Package: squid
Version: 4.4-1
Severity: normal

Dear Maintainer,

I was configuring basic_ncsa_auth authentication in squid and could not get it 
to work.
Eventually I decided to check input of basic_ncsa_auth and replaced it with 
custom script:

#!/bin/bash
cat $@ > /tmp/args
cat > /tmp/stdin

After output examination, I learned that squid converts all characters to 
lowercase.
In my case, login had uppercase characters in it. So call to basic_ncsa_auth 
never succeeded.

In my opinion either squid should not convert characters to lowercase, or it 
should be clearly stated somewhere that uppercase characters are not allowed.

tldr: basic_ncsa_auth option does not support usernames with uppercase 
characters.

-- System Information:
Debian Release: buster/sid
  APT prefers testing-debug
  APT policy: (500, 'testing-debug'), (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.12-custom (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_GB:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages squid depends on:
ii  adduser                  3.118
ii  libc6                    2.28-5
ii  libcap2                  1:2.25-1.2
ii  libcom-err2              1.44.5-1
ii  libdb5.3                 5.3.28+dfsg1-0.2
ii  libdbi-perl              1.642-1+b1
ii  libecap3                 1.0.1-3.2
ii  libexpat1                2.2.6-1
ii  libgcc1                  1:8.2.0-14
ii  libgnutls30              3.6.5-2
ii  libgssapi-krb5-2         1.16.2-1
ii  libkrb5-3                1.16.2-1
ii  libldap-2.4-2            2.4.47+dfsg-2
ii  libltdl7                 2.4.6-6
ii  libnetfilter-conntrack3  1.0.7-1
ii  libnettle6               3.4.1~rc1-1
ii  libpam0g                 1.1.8-4
ii  libsasl2-2               2.1.27~rc8-1
ii  libstdc++6               8.2.0-14
ii  libxml2                  2.9.4+dfsg1-7+b3
ii  logrotate                3.14.0-4
ii  lsb-base                 10.2018112800
ii  netbase                  5.5
ii  squid-common             4.4-1

Versions of packages squid recommends:
ii  ca-certificates  20180409
ii  libcap2-bin      1:2.25-1.2

Versions of packages squid suggests:
pn  resolvconf   <none>
ii  smbclient    2:4.9.4+dfsg-1
pn  squid-cgi    <none>
pn  squid-purge  <none>
pn  squidclient  <none>
ii  ufw          0.36-1
pn  winbindd     <none>

-- Configuration Files:
/etc/squid/squid.conf changed:
acl localnet src 192.168.1.0/24         # RFC 1918 local private network (LAN)
acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 443         # https
acl CONNECT method CONNECT
auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/passwords
auth_param basic children 10 startup=0 idle=1
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 6 hours
acl password proxy_auth REQUIRED
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
include /etc/squid/conf.d/*
http_access allow password
http_access deny all
http_port 3128
coredump_dir /var/spool/squid
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern .               0       20%     4320


-- no debconf information

Reply via email to