Bazaar

http urllib implementation doesn't support NTLM auth scheme

Bug #244879 reported by Vincent Ladeuil
30
This bug affects 5 people
Affects Status Importance Assigned to Milestone
Bazaar
Confirmed
Medium
Unassigned
Breezy
Triaged
Low
Unassigned

Bug Description

Windows users may use proxies that allows only NTLM authentication scheme (see bug #244448).

NTLMaps - http://ntlmaps.sourceforge.net/ may provides hints on how to implement that.

Vincent Ladeuil (vila)
Changed in bzr:
importance: Undecided → Medium
status: New → Confirmed
Revision history for this message
Gareth White (gwhite-deactivatedaccount) wrote :

I'm one of those people unfortunate enough to be behind an NTLM proxy at work. As such it's currently very difficult to download branches from launchpad, whether it be Bazaar plugins or Bazaar itself. I've successfully used http://tredosoft.com/ntlm_proxy_server to allow Bazaar to indirectly work with the NTLM proxy but it would be nicer if Bazaar supported it natively.

Revision history for this message
John A Meinel (jameinel) wrote : Re: [Bug 244879] Re: http urllib implementation doesn't support NTLM auth scheme

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Gareth White wrote:
> I'm one of those people unfortunate enough to be behind an NTLM proxy at
> work. As such it's currently very difficult to download branches from
> launchpad, whether it be Bazaar plugins or Bazaar itself. I've
> successfully used http://tredosoft.com/ntlm_proxy_server to allow Bazaar
> to indirectly work with the NTLM proxy but it would be nicer if Bazaar
> supported it natively.
>

There seems to be:
http://sourceforge.net/projects/ntlmaps/
and
http://code.google.com/p/python-ntlm/

The latter seems like it integrates cleanly with the rest of the urllib2
authentication infrastructure, so it might be possible to integrate.

Though we don't really have access to such a proxy for testing.

John
=:->
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Cygwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAktZ2Z4ACgkQJdeBCYSNAANjOwCdHjWkUJiZ2BbbH8KuYuHGfjms
WfIAnjmqPXgr6+0udypgB/6M8WJsC9ZQ
=USlS
-----END PGP SIGNATURE-----

Revision history for this message
Jelmer Vernooij (jelmer) wrote :

bzr-tfs has some code for dealing with ntlm.

tags: added: http
tags: added: authentication
Revision history for this message
Nelson Benitez (gnel) wrote :

The unfortunate design flaw that Bazaar made here was to use the plain urllib module for accessing http and https resources.

Such an important tool like Bazaar should have used a more mature and featureful lib for that matter like libcurl is. Git uses libcurl and so adding NTLM support was just a one-liner patch [1], same as the YUM download manager did [2].

The correct fix would be to port Bazaar from urllib to libcurl as it automatically supports NTLM and several other proxy authentication methods [3].

[1] https://github.com/gitster/git/commit/dd6139971a18e25a5089c0f96dc80e454683ef0b#diff-0

[2] https://bugzilla.redhat.com/show_bug.cgi?id=769254#c3

[3] http://curl.haxx.se/libcurl/c/curl_easy_setopt.html#CURLOPTHTTPAUTH

Revision history for this message
Vincent Ladeuil (vila) wrote :

> The unfortunate design flaw that Bazaar made here was to use the plain urllib module for accessing http and https resources.

bzr has a pycurl-based http client implementation since... the early days.

This bug is about providing NTLM for the urlib2-based implementation.

Revision history for this message
Nelson Benitez (gnel) wrote :

Ok, I take back my previous comment then.. do you know which criteria Bazaar takes to use urllib of pycurl ?

Jelmer Vernooij (jelmer)
tags: added: check-for-breezy
Jelmer Vernooij (jelmer)
tags: removed: check-for-breezy
Changed in brz:
status: New → Triaged
importance: Undecided → Low
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.