Return Information

I am currently testing SASL in a PHP script against a Squid Proxy Server. No matter what I put in the userid or password data, I seem to get a good return. How can I test to see if auth passed Squid or not? There is no remote_user var set.

All of the settings for SASL remain as they were in the scipt except for the domain name, ProxyHostName (there is an IP address there), ProxyUser, ProxyPassword, and ProxyRealm.

Mike

I am not sure what you mean.

The SASL package is not useful by itself. It should be used in conjunction with a client of a protocol that requires authentication mechanisms supported by the SASL package.

For HTTP, you may want to try the HTTP client class. It supports proxies and uses the SASL package for authentication.

phpclasses.org/httpclient

Using your test_http.php, I changed the vars in it to authenticate against our Squid Proxy Server. No matter what I send it comes back the same way. There is no way for me to know if it failed or succeeded. What indicate is there that it failed? It seems the only error returned is if the script itself fails. How can I know if authentication failed?

Apologies for not being clearer.

Thanks.

Mike

If authentication fails, the response_status variable is 407 for proxy authentication failure or 401 for remote server authentication failure.

In any case, enable debugging output to let you see what the proxy or remote server returns.

No matter what I enter, good or bad userid, I always get the following.

Response status code:

200

Is there a var in the PHP script that will tell me different? I am sure it is something that I am doing wrong as I am new at this. I just do not know what it is that i am doing wrong!

Thanks.

Mike

Oh, I forgot to mention that debug is always set on.

/* Output debugging information about the progress of the connection */
$http->debug=1;

/* Format dubug output to display with HTML pages */
$http->html_debug=1;

And I can see that the Squid server is being queried.

Mike

Probably the server is redirecting to a common page when the user access is denied.

It is hard to tell without seeing the HTTP dialog.

I will copy and paste the results when I get back to work on Monday. What you said sounds very logical. Hopefully that will be a quick fix and it will be working!

Thanks for your help.

Mike

Here is the output from your test script. Thanks for the help.

Mike




Test for Manuel Lemos' PHP HTTP class

* Opening connection to:

10.10.0.14

Connecting to 10.10.0.14 Connecting to HTTP server IP 10.10.0.89... Connected to 10.10.0.89
* Sending request for page:

/mysource.shoremortgage.com/

Login: userid
Password: *********

C GET http://10.10.0.14/mysource.shoremortgage.com/ HTTP/1.1 C Host: 10.10.0.14 C User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) C Pragma: nocache C
* Request:

GET http://10.10.0.14/mysource.shoremortgage.com/ HTTP/1.1

* Request headers:

Host: 10.10.0.14
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Pragma: nocache

S HTTP/1.0 200 OK S Date: Mon, 19 Jun 2006 13:06:28 GMT S Server: Apache/2.0.55 (Ubuntu) PHP/5.1.4-1.dotdeb.2 mod_ssl/2.0.55 OpenSSL/0.9.8a S X-Powered-By: PHP/5.1.4-1.dotdeb.2 S Set-Cookie: PHPSESSID=a80246dc4e6dc8d41a36920dd62a3689; path=/ S Expires: Thu, 19 Nov 1981 08:52:00 GMT S Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 S Pragma: no-cache S Content-Length: 1800 S Content-Type: text/html; charset=ISO-8859-1 S X-Cache: MISS from squid.shoremortgage.com S X-Cache-Lookup: MISS from squid.shoremortgage.com:3128 S Proxy-Connection: close S
* Response status code:

200
* Response headers:

http/1.0 200 ok:
date: Mon, 19 Jun 2006 13:06:28 GMT
server: Apache/2.0.55 (Ubuntu) PHP/5.1.4-1.dotdeb.2 mod_ssl/2.0.55 OpenSSL/0.9.8a
x-powered-by: PHP/5.1.4-1.dotdeb.2
set-cookie: PHPSESSID=a80246dc4e6dc8d41a36920dd62a3689; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
content-length: 1800
content-type: text/html; charset=ISO-8859-1
x-cache: MISS from squid.shoremortgage.com
x-cache-lookup: MISS from squid.shoremortgage.com:3128
proxy-connection: close

* Response body:

S

remote-user=server remote-user=

REQUEST

Array ( )

