cron2 has uploaded a new patch set (#4) to the change originally created by flichtenheld. ( http://gerrit.openvpn.net/c/openvpn/+/378?usp=email )
The following approvals got outdated and were removed: Code-Review+2 by plaisthos Change subject: configure: allow to disable NTLM ...................................................................... configure: allow to disable NTLM Since we want to get rid of it, might be useful to allow users to remove the support completely. Change-Id: I199f83e2db5fc7c48a0ac9280cdbf9fa45f42300 Signed-off-by: Frank Lichtenheld <fr...@lichtenheld.com> Acked-by: Arne Schwabe <arne-open...@rfc2549.org> Message-Id: <20231230143817.4880-1-g...@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg27863.html Signed-off-by: Gert Doering <g...@greenie.muc.de> --- M config.h.cmake.in M configure.ac M src/openvpn/options.c M src/openvpn/proxy.c M src/openvpn/syshead.h 5 files changed, 17 insertions(+), 5 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/78/378/4 diff --git a/config.h.cmake.in b/config.h.cmake.in index 6c846f2..2cdfdcc 100644 --- a/config.h.cmake.in +++ b/config.h.cmake.in @@ -35,6 +35,9 @@ /* Enable LZO compression library */ #cmakedefine ENABLE_LZO +/* Enable NTLMv2 proxy support */ +#define ENABLE_NTLM 1 + /* Enable management server capability */ #define ENABLE_MANAGEMENT 1 diff --git a/configure.ac b/configure.ac index 2823f04..22ed448 100644 --- a/configure.ac +++ b/configure.ac @@ -95,6 +95,13 @@ ) AC_ARG_ENABLE( + [ntlm], + [AS_HELP_STRING([--disable-ntlm], [disable NTLMv2 proxy support @<:@default=yes@:>@])], + , + [enable_ntlm="yes"] +) + +AC_ARG_ENABLE( [plugins], [AS_HELP_STRING([--disable-plugins], [disable plug-in support @<:@default=yes@:>@])], , @@ -1302,6 +1309,7 @@ test "${enable_fragment}" = "yes" && AC_DEFINE([ENABLE_FRAGMENT], [1], [Enable internal fragmentation support]) test "${enable_port_share}" = "yes" && AC_DEFINE([ENABLE_PORT_SHARE], [1], [Enable TCP Server port sharing]) +test "${enable_ntlm}" = "yes" && AC_DEFINE([ENABLE_NTLM], [1], [Enable NTLMv2 proxy support]) test "${enable_crypto_ofb_cfb}" = "yes" && AC_DEFINE([ENABLE_OFB_CFB_MODE], [1], [Enable OFB and CFB cipher modes]) if test "${have_export_keying_material}" = "yes"; then AC_DEFINE( diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 1521872..4c00353 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -6755,8 +6755,7 @@ if (p[3]) { /* auto -- try to figure out proxy addr, port, and type automatically */ - /* semiauto -- given proxy addr:port, try to figure out type automatically */ - /* (auto|semiauto)-nct -- disable proxy auth cleartext protocols (i.e. basic auth) */ + /* auto-nct -- disable proxy auth cleartext protocols (i.e. basic auth) */ if (streq(p[3], "auto")) { ho->auth_retry = PAR_ALL; diff --git a/src/openvpn/proxy.c b/src/openvpn/proxy.c index 76e27cb..3b6f7df 100644 --- a/src/openvpn/proxy.c +++ b/src/openvpn/proxy.c @@ -638,8 +638,6 @@ { struct gc_arena gc = gc_new(); char buf[512]; - char buf2[129]; - char get[80]; int status; int nparms; bool ret = false; @@ -758,6 +756,7 @@ { #if NTLM /* look for the phase 2 response */ + char buf2[129]; while (true) { @@ -768,7 +767,8 @@ chomp(buf); msg(D_PROXY, "HTTP proxy returned: '%s'", buf); - openvpn_snprintf(get, sizeof get, "%%*s NTLM %%%ds", (int) sizeof(buf2) - 1); + char get[80]; + openvpn_snprintf(get, sizeof(get), "%%*s NTLM %%%zus", sizeof(buf2) - 1); nparms = sscanf(buf, get, buf2); buf2[128] = 0; /* we only need the beginning - ensure it's null terminated. */ diff --git a/src/openvpn/syshead.h b/src/openvpn/syshead.h index 7181b94..a021c91 100644 --- a/src/openvpn/syshead.h +++ b/src/openvpn/syshead.h @@ -472,7 +472,9 @@ /* * Should we include NTLM proxy functionality */ +#ifdef ENABLE_NTLM #define NTLM 1 +#endif /* * Should we include proxy digest auth functionality -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/378?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I199f83e2db5fc7c48a0ac9280cdbf9fa45f42300 Gerrit-Change-Number: 378 Gerrit-PatchSet: 4 Gerrit-Owner: flichtenheld <fr...@lichtenheld.com> Gerrit-Reviewer: plaisthos <arne-open...@rfc2549.org> Gerrit-CC: openvpn-devel <openvpn-devel@lists.sourceforge.net> Gerrit-MessageType: newpatchset
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
