1 files changed, 41 insertions, 0 deletions

diff --git a/net-proxy/squid/files/squid-13211_13210.patch b/net-proxy/squid/files/squid-13211_13210.patch
new file mode 100644
index 000000000000..3e747958d8d9
--- /dev/null
+++ b/net-proxy/squid/files/squid-13211_13210.patch
@@ -0,0 +1,41 @@
+=== modified file 'src/auth/digest/UserRequest.cc'
+--- src/auth/digest/UserRequest.cc	2015-01-18 11:02:13 +0000
++++ src/auth/digest/UserRequest.cc	2015-01-19 16:42:41 +0000
+@@ -152,10 +152,14 @@
+     }
+ 
+     /* check for stale nonce */
+-    if (!authDigestNonceIsValid(digest_request->nonce, digest_request->nc)) {
+-        debugs(29, 3, "user '" << auth_user->username() << "' validated OK but nonce stale");
+-        auth_user->credentials(Auth::Handshake);
+-        digest_request->setDenyMessage("Stale nonce");
++    /* check Auth::Pending to avoid loop */
++
++    if (!authDigestNonceIsValid(digest_request->nonce, digest_request->nc) && user()->credentials() != Auth::Pending) {
++        debugs(29, 3, auth_user->username() << "' validated OK but nonce stale: " << digest_request->nonceb64);
++        /* Pending prevent banner and makes a ldap control */
++        auth_user->credentials(Auth::Pending);
++        nonce->flags.valid = false;
++        authDigestNoncePurge(nonce);
+         return;
+     }
+ 
+
+=== modified file 'src/auth/digest/auth_digest.cc'
+--- src/auth/digest/auth_digest.cc	2014-03-05 02:48:25 +0000
++++ src/auth/digest/auth_digest.cc	2015-01-19 16:42:41 +0000
+@@ -1038,12 +1038,7 @@
+         debugs(29, 2, "Username for the nonce does not equal the username for the request");
+         nonce = NULL;
+     }
+-    /* check for stale nonce */
+-    if (authDigestNonceIsStale(nonce)) {
+-        debugs(29, 3, "The received nonce is stale from " << username);
+-        digest_request->setDenyMessage("Stale nonce");
+-        nonce = NULL;
+-    }
++
+     if (!nonce) {
+         /* we couldn't find a matching nonce! */
+         debugs(29, 2, "Unexpected or invalid nonce received from " << username);
+