Re: Proxy auth question

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Mon, 12 Jul 1999 12:43:20 +0200

Congratulations, you have identified a previously unknown Squid bug.

Please try the attached patch.

 cd squid-2.2.STABLE4
 patch -p1 <../squid-2.2.STABLE3.peer_ssl_login.patch
 make install

and restart squid.

--
Henrik Nordstrom
Spare time Squid hacker
DI Peter Burgstaller wrote:
> as we dont try to access secure http sites. I specified on my squid side
> to use login and password for the provider proxy. Whenever someone trys
> to access a https site, the user is confronted with again a login and
> password combination which turns out to be the same one as the regular
> login and password.

Index: squid/src/http.c
diff -u squid/src/http.c:1.1.1.33.2.4 squid/src/http.c:1.1.1.33.2.5
--- squid/src/http.c:1.1.1.33.2.4 Sun Jun 27 15:02:09 1999
+++ squid/src/http.c Mon Jul 12 12:23:58 1999
@@ -760,9 +760,9 @@
     }
     /* append Proxy-Authorization if configured for peer, and proxying */
     if (!httpHeaderHas(hdr_out, HDR_PROXY_AUTHORIZATION)) {
- if (request->flags.proxying && request->peer_login) {
+ if (request->flags.proxying && orig_request->peer_login) {
             httpHeaderPutStrf(hdr_out, HDR_PROXY_AUTHORIZATION, "Basic %s",
- base64_encode(request->peer_login));
+ base64_encode(orig_request->peer_login));
         }
     }
     /* append Cache-Control, add max-age if not there already */
@@ -894,7 +894,6 @@
         xstrncpy(proxy_req->host, httpState->peer->host, SQUIDHOSTNAMELEN);
         proxy_req->port = httpState->peer->http_port;
         proxy_req->flags = orig_req->flags;
- proxy_req->peer_login = httpState->peer->login;
         httpState->request = requestLink(proxy_req);
         httpState->orig_request = requestLink(orig_req);
         proxy_req->flags.proxying = 1;
Index: squid/src/ssl.c
diff -u squid/src/ssl.c:1.1.1.17.2.2 squid/src/ssl.c:1.1.1.17.2.4
--- squid/src/ssl.c:1.1.1.17.2.2 Mon Jun 7 07:01:35 1999
+++ squid/src/ssl.c Mon Jul 12 12:35:35 1999
@@ -535,6 +535,12 @@
     } else {
         sslState->port = CACHE_HTTP_PORT;
     }
+ if (fs->peer) {
+ sslState->request->peer_login = fs->peer->login;
+ sslState->request->flags.proxying = 1;
+ } else {
+ sslState->request->flags.proxying = 0;
+ }
 #if DELAY_POOLS
     /* no point using the delayIsNoDelay stuff since ssl is nice and simple */
     if (g && g->options.no_delay && sslState->delay_id) {
Index: squid/src/forward.c
diff -u squid/src/forward.c:1.1.1.12.2.7 squid/src/forward.c:1.1.1.12.2.8
--- squid/src/forward.c:1.1.1.12.2.7 Sun Jun 20 16:54:33 1999
+++ squid/src/forward.c Mon Jul 12 12:23:59 1999
@@ -319,6 +319,7 @@
     assert(fwdState->server_fd > -1);
     if (fwdState->servers && (p = fwdState->servers->peer)) {
         p->stats.fetches++;
+ fwdState->request->peer_login = p->login;
         httpStart(fwdState);
     } else {
         switch (request->protocol) {
Received on Mon Jul 12 1999 - 05:00:57 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:47:21 MST