Fallback to ntlmv2 when kerberos authentication fails

[fralken]

Current Kerberos implementation falls back to NTLMv2 authentication but, since NTLMv2 is disabled when Kerberos is chosen, it always fails even if credentials are provided in the configuration file. This PR keeps NTLMv2 enabled (as default) when Kerberos is chosen. I have a scenario when some proxies accept kerberos but one accepts only ntlm.

[jschwartzenberg]

I would suggest creating different PRs for the different features. That way they can be merged one by one and regressions are easier to spot/bisect. Maybe you meant to only have the first commit for this PR?

The pac library replacement is very interesting. I imagine this will let it work on Windows too. (It's not trivial to compile pacparser on Windows.) Also you managed to let pac fully work when cntlm is access through socks? :)

[sonarcloud[bot]]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
1 Security Hotspot
1 Code Smell

No Coverage information
No Duplication information

[fralken]

Sorry, my mistake I pushed commits in the wrong branch. Now I fixed it. And yes, I completely reimplemented the pac logic, so that it works also for socks and tunnel connections, and not only for http proxy as it was before. Also, I removed the dependency with pacparser by using an embedded javascript engine (duktape). You can have a look in my fork.

[jschwartzenberg]

I completely reimplemented the pac logic, so that it works also for socks and tunnel connections, and not only for http proxy as it was before. Also, I removed the dependency with pacparser by using an embedded javascript engine (duktape).

Amazing work!! That will help a lot of users! Will you open a PR soon? Let me know if you'd like me to test this already.