Re: [squid-users] Squid ftp authentication popup
ons 2009-10-07 klockan 10:06 +1300 skrev Amos Jeffries: Firefox-3.x wil happyily popup the ftp:// auth dialog if the proxy-auth header is sent. There were a few bugs which got fixed in the 3.1 re-writes and made squid start to send it properly. It's broken in 3.0, not sure if its the same in 2.x but would assume so. The fixes done rely on C++ objects so wont be easy to port. In what ways is 3.0 broken? The visible changes I see is that 3.1 only prompts if required by the FTP server, and that the realm for some reason is changed to also include the requested server name. 401 basic auth realms are implicit unique to each servername. (digest auth is a little fuzzier as it may apply to more domains/servers) Regards Henrik
Re: [PATCH] warning: `squid' uses 32-bit capabilities
Bundle Buggy wrote: Bundle Buggy has detected this merge request. For details, see: http://bundlebuggy.aaronbentley.com/project/squid/request/%3C4AC9DC7F.7030304%40treenet.co.nz%3E Project: Squid what exactly does this email mean ? the linked site is not reachable. (503 Service Temporarily Unavailable).
Re: [squid-users] Squid ftp authentication popup
On Tue, 06 Oct 2009 23:25:35 +0200, Henrik Nordstrom hen...@henriknordstrom.net wrote: ons 2009-10-07 klockan 10:06 +1300 skrev Amos Jeffries: Firefox-3.x wil happyily popup the ftp:// auth dialog if the proxy-auth header is sent. There were a few bugs which got fixed in the 3.1 re-writes and made squid start to send it properly. It's broken in 3.0, not sure if its the same in 2.x but would assume so. The fixes done rely on C++ objects so wont be easy to port. In what ways is 3.0 broken? The visible changes I see is that 3.1 only prompts if required by the FTP server, and that the realm for some reason is changed to also include the requested server name. 401 basic auth realms are implicit unique to each servername. (digest auth is a little fuzzier as it may apply to more domains/servers) 3.0 uses a generic fail() mechanism to send results back. That mechanism seems not to add the Proxy-Auth reply header at all. 3.0 also was only parsing the URL and config file. Popup re-sends contain the auth in headers not URL. 3.1 changed that to an explicit error page+headers generation, and also includes a slightly corrected login parse (you helped get that right). Also altered the login parser to notice the Proxy-Auth request header when sent. FYI: the patches in 3.1 are (in order, since the heavily overlap): http://www.squid-cache.org/Versions/v3/3.1/changesets/b9584.patch http://www.squid-cache.org/Versions/v3/3.1/changesets/b9627.patch http://www.squid-cache.org/Versions/v3/3.1/changesets/b9694.patch Amos
Re: [PATCH] warning: `squid' uses 32-bit capabilities
On Wed, 07 Oct 2009 01:33:35 +0200, Alexander Huemer alexander.hue...@sbg.ac.at wrote: Bundle Buggy wrote: Bundle Buggy has detected this merge request. For details, see: http://bundlebuggy.aaronbentley.com/project/squid/request/%3C4AC9DC7F.7030304%40treenet.co.nz%3E Project: Squid what exactly does this email mean ? the linked site is not reachable. (503 Service Temporarily Unavailable). It's our automatic tracking bot. It means the patch and followup messages (like this) are tracked for votes on merging it with the main code. We use it now for new features or things like this that require multiple dev input and testing. Amos
Re: [squid-users] Squid ftp authentication popup
ons 2009-10-07 klockan 13:09 +1300 skrev Amos Jeffries: 3.0 uses a generic fail() mechanism to send results back. That mechanism seems not to add the Proxy-Auth reply header at all. 3.0 also was only parsing the URL and config file. Popup re-sends contain the auth in headers not URL. Strange. My 3.0 responds as HTTP/1.0 401 Unauthorized Server: squid/3.0.STABLE19-BZR X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0 WWW-Authenticate: Basic realm=ftp username and relays Authorization properly. It however rejects any login other than the one supplied in the URL. Squid-2 behaves the same. Regards Henrik
Re: [squid-users] Squid ftp authentication popup
On Wed, 07 Oct 2009 02:48:37 +0200, Henrik Nordstrom hen...@henriknordstrom.net wrote: ons 2009-10-07 klockan 13:09 +1300 skrev Amos Jeffries: 3.0 uses a generic fail() mechanism to send results back. That mechanism seems not to add the Proxy-Auth reply header at all. 3.0 also was only parsing the URL and config file. Popup re-sends contain the auth in headers not URL. Strange. My 3.0 responds as HTTP/1.0 401 Unauthorized Server: squid/3.0.STABLE19-BZR X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0 WWW-Authenticate: Basic realm=ftp username and relays Authorization properly. It however rejects any login other than the one supplied in the URL. Squid-2 behaves the same. Ah, okay. So the reply header must have been 3.1 specific then. The request header checking was both. Might be possible to fix it by porting the new checkAuth() function alone. Amos