diff -ruN squid-2.5.STABLE6/CONTRIBUTORS squid-2.5.STABLE7/CONTRIBUTORS --- squid-2.5.STABLE6/CONTRIBUTORS Sat Jun 5 13:32:49 2004 +++ squid-2.5.STABLE7/CONTRIBUTORS Sat Sep 25 05:56:15 2004 @@ -89,5 +89,6 @@ Brad Smith Jerry Murdock Glen Gibb + Michael Pomraning Duane Wessels diff -ruN squid-2.5.STABLE6/ChangeLog squid-2.5.STABLE7/ChangeLog --- squid-2.5.STABLE6/ChangeLog Thu Jul 8 17:21:40 2004 +++ squid-2.5.STABLE7/ChangeLog Mon Oct 11 14:11:48 2004 @@ -1,3 +1,67 @@ +Changes to squid-2.5.STABLE7 (11 Oct 2004) + + - [Medium] No objects cached in ufs cache_dir type in some + configurations. Issue introduced in 2.5.STABLE6 by the patch for + Bug #676. (Bug #1011) + - [Minor] LDAP helpers update to correct LDAP connection management + and add support for literal password compare instead of binding + - [Minor] A large number of queued DNS lookups for the same domain + (Bug #852) + - [Cosmetic] request_header_max_size configuration partly ignored + (Bug #899) + - [Minor] Partial hit results in TCP_HIT, not TCP_MISS. (Bug #1001) + - Bug #1012: [Cosmetic] HEAD requests may return stale information + (Bug #1012) + - [Cosmetic] Warn if cache_dir ufs can not create files. (Bug #918) + - [Minor] case insensitive authentication (Bug #431) + - [Cosmetic] Add delay pools information to active_requests. (Bug + #882) + - [Minor] Apparent memory leak in client_db (Bug #833) + - [Minor] NTLM authentication truncated causing failures. (Bug + #1016) + - [Cosmetic] Grammatical corrections in squid.conf.default + - [Cosmetic] Unknown %X errorpage codes incorrectly quoted. (Bug + #1030) + - [Medium] Segfaults and other strange crashes when using heap + policies. (Bug #1009) + - [Minor] Supplementary group memberships not set (Bug #1021) + - [Cosmetic] ERR_TOO_BIG Portugese translation + - [Minor] external_acl does not handle newlines (Bug #1038) + - [Major] NTLM authentication denial of service when using msnt_auth + or fake_auth (Bug #1045) + - [Medium] Memory leaks when using NTLM authentication without + challenge reuse. (Bug #994) + - [Minor] Temporary NTLM memory leak with challenge reuse enabled + (Bug #910) + - [Minor] assertion failed: "n_ufs_dirs <= + Config.cacheSwap.n_configured". (Bug #1053) + - [Minor] Segfault in authenticateDigestHandleReply. (Bug #1031) + - [Minor] acl time fails to parse multiple time specifications + (Bug #1060) + - [Minor] cachemgr config dumps mixed up Range and Request-Range + headers in http_header_access & replace directives. (Bug #1056) + - [Minor] Content-Disposition added as a well known header (Bug #961) + - [Cosmetic] Don't warn about arp acls not being supported on FreeBSD + (Bug #1074) + - [Cosmetic] Limit internal send/receive buffer sizes (Bug #1075) + - [Medium] New acl types to match arbitrary HTTP headers. In addition + the http_header_access & replace directivess now support arbitrary + headers and not only the well known ones. (Bug #961) + - [Cosmetic] ncsa_auth now accepts Window formatted password files + (Bug #1078) + - [Cosmetic] Support the --program-prefix/suffix options or other + configure program name transforms (Bug #1019) + - [Minor] Fix race condition in CONNECT and also handle aborts of + CONNECT requests in a more graceful manner. (Bug #859) + - [Minor] New balance_on_multiple_ip directive to work around certain + broken load balancers and optimized ipcache on reload requests + (Bug #1058) + - [Medium] New reply_header_max_size directive + (Bug #874) + - [Minor] Suspected instability on aborted PUT/POST requests + (Bug #1089) + - [Security] SNMP Denial of Service fix (CAN-2004-0918) + Changes to squid-2.5.STABLE6 (9 Jul 2004) - Bug #937: NTLM assertion error "srv->flags.reserved" diff -ruN squid-2.5.STABLE6/Makefile.am squid-2.5.STABLE7/Makefile.am --- squid-2.5.STABLE6/Makefile.am Tue Feb 11 19:02:00 2003 +++ squid-2.5.STABLE7/Makefile.am Sat Sep 25 15:37:35 2004 @@ -1,6 +1,6 @@ ## Process this file with automake to produce Makefile.in # -# $Id: Makefile.am,v 1.3.2.14 2003/02/12 02:02:00 hno Exp $ +# $Id: Makefile.am,v 1.3.2.15 2004/09/25 21:37:35 hno Exp $ # AUTOMAKE_OPTIONS = dist-bzip2 subdir-objects 1.5 @@ -8,7 +8,7 @@ SUBDIRS = lib @makesnmplib@ scripts src icons errors doc helpers DISTCLEANFILES = include/stamp-h include/stamp-h[0-9]* -DEFAULT_PINGER = $(libexecdir)/pinger$(EXEEXT) +DEFAULT_PINGER = $(libexecdir)/`echo pinger | sed '$(transform);s/$$/$(EXEEXT)/'` dist-hook: @ for subdir in include include/samba/nsswitch; do \ diff -ruN squid-2.5.STABLE6/Makefile.in squid-2.5.STABLE7/Makefile.in --- squid-2.5.STABLE6/Makefile.in Tue Jun 8 05:37:09 2004 +++ squid-2.5.STABLE7/Makefile.in Sat Sep 25 15:37:58 2004 @@ -14,7 +14,7 @@ @SET_MAKE@ # -# $Id: Makefile.in,v 1.6.2.20 2004/06/08 11:37:09 hno Exp $ +# $Id: Makefile.in,v 1.6.2.23 2004/09/25 21:37:58 hno Exp $ # SHELL = @SHELL@ @@ -123,7 +123,7 @@ SUBDIRS = lib @makesnmplib@ scripts src icons errors doc helpers DISTCLEANFILES = include/stamp-h include/stamp-h[0-9]* -DEFAULT_PINGER = $(libexecdir)/pinger$(EXEEXT) +DEFAULT_PINGER = $(libexecdir)/`echo pinger | sed '$(transform);s/$$/$(EXEEXT)/'` EXTRA_DIST = \ ChangeLog \ diff -ruN squid-2.5.STABLE6/RELEASENOTES.html squid-2.5.STABLE7/RELEASENOTES.html --- squid-2.5.STABLE6/RELEASENOTES.html Thu Jul 8 17:44:48 2004 +++ squid-2.5.STABLE7/RELEASENOTES.html Mon Oct 11 14:27:12 2004 @@ -7,7 +7,7 @@

Squid 2.5 release notes

-

Squid Developers

$Id: release-2.5.html,v 1.1.2.32 2004/07/08 23:31:28 hno Exp $ +

Squid Developers

$Id: release-2.5.html,v 1.1.2.39 2004/10/11 20:13:43 hno Exp $
This document contains the release notes for version 2.5 of Squid. Squid is a WWW Cache application developed by the National Laboratory @@ -132,6 +132,8 @@
minimum_retry_timeout

This has been removed - it is not referenced anywhere in the source code.

short_icon_urls

New directive to enable an alternative way of referring to icons in FTP directory listings etc.

acl urllogin

New acl type to match the login component of Internet style URLs (protocol://user:password@host/path/to/file)

+
balance_on_multiple_ip

New directive to make it possible to disable the automatic round-robin load balancing on multiple IP addresses normally done by Squid.

+
reply_header_max_size

New directive limiting the size of HTTP reply headers, similar to request_header_max_size but in the reply direction (from servers to clients). Default is 20KB.

@@ -143,11 +145,12 @@
Bug #761

assertion failed: cbdata.c:249: "c->locks > 0" when using diskd

Bug -#910

ntlm auth_user_hash_pointer memory leak if challenge reuses are enabled

- -
Bug #779

users going above their allowed IP count no longer logged in cache.log

Bug +#1059

mime.conf and referenced icons must be within chroot

+
Bug +#1033

CARP ignores cache_peer_access and cache_peer_domain

+
Bug #692

tcp_outgoing_address using an ident ACL does not work

Bug #581

acl max_user_ip and multiple authentication schemes

@@ -288,6 +291,34 @@
  • Processing of Vary: * and Vary on error messages corrected
  • a large number of minor and cosmetic bugfixes. See the list of squid-2.5.STABLE5 patches and the +ChangeLog file for details.
    • + +

    + +

    9. Key changes squid-2.5.STABLE6 to 2.5.STABLE7:

    + +

    +

      +
    • SNMP related Denial of Service issue corrected (CAN-2004-0918)
      • +
    • NTLM related bugfix noticed by the Samba group
      • +
    • UFS cache_dir bugfix to issue introduced in STABLE6 causing +no objects to get cached in some configurations.
      • +
    • cache_effective_user now sets supplementary group list +if cache_effective_group not set
      • +
    • cache_effective_group now used if specified even if not started +as root. If you do not start Squid as root you may need to remove this +directive from your squid.conf if not set correctly.
      • +
    • request_header_max_size directive corrected. You may need to increase +this value after upgrading if set very low. The default have been increased +from 10 KB to 20 KB which should be sufficient for most uses.
      • +
    • reply_header_max_size directive added
      • +
    • http_header_access & replace now support arbitrary headers, +not only the well known headers known by Squid
      • +
    • new acl types req_hdr and resp_hdr to match arbitrary HTTP headers, +useful to block certain malware/spyware etc.
      • +
    • new balance_on_multiple_ip squid.conf directive
      • +
    • a number of other minor and cosmetic bugfixes. See the list of +squid-2.5.STABLE6 patches and the ChangeLog file for details.

