constructor. The problem with this is that you can only support one cookie this way. When the servers send you three cookies, you get three Set-Cookie headers, but putting them in a dict in this way you only get the last one in the dict. Also, you should probably be using cookielib to handle the cookies. I'm working on fixes for all of these for my own use. I can submit a patch once they are ready if you want, but I'll be out next week, so I could not provide until September. Thanks. Jul 15, 2009 issue 9 (handler doesn't verify www-authenticate exists) Status changed by Matthijs.Mullender - Status: Fixed Status: Fixed Jul 15, 2009 r76 (closes issue 9: New issue 9 by j.nick.terry: handler doesn't...) committed by Matthijs.Mullender - closes issue 9 : New issue 9 by j.nick.terry: handler doesn't verify www-authenticate exists http://code.google.com/p/python-ntlm/issues/detail?id=9 I'm at trying to authenticate with a server that uses NTLM. However it doesn't set the www-authenticate header. The handler assumes this value exists and tries set it to lower. Since the server doesn't return that header, python throws an exception about None not having a lower method. Traceback (most recent call last): File "nyquist_scrape.py", line 24, in <module> response = urllib2.urlopen(url) File "/usr/lib/python2.5/urllib2.py", line 124, in urlopen return _opener.open(url, data) File "/usr/lib/python2.5/urllib2.py", line 387, in open response = meth(req, response) File "/usr/lib/python2.5/urllib2.py", line 498, in http_response 'http', request, response, code, msg, hdrs) File "/usr/lib/python2.5/urllib2.py", line 419, in error result = self._call_chain(args) File "/usr/lib/python2.5/urllib2.py", line 360, in _call_chain result = func(args) File "/home/nickte/test/moderation/ntlm/HTTPNtlmAuthHandler.py", line 92, in http_error_401 return self.http_error_authentication_required('www-authenticate', req, fp, headers) File "/home/nickte/test/moderation/ntlm/HTTPNtlmAuthHandler.py", line 30, in http_error_authentication_required if 'ntlm' in auth_header_value.lower(): AttributeError: 'NoneType' object has no attribute 'lower' closes issue 9 : New issue 9 by j.nick.terry: handler doesn't verify www-authenticate exists http://code.google.com/p/python-ntlm/issues/detail?id=9 I'm at trying to authenticate with a server that uses NTLM. However it doesn't set the www-authenticate header. The handler assumes this value exists and tries set it to lower. Since the server doesn't return that header, python throws an exception about None not having a lower method. Traceback (most recent call last): File "nyquist_scrape.py", line 24, in <module> response = urllib2.urlopen(url) File "/usr/lib/python2.5/urllib2.py", line 124, in urlopen return _opener.open(url, data) File "/usr/lib/python2.5/urllib2.py", line 387, in open response = meth(req, response) File "/usr/lib/python2.5/urllib2.py", line 498, in http_response 'http', request, response, code, msg, hdrs) File "/usr/lib/python2.5/urllib2.py", line 419, in error result = self._call_chain(args) File "/usr/lib/python2.5/urllib2.py", line 360, in _call_chain result = func(args) File "/home/nickte/test/moderation/ntlm/HTTPNtlmAuthHandler.py", line 92, in http_error_401 return self.http_error_authentication_required('www-authenticate', req, fp, headers) File "/home/nickte/test/moderation/ntlm/HTTPNtlmAuthHandler.py", line 30, in http_error_authentication_required if 'ntlm' in auth_header_value.lower(): AttributeError: 'NoneType' object has no attribute 'lower' Jul 15, 2009 r75 (moving example and setup files to better location) committed by Matthijs.Mullender - moving example and setup files to better location moving example and setup files to better location Jul 15, 2009 issue 9 (handler doesn't verify www-authenticate exists) reported by j.nick.terry - I'm at trying to authenticate with a server that uses NTLM. However it doesn't set the www-authenticate header. The handler assumes this value exists and tries set it to lower. Since the server doesn't return that header, python throws an exception about None not having a lower method. Traceback (most recent call last): File "nyquist_scrape.py", line 24, in <module> response = urllib2.urlopen(url) File "/usr/lib/python2.5/urllib2.py", line 124, in urlopen return _opener.open(url, data) File "/usr/lib/python2.5/urllib2.py", line 387, in open response = meth(req, response) File "/usr/lib/python2.5/urllib2.py", line 498, in http_response 