This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
via 2fc5124b7ea5dd6b7035574e68be0f6441aec77e (commit)
from 8ed77b039fd0373fdc07ec79877caf34b8264cd2 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 2fc5124b7ea5dd6b7035574e68be0f6441aec77e
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Mon Aug 11 11:49:31 2014 +0200
proxy: Allow HTTP Basic authentication against Active Directory servers
Some clients may not support NTLMv2. Basic authentication can
now be activated. This is dangerous as it sends the credentials
in cleartext to the proxy server.
-----------------------------------------------------------------------
Summary of changes:
doc/language_issues.es | 1 +
doc/language_issues.fr | 1 +
doc/language_issues.nl | 1 +
doc/language_issues.pl | 1 +
doc/language_issues.ru | 1 +
doc/language_issues.tr | 1 +
doc/language_missings | 4 ++++
html/cgi-bin/proxy.cgi | 30 +++++++++++++++++++++++++++++-
langs/de/cgi-bin/de.pl | 1 +
langs/en/cgi-bin/en.pl | 1 +
10 files changed, 41 insertions(+), 1 deletion(-)
Difference in files:
diff --git a/doc/language_issues.es b/doc/language_issues.es
index 57df9d6..e256975 100644
--- a/doc/language_issues.es
+++ b/doc/language_issues.es
@@ -598,6 +598,7 @@ WARNING: untranslated string: administrator password
WARNING: untranslated string: administrator username
WARNING: untranslated string: advproxy AUTH method ntlm
WARNING: untranslated string: advproxy AUTH method ntlm auth
+WARNING: untranslated string: advproxy basic authentication
WARNING: untranslated string: advproxy cache-digest
WARNING: untranslated string: advproxy errmsg cache
WARNING: untranslated string: advproxy errmsg invalid upstream proxy
diff --git a/doc/language_issues.fr b/doc/language_issues.fr
index d2344ed..62dd5d5 100644
--- a/doc/language_issues.fr
+++ b/doc/language_issues.fr
@@ -608,6 +608,7 @@ WARNING: untranslated string: administrator password
WARNING: untranslated string: administrator username
WARNING: untranslated string: advproxy AUTH method ntlm
WARNING: untranslated string: advproxy AUTH method ntlm auth
+WARNING: untranslated string: advproxy basic authentication
WARNING: untranslated string: advproxy cache-digest
WARNING: untranslated string: advproxy errmsg cache
WARNING: untranslated string: advproxy errmsg invalid upstream proxy
diff --git a/doc/language_issues.nl b/doc/language_issues.nl
index 607d680..7360d4f 100644
--- a/doc/language_issues.nl
+++ b/doc/language_issues.nl
@@ -664,6 +664,7 @@ WARNING: untranslated string: administrator password
WARNING: untranslated string: administrator username
WARNING: untranslated string: advproxy AUTH method ntlm
WARNING: untranslated string: advproxy AUTH method ntlm auth
+WARNING: untranslated string: advproxy basic authentication
WARNING: untranslated string: advproxy group access control
WARNING: untranslated string: advproxy group required
WARNING: untranslated string: atm device
diff --git a/doc/language_issues.pl b/doc/language_issues.pl
index 57df9d6..e256975 100644
--- a/doc/language_issues.pl
+++ b/doc/language_issues.pl
@@ -598,6 +598,7 @@ WARNING: untranslated string: administrator password
WARNING: untranslated string: administrator username
WARNING: untranslated string: advproxy AUTH method ntlm
WARNING: untranslated string: advproxy AUTH method ntlm auth
+WARNING: untranslated string: advproxy basic authentication
WARNING: untranslated string: advproxy cache-digest
WARNING: untranslated string: advproxy errmsg cache
WARNING: untranslated string: advproxy errmsg invalid upstream proxy
diff --git a/doc/language_issues.ru b/doc/language_issues.ru
index 03e48b7..d7d3d26 100644
--- a/doc/language_issues.ru
+++ b/doc/language_issues.ru
@@ -601,6 +601,7 @@ WARNING: untranslated string: administrator password
WARNING: untranslated string: administrator username
WARNING: untranslated string: advproxy AUTH method ntlm
WARNING: untranslated string: advproxy AUTH method ntlm auth
+WARNING: untranslated string: advproxy basic authentication
WARNING: untranslated string: advproxy cache-digest
WARNING: untranslated string: advproxy errmsg cache
WARNING: untranslated string: advproxy errmsg invalid upstream proxy
diff --git a/doc/language_issues.tr b/doc/language_issues.tr
index b920727..623df98 100644
--- a/doc/language_issues.tr
+++ b/doc/language_issues.tr
@@ -667,6 +667,7 @@ WARNING: untranslated string: administrator password
WARNING: untranslated string: administrator username
WARNING: untranslated string: advproxy AUTH method ntlm
WARNING: untranslated string: advproxy AUTH method ntlm auth
+WARNING: untranslated string: advproxy basic authentication
WARNING: untranslated string: advproxy group access control