    diff -ruN squid-2.5.STABLE6/configure squid-2.5.STABLE7/configure --- squid-2.5.STABLE6/configure Thu Jul 8 17:44:39 2004 +++ squid-2.5.STABLE7/configure Mon Oct 11 14:27:03 2004 @@ -1000,7 +1000,7 @@ # Define the identity of the package. PACKAGE=squid -VERSION=2.5.STABLE6 +VERSION=2.5.STABLE7 cat >> confdefs.h <&6 echo "configure:1057: checking whether to enable maintainer-specific portions of Makefiles" >&5 # Check whether --enable-maintainer-mode or --disable-maintainer-mode was given. @@ -1535,7 +1535,7 @@ fi done IFS="$ac_save_ifs" - test -z "$ac_cv_path_PKGCONFIG" && ac_cv_path_PKGCONFIG="/usr/bin/false" + test -z "$ac_cv_path_PKGCONFIG" && ac_cv_path_PKGCONFIG="false" ;; esac fi @@ -2275,6 +2275,8 @@ ;; *-solaris-*) ;; + *-freebsd*) + ;; *) echo "WARNING: ARP ACL support probably won't work on $host." sleep 10 @@ -2938,7 +2940,7 @@ if test "$require_sasl" = "yes"; then echo $ac_n "checking how to run the C preprocessor""... $ac_c" 1>&6 -echo "configure:2942: checking how to run the C preprocessor" >&5 +echo "configure:2944: checking how to run the C preprocessor" >&5 # On Suns, sometimes $CPP names a directory. if test -n "$CPP" && test -d "$CPP"; then CPP= @@ -2953,13 +2955,13 @@ # On the NeXT, cc -E runs the code through the compiler's parser, # not just through cpp. cat > conftest.$ac_ext < Syntax Error EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:2963: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:2965: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then : @@ -2970,13 +2972,13 @@ rm -rf conftest* CPP="${CC-cc} -E -traditional-cpp" cat > conftest.$ac_ext < Syntax Error EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:2980: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:2982: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then : @@ -2987,13 +2989,13 @@ rm -rf conftest* CPP="${CC-cc} -nologo -E" cat > conftest.$ac_ext < Syntax Error EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:2997: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:2999: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then : @@ -3021,17 +3023,17 @@ do ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:3025: checking for $ac_hdr" >&5 +echo "configure:3027: checking for $ac_hdr" >&5 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:3035: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:3037: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then rm -rf conftest* @@ -3165,7 +3167,7 @@ esac echo $ac_n "checking how to run the C preprocessor""... $ac_c" 1>&6 -echo "configure:3169: checking how to run the C preprocessor" >&5 +echo "configure:3171: checking how to run the C preprocessor" >&5 # On Suns, sometimes $CPP names a directory. if test -n "$CPP" && test -d "$CPP"; then CPP= @@ -3180,13 +3182,13 @@ # On the NeXT, cc -E runs the code through the compiler's parser, # not just through cpp. cat > conftest.$ac_ext < Syntax Error EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:3190: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:3192: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then : @@ -3197,13 +3199,13 @@ rm -rf conftest* CPP="${CC-cc} -E -traditional-cpp" cat > conftest.$ac_ext < Syntax Error EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:3207: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:3209: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then : @@ -3214,13 +3216,13 @@ rm -rf conftest* CPP="${CC-cc} -nologo -E" cat > conftest.$ac_ext < Syntax Error EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:3224: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:3226: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then : @@ -3256,7 +3258,7 @@ # SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff" # ./install, which can be erroneously created by make from ./install.sh. echo $ac_n "checking for a BSD compatible install""... $ac_c" 1>&6 -echo "configure:3260: checking for a BSD compatible install" >&5 +echo "configure:3262: checking for a BSD compatible install" >&5 if test -z "$INSTALL"; then if eval "test \"`echo '$''{'ac_cv_path_install'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -3311,7 +3313,7 @@ # Extract the first word of "ranlib", so it can be a program name with args. set dummy ranlib; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:3315: checking for $ac_word" >&5 +echo "configure:3317: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_prog_RANLIB'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -3339,7 +3341,7 @@ fi echo $ac_n "checking whether ln -s works""... $ac_c" 1>&6 -echo "configure:3343: checking whether ln -s works" >&5 +echo "configure:3345: checking whether ln -s works" >&5 if eval "test \"`echo '$''{'ac_cv_prog_LN_S'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -3362,7 +3364,7 @@ # Extract the first word of "sh", so it can be a program name with args. set dummy sh; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:3366: checking for $ac_word" >&5 +echo "configure:3368: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_path_SH'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -3398,7 +3400,7 @@ # Extract the first word of "false", so it can be a program name with args. set dummy false; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:3402: checking for $ac_word" >&5 +echo "configure:3404: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_path_FALSE'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -3434,7 +3436,7 @@ # Extract the first word of "true", so it can be a program name with args. set dummy true; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:3438: checking for $ac_word" >&5 +echo "configure:3440: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_path_TRUE'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -3470,7 +3472,7 @@ # Extract the first word of "rm", so it can be a program name with args. set dummy rm; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:3474: checking for $ac_word" >&5 +echo "configure:3476: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_path_RM'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -3506,7 +3508,7 @@ # Extract the first word of "mv", so it can be a program name with args. set dummy mv; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:3510: checking for $ac_word" >&5 +echo "configure:3512: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_path_MV'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -3542,7 +3544,7 @@ # Extract the first word of "mkdir", so it can be a program name with args. set dummy mkdir; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:3546: checking for $ac_word" >&5 +echo "configure:3548: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_path_MKDIR'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -3578,7 +3580,7 @@ # Extract the first word of "ln", so it can be a program name with args. set dummy ln; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:3582: checking for $ac_word" >&5 +echo "configure:3584: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_path_LN'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -3614,7 +3616,7 @@ # Extract the first word of "perl", so it can be a program name with args. set dummy perl; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:3618: checking for $ac_word" >&5 +echo "configure:3620: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_path_PERL'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -3650,7 +3652,7 @@ # Extract the first word of "ar", so it can be a program name with args. set dummy ar; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:3654: checking for $ac_word" >&5 +echo "configure:3656: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_path_AR'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -3710,12 +3712,12 @@ do ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` echo $ac_n "checking for $ac_hdr that defines DIR""... $ac_c" 1>&6 -echo "configure:3714: checking for $ac_hdr that defines DIR" >&5 +echo "configure:3716: checking for $ac_hdr that defines DIR" >&5 if eval "test \"`echo '$''{'ac_cv_header_dirent_$ac_safe'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #include <$ac_hdr> @@ -3723,7 +3725,7 @@ DIR *dirp = 0; ; return 0; } EOF -if { (eval echo configure:3727: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:3729: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* eval "ac_cv_header_dirent_$ac_safe=yes" else @@ -3748,7 +3750,7 @@ # Two versions of opendir et al. are in -ldir and -lx on SCO Xenix. if test $ac_header_dirent = dirent.h; then echo $ac_n "checking for opendir in -ldir""... $ac_c" 1>&6 -echo "configure:3752: checking for opendir in -ldir" >&5 +echo "configure:3754: checking for opendir in -ldir" >&5 ac_lib_var=`echo dir'_'opendir | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -3756,7 +3758,7 @@ ac_save_LIBS="$LIBS" LIBS="-ldir $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:3773: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -3789,7 +3791,7 @@ else echo $ac_n "checking for opendir in -lx""... $ac_c" 1>&6 -echo "configure:3793: checking for opendir in -lx" >&5 +echo "configure:3795: checking for opendir in -lx" >&5 ac_lib_var=`echo x'_'opendir | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -3797,7 +3799,7 @@ ac_save_LIBS="$LIBS" LIBS="-lx $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:3814: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -3831,12 +3833,12 @@ fi echo $ac_n "checking for ANSI C header files""... $ac_c" 1>&6 -echo "configure:3835: checking for ANSI C header files" >&5 +echo "configure:3837: checking for ANSI C header files" >&5 if eval "test \"`echo '$''{'ac_cv_header_stdc'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #include @@ -3844,7 +3846,7 @@ #include EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:3848: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:3850: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then rm -rf conftest* @@ -3861,7 +3863,7 @@ if test $ac_cv_header_stdc = yes; then # SunOS 4.x string.h does not declare mem*, contrary to ANSI. cat > conftest.$ac_ext < EOF @@ -3879,7 +3881,7 @@ if test $ac_cv_header_stdc = yes; then # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. cat > conftest.$ac_ext < EOF @@ -3900,7 +3902,7 @@ : else cat > conftest.$ac_ext < #define ISLOWER(c) ('a' <= (c) && (c) <= 'z') @@ -3911,7 +3913,7 @@ exit (0); } EOF -if { (eval echo configure:3915: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:3917: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then : else @@ -4018,17 +4020,17 @@ do ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:4022: checking for $ac_hdr" >&5 +echo "configure:4024: checking for $ac_hdr" >&5 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:4032: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:4034: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then rm -rf conftest* @@ -4056,12 +4058,12 @@ echo $ac_n "checking for working const""... $ac_c" 1>&6 -echo "configure:4060: checking for working const" >&5 +echo "configure:4062: checking for working const" >&5 if eval "test \"`echo '$''{'ac_cv_c_const'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:4116: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* ac_cv_c_const=yes else @@ -4131,14 +4133,14 @@ fi echo $ac_n "checking whether byte ordering is bigendian""... $ac_c" 1>&6 -echo "configure:4135: checking whether byte ordering is bigendian" >&5 +echo "configure:4137: checking whether byte ordering is bigendian" >&5 if eval "test \"`echo '$''{'ac_cv_c_bigendian'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else ac_cv_c_bigendian=unknown # See if sys/param.h defines the BYTE_ORDER macro. cat > conftest.$ac_ext < #include @@ -4149,11 +4151,11 @@ #endif ; return 0; } EOF -if { (eval echo configure:4153: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:4155: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* # It does; now see whether it defined to BIG_ENDIAN or not. cat > conftest.$ac_ext < #include @@ -4164,7 +4166,7 @@ #endif ; return 0; } EOF -if { (eval echo configure:4168: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:4170: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* ac_cv_c_bigendian=yes else @@ -4184,7 +4186,7 @@ { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; } else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:4203: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then ac_cv_c_bigendian=no else @@ -4222,20 +4224,20 @@ echo $ac_n "checking if ANSI prototypes work""... $ac_c" 1>&6 -echo "configure:4226: checking if ANSI prototypes work" >&5 +echo "configure:4228: checking if ANSI prototypes work" >&5 if eval "test \"`echo '$''{'ac_cv_have_ansi_prototypes'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:4241: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* ac_cv_have_ansi_prototypes="yes" else @@ -4257,13 +4259,13 @@ fi echo $ac_n "checking for tm->tm_gmtoff""... $ac_c" 1>&6 -echo "configure:4261: checking for tm->tm_gmtoff" >&5 +echo "configure:4263: checking for tm->tm_gmtoff" >&5 if eval "test \"`echo '$''{'ac_cv_have_tm_gmoff'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #include @@ -4272,7 +4274,7 @@ foo.tm_gmtoff = 0; ; return 0; } EOF -if { (eval echo configure:4276: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:4278: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* ac_cv_have_tm_gmoff="yes" else @@ -4294,13 +4296,13 @@ fi echo $ac_n "checking for struct mallinfo""... $ac_c" 1>&6 -echo "configure:4298: checking for struct mallinfo" >&5 +echo "configure:4300: checking for struct mallinfo" >&5 if eval "test \"`echo '$''{'ac_cv_have_struct_mallinfo'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #if HAVE_MALLOC_H @@ -4318,7 +4320,7 @@ foo.keepcost = 0; ; return 0; } EOF -if { (eval echo configure:4322: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:4324: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* ac_cv_have_struct_mallinfo="yes" else @@ -4340,13 +4342,13 @@ fi echo $ac_n "checking for extended mallinfo""... $ac_c" 1>&6 -echo "configure:4344: checking for extended mallinfo" >&5 +echo "configure:4346: checking for extended mallinfo" >&5 if eval "test \"`echo '$''{'ac_cv_have_ext_mallinfo'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #include @@ -4355,7 +4357,7 @@ foo.mxfast = 0; ; return 0; } EOF -if { (eval echo configure:4359: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:4361: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* ac_cv_have_ext_mallinfo="yes" else @@ -4377,13 +4379,13 @@ fi echo $ac_n "checking for struct rusage""... $ac_c" 1>&6 -echo "configure:4381: checking for struct rusage" >&5 +echo "configure:4383: checking for struct rusage" >&5 if eval "test \"`echo '$''{'ac_cv_have_struct_rusage'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:4402: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* ac_cv_have_struct_rusage="yes" else @@ -4418,13 +4420,13 @@ fi echo $ac_n "checking for ip->ip_hl""... $ac_c" 1>&6 -echo "configure:4422: checking for ip->ip_hl" >&5 +echo "configure:4424: checking for ip->ip_hl" >&5 if eval "test \"`echo '$''{'ac_cv_have_ip_hl'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #include @@ -4443,7 +4445,7 @@ ip.ip_hl= 0; ; return 0; } EOF -if { (eval echo configure:4447: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:4449: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* ac_cv_have_ip_hl="yes" else @@ -4465,7 +4467,7 @@ fi echo $ac_n "checking size of void *""... $ac_c" 1>&6 -echo "configure:4469: checking size of void *" >&5 +echo "configure:4471: checking size of void *" >&5 if eval "test \"`echo '$''{'ac_cv_sizeof_void_p'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -4473,7 +4475,7 @@ { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; } else cat > conftest.$ac_ext < main() @@ -4484,7 +4486,7 @@ exit(0); } EOF -if { (eval echo configure:4488: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:4490: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then ac_cv_sizeof_void_p=`cat conftestval` else @@ -4504,7 +4506,7 @@ echo $ac_n "checking size of short""... $ac_c" 1>&6 -echo "configure:4508: checking size of short" >&5 +echo "configure:4510: checking size of short" >&5 if eval "test \"`echo '$''{'ac_cv_sizeof_short'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -4512,7 +4514,7 @@ { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; } else cat > conftest.$ac_ext < main() @@ -4523,7 +4525,7 @@ exit(0); } EOF -if { (eval echo configure:4527: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:4529: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then ac_cv_sizeof_short=`cat conftestval` else @@ -4543,7 +4545,7 @@ echo $ac_n "checking size of int""... $ac_c" 1>&6 -echo "configure:4547: checking size of int" >&5 +echo "configure:4549: checking size of int" >&5 if eval "test \"`echo '$''{'ac_cv_sizeof_int'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -4551,7 +4553,7 @@ { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; } else cat > conftest.$ac_ext < main() @@ -4562,7 +4564,7 @@ exit(0); } EOF -if { (eval echo configure:4566: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:4568: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then ac_cv_sizeof_int=`cat conftestval` else @@ -4582,7 +4584,7 @@ echo $ac_n "checking size of long""... $ac_c" 1>&6 -echo "configure:4586: checking size of long" >&5 +echo "configure:4588: checking size of long" >&5 if eval "test \"`echo '$''{'ac_cv_sizeof_long'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -4590,7 +4592,7 @@ { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; } else cat > conftest.$ac_ext < main() @@ -4601,7 +4603,7 @@ exit(0); } EOF -if { (eval echo configure:4605: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:4607: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then ac_cv_sizeof_long=`cat conftestval` else @@ -4621,7 +4623,7 @@ echo $ac_n "checking size of long long""... $ac_c" 1>&6 -echo "configure:4625: checking size of long long" >&5 +echo "configure:4627: checking size of long long" >&5 if eval "test \"`echo '$''{'ac_cv_sizeof_long_long'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -4629,7 +4631,7 @@ { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; } else cat > conftest.