Proxy authentication mechanism support in cargo #7330
Comments
baburkin
added
the
C-feature-request
…gested by rust-lang#7330. The added authentication methods added are supported by `libcurl`: * NTLM * NTLM_WB * GSSNEGOTIATE * BASIC * DIGEST * DIGEST_IE The authentication methods suggest user credentials to be provided as well - and their support will be added in future commits.
This commit adds support for HTTP proxy authentication methods in cargo as suggested by rust-lang#7330. The added authentication methods added are supported by `libcurl`: * NTLM * NTLM_WB * GSSNEGOTIATE * BASIC * DIGEST * DIGEST_IE The authentication methods suggest user credentials to be provided as well - and their support will be added in future commits.
|
Thanks for opening this up @baburkin If you're curious to work on this, that'd be awesome! It looks like the configuration would go roughly around here and the methods this'd use would be: We'd probably want to make sure that the password could be loaded from |
This commit adds support of credentials for proxy authentication: ```toml [http] proxy-username = "foo" proxy-password = "bar" ```
This commit updates cargo config documentation with settings for proxy authentication, such as `proxy-auth`, `proxy-username`, `proxy-password`.
|
Temporary workaround has been found and described here. |
|
Since there seems to be no movement here I just wanted to say that this is really a problem. I wanted to have a look at rust in order to see whether it would be interesting for our company and I lost a whole afternoon due to this. Will try the mentioned workaround now. |
|
Any updates? |
|
|
|
@Eh2406 Here's the [package]
name = "hello"
version = "0.1.0"
edition = "2021"
[dependencies]
thirtyfour_sync = "0.27.1"and When I use $ curl https://crates.io/
curl: (56) Received HTTP code 407 from proxy after CONNECT
$ curl --proxy-ntlm --proxy-user <user>:<password> --proxy <IP> https://crates.io/
{"errors":[{"detail":"Not Found"}]} #error response from crates.io (i.e. request itself succeeded)I can also access crates.io via browsers. |
|
I'm also getting a 407 code from cargo which is due to failed authentication with a corporate proxy server. The above code changes from babukin appear to add the necessary parameters to the configuration to allow us to specify the details necessary to get the proxy server to work correctly with cargo. What is needed to move this fix forward? |
|
Hey, I made a working cargo patch here: #11433 It'd be nice if others could test it out. The idea is to have the proxy auth work automatically when it's possible, so just setting The main issue from what I can tell is that corporate (kerberos) proxies use "gss"/spnego authentication, which requires curl to be built with a 3rd-party library. However,
So either 1/ we need official cargo builds to link dynamically to libcurl and gss support depends on the user's libcurl, or 2/ figure out how to vendor libgss. I'm more for option 2, so I opened an issue on curl-rust: alexcrichton/curl-rust#481 |
epage
added
the
S-needs-design
Problem statement
Currently
cargodoes not support updating crates index from GitHub behind some types of proxy, e.g. NTLM (which can often be the case for companies that don't allow direct access to GitHub due to corporate security policies).For example, I am able to download the index manually, via
curl, e.g.:But
cargofails to apply the correct authentication mechanism when dealing with the proxy.Proposed solution
Ideally, it would be nice to be able to to specify in
~/.cargo/config:And
cargoshould use that config for proxy authentication.Notes
There are few other proxy authentication (DIGEST, SPNEGO, etc.) methods that
curlsupports besides the NTLM, so eventually all of them might be supported bycargo.This feature request was spawned off from Issue 6513
The text was updated successfully, but these errors were encountered: