From 23c6d7e7b80f5ff83c3abb586f2f2c9211f12ded Mon Sep 17 00:00:00 2001
From: Amos Jeffries <squid3@treenet.co.nz>
Date: Thu, 26 May 2011 00:17:59 +1200
Subject: [PATCH] Fix NTLM/Negotiate PASSTHRU to peers

login=PASSTHRU was working for requests. But NTLM and Negotiate also
require Proxy-Authenticate reply headers to be handed back. Allow that.
---
 src/client_side_reply.cc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/client_side_reply.cc b/src/client_side_reply.cc
index 2680d1175f..889bdd8c68 100644
--- a/src/client_side_reply.cc
+++ b/src/client_side_reply.cc
@@ -1264,9 +1264,9 @@ clientReplyContext::buildReplyHeader()
         hdr->delById(HDR_SET_COOKIE);
     // TODO: RFC 2965 : Must honour Cache-Control: no-cache="set-cookie2" and remove header.
 
-    // if there is not configured a peer proxy with login=PASS option enabled
+    // if there is not configured a peer proxy with login=PASS or login=PASSTHRU option enabled
     // remove the Proxy-Authenticate header
-    if ( !(request->peer_login && strcmp(request->peer_login,"PASS") ==0))
+    if ( !request->peer_login || (strcmp(request->peer_login,"PASS") != 0 && strcmp(request->peer_login,"PASSTHRU") != 0))
         reply->header.delById(HDR_PROXY_AUTHENTICATE);
 
     reply->header.removeHopByHopEntries();
-- 
2.47.2