Merge pull request #267 from flanksource/fix-ntlm

fix: ntlm auth

checks/common.go

@@ -6,6 +6,10 @@ import (
 )
 
 func GetAuthValues(auth *v1.Authentication, client *kommons.Client, namespace string) (v1.Authentication, error) {
+	if client == nil {
+		return *auth, nil
+	}
+
 	authentication := &v1.Authentication{
 		Username: kommons.EnvVar{
 			Value: "",

checks/http.go

@@ -15,9 +15,9 @@ import (
 
 	"github.com/flanksource/commons/text"
 
-	"github.com/Azure/go-ntlmssp"
+	httpntlm "github.com/vadimi/go-http-ntlm"
+
 	"github.com/flanksource/kommons"
-	"github.com/pkg/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
 	"github.com/flanksource/canary-checker/api/external"
@@ -152,7 +152,8 @@ func (c *HTTPChecker) Check(canary v1.Canary, extConfig external.Check) *pkg.Che
 	kommons := c.GetClient()
 	for _, header := range check.Headers {
 		if kommons == nil {
-			return pkg.Fail(check).TextResults(textResults).ResultMessage(httpTemplateResult(template, httpStatus)).ErrorMessage(fmt.Errorf("kommons client not set for HTTPChecker instance"))
+			headers[header.Name] = header.Value
+			continue
 		}
 		key, value, err := kommons.GetEnvValue(header, specNamespace)
 		if err != nil {
@@ -281,17 +282,21 @@ func (c *HTTPChecker) checkHTTP(urlObj pkg.URL, ntlm bool) (*HTTPCheckResult, er
 	} else {
 		urlString = fmt.Sprintf("%s://%s%s", urlObj.Scheme, urlObj.IP, urlObj.Path)
 	}
-	client := getHTTPClient(urlObj.Host, ntlm)
+	client := getHTTPClient(urlObj, ntlm)
 	req, err := http.NewRequest(urlObj.Method, urlString, strings.NewReader(urlObj.Body))
 	if err != nil {
 		return nil, err
 	}
 
 	req.Host = urlObj.Host
-	req.Header.Add("Host", urlObj.Host)
 	for header, field := range urlObj.Headers {
 		req.Header.Add(header, field)
 	}
+
+	if req.Header.Get("Host") == "" {
+		req.Header.Add("Host", urlObj.Host)
+	}
+
 	if urlObj.Username != "" && urlObj.Password != "" {
 		req.SetBasicAuth(urlObj.Username, urlObj.Password)
 	}
@@ -310,7 +315,6 @@ func (c *HTTPChecker) checkHTTP(urlObj pkg.URL, ntlm bool) (*HTTPCheckResult, er
 		return nil, err
 	}
 	content := string(res)
-	// logger.Tracef("GET %s => %s", urlString, content)
 	sslExpireDays := int(exp.Sub(start).Hours() / 24.0)
 	var sslExpiryDaysRounded int
 	if sslExpireDays <= 0 {
@@ -333,10 +337,6 @@ func (c *HTTPChecker) checkHTTP(urlObj pkg.URL, ntlm bool) (*HTTPCheckResult, er
 }
 
 func (c *HTTPChecker) ParseAuth(check v1.HTTPCheck, namespace string) (string, string, error) {
-	kommons := c.GetClient()
-	if kommons == nil {
-		return "", "", errors.New("Kommons client not set for HTTPChecker instance")
-	}
 	if check.Authentication == nil {
 		return "", "", nil
 	}
@@ -348,28 +348,37 @@ func (c *HTTPChecker) ParseAuth(check v1.HTTPCheck, namespace string) (string, s
 	return auth.Username.Value, auth.Password.Value, nil
 }
 