$ac_ext < main() @@ -4640,7 +4642,7 @@ exit(0); } EOF -if { (eval echo configure:4644: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:4646: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then ac_cv_sizeof_long_long=`cat conftestval` else @@ -4660,7 +4662,7 @@ echo $ac_n "checking size of __int64""... $ac_c" 1>&6 -echo "configure:4664: checking size of __int64" >&5 +echo "configure:4666: checking size of __int64" >&5 if eval "test \"`echo '$''{'ac_cv_sizeof___int64'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -4668,7 +4670,7 @@ { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; } else cat > conftest.$ac_ext < @@ -4694,7 +4696,7 @@ } EOF -if { (eval echo configure:4698: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:4700: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then ac_cv_sizeof___int64=`cat conftestval` else @@ -4714,7 +4716,7 @@ echo $ac_n "checking size of int16_t""... $ac_c" 1>&6 -echo "configure:4718: checking size of int16_t" >&5 +echo "configure:4720: checking size of int16_t" >&5 if eval "test \"`echo '$''{'ac_cv_sizeof_int16_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -4722,7 +4724,7 @@ { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; } else cat > conftest.$ac_ext < @@ -4748,7 +4750,7 @@ } EOF -if { (eval echo configure:4752: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:4754: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then ac_cv_sizeof_int16_t=`cat conftestval` else @@ -4768,7 +4770,7 @@ echo $ac_n "checking size of uint16_t""... $ac_c" 1>&6 -echo "configure:4772: checking size of uint16_t" >&5 +echo "configure:4774: checking size of uint16_t" >&5 if eval "test \"`echo '$''{'ac_cv_sizeof_uint16_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -4776,7 +4778,7 @@ { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; } else cat > conftest.$ac_ext < @@ -4802,7 +4804,7 @@ } EOF -if { (eval echo configure:4806: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:4808: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then ac_cv_sizeof_uint16_t=`cat conftestval` else @@ -4822,7 +4824,7 @@ echo $ac_n "checking size of u_int16_t""... $ac_c" 1>&6 -echo "configure:4826: checking size of u_int16_t" >&5 +echo "configure:4828: checking size of u_int16_t" >&5 if eval "test \"`echo '$''{'ac_cv_sizeof_u_int16_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -4830,7 +4832,7 @@ { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; } else cat > conftest.$ac_ext < @@ -4856,7 +4858,7 @@ } EOF -if { (eval echo configure:4860: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:4862: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then ac_cv_sizeof_u_int16_t=`cat conftestval` else @@ -4876,7 +4878,7 @@ echo $ac_n "checking size of int32_t""... $ac_c" 1>&6 -echo "configure:4880: checking size of int32_t" >&5 +echo "configure:4882: checking size of int32_t" >&5 if eval "test \"`echo '$''{'ac_cv_sizeof_int32_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -4884,7 +4886,7 @@ { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; } else cat > conftest.$ac_ext < @@ -4910,7 +4912,7 @@ } EOF -if { (eval echo configure:4914: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:4916: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then ac_cv_sizeof_int32_t=`cat conftestval` else @@ -4930,7 +4932,7 @@ echo $ac_n "checking size of uint32_t""... $ac_c" 1>&6 -echo "configure:4934: checking size of uint32_t" >&5 +echo "configure:4936: checking size of uint32_t" >&5 if eval "test \"`echo '$''{'ac_cv_sizeof_uint32_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -4938,7 +4940,7 @@ { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; } else cat > conftest.$ac_ext < @@ -4964,7 +4966,7 @@ } EOF -if { (eval echo configure:4968: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:4970: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then ac_cv_sizeof_uint32_t=`cat conftestval` else @@ -4984,7 +4986,7 @@ echo $ac_n "checking size of u_int32_t""... $ac_c" 1>&6 -echo "configure:4988: checking size of u_int32_t" >&5 +echo "configure:4990: checking size of u_int32_t" >&5 if eval "test \"`echo '$''{'ac_cv_sizeof_u_int32_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -4992,7 +4994,7 @@ { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; } else cat > conftest.$ac_ext < @@ -5018,7 +5020,7 @@ } EOF -if { (eval echo configure:5022: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:5024: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then ac_cv_sizeof_u_int32_t=`cat conftestval` else @@ -5038,7 +5040,7 @@ echo $ac_n "checking size of int64_t""... $ac_c" 1>&6 -echo "configure:5042: checking size of int64_t" >&5 +echo "configure:5044: checking size of int64_t" >&5 if eval "test \"`echo '$''{'ac_cv_sizeof_int64_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -5046,7 +5048,7 @@ { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; } else cat > conftest.$ac_ext < @@ -5072,7 +5074,7 @@ } EOF -if { (eval echo configure:5076: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:5078: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then ac_cv_sizeof_int64_t=`cat conftestval` else @@ -5092,7 +5094,7 @@ echo $ac_n "checking size of uint64_t""... $ac_c" 1>&6 -echo "configure:5096: checking size of uint64_t" >&5 +echo "configure:5098: checking size of uint64_t" >&5 if eval "test \"`echo '$''{'ac_cv_sizeof_uint64_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -5100,7 +5102,7 @@ { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; } else cat > conftest.$ac_ext < @@ -5126,7 +5128,7 @@ } EOF -if { (eval echo configure:5130: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:5132: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then ac_cv_sizeof_uint64_t=`cat conftestval` else @@ -5146,7 +5148,7 @@ echo $ac_n "checking size of u_int64_t""... $ac_c" 1>&6 -echo "configure:5150: checking size of u_int64_t" >&5 +echo "configure:5152: checking size of u_int64_t" >&5 if eval "test \"`echo '$''{'ac_cv_sizeof_u_int64_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -5154,7 +5156,7 @@ { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; } else cat > conftest.$ac_ext < @@ -5180,7 +5182,7 @@ } EOF -if { (eval echo configure:5184: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:5186: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then ac_cv_sizeof_u_int64_t=`cat conftestval` else @@ -5202,12 +5204,12 @@ if test "x$ac_cv_sizeof_short" = "x2"; then echo $ac_n "checking for int16_t""... $ac_c" 1>&6 -echo "configure:5206: checking for int16_t" >&5 +echo "configure:5208: checking for int16_t" >&5 if eval "test \"`echo '$''{'ac_cv_type_int16_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&6 -echo "configure:5255: checking for int16_t" >&5 +echo "configure:5257: checking for int16_t" >&5 if eval "test \"`echo '$''{'ac_cv_type_int16_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&6 -echo "configure:5305: checking for u_int16_t" >&5 +echo "configure:5307: checking for u_int16_t" >&5 if eval "test \"`echo '$''{'ac_cv_type_u_int16_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&6 -echo "configure:5354: checking for u_int16_t" >&5 +echo "configure:5356: checking for u_int16_t" >&5 if eval "test \"`echo '$''{'ac_cv_type_u_int16_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&6 -echo "configure:5403: checking for u_int16_t" >&5 +echo "configure:5405: checking for u_int16_t" >&5 if eval "test \"`echo '$''{'ac_cv_type_u_int16_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&6 -echo "configure:5453: checking for int32_t" >&5 +echo "configure:5455: checking for int32_t" >&5 if eval "test \"`echo '$''{'ac_cv_type_int32_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&6 -echo "configure:5502: checking for int32_t" >&5 +echo "configure:5504: checking for int32_t" >&5 if eval "test \"`echo '$''{'ac_cv_type_int32_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&6 -echo "configure:5552: checking for u_int32_t" >&5 +echo "configure:5554: checking for u_int32_t" >&5 if eval "test \"`echo '$''{'ac_cv_type_u_int32_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&6 -echo "configure:5601: checking for u_int32_t" >&5 +echo "configure:5603: checking for u_int32_t" >&5 if eval "test \"`echo '$''{'ac_cv_type_u_int32_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&6 -echo "configure:5650: checking for u_int32_t" >&5 +echo "configure:5652: checking for u_int32_t" >&5 if eval "test \"`echo '$''{'ac_cv_type_u_int32_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&6 -echo "configure:5700: checking for int64_t" >&5 +echo "configure:5702: checking for int64_t" >&5 if eval "test \"`echo '$''{'ac_cv_type_int64_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&6 -echo "configure:5749: checking for int64_t" >&5 +echo "configure:5751: checking for int64_t" >&5 if eval "test \"`echo '$''{'ac_cv_type_int64_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&6 -echo "configure:5798: checking for int64_t" >&5 +echo "configure:5800: checking for int64_t" >&5 if eval "test \"`echo '$''{'ac_cv_type_int64_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&6 -echo "configure:5848: checking for u_int64_t" >&5 +echo "configure:5850: checking for u_int64_t" >&5 if eval "test \"`echo '$''{'ac_cv_type_u_int64_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&6 -echo "configure:5897: checking for u_int64_t" >&5 +echo "configure:5899: checking for u_int64_t" >&5 if eval "test \"`echo '$''{'ac_cv_type_u_int64_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&6 -echo "configure:5946: checking for u_int64_t" >&5 +echo "configure:5948: checking for u_int64_t" >&5 if eval "test \"`echo '$''{'ac_cv_type_u_int64_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&6 -echo "configure:5995: checking for int64_t" >&5 +echo "configure:5997: checking for int64_t" >&5 if eval "test \"`echo '$''{'ac_cv_type_int64_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&6 -echo "configure:6045: checking for pid_t" >&5 +echo "configure:6047: checking for pid_t" >&5 if eval "test \"`echo '$''{'ac_cv_type_pid_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #if STDC_HEADERS @@ -6074,12 +6076,12 @@ fi echo $ac_n "checking for size_t""... $ac_c" 1>&6 -echo "configure:6078: checking for size_t" >&5 +echo "configure:6080: checking for size_t" >&5 if eval "test \"`echo '$''{'ac_cv_type_size_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #if STDC_HEADERS @@ -6107,12 +6109,12 @@ fi echo $ac_n "checking for ssize_t""... $ac_c" 1>&6 -echo "configure:6111: checking for ssize_t" >&5 +echo "configure:6113: checking for ssize_t" >&5 if eval "test \"`echo '$''{'ac_cv_type_ssize_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #if STDC_HEADERS @@ -6140,12 +6142,12 @@ fi echo $ac_n "checking for off_t""... $ac_c" 1>&6 -echo "configure:6144: checking for off_t" >&5 +echo "configure:6146: checking for off_t" >&5 if eval "test \"`echo '$''{'ac_cv_type_off_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #if STDC_HEADERS @@ -6173,12 +6175,12 @@ fi echo $ac_n "checking for mode_t""... $ac_c" 1>&6 -echo "configure:6177: checking for mode_t" >&5 +echo "configure:6179: checking for mode_t" >&5 if eval "test \"`echo '$''{'ac_cv_type_mode_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #if STDC_HEADERS @@ -6206,12 +6208,12 @@ fi echo $ac_n "checking for fd_mask""... $ac_c" 1>&6 -echo "configure:6210: checking for fd_mask" >&5 +echo "configure:6212: checking for fd_mask" >&5 if eval "test \"`echo '$''{'ac_cv_type_fd_mask'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #if STDC_HEADERS @@ -6240,7 +6242,7 @@ echo $ac_n "checking size of off_t""... $ac_c" 1>&6 -echo "configure:6244: checking size of off_t" >&5 +echo "configure:6246: checking size of off_t" >&5 if eval "test \"`echo '$''{'ac_cv_sizeof_off_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -6248,7 +6250,7 @@ ac_cv_sizeof_off_t=4 else cat > conftest.$ac_ext < @@ -6274,7 +6276,7 @@ } EOF -if { (eval echo configure:6278: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:6280: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then ac_cv_sizeof_off_t=`cat conftestval` else @@ -6294,7 +6296,7 @@ echo $ac_n "checking size of size_t""... $ac_c" 1>&6 -echo "configure:6298: checking size of size_t" >&5 +echo "configure:6300: checking size of size_t" >&5 if eval "test \"`echo '$''{'ac_cv_sizeof_size_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -6302,7 +6304,7 @@ ac_cv_sizeof_size_t=4 else cat > conftest.$ac_ext < @@ -6328,7 +6330,7 @@ } EOF -if { (eval echo configure:6332: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:6334: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then ac_cv_sizeof_size_t=`cat conftestval` else @@ -6351,19 +6353,19 @@ # The Ultrix 4.2 mips builtin alloca declared by alloca.h only works # for constant arguments. Useless! echo $ac_n "checking for working alloca.h""... $ac_c" 1>&6 -echo "configure:6355: checking for working alloca.h" >&5 +echo "configure:6357: checking for working alloca.h" >&5 if eval "test \"`echo '$''{'ac_cv_header_alloca_h'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < int main() { char *p = alloca(2 * sizeof(int)); ; return 0; } EOF -if { (eval echo configure:6367: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:6369: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* ac_cv_header_alloca_h=yes else @@ -6384,12 +6386,12 @@ fi echo $ac_n "checking for alloca""... $ac_c" 1>&6 -echo "configure:6388: checking for alloca" >&5 +echo "configure:6390: checking for alloca" >&5 if eval "test \"`echo '$''{'ac_cv_func_alloca_works'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:6423: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* ac_cv_func_alloca_works=yes else @@ -6449,12 +6451,12 @@ echo $ac_n "checking whether alloca needs Cray hooks""... $ac_c" 1>&6 -echo "configure:6453: checking whether alloca needs Cray hooks" >&5 +echo "configure:6455: checking whether alloca needs Cray hooks" >&5 if eval "test \"`echo '$''{'ac_cv_os_cray'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&6 -echo "configure:6483: checking for $ac_func" >&5 +echo "configure:6485: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:6513: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -6534,7 +6536,7 @@ fi echo $ac_n "checking stack direction for C alloca""... $ac_c" 1>&6 -echo "configure:6538: checking stack direction for C alloca" >&5 +echo "configure:6540: checking stack direction for C alloca" >&5 if eval "test \"`echo '$''{'ac_cv_c_stack_direction'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -6542,7 +6544,7 @@ ac_cv_c_stack_direction=0 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:6567: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then ac_cv_c_stack_direction=1 else @@ -6585,13 +6587,13 @@ echo $ac_n "checking for socklen_t""... $ac_c" 1>&6 -echo "configure:6589: checking for socklen_t" >&5 +echo "configure:6591: checking for socklen_t" >&5 if eval "test \"`echo '$''{'ac_cv_type_socklen_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #include @@ -6622,13 +6624,13 @@ fi echo $ac_n "checking for mtyp_t""... $ac_c" 1>&6 -echo "configure:6626: checking for mtyp_t" >&5 +echo "configure:6628: checking for mtyp_t" >&5 if eval "test \"`echo '$''{'ac_cv_type_mtyp_t'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < #include @@ -6656,7 +6658,7 @@ fi echo $ac_n "checking for main in -lnsl""... $ac_c" 1>&6 -echo "configure:6660: checking for main in -lnsl" >&5 +echo "configure:6662: checking for main in -lnsl" >&5 ac_lib_var=`echo nsl'_'main | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -6664,14 +6666,14 @@ ac_save_LIBS="$LIBS" LIBS="-lnsl $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:6677: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -6699,7 +6701,7 @@ fi echo $ac_n "checking for main in -lsocket""... $ac_c" 1>&6 -echo "configure:6703: checking for main in -lsocket" >&5 +echo "configure:6705: checking for main in -lsocket" >&5 ac_lib_var=`echo socket'_'main | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -6707,14 +6709,14 @@ ac_save_LIBS="$LIBS" LIBS="-lsocket $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:6720: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -6743,13 +6745,13 @@ echo $ac_n "checking for unix domain sockets""... $ac_c" 1>&6 -echo "configure:6747: checking for unix domain sockets" >&5 +echo "configure:6749: checking for unix domain sockets" >&5 if eval "test \"`echo '$''{'squid_cv_unixsocket'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < @@ -6764,7 +6766,7 @@ ; return 0; } EOF -if { (eval echo configure:6768: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:6770: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* squid_cv_unixsocket=yes else @@ -6788,7 +6790,7 @@ echo "skipping libmalloc check (--enable-dlmalloc specified)" else echo $ac_n "checking for main in -lgnumalloc""... $ac_c" 1>&6 -echo "configure:6792: checking for main in -lgnumalloc" >&5 +echo "configure:6794: checking for main in -lgnumalloc" >&5 ac_lib_var=`echo gnumalloc'_'main | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -6796,14 +6798,14 @@ ac_save_LIBS="$LIBS" LIBS="-lgnumalloc $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:6809: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -6846,7 +6848,7 @@ *) echo $ac_n "checking for main in -lmalloc""... $ac_c" 1>&6 -echo "configure:6850: checking for main in -lmalloc" >&5 +echo "configure:6852: checking for main in -lmalloc" >&5 ac_lib_var=`echo malloc'_'main | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -6854,14 +6856,14 @@ ac_save_LIBS="$LIBS" LIBS="-lmalloc $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:6867: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -6894,7 +6896,7 @@ fi echo $ac_n "checking for main in -lbsd""... $ac_c" 1>&6 -echo "configure:6898: checking for main in -lbsd" >&5 +echo "configure:6900: checking for main in -lbsd" >&5 ac_lib_var=`echo bsd'_'main | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -6902,14 +6904,14 @@ ac_save_LIBS="$LIBS" LIBS="-lbsd $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:6915: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -6937,7 +6939,7 @@ fi echo $ac_n "checking for main in -lregex""... $ac_c" 1>&6 -echo "configure:6941: checking for main in -lregex" >&5 +echo "configure:6943: checking for main in -lregex" >&5 ac_lib_var=`echo regex'_'main | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -6945,14 +6947,14 @@ ac_save_LIBS="$LIBS" LIBS="-lregex $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:6958: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -6973,7 +6975,7 @@ fi echo $ac_n "checking for gethostbyname in -lbind""... $ac_c" 1>&6 -echo "configure:6977: checking for gethostbyname in -lbind" >&5 +echo "configure:6979: checking for gethostbyname in -lbind" >&5 ac_lib_var=`echo bind'_'gethostbyname | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -6981,7 +6983,7 @@ ac_save_LIBS="$LIBS" LIBS="-lbind $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:6998: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -7026,7 +7028,7 @@ ;; *) echo $ac_n "checking for inet_aton in -lresolv""... $ac_c" 1>&6 -echo "configure:7030: checking for inet_aton in -lresolv" >&5 +echo "configure:7032: checking for inet_aton in -lresolv" >&5 ac_lib_var=`echo resolv'_'inet_aton | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -7034,7 +7036,7 @@ ac_save_LIBS="$LIBS" LIBS="-lresolv $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:7051: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -7061,7 +7063,7 @@ if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then echo "$ac_t""yes" 1>&6 echo $ac_n "checking for inet_aton in -l44bsd""... $ac_c" 1>&6 -echo "configure:7065: checking for inet_aton in -l44bsd" >&5 +echo "configure:7067: checking for inet_aton in -l44bsd" >&5 ac_lib_var=`echo 44bsd'_'inet_aton | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -7069,7 +7071,7 @@ ac_save_LIBS="$LIBS" LIBS="-l44bsd $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:7086: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -7112,7 +7114,7 @@ fi echo $ac_n "checking for main in -lresolv""... $ac_c" 1>&6 -echo "configure:7116: checking for main in -lresolv" >&5 +echo "configure:7118: checking for main in -lresolv" >&5 ac_lib_var=`echo resolv'_'main | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -7120,14 +7122,14 @@ ac_save_LIBS="$LIBS" LIBS="-lresolv $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:7133: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -7158,7 +7160,7 @@ esac fi echo $ac_n "checking for main in -lm""... $ac_c" 1>&6 -echo "configure:7162: checking for main in -lm" >&5 +echo "configure:7164: checking for main in -lm" >&5 ac_lib_var=`echo m'_'main | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -7166,14 +7168,14 @@ ac_save_LIBS="$LIBS" LIBS="-lm $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:7179: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -7202,7 +7204,7 @@ echo $ac_n "checking for crypt in -lcrypt""... $ac_c" 1>&6 -echo "configure:7206: checking for crypt in -lcrypt" >&5 +echo "configure:7208: checking for crypt in -lcrypt" >&5 ac_lib_var=`echo crypt'_'crypt | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -7210,7 +7212,7 @@ ac_save_LIBS="$LIBS" LIBS="-lcrypt $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:7227: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -7245,7 +7247,7 @@ if test "$with_dl" = "yes"; then echo $ac_n "checking for dlopen in -ldl""... $ac_c" 1>&6 -echo "configure:7249: checking for dlopen in -ldl" >&5 +echo "configure:7251: checking for dlopen in -ldl" >&5 ac_lib_var=`echo dl'_'dlopen | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -7253,7 +7255,7 @@ ac_save_LIBS="$LIBS" LIBS="-ldl $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:7270: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -7312,7 +7314,7 @@ ;; esac echo $ac_n "checking for main in -lpthread""... $ac_c" 1>&6 -echo "configure:7316: checking for main in -lpthread" >&5 +echo "configure:7318: checking for main in -lpthread" >&5 ac_lib_var=`echo pthread'_'main | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -7320,14 +7322,14 @@ ac_save_LIBS="$LIBS" LIBS="-lpthread $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:7333: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -7358,7 +7360,7 @@ if test "$with_aio" = "yes"; then echo $ac_n "checking for aio_read in -lrt""... $ac_c" 1>&6 -echo "configure:7362: checking for aio_read in -lrt" >&5 +echo "configure:7364: checking for aio_read in -lrt" >&5 ac_lib_var=`echo rt'_'aio_read | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -7366,7 +7368,7 @@ ac_save_LIBS="$LIBS" LIBS="-lrt $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:7383: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -7409,7 +7411,7 @@ case "$host" in *-pc-sco3.2*) echo $ac_n "checking for strftime in -lintl""... $ac_c" 1>&6 -echo "configure:7413: checking for strftime in -lintl" >&5 +echo "configure:7415: checking for strftime in -lintl" >&5 ac_lib_var=`echo intl'_'strftime | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -7417,7 +7419,7 @@ ac_save_LIBS="$LIBS" LIBS="-lintl $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:7434: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -7622,12 +7624,12 @@ do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:7626: checking for $ac_func" >&5 +echo "configure:7628: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:7656: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -7676,7 +7678,7 @@ echo $ac_n "checking if setresuid is implemented""... $ac_c" 1>&6 -echo "configure:7680: checking if setresuid is implemented" >&5 +echo "configure:7682: checking if setresuid is implemented" >&5 if eval "test \"`echo '$''{'ac_cv_func_setresuid'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -7684,7 +7686,7 @@ { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; } else cat > conftest.$ac_ext < @@ -7697,7 +7699,7 @@ } EOF -if { (eval echo configure:7701: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:7703: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then ac_cv_func_setresuid="yes" else @@ -7742,7 +7744,7 @@ fi echo $ac_n "checking if va_copy is implemented""... $ac_c" 1>&6 -echo "configure:7746: checking if va_copy is implemented" >&5 +echo "configure:7748: checking if va_copy is implemented" >&5 if eval "test \"`echo '$''{'ac_cv_func_va_copy'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -7750,7 +7752,7 @@ { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; } else cat > conftest.$ac_ext < @@ -7768,7 +7770,7 @@ } EOF -if { (eval echo configure:7772: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:7774: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then ac_cv_func_va_copy="yes" else @@ -7792,7 +7794,7 @@ fi echo $ac_n "checking if __va_copy is implemented""... $ac_c" 1>&6 -echo "configure:7796: checking if __va_copy is implemented" >&5 +echo "configure:7798: checking if __va_copy is implemented" >&5 if eval "test \"`echo '$''{'ac_cv_func___va_copy'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -7800,7 +7802,7 @@ { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; } else cat > conftest.$ac_ext < @@ -7818,7 +7820,7 @@ } EOF -if { (eval echo configure:7822: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:7824: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then ac_cv_func___va_copy="yes" else @@ -7843,7 +7845,7 @@ if test "$IPF_TRANSPARENT" ; then echo $ac_n "checking if IP-Filter header files are installed""... $ac_c" 1>&6 -echo "configure:7847: checking if IP-Filter header files are installed" >&5 +echo "configure:7849: checking if IP-Filter header files are installed" >&5 # hold on to your hats... if test "$ac_cv_header_ip_compat_h" = "yes" || test "$ac_cv_header_ip_fil_compat_h" = "yes" || @@ -7884,7 +7886,7 @@ if test "$PF_TRANSPARENT" ; then echo $ac_n "checking if PF header file is installed""... $ac_c" 1>&6 -echo "configure:7888: checking if PF header file is installed" >&5 +echo "configure:7890: checking if PF header file is installed" >&5 # hold on to your hats... if test "$ac_cv_header_net_pfvar_h" = "yes"; then PF_TRANSPARENT="yes" @@ -7909,7 +7911,7 @@ if test "$LINUX_NETFILTER" ; then echo $ac_n "checking if Linux 2.4 kernel header files are installed""... $ac_c" 1>&6 -echo "configure:7913: checking if Linux 2.4 kernel header files are installed" >&5 +echo "configure:7915: checking if Linux 2.4 kernel header files are installed" >&5 # hold on to your hats... if test "$ac_cv_header_linux_netfilter_ipv4_h" = "yes"; then LINUX_NETFILTER="yes" @@ -7943,13 +7945,13 @@ esac fi echo $ac_n "checking if GNUregex needs to be compiled""... $ac_c" 1>&6 -echo "configure:7947: checking if GNUregex needs to be compiled" >&5 +echo "configure:7949: checking if GNUregex needs to be compiled" >&5 if test -z "$USE_GNUREGEX"; then if test "$ac_cv_func_regcomp" = "no" || test "$USE_GNUREGEX" = "yes" ; then USE_GNUREGEX="yes" else cat > conftest.$ac_ext < #include @@ -7957,7 +7959,7 @@ regex_t t; regcomp(&t,"",0); ; return 0; } EOF -if { (eval echo configure:7961: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:7963: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* USE_GNUREGEX="no" else @@ -7985,15 +7987,16 @@ drand48 \ tempnam \ strerror \ + initgroups do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:7992: checking for $ac_func" >&5 +echo "configure:7995: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:8023: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -8044,12 +8047,12 @@ echo $ac_n "checking Default FD_SETSIZE value""... $ac_c" 1>&6 -echo "configure:8048: checking Default FD_SETSIZE value" >&5 +echo "configure:8051: checking Default FD_SETSIZE value" >&5 if test "$cross_compiling" = yes; then DEFAULT_FD_SETSIZE=256 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:8081: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then DEFAULT_FD_SETSIZE=`cat conftestval` else @@ -8093,7 +8096,7 @@ echo $ac_n "checking Maximum number of filedescriptors we can open""... $ac_c" 1>&6 -echo "configure:8097: checking Maximum number of filedescriptors we can open" >&5 +echo "configure:8100: checking Maximum number of filedescriptors we can open" >&5 TLDFLAGS="$LDFLAGS" case $host in i386-unknown-freebsd*) @@ -8105,7 +8108,7 @@ SQUID_MAXFD=256 else cat > conftest.$ac_ext < @@ -8165,7 +8168,7 @@ } EOF -if { (eval echo configure:8169: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:8172: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then SQUID_MAXFD=`cat conftestval` else @@ -8192,12 +8195,12 @@ LDFLAGS="$TLDFLAGS" echo $ac_n "checking Default UDP send buffer size""... $ac_c" 1>&6 -echo "configure:8196: checking Default UDP send buffer size" >&5 +echo "configure:8199: checking Default UDP send buffer size" >&5 if test "$cross_compiling" = yes; then SQUID_UDP_SO_SNDBUF=16384 else cat > conftest.$ac_ext < @@ -8218,7 +8221,7 @@ } EOF -if { (eval echo configure:8222: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:8225: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then SQUID_UDP_SO_SNDBUF=`cat conftestval` else @@ -8237,12 +8240,12 @@ echo $ac_n "checking Default UDP receive buffer size""... $ac_c" 1>&6 -echo "configure:8241: checking Default UDP receive buffer size" >&5 +echo "configure:8244: checking Default UDP receive buffer size" >&5 if test "$cross_compiling" = yes; then SQUID_UDP_SO_RCVBUF=16384 else cat > conftest.$ac_ext < @@ -8263,7 +8266,7 @@ } EOF -if { (eval echo configure:8267: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:8270: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then SQUID_UDP_SO_RCVBUF=`cat conftestval` else @@ -8282,12 +8285,12 @@ echo $ac_n "checking Default TCP send buffer size""... $ac_c" 1>&6 -echo "configure:8286: checking Default TCP send buffer size" >&5 +echo "configure:8289: checking Default TCP send buffer size" >&5 if test "$cross_compiling" = yes; then SQUID_TCP_SO_SNDBUF=16384 else cat > conftest.$ac_ext < @@ -8308,7 +8311,7 @@ } EOF -if { (eval echo configure:8312: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:8315: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then SQUID_TCP_SO_SNDBUF=`cat conftestval` else @@ -8321,18 +8324,22 @@ fi echo "$ac_t""$SQUID_TCP_SO_SNDBUF" 1>&6 +if test $SQUID_TCP_SO_SNDBUF -gt 32768; then + echo "Limiting send buffer size to 32K" + SQUID_TCP_SO_SNDBUF=32768 +fi cat >> confdefs.h <&6 -echo "configure:8331: checking Default TCP receive buffer size" >&5 +echo "configure:8338: checking Default TCP receive buffer size" >&5 if test "$cross_compiling" = yes; then SQUID_TCP_SO_RCVBUF=16384 else cat > conftest.$ac_ext < @@ -8353,7 +8360,7 @@ } EOF -if { (eval echo configure:8357: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:8364: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then SQUID_TCP_SO_RCVBUF=`cat conftestval` else @@ -8366,25 +8373,28 @@ fi echo "$ac_t""$SQUID_TCP_SO_RCVBUF" 1>&6 +if test $SQUID_TCP_SO_RCVBUF -gt 65535; then + echo "Limiting receive buffer size to 64K" + SQUID_TCP_SO_RCVBUF=65535 +fi cat >> confdefs.h <&6 -echo "configure:8376: checking if sys_errlist is already defined" >&5 +echo "configure:8386: checking if sys_errlist is already defined" >&5 if eval "test \"`echo '$''{'ac_cv_needs_sys_errlist'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < int main() { char *s = sys_errlist; ; return 0; } EOF -if { (eval echo configure:8388: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:8398: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* ac_cv_needs_sys_errlist="no" else @@ -8406,16 +8416,16 @@ fi echo $ac_n "checking for libresolv _dns_ttl_ hack""... $ac_c" 1>&6 -echo "configure:8410: checking for libresolv _dns_ttl_ hack" >&5 +echo "configure:8420: checking for libresolv _dns_ttl_ hack" >&5 cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:8429: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* echo "$ac_t""yes" 1>&6 cat >> confdefs.h <<\EOF @@ -8431,12 +8441,12 @@ rm -f conftest* echo $ac_n "checking if inet_ntoa() actually works""... $ac_c" 1>&6 -echo "configure:8435: checking if inet_ntoa() actually works" >&5 +echo "configure:8445: checking if inet_ntoa() actually works" >&5 if test "$cross_compiling" = yes; then INET_NTOA_RESULT="broken" else cat > conftest.$ac_ext < @@ -8455,7 +8465,7 @@ } EOF -if { (eval echo configure:8459: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +if { (eval echo configure:8469: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then INET_NTOA_RESULT=`cat conftestval` else @@ -8481,9 +8491,9 @@ if test "$ac_cv_header_sys_statvfs_h" = "yes" ; then echo $ac_n "checking for working statvfs() interface""... $ac_c" 1>&6 -echo "configure:8485: checking for working statvfs() interface" >&5 +echo "configure:8495: checking for working statvfs() interface" >&5 cat > conftest.$ac_ext < @@ -8500,7 +8510,7 @@ ; return 0; } EOF -if { (eval echo configure:8504: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:8514: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* ac_cv_func_statvfs=yes else @@ -8520,12 +8530,12 @@ fi echo $ac_n "checking for _res.nsaddr_list""... $ac_c" 1>&6 -echo "configure:8524: checking for _res.nsaddr_list" >&5 +echo "configure:8534: checking for _res.nsaddr_list" >&5 if eval "test \"`echo '$''{'ac_cv_have_res_nsaddr_list'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:8562: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* ac_cv_have_res_nsaddr_list="yes" else @@ -8570,12 +8580,12 @@ if test $ac_cv_have_res_nsaddr_list = "no" ; then echo $ac_n "checking for _res.ns_list""... $ac_c" 1>&6 -echo "configure:8574: checking for _res.ns_list" >&5 +echo "configure:8584: checking for _res.ns_list" >&5 if eval "test \"`echo '$''{'ac_cv_have_res_ns_list'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:8612: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* ac_cv_have_res_ns_list="yes" else diff -ruN squid-2.5.STABLE6/configure.in squid-2.5.STABLE7/configure.in --- squid-2.5.STABLE6/configure.in Thu Jul 8 17:44:39 2004 +++ squid-2.5.STABLE7/configure.in Mon Oct 11 14:27:03 2004 @@ -3,15 +3,15 @@ dnl dnl Duane Wessels, wessels@nlanr.net, February 1996 (autoconf v2.9) dnl -dnl $Id: configure.in,v 1.251.2.59 2004/07/08 23:31:56 hno Exp $ +dnl $Id: configure.in,v 1.251.2.73 2004/10/11 20:13:43 hno Exp $ dnl dnl dnl AC_INIT(src/main.c) AC_CONFIG_AUX_DIR(cfgaux) -AM_INIT_AUTOMAKE(squid, 2.5.STABLE6) +AM_INIT_AUTOMAKE(squid, 2.5.STABLE7) AM_CONFIG_HEADER(include/autoconf.h) -AC_REVISION($Revision: 1.251.2.59 $)dnl +AC_REVISION($Revision: 1.251.2.73 $)dnl AC_PREFIX_DEFAULT(/usr/local/squid) AM_MAINTAINER_MODE @@ -33,7 +33,7 @@ LIBREGEX='' # libregex.a dnl Check for pkg-config -AC_PATH_PROG(PKGCONFIG, pkg-config, /usr/bin/false) +AC_PATH_PROG(PKGCONFIG, pkg-config, false) dnl find out the exe extension for this platform. If it's not empty, use it for CGI's as well. AC_EXEEXT @@ -537,6 +537,8 @@ ;; *-solaris-*) ;; + *-freebsd*) + ;; *) echo "WARNING: ARP ACL support probably won't work on $host." sleep 10 @@ -1925,6 +1927,7 @@ drand48 \ tempnam \ strerror \ + initgroups ) dnl Not cached since people are likely to tune this @@ -2114,6 +2117,10 @@ SQUID_TCP_SO_SNDBUF=16384, SQUID_TCP_SO_SNDBUF=16384) AC_MSG_RESULT($SQUID_TCP_SO_SNDBUF) +if test $SQUID_TCP_SO_SNDBUF -gt 32768; then + echo "Limiting send buffer size to 32K" + SQUID_TCP_SO_SNDBUF=32768 +fi AC_DEFINE_UNQUOTED(SQUID_TCP_SO_SNDBUF, $SQUID_TCP_SO_SNDBUF) dnl Not cached since people are likely to tune this @@ -2140,8 +2147,11 @@ SQUID_TCP_SO_RCVBUF=16384, SQUID_TCP_SO_RCVBUF=16384) AC_MSG_RESULT($SQUID_TCP_SO_RCVBUF) +if test $SQUID_TCP_SO_RCVBUF -gt 65535; then + echo "Limiting receive buffer size to 64K" + SQUID_TCP_SO_RCVBUF=65535 +fi AC_DEFINE_UNQUOTED(SQUID_TCP_SO_RCVBUF, $SQUID_TCP_SO_RCVBUF) - AC_CACHE_CHECK(if sys_errlist is already defined, ac_cv_needs_sys_errlist, AC_TRY_COMPILE([#include ],[char *s = sys_errlist;], ac_cv_needs_sys_errlist="no", diff -ruN squid-2.5.STABLE6/doc/Makefile.in squid-2.5.STABLE7/doc/Makefile.in --- squid-2.5.STABLE6/doc/Makefile.in Tue Jun 8 05:37:11 2004 +++ squid-2.5.STABLE7/doc/Makefile.in Sat Jul 10 06:11:40 2004 @@ -16,7 +16,7 @@ # # Makefile for the Squid Object Cache server # -# $Id: Makefile.in,v 1.1.2.11 2004/06/08 11:37:11 hno Exp $ +# $Id: Makefile.in,v 1.1.2.13 2004/07/10 12:11:40 hno Exp $ # # Uncomment and customize the following to suit your needs: # diff -ruN squid-2.5.STABLE6/errors/Makefile.in squid-2.5.STABLE7/errors/Makefile.in --- squid-2.5.STABLE6/errors/Makefile.in Tue Jun 8 05:37:11 2004 +++ squid-2.5.STABLE7/errors/Makefile.in Sat Jul 10 06:11:41 2004 @@ -14,7 +14,7 @@ @SET_MAKE@ # -# $Id: Makefile.in,v 1.15.2.14 2004/06/08 11:37:11 hno Exp $ +# $Id: Makefile.in,v 1.15.2.16 2004/07/10 12:11:41 hno Exp $ # SHELL = @SHELL@ diff -ruN squid-2.5.STABLE6/errors/Portuguese/ERR_TOO_BIG squid-2.5.STABLE7/errors/Portuguese/ERR_TOO_BIG --- squid-2.5.STABLE6/errors/Portuguese/ERR_TOO_BIG Wed Aug 28 15:08:08 2002 +++ squid-2.5.STABLE7/errors/Portuguese/ERR_TOO_BIG Wed Aug 11 10:59:37 2004 @@ -1,28 +1,30 @@ -ERROR: The requested URL could not be retrieved +ERRO: A URL solicitada não pode ser recuperada -