WARNING: untranslated string: advproxy group required
WARNING: untranslated string: bytes
diff --git a/doc/language_missings b/doc/language_missings
index 57c0870..376a460 100644
--- a/doc/language_missings
+++ b/doc/language_missings
@@ -19,6 +19,7 @@
< adsl settings
< advproxy AUTH method ntlm
< advproxy AUTH method ntlm auth
+< advproxy basic authentication
< advproxy cache-digest
< advproxy errmsg cache
< advproxy errmsg invalid upstream proxy
@@ -566,6 +567,7 @@
< adsl settings
< advproxy AUTH method ntlm
< advproxy AUTH method ntlm auth
+< advproxy basic authentication
< advproxy cache-digest
< advproxy errmsg cache
< advproxy errmsg invalid upstream proxy
@@ -1106,6 +1108,7 @@
< adsl settings
< advproxy AUTH method ntlm
< advproxy AUTH method ntlm auth
+< advproxy basic authentication
< advproxy cache-digest
< advproxy errmsg cache
< advproxy errmsg invalid upstream proxy
@@ -1622,6 +1625,7 @@
< adsl settings
< advproxy AUTH method ntlm
< advproxy AUTH method ntlm auth
+< advproxy basic authentication
< advproxy cache-digest
< advproxy errmsg cache
< advproxy errmsg invalid upstream proxy
diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi
index 9abcb91..772852b 100644
--- a/html/cgi-bin/proxy.cgi
+++ b/html/cgi-bin/proxy.cgi
@@ -267,6 +267,7 @@ $proxysettings{'LDAP_BINDDN_USER'} = '';
$proxysettings{'LDAP_BINDDN_PASS'} = '';
$proxysettings{'LDAP_GROUP'} = '';
$proxysettings{'NTLM_AUTH_GROUP'} = '';
+$proxysettings{'NTLM_AUTH_BASIC'} = 'off';
$proxysettings{'NTLM_DOMAIN'} = '';
$proxysettings{'NTLM_PDC'} = '';
$proxysettings{'NTLM_BDC'} = '';
@@ -895,6 +896,10 @@ $checked{'NTLM_USER_ACL'}{'positive'} = '';
$checked{'NTLM_USER_ACL'}{'negative'} = '';
$checked{'NTLM_USER_ACL'}{$proxysettings{'NTLM_USER_ACL'}} = "checked='checked'";
+$checked{'NTLM_AUTH_BASIC'}{'on'} = '';
+$checked{'NTLM_AUTH_BASIC'}{'off'} = '';
+$checked{'NTLM_AUTH_BASIC'}{$proxysettings{'NTLM_AUTH_BASIC'}} = "checked='checked'";
+
$checked{'RADIUS_ENABLE_ACL'}{'off'} = '';
$checked{'RADIUS_ENABLE_ACL'}{'on'} = '';
$checked{'RADIUS_ENABLE_ACL'}{$proxysettings{'RADIUS_ENABLE_ACL'}} = "checked='checked'";
@@ -2003,6 +2008,14 @@ if ($proxysettings{'AUTH_METHOD'} eq 'ntlm-auth') {
print <<END;
<hr size ='1'>
<table width='100%'>
+ <td width='20%' class='base'>$Lang::tr{'advproxy basic authentication'}:</td>
+ <td width='40%'><input type='checkbox' name='NTLM_AUTH_BASIC' $checked{'NTLM_AUTH_BASIC'}{'on'} /></td>
+ <td colspan='2'> </td>
+ </table>
+
+ <hr size='1' />
+
+ <table width='100%'>
<tr>
<td colspan='4'><b>$Lang::tr{'advproxy group access control'}</b></td>
</tr>
@@ -3376,7 +3389,22 @@ END
}
print FILE "\n";
- print FILE "auth_param ntlm children $proxysettings{'AUTH_CHILDREN'}\n";
+ print FILE "auth_param ntlm children $proxysettings{'AUTH_CHILDREN'}\n\n";
+
+ # BASIC authentication
+ if ($proxysettings{'NTLM_AUTH_BASIC'} eq "on") {
+ print FILE "auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic";
+ if ($proxysettings{'NTLM_AUTH_GROUP'}) {
+ my $ntlm_auth_group = $proxysettings{'NTLM_AUTH_GROUP'};
+ $ntlm_auth_group =~ s/\\/\+/;
+
+ print FILE " --require-membership-of=\"$ntlm_auth_group\"";
+ }
+ print FILE "\n";
+ print FILE "auth_param basic children 10\n";
+ print FILE "auth_param basic realm IPFire Web Proxy Server\n";
+ print FILE "auth_param basic credentialsttl 2 hours\n\n";
+ }
}
if ($proxysettings{'AUTH_METHOD'} eq 'radius')
diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl
index 37a2431..6c46f70 100644
--- a/langs/de/cgi-bin/de.pl
+++ b/langs/de/cgi-bin/de.pl
@@ -196,6 +196,7 @@
'advproxy back to main page' => 'Zurück zur Hauptseite',
'advproxy banned ip clients' => 'Gesperrte IP-Adressen (eine pro Zeile)',
'advproxy banned mac clients' => 'Gesperrte MAC-Adressen (eine pro Zeile)',
+'advproxy basic authentication' => 'Erlaube HTTP-Basic-Authentifizierung',
'advproxy cache management' => 'Cacheverwaltung',
'advproxy cache replacement policy' => 'Cache Ersetzungsrichtlinie',
'advproxy cache-digest' => 'Cache-Digest-Erstellung aktivieren',
diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
index ef6b5df..b537868 100644
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -196,6 +196,7 @@
'advproxy back to main page' => 'Back to main page',
'advproxy banned ip clients' => 'Banned IP addresses (one per line)',
'advproxy banned mac clients' => 'Banned MAC addresses (one per line)',
+'advproxy basic authentication' => 'Allow HTTP Basic authentication',
'advproxy cache management' => 'Cache management',
'advproxy cache replacement policy' => 'Cache replacement policy',
'advproxy cache-digest' => 'Enable Cache-Digest Generation',
hooks/post-receive
--
IPFire 2.x development tree