'http', request, response, code, msg, hdrs) File "/usr/lib/python2.5/urllib2.py", line 419, in error result = self._call_chain(args) File "/usr/lib/python2.5/urllib2.py", line 360, in _call_chain result = func(args) File "/home/nickte/test/moderation/ntlm/HTTPNtlmAuthHandler.py", line 92, in http_error_401 return self.http_error_authentication_required('www-authenticate', req, fp, headers) File "/home/nickte/test/moderation/ntlm/HTTPNtlmAuthHandler.py", line 30, in http_error_authentication_required if 'ntlm' in auth_header_value.lower(): AttributeError: 'NoneType' object has no attribute 'lower' I'm at trying to authenticate with a server that uses NTLM. However it doesn't set the www-authenticate header. The handler assumes this value exists and tries set it to lower. Since the server doesn't return that header, python throws an exception about None not having a lower method. Traceback (most recent call last): File "nyquist_scrape.py", line 24, in <module> response = urllib2.urlopen(url) File "/usr/lib/python2.5/urllib2.py", line 124, in urlopen return _opener.open(url, data) File "/usr/lib/python2.5/urllib2.py", line 387, in open response = meth(req, response) File "/usr/lib/python2.5/urllib2.py", line 498, in http_response 'http', request, response, code, msg, hdrs) File "/usr/lib/python2.5/urllib2.py", line 419, in error result = self._call_chain(args) File "/usr/lib/python2.5/urllib2.py", line 360, in _call_chain result = func(args) File "/home/nickte/test/moderation/ntlm/HTTPNtlmAuthHandler.py", line 92, in http_error_401 return self.http_error_authentication_required('www-authenticate', req, fp, headers) File "/home/nickte/test/moderation/ntlm/HTTPNtlmAuthHandler.py", line 30, in http_error_authentication_required if 'ntlm' in auth_header_value.lower(): AttributeError: 'NoneType' object has no attribute 'lower' Jul 15, 2009 r74 (Patch provided by Salim Fadhley modifications to the project...) committed by Matthijs.Mullender - Patch provided by Salim Fadhley modifications to the project: * It can be built as an egg file (with setuptools) * It now works on Python 2.4 (if you can get Hashlib with MD4 support) * Examples are now done as entry points without passwords saved, so people can test the library as soon as they install it. Patch provided by Salim Fadhley modifications to the project: * It can be built as an egg file (with setuptools) * It now works on Python 2.4 (if you can get Hashlib with MD4 support) * Examples are now done as entry points without passwords saved, so people can test the library as soon as they install it. Mar 23, 2009 issue 4 (Support NTLM server-side) commented on by duncancbennett - In reference to David's comment above, I'll try to give a bit more detail. When I was writing the code, my goal all along was to get python using NTLM in a windows environment. An issue which I kept deferring was the connection to the Domain Controller. When I eventually looked into this, it became clear that I would need access to NetLogon (which would envolve a lot more work). After further investigation I discovered that in Windows I should just have been using python-win32 in any case. If all you want is an easy way to get single-sign on for IE clients under unix, then the code already handles this. However NTLMClientServer.create_session_keys(...) is not implemented so signing and sealing is not supported. The branch contains a sample server, which implements the required NTLMServerBase class methods in a very simple way. As David says, you'll need to work out how you'll access client names passwords and pass this information through from within the "get_authenticated_response" method of "NTLMServerBase". In reference to David's comment above, I'll try to give a bit more detail. When I was writing the code, my goal all along was to get python using NTLM in a windows environment. An issue which I kept deferring was the connection to the Domain Controller. When I eventually looked into this, it became clear that I would need access to NetLogon (which would envolve a lot more work). After further investigation I discovered that in Windows I should just have been using python-win32 in any case. If all you want is an easy way to get single-sign on for IE clients under unix, then the code already handles this. However NTLMClientServer.create_session_keys(...) is not implemented so signing and sealing is not supported. The branch contains a sample server, which implements the required NTLMServerBase class methods in a very simple way. As David says, you'll need to work out how you'll access client names passwords and pass this information through from within the "get_authenticated_response" method of "NTLMServerBase". Mar 23, 2009 issue 4 (Support NTLM server-side) commented on by dav...