    ERROR

    -

    The requested URL could not be retrieved

    +

    ERRO

    +

    A URL solicitada não pode ser recuperada

    -While trying to retrieve the URL: +Na tentativa de recuperar a URL: %U

    -The following error was encountered: +O seguinte erro foi encontrado:

    • -The request or reply is too large. +A requisição ou resposta é muito grande.

      -If you are making a POST or PUT request, then your request body -(the thing you are trying to upload) is too large. If you are -making a GET request, then the reply body (what you are trying -to download) is too large. These limits have been established -by the Internet Service Provider who operates this cache. Please -contact them directly if you feel this is an error. +Se você estiver fazendo uma requisição POST +ou PUT, então o corpo de sua requisição (o +que você está tentando enviar) é muito grande. +Se você estiver fazendo uma requisição GET, +então o corpo da resposta (o que você está +tentando baixar) é muito grande. Os limites foram +estabelecidos pelo administrador deste cache. Por favor, entre +em contato caso acredite que este cache está configurado +incorretamente.

    -Your cache administrator is %w. diff -ruN squid-2.5.STABLE6/helpers/basic_auth/LDAP/Makefile.in squid-2.5.STABLE7/helpers/basic_auth/LDAP/Makefile.in --- squid-2.5.STABLE6/helpers/basic_auth/LDAP/Makefile.in Tue Jun 8 05:37:11 2004 +++ squid-2.5.STABLE7/helpers/basic_auth/LDAP/Makefile.in Sat Jul 10 06:11:41 2004 @@ -16,7 +16,7 @@ # # Makefile for the Squid LDAP authentication helper # -# $Id: Makefile.in,v 1.8.2.11 2004/06/08 11:37:11 hno Exp $ +# $Id: Makefile.in,v 1.8.2.13 2004/07/10 12:11:41 hno Exp $ # # Uncomment and customize the following to suit your needs: # diff -ruN squid-2.5.STABLE6/helpers/basic_auth/LDAP/squid_ldap_auth.8 squid-2.5.STABLE7/helpers/basic_auth/LDAP/squid_ldap_auth.8 --- squid-2.5.STABLE6/helpers/basic_auth/LDAP/squid_ldap_auth.8 Tue Mar 2 02:13:29 2004 +++ squid-2.5.STABLE7/helpers/basic_auth/LDAP/squid_ldap_auth.8 Sat Jul 17 09:00:12 2004 @@ -1,14 +1,14 @@ -.TH squid_ldap_auth 8 "1 Mars 2003" "Squid LDAP Auth" +.TH squid_ldap_auth 8 "17 July 2004" "Squid LDAP Auth" . .SH NAME squid_ldap_auth - Squid LDAP authentication helper . .SH SYNOPSIS .B squid_ldap_auth --b "base DN" [-u attribute] [options] [ldap_server_name[:port]...] +-b "base DN" [-u attribute] [options] [ldap_server_name[:port]|URI]... .br .B squid_ldap_auth --b "base DN" -f "LDAP search filter" [options] [ldap_server_name[:port]...] +-b "base DN" -f "LDAP search filter" [options] [ldap_server_name[:port]|URI]... . .SH DESCRIPTION This helper allows Squid to connect to a LDAP directory to @@ -47,6 +47,11 @@ to search for your users DN (-f option). . .TP +.BI "-U " passwordattr +Use ldap_compare instead of ldap_simple_bind to verify the users password. +passwordattr is the LDAP attribute storing the users password. +. +.TP .BI "-s " base|one|sub search scope when performing user DN searches specified by the -f option. Defaults to 'sub'. @@ -88,6 +93,16 @@ validations. Recommended for larger installations. . .TP +.BI -O +Only bind once per LDAP connection. Some LDAP servers do not +allow re-binding as another user after a successful ldap_bind. +The use of this option always opens a new connection for each +login attempt. If combined with the -P option for persistent +LDAP connection then the connection used for searching for the +user DN is kept persistent but a new connection is opened +to verify each users password once the DN is found. +. +.TP .BI -R do not follow referrals . @@ -106,15 +121,18 @@ . .TP .BI -H " ldapuri" -Specity the LDAP server to connect to by LDAP URI (requires OpenLDAP libraries) +Specity the LDAP server to connect to by LDAP URI (requires OpenLDAP libraries). +Servers can also be specified last on the command line. . .TP .BI -h " ldapserver" -Specify the LDAP server to connect to +Specify the LDAP server to connect to. Servers can also be specified last +on the command line. .TP .BI -p " ldapport" Specify an alternate TCP port where the ldap server is listening if -other than the default LDAP port 389. +other than the default LDAP port 389. Can also be specified within the +server specificiation by using servername:port syntax. . .TP .BI -Z @@ -133,7 +151,7 @@ Specify time limit on LDAP search operations . .TP -.BU -d +.BI -d Debug mode where each step taken will get reported in detail. Useful for understanding what goes wrong if the results is not what is expected. diff -ruN squid-2.5.STABLE6/helpers/basic_auth/LDAP/squid_ldap_auth.c squid-2.5.STABLE7/helpers/basic_auth/LDAP/squid_ldap_auth.c --- squid-2.5.STABLE6/helpers/basic_auth/LDAP/squid_ldap_auth.c Thu Mar 4 02:37:38 2004 +++ squid-2.5.STABLE7/helpers/basic_auth/LDAP/squid_ldap_auth.c Tue Aug 10 03:39:29 2004 @@ -30,17 +30,22 @@ * or (at your option) any later version. * * Changes: + * 2004-07-17: Henrik Nordstrom + * - Corrected non-persistent mode to only issue one + * ldap_bind per connection. + * - -U option to compare the users password rather + * than binding. * 2004-03-01: Henrik Nordstrom - * - corrected building of search filters to escape - * unsafe input - * - -d option for "debug" like squid_ldap_group + * - corrected building of search filters to escape + * unsafe input + * - -d option for "debug" like squid_ldap_group * 2004-01-05: Henrik Nordstrom - * - Corrected TLS mode + * - Corrected TLS mode * 2003-03-01: David J N Begley - * - Support for Netscape API method of ldap over SSL - * connections - * - Timeout option for better recovery when using - * multiple LDAP servers + * - Support for Netscape API method of ldap over SSL + * connections + * - Timeout option for better recovery when using + * multiple LDAP servers * 2003-03-01: Christoph Lechleitner * - Added -W option to read bindpasswd from file * 2003-03-01: Juerg Michel @@ -89,8 +94,10 @@ static const char *binddn = NULL; static const char *bindpasswd = NULL; static const char *userattr = "uid"; +static const char *passwdattr = NULL; static int searchscope = LDAP_SCOPE_SUBTREE; static int persistent = 0; +static int bind_once = 0; static int noreferrals = 0; static int aliasderef = LDAP_DEREF_NEVER; #if defined(NETSCAPE_SSL) @@ -105,7 +112,7 @@ static int use_tls = 0; static int version = -1; -static int checkLDAP(LDAP * ld, const char *userid, const char *password); +static int checkLDAP(LDAP * ld, const char *userid, const char *password, const char *server, int port); static int readSecret(const char *filename); /* Yuck.. we need to glue to different versions of the API */ @@ -130,12 +137,12 @@ ldap_set_option(ld, LDAP_OPT_REFERRALS, value); } static void -squid_ldap_set_timelimit(LDAP *ld, int timelimit) +squid_ldap_set_timelimit(LDAP * ld, int timelimit) { ldap_set_option(ld, LDAP_OPT_TIMELIMIT, &timelimit); } static void -squid_ldap_set_connect_timeout(LDAP *ld, int timelimit) +squid_ldap_set_connect_timeout(LDAP * ld, int timelimit) { #if defined(LDAP_OPT_NETWORK_TIMEOUT) struct timeval tv; @@ -152,6 +159,7 @@ { ldap_memfree(p); } + #else static int squid_ldap_errno(LDAP * ld) @@ -171,12 +179,13 @@ else ld->ld_options &= ~LDAP_OPT_REFERRALS; } -static void squid_ldap_set_timelimit(LDAP *ld, int timelimit) +static void +squid_ldap_set_timelimit(LDAP * ld, int timelimit) { ld->ld_timelimit = timelimit; } static void -squid_ldap_set_connect_timeout(LDAP *ld, int timelimit) +squid_ldap_set_connect_timeout(LDAP * ld, int timelimit) { fprintf(stderr, "Connect timeouts not supported in your LDAP library\n"); } @@ -185,14 +194,73 @@ { free(p); } + #endif #ifdef LDAP_API_FEATURE_X_OPENLDAP - #if LDAP_VENDOR_VERSION > 194 - #define HAS_URI_SUPPORT 1 - #endif +#if LDAP_VENDOR_VERSION > 194 +#define HAS_URI_SUPPORT 1 +#endif #endif +static LDAP * +open_ldap_connection(const char *ldapServer, int port) +{ + LDAP *ld = NULL; +#if HAS_URI_SUPPORT + if (strstr(ldapServer, "://") != NULL) { + int rc = ldap_initialize(&ld, ldapServer); + if (rc != LDAP_SUCCESS) { + fprintf(stderr, "\nUnable to connect to LDAPURI:%s\n", ldapServer); + exit(1); + } + } else +#endif +#if NETSCAPE_SSL + if (sslpath) { + if (!sslinit && (ldapssl_client_init(sslpath, NULL) != LDAP_SUCCESS)) { + fprintf(stderr, "\nUnable to initialise SSL with cert path %s\n", + sslpath); + exit(1); + } else { + sslinit++; + } + if ((ld = ldapssl_init(ldapServer, port, 1)) == NULL) { + fprintf(stderr, "\nUnable to connect to SSL LDAP server: %s port:%d\n", + ldapServer, port); + exit(1); + } + } else +#endif + if ((ld = ldap_init(ldapServer, port)) == NULL) { + fprintf(stderr, "\nUnable to connect to LDAP server:%s port:%d\n", + ldapServer, port); + exit(1); + } + if (connect_timeout) + squid_ldap_set_connect_timeout(ld, connect_timeout); + +#ifdef LDAP_VERSION3 + if (version == -1) { + version = LDAP_VERSION2; + } + if (ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &version) + != LDAP_OPT_SUCCESS) { + fprintf(stderr, "Could not set LDAP_OPT_PROTOCOL_VERSION %d\n", + version); + exit(1); + } + if (use_tls && (version == LDAP_VERSION3) && (ldap_start_tls_s(ld, NULL, NULL) != LDAP_SUCCESS)) { + fprintf(stderr, "Could not Activate TLS connection\n"); + exit(1); + } +#endif + squid_ldap_set_timelimit(ld, timelimit); + squid_ldap_set_referrals(ld, !noreferrals); + squid_ldap_set_aliasderef(ld, aliasderef); + return ld; +} + int main(int argc, char **argv) { @@ -214,6 +282,7 @@ case 'z': case 'Z': case 'd': + case 'O': break; default: if (strlen(argv[1]) > 2) { @@ -255,6 +324,9 @@ case 'u': userattr = value; break; + case 'U': + passwdattr = value; + break; case 's': if (strcmp(value, "base") == 0) searchscope = LDAP_SCOPE_BASE; @@ -269,20 +341,20 @@ break; case 'E': #if defined(NETSCAPE_SSL) - sslpath = value; - if (port == LDAP_PORT) - port = LDAPS_PORT; + sslpath = value; + if (port == LDAP_PORT) + port = LDAPS_PORT; #else - fprintf(stderr, PROGRAM_NAME " ERROR: -E unsupported with this LDAP library\n"); - exit(1); + fprintf(stderr, PROGRAM_NAME " ERROR: -E unsupported with this LDAP library\n"); + exit(1); #endif - break; + break; case 'c': - connect_timeout = atoi(value); - break; + connect_timeout = atoi(value); + break; case 't': - timelimit = atoi(value); - break; + timelimit = atoi(value); + break; case 'a': if (strcmp(value, "never") == 0) aliasderef = LDAP_DEREF_NEVER; @@ -304,11 +376,14 @@ bindpasswd = value; break; case 'W': - readSecret (value); + readSecret(value); break; case 'P': persistent = !persistent; break; + case 'O': + bind_once = !bind_once; + break; case 'p': port = atoi(value); break; @@ -317,7 +392,7 @@ break; #ifdef LDAP_VERSION3 case 'v': - switch( atoi(value) ) { + switch (atoi(value)) { case 2: version = LDAP_VERSION2; break; @@ -325,14 +400,14 @@ version = LDAP_VERSION3; break; default: - fprintf( stderr, "Protocol version should be 2 or 3\n"); + fprintf(stderr, "Protocol version should be 2 or 3\n"); exit(1); } break; case 'Z': - if ( version == LDAP_VERSION2 ) { - fprintf( stderr, "TLS (-Z) is incompatible with version %d\n", - version); + if (version == LDAP_VERSION2) { + fprintf(stderr, "TLS (-Z) is incompatible with version %d\n", + version); exit(1); } version = LDAP_VERSION3; @@ -406,66 +481,11 @@ } rfc1738_unescape(user); rfc1738_unescape(passwd); - tryagain = 1; + tryagain = (ld != NULL); recover: - if (ld == NULL) { -#if HAS_URI_SUPPORT - if (strstr(ldapServer, "://") != NULL) { - int rc = ldap_initialize( &ld, ldapServer ); - if( rc != LDAP_SUCCESS ) { - fprintf(stderr, "\nUnable to connect to LDAPURI:%s\n", ldapServer); - break; - } - } else -#endif -#if NETSCAPE_SSL - if (sslpath) { - if ( !sslinit && (ldapssl_client_init(sslpath, NULL) != LDAP_SUCCESS)) { - fprintf(stderr, "\nUnable to initialise SSL with cert path %s\n", - sslpath); - exit(1); - } else { - sslinit++; - } - if ((ld = ldapssl_init(ldapServer, port, 1)) == NULL) { - fprintf(stderr, "\nUnable to connect to SSL LDAP server: %s port:%d\n", - ldapServer, port); - exit(1); - } - } else -#endif - if ((ld = ldap_init(ldapServer, port)) == NULL) { - fprintf(stderr, "\nUnable to connect to LDAP server:%s port:%d\n", - ldapServer, port); - exit(1); - } - - if (connect_timeout) - squid_ldap_set_connect_timeout(ld, connect_timeout); - -#ifdef LDAP_VERSION3 - if (version == -1 ) { - version = LDAP_VERSION2; - } - - if( ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, &version ) - != LDAP_OPT_SUCCESS ) - { - fprintf( stderr, "Could not set LDAP_OPT_PROTOCOL_VERSION %d\n", - version ); - exit(1); - } - - if ( use_tls && ( version == LDAP_VERSION3 ) && ( ldap_start_tls_s( ld, NULL, NULL ) != LDAP_SUCCESS )) { - fprintf( stderr, "Could not Activate TLS connection\n"); - exit(1); - } -#endif - squid_ldap_set_timelimit(ld, timelimit); - squid_ldap_set_referrals(ld, !noreferrals); - squid_ldap_set_aliasderef(ld, aliasderef); - } - if (checkLDAP(ld, user, passwd) != 0) { + if (ld == NULL && persistent) + ld = open_ldap_connection(ldapServer, port); + if (checkLDAP(ld, user, passwd, ldapServer, port) != 0) { if (tryagain && squid_ldap_errno(ld) != LDAP_INVALID_CREDENTIALS) { tryagain = 0; ldap_unbind(ld); @@ -476,7 +496,7 @@ } else { printf("OK\n"); } - if (!persistent || (squid_ldap_errno(ld) != LDAP_SUCCESS && squid_ldap_errno(ld) != LDAP_INVALID_CREDENTIALS)) { + if (ld && (squid_ldap_errno(ld) != LDAP_SUCCESS && squid_ldap_errno(ld) != LDAP_INVALID_CREDENTIALS)) { ldap_unbind(ld); ld = NULL; } @@ -491,7 +511,7 @@ { int n = 0; while (size > 4 && *src) { - switch(*src) { + switch (*src) { case '*': case '(': case ')': @@ -500,8 +520,8 @@ size -= 3; if (size > 0) { *escaped++ = '\\'; - snprintf(escaped, 3, "%02x", (unsigned char)*src++); - escaped+=2; + snprintf(escaped, 3, "%02x", (unsigned char) *src++); + escaped += 2; } break; default: @@ -515,9 +535,11 @@ } static int -checkLDAP(LDAP * ld, const char *userid, const char *password) +checkLDAP(LDAP * persistent_ld, const char *userid, const char *password, const char *ldapServer, int port) { char dn[256]; + int ret = 0; + LDAP *bind_ld = NULL; if (!