From 7dba4ac446341548a0b101489785f2cef9a33caa Mon Sep 17 00:00:00 2001
From: Amos Jeffries <yadij@users.noreply.github.com>
Date: Mon, 8 Oct 2018 00:11:14 +0000
Subject: [PATCH] ntlm_fake_auth: add ability to test delayed responses (#294)

Add a -t parameter which sets a timeout to artificially delay
authentication responses by a fixed amount longer than their
normal delay.

This enables the fake authenticator to be used to test NTLM
client and Squid behaviour under various network latency and
stress conditions which delay ActiveDirectory responses.
---
 src/auth/ntlm/fake/ntlm_fake_auth.cc | 19 +++++++++++++++++--
 1 file changed, 17 insertions(+), 2 deletions(-)

diff --git a/src/auth/ntlm/fake/ntlm_fake_auth.cc b/src/auth/ntlm/fake/ntlm_fake_auth.cc
index 0c43cf6e7c5..fa1e568cbdb 100644
--- a/src/auth/ntlm/fake/ntlm_fake_auth.cc
+++ b/src/auth/ntlm/fake/ntlm_fake_auth.cc
@@ -40,6 +40,7 @@
 #include "ntlmauth/support_bits.cci"
 
 #include <cctype>
+#include <chrono>
 #include <cstring>
 #if HAVE_CRYPT_H
 #include <crypt.h>
@@ -50,6 +51,7 @@
 #if HAVE_GETOPT_H
 #include <getopt.h>
 #endif
+#include <thread>
 
 /* A couple of harmless helper macros */
 #define SEND(X) {debug("sending '%s' to squid\n",X); printf(X "\n");}
@@ -67,6 +69,7 @@
 const char *authenticate_ntlm_domain = "WORKGROUP";
 int strip_domain_enabled = 0;
 int NTLM_packet_debug_enabled = 0;
+unsigned int response_delay = 0;
 
 /*
  * options:
@@ -80,9 +83,10 @@ static void
 usage(void)
 {
     fprintf(stderr,
-            "Usage: %s [-d] [-v] [-h]\n"
+            "Usage: %s [-d] [-t N] [-v] [-h]\n"
             " -d  enable debugging.\n"
             " -S  strip domain from username.\n"
+            " -t  timeout to delay responses (milliseconds).\n"
             " -v  enable verbose NTLM packet debugging.\n"
             " -h  this message\n\n",
             my_program_name);
@@ -94,7 +98,7 @@ process_options(int argc, char *argv[])
     int opt, had_error = 0;
 
     opterr = 0;
-    while (-1 != (opt = getopt(argc, argv, "hdvS"))) {
+    while (-1 != (opt = getopt(argc, argv, "hdvSt:"))) {
         switch (opt) {
         case 'd':
             debug_enabled = 1;
@@ -106,6 +110,13 @@ process_options(int argc, char *argv[])
         case 'S':
             strip_domain_enabled = 1;
             break;
+        case 't':
+            if (!xstrtoui(optarg, nullptr, &response_delay, 0, 86400)) {
+                fprintf(stderr, "ERROR: invalid parameter value for -t '%s'", optarg);
+                usage();
+                had_error = 1;
+            }
+            break;
         case 'h':
             usage();
             exit(EXIT_SUCCESS);
@@ -172,6 +183,10 @@ main(int argc, char *argv[])
         } else
             debug("Got '%s' from Squid\n", buf);
 
+        if (response_delay > 0) {
+            std::this_thread::sleep_for(std::chrono::milliseconds(response_delay));
+        }
+
         if (strncmp(buf, "YR", 2) == 0) {
             char nonce[NTLM_NONCE_LEN];
             ntlm_challenge chal;