From: Alex Rousskov <rousskov@measurement-factory.com>
Date: Fri, 30 Aug 2013 04:57:44 +0000 (-0600)
Subject: Disclaim support for all FTP AUTH commands,
X-Git-Tag: SQUID_3_5_0_1~117^2~39
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=db5205b1efd69ab10d5d0daef7181376763eb3ac;p=thirdparty%2Fsquid.git

Disclaim support for all FTP AUTH commands,
even though some rare ones might work.

Documented reasons for disclaiming support.
---

diff --git a/src/client_side.cc b/src/client_side.cc
index 38f1c9f9a7..eb72699df7 100644
--- a/src/client_side.cc
+++ b/src/client_side.cc
@@ -5860,14 +5860,21 @@ FtpSetReply(ClientSocketContext *context, const int code, const char *msg)
     http->storeEntry()->replaceHttpReply(reply);
 }
 
+/// Whether Squid FTP gateway supports a given feature (e.g., a command).
 static bool
 FtpSupportedCommand(const String &name)
 {
     static std::set<std::string> BlackList;
     if (BlackList.empty()) {
-        // FTP commands that Squid cannot gateway correctly:
+        /* Add FTP commands that Squid cannot gateway correctly */
+
+        // IPv6 connection addresses from RFC 2428
         BlackList.insert("EPRT");
         BlackList.insert("EPSV");
+
+        // we probably do not support AUTH TLS.* and AUTH SSL,
+        // but let's disclaim all AUTH support to KISS, for now
+        BlackList.insert("AUTH");
     }
 
     // we claim support for all commands that we do not know about