http urllib implementation doesn't support NTLM auth scheme

Bug #244879 reported by Vincent Ladeuil on 2008-07-02
32
This bug affects 5 people
Affects Status Importance Assigned to Milestone
Bazaar
Medium
Unassigned

Bug Description

Windows users may use proxies that allows only NTLM authentication scheme (see bug #244448).

NTLMaps - http://ntlmaps.sourceforge.net/ may provides hints on how to implement that.

Vincent Ladeuil (vila) on 2008-07-02
Changed in bzr:
importance: Undecided → Medium
status: New → Confirmed
Gareth White (gwhite) wrote :

I'm one of those people unfortunate enough to be behind an NTLM proxy at work. As such it's currently very difficult to download branches from launchpad, whether it be Bazaar plugins or Bazaar itself. I've successfully used http://tredosoft.com/ntlm_proxy_server to allow Bazaar to indirectly work with the NTLM proxy but it would be nicer if Bazaar supported it natively.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Gareth White wrote:
> I'm one of those people unfortunate enough to be behind an NTLM proxy at
> work. As such it's currently very difficult to download branches from
> launchpad, whether it be Bazaar plugins or Bazaar itself. I've
> successfully used http://tredosoft.com/ntlm_proxy_server to allow Bazaar
> to indirectly work with the NTLM proxy but it would be nicer if Bazaar
> supported it natively.
>

There seems to be:
http://sourceforge.net/projects/ntlmaps/
and
http://code.google.com/p/python-ntlm/

The latter seems like it integrates cleanly with the rest of the urllib2
authentication infrastructure, so it might be possible to integrate.

Though we don't really have access to such a proxy for testing.

John
=:->
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Cygwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAktZ2Z4ACgkQJdeBCYSNAANjOwCdHjWkUJiZ2BbbH8KuYuHGfjms
WfIAnjmqPXgr6+0udypgB/6M8WJsC9ZQ
=USlS
-----END PGP SIGNATURE-----

Jelmer Vernooij (jelmer) wrote :

bzr-tfs has some code for dealing with ntlm.

tags: added: http
tags: added: authentication
Nelson Benitez (gnel) wrote :

The unfortunate design flaw that Bazaar made here was to use the plain urllib module for accessing http and https resources.

Such an important tool like Bazaar should have used a more mature and featureful lib for that matter like libcurl is. Git uses libcurl and so adding NTLM support was just a one-liner patch [1], same as the YUM download manager did [2].

The correct fix would be to port Bazaar from urllib to libcurl as it automatically supports NTLM and several other proxy authentication methods [3].

[1] https://github.com/gitster/git/commit/dd6139971a18e25a5089c0f96dc80e454683ef0b#diff-0

[2] https://bugzilla.redhat.com/show_bug.cgi?id=769254#c3

[3] http://curl.haxx.se/libcurl/c/curl_easy_setopt.html#CURLOPTHTTPAUTH

Vincent Ladeuil (vila) wrote :

> The unfortunate design flaw that Bazaar made here was to use the plain urllib module for accessing http and https resources.

bzr has a pycurl-based http client implementation since... the early days.

This bug is about providing NTLM for the urlib2-based implementation.

Nelson Benitez (gnel) wrote :

Ok, I take back my previous comment then.. do you know which criteria Bazaar takes to use urllib of pycurl ?

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers