Comments (11)
genotrance
commented on August 16, 2024
What version of Windows are you running? Also, are you logging in with an NTLM password (domain login) or logging in with a local user account?
from px.
lalalandrus
commented on August 16, 2024
Windows 10 64 bit
from px.
genotrance
commented on August 16, 2024
Are you logging in with an NTLM password (into a domain account since machine is part of the domain) or logging in with a local user account? If it is the latter, there's no SSPI possible from what I understand.
from px.
lalalandrus
commented on August 16, 2024
It is on a corporate domain.
from px.
genotrance
commented on August 16, 2024
Can you please confirm the following:-
- Does the binary distribution of Px work on your system? Either 32-bit or 64-bit?
- Does the 32-bit distro of 2.7 Python work on your system?
- How about 3.5 if you get a chance to try that out?
Not really sure why the system isn't working as expected.
from px.
lalalandrus
commented on August 16, 2024
Thanks for getting back to me. At the moment I have found a workaround that does not require the use of PX. I did however try 32 bit version which fails as well. It seems to fail the security portion of the proxy. I still kept getting a 407 unauthorized.
I will see if I can get a chance to use 3.5 to test it out.
from px.
spequer
commented on August 16, 2024
I got the similar issue here.
Traceback (most recent call last):
File "D:\tool\python\px-master\px.py", line 100, in create_challenge_response
error_msg, output_buffer = self.sspi_client.authorize(input_buffer)
File "C:\Python35\lib\site-packages\win32\lib\sspi.py", line 139, in authorize
sec_buffer_out)
pywintypes.error: (-2146893048, 'InitializeSecurityContext', 'The token supplied to the function is invalid')
- In a corporation domain
- OS windows7 32bit
- 32bit-distro of 2.7, 3.5
from px.
genotrance
commented on August 16, 2024
Thanks for the report - this one is slightly different.
Can you please rerun Px with logging enabled in the INI and in a single process (workers=1)? The logs generated might provide some context which will be helpful to figure out what's going on.
from px.
spequer
commented on August 16, 2024
Oops. I got the answer after google the keyword "sspi SEC_E_INVALID_TOKEN" and following the thread on libcurl: https://curl.haxx.se/mail/lib-2014-09/0044.html
It seems related to "scflags, # security context flags" of sspi.ClientAuth.
I set scflags to 0 and px works well.
from px.
genotrance
commented on August 16, 2024
Great catch! I presume you are changing the following in Px (class NtlmMessageGenerator):-
self.sspi_client = sspi.ClientAuth("NTLM", user)
to:-
self.sspi_client = sspi.ClientAuth("NTLM", user, scflags=0)
I tried it out and it still works for me, although it works for me even without this. I checked Curl's implementation and they have picked the same in their call to InitializeSecurityContext():-
https://github.com/fl4re/curl/blob/master/lib/curl_sasl_sspi.c
I'll check this in shortly.
from px.
genotrance
commented on August 16, 2024
This was checked in a while back but has just been delivered as part of the v0.2.1 binary release. Thank you for providing the fix!
from px.
Related Issues (20)
- keyring_jeepney broken HOT 2
- Support for keyrings.cryptfile HOT 4
- Logging Directory <> Working Directory HOT 4
- Win11 - The publisher could not be verified HOT 1
- Does this tool support Kerberos authentication to a corporate Web proxy ? HOT 1
- Timeout and connection reset HOT 2
- Allow for multiple listen interfaces HOT 3
- using domain names in the allow list HOT 1
- libcrypto-1_1.dll version 1.1.1q with vulnerabilites HOT 4
- px 0.8.4: PAC configuration seems to cause unstable behaviour HOT 4
- HTTP POST and PUT not working since data rewind is not supported HOT 1
- Unclear listen setting HOT 8
- px 0.9.0 - Windows: does not start as a background service anymore (openes a required console window) HOT 3
- px 0.9.0 - Windows: logging configuration inside px.ini file is ignored and no logging is produced HOT 3
- Thread safety of quickjs HOT 4
- px 0.9.0 responds with "URL malformed" on macOS HOT 5
- Version 0.9.0 with Linux doesn't Authenticate using Kerberos HOT 9
- proxy.pac: isInNet() & isResolvable() not working properly HOT 8
- How to download latest release via script HOT 2
- Embedded libcurl library does not support SPPI/SPNEGO/KERBEROS on v0.9.1 HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from px.