Re: [squid-users] Url-encoded passwords - Solved!

From: Luciano Mannucci <luciano_at_vespaperitivo.it>
Date: Thu, 10 Jun 2010 17:26:25 +0200

On Wed, 9 Jun 2010 17:50:57 +0200
Luciano Mannucci <luciano_at_vespaperitivo.it> wrote:

> my squid 3.1.4 seems unable to handle URL-encoded passwords. I think
> it sends them as they are, so I get "Login Incorrect" from the FTP
> server. Is that normal?
I reverted to squid 2.7.STABLE9 mainly because I don't understand C++.
(2.7 seems slightly faster BTW :) I don't know why the password is
sent as-is instead of RFC 1738 converted. Forcing the conversion is
pretty safe, although a quick and dirty trick: I simply modified the

ftpSendPass() function in ftp.c this way:

static void
ftpSendPass(FtpStateData * ftpState)
{
    char *my_str_ptr;
    my_str_ptr = xstrdup(ftpState->password);
    rfc1738_unescape(my_str_ptr);
/*
    snprintf(cbuf, 1024, "PASS %s\r\n", ftpState->password);
*/
    snprintf(cbuf, 1024, "PASS %s\r\n", my_str_ptr);
    ftpWriteCommand(cbuf, ftpState);
    ftpState->state = SENT_PASS;
    safe_free(my_str_ptr);
}

so now it "unescapes" every password before sending, which is safe
because it has no effect on non url-encoded ("escaped") strings.
Now it works flawlessly even with sites asking for passwords
containing "/", ":", "@"... :-)

Regards,

luciano.

-- 
 /"\                         /Via A. Salaino, 7 - 20144 Milano (Italy)
 \ /  ASCII RIBBON CAMPAIGN / PHONE : +39 2 485781 FAX: +39 2 48578250
  X   AGAINST HTML MAIL    /  E-MAIL: posthamster_at_sublink.sublink.ORG
 / \  AND POSTINGS        /   WWW: http://www.mannucci.ORG/
Received on Thu Jun 10 2010 - 15:26:29 MDT

This archive was generated by hypermail 2.2.0 : Fri Jun 11 2010 - 12:00:02 MDT