@sjsoft.com - The current code merely provides an HTTP authentication mechanism that verifies a hash of a password for a given user. You need to store the username and password locally for the Python server to access - it can't pass the authentication details through to the Windows domain controller to verify, which is what you can accomplish using the sspi code (this is because we only receive a hash of the password, and haven't implemented the protocol you need to talk to the domain controller). So you can provide what appears to be seamless single sign on, but only by duplicating the windows usernames and passwords in a config file for python. As far as I can see this seems to be what jcifs is doing as well, but it's probably integrating with SAMBA rather than the Windows domain controller, and I haven't looked at it in detail. I hope that makes sense - duncancbennett knows more of the details. The current code merely provides an HTTP authentication mechanism that verifies a hash of a password for a given user. You need to store the username and password locally for the Python server to access - it can't pass the authentication details through to the Windows domain controller to verify, which is what you can accomplish using the sspi code (this is because we only receive a hash of the password, and haven't implemented the protocol you need to talk to the domain controller). So you can provide what appears to be seamless single sign on, but only by duplicating the windows usernames and passwords in a config file for python. As far as I can see this seems to be what jcifs is doing as well, but it's probably integrating with SAMBA rather than the Windows domain controller, and I haven't looked at it in detail. I hope that makes sense - duncancbennett knows more of the details. Mar 21, 2009 issue 4 (Support NTLM server-side) commented on by alok.bisani - David, Can you please explain what features the server-side NTLM layer provides? Also, can you please elaborate on what the comment "not integrate with a Windows Domain Controller to provide single sign on" mean? Does it mean that a website running Python server using python-ntlm branch code, on an IE client will not provide seamless (without a username/password login box) authentication? The CIFS Java library (http://jcifs.samba.org/) does provide seamless authentication. Is something similar possible in (pure?) Python? David, Can you please explain what features the server-side NTLM layer provides? Also, can you please elaborate on what the comment "not integrate with a Windows Domain Controller to provide single sign on" mean? Does it mean that a website running Python server using python-ntlm branch code, on an IE client will not provide seamless (without a username/password login box) authentication? The CIFS Java library (http://jcifs.samba.org/) does provide seamless authentication. Is something similar possible in (pure?) Python? Mar 17, 2009 issue 4 (Support NTLM server-side) commented on by dav...@sjsoft.com - Re comment 12: For Unices, the implementation in this branch successfully provides a server-side NTLM layer. However it will not integrate with a Windows Domain Controller to provide single sign on. Re comment 12: For Unices, the implementation in this branch successfully provides a server-side NTLM layer. However it will not integrate with a Windows Domain Controller to provide single sign on. Mar 16, 2009 issue 4 (Support NTLM server-side) commented on by duncancbennett - I'm not aware of one but I'm only expecting to need to send NTLM server side messages from a windows machine. I'm not aware of one but I'm only expecting to need to send NTLM server side messages from a windows machine. Mar 13, 2009 issue 4 (Support NTLM server-side) commented on by alok.bisani - But what about Unices? Is there an equivalent for sspi on say Linux? But what about Unices? Is there an equivalent for sspi on say Linux? Mar 13, 2009 issue 4 (Support NTLM server-side) commented on by duncancbennett - I've just discovered that python-win32 already handles NTLM, which makes what's been done so far redundant. Especially since I've not yet resolved how to access the Domain Controller using NetLogon. So if