Fix NTLM/Negotiate PASSTHRU to peers

login=PASSTHRU was working for requests. But NTLM and Negotiate also
require Proxy-Authenticate reply headers to be handed back. Allow that.

diff --git a/src/client_side_reply.cc b/src/client_side_reply.cc
index 2680d1175fe7269ab84f9679b4caa19cd857c569..889bdd8c687e3b786ab0a6e57d14585e039d5fc7 100644 (file)
--- a/src/client_side_reply.cc
+++ b/src/client_side_reply.cc
@@ -1264,9 +1264,9 @@ clientReplyContext::buildReplyHeader()
         hdr->delById(HDR_SET_COOKIE);
     // TODO: RFC 2965 : Must honour Cache-Control: no-cache="set-cookie2" and remove header.
 
-    // if there is not configured a peer proxy with login=PASS option enabled
+    // if there is not configured a peer proxy with login=PASS or login=PASSTHRU option enabled
     // remove the Proxy-Authenticate header
-    if ( !(request->peer_login && strcmp(request->peer_login,"PASS") ==0))
+    if ( !request->peer_login || (strcmp(request->peer_login,"PASS") != 0 && strcmp(request->peer_login,"PASSTHRU") != 0))
         reply->header.delById(HDR_PROXY_AUTHENTICATE);
 
     reply->header.removeHopByHopEntries();