From 41cf191205cf627f1820bf43c745e324aa04005e Mon Sep 17 00:00:00 2001
From: Ad Schellevis <ad@opnsense.org>
Date: Wed, 4 Mar 2020 11:44:47 +0100
Subject: [PATCH] pam/squid: work around to skip passing additional auth
 properties. https://forum.opnsense.org/index.php?topic=16126

---
 src/libexec/opnsense-auth | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/libexec/opnsense-auth b/src/libexec/opnsense-auth
index b8ec05677..5cc382825 100755
--- a/src/libexec/opnsense-auth
+++ b/src/libexec/opnsense-auth
@@ -63,7 +63,8 @@ if (!empty($auth_data['user']) && isset($auth_data['password'])) {
     $is_authenticated = $authFactory->authenticate($auth_data['service'], $auth_data['user'], $auth_data['password']);
     if ($is_authenticated) {
         $authProps = $authFactory->getLastAuthProperties();
-        if (!empty($authProps)) {
+        //XXX: basic_pam_auth passes additional output, we probably need a smarter way to detect if a service would like to receive additional properties.
+        if (!empty($authProps) && $auth_data['service'] != "squid") {
             /* dump authentication response data to stdout */
             echo json_encode($authProps, JSON_INVALID_UTF8_IGNORE) ."\n";
         }