---------------------
PatchSet 1144 
Date: 2001/01/07 02:44:54
Author: rbcollins
Branch: auth_rewrite
Tag: (none) 
Log:
merge in ntlm

Members: 
	configure.in:1.1.1.3.10.17.2.8->1.1.1.3.10.17.2.9 
	makefile.in:1.1.1.3.10.3.2.1->1.1.1.3.10.3.2.2 
	lib/Makefile.in:1.1.1.2.10.2.2.3->1.1.1.2.10.2.2.4 
	src/cf.data.pre:1.1.1.3.4.1.2.18.2.14->1.1.1.3.4.1.2.18.2.15 

Index: squid/configure.in
===================================================================
RCS file: /cvsroot/squid-sf//squid/configure.in,v
retrieving revision 1.1.1.3.10.17.2.8
retrieving revision 1.1.1.3.10.17.2.9
diff -u -r1.1.1.3.10.17.2.8 -r1.1.1.3.10.17.2.9
--- squid/configure.in	5 Jan 2001 05:36:01 -0000	1.1.1.3.10.17.2.8
+++ squid/configure.in	7 Jan 2001 02:44:54 -0000	1.1.1.3.10.17.2.9
@@ -3,13 +3,13 @@
 dnl
 dnl  Duane Wessels, wessels@nlanr.net, February 1996 (autoconf v2.9)
 dnl
-dnl  $Id: configure.in,v 1.1.1.3.10.17.2.8 2001/01/05 05:36:01 rbcollins Exp $
+dnl  $Id: configure.in,v 1.1.1.3.10.17.2.9 2001/01/07 02:44:54 rbcollins Exp $
 dnl
 dnl
 dnl
 AC_INIT(src/main.c)
 AC_CONFIG_HEADER(include/autoconf.h)
-AC_REVISION($Revision: 1.1.1.3.10.17.2.8 $)dnl
+AC_REVISION($Revision: 1.1.1.3.10.17.2.9 $)dnl
 AC_PREFIX_DEFAULT(/usr/local/squid)
 AC_CONFIG_AUX_DIR(cfgaux)
 
@@ -680,9 +680,9 @@
 AC_ARG_ENABLE(auth,
 [  --enable-auth=\"list of auth scheme modules\"
                           Build support for the list of authentication schemes.
-                          The default is build the Basic scheme.
+                          The default is build Basic and NTLM schemes.
                           See src/auth for a list of available modules, or
-                          Programmers Guide section <not yet written>
+                          Programmers Guide section authentication schemes
                           for details on how to build your custom auth scheme
                           module],
 [ case $enableval in
@@ -700,7 +700,7 @@
   esac
 ],
 [ if test -z "$AUTH_MODULES"; then
-    AUTH_MODULES="basic"
+    AUTH_MODULES="basic ntlm"
   fi
 ])
 echo "Auth scheme modules built: $AUTH_MODULES"
@@ -733,10 +733,38 @@
   esac
 ])
 if test -n "$AUTH_BASIC_MODULES"; then
-    echo "Auth modules built: $AUTH_BASIC_MODULES"
+    echo "Basic auth modules built: $AUTH_BASIC_MODULES"
 fi
 AC_SUBST(AUTH_BASIC_MODULES)
 
+dnl Select ntlm auth modules to build
+NTLM_AUTH_MODULES=
+AC_ARG_ENABLE(ntlm-auth-modules,
+[  --enable-ntlm-auth-modules=\"list of modules\"
+                          This option selects which proxy_auth ntlm helper
+			  modules to build and install as part of the normal
+			  build process. For a list of available modules see
+                          the ntlm_auth_modules directory.],
+[ case "$enableval" in
+  yes) 
+    for module in $srcdir/ntlm_auth_modules/*; do
+	if test -f $module/Makefile.in; then
+	    NTLM_AUTH_MODULES="$NTLM_AUTH_MODULES `basename $module`"
+	fi
+    done
+    ;;
+  no)
+    ;;
+  *)
+    NTLM_AUTH_MODULES="`echo $enableval| sed -e 's/,/ /g;s/  */ /g'`"
+  esac
+])
+if test -n "$NTLM_AUTH_MODULES"; then
+    echo "NTLM auth modules built: $NTLM_AUTH_MODULES"
+fi
+AC_SUBST(NTLM_AUTH_MODULES)
+
+
 dnl Disable "unlinkd" code
 AC_ARG_ENABLE(unlinkd,
 [  --disable-unlinkd       Do not use unlinkd],
@@ -1758,6 +1786,19 @@
 	fi
 done
 
