Re: [squid-users] Squid ftp authentication popup
On Wed, 07 Oct 2009 02:48:37 +0200, Henrik Nordstrom wrote: > ons 2009-10-07 klockan 13:09 +1300 skrev Amos Jeffries: > >> 3.0 uses a generic fail() mechanism to send results back. That mechanism >> seems not to add the Proxy-Auth reply header at all. 3.0 also was only >> parsing the URL and config file. Popup re-sends contain the auth in >> headers >> not URL. > > Strange. My 3.0 responds as > > HTTP/1.0 401 Unauthorized > Server: squid/3.0.STABLE19-BZR > X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0 > WWW-Authenticate: Basic realm="ftp username" > > and relays Authorization properly. It however rejects any login other > than the one supplied in the URL. > > Squid-2 behaves the same. Ah, okay. So the reply header must have been 3.1 specific then. The request header checking was both. Might be possible to fix it by porting the new checkAuth() function alone. Amos
Re: [squid-users] Squid ftp authentication popup
ons 2009-10-07 klockan 13:09 +1300 skrev Amos Jeffries: > 3.0 uses a generic fail() mechanism to send results back. That mechanism > seems not to add the Proxy-Auth reply header at all. 3.0 also was only > parsing the URL and config file. Popup re-sends contain the auth in headers > not URL. Strange. My 3.0 responds as HTTP/1.0 401 Unauthorized Server: squid/3.0.STABLE19-BZR X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0 WWW-Authenticate: Basic realm="ftp username" and relays Authorization properly. It however rejects any login other than the one supplied in the URL. Squid-2 behaves the same. Regards Henrik
Re: [squid-users] Squid ftp authentication popup
On Tue, 06 Oct 2009 23:25:35 +0200, Henrik Nordstrom wrote: > ons 2009-10-07 klockan 10:06 +1300 skrev Amos Jeffries: > >> Firefox-3.x wil happyily popup the ftp:// auth dialog if the proxy-auth >> header is sent. >> There were a few bugs which got fixed in the 3.1 re-writes and made squid >> start to send it properly. It's broken in 3.0, not sure if its the same >> in >> 2.x but would assume so. The fixes done rely on C++ objects so wont be >> easy >> to port. > > In what ways is 3.0 broken? > > The visible changes I see is that 3.1 only prompts if required by the > FTP server, and that the realm for some reason is changed to also > include the requested server name. 401 basic auth realms are implicit > unique to each servername. (digest auth is a little fuzzier as it may > apply to more domains/servers) 3.0 uses a generic fail() mechanism to send results back. That mechanism seems not to add the Proxy-Auth reply header at all. 3.0 also was only parsing the URL and config file. Popup re-sends contain the auth in headers not URL. 3.1 changed that to an explicit error page+headers generation, and also includes a slightly corrected login parse (you helped get that right). Also altered the login parser to notice the Proxy-Auth request header when sent. FYI: the patches in 3.1 are (in order, since the heavily overlap): http://www.squid-cache.org/Versions/v3/3.1/changesets/b9584.patch http://www.squid-cache.org/Versions/v3/3.1/changesets/b9627.patch http://www.squid-cache.org/Versions/v3/3.1/changesets/b9694.patch Amos
Re: [squid-users] Squid ftp authentication popup
ons 2009-10-07 klockan 10:06 +1300 skrev Amos Jeffries: > Firefox-3.x wil happyily popup the ftp:// auth dialog if the proxy-auth > header is sent. > There were a few bugs which got fixed in the 3.1 re-writes and made squid > start to send it properly. It's broken in 3.0, not sure if its the same in > 2.x but would assume so. The fixes done rely on C++ objects so wont be easy > to port. In what ways is 3.0 broken? The visible changes I see is that 3.1 only prompts if required by the FTP server, and that the realm for some reason is changed to also include the requested server name. 401 basic auth realms are implicit unique to each servername. (digest auth is a little fuzzier as it may apply to more domains/servers) Regards Henrik
