-
Notifications
You must be signed in to change notification settings - Fork 101
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Replace deprecated Ntlm() with NtlmContext() #116
Changes from all commits
c2d8c59
cc32522
76a5717
1c15c4c
3479bd5
6433c70
6a911b8
bec2706
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,4 @@ | ||
import base64 | ||
import binascii | ||
import sys | ||
import warnings | ||
|
@@ -71,8 +72,12 @@ def retry_using_http_NTLM_auth(self, auth_header_field, auth_header, | |
|
||
# ntlm returns the headers as a base64 encoded bytestring. Convert to | ||
# a string. | ||
context = ntlm.Ntlm() | ||
negotiate_message = context.create_negotiate_message(self.domain).decode('ascii') | ||
context = ntlm.NtlmContext( | ||
username=self.username, | ||
password=self.password, | ||
domain=self.domain or None, | ||
) | ||
negotiate_message = base64.b64encode(context.step()).decode('ascii') | ||
auth = u'%s %s' % (auth_type, negotiate_message) | ||
request.headers[auth_header] = auth | ||
|
||
|
@@ -110,17 +115,12 @@ def retry_using_http_NTLM_auth(self, auth_header_field, auth_header, | |
).strip() | ||
|
||
# Parse the challenge in the ntlm context | ||
context.parse_challenge_message(ntlm_header_value[len(auth_strip):]) | ||
challenge_token = base64.b64decode(ntlm_header_value[len(auth_strip):]) | ||
|
||
# build response | ||
# Get the response based on the challenge message | ||
authenticate_message = context.create_authenticate_message( | ||
self.username, | ||
self.password, | ||
self.domain, | ||
server_certificate_hash=server_certificate_hash | ||
) | ||
authenticate_message = authenticate_message.decode('ascii') | ||
context._server_certificate_hash = server_certificate_hash | ||
authenticate_message = base64.b64encode(context.step(challenge_token)).decode('ascii') | ||
auth = u'%s %s' % (auth_type, authenticate_message) | ||
request.headers[auth_header] = auth | ||
|
||
|
@@ -131,7 +131,7 @@ def retry_using_http_NTLM_auth(self, auth_header_field, auth_header, | |
response3.history.append(response2) | ||
|
||
# Get the session_security object created by ntlm-auth for signing and sealing of messages | ||
self.session_security = context.session_security | ||
self.session_security = context._session_security | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This one is a tricky one, technically the What I recommend is to add a session_security property to this class like so:
This also requires us to store the Doing this means that other libraries that rely on the wrapping and unwrapping functions provided by session_security aren't broken in the next release, are warned about it being deprecated here and are offered the alternative. |
||
|
||
return response3 | ||
|
||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,7 +1,7 @@ | ||
requests>=2.0.0 | ||
ntlm-auth>=1.0.2 | ||
ntlm-auth>=1.2.0 | ||
cryptography>=1.3 | ||
flask | ||
pytest | ||
pytest-cov | ||
pytest-cov<2.6 | ||
wheel |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Instead of setting this we should be passing in a CBT object to
NtlmContext
on initialisation through thecbt_data
kwarg. The_server_certificate_hash
attribute is only used for backwards compat withNtlm()
inntlm-auth
and will be removed if I ever get to removingNtlm()
.What you need to do instead is change
_get_certificate_hash()
to returncertificate_hash_bytes
and don't worry about using hexlify there. Then you can create the CBT struct with:It might be a good idea to change the variable name
server_certificate_hash
tob_server_cert_hash
to make sure people are aware that it is a byte string.