+NTLM_AUTH_MAKEFILES=""
+for module in $srcdir/ntlm_auth_modules/*; do
+        if test -f $module/Makefile.in; then
+            NTLM_AUTH_MAKEFILES="$NTLM_AUTH_MAKEFILES ./ntlm_auth_modules/`basename $module`/Makefile"
+           for submodule in $module/*; do
+               if test -f $submodule/Makefile.in; then
+                     NTLM_AUTH_MAKEFILES="$NTLM_AUTH_MAKEFILES ./ntlm_auth_modules/`basename $module`/`basename $submodule`/Makefile"
+               fi
+           done
+        fi
+done
+
+
 AC_OUTPUT(\
 	./makefile \
 	./lib/Makefile \
@@ -1778,4 +1819,6 @@
         $AUTH_SCHEME_MAKEFILES \
 	./auth_modules/Makefile \
 	$AUTH_MAKEFILES \
+        ./ntlm_auth_modules/Makefile \
+        $NTLM_AUTH_MAKEFILES \
 )
Index: squid/makefile.in
===================================================================
RCS file: /cvsroot/squid-sf//squid/Attic/makefile.in,v
retrieving revision 1.1.1.3.10.3.2.1
retrieving revision 1.1.1.3.10.3.2.2
diff -u -r1.1.1.3.10.3.2.1 -r1.1.1.3.10.3.2.2
--- squid/makefile.in	14 Dec 2000 11:24:03 -0000	1.1.1.3.10.3.2.1
+++ squid/makefile.in	7 Jan 2001 02:44:54 -0000	1.1.1.3.10.3.2.2
@@ -1,4 +1,4 @@
-# $Id: makefile.in,v 1.1.1.3.10.3.2.1 2000/12/14 11:24:03 rbcollins Exp $
+# $Id: makefile.in,v 1.1.1.3.10.3.2.2 2001/01/07 02:44:54 rbcollins Exp $
 #
 
 srcdir		= @srcdir@
@@ -14,7 +14,7 @@
 prefix		= @prefix@
 exec_prefix	= @exec_prefix@
 
-SUBDIRS		= lib @makesnmplib@ scripts src icons errors auth_modules
+SUBDIRS		= lib @makesnmplib@ scripts src icons errors auth_modules ntlm_auth_modules
 
 noargs: all
 
@@ -38,6 +38,7 @@
 	rm -f config.log makefile
 	rm -f include/paths.h include/autoconf.h include/config.h
 	rm -f auth_modules/dummy
+	rm -f ntlm_auth_modules/dummy
 	@for dir in $(SUBDIRS) contrib; do \
 		echo Making distclean in $$dir; \
 		(cd $$dir; $(MAKE) $(MFLAGS) prefix="$(prefix)" distclean); \
Index: squid/lib/Makefile.in
===================================================================
RCS file: /cvsroot/squid-sf//squid/lib/Attic/Makefile.in,v
retrieving revision 1.1.1.2.10.2.2.3
retrieving revision 1.1.1.2.10.2.2.4
diff -u -r1.1.1.2.10.2.2.3 -r1.1.1.2.10.2.2.4
--- squid/lib/Makefile.in	14 Dec 2000 11:21:33 -0000	1.1.1.2.10.2.2.3
+++ squid/lib/Makefile.in	7 Jan 2001 02:44:55 -0000	1.1.1.2.10.2.2.4
@@ -1,5 +1,5 @@
 #
-#  $Id: Makefile.in,v 1.1.1.2.10.2.2.3 2000/12/14 11:21:33 rbcollins Exp $
+#  $Id: Makefile.in,v 1.1.1.2.10.2.2.4 2001/01/07 02:44:55 rbcollins Exp $
 #
 prefix		= @prefix@
 top_srcdir	= @top_srcdir@
@@ -43,7 +43,8 @@
 		  $(LIBOBJS)
 REGEXOBJS	= GNUregex.o
 DLMALLOCOBJS	= dlmalloc.o
-LIBS		= libmiscutil.a @LIBREGEX@ @LIBDLMALLOC@
+NTLMAUTHOBJS = ntlmauth.o
+LIBS		= libmiscutil.a @LIBREGEX@ @LIBDLMALLOC@ libntlmauth.a
 