you've read this far don't make my mistake :) Take a look at sspi.ServerAuth in python-win32. If you download the source code you'll find a simple NTLM implementation in win32/Demos/security/sspi/socket_server.py I've just discovered that python-win32 already handles NTLM, which makes what's been done so far redundant. Especially since I've not yet resolved how to access the Domain Controller using NetLogon. So if you've read this far don't make my mistake :) Take a look at sspi.ServerAuth in python-win32. If you download the source code you'll find a simple NTLM implementation in win32/Demos/security/sspi/socket_server.py Mar 10, 2009 r73 (When create_session_keys is implemented, the server will ne...) committed by duncancbennett - When create_session_keys is implemented, the server will need to keep track of keys by user and domain When create_session_keys is implemented, the server will need to keep track of keys by user and domain Mar 10, 2009 r72 (Changes needed to handle new NTLMClientServer behaviour) committed by duncancbennett - Changes needed to handle new NTLMClientServer behaviour Changes needed to handle new NTLMClientServer behaviour Mar 10, 2009 r71 (Reorganise NTLMClientServer classes return user details afte...) committed by duncancbennett - Reorganise NTLMClientServer classes return user details after authentication Reorganise NTLMClientServer classes return user details after authentication Mar 05, 2009 r70 (Tidy things up a bit) committed by duncancbennett - Tidy things up a bit Tidy things up a bit Mar 05, 2009 issue 4 (Support NTLM server-side) commented on by duncancbennett - Oh and I should add that the current server implementation does not yet generate session keys. At the moment I'm specifically focusing on the case of a connection oriented NTLM over HTTP server implementation with no signing or sealing of messages. Oh and I should add that the current server implementation does not yet generate session keys. At the moment I'm specifically focusing on the case of a connection oriented NTLM over HTTP server implementation with no signing or sealing of messages. Mar 05, 2009 issue 4 (Support NTLM server-side) commented on by duncancbennett - I will have to look into integration into Django and other webframeworks. At the moment, I've only built the simple cherrypy example and I'm looking into integrating the NTLMServerBase class into our own code. However, I don't want to make the mistake of assuming that the current NTLMServerBase class fits all cases only to land up reintegrating a series of changes later on. So I'll take a look at Django and see how things work. Also any comments or suggested improvements are more than welcome. I will have to look into integration into Django and other webframeworks. At the moment, I've only built the simple cherrypy example and I'm looking into integrating the NTLMServerBase class into our own code. However, I don't want to make the mistake of assuming that the current NTLMServerBase class fits all cases only to land up reintegrating a series of changes later on. So I'll take a look at Django and see how things work. Also any comments or suggested improvements are more than welcome. Mar 05, 2009 r69 (Change class names) committed by duncancbennett - Change class names Change class names Mar 04, 2009 issue 4 (Support NTLM server-side) commented on by alok.bisani - How easily can this be integrated into webframeworks like Django, Trac and others? How easily can this be integrated into webframeworks like Django, Trac and others? Mar 04, 2009 r68 (Set TestPage to display ntlm username and domain) committed by dav...@sjsoft.com - Set TestPage to display ntlm username and domain Set TestPage to display ntlm username and domain Mar 04, 2009 r67 (Use sessions to track NTLM authentication, rather than IP ad...) committed by dav...@sjsoft.com - Use sessions to track NTLM authentication, rather than IP address etc (fix to r59) Use sessions to track NTLM authentication, rather than IP address etc (fix to r59) Mar 04, 2009 r66 (Cleaning up to use alphabetical order, removing extraneous c...) committed by dav...@sjsoft.com - Cleaning up to use alphabetical order, removing extraneous commented code Cleaning up to use alphabetical order, removing extraneous commented code Mar 04, 2009 r65 (Added option to set hostname to listen on) committed by dav...@sjsoft.com - Added option to set hostname to listen on Added option to set hostname to listen on Mar 04, 2009 r64 (Added options for requiring NTLM version 1 or 2) committed by dav...