*password) { /* LDAP can't bind with a blank password. Seen as "anonymous" @@ -534,19 +556,24 @@ {NULL}; char *userdn; int rc; + LDAP *search_ld = persistent_ld; + + if (!search_ld) + search_ld = open_ldap_connection(ldapServer, port); ldap_escape_value(escaped_login, sizeof(escaped_login), userid); if (binddn) { - rc = ldap_simple_bind_s(ld, binddn, bindpasswd); + rc = ldap_simple_bind_s(search_ld, binddn, bindpasswd); if (rc != LDAP_SUCCESS) { fprintf(stderr, PROGRAM_NAME ": WARNING, could not bind to binddn '%s'\n", ldap_err2string(rc)); - return 1; + ret = 1; + goto search_done; } } snprintf(filter, sizeof(filter), searchfilter, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login); if (debug) fprintf(stderr, "user filter '%s', searchbase '%s'\n", filter, basedn); - rc = ldap_search_s(ld, basedn, searchscope, filter, searchattr, 1, &res); + rc = ldap_search_s(search_ld, basedn, searchscope, filter, searchattr, 1, &res); if (rc != LDAP_SUCCESS) { if (noreferrals && rc == LDAP_PARTIAL_RESULTS) { /* Everything is fine. This is expected when referrals @@ -560,67 +587,93 @@ fprintf(stderr, PROGRAM_NAME ": WARNING, SSL error %d (%s)\n", sslerr, ldapssl_err2string(sslerr)); } #endif - ldap_msgfree(res); - return 1; + ret = 1; + goto search_done; } } - entry = ldap_first_entry(ld, res); + entry = ldap_first_entry(search_ld, res); if (!entry) { - ldap_msgfree(res); - return 1; + ret = 1; + goto search_done; } - userdn = ldap_get_dn(ld, entry); + userdn = ldap_get_dn(search_ld, entry); if (!userdn) { fprintf(stderr, PROGRAM_NAME ": ERROR, could not get user DN for '%s'\n", userid); - ldap_msgfree(res); - return 1; + ret = 1; + goto search_done; } snprintf(dn, sizeof(dn), "%s", userdn); squid_ldap_memfree(userdn); - ldap_msgfree(res); + + if (ret == 0 && (!binddn || !bind_once || passwdattr)) { + /* Reuse the search connection for comparing the user password attribute */ + bind_ld = search_ld; + search_ld = NULL; + } + search_done: + if (res) { + ldap_msgfree(res); + res = NULL; + } + if (search_ld && search_ld != persistent_ld) { + ldap_unbind(search_ld); + search_ld = NULL; + } + if (ret != 0) + return ret; } else { snprintf(dn, sizeof(dn), "%s=%s,%s", userattr, userid, basedn); } if (debug) fprintf(stderr, "attempting to bind to user '%s'\n", dn); - if (ldap_simple_bind_s(ld, dn, password) != LDAP_SUCCESS) - return 1; - - return 0; + if (!bind_ld && !bind_once) + bind_ld = persistent_ld; + if (!bind_ld) + bind_ld = open_ldap_connection(ldapServer, port); + if (passwdattr && ldap_compare_s(bind_ld, dn, passwdattr, password) != LDAP_COMPARE_TRUE) + ret = 1; + else if (ldap_simple_bind_s(bind_ld, dn, password) != LDAP_SUCCESS) + ret = 1; + if (bind_ld != persistent_ld) { + ldap_unbind(bind_ld); + bind_ld = NULL; + } + return ret; } -int readSecret(const char *filename) +int +readSecret(const char *filename) { - char buf[BUFSIZ]; - char *e = NULL; - FILE *f; - char *passwd = NULL; - - if(!(f=fopen(filename, "r"))) { - fprintf(stderr, PROGRAM_NAME " ERROR: Can not read secret file %s\n", filename); - return 1; - } + char buf[BUFSIZ]; + char *e = NULL; + FILE *f; + char *passwd = NULL; - if( !fgets(buf, sizeof(buf)-1, f)) { - fprintf(stderr, PROGRAM_NAME " ERROR: Secret file %s is empty\n", filename); - fclose(f); - return 1; - } - - /* strip whitespaces on end */ - if((e = strrchr(buf, '\n'))) *e = 0; - if((e = strrchr(buf, '\r'))) *e = 0; - - passwd = (char *) calloc(sizeof(char), strlen(buf)+1); - if (!passwd) { - fprintf(stderr, PROGRAM_NAME " ERROR: can not allocate memory\n"); - exit(1); - } - strcpy(passwd, buf); - bindpasswd = passwd; + if (!(f = fopen(filename, "r"))) { + fprintf(stderr, PROGRAM_NAME " ERROR: Can not read secret file %s\n", filename); + return 1; + } + if (!fgets(buf, sizeof(buf) - 1, f)) { + fprintf(stderr, PROGRAM_NAME " ERROR: Secret file %s is empty\n", filename); + fclose(f); + return 1; + } + /* strip whitespaces on end */ + if ((e = strrchr(buf, '\n'))) + *e = 0; + if ((e = strrchr(buf, '\r'))) + *e = 0; + + passwd = (char *) calloc(sizeof(char), strlen(buf) + 1); + if (!passwd) { + fprintf(stderr, PROGRAM_NAME " ERROR: can not allocate memory\n"); + exit(1); + } + strcpy(passwd, buf); + bindpasswd = passwd; - fclose(f); + fclose(f); - return 0; + return 0; } diff -ruN squid-2.5.STABLE6/helpers/basic_auth/MSNT/Makefile.in squid-2.5.STABLE7/helpers/basic_auth/MSNT/Makefile.in --- squid-2.5.STABLE6/helpers/basic_auth/MSNT/Makefile.in Tue Jun 8 05:37:12 2004 +++ squid-2.5.STABLE7/helpers/basic_auth/MSNT/Makefile.in Sat Jul 10 06:11:41 2004 @@ -16,7 +16,7 @@ # # Makefile for the Squid Object Cache server # -# $Id: Makefile.in,v 1.7.2.13 2004/06/08 11:37:12 hno Exp $ +# $Id: Makefile.in,v 1.7.2.15 2004/07/10 12:11:41 hno Exp $ # # Uncomment and customize the following to suit your needs: # diff -ruN squid-2.5.STABLE6/helpers/basic_auth/Makefile.in squid-2.5.STABLE7/helpers/basic_auth/Makefile.in --- squid-2.5.STABLE6/helpers/basic_auth/Makefile.in Tue Jun 8 05:37:11 2004 +++ squid-2.5.STABLE7/helpers/basic_auth/Makefile.in Sat Jul 10 06:11:41 2004 @@ -15,7 +15,7 @@ # Makefile for storage modules in the Squid Object Cache server # -# $Id: Makefile.in,v 1.7.2.10 2004/06/08 11:37:11 hno Exp $ +# $Id: Makefile.in,v 1.7.2.12 2004/07/10 12:11:41 hno Exp $ # SHELL = @SHELL@ diff -ruN squid-2.5.STABLE6/helpers/basic_auth/NCSA/Makefile.in squid-2.5.STABLE7/helpers/basic_auth/NCSA/Makefile.in --- squid-2.5.STABLE6/helpers/basic_auth/NCSA/Makefile.in Tue Jun 8 05:37:12 2004 +++ squid-2.5.STABLE7/helpers/basic_auth/NCSA/Makefile.in Sat Jul 10 06:11:41 2004 @@ -16,7 +16,7 @@ # # Makefile for the Squid Object Cache server # -# $Id: Makefile.in,v 1.8.2.9 2004/06/08 11:37:12 hno Exp $ +# $Id: Makefile.in,v 1.8.2.11 2004/07/10 12:11:41 hno Exp $ # # Uncomment and customize the following to suit your needs: # diff -ruN squid-2.5.STABLE6/helpers/basic_auth/NCSA/ncsa_auth.c squid-2.5.STABLE7/helpers/basic_auth/NCSA/ncsa_auth.c --- squid-2.5.STABLE6/helpers/basic_auth/NCSA/ncsa_auth.c Wed Aug 20 06:35:51 2003 +++ squid-2.5.STABLE7/helpers/basic_auth/NCSA/ncsa_auth.c Sat Sep 25 14:53:17 2004 @@ -88,8 +88,8 @@ if ((buf[0] == '#') || (buf[0] == ' ') || (buf[0] == '\t') || (buf[0] == '\n')) continue; - user = strtok(buf, ":\n"); - passwd = strtok(NULL, ":\n"); + user = strtok(buf, ":\n\r"); + passwd = strtok(NULL, ":\n\r"); if ((strlen(user) > 0) && passwd) { u = xmalloc(sizeof(*u)); u->user = xstrdup(user); diff -ruN squid-2.5.STABLE6/helpers/basic_auth/PAM/Makefile.in squid-2.5.STABLE7/helpers/basic_auth/PAM/Makefile.in --- squid-2.5.STABLE6/helpers/basic_auth/PAM/Makefile.in Tue Jun 8 05:37:12 2004 +++ squid-2.5.STABLE7/helpers/basic_auth/PAM/Makefile.in Sat Jul 10 06:11:41 2004 @@ -16,7 +16,7 @@ # # Makefile for the Squid PAM authentication helper # -# $Id: Makefile.in,v 1.7.2.11 2004/06/08 11:37:12 hno Exp $ +# $Id: Makefile.in,v 1.7.2.13 2004/07/10 12:11:41 hno Exp $ # # Uncomment and customize the following to suit your needs: # diff -ruN squid-2.5.STABLE6/helpers/basic_auth/SASL/Makefile.in squid-2.5.STABLE7/helpers/basic_auth/SASL/Makefile.in --- squid-2.5.STABLE6/helpers/basic_auth/SASL/Makefile.in Tue Jun 8 05:37:15 2004 +++ squid-2.5.STABLE7/helpers/basic_auth/SASL/Makefile.in Sat Jul 10 06:11:41 2004 @@ -16,7 +16,7 @@ # # Makefile for the Squid SASL authentication helper # -# $Id: Makefile.in,v 1.1.2.15 2004/06/08 11:37:15 hno Exp $ +# $Id: Makefile.in,v 1.1.2.17 2004/07/10 12:11:41 hno Exp $ # # Uncomment and customize the following to suit your needs: # diff -ruN squid-2.5.STABLE6/helpers/basic_auth/SMB/Makefile.in squid-2.5.STABLE7/helpers/basic_auth/SMB/Makefile.in --- squid-2.5.STABLE6/helpers/basic_auth/SMB/Makefile.in Tue Jun 8 05:37:15 2004 +++ squid-2.5.STABLE7/helpers/basic_auth/SMB/Makefile.in Sat Jul 10 06:11:41 2004 @@ -16,7 +16,7 @@ # # Makefile for the Squid Object Cache server # -# $Id: Makefile.in,v 1.7.2.11 2004/06/08 11:37:15 hno Exp $ +# $Id: Makefile.in,v 1.7.2.13 2004/07/10 12:11:41 hno Exp $ # # Uncomment and customize the following to suit your needs: # diff -ruN squid-2.5.STABLE6/helpers/basic_auth/YP/Makefile.in squid-2.5.STABLE7/helpers/basic_auth/YP/Makefile.in --- squid-2.5.STABLE6/helpers/basic_auth/YP/Makefile.in Tue Jun 8 05:37:16 2004 +++ squid-2.5.STABLE7/helpers/basic_auth/YP/Makefile.in Sat Jul 10 06:11:42 2004 @@ -16,7 +16,7 @@ # # Makefile for the Squid Object Cache server # -# $Id: Makefile.in,v 1.9.2.10 2004/06/08 11:37:16 hno Exp $ +# $Id: Makefile.in,v 1.9.2.12 2004/07/10 12:11:42 hno Exp $ # # diff -ruN squid-2.5.STABLE6/helpers/basic_auth/getpwnam/Makefile.in squid-2.5.STABLE7/helpers/basic_auth/getpwnam/Makefile.in --- squid-2.5.STABLE6/helpers/basic_auth/getpwnam/Makefile.in Tue Jun 8 05:37:16 2004 +++ squid-2.5.STABLE7/helpers/basic_auth/getpwnam/Makefile.in Sat Jul 10 06:11:42 2004 @@ -16,7 +16,7 @@ # # Makefile for the Squid Object Cache server # -# $Id: Makefile.in,v 1.8.2.9 2004/06/08 11:37:16 hno Exp $ +# $Id: Makefile.in,v 1.8.2.11 2004/07/10 12:11:42 hno Exp $ # # Uncomment and customize the following to suit your needs: # diff -ruN squid-2.5.STABLE6/helpers/basic_auth/multi-domain-NTLM/Makefile.in squid-2.5.STABLE7/helpers/basic_auth/multi-domain-NTLM/Makefile.in --- squid-2.5.STABLE6/helpers/basic_auth/multi-domain-NTLM/Makefile.in Tue Jun 8 05:37:16 2004 +++ squid-2.5.STABLE7/helpers/basic_auth/multi-domain-NTLM/Makefile.in Sat Jul 10 06:11:42 2004 @@ -16,7 +16,7 @@ # # Makefile for the Squid Object Cache server # -# $Id: Makefile.in,v 1.5.2.10 2004/06/08 11:37:16 hno Exp $ +# $Id: Makefile.in,v 1.5.2.12 2004/07/10 12:11:42 hno Exp $ # # Uncomment and customize the following to suit your needs: # diff -ruN squid-2.5.STABLE6/helpers/basic_auth/winbind/Makefile.in squid-2.5.STABLE7/helpers/basic_auth/winbind/Makefile.in --- squid-2.5.STABLE6/helpers/basic_auth/winbind/Makefile.in Tue Jun 8 05:37:17 2004 +++ squid-2.5.STABLE7/helpers/basic_auth/winbind/Makefile.in Sat Jul 10 06:11:42 2004 @@ -16,7 +16,7 @@ # # Makefile for the Squid Object Cache server # -# $Id: Makefile.in,v 1.1.2.11 2004/06/08 11:37:17 hno Exp $ +# $Id: Makefile.in,v 1.1.2.13 2004/07/10 12:11:42 hno Exp $ # SHELL = @SHELL@ diff -ruN squid-2.5.STABLE6/helpers/digest_auth/Makefile.in squid-2.5.STABLE7/helpers/digest_auth/Makefile.in --- squid-2.5.STABLE6/helpers/digest_auth/Makefile.in Tue Jun 8 05:37:18 2004 +++ squid-2.5.STABLE7/helpers/digest_auth/Makefile.in Sat Jul 10 06:11:42 2004 @@ -15,7 +15,7 @@ # Makefile for digest auth helpers in the Squid Object Cache server # -# $Id: Makefile.in,v 1.6.2.8 2004/06/08 11:37:18 hno Exp $ +# $Id: Makefile.in,v 1.6.2.10 2004/07/10 12:11:42 hno Exp $ # SHELL = @SHELL@ diff -ruN squid-2.5.STABLE6/helpers/digest_auth/password/Makefile.in squid-2.5.STABLE7/helpers/digest_auth/password/Makefile.in --- squid-2.5.STABLE6/helpers/digest_auth/password/Makefile.in Tue Jun 8 05:37:18 2004 +++ squid-2.5.STABLE7/helpers/digest_auth/password/Makefile.in Sat Jul 10 06:11:42 2004 @@ -16,7 +16,7 @@ # # Makefile for the Squid Object Cache server # -# $Id: Makefile.in,v 1.8.2.8 2004/06/08 11:37:18 hno Exp $ +# $Id: Makefile.in,v 1.8.2.10 2004/07/10 12:11:42 hno Exp $ # # Uncomment and customize the following to suit your needs: # diff -ruN squid-2.5.STABLE6/helpers/external_acl/Makefile.in squid-2.5.STABLE7/helpers/external_acl/Makefile.in --- squid-2.5.STABLE6/helpers/external_acl/Makefile.in Tue Jun 8 05:37:18 2004 +++ squid-2.5.STABLE7/helpers/external_acl/Makefile.in Sat Jul 10 06:11:42 2004 @@ -15,7 +15,7 @@ # Makefile for storage modules in the Squid Object Cache server # -# $Id: Makefile.in,v 1.2.2.5 2004/06/08 11:37:18 hno Exp $ +# $Id: Makefile.in,v 1.2.2.7 2004/07/10 12:11:42 hno Exp $ # SHELL = @SHELL@ diff -ruN squid-2.5.STABLE6/helpers/external_acl/ip_user/Makefile.in squid-2.5.STABLE7/helpers/external_acl/ip_user/Makefile.in --- squid-2.5.STABLE6/helpers/external_acl/ip_user/Makefile.in Tue Jun 8 05:37:18 2004 +++ squid-2.5.STABLE7/helpers/external_acl/ip_user/Makefile.in Sat Jul 10 06:11:42 2004 @@ -16,7 +16,7 @@ # # Makefile for the ip_user external_acl helper by Rodrigo Campos # -# $Id: Makefile.in,v 1.1.2.6 2004/06/08 11:37:18 hno Exp $ +# $Id: Makefile.in,v 1.1.2.8 2004/07/10 12:11:42 hno Exp $ # # Uncomment and customize the following to suit your needs: # diff -ruN squid-2.5.STABLE6/helpers/external_acl/ldap_group/ChangeLog squid-2.5.STABLE7/helpers/external_acl/ldap_group/ChangeLog --- squid-2.5.STABLE6/helpers/external_acl/ldap_group/ChangeLog Mon Jan 5 06:12:12 2004 +++ squid-2.5.STABLE7/helpers/external_acl/ldap_group/ChangeLog Sat Aug 14 16:47:14 2004 @@ -1,6 +1,17 @@ +Version 2.14 + +2004-03-02 Henrik Nordstrom + Added -d (debug) flag + +2004-02-09 Henrik Nordstrom + -E and -S options mismatch + +2004-01-08 Henrik Nordstrom + Increase buffer size when reading group lookups from Squid + Version 2.13 -2003-01-05 Henrik Nordstrom +2004-01-05 Henrik Nordstrom Corrected TLS mode (-Z) Version 2.12 diff -ruN squid-2.5.STABLE6/helpers/external_acl/ldap_group/Makefile.in squid-2.5.STABLE7/helpers/external_acl/ldap_group/Makefile.in --- squid-2.5.STABLE6/helpers/external_acl/ldap_group/Makefile.in Tue Jun 8 05:37:19 2004 +++ squid-2.5.STABLE7/helpers/external_acl/ldap_group/Makefile.in Sat Jul 10 06:11:42 2004 @@ -16,7 +16,7 @@ # # Makefile for the Squid LDAP authentication helper # -# $Id: Makefile.in,v 1.1.2.8 2004/06/08 11:37:19 hno Exp $ +# $Id: Makefile.in,v 1.1.2.10 2004/07/10 12:11:42 hno Exp $ # # Uncomment and customize the following to suit your needs: # diff -ruN squid-2.5.STABLE6/helpers/external_acl/ldap_group/squid_ldap_group.8 squid-2.5.STABLE7/helpers/external_acl/ldap_group/squid_ldap_group.8 --- squid-2.5.STABLE6/helpers/external_acl/ldap_group/squid_ldap_group.8 Tue Mar 2 02:13:29 2004 +++ squid-2.5.STABLE7/helpers/external_acl/ldap_group/squid_ldap_group.8 Sat Jul 17 09:00:12 2004 @@ -1,10 +1,10 @@ -.TH squid_ldap_group 8 "1 Mars 2003" "Squid LDAP Group" +.TH squid_ldap_group 8 "17 July 2004" "Squid LDAP Group" . .SH NAME squid_ldap_group - Squid LDAP external acl group helper . .SH SYNOPSIS -squid_ldap_group -b "base DN" -f "LDAP search filter" [options] [ldap_server_name[:port]...