 CFLAGS		= $(AC_CFLAGS) $(INCLUDE)
 
@@ -66,6 +67,11 @@
 	$(AR_R) $@ $(DLMALLOCOBJS)
 	$(RANLIB) $@
 
+libntlmauth.a: $(NTLMAUTHOBJS)
+	$(RM) -f $@
+	$(AR_R) $@ $(NTLMAUTHOBJS)
+	$(RANLIB) $@
+
 clean:
 	-rm -f *.o $(LIBS) core
 
Index: squid/src/cf.data.pre
===================================================================
RCS file: /cvsroot/squid-sf//squid/src/cf.data.pre,v
retrieving revision 1.1.1.3.4.1.2.18.2.14
retrieving revision 1.1.1.3.4.1.2.18.2.15
diff -u -r1.1.1.3.4.1.2.18.2.14 -r1.1.1.3.4.1.2.18.2.15
--- squid/src/cf.data.pre	7 Jan 2001 00:37:02 -0000	1.1.1.3.4.1.2.18.2.14
+++ squid/src/cf.data.pre	7 Jan 2001 02:44:55 -0000	1.1.1.3.4.1.2.18.2.15
@@ -1,6 +1,6 @@
 
 #
-# $Id: cf.data.pre,v 1.1.1.3.4.1.2.18.2.14 2001/01/07 00:37:02 hno Exp $
+# $Id: cf.data.pre,v 1.1.1.3.4.1.2.18.2.15 2001/01/07 02:44:55 rbcollins Exp $
 #
 #
 # SQUID Internet Object Cache  http://squid.nlanr.net/Squid/
@@ -1174,8 +1174,46 @@
 	If you are using such a system, you will be vulnerable to replay attacks
 	unless you also enable the IP ttl is strict option.
 
+	=== NTLM scheme options follow ===
+
+	"program" cmdline
+	Specify the command for the external ntlm authenticator.  Such a
+	program reads a line containing the uuencoded NEGOTIATE and replies
+	with the ntlm CHALLENGE, then waits for the response and answers with
+	"OK" or "ERR" in an endless loop.  If you use an ntlm authenticator,
+	make sure you have 1 acl of type proxy_auth.  By default, the
+	ntlm authenticator_program is not used.
+
+	auth_param ntlm program @DEFAULT_PREFIX@/bin/ntlm_auth
+
+	"children" numberofchildren
+	The number of authenticator processes to spawn (no default). If you
+	start too few Squid will have to wait for them to process a backlog
+	of credential verifications, slowing it down. When crendential
+	verifications are done via a (slow) network you are likely to need
+	lots of authenticator processes.
+	auth_param ntlm children 5
+
+	"max_challenge_reuses" number
+	The maximum number of times a challenge given by a ntlm authentication
+	helper can be reused. Increasing this number increases your exposure 
+	to replay attacks on your network. 0 means use the challenge only once. 
+	(disable challenge caching)
+	See max_ntlm_challenge_lifetime for more information.
+	auth_param ntlm max_challenge_reuses 0
+
+	"max_challenge_lifetime" timespan
+	The maximum time period that a ntlm challenge is reused over.
+	The actual period will be the minimum of this time AND the number of 
+	reused challenges.
+	auth_param ntlm max_challenge_lifetime 2 minutes
+
 NOCOMMENT_START
 #Recommended minimum configuration:
+#auth_param ntlm program <uncomment and complete this line to activate>
+auth_param ntlm children 5
+auth_param ntlm max_challenge_reuses 0
+auth_param ntlm max_challenge_lifetime 2 minutes
 #auth_param basic program <uncomment and complete this line>
 auth_param basic children 5
 auth_param basic realm Squid proxy-caching web server