From: Amos Jeffries <squid3@treenet.co.nz>
Date: Wed, 29 Aug 2012 05:23:15 +0000 (-0600)
Subject: Regression: login=PASS send no credentials when none available.
X-Git-Tag: sourceformat-review-1~63^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=8fdaa8af28d72f21cd0530bef5140ded37fead4a;p=thirdparty%2Fsquid.git

Regression: login=PASS send no credentials when none available.

login=PASS should act like PASSTHRU, sending no credentials header, when
no client supplied OR external ACL credentials are available.
3.2 has been found wrongly adding the username "PASS" in this case.
---

diff --git a/src/http.cc b/src/http.cc
index eb8b40eae6..34b44a1b25 100644
--- a/src/http.cc
+++ b/src/http.cc
@@ -1584,6 +1584,9 @@ httpFixupAuthentication(HttpRequest * request, const HttpHeader * hdr_in, HttpHe
                           old_base64_encode(loginbuf));
         return;
     }
+    // if no external user credentials are available to fake authentication with PASS acts like PASSTHRU
+    if (strcmp(request->peer_login, "PASS") == 0)
+        continue;
 
     /* Kerberos login to peer */
 #if HAVE_AUTH_MODULE_NEGOTIATE && HAVE_KRB5 && HAVE_GSSAPI