[Openvpn-devel] [S] Change in openvpn[master]: configure: allow to disable NTLM

Fri, 03 Nov 2023 10:19:54 -0700 

Attention is currently required from: plaisthos.

Hello plaisthos,

I'd like you to do a code review.
Please visit

    http://gerrit.openvpn.net/c/openvpn/+/378?usp=email

to review the following change.


Change subject: configure: allow to disable NTLM
......................................................................

configure: allow to disable NTLM

Since we want to get rid of it, might be useful to
allow users to remove the support completely.

Change-Id: I199f83e2db5fc7c48a0ac9280cdbf9fa45f42300
Signed-off-by: Frank Lichtenheld <fr...@lichtenheld.com>
---
M config.h.cmake.in
M configure.ac
M src/openvpn/options.c
M src/openvpn/proxy.c
M src/openvpn/syshead.h
5 files changed, 17 insertions(+), 5 deletions(-)



  git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/78/378/1

diff --git a/config.h.cmake.in b/config.h.cmake.in
index f2cdd39..6334d56 100644
--- a/config.h.cmake.in
+++ b/config.h.cmake.in
@@ -35,6 +35,9 @@
 /* Enable LZO compression library */
 #cmakedefine ENABLE_LZO

+/* Enable NTLMv2 proxy support */
+#define ENABLE_NTLM 1
+
 /* Enable management server capability */
 #define ENABLE_MANAGEMENT 1

diff --git a/configure.ac b/configure.ac
index 7e5763d..56fcb4b 100644
--- a/configure.ac
+++ b/configure.ac
@@ -109,6 +109,13 @@
 )

 AC_ARG_ENABLE(
+       [ntlm],
+       [AS_HELP_STRING([--disable-ntlm], [disable NTLMv2 proxy support 
@<:@default=yes@:>@])],
+       ,
+       [enable_ntlm="yes"]
+)
+
+AC_ARG_ENABLE(
        [plugins],
        [AS_HELP_STRING([--disable-plugins], [disable plug-in support 
@<:@default=yes@:>@])],
        ,
@@ -1302,6 +1309,7 @@
 test "${enable_fragment}" = "yes" && AC_DEFINE([ENABLE_FRAGMENT], [1], [Enable 
internal fragmentation support])
 test "${enable_port_share}" = "yes" && AC_DEFINE([ENABLE_PORT_SHARE], [1], 
[Enable TCP Server port sharing])

+test "${enable_ntlm}" = "yes" && AC_DEFINE([ENABLE_NTLM], [1], [Enable NTLMv2 
proxy support])
 test "${enable_crypto_ofb_cfb}" = "yes" && AC_DEFINE([ENABLE_OFB_CFB_MODE], 
[1], [Enable OFB and CFB cipher modes])
 if test "${have_export_keying_material}" = "yes"; then
        AC_DEFINE(
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index d238269..fbf54ef 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -6760,8 +6760,7 @@
         if (p[3])
         {
             /* auto -- try to figure out proxy addr, port, and type 
automatically */
-            /* semiauto -- given proxy addr:port, try to figure out type 
automatically */
-            /* (auto|semiauto)-nct -- disable proxy auth cleartext protocols 
(i.e. basic auth) */
+            /* auto-nct -- disable proxy auth cleartext protocols (i.e. basic 
auth) */
             if (streq(p[3], "auto"))
             {
                 ho->auth_retry = PAR_ALL;
diff --git a/src/openvpn/proxy.c b/src/openvpn/proxy.c
index 76e27cb..3b6f7df 100644
--- a/src/openvpn/proxy.c
+++ b/src/openvpn/proxy.c
@@ -638,8 +638,6 @@
 {
     struct gc_arena gc = gc_new();
     char buf[512];
-    char buf2[129];
-    char get[80];
     int status;
     int nparms;
     bool ret = false;
@@ -758,6 +756,7 @@
         {
 #if NTLM
             /* look for the phase 2 response */
+            char buf2[129];

             while (true)
             {
@@ -768,7 +767,8 @@
                 chomp(buf);
                 msg(D_PROXY, "HTTP proxy returned: '%s'", buf);
 
-                openvpn_snprintf(get, sizeof get, "%%*s NTLM %%%ds", (int) 
sizeof(buf2) - 1);
+                char get[80];
+                openvpn_snprintf(get, sizeof(get), "%%*s NTLM %%%zus", 
sizeof(buf2) - 1);
                 nparms = sscanf(buf, get, buf2);
                 buf2[128] = 0; /* we only need the beginning - ensure it's 
null terminated. */

diff --git a/src/openvpn/syshead.h b/src/openvpn/syshead.h
index 7181b94..a021c91 100644
--- a/src/openvpn/syshead.h
+++ b/src/openvpn/syshead.h
@@ -472,7 +472,9 @@
 /*
  * Should we include NTLM proxy functionality
  */
+#ifdef ENABLE_NTLM
 #define NTLM 1
+#endif

 /*
  * Should we include proxy digest auth functionality

--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/378?usp=email
To unsubscribe, or for help writing mail filters, visit 
http://gerrit.openvpn.net/settings

Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I199f83e2db5fc7c48a0ac9280cdbf9fa45f42300
Gerrit-Change-Number: 378
Gerrit-PatchSet: 1
Gerrit-Owner: flichtenheld <fr...@lichtenheld.com>
Gerrit-Reviewer: plaisthos <arne-open...@rfc2549.org>
Gerrit-CC: openvpn-devel <openvpn-devel@lists.sourceforge.net>
Gerrit-Attention: plaisthos <arne-open...@rfc2549.org>
Gerrit-MessageType: newchange

_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel






















					Reply via email to