Recent changes to patches

distutils + rpm packaging + config file lookup

Matt Domsch — Mon, 20 Oct 2008 17:02:36 -0000

Several patches to make ntlmaps more like a normal python app, packagable, and installable into /usr/bin/, with the module code in the python site-lib directory.

Matt Domsch (11):
rename main.py to ntlmaps so we can put it in /usr/bin
Move __init__.py into lib/
initial distutils setup.py
finish moving __init__.py
rename lib/ to ntlmaps/, move ntlmaps script to scripts/, rename server.cfg to ntlmaps.conf
fix up __init__ exports, put config file in /etc/ntlmaps/
fallback search order for config file
cleanup now-unneeded use of ntlmaps_dir and configFileDir
add ntlmaps.spec
remove #!/usr/bin/python from __init__.py
use dos2unix on doc files at build time

Set SO_REUSEADDR on server socket

Anonymous — Fri, 28 Mar 2008 09:19:36 -0000

NTLMAPS does not set SO_REUSEADDR when creating the server socket, so you have to wait for TIME_WAIT status to expire before restarting it.

The attached patch allows you to restart it immediately.

fix 400 errors when using SVN with NTLMaps

anatoly techtonik — Thu, 13 Mar 2008 14:37:26 -0000

NTLMaps 0.9.9.0.1 is unable to handle extended HTTP methods that include content payload like PROPFIND, REPORT etc. This breaks outgoing packets and causes 400 error with SVN.

The patch fixes that.

Basic proxy authentication

Sai Deep — Wed, 25 Apr 2007 07:31:42 -0000

There were several bugs in the basic authentication part of the program. I've fixed most of them and am attaching the resultant file.

People who wish to use this can just replace the basic_auth.py with the file attached (after making a backup first!) and restart the program.

Use password hashes rather than plain text passwords.

Richard Quadling — Mon, 09 Oct 2006 14:23:04 -0000

This patch is allows you to use password hashes rather
than the password being stored in plain text in the
server.cfg (or equivalent) file.

The patch is mainly in server.py where the hashes are
generated (normally).

If they exist in the server.cfg file then these are
used instead. Both must exist. They are not verified in
any way, so make sure you enter them correctly.

As an aid to this, there is also a new program called
hashes.py.

This is run at the command line. I'm on windows, and
.py files are handled by the Python binary. You may
have to do something like /usr/bin/Python ./hashes.py
for *ix platforms. Or something else entirely.

The program accepts a single paramater. This is the
plain text password you want to generate the hashes for.

e.g.

hashes.py MyPassword

This outputs ...

Set LM_HASHED_PW to dKyZykDe1CDcGnPmzqZ+xQAAAAAA

Set NT_HASHED_PW to 8SxBgIPAXjp954WC5h9lLQAAAAAA

Using those odd looking strings, you can set them into
the server.cfg file.

The server.cfg file has also been patched to provide
you with a space to enter them.

If you don't want to run the patch, then further
details will be available at http://rquadling.php1h.com

Thanks for reading.

Regards,

Richard Quadling.

Data not flushed to client

Anonymous — Wed, 06 Sep 2006 15:15:10 -0000

Running with Lynx on Cygwin (Python 2.4.3) the data
doesn't appear to get flushed to the client. Attached
patch fixed it for me.

Same happened with Lynx running on Linux (also Python
2.4.3)

detach from console

Anonymous — Tue, 28 Jun 2005 07:11:44 -0000

I have used ntlmaps a fair bit and it always annoyed me
having a console window occupied with it not doing
much after I have typed in a password. The other day I
have tried to make it detach itself from the console after
receiving the password and it worked well. You may
want to consider adding it as a feature. There are
problems however. Under cygwin python I was getting dll
errors until I installed rebase package and
issued 'rebaseall' command. After that it works fine. The
program doesn't work at all under python.org python
2.4.1 I have installed. I have had to include a check for
the presence of os.fork() to account for that. I didn't test
it under ASPN Python but I would say it works since the
daemon code comes from their recipes.

Eugene.
ugn@hotmail.com

CONNECT not working in direct mode

Anonymous — Fri, 03 Jun 2005 22:43:19 -0000

When in direct mode (without any parent proxy),
https:// is not working.
There is no support for CONNECT request in direct
mode.
And seems never been.
Here is a patch to implement this feature.

walt at newmail dot ru

Implment PARENT_SKIP_FOR_INTERNAL

Paul — Sun, 22 May 2005 22:34:43 -0000

Relating to the feature request I asked for.
PARENT_SKIP_FOR_INTERNAL was in server.cfg for 0.9.9.3
but not implemented.
I did a quick implementation which works ok for me.
the following is a diff -u of the change.
Basically added a new can_connect() helper function and
call from within determine_mode().

--- /home/paul/ntlmaps-0.9.9.3/lib/proxy_client.py
2005-02-23 22:41:14.000000000 +1300
+++ lib/proxy_client.py 2005-05-23 10:29:34.170776864 +1200
@@ -780,18 +780,36 @@
self.close_rserver()

#-----------------------------------------------------------------------
+ def can_connect(self, host):
+ try:
+ s = socket.socket(socket.AF_INET,
socket.SOCK_STREAM)
+ rs,rsp =
self.client_head_obj.get_http_server()
+ s.connect((rs,rsp))
+ #print 'connected'
+ s.close()
+ return True
+ except:
+ #print 'no host'
+ return False
+
+
#-----------------------------------------------------------------------
def determine_mode(self):
if self.config['GENERAL']['PARENT_PROXY']:
- if
self.config['GENERAL']['HOSTS_TO_BYPASS_PARENT_PROXY']:
+ if
self.config['GENERAL']['HOSTS_TO_BYPASS_PARENT_PROXY']
or self.config['GENERAL']['PARENT_SKIP_FOR_INTERNAL']:
try:
host =
self.client_head_obj.get_param_values('Host')
- if host:
- if host[0] in
self.config['GENERAL']['HOSTS_TO_BYPASS_PARENT_PROXY']:
- self.move_to_www_mode()
+ #print 'determine: %s' %
(self.config['GENERAL']['PARENT_SKIP_FOR_INTERNAL'])
+ if
self.config['GENERAL']['PARENT_SKIP_FOR_INTERNAL'] and
self.can_connect(host):
+ #print "direct connect"
+ self.move_to_www_mode()
+ else:
+ if host:
+ if host[0] in
self.config['GENERAL']['HOSTS_TO_BYPASS_PARENT_PROXY']:
+ self.move_to_www_mode()
+ else:
+ self.move_to_proxy_mode()
else:
self.move_to_proxy_mode()
- else:
- self.move_to_proxy_mode()
except KeyError:
self.move_to_proxy_mode()
else: