SQUID_STATE_ROLLBACK([krbsave])
AM_CONDITIONAL(HAVE_SPNEGO, test x"$squid_cv_have_spnego" = x"yes" )
-dnl Enable "NTLM fail open"
-AC_ARG_ENABLE(ntlm-fail-open,
- AS_HELP_STRING([--enable-ntlm-fail-open],
- [Enable NTLM fail open, where a helper that fails one of the
- Authentication steps can allow squid to still authenticate
- the user. This has security implications, and is deprecated]),
-[
- SQUID_YESNO([$enableval],[--enable-ntlm-fail-open takes no argument])
-])
-SQUID_DEFINE_BOOL(NTLM_FAIL_OPEN,${enable_ntlm_fail_open:=no},
- [Define if NTLM is allowed to fail gracefully when a helper has problems.])
-AC_MSG_NOTICE([ntlm-fail-open enabled: $enable_ntlm_fail_open])
-
AC_ARG_ENABLE(external-acl-helpers,
AS_HELP_STRING([--enable-external-acl-helpers="list of helpers"],
[Enable external_acl helpers support and thelpers themselves.
};
/* local functions */
-void send_bh_or_ld(char const *bhmessage, ntlm_authenticate * failedauth, int authlen);
void usage(void);
void process_options(int argc, char *argv[]);
const char * obtain_challenge(void);
char error_messages_buffer[NTLM_BLOB_BUFFER_SIZE];
#endif
char load_balance = 0, protocol_pedantic = 0;
-#if NTLM_FAIL_OPEN
-char last_ditch_enabled = 0;
-#endif
dc *controllers = NULL;
int numcontrollers = 0;
dc *current_dc;
dc_disconnect();
}
-void
-send_bh_or_ld(char const *bhmessage, ntlm_authenticate * failedauth, int authlen)
-{
-#if NTLM_FAIL_OPEN
- char user[NTLM_MAX_FIELD_LENGTH];
- char domain[NTLM_MAX_FIELD_LENGTH];
- if (last_ditch_enabled) {
- user[0] = '\0';
- domain[0] = '\0';
- if (ntlm_unpack_auth(failedauth, user, domain, authlen) == 0) {
- lc(domain);
- lc(user);
- SEND3("LD %s%s%s", domain, (domain[0]!='\0'?"//":""), user);
- } else {
- SEND("NA last-ditch on, but no credentials");
- }
- } else {
-#endif
- SEND2("BH %s", bhmessage);
-#if NTLM_FAIL_OPEN
- }
-#endif
-}
-
/*
* options:
* -b try load-balancing the domain-controllers
"%s usage:\n%s [-b] [-f] [-d] [-l] domain\\controller [domain\\controller ...]\n"
"-b enables load-balancing among controllers\n"
"-f enables failover among controllers (DEPRECATED and always active)\n"
- "-l changes behavior on domain controller failyures to last-ditch.\n"
"-d enables debugging statements if DEBUG was defined at build-time.\n\n"
"You MUST specify at least one Domain Controller.\n"
"You can use either \\ or / as separator between the domain name \n"
fprintf(stderr,
"WARNING. The -f flag is DEPRECATED and always active.\n");
break;
-#if NTLM_FAIL_OPEN
- case 'l':
- last_ditch_enabled = 1;
- break;
-#endif
case 'd':
debug_enabled=1;
break;
/* Should I use smblib_err? Actually it seems I can do as well
* without it.. */
if (nb_error != 0) { /* netbios-level error */
- send_bh_or_ld("NetBios error!",
- (ntlm_authenticate *) decoded, decodedLen);
+ SEND("BH NetBios error!");
fprintf(stderr, "NetBios error code %d (%s)\n", nb_error,
RFCNB_Error_Strings[abs(nb_error)]);
return;
case SMBC_SUCCESS:
debug("Huh? Got a SMB success code but could check auth..");
SEND("NA Authentication failed");
- /*
- * send_bh_or_ld("SMB success, but no creds. Internal error?",
- * (ntlm_authenticate *) decoded, decodedLen);
- */
return;
case SMBC_ERRDOS:
/*this is the most important one for errors */
SEND("NA Bad Data");
return;
default:
- send_bh_or_ld("DOS Error",
- (ntlm_authenticate *) decoded, decodedLen);
+ SEND("BH DOS Error");
return;
}
case SMBC_ERRSRV: /* server errors */
SEND("NA Server access error");
return;
default:
- send_bh_or_ld("Server Error",
- (ntlm_authenticate *) decoded, decodedLen);
+ SEND("BH Server Error");
return;
}
case SMBC_ERRHRD: /* hardware errors don't really matter */
- send_bh_or_ld("Domain Controller Hardware error",
- (ntlm_authenticate *) decoded, decodedLen);
+ SEND("BH Domain Controller Hardware error");
return;
case SMBC_ERRCMD:
- send_bh_or_ld("Domain Controller Command Error",
- (ntlm_authenticate *) decoded, decodedLen);
+ SEND("BH Domain Controller Command Error");
return;
}
SEND("BH unknown internal error.");
projects / thirdparty / squid.git / commitdiff
