X-Git-Url: http://git.ipfire.org/?p=ipfire-2.x.git;a=blobdiff_plain;f=html%2Fcgi-bin%2Fproxy.cgi;h=3139e51729091548bc3f1040b1e6bf980131d339;hp=75f535151b1fd240554e5b28b76892ce41434131;hb=ea72700a3b5f53680b218e9261593806bdc5f7d4;hpb=eedca6e36c1131ce5542da5ccbfbb5667648c024 diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi index 75f535151b..3139e51729 100644 --- a/html/cgi-bin/proxy.cgi +++ b/html/cgi-bin/proxy.cgi @@ -89,7 +89,6 @@ my $errormessage=''; my $acldir = "${General::swroot}/proxy/advanced/acls"; my $ncsadir = "${General::swroot}/proxy/advanced/ncsa"; -my $ntlmdir = "${General::swroot}/proxy/advanced/ntlm"; my $raddir = "${General::swroot}/proxy/advanced/radius"; my $identdir = "${General::swroot}/proxy/advanced/ident"; my $credir = "${General::swroot}/proxy/advanced/cre"; @@ -137,7 +136,6 @@ my $urlfilterversion = 'n/a'; unless (-d "$acldir") { mkdir("$acldir"); } unless (-d "$ncsadir") { mkdir("$ncsadir"); } -unless (-d "$ntlmdir") { mkdir("$ntlmdir"); } unless (-d "$raddir") { mkdir("$raddir"); } unless (-d "$identdir") { mkdir("$identdir"); } unless (-d "$credir") { mkdir("$credir"); } @@ -546,33 +544,6 @@ if (($proxysettings{'ACTION'} eq $Lang::tr{'save'}) || ($proxysettings{'ACTION'} } } } - if ($proxysettings{'AUTH_METHOD'} eq 'ntlm') - { - if ($proxysettings{'NTLM_DOMAIN'} eq '') - { - $errormessage = $Lang::tr{'advproxy errmsg ntlm domain'}; - goto ERROR; - } - if ($proxysettings{'NTLM_PDC'} eq '') - { - $errormessage = $Lang::tr{'advproxy errmsg ntlm pdc'}; - goto ERROR; - } - if (!&General::validhostname($proxysettings{'NTLM_PDC'})) - { - $errormessage = $Lang::tr{'advproxy errmsg invalid pdc'}; - goto ERROR; - } - if ((!($proxysettings{'NTLM_BDC'} eq '')) && (!&General::validhostname($proxysettings{'NTLM_BDC'}))) - { - $errormessage = $Lang::tr{'advproxy errmsg invalid bdc'}; - goto ERROR; - } - - $proxysettings{'NTLM_DOMAIN'} = lc($proxysettings{'NTLM_DOMAIN'}); - $proxysettings{'NTLM_PDC'} = lc($proxysettings{'NTLM_PDC'}); - $proxysettings{'NTLM_BDC'} = lc($proxysettings{'NTLM_BDC'}); - } if ($proxysettings{'AUTH_METHOD'} eq 'radius') { if (!&General::validip($proxysettings{'RADIUS_SERVER'})) @@ -857,7 +828,6 @@ $checked{'AUTH_METHOD'}{'none'} = ''; $checked{'AUTH_METHOD'}{'ncsa'} = ''; $checked{'AUTH_METHOD'}{'ident'} = ''; $checked{'AUTH_METHOD'}{'ldap'} = ''; -$checked{'AUTH_METHOD'}{'ntlm'} = ''; $checked{'AUTH_METHOD'}{'ntlm-auth'} = ''; $checked{'AUTH_METHOD'}{'radius'} = ''; $checked{'AUTH_METHOD'}{$proxysettings{'AUTH_METHOD'}} = "checked='checked'"; @@ -1699,7 +1669,6 @@ print <$Lang::tr{'advproxy AUTH method ncsa'} $Lang::tr{'advproxy AUTH method ident'} $Lang::tr{'advproxy AUTH method ldap'} - $Lang::tr{'advproxy AUTH method ntlm'} END if ($HAVE_NTLM_AUTH) { @@ -1914,80 +1883,6 @@ if ($proxysettings{'AUTH_METHOD'} eq 'ident') { print < - - - - - - - - - - - - -
$Lang::tr{'advproxy NTLM domain settings'}
$Lang::tr{'advproxy NTLM domain'}:$Lang::tr{'advproxy NTLM PDC hostname'}:$Lang::tr{'advproxy NTLM BDC hostname'}:
-
- - - - - - - - - -
$Lang::tr{'advproxy NTLM auth mode'}
$Lang::tr{'advproxy NTLM use integrated auth'}: 
-
- - - - - - - - - - - - - - - - - - - - - - -
$Lang::tr{'advproxy NTLM user based access restrictions'}
$Lang::tr{'advproxy enabled'}:  
- $Lang::tr{'advproxy NTLM use positive access list'}: - $Lang::tr{'advproxy NTLM use negative access list'}:
$Lang::tr{'advproxy NTLM authorized users'}$Lang::tr{'advproxy NTLM unauthorized users'}
