Multiple WWW-Authenticate keys on server challenge causes parse_NTLM_CHALLENGE_MESSAGE to fail.

[GoogleCodeExporter]

What steps will reproduce the problem?
1. Try to authenticate to a server that sends WWW-Authenticate as follows:
send: 'GET /EWS/Services.wsdl HTTP/1.1\r\nAccept-Encoding: identity\r\nHost: 
mymail.qualcomm.com\r\nConnection: Keep-Alive\r\nAuthorization: NTLM 
TlRMTVNTUAABAAAAB7IIogIAAgAwAAAACAAIACgAAAAFASgKAAAAD09XTkVSLUhQTkE=\r\nUser-Age
nt: Python-urllib/2.7\r\n\r\n'

reply: 'HTTP/1.1 401 Unauthorized\r\n'

header: Server: Microsoft-IIS/7.5
header: WWW-Authenticate: NTLM 
TlRMTVNTUAACAAAABAAEADgAAAAFgomi3k7KRx+HGYQAAAAAAAAAALQAtAA8AAAABgGwHQAAAA9OAEEA
AgAEAE4AQQABABYATgBBAFMAQQBOAEUAWABIAEMAMAA0AAQAHgBuAGEALgBxAHUAYQBsAGMAbwBtAG0A
LgBjAG8AbQADADYAbgBhAHMAYQBuAGUAeABoAGMAMAA0AC4AbgBhAC4AcQB1AGEAbABjAG8AbQBtAC4A
YwBvAG0ABQAiAGMAbwByAHAALgBxAHUAYQBsAGMAbwBtAG0ALgBjAG8AbQAHAAgADXHouNLjzAEAAAAA
header: WWW-Authenticate: Negotiate
header: X-Powered-By: ASP.NET
header: Date: Sun, 05 Feb 2012 06:52:26 GMT
header: Content-Length: 0

2. httplib appends the two WWW-Authenticates into a comma delimited string like 
so:
getting request headers using r.getheader(auth_header_field, None) : NTLM 
TlRMTVNTUAACAAAABAAEADgAAAAFgomi3k7KRx+HGYQAAAAAAAAAALQAtAA8AAAABgGwHQAAAA9OAEEA
AgAEAE4AQQABABYATgBBAFMAQQBOAEUAWABIAEMAMAA0AAQAHgBuAGEALgBxAHUAYQBsAGMAbwBtAG0A
LgBjAG8AbQADADYAbgBhAHMAYQBuAGUAeABoAGMAMAA0AC4AbgBhAC4AcQB1AGEAbABjAG8AbQBtAC4A
YwBvAG0ABQAiAGMAbwByAHAALgBxAHUAYQBsAGMAbwBtAG0ALgBjAG8AbQAHAAgADXHouNLjzAEAAAAA
, Negotiate

3. This causes the parser to crash with the following message:
Traceback (most recent call last):
  File "app.py", line 39, in <module>
    response = urllib2.urlopen(url)
  File "C:\Python27\lib\urllib2.py", line 126, in urlopen
    return _opener.open(url, data, timeout)
  File "C:\Python27\lib\urllib2.py", line 397, in open
    response = meth(req, response)
  File "C:\Python27\lib\urllib2.py", line 510, in http_response
    'http', request, response, code, msg, hdrs)
  File "C:\Python27\lib\urllib2.py", line 429, in error
    result = self._call_chain(*args)
  File "C:\Python27\lib\urllib2.py", line 369, in _call_chain
    result = func(*args)
  File "C:\Python27\lib\site-packages\python_ntlm-1.0.1-py2.7.egg\ntlm\HTTPNtlmAuthHandler.py", line 116, in http_error_401
    return self.http_error_authentication_required('www-authenticate', req, fp, headers)
  File "C:\Python27\lib\site-packages\python_ntlm-1.0.1-py2.7.egg\ntlm\HTTPNtlmAuthHandler.py", line 35, in http_error_authentication_required
    return self.retry_using_http_NTLM_auth(req, auth_header_field, None, headers)
  File "C:\Python27\lib\site-packages\python_ntlm-1.0.1-py2.7.egg\ntlm\HTTPNtlmAuthHandler.py", line 86, in retry_using_http_NTLM_auth
    (ServerChallenge, NegotiateFlags) = ntlm.parse_NTLM_CHALLENGE_MESSAGE(auth_header_value[5:])
  File "C:\Python27\lib\site-packages\python_ntlm-1.0.1-py2.7.egg\ntlm\ntlm.py", line 217, in parse_NTLM_CHALLENGE_MESSAGE
    msg2 = base64.decodestring(msg2)
  File "C:\Python27\lib\base64.py", line 321, in decodestring
    return binascii.a2b_base64(s)
binascii.Error: Incorrect padding

What is the expected output? What do you see instead?
Transaction should abstract out any glitches like multiple headers

What version of the product are you using? On what operating system?
ntlm-1.0.1 python26 branch. OS: Win7. Python Version 2.7.1

Please provide any additional information below.
Diff for the FIX that I have made included. Please review and add into the code.

Original issue reported on code.google.com by lakshmik...@gmail.com on 5 Feb 2012 at 7:00

• Merged into: #27

Attachments:

• fix_multi_auth_headers.diff

[GoogleCodeExporter]

Should have searched the issue logs before filing this issue. See issue 27 here 
http://code.google.com/p/python-ntlm/issues/detail?id=27. The patch looks much 
cleaner than my hack :)

Original comment by lakshmik...@gmail.com on 5 Feb 2012 at 7:05

[GoogleCodeExporter]

Original comment by samw...@gmail.com on 12 Feb 2013 at 12:53

• Changed state: Duplicate
• Added labels: Usability