-func getHTTPClient(urlHost string, ntlm bool) *http.Client {
-	transport := &http.Transport{
+func getHTTPClient(url pkg.URL, ntlm bool) *http.Client {
+	var transport http.RoundTripper
+	transport = &http.Transport{
 		DisableKeepAlives: true,
 		TLSClientConfig: &tls.Config{
 			InsecureSkipVerify: true,
-			ServerName:         urlHost,
+			ServerName:         url.Host,
 		},
 	}
-	checkRedirect := func(req *http.Request, via []*http.Request) error {
-		return http.ErrUseLastResponse
-	}
+
 	if ntlm {
-		return &http.Client{
-			Transport: ntlmssp.Negotiator{
-				RoundTripper: transport,
-			},
-			CheckRedirect: checkRedirect,
+		parts := strings.Split(url.Username, "@")
+
+		domain := ""
+		if len(parts) > 1 {
+			domain = parts[1]
+		}
+
+		transport = &httpntlm.NtlmTransport{
+			Domain:   domain,
+			User:     parts[0],
+			Password: url.Password,
+			// RoundTripper: transport,
 		}
 	}
+
 	return &http.Client{
-		Transport:     transport,
-		CheckRedirect: checkRedirect,
+		Transport: transport,
+		CheckRedirect: func(req *http.Request, via []*http.Request) error {
+			return nil
+		},
 	}
 }
 

go.mod

@@ -45,6 +45,7 @@ require (
 	github.com/sirupsen/logrus v1.7.0
 	github.com/sparrc/go-ping v0.0.0-20190613174326-4e5b6552494c
 	github.com/spf13/cobra v1.1.1
+	github.com/vadimi/go-http-ntlm v1.0.3 // indirect
 	golang.org/x/mod v0.4.1 // indirect
 	golang.org/x/net v0.0.0-20201202161906-c7110b5ffcbb
 	golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9

go.sum

@@ -1040,6 +1040,14 @@ github.com/urfave/cli v0.0.0-20171014202726-7bc6a0acffa5/go.mod h1:70zkFmudgCuE/
 github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA=
 github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
 github.com/urfave/cli v1.22.2/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
+github.com/vadimi/go-http-ntlm v1.0.3 h1:o6n2vAtP1MlLT73jIXuQYryIcWzXyMN0SCQWZ2QVLLc=
+github.com/vadimi/go-http-ntlm v1.0.3/go.mod h1:SwhhmybQ4Yn1mC53UPmQ6MCrBX6UvJHlS1Xt89OmM9M=
+github.com/vadimi/go-http-ntlm/v2 v2.4.1 h1:y/OWq3pp8+qQymcYHf7rztV9VcLH3cbqnIa4WSXFRVw=
+github.com/vadimi/go-http-ntlm/v2 v2.4.1/go.mod h1:KduY1xBqaL8Q2Rh/erMvRQHKoj3VAT9GNYxe9EH+rOo=
+github.com/vadimi/go-ntlm v1.0.1 h1:Pi8xmngo7CQQl4Hd8J6rDcxY1LZKwyutTvx4W035Hto=
+github.com/vadimi/go-ntlm v1.0.1/go.mod h1:hPTY60eLSKGj9oUJAB+kZiLs2Cg5eKdH60aLczM9rMg=
+github.com/vadimi/go-ntlm v1.2.1 h1:y2xZf/a5+BJlYNJIIulP1q8F438H9bU7aGcYE53vghQ=
+github.com/vadimi/go-ntlm v1.2.1/go.mod h1:hPTY60eLSKGj9oUJAB+kZiLs2Cg5eKdH60aLczM9rMg=
 github.com/vbauerster/mpb/v5 v5.0.3 h1:Ldt/azOkbThTk2loi6FrBd/3fhxGFQ24MxFAS88PoNY=
 github.com/vbauerster/mpb/v5 v5.0.3/go.mod h1:h3YxU5CSr8rZP4Q3xZPVB3jJLhWPou63lHEdr9ytH4Y=
 github.com/vektah/gqlparser v1.1.2/go.mod h1:1ycwN7Ij5njmMkPPAOaRFY4rET2Enx7IkVv3vaXspKw=