Browse code
configure: allow to disable NTLM
Since we want to get rid of it, might be useful to
allow users to remove the support completely.
Change-Id: I199f83e2db5fc7c48a0ac9280cdbf9fa45f42300
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
Acked-by: Arne Schwabe <arne-openvpn@rfc2549.org>
Message-Id: <20231230143817.4880-1-gert@greenie.muc.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg27863.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Frank Lichtenheld authored on 2023/12/30 23:38:17Showing 5 changed files
| ... | ... |
@@ -95,6 +95,13 @@ AC_ARG_ENABLE( |
| 95 | 95 |
) |
| 96 | 96 |
|
| 97 | 97 |
AC_ARG_ENABLE( |
| 98 |
+ [ntlm], |
|
| 99 |
+ [AS_HELP_STRING([--disable-ntlm], [disable NTLMv2 proxy support @<:@default=yes@:>@])], |
|
| 100 |
+ , |
|
| 101 |
+ [enable_ntlm="yes"] |
|
| 102 |
+) |
|
| 103 |
+ |
|
| 104 |
+AC_ARG_ENABLE( |
|
| 98 | 105 |
[plugins], |
| 99 | 106 |
[AS_HELP_STRING([--disable-plugins], [disable plug-in support @<:@default=yes@:>@])], |
| 100 | 107 |
, |
| ... | ... |
@@ -1302,6 +1309,7 @@ test "${enable_small}" = "yes" && AC_DEFINE([ENABLE_SMALL], [1], [Enable smaller
|
| 1302 | 1302 |
test "${enable_fragment}" = "yes" && AC_DEFINE([ENABLE_FRAGMENT], [1], [Enable internal fragmentation support])
|
| 1303 | 1303 |
test "${enable_port_share}" = "yes" && AC_DEFINE([ENABLE_PORT_SHARE], [1], [Enable TCP Server port sharing])
|
| 1304 | 1304 |
|
| 1305 |
+test "${enable_ntlm}" = "yes" && AC_DEFINE([ENABLE_NTLM], [1], [Enable NTLMv2 proxy support])
|
|
| 1305 | 1306 |
test "${enable_crypto_ofb_cfb}" = "yes" && AC_DEFINE([ENABLE_OFB_CFB_MODE], [1], [Enable OFB and CFB cipher modes])
|
| 1306 | 1307 |
if test "${have_export_keying_material}" = "yes"; then
|
| 1307 | 1308 |
AC_DEFINE( |
| ... | ... |
@@ -6755,8 +6755,7 @@ add_option(struct options *options, |
| 6755 | 6755 |
if (p[3]) |
| 6756 | 6756 |
{
|
| 6757 | 6757 |
/* auto -- try to figure out proxy addr, port, and type automatically */ |
| 6758 |
- /* semiauto -- given proxy addr:port, try to figure out type automatically */ |
|
| 6759 |
- /* (auto|semiauto)-nct -- disable proxy auth cleartext protocols (i.e. basic auth) */ |
|
| 6758 |
+ /* auto-nct -- disable proxy auth cleartext protocols (i.e. basic auth) */ |
|
| 6760 | 6759 |
if (streq(p[3], "auto")) |
| 6761 | 6760 |
{
|
| 6762 | 6761 |
ho->auth_retry = PAR_ALL; |
| ... | ... |
@@ -638,8 +638,6 @@ establish_http_proxy_passthru(struct http_proxy_info *p, |
| 638 | 638 |
{
|
| 639 | 639 |
struct gc_arena gc = gc_new(); |
| 640 | 640 |
char buf[512]; |
| 641 |
- char buf2[129]; |
|
| 642 |
- char get[80]; |
|
| 643 | 641 |
int status; |
| 644 | 642 |
int nparms; |
| 645 | 643 |
bool ret = false; |
| ... | ... |
@@ -758,6 +756,7 @@ establish_http_proxy_passthru(struct http_proxy_info *p, |
| 758 | 758 |
{
|
| 759 | 759 |
#if NTLM |
| 760 | 760 |
/* look for the phase 2 response */ |
| 761 |
+ char buf2[129]; |
|
| 761 | 762 |
|
| 762 | 763 |
while (true) |
| 763 | 764 |
{
|
| ... | ... |
@@ -768,7 +767,8 @@ establish_http_proxy_passthru(struct http_proxy_info *p, |
| 768 | 768 |
chomp(buf); |
| 769 | 769 |
msg(D_PROXY, "HTTP proxy returned: '%s'", buf); |
| 770 | 770 |
|
| 771 |
- openvpn_snprintf(get, sizeof get, "%%*s NTLM %%%ds", (int) sizeof(buf2) - 1); |
|
| 771 |
+ char get[80]; |
|
| 772 |
+ openvpn_snprintf(get, sizeof(get), "%%*s NTLM %%%zus", sizeof(buf2) - 1); |
|
| 772 | 773 |
nparms = sscanf(buf, get, buf2); |
| 773 | 774 |
buf2[128] = 0; /* we only need the beginning - ensure it's null terminated. */ |
| 774 | 775 |
|