-END -; } - # =================================================================== # NTLM-AUTH settings # =================================================================== @@ -2199,19 +2094,6 @@ print < - - - - - - - -END -; } - if (!($proxysettings{'AUTH_METHOD'} eq 'radius')) { print < @@ -2501,18 +2383,6 @@ sub read_acls while () { $proxysettings{'MIME_TYPES'} .= $_ }; close(FILE); } - if (-e "$ntlmdir/msntauth.allowusers") { - open(FILE,"$ntlmdir/msntauth.allowusers"); - delete $proxysettings{'NTLM_ALLOW_USERS'}; - while () { $proxysettings{'NTLM_ALLOW_USERS'} .= $_ }; - close(FILE); - } - if (-e "$ntlmdir/msntauth.denyusers") { - open(FILE,"$ntlmdir/msntauth.denyusers"); - delete $proxysettings{'NTLM_DENY_USERS'}; - while () { $proxysettings{'NTLM_DENY_USERS'} .= $_ }; - close(FILE); - } if (-e "$raddir/radauth.allowusers") { open(FILE,"$raddir/radauth.allowusers"); delete $proxysettings{'RADIUS_ALLOW_USERS'}; @@ -2952,16 +2822,6 @@ sub write_acls print FILE $proxysettings{'MIME_TYPES'}; close(FILE); - open(FILE, ">$ntlmdir/msntauth.allowusers"); - flock(FILE, 2); - print FILE $proxysettings{'NTLM_ALLOW_USERS'}; - close(FILE); - - open(FILE, ">$ntlmdir/msntauth.denyusers"); - flock(FILE, 2); - print FILE $proxysettings{'NTLM_DENY_USERS'}; - close(FILE); - open(FILE, ">$raddir/radauth.allowusers"); flock(FILE, 2); print FILE $proxysettings{'RADIUS_ALLOW_USERS'}; @@ -3376,39 +3236,6 @@ END if (!($proxysettings{'AUTH_IPCACHE_TTL'} eq '0')) { print FILE "\nauthenticate_ip_ttl $proxysettings{'AUTH_IPCACHE_TTL'} minutes\n"; } } - if ($proxysettings{'AUTH_METHOD'} eq 'ntlm') - { - if ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'on') - { - print FILE "auth_param ntlm program $authdir/ntlm_smb_lm_auth $proxysettings{'NTLM_DOMAIN'}/$proxysettings{'NTLM_PDC'}"; - if ($proxysettings{'NTLM_BDC'} eq '') { print FILE "\n"; } else { print FILE " $proxysettings{'NTLM_DOMAIN'}/$proxysettings{'NTLM_BDC'}\n"; } - print FILE "auth_param ntlm children $proxysettings{'AUTH_CHILDREN'}\n"; - if (!($proxysettings{'AUTH_IPCACHE_TTL'} eq '0')) { print FILE "\nauthenticate_ip_ttl $proxysettings{'AUTH_IPCACHE_TTL'} minutes\n"; } - } else { - print FILE "auth_param basic program $authdir/basic_msnt_auth\n"; - print FILE "auth_param basic children $proxysettings{'AUTH_CHILDREN'}\n"; - print FILE "auth_param basic realm $authrealm\n"; - print FILE "auth_param basic credentialsttl $proxysettings{'AUTH_CACHE_TTL'} minutes\n"; - if (!($proxysettings{'AUTH_IPCACHE_TTL'} eq '0')) { print FILE "\nauthenticate_ip_ttl $proxysettings{'AUTH_IPCACHE_TTL'} minutes\n"; } - - open(MSNTCONF, ">$ntlmdir/msntauth.conf"); - flock(MSNTCONF,2); - print MSNTCONF "server $proxysettings{'NTLM_PDC'}"; - if ($proxysettings{'NTLM_BDC'} eq '') { print MSNTCONF " $proxysettings{'NTLM_PDC'}"; } else { print MSNTCONF " $proxysettings{'NTLM_BDC'}"; } - print MSNTCONF " $proxysettings{'NTLM_DOMAIN'}\n"; - if ($proxysettings{'NTLM_ENABLE_ACL'} eq 'on') - { - if ($proxysettings{'NTLM_USER_ACL'} eq 'positive') - { - print MSNTCONF "allowusers $ntlmdir/msntauth.allowusers\n"; - } else { - print MSNTCONF "denyusers $ntlmdir/msntauth.denyusers\n"; - } - } - close(MSNTCONF); - } - } - if ($proxysettings{'AUTH_METHOD'} eq 'ntlm-auth') { print FILE "auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp"; @@ -3451,17 +3278,6 @@ END print FILE "\n"; print FILE "acl for_inetusers proxy_auth REQUIRED\n"; - if (($proxysettings{'AUTH_METHOD'} eq 'ntlm') && ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'on') && ($proxysettings{'NTLM_ENABLE_ACL'} eq 'on')) - { - if ((!