#!/usr/bin/python
#
# HTTP Negotiate (SPNEGO) proxy authentication support for applications. This
# allows applications that do not support HTTP proxies or do not support HTTP
# proxies with Negotiate authentication to allow them to safely traverse
# orporate firewalls without whitelisting IP addresses or MAC addresses and
# rather relying on secure user authentication. This tool is not intended to
# bypass firewall or proxy restrictions, in fact this tool was designed for
# better corporate security and centralized control.
#
# A netcat-like drop-in replacement for use with programs such as SSH; now by
# simply using ProxyCommand, SSH can safely traverse the proxy through an HTTP
# CONNECT TCP tunnel.
#
# nc-negotiate host port [proxy_host] [proxy_port]
#
# Example of use with OpenSSH:
# Host myexternalhost.com:
#    ProxyCommand nc-negotiate %h %p
#

import argparse
import os

from proxy_negotiate import netcat, __version__

parser = argparse.ArgumentParser(description='Tunnels TCP traffic through a secure corporate HTTP proxy, supporting HTTP Negotiate (SPNEGO) authentication')
parser.add_argument('host', help='Hostname or IP to tunnel a connection to')
parser.add_argument('port', help='Port to tunnel a connection to', type=int)
parser.add_argument('proxy_host', help='Hostname or IP of the proxy to tunnel connection through', nargs='?',
    default=os.environ['http_proxy'].replace('http://', '').rsplit(':', 1)[0])
parser.add_argument('proxy_port', help='Port of the proxy to tunnel connection through', nargs='?', type=int,
    default=int(os.environ['http_proxy'].replace('http://', '').rsplit(':', 1)[1]))
parser.add_argument('--version', '-V', action='version', version='%(prog)s ' + __version__)
args = parser.parse_args()

netcat(args.host, args.port, args.proxy_host, args.proxy_port)
