webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-18 23:12:59 +02:00
Code Issues Packages Projects Releases Wiki Activity

proxy: Allow HTTP Basic authentication against Active Directory servers

Browse Source 
Some clients may not support NTLMv2. Basic authentication can
now be activated. This is dangerous as it sends the credentials
in cleartext to the proxy server.
This commit is contained in:
Michael Tremer
2014-08-11 11:49:31 +02:00
parent 8ed77b039f
commit 2fc5124b7e
10 changed files with 41 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
html/cgi-bin/proxy.cgi
View File

@@ -267,6 +267,7 @@ $proxysettings{'LDAP_BINDDN_USER'} = '';
$proxysettings{'LDAP_BINDDN_PASS'} = '';
$proxysettings{'LDAP_GROUP'} = '';
$proxysettings{'NTLM_AUTH_GROUP'} = '';
$proxysettings{'NTLM_AUTH_BASIC'} = 'off';
$proxysettings{'NTLM_DOMAIN'} = '';
$proxysettings{'NTLM_PDC'} = '';
$proxysettings{'NTLM_BDC'} = '';
@@ -895,6 +896,10 @@ $checked{'NTLM_USER_ACL'}{'positive'} = '';
$checked{'NTLM_USER_ACL'}{'negative'} = '';
$checked{'NTLM_USER_ACL'}{$proxysettings{'NTLM_USER_ACL'}} = "checked='checked'";
$checked{'NTLM_AUTH_BASIC'}{'on'} = '';
$checked{'NTLM_AUTH_BASIC'}{'off'} = '';
$checked{'NTLM_AUTH_BASIC'}{$proxysettings{'NTLM_AUTH_BASIC'}} = "checked='checked'";
$checked{'RADIUS_ENABLE_ACL'}{'off'} = '';
$checked{'RADIUS_ENABLE_ACL'}{'on'} = '';
$checked{'RADIUS_ENABLE_ACL'}{$proxysettings{'RADIUS_ENABLE_ACL'}} = "checked='checked'";
@@ -2002,6 +2007,14 @@ END
if ($proxysettings{'AUTH_METHOD'} eq 'ntlm-auth') {
print <<END;
<hr size ='1'>
<table width='100%'>
<td width='20%' class='base'>$Lang::tr{'advproxy basic authentication'}:</td>
<td width='40%'><input type='checkbox' name='NTLM_AUTH_BASIC' $checked{'NTLM_AUTH_BASIC'}{'on'} /></td>
<td colspan='2'>&nbsp;</td>
</table>
<hr size='1' />
<table width='100%'>
<tr>
<td colspan='4'><b>$Lang::tr{'advproxy group access control'}</b></td>
@@ -3376,7 +3389,22 @@ END
}
print FILE "\n";
print FILE "auth_param ntlm children $proxysettings{'AUTH_CHILDREN'}\n";
print FILE "auth_param ntlm children $proxysettings{'AUTH_CHILDREN'}\n\n";
# BASIC authentication
if ($proxysettings{'NTLM_AUTH_BASIC'} eq "on") {
print FILE "auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic";
if ($proxysettings{'NTLM_AUTH_GROUP'}) {
my $ntlm_auth_group = $proxysettings{'NTLM_AUTH_GROUP'};
$ntlm_auth_group =~ s/\\/\+/;
print FILE " --require-membership-of=\"$ntlm_auth_group\"";
}
print FILE "\n";
print FILE "auth_param basic children 10\n";
print FILE "auth_param basic realm IPFire Web Proxy Server\n";
print FILE "auth_param basic credentialsttl 2 hours\n\n";
}
}
if ($proxysettings{'AUTH_METHOD'} eq 'radius')