From: Amos Jeffries <squid3@treenet.co.nz>
Date: Wed, 25 May 2011 12:17:59 +0000 (+1200)
Subject: Fix NTLM/Negotiate PASSTHRU to peers
X-Git-Tag: take08~55^2~176
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=23c6d7e7b80f5ff83c3abb586f2f2c9211f12ded;p=thirdparty%2Fsquid.git

Fix NTLM/Negotiate PASSTHRU to peers

login=PASSTHRU was working for requests. But NTLM and Negotiate also
require Proxy-Authenticate reply headers to be handed back. Allow that.
---

diff --git a/src/client_side_reply.cc b/src/client_side_reply.cc
index 2680d1175f..889bdd8c68 100644
--- a/src/client_side_reply.cc
+++ b/src/client_side_reply.cc
@@ -1264,9 +1264,9 @@ clientReplyContext::buildReplyHeader()
         hdr->delById(HDR_SET_COOKIE);
     // TODO: RFC 2965 : Must honour Cache-Control: no-cache="set-cookie2" and remove header.
 
-    // if there is not configured a peer proxy with login=PASS option enabled
+    // if there is not configured a peer proxy with login=PASS or login=PASSTHRU option enabled
     // remove the Proxy-Authenticate header
-    if ( !(request->peer_login && strcmp(request->peer_login,"PASS") ==0))
+    if ( !request->peer_login || (strcmp(request->peer_login,"PASS") != 0 && strcmp(request->peer_login,"PASSTHRU") != 0))
         reply->header.delById(HDR_PROXY_AUTHENTICATE);
 
     reply->header.removeHopByHopEntries();