Attention is currently required from: plaisthos.
Hello plaisthos,
I'd like you to do a code review.
Please visit
http://gerrit.openvpn.net/c/openvpn/+/378?usp=email
to review the following change.
Change subject: configure: allow to disable NTLM
......................................................................
configure: allow to disable NTLM
Since we want to get rid of it, might be useful to
allow users to remove the support completely.
Change-Id: I199f83e2db5fc7c48a0ac9280cdbf9fa45f42300
Signed-off-by: Frank Lichtenheld <[email protected]>
---
M config.h.cmake.in
M configure.ac
M src/openvpn/options.c
M src/openvpn/proxy.c
M src/openvpn/syshead.h
5 files changed, 17 insertions(+), 5 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/78/378/1
diff --git a/config.h.cmake.in b/config.h.cmake.in
index f2cdd39..6334d56 100644
--- a/config.h.cmake.in
+++ b/config.h.cmake.in
@@ -35,6 +35,9 @@
/* Enable LZO compression library */
#cmakedefine ENABLE_LZO
+/* Enable NTLMv2 proxy support */
+#define ENABLE_NTLM 1
+
/* Enable management server capability */
#define ENABLE_MANAGEMENT 1
diff --git a/configure.ac b/configure.ac
index 7e5763d..56fcb4b 100644
--- a/configure.ac
+++ b/configure.ac
@@ -109,6 +109,13 @@
)
AC_ARG_ENABLE(
+ [ntlm],
+ [AS_HELP_STRING([--disable-ntlm], [disable NTLMv2 proxy support
@<:@default=yes@:>@])],
+ ,
+ [enable_ntlm="yes"]
+)
+
+AC_ARG_ENABLE(
[plugins],
[AS_HELP_STRING([--disable-plugins], [disable plug-in support
@<:@default=yes@:>@])],
,
@@ -1302,6 +1309,7 @@
test "${enable_fragment}" = "yes" && AC_DEFINE([ENABLE_FRAGMENT], [1], [Enable
internal fragmentation support])
test "${enable_port_share}" = "yes" && AC_DEFINE([ENABLE_PORT_SHARE], [1],
[Enable TCP Server port sharing])
+test "${enable_ntlm}" = "yes" && AC_DEFINE([ENABLE_NTLM], [1], [Enable NTLMv2
proxy support])
test "${enable_crypto_ofb_cfb}" = "yes" && AC_DEFINE([ENABLE_OFB_CFB_MODE],
[1], [Enable OFB and CFB cipher modes])
if test "${have_export_keying_material}" = "yes"; then
AC_DEFINE(
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index d238269..fbf54ef 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -6760,8 +6760,7 @@
if (p[3])
{
/* auto -- try to figure out proxy addr, port, and type
automatically */
- /* semiauto -- given proxy addr:port, try to figure out type
automatically */
- /* (auto|semiauto)-nct -- disable proxy auth cleartext protocols
(i.e. basic auth) */
+ /* auto-nct -- disable proxy auth cleartext protocols (i.e. basic
auth) */
if (streq(p[3], "auto"))
{
ho->auth_retry = PAR_ALL;
diff --git a/src/openvpn/proxy.c b/src/openvpn/proxy.c
index 76e27cb..3b6f7df 100644
--- a/src/openvpn/proxy.c
+++ b/src/openvpn/proxy.c
@@ -638,8 +638,6 @@
{
struct gc_arena gc = gc_new();
char buf[512];
- char buf2[129];
- char get[80];
int status;
int nparms;
bool ret = false;
@@ -758,6 +756,7 @@
{
#if NTLM
/* look for the phase 2 response */
+ char buf2[129];
while (true)
{
@@ -768,7 +767,8 @@
chomp(buf);
msg(D_PROXY, "HTTP proxy returned: '%s'", buf);
- openvpn_snprintf(get, sizeof get, "%%*s NTLM %%%ds", (int)
sizeof(buf2) - 1);
+ char get[80];
+ openvpn_snprintf(get, sizeof(get), "%%*s NTLM %%%zus",
sizeof(buf2) - 1);
nparms = sscanf(buf, get, buf2);
buf2[128] = 0; /* we only need the beginning - ensure it's
null terminated. */
diff --git a/src/openvpn/syshead.h b/src/openvpn/syshead.h
index 7181b94..a021c91 100644
--- a/src/openvpn/syshead.h
+++ b/src/openvpn/syshead.h
@@ -472,7 +472,9 @@
/*
* Should we include NTLM proxy functionality
*/
+#ifdef ENABLE_NTLM
#define NTLM 1
+#endif
/*
* Should we include proxy digest auth functionality
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/378?usp=email
To unsubscribe, or for help writing mail filters, visit
http://gerrit.openvpn.net/settings
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I199f83e2db5fc7c48a0ac9280cdbf9fa45f42300
Gerrit-Change-Number: 378
Gerrit-PatchSet: 1
Gerrit-Owner: flichtenheld <[email protected]>
Gerrit-Reviewer: plaisthos <[email protected]>
Gerrit-CC: openvpn-devel <[email protected]>
Gerrit-Attention: plaisthos <[email protected]>
Gerrit-MessageType: newchange
_______________________________________________
Openvpn-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