@sjsoft.com - Added options for requiring NTLM version 1 or 2 Added options for requiring NTLM version 1 or 2 Mar 04, 2009 r63 (Replaced `--debug` with proper option parser and loglevel sw...) committed by dav...@sjsoft.com - Replaced `--debug` with proper option parser and loglevel switch Replaced `--debug` with proper option parser and loglevel switch Mar 04, 2009 r62 (Update comments) committed by duncancbennett - Update comments Update comments Mar 04, 2009 r61 (Removed logging level set as discussed in review of r59 - th...) committed by dav...@sjsoft.com - Removed logging level set as discussed in review of r59 - this is doable with `--debug` switch from commandline Removed logging level set as discussed in review of r59 - this is doable with `--debug` switch from commandline Mar 04, 2009 r60 (Update comments) committed by duncancbennett - Update comments Update comments Mar 04, 2009 r59 (Add a list of logged in users to sample server) committed by duncancbennett - Add a list of logged in users to sample server Add a list of logged in users to sample server Mar 04, 2009 ClientServer (Plans for client and server support) Wiki page edited by dav...@sjsoft.com

issue 10 (Cookie handling is borked) reported by scherbi - What steps will reproduce the problem? 1. Use the example usage in HTTPNtlmAuthHandler.py, modify url, user, and password as needed. url points to a asp session based server 2. modify the code to enable httplib debug 3. run it an watch how the session cookie is dropped. What is the expected output? What do you see instead? I expect the session cookie to be sent back to the server. It was not. What version of the product are you using? On what operating system? Unknown version...pulled from svn. Ubuntu 8.10, fully up-to-date. Please provide any additional information below. 1. It seems you are looking in the wrong place for the headers in HTTPNtlmAuthHandler.py, in retry_using_http_NTLM_auth. One of the arguments to this method is 'headers', and this contains the headers, while req.headers is always empty. 2. The capitalization is wrong for the Set-Cookie header in retry_using_http_NTLM_auth. You have "set-cookie", it should be "Set-Cookie" (or possibly be made case-insensitive). 3. Also in retry_using_http_NTLM_auth, you convert the headers to a dict using the dict object's constructor. The problem with this is that you can only support one cookie this way. When the servers send you three cookies, you get three Set-Cookie headers, but putting them in a dict in this way you only get the last one in the dict. Also, you should probably be using cookielib to handle the cookies. I'm working on fixes for all of these for my own use. I can submit a patch once they are ready if you want, but I'll be out next week, so I could not provide until September. Thanks.

What steps will reproduce the problem? 1. Use the example usage in HTTPNtlmAuthHandler.py, modify url, user, and password as needed. url points to a asp session based server 2. modify the code to enable httplib debug 3. run it an watch how the session cookie is dropped. What is the expected output? What do you see instead? I expect the session cookie to be sent back to the server. It was not. What version of the product are you using? On what operating system? Unknown version...pulled from svn. Ubuntu 8.10, fully up-to-date. Please provide any additional information below. 1. It seems you are looking in the wrong place for the headers in HTTPNtlmAuthHandler.py, in retry_using_http_NTLM_auth. One of the arguments to this method is 'headers', and this contains the headers, while req.headers is always empty. 2. The capitalization is wrong for the Set-Cookie header in retry_using_http_NTLM_auth. You have "set-cookie", it should be "Set-Cookie" (or possibly be made case-insensitive). 3. Also in retry_using_http_NTLM_auth, you convert the headers to a dict using the dict object's constructor. The problem with this is that you can only support one cookie this way. When the servers send you three cookies, you get three Set-Cookie headers, but putting them in a dict in this way you only get the last one in the dict. Also, you should probably be using cookielib to handle the cookies. I'm working on fixes for all of these for my own use. I can submit a patch once they are ready if you want, but I'll be out next week, so I could not provide until September. Thanks.

Last 30 days

Earlier this year