-z "$ntlmdir/msntauth.allowusers") && ($proxysettings{'NTLM_USER_ACL'} eq 'positive')) - { - print FILE "acl for_acl_users proxy_auth \"$ntlmdir/msntauth.allowusers\"\n"; - } - if ((!-z "$ntlmdir/msntauth.denyusers") && ($proxysettings{'NTLM_USER_ACL'} eq 'negative')) - { - print FILE "acl for_acl_users proxy_auth \"$ntlmdir/msntauth.denyusers\"\n"; - } - } if (($proxysettings{'AUTH_METHOD'} eq 'radius') && ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on')) { if ((!-z "$raddir/radauth.allowusers") && ($proxysettings{'RADIUS_USER_ACL'} eq 'positive')) @@ -3820,24 +3636,10 @@ END { if (!-z $disgrp) { print FILE " !for_disabled_users"; } else { print FILE " for_inetusers"; } } - if (($proxysettings{'AUTH_METHOD'} eq 'ldap') || (($proxysettings{'AUTH_METHOD'} eq 'ntlm') && ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'off')) || ($proxysettings{'AUTH_METHOD'} eq 'radius')) + if (($proxysettings{'AUTH_METHOD'} eq 'ldap') || ($proxysettings{'AUTH_METHOD'} eq 'radius')) { print FILE " for_inetusers"; } - if (($proxysettings{'AUTH_METHOD'} eq 'ntlm') && ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'on')) - { - if ($proxysettings{'NTLM_ENABLE_ACL'} eq 'on') - { - if (($proxysettings{'NTLM_USER_ACL'} eq 'positive') && (!-z "$ntlmdir/msntauth.allowusers")) - { - print FILE " for_acl_users"; - } - if (($proxysettings{'NTLM_USER_ACL'} eq 'negative') && (!-z "$ntlmdir/msntauth.denyusers")) - { - print FILE " !for_acl_users"; - } - } else { print FILE " for_inetusers"; } - } if (($proxysettings{'AUTH_METHOD'} eq 'radius') && ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on')) { if ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on') @@ -3865,24 +3667,10 @@ END { if (!-z $disgrp) { print FILE " !for_disabled_users"; } else { print FILE " for_inetusers"; } } - if (($proxysettings{'AUTH_METHOD'} eq 'ldap') || (($proxysettings{'AUTH_METHOD'} eq 'ntlm') && ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'off')) || ($proxysettings{'AUTH_METHOD'} eq 'radius')) + if (($proxysettings{'AUTH_METHOD'} eq 'ldap') || ($proxysettings{'AUTH_METHOD'} eq 'radius')) { print FILE " for_inetusers"; } - if (($proxysettings{'AUTH_METHOD'} eq 'ntlm') && ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'on')) - { - if ($proxysettings{'NTLM_ENABLE_ACL'} eq 'on') - { - if (($proxysettings{'NTLM_USER_ACL'} eq 'positive') && (!-z "$ntlmdir/msntauth.allowusers")) - { - print FILE " for_acl_users"; - } - if (($proxysettings{'NTLM_USER_ACL'} eq 'negative') && (!-z "$ntlmdir/msntauth.denyusers")) - { - print FILE " !for_acl_users"; - } - } else { print FILE " for_inetusers"; } - } if (($proxysettings{'AUTH_METHOD'} eq 'radius') && ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on')) { if ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on') @@ -3908,14 +3696,6 @@ END } if ( - ( - ($proxysettings{'AUTH_METHOD'} eq 'ntlm') && - ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'on') && - ($proxysettings{'NTLM_ENABLE_ACL'} eq 'on') && - ($proxysettings{'NTLM_USER_ACL'} eq 'negative') && - (!-z "$ntlmdir/msntauth.denyusers") - ) - || ( ($proxysettings{'AUTH_METHOD'} eq 'radius') && ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on') && @@ -3950,14 +3730,6 @@ END print FILE "http_access allow IPFire_networks"; if ( - ( - ($proxysettings{'AUTH_METHOD'} eq 'ntlm') && - ($proxysettings{'NTLM_ENABLE_INT_AUTH'} eq 'on') && - ($proxysettings{'NTLM_ENABLE_ACL'} eq 'on') && - ($proxysettings{'NTLM_USER_ACL'} eq 'positive') && - (!-z "$ntlmdir/msntauth.allowusers") - ) - || ( ($proxysettings{'AUTH_METHOD'} eq 'radius') && ($proxysettings{'RADIUS_ENABLE_ACL'} eq 'on') &&