SERVER

Array ( [nokeepalive] => 1 [ssl-unclean-shutdown] => 1 [downgrade-1_0] => 1 [force-response-1_0] => 1 [HTTP_HOST] => 10.10.0.14 [HTTP_USER_AGENT] => Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) [HTTP_PRAGMA] => nocache [HTTP_VIA] => 1.1 squid.shoremortgage.com:3128 (squid/2.5.STABLE12) [HTTP_X_FORWARDED_FOR] => unknown [HTTP_CACHE_CONTROL] => max-age=259200 [HTTP_CONNECTION] => keep-alive [PATH] => /usr/local/bin:/usr/bin:/bin [SERVER_SIGNATURE] =>
Apache/2.0.55 (Ubuntu) PHP/5.1.4-1.dotdeb.2 mod_ssl/2.0.55 OpenSSL/0.9.8a Server at 10.10.0.14 Port 80


[SERVER_SOFTWARE] => Apache/2.0.55 (Ubuntu) PHP/5.1.4-1.dotdeb.2 mod_ssl/2.0.55 OpenSSL/0.9.8a
[SERVER_NAME] => 10.10.0.14
[SERVER_ADDR] => 10.10.0.14
[SERVER_PORT] => 80
[REMOTE_ADDR] => 10.10.0.89
[DOCUMENT_ROOT] => /var/www/htdocs
[SERVER_ADMIN] => mavila@shoremortg
<P>remote-user=server remote-user=<P>REQUEST<P>Array
(
)
<P>SERVER<P>Array
(
[nokeepalive] => 1
[ssl-unclean-shutdown] => 1
[downgrade-1_0] => 1
[force-response-1_0] => 1
[HTTP_HOST] => 10.10.0.14
[HTTP_USER_AGENT] => Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
[HTTP_PRAGMA] => nocache
[HTTP_VIA] => 1.1 squid.shoremortgage.com:3128 (squid/2.5.STABLE12)
[HTTP_X_FORWARDED_FOR] => unknown
[HTTP_CACHE_CONTROL] => max-age=259200
[HTTP_CONNECTION] => keep-alive
[PATH] => /usr/local/bin:/usr/bin:/bin
[SERVER_SIGNATURE] => <address>Apache/2.0.55 (Ubuntu) PHP/5.1.4-1.dotdeb.2 mod_ssl/2.0.55 OpenSSL/0.9.8a Server at 10.10.0.14 Port 80</address>

[SERVER_SOFTWARE] => Apache/2.0.55 (Ubuntu) PHP/5.1.4-1.dotdeb.2 mod_ssl/2.0.55 OpenSSL/0.9.8a
[SERVER_NAME] => 10.10.0.14
[SERVER_ADDR] => 10.10.0.14
[SERVER_PORT] => 80
[REMOTE_ADDR] => 10.10.0.89
[DOCUMENT_ROOT] => /var/www/htdocs
[SERVER_ADMIN] => mavila@shoremortgS age.com
[SCRIPT_FILENAME] => /var/www/htdocs/mysource.shoremortgage.com/index.php
[REMOTE_PORT] => 56653
[GATEWAY_INTERFACE] => CGI/1.1
[SERVER_PROTOCOL] => HTTP/1.0
[REQUEST_METHOD] => GET
[QUERY_STRING] =>
[REQUEST_URI] => /mysource.shoremortgage.com/
[SCRIPT_NAME] => /mysource.shoremortgage.com/index.php
[PHP_SELF] => /mysource.shoremortgage.com/index.php
[REQUEST_TIME] => 1150722388
[argv] => Array
(
)

[argc] => 0
)

Enter your ID

Enter your password

age.com [SCRIPT_FILENAME] => /var/www/htdocs/mysource.shoremortgage.com/index.php [REMOTE_PORT] => 56653 [GATEWAY_INTERFACE] => CGI/1.1 [SERVER_PROTOCOL] => HTTP/1.0 [REQUEST_METHOD] => GET [QUERY_STRING] => [REQUEST_URI] => /mysource.shoremortgage.com/ [SCRIPT_NAME] => /mysource.shoremortgage.com/index.php [PHP_SELF] => /mysource.shoremortgage.com/index.php [REQUEST_TIME] => 1150722388 [argv] => Array ( ) [argc] => 0 ) <HTML><HEAD><TITLE>NTLM Authentication</TITLE></HEAD><BODY><FORM METHOD='Post' ACTION='index.php'><P>Enter your ID <INPUT TYPE='TEXT' NAME='userid'><P>Enter your password <INPUT TYPE='Password' NAME='password'><INPUT TYPE='Hidden' NAME='step' value=2><P><INPUT TYPE='Submit' VALUE='Login'></FORM></BODY></HTML>

Disconnected from 10.10.0.14

Is it my impression, or the actual authentication appears in the site pages, rather than the usual browser authentication window?

If it is the case, that is not HTTP authentication. You would need to parse the page to get the authentication form field names and submit your credentials using an HTTP POST request with this class.