Re: [squid-users] Squid ftp authentication popup

2009-10-06 Thread Henrik Nordstrom
ons 2009-10-07 klockan 10:06 +1300 skrev Amos Jeffries:

 Firefox-3.x wil happyily popup the ftp:// auth dialog if the proxy-auth
 header is sent.
 There were a few bugs which got fixed in the 3.1 re-writes and made squid
 start to send it properly. It's broken in 3.0, not sure if its the same in
 2.x but would assume so. The fixes done rely on C++ objects so wont be easy
 to port.

In what ways is 3.0 broken?

The visible changes I see is that 3.1 only prompts if required by the
FTP server, and that the realm for some reason is changed to also
include the requested server name. 401 basic auth realms are implicit
unique to each servername. (digest auth is a little fuzzier as it may
apply to more domains/servers)

Regards
Henrik



Re: [PATCH] warning: `squid' uses 32-bit capabilities

2009-10-06 Thread Alexander Huemer
Bundle Buggy wrote:
 Bundle Buggy has detected this merge request.

 For details, see:
 http://bundlebuggy.aaronbentley.com/project/squid/request/%3C4AC9DC7F.7030304%40treenet.co.nz%3E

 Project: Squid
what exactly does this email mean ?
the linked site is not reachable. (503 Service Temporarily Unavailable).


Re: [squid-users] Squid ftp authentication popup

2009-10-06 Thread Amos Jeffries
On Tue, 06 Oct 2009 23:25:35 +0200, Henrik Nordstrom
hen...@henriknordstrom.net wrote:
 ons 2009-10-07 klockan 10:06 +1300 skrev Amos Jeffries:
 
 Firefox-3.x wil happyily popup the ftp:// auth dialog if the proxy-auth
 header is sent.
 There were a few bugs which got fixed in the 3.1 re-writes and made
squid
 start to send it properly. It's broken in 3.0, not sure if its the same
 in
 2.x but would assume so. The fixes done rely on C++ objects so wont be
 easy
 to port.
 
 In what ways is 3.0 broken?
 
 The visible changes I see is that 3.1 only prompts if required by the
 FTP server, and that the realm for some reason is changed to also
 include the requested server name. 401 basic auth realms are implicit
 unique to each servername. (digest auth is a little fuzzier as it may
 apply to more domains/servers)

3.0 uses a generic fail() mechanism to send results back. That mechanism
seems not to add the Proxy-Auth reply header at all. 3.0 also was only
parsing the URL and config file. Popup re-sends contain the auth in headers
not URL.

3.1 changed that to an explicit error page+headers generation, and also
includes a slightly corrected login parse (you helped get that right). Also
altered the login parser to notice the Proxy-Auth request header when sent.

FYI: the patches in 3.1 are (in order, since the heavily overlap):
http://www.squid-cache.org/Versions/v3/3.1/changesets/b9584.patch
http://www.squid-cache.org/Versions/v3/3.1/changesets/b9627.patch
http://www.squid-cache.org/Versions/v3/3.1/changesets/b9694.patch


Amos



Re: [PATCH] warning: `squid' uses 32-bit capabilities

2009-10-06 Thread Amos Jeffries
On Wed, 07 Oct 2009 01:33:35 +0200, Alexander Huemer
alexander.hue...@sbg.ac.at wrote:
 Bundle Buggy wrote:
 Bundle Buggy has detected this merge request.

 For details, see:

http://bundlebuggy.aaronbentley.com/project/squid/request/%3C4AC9DC7F.7030304%40treenet.co.nz%3E

 Project: Squid
 what exactly does this email mean ?
 the linked site is not reachable. (503 Service Temporarily Unavailable).

It's our automatic tracking bot. It means the patch and followup messages
(like this) are tracked for votes on merging it with the main code. We use
it now for new features or things like this that require multiple dev input
and testing.

Amos



Re: [squid-users] Squid ftp authentication popup

2009-10-06 Thread Henrik Nordstrom
ons 2009-10-07 klockan 13:09 +1300 skrev Amos Jeffries:

 3.0 uses a generic fail() mechanism to send results back. That mechanism
 seems not to add the Proxy-Auth reply header at all. 3.0 also was only
 parsing the URL and config file. Popup re-sends contain the auth in headers
 not URL.

Strange. My 3.0 responds as

HTTP/1.0 401 Unauthorized
Server: squid/3.0.STABLE19-BZR
X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0
WWW-Authenticate: Basic realm=ftp username

and relays Authorization properly. It however rejects any login other
than the one supplied in the URL.

Squid-2 behaves the same.

Regards
Henrik



Re: [squid-users] Squid ftp authentication popup

2009-10-06 Thread Amos Jeffries
On Wed, 07 Oct 2009 02:48:37 +0200, Henrik Nordstrom
hen...@henriknordstrom.net wrote:
 ons 2009-10-07 klockan 13:09 +1300 skrev Amos Jeffries:
 
 3.0 uses a generic fail() mechanism to send results back. That mechanism
 seems not to add the Proxy-Auth reply header at all. 3.0 also was only
 parsing the URL and config file. Popup re-sends contain the auth in
 headers
 not URL.
 
 Strange. My 3.0 responds as
 
 HTTP/1.0 401 Unauthorized
 Server: squid/3.0.STABLE19-BZR
 X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0
 WWW-Authenticate: Basic realm=ftp username
 
 and relays Authorization properly. It however rejects any login other
 than the one supplied in the URL.
 
 Squid-2 behaves the same.

Ah, okay. So the reply header must have been 3.1 specific then. The request
header checking was both.

Might be possible to fix it by porting the new checkAuth() function alone.

Amos