Andreas Horn - 2016-03-14 13:57:09
Hi Manuel,
I'm back from auth NEGOTIATE... I found that my proxy server also accepts auth NTLM - so far so good. But I can't authenticate successfully somehow.
I'm not that experienced in authentication mechanism, but I found some curiosities playing with your httpclient with sasl. I modified your test_http.php with my credentials and tested:
Server says to my inital request:
S HTTP/1.1 407 Proxy Authentication Required
S Proxy-Authenticate: NEGOTIATE
S Proxy-Authenticate: NTLM
S Cache-Control: no-cache
S Pragma: no-cache
S Content-Type: text/html; charset=utf-8
S Proxy-Connection: close
S Set-Cookie: BCSI-CS-ac57f34e119b7619=2; Path=/
S Connection: close
S Content-Length: 1434
Part of my second request is something like:
C Proxy-Authorization: NTLM TlRMTVNTUAABAAAABzIAAAAAAAAgAAAAAAAAACAAAAA=
C Cookie: BCSI-CS-ac57f34e119b7619=2;
The Authorization string doesn't differ if I fill in my credentials or if I leave them blank:
$arguments["ProxyUser"]="myDomain\\myUser";
$arguments["ProxyPassword"]="myPassword";
If I fill in
$arguments["ProxyRealm"]="foo";
$arguments["ProxyWorkstation"]="bar"
then these strings are added at the end of the above authorization string base64-encoded (after decode -> clear text)
If I fetch the first authorization string from a browser request (with succesful auth), it is 12 characters longer, and after base64-decode all data after "NTLMSSP" is binary.
Is it possible that there is a bug in your auth NTLM class?... or I'm I doing something totally weird?
Best Regards
Andreas
Manuel Lemos - 2016-03-14 20:43:28 - In reply to message 1 from Andreas Horn