|URI] +squid_ldap_group -b "base DN" -f "LDAP search filter" [options] [ldap_server_name[:port]|URI]... . .SH DESCRIPTION This helper allows Squid to connect to a LDAP directory to @@ -139,7 +139,7 @@ Strip NT domain name component from user names (/ or \\ separated) . .TP -.BU -d +.BI -d Debug mode where each step taken will get reported in detail. Useful for understanding what goes wrong if the results is not what is expected. diff -ruN squid-2.5.STABLE6/helpers/external_acl/unix_group/Makefile.in squid-2.5.STABLE7/helpers/external_acl/unix_group/Makefile.in --- squid-2.5.STABLE6/helpers/external_acl/unix_group/Makefile.in Tue Jun 8 05:37:19 2004 +++ squid-2.5.STABLE7/helpers/external_acl/unix_group/Makefile.in Sat Jul 10 06:11:42 2004 @@ -16,7 +16,7 @@ # # Makefile for the Squid LDAP authentication helper # -# $Id: Makefile.in,v 1.1.2.6 2004/06/08 11:37:19 hno Exp $ +# $Id: Makefile.in,v 1.1.2.8 2004/07/10 12:11:42 hno Exp $ # # Uncomment and customize the following to suit your needs: # diff -ruN squid-2.5.STABLE6/helpers/external_acl/wbinfo_group/Makefile.in squid-2.5.STABLE7/helpers/external_acl/wbinfo_group/Makefile.in --- squid-2.5.STABLE6/helpers/external_acl/wbinfo_group/Makefile.in Tue Jun 8 05:37:19 2004 +++ squid-2.5.STABLE7/helpers/external_acl/wbinfo_group/Makefile.in Sat Jul 10 06:11:42 2004 @@ -16,7 +16,7 @@ # # Makefile for the Squid LDAP authentication helper # -# $Id: Makefile.in,v 1.1.2.5 2004/06/08 11:37:19 hno Exp $ +# $Id: Makefile.in,v 1.1.2.7 2004/07/10 12:11:42 hno Exp $ # # Uncomment and customize the following to suit your needs: # diff -ruN squid-2.5.STABLE6/helpers/external_acl/winbind_group/Makefile.in squid-2.5.STABLE7/helpers/external_acl/winbind_group/Makefile.in --- squid-2.5.STABLE6/helpers/external_acl/winbind_group/Makefile.in Tue Jun 8 05:37:20 2004 +++ squid-2.5.STABLE7/helpers/external_acl/winbind_group/Makefile.in Sat Jul 10 06:11:42 2004 @@ -16,7 +16,7 @@ # # Makefile for the wb_group external_acl helper # -# $Id: Makefile.in,v 1.1.2.7 2004/06/08 11:37:20 hno Exp $ +# $Id: Makefile.in,v 1.1.2.9 2004/07/10 12:11:42 hno Exp $ # SHELL = @SHELL@ diff -ruN squid-2.5.STABLE6/helpers/ntlm_auth/Makefile.in squid-2.5.STABLE7/helpers/ntlm_auth/Makefile.in --- squid-2.5.STABLE6/helpers/ntlm_auth/Makefile.in Tue Jun 8 05:37:20 2004 +++ squid-2.5.STABLE7/helpers/ntlm_auth/Makefile.in Sat Jul 10 06:11:44 2004 @@ -15,7 +15,7 @@ # Makefile for storage modules in the Squid Object Cache server # -# $Id: Makefile.in,v 1.7.2.10 2004/06/08 11:37:20 hno Exp $ +# $Id: Makefile.in,v 1.7.2.12 2004/07/10 12:11:44 hno Exp $ # SHELL = @SHELL@ diff -ruN squid-2.5.STABLE6/helpers/ntlm_auth/SMB/Makefile.in squid-2.5.STABLE7/helpers/ntlm_auth/SMB/Makefile.in --- squid-2.5.STABLE6/helpers/ntlm_auth/SMB/Makefile.in Tue Jun 8 05:37:20 2004 +++ squid-2.5.STABLE7/helpers/ntlm_auth/SMB/Makefile.in Sat Jul 10 06:11:45 2004 @@ -16,7 +16,7 @@ # # Makefile for the Squid Object Cache server # -# $Id: Makefile.in,v 1.8.2.9 2004/06/08 11:37:20 hno Exp $ +# $Id: Makefile.in,v 1.8.2.11 2004/07/10 12:11:45 hno Exp $ # SHELL = @SHELL@ diff -ruN squid-2.5.STABLE6/helpers/ntlm_auth/fakeauth/Makefile.in squid-2.5.STABLE7/helpers/ntlm_auth/fakeauth/Makefile.in --- squid-2.5.STABLE6/helpers/ntlm_auth/fakeauth/Makefile.in Tue Jun 8 05:37:20 2004 +++ squid-2.5.STABLE7/helpers/ntlm_auth/fakeauth/Makefile.in Sat Jul 10 06:11:47 2004 @@ -16,7 +16,7 @@ # # Makefile for the Squid Object Cache server # -# $Id: Makefile.in,v 1.8.2.8 2004/06/08 11:37:20 hno Exp $ +# $Id: Makefile.in,v 1.8.2.10 2004/07/10 12:11:47 hno Exp $ # # Uncomment and customize the following to suit your needs: # diff -ruN squid-2.5.STABLE6/helpers/ntlm_auth/fakeauth/fakeauth_auth.c squid-2.5.STABLE7/helpers/ntlm_auth/fakeauth/fakeauth_auth.c --- squid-2.5.STABLE6/helpers/ntlm_auth/fakeauth/fakeauth_auth.c Wed Aug 29 08:57:38 2001 +++ squid-2.5.STABLE7/helpers/ntlm_auth/fakeauth/fakeauth_auth.c Fri Aug 20 02:09:58 2004 @@ -150,7 +150,7 @@ o = WSWAP(str->offset); /* Sanity checks. XXX values arbitrarialy chosen */ - if (l <= 0 || l >= 32 || o >= 256) { + if (l <= 0 || o <= 0 || l >= 32 || o >= 256) { fprintf(stderr, "ntlmGetString: insane: l:%d o:%d\n", l, o); return (NULL); } diff -ruN squid-2.5.STABLE6/helpers/ntlm_auth/no_check/Makefile.in squid-2.5.STABLE7/helpers/ntlm_auth/no_check/Makefile.in --- squid-2.5.STABLE6/helpers/ntlm_auth/no_check/Makefile.in Tue Jun 8 05:37:21 2004 +++ squid-2.5.STABLE7/helpers/ntlm_auth/no_check/Makefile.in Sat Jul 10 06:11:47 2004 @@ -16,7 +16,7 @@ # # Makefile for the Squid Object Cache server # -# $Id: Makefile.in,v 1.8.2.10 2004/06/08 11:37:21 hno Exp $ +# $Id: Makefile.in,v 1.8.2.12 2004/07/10 12:11:47 hno Exp $ # # Uncomment and customize the following to suit your needs: # diff -ruN squid-2.5.STABLE6/helpers/ntlm_auth/winbind/Makefile.in squid-2.5.STABLE7/helpers/ntlm_auth/winbind/Makefile.in --- squid-2.5.STABLE6/helpers/ntlm_auth/winbind/Makefile.in Tue Jun 8 05:37:21 2004 +++ squid-2.5.STABLE7/helpers/ntlm_auth/winbind/Makefile.in Sat Jul 10 06:11:47 2004 @@ -16,7 +16,7 @@ # # Makefile for the Squid Object Cache server # -# $Id: Makefile.in,v 1.1.2.11 2004/06/08 11:37:21 hno Exp $ +# $Id: Makefile.in,v 1.1.2.13 2004/07/10 12:11:47 hno Exp $ # SHELL = @SHELL@ diff -ruN squid-2.5.STABLE6/icons/Makefile.in squid-2.5.STABLE7/icons/Makefile.in --- squid-2.5.STABLE6/icons/Makefile.in Tue Jun 8 05:37:22 2004 +++ squid-2.5.STABLE7/icons/Makefile.in Sat Jul 10 06:11:47 2004 @@ -13,7 +13,7 @@ @SET_MAKE@ -# $Id: Makefile.in,v 1.21.2.10 2004/06/08 11:37:22 hno Exp $ +# $Id: Makefile.in,v 1.21.2.12 2004/07/10 12:11:47 hno Exp $ # SHELL = @SHELL@ diff -ruN squid-2.5.STABLE6/include/autoconf.h.in squid-2.5.STABLE7/include/autoconf.h.in --- squid-2.5.STABLE6/include/autoconf.h.in Tue Jun 8 05:37:22 2004 +++ squid-2.5.STABLE7/include/autoconf.h.in Mon Aug 9 07:55:49 2004 @@ -470,6 +470,9 @@ /* Define if you have the getspnam function. */ #undef HAVE_GETSPNAM +/* Define if you have the initgroups function. */ +#undef HAVE_INITGROUPS + /* Define if you have the lrand48 function. */ #undef HAVE_LRAND48 diff -ruN squid-2.5.STABLE6/include/initgroups.h squid-2.5.STABLE7/include/initgroups.h --- squid-2.5.STABLE6/include/initgroups.h Wed Dec 31 17:00:00 1969 +++ squid-2.5.STABLE7/include/initgroups.h Mon Aug 9 07:54:23 2004 @@ -0,0 +1,17 @@ +/* + * $Id: initgroups.h,v 1.1.2.1 2004/08/09 13:54:23 hno Exp $ + */ +#ifndef SQUID_INITGROUPS_H +#define SQUID_INITGROUPS_H + +/* if you have configure you can use this */ +#if defined(HAVE_CONFIG_H) +#include "config.h" +#endif + +#if HAVE_SYS_TYPES_H +#include +#endif + +extern int initgroups(const char *user, gid_t group); +#endif /* SQUID_INITGROPS_H */ diff -ruN squid-2.5.STABLE6/include/version.h squid-2.5.STABLE7/include/version.h --- squid-2.5.STABLE6/include/version.h Thu Jul 8 17:44:39 2004 +++ squid-2.5.STABLE7/include/version.h Mon Oct 11 14:27:03 2004 @@ -9,5 +9,5 @@ */ #ifndef SQUID_RELEASE_TIME -#define SQUID_RELEASE_TIME 1089330276 +#define SQUID_RELEASE_TIME 1097526420 #endif diff -ruN squid-2.5.STABLE6/lib/Makefile.am squid-2.5.STABLE7/lib/Makefile.am --- squid-2.5.STABLE6/lib/Makefile.am Wed Nov 21 16:47:12 2001 +++ squid-2.5.STABLE7/lib/Makefile.am Mon Aug 9 07:57:00 2004 @@ -1,6 +1,6 @@ ## Process this file with automake to produce Makefile.in # -# $Id: Makefile.am,v 1.3 2001/11/21 23:47:12 hno Exp $ +# $Id: Makefile.am,v 1.3.2.2 2004/08/09 13:57:00 hno Exp $ # if NEED_OWN_SNPRINTF diff -ruN squid-2.5.STABLE6/lib/Makefile.in squid-2.5.STABLE7/lib/Makefile.in --- squid-2.5.STABLE6/lib/Makefile.in Tue Jun 8 05:37:22 2004 +++ squid-2.5.STABLE7/lib/Makefile.in Wed Sep 1 04:30:29 2004 @@ -14,7 +14,7 @@ @SET_MAKE@ # -# $Id: Makefile.in,v 1.57.2.7 2004/06/08 11:37:22 hno Exp $ +# $Id: Makefile.in,v 1.57.2.14 2004/09/01 10:30:29 hno Exp $ # SHELL = @SHELL@ @@ -221,15 +221,15 @@ @AMDEP_TRUE@ $(DEPDIR)/dlmalloc.Po $(DEPDIR)/drand48.Po \ @AMDEP_TRUE@ $(DEPDIR)/getfullhostname.Po $(DEPDIR)/hash.Po \ @AMDEP_TRUE@ $(DEPDIR)/heap.Po $(DEPDIR)/html_quote.Po \ -@AMDEP_TRUE@ $(DEPDIR)/inet_ntoa.Po $(DEPDIR)/iso3307.Po \ -@AMDEP_TRUE@ $(DEPDIR)/md5.Po $(DEPDIR)/ntlmauth.Po \ -@AMDEP_TRUE@ $(DEPDIR)/radix.Po $(DEPDIR)/rfc1035.Po \ -@AMDEP_TRUE@ $(DEPDIR)/rfc1123.Po $(DEPDIR)/rfc1738.Po \ -@AMDEP_TRUE@ $(DEPDIR)/rfc2617.Po $(DEPDIR)/safe_inet_addr.Po \ -@AMDEP_TRUE@ $(DEPDIR)/snprintf.Po $(DEPDIR)/splay.Po \ -@AMDEP_TRUE@ $(DEPDIR)/strerror.Po $(DEPDIR)/stub_memaccount.Po \ -@AMDEP_TRUE@ $(DEPDIR)/tempnam.Po $(DEPDIR)/util.Po \ -@AMDEP_TRUE@ $(DEPDIR)/uudecode.Po +@AMDEP_TRUE@ $(DEPDIR)/inet_ntoa.Po $(DEPDIR)/initgroups.Po \ +@AMDEP_TRUE@ $(DEPDIR)/iso3307.Po $(DEPDIR)/md5.Po \ +@AMDEP_TRUE@ $(DEPDIR)/ntlmauth.Po $(DEPDIR)/radix.Po \ +@AMDEP_TRUE@ $(DEPDIR)/rfc1035.Po $(DEPDIR)/rfc1123.Po \ +@AMDEP_TRUE@ $(DEPDIR)/rfc1738.Po $(DEPDIR)/rfc2617.Po \ +@AMDEP_TRUE@ $(DEPDIR)/safe_inet_addr.Po $(DEPDIR)/snprintf.Po \ +@AMDEP_TRUE@ $(DEPDIR)/splay.Po $(DEPDIR)/strerror.Po \ +@AMDEP_TRUE@ $(DEPDIR)/stub_memaccount.Po $(DEPDIR)/tempnam.Po \ +@AMDEP_TRUE@ $(DEPDIR)/util.Po $(DEPDIR)/uudecode.Po COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) CCLD = $(CC) @@ -238,8 +238,8 @@ DIST_SOURCES = $(libdlmalloc_a_SOURCES) $(libmiscutil_a_SOURCES) \ $(EXTRA_libmiscutil_a_SOURCES) $(libntlmauth_a_SOURCES) \ $(libregex_a_SOURCES) -DIST_COMMON = Makefile.am Makefile.in drand48.c inet_ntoa.c strerror.c \ - tempnam.c +DIST_COMMON = Makefile.am Makefile.in drand48.c inet_ntoa.c \ + initgroups.c strerror.c tempnam.c SOURCES = $(libdlmalloc_a_SOURCES) $(libmiscutil_a_SOURCES) $(EXTRA_libmiscutil_a_SOURCES) $(libntlmauth_a_SOURCES) $(libregex_a_SOURCES) all: all-am @@ -292,6 +292,7 @@ @AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/heap.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/html_quote.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/inet_ntoa.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/initgroups.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/iso3307.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/md5.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/ntlmauth.Po@am__quote@ diff -ruN squid-2.5.STABLE6/lib/initgroups.c squid-2.5.STABLE7/lib/initgroups.c --- squid-2.5.STABLE6/lib/initgroups.c Wed Dec 31 17:00:00 1969 +++ squid-2.5.STABLE7/lib/initgroups.c Mon Aug 9 07:54:23 2004 @@ -0,0 +1,54 @@ +#include "config.h" + +#if HAVE_GRP_H +#include +#endif +#if HAVE_SYS_TYPES_H +#include +#endif +#if HAVE_UNISTD_H +#include +#endif +#if HAVE_STRING_H +#include +#endif +#if HAVE_STRINGS_H +#include +#endif +#if HAVE_LIMITS_H +#include +#endif + +int initgroups(const char *name, gid_t basegid) +{ +#ifdef HAVE_SETGROUPS +#ifndef NGROUPS_MAX +#define NGROUPS_MAX 16 +#endif + gid_t groups[NGROUPS_MAX]; + struct group *g; + int index = 0; + + setgrent(); + + groups[index++] = basegid; + + while (index < NGROUPS_MAX && ((g = getgrent()) != NULL)) { + if (g->gr_gid != basegid) { + char **names; + + for (names = g->gr_mem; *names != NULL; ++names) { + if (!strcmp(*names, name)) + groups[index++] = g->gr_gid; + } + } + } + + endgrent(); + + return setgroups(index, groups); +#else + return 0; +#endif /* def HAVE_SETGROUPS */ +} + diff -ruN squid-2.5.STABLE6/lib/ntlmauth.c squid-2.5.STABLE7/lib/ntlmauth.c --- squid-2.5.STABLE6/lib/ntlmauth.c Sun Jul 21 20:06:31 2002 +++ squid-2.5.STABLE7/lib/ntlmauth.c Fri Aug 20 02:09:58 2004 @@ -1,5 +1,5 @@ /* - * $Id: ntlmauth.c,v 1.5.2.2 2002/07/22 02:06:31 hno Exp $ + * $Id: ntlmauth.c,v 1.5.2.3 2004/08/20 08:09:58 hno Exp $ * * * * * * * * * Legal stuff * * * * * * * * @@ -84,7 +84,7 @@ o = WSWAP(str->offset); /* debug("fetch_string(plength=%d,l=%d,o=%d)\n",length,l,o); */ - if (l < 0 || l > MAX_FIELD_LENGTH || o + l > length || o == 0) { + if (l < 0 || o <= 0 || l > MAX_FIELD_LENGTH || o + l > length) { /* debug("ntlmssp: insane data (l: %d, o: %d)\n", l,o); */ return rv; } diff -ruN squid-2.5.STABLE6/snmplib/asn1.c squid-2.5.STABLE7/snmplib/asn1.c --- squid-2.5.STABLE6/snmplib/asn1.c Fri Apr 3 18:43:52 1998 +++ squid-2.5.STABLE7/snmplib/asn1.c Fri Sep 24 16:11:29 2004 @@ -484,7 +484,7 @@ return (NULL); header_len = bufp - data; - if (header_len + asn_length > *datalength) { + if (header_len + asn_length > *datalength || (int) asn_length < 0) { snmp_set_api_error(SNMPERR_ASN_DECODE); return (NULL); } diff -ruN squid-2.5.STABLE6/src/HttpHeader.c squid-2.5.STABLE7/src/HttpHeader.c --- squid-2.5.STABLE6/src/HttpHeader.c Thu Jul 17 16:06:12 2003 +++ squid-2.5.STABLE7/src/HttpHeader.c Wed Sep 1 07:55:47 2004 @@ -1,6 +1,6 @@ /* - * $Id: HttpHeader.c,v 1.74.2.7 2003/07/17 22:06:12 wessels Exp $ + * $Id: HttpHeader.c,v 1.74.2.9 2004/09/01 13:55:47 hno Exp $ * * DEBUG: section 55 HTTP Header * AUTHOR: Alex Rousskov @@ -77,6 +77,7 @@ {"Cache-Control", HDR_CACHE_CONTROL, ftPCc}, {"Connection", HDR_CONNECTION, ftStr}, {"Content-Base", HDR_CONTENT_BASE, ftStr}, + {"Content-Disposition", HDR_CONTENT_DISPOSITION, ftStr}, {"Content-Encoding", HDR_CONTENT_ENCODING, ftStr}, {"Content-Language", HDR_CONTENT_LANGUAGE, ftStr}, {"Content-Length", HDR_CONTENT_LENGTH, ftInt}, @@ -178,9 +179,10 @@ /* entity-headers */ static http_hdr_type EntityHeadersArr[] = { - HDR_ALLOW, HDR_CONTENT_BASE, HDR_CONTENT_ENCODING, HDR_CONTENT_LANGUAGE, - HDR_CONTENT_LENGTH, HDR_CONTENT_LOCATION, HDR_CONTENT_MD5, - HDR_CONTENT_RANGE, HDR_CONTENT_TYPE, HDR_ETAG, HDR_EXPIRES, HDR_LAST_MODIFIED, HDR_LINK, + HDR_ALLOW, HDR_CONTENT_BASE, HDR_CONTENT_DISPOSITION, + HDR_CONTENT_ENCODING, HDR_CONTENT_LANGUAGE, HDR_CONTENT_LENGTH, + HDR_CONTENT_LOCATION, HDR_CONTENT_MD5, HDR_CONTENT_RANGE, + HDR_CONTENT_TYPE, HDR_ETAG, HDR_EXPIRES, HDR_LAST_MODIFIED, HDR_LINK, HDR_OTHER }; @@ -1243,5 +1245,5 @@ if (!Headers) Headers = httpHeaderBuildFieldsInfo(HeadersAttrs, HDR_ENUM_END); assert(id >= 0 && id < HDR_ENUM_END); - return HeadersAttrs[id].name; + return strBuf(Headers[id].name); } diff -ruN squid-2.5.STABLE6/src/HttpHeaderTools.c squid-2.5.STABLE7/src/HttpHeaderTools.c --- squid-2.5.STABLE6/src/HttpHeaderTools.c Mon May 26 06:14:27 2003 +++ squid-2.5.STABLE7/src/HttpHeaderTools.c Sat Sep 25 05:56:16 2004 @@ -1,6 +1,6 @@ /* - * $Id: HttpHeaderTools.c,v 1.32.2.2 2003/05/26 12:14:27 hno Exp $ + * $Id: HttpHeaderTools.c,v 1.32.2.3 2004/09/25 11:56:16 hno Exp $ * * DEBUG: section 66 HTTP Header Tools * AUTHOR: Alex Rousskov @@ -422,13 +422,23 @@ static int httpHdrMangle(HttpHeaderEntry * e, request_t * request) { - int retval; + int retval = 1; /* check with anonymizer tables */ header_mangler *hm; aclCheck_t *checklist; assert(e); - hm = &Config.header_access[e->id]; + if (e->id == HDR_OTHER) { + for (hm = Config.header_access[HDR_OTHER].next; hm; hm = hm->next) { + if (strCmp(e->name, hm->name) == 0) + break; + } + if (!hm) + return 1; + } else + hm = &Config.header_access[e->id]; + if (!hm->access_list) + return 1; checklist = aclChecklistCreate(hm->access_list, request, NULL); if (1 == aclCheckFast(hm->access_list, checklist)) { /* aclCheckFast returns 1 for allow. */ @@ -442,11 +452,11 @@ * is allowed. */ stringReset(&e->value, hm->replacement); - retval = 1; + retval = -1; } - aclChecklistFree(checklist); - return retval; + + return retval != 0; } /* Mangles headers for a list of headers. */ diff -ruN squid-2.5.STABLE6/src/HttpReply.c squid-2.5.STABLE7/src/HttpReply.c --- squid-2.5.STABLE6/src/HttpReply.c Tue May 6 14:13:02 2003 +++ squid-2.5.STABLE7/src/HttpReply.c Tue Oct 5 15:31:25 2004 @@ -1,6 +1,6 @@ /* - * $Id: HttpReply.c,v 1.49.2.1 2003/05/06 20:13:02 hno Exp $ + * $Id: HttpReply.c,v 1.49.2.2 2004/10/05 21:31:25 hno Exp $ * * DEBUG: section 58 HTTP Reply (Response) * AUTHOR: Alex Rousskov @@ -143,16 +143,17 @@ * becuase somebody may feed a non NULL-terminated buffer to * us. */ - char *headers = memAllocate(MEM_4K_BUF); + MemBuf mb = MemBufNull; int success; - size_t s = XMIN(end + 1, 4096); /* reset current state, because we are not used in incremental fashion */ httpReplyReset(rep); /* put a string terminator. s is how many bytes to touch in * 'buf' including the terminating NULL. */ - xstrncpy(headers, buf, s); - success = httpReplyParseStep(rep, headers, 0); - memFree(headers, MEM_4K_BUF); + memBufDefInit(&mb); + memBufAppend(&mb, buf, end); + memBufAppend(&mb, "\0", 1); + success = httpReplyParseStep(rep, mb.buf, 0); + memBufClean(&mb); return success == 1; } diff -ruN squid-2.5.STABLE6/src/HttpRequest.c squid-2.5.STABLE7/src/HttpRequest.c --- squid-2.5.STABLE6/src/HttpRequest.c Fri Apr 13 18:25:17 2001 +++ squid-2.5.STABLE7/src/HttpRequest.c Thu Oct 7 11:01:13 2004 @@ -1,6 +1,6 @@ /* - * $Id: HttpRequest.c,v 1.30 2001/04/14 00:25:17 hno Exp $ + * $Id: HttpRequest.c,v 1.30.2.2 2004/10/07 17:01:13 hno Exp $ * * DEBUG: section 73 HTTP Request * AUTHOR: Duane Wessels @@ -55,8 +55,8 @@ requestDestroy(request_t * req) { assert(req); - if (req->body_connection) - clientAbortBody(req); + if (req->body_reader) + requestAbortBody(req); if (req->auth_user_request) authenticateAuthUserRequestUnlock(req->auth_user_request); safe_free(req->canonical); @@ -157,4 +157,42 @@ if (strConn && strListIsMember(strConn, strBuf(e->name), ',')) return 0; return 1; +} + +/* + * Read request body contents + */ +void +requestReadBody(request_t * request, char *buf, size_t size, CBCB * callback, void *cbdata) +{ + if (request->body_reader) { + if (cbdataValid(request->body_reader_data)) { + request->body_reader(request, buf, size, callback, cbdata); + } else { + debug(73, 1) ("requestReadBody: Aborted\n"); + request->body_reader = NULL; + cbdataUnlock(request->body_reader_data); + request->body_reader_data = NULL; + callback(buf, 0, cbdata); /* Signal end of body */ + } + } else { + callback(buf, 0, cbdata); /* Signal end of body */ + } +} + +void +requestAbortBody(request_t * request) +{ + if (!request) + return; + if (request->body_reader) { + if (cbdataValid(request->body_reader_data)) { + request->body_reader(request, NULL, -1, NULL, NULL); + } else { + debug(73, 2) ("requestAbortBody: Aborted\n"); + request->body_reader = NULL; + cbdataUnlock(request->body_reader_data); + request->body_reader_data = NULL; + } + } } diff -ruN squid-2.5.STABLE6/src/Makefile.am squid-2.5.STABLE7/src/Makefile.am --- squid-2.5.STABLE6/src/Makefile.am Sun Nov 10 08:30:03 2002 +++ squid-2.5.STABLE7/src/Makefile.am Sat Sep 25 15:37:35 2004 @@ -1,7 +1,7 @@ # # Makefile for the Squid Object Cache server # -# $Id: Makefile.am,v 1.16.2.9 2002/11/10 15:30:03 hno Exp $ +# $Id: Makefile.am,v 1.16.2.10 2004/09/25 21:37:35 hno Exp $ # # Uncomment and customize the following to suit your needs: # @@ -273,16 +273,16 @@ DEFAULT_PREFIX = $(prefix) DEFAULT_CONFIG_FILE = $(sysconfdir)/squid.conf DEFAULT_MIME_TABLE = $(sysconfdir)/mime.conf -DEFAULT_DNSSERVER = $(libexecdir)/dnsserver$(EXEEXT) +DEFAULT_DNSSERVER = $(libexecdir)/`echo dnsserver | sed '$(transform);s/$$/$(EXEEXT)/'` DEFAULT_LOG_PREFIX = $(localstatedir)/logs DEFAULT_CACHE_LOG = $(DEFAULT_LOG_PREFIX)/cache.log DEFAULT_ACCESS_LOG = $(DEFAULT_LOG_PREFIX)/access.log DEFAULT_STORE_LOG = $(DEFAULT_LOG_PREFIX)/store.log DEFAULT_PID_FILE = $(DEFAULT_LOG_PREFIX)/squid.pid DEFAULT_SWAP_DIR = $(localstatedir)/cache -DEFAULT_PINGER = $(libexecdir)/pinger$(EXEEXT) -DEFAULT_UNLINKD = $(libexecdir)/unlinkd$(EXEEXT) -DEFAULT_DISKD = $(libexecdir)/diskd$(EXEEXT) +DEFAULT_PINGER = $(libexecdir)/`echo pinger | sed '$(transform);s/$$/$(EXEEXT)/'` +DEFAULT_UNLINKD = $(libexecdir)/`echo unlinkd | sed '$(transform);s/$$/$(EXEEXT)/'` +DEFAULT_DISKD = $(libexecdir)/`echo diskd | sed '$(transform);s/$$/$(EXEEXT)/'` DEFAULT_ICON_DIR = $(datadir)/icons DEFAULT_ERROR_DIR = $(datadir)/errors/@ERR_DEFAULT_LANGUAGE@ DEFAULT_MIB_PATH = $(datadir)/mib.txt diff -ruN squid-2.5.STABLE6/src/Makefile.in squid-2.5.STABLE7/src/Makefile.in --- squid-2.5.STABLE6/src/Makefile.in Tue Jun 8 05:37:22 2004 +++ squid-2.5.STABLE7/src/Makefile.in Sat Sep 25 15:37:59 2004 @@ -16,7 +16,7 @@ # # Makefile for the Squid Object Cache server # -# $Id: Makefile.in,v 1.225.2.14 2004/06/08 11:37:22 hno Exp $ +# $Id: Makefile.in,v 1.225.2.20 2004/09/25 21:37:59 hno Exp $ # # Uncomment and customize the following to suit your needs: # @@ -375,16 +375,16 @@ DEFAULT_PREFIX = $(prefix) DEFAULT_CONFIG_FILE = $(sysconfdir)/squid.conf DEFAULT_MIME_TABLE = $(sysconfdir)/mime.conf -DEFAULT_DNSSERVER = $(libexecdir)/dnsserver$(EXEEXT) +DEFAULT_DNSSERVER = $(libexecdir)/`echo dnsserver | sed '$(transform);s/$$/$(EXEEXT)/'` DEFAULT_LOG_PREFIX = $(localstatedir)/logs DEFAULT_CACHE_LOG = $(DEFAULT_LOG_PREFIX)/cache.log DEFAULT_ACCESS_LOG = $(DEFAULT_LOG_PREFIX)/access.log DEFAULT_STORE_LOG = $(DEFAULT_LOG_PREFIX)/store.log DEFAULT_PID_FILE = $(DEFAULT_LOG_PREFIX)/squid.pid DEFAULT_SWAP_DIR = $(localstatedir)/cache -DEFAULT_PINGER = $(libexecdir)/pinger$(EXEEXT) -DEFAULT_UNLINKD = $(libexecdir)/unlinkd$(EXEEXT) -DEFAULT_DISKD = $(libexecdir)/diskd$(EXEEXT) +DEFAULT_PINGER = $(libexecdir)/`echo pinger | sed '$(transform);s/$$/$(EXEEXT)/'` +DEFAULT_UNLINKD = $(libexecdir)/`echo unlinkd | sed '$(transform);s/$$/$(EXEEXT)/'` +DEFAULT_DISKD = $(libexecdir)/`echo diskd | sed '$(transform);s/$$/$(EXEEXT)/'` DEFAULT_ICON_DIR = $(datadir)/icons DEFAULT_ERROR_DIR = $(datadir)/errors/@ERR_DEFAULT_LANGUAGE@ DEFAULT_MIB_PATH = $(datadir)/mib.txt diff -ruN squid-2.5.STABLE6/src/MemBuf.c squid-2.5.STABLE7/src/MemBuf.c --- squid-2.5.STABLE6/src/MemBuf.c Sun Jun 6 09:07:16 2004 +++ squid-2.5.STABLE7/src/MemBuf.c Tue Oct 5 15:31:25 2004 @@ -1,6 +1,6 @@ /* - * $Id: MemBuf.c,v 1.28.2.2 2004/06/06 15:07:16 hno Exp $ + * $Id: MemBuf.c,v 1.28.2.3 2004/10/05 21:31:25 hno Exp $ * * DEBUG: section 59 auto-growing Memory Buffer with printf * AUTHOR: Alex Rousskov @@ -158,7 +158,7 @@ (*mb->freefunc) (mb->buf); /* free */ mb->freefunc = NULL; /* freeze */ mb->buf = NULL; - mb->size = mb->capacity = 0; + mb->size = mb->capacity = mb->max_capacity = 0; } /* cleans the buffer without changing its capacity diff -ruN squid-2.5.STABLE6/src/access_log.c squid-2.5.STABLE7/src/access_log.c --- squid-2.5.STABLE6/src/access_log.c Mon Jun 7 15:20:34 2004 +++ squid-2.5.STABLE7/src/access_log.c Mon Sep 27 16:34:19 2004 @@ -1,6 +1,6 @@ /* - * $Id: access_log.c,v 1.72.2.5 2004/06/07 21:20:34 hno Exp $ + * $Id: access_log.c,v 1.72.2.6 2004/09/27 22:34:19 wessels Exp $ * * DEBUG: section 46 Access Log * AUTHOR: Duane Wessels @@ -389,7 +389,7 @@ logfile = logfileOpen(Config.Log.access, MAX_URL << 1, 1); LogfileStatus = LOG_ENABLE; #if HEADERS_LOG - headerslog = logfileOpen("/usr/local/squid/logs/headers.log", 512); + headerslog = logfileOpen("/usr/local/squid/logs/headers.log", MAX_URL << 1, 0); assert(NULL != headerslog); #endif #if FORW_VIA_DB diff -ruN squid-2.5.STABLE6/src/acl.c squid-2.5.STABLE7/src/acl.c --- squid-2.5.STABLE6/src/acl.c Fri Feb 27 09:36:35 2004 +++ squid-2.5.STABLE7/src/acl.c Sat Sep 25 05:56:16 2004 @@ -1,6 +1,6 @@ /* - * $Id: acl.c,v 1.270.2.27 2004/02/27 16:36:35 wessels Exp $ + * $Id: acl.c,v 1.270.2.29 2004/09/25 11:56:16 hno Exp $ * * DEBUG: section 28 Access Control * AUTHOR: Duane Wessels @@ -65,6 +65,8 @@ static void aclDestroyUserMaxIP(void *data); static wordlist *aclDumpUserMaxIP(void *data); static int aclMatchUserMaxIP(void *, auth_user_request_t *, struct in_addr); +static void aclParseHeader(void *data); +static void aclDestroyHeader(void *data); static squid_acl aclStrToType(const char *s); static int decode_addr(const char *, struct in_addr *, struct in_addr *); static void aclCheck(aclCheck_t * checklist); @@ -174,6 +176,10 @@ return ACL_REQ_MIME_TYPE; if (!strcmp(s, "rep_mime_type")) return ACL_REP_MIME_TYPE; + if (!strcmp(s, "rep_header")) + return ACL_REP_HEADER; + if (!strcmp(s, "req_header")) + return ACL_REQ_HEADER; if (!strcmp(s, "max_user_ip")) return ACL_MAX_USER_IP; if (!strcmp(s, "external")) @@ -250,6 +256,10 @@ return "req_mime_type"; if (type == ACL_REP_MIME_TYPE) return "rep_mime_type"; + if (type == ACL_REP_HEADER) + return "rep_header"; + if (type == ACL_REQ_HEADER) + return "req_header"; if (type == ACL_MAX_USER_IP) return "max_user_ip"; if (type == ACL_EXTERNAL) @@ -503,36 +513,36 @@ acl_time_data **Tail; int h1, m1, h2, m2; char *t = NULL; + long weekbits = 0; for (Tail = curlist; *Tail; Tail = &((*Tail)->next)); - q = memAllocate(MEM_ACL_TIME_DATA); while ((t = strtokFile())) { if (*t < '0' || *t > '9') { /* assume its day-of-week spec */ while (*t) { switch (*t++) { case 'S': - q->weekbits |= ACL_SUNDAY; + weekbits |= ACL_SUNDAY; break; case 'M': - q->weekbits |= ACL_MONDAY; + weekbits |= ACL_MONDAY; break; case 'T': - q->weekbits |= ACL_TUESDAY; + weekbits |= ACL_TUESDAY; break; case 'W': - q->weekbits |= ACL_WEDNESDAY; + weekbits |= ACL_WEDNESDAY; break; case 'H': - q->weekbits |= ACL_THURSDAY; + weekbits |= ACL_THURSDAY; break; case 'F': - q->weekbits |= ACL_FRIDAY; + weekbits |= ACL_FRIDAY; break; case 'A': - q->weekbits |= ACL_SATURDAY; + weekbits |= ACL_SATURDAY; break; case 'D': - q->weekbits |= ACL_WEEKDAYS; + weekbits |= ACL_WEEKDAYS; break; case '-': /* ignore placeholder */ @@ -553,8 +563,11 @@ memFree(q, MEM_ACL_TIME_DATA); return; } + q = memAllocate(MEM_ACL_TIME_DATA); q->start = h1 * 60 + m1; q->stop = h2 * 60 + m2; + q->weekbits = weekbits; + weekbits = 0; if (q->start > q->stop) { debug(28, 0) ("%s line %d: %s\n", cfg_filename, config_lineno, config_input_line); @@ -562,14 +575,20 @@ memFree(q, MEM_ACL_TIME_DATA); return; } + if (q->weekbits == 0) + q->weekbits = ACL_ALLWEEK; + *(Tail) = q; + Tail = &q->next; } } - if (q->start == 0 && q->stop == 0) - q->stop = 23 * 60 + 59; - if (q->weekbits == 0) - q->weekbits = ACL_ALLWEEK; - *(Tail) = q; - Tail = &q->next; + if (weekbits) { + q = memAllocate(MEM_ACL_TIME_DATA); + q->start = 0 * 60 + 0; + q->stop = 24 * 60 + 0; + q->weekbits = weekbits; + *(Tail) = q; + Tail = &q->next; + } } void @@ -608,6 +627,81 @@ } } +static void +aclParseHeader(void *data) +{ + char *t; + acl_hdr_data **hd = data; + acl_hdr_data *q; + + t = strtokFile(); + if (NULL == t) { + debug(28, 0) ("%s line %d: %s\n", cfg_filename, config_lineno, config_input_line); + debug(28, 0) ("aclParseHeader: No data defined '%s'\n", t); + return; + } + q = xcalloc(1, sizeof(acl_hdr_data)); + q->hdr_name = xstrdup(t); + q->hdr_id = httpHeaderIdByNameDef(t, strlen(t)); + aclParseRegexList(q->reglist); + if (!q->reglist) { + debug(28, 0) ("%s line %d: %s\n", cfg_filename, config_lineno, config_input_line); + debug(28, 0) ("aclParseHeader: No pattern defined '%s'\n", t); + aclDestroyHeader(&q); + return; + } + while (*hd) + hd = &(*hd)->next; + *hd = q; +} + +static int +aclMatchHeader(acl_hdr_data * hdrs, const HttpHeader * hdr) +{ + acl_hdr_data *hd; + for (hd = hdrs; hd; hd = hd->next) { + int ret; + String header; + if (hd->hdr_id != -1) + header = httpHeaderGetStrOrList(hdr, hd->hdr_id); + else + header = httpHeaderGetByName(hdr, hd->hdr_name); + if (!strBuf(header)) + continue; + ret = aclMatchRegex(hd->reglist, strBuf(header)); + stringClean(&header); + if (ret) + return 1; + } + return 0; +} + +void +aclDestroyHeader(void *data) +{ + acl_hdr_data **acldata = data; + while (*acldata) { + acl_hdr_data *q = *acldata; + *acldata = q->next; + if (q->reglist) + aclDestroyRegexList((*acldata)->reglist); + safe_free(q); + } +} + +static wordlist * +aclDumpHeader(acl_hdr_data * hd) +{ + wordlist *W = NULL; + relist *data = hd->reglist; + wordlistAdd(&W, httpHeaderNameById(hd->hdr_id)); + while (data != NULL) { + wordlistAdd(&W, data->pattern); + data = data->next; + } + return aclDumpRegexList(hd->reglist); +} + #if SQUID_SNMP static void aclParseWordList(void *curlist) @@ -754,6 +848,10 @@ case ACL_REP_MIME_TYPE: aclParseRegexList(&A->data); break; + case ACL_REP_HEADER: + case ACL_REQ_HEADER: + aclParseHeader(&A->data); + break; case ACL_SRC_ASN: case ACL_MAXCONN: case ACL_DST_ASN: @@ -1473,6 +1571,8 @@ case ACL_PROXY_AUTH_REGEX: case ACL_REP_MIME_TYPE: case ACL_REQ_MIME_TYPE: + case ACL_REP_HEADER: + case ACL_REQ_HEADER: case ACL_URLPATH_REGEX: case ACL_URL_PORT: case ACL_URL_REGEX: @@ -1693,6 +1793,14 @@ header = ""; return aclMatchRegex(ae->data, header); /* NOTREACHED */ + case ACL_REP_HEADER: + if (!checklist->reply) + return 0; + return aclMatchHeader(ae->data, &checklist->reply->header); + /* NOTREACHED */ + case ACL_REQ_HEADER: + return aclMatchHeader(ae->data, &checklist->request->header); + /* NOTREACHED */ case ACL_EXTERNAL: return aclMatchExternal(ae->data, checklist); /* NOTREACHED */ @@ -2163,6 +2271,10 @@ case ACL_REQ_MIME_TYPE: aclDestroyRegexList(a->data); break; + case ACL_REP_HEADER: + case ACL_REQ_HEADER: + aclDestroyHeader(a->data); + break; case ACL_PROTO: case ACL_METHOD: case ACL_SRC_ASN: @@ -2578,6 +2690,9 @@ case ACL_REQ_MIME_TYPE: case ACL_REP_MIME_TYPE: return aclDumpRegexList(a->data); + case ACL_REQ_HEADER: + case ACL_REP_HEADER: + return aclDumpHeader(a->data); case ACL_SRC_ASN: case ACL_MAXCONN: case ACL_DST_ASN: diff -ruN squid-2.5.STABLE6/src/auth/Makefile.in squid-2.5.STABLE7/src/auth/Makefile.in --- squid-2.5.STABLE6/src/auth/Makefile.in Tue Jun 8 05:37:22 2004 +++ squid-2.5.STABLE7/src/auth/Makefile.in Sat Jul 10 06:11:49 2004 @@ -15,7 +15,7 @@ # Makefile for authentication modules in the Squid Object Cache server # -# $Id: Makefile.in,v 1.6.2.7 2004/06/08 11:37:22 hno Exp $ +# $Id: Makefile.in,v 1.6.2.9 2004/07/10 12:11:49 hno Exp $ # SHELL = @SHELL@ diff -ruN squid-2.5.STABLE6/src/auth/basic/auth_basic.c squid-2.5.STABLE7/src/auth/basic/auth_basic.c --- squid-2.5.STABLE6/src/auth/basic/auth_basic.c Sat Apr 17 19:29:52 2004 +++ squid-2.5.STABLE7/src/auth/basic/auth_basic.c Sat Sep 25 15:03:49 2004 @@ -1,5 +1,5 @@ /* - * $Id: auth_basic.c,v 1.14.2.6 2004/04/18 01:29:52 hno Exp $ + * $Id: auth_basic.c,v 1.14.2.8 2004/09/25 21:03:49 hno Exp $ * * DEBUG: section 29 Authenticator * AUTHOR: Duane Wessels @@ -309,10 +309,11 @@ storeAppendPrintf(entry, " %s", list->key); list = list->next; } - storeAppendPrintf(entry, "\n%s %s realm %s\n%s %s children %d\n%s %s credentialsttl %d seconds\n", + storeAppendPrintf(entry, "\n%s %s realm %s\n%s %s children %d\n%s %s credentialsttl %d seconds\n%s %s casesensitive %s\n", name, "basic", config->basicAuthRealm, name, "basic", config->authenticateChildren, - name, "basic", (int) config->credentialsTTL); + name, "basic", (int) config->credentialsTTL, + name, "basic", config->casesensitive ? "on" : "off"); } @@ -341,6 +342,8 @@ parse_eol(&basicConfig->basicAuthRealm); } else if (strcasecmp(param_str, "credentialsttl") == 0) { parse_time_t(&basicConfig->credentialsTTL); + } else if (strcasecmp(param_str, "casesensitive") == 0) { + parse_onoff(&basicConfig->casesensitive); } else { debug(28, 0) ("unrecognised basic auth scheme parameter '%s'\n", param_str); } @@ -486,6 +489,8 @@ local_basic.passwd = xstrndup(cleartext, USER_IDENT_SZ); } + if (!basicConfig->casesensitive) + Tolower(local_basic.username); /* now lookup and see if we have a matching auth_user structure in memory. */ if ((auth_user = authBasicAuthUserFindUsername(local_basic.username)) == NULL) { diff -ruN squid-2.5.STABLE6/src/auth/basic/auth_basic.h squid-2.5.STABLE7/src/auth/basic/auth_basic.h --- squid-2.5.STABLE6/src/auth/basic/auth_basic.h Wed Feb 18 10:50:51 2004 +++ squid-2.5.STABLE7/src/auth/basic/auth_basic.h Sat Jul 17 13:53:25 2004 @@ -41,6 +41,7 @@ char *basicAuthRealm; wordlist *authenticate; time_t credentialsTTL; + int casesensitive; }; typedef struct _auth_basic_config auth_basic_config; diff -ruN squid-2.5.STABLE6/src/auth/digest/auth_digest.c squid-2.5.STABLE7/src/auth/digest/auth_digest.c --- squid-2.5.STABLE6/src/auth/digest/auth_digest.c Sat Apr 17 19:29:52 2004 +++ squid-2.5.STABLE7/src/auth/digest/auth_digest.c Sat Aug 28 16:31:15 2004 @@ -1,6 +1,6 @@ /* - * $Id: auth_digest.c,v 1.10.2.12 2004/04/18 01:29:52 hno Exp $ + * $Id: auth_digest.c,v 1.10.2.13 2004/08/28 22:31:15 hno Exp $ * * DEBUG: section 29 Authenticator * AUTHOR: Robert Collins @@ -893,7 +893,7 @@ if (reply) { if ((t = strchr(reply, ' '))) *t = '\0'; - if (*reply == '\0') + if (*reply == '\0' || *reply == '\n') reply = NULL; } assert(r->auth_user_request != NULL); @@ -903,7 +903,7 @@ digest_user = auth_user_request->auth_user->scheme_data; if (reply && (strncasecmp(reply, "ERR", 3) == 0)) digest_request->flags.credentials_ok = 3; - else { + else if (reply) { CvtBin(reply, digest_user->HA1); digest_user->HA1created = 1; } diff -ruN squid-2.5.STABLE6/src/auth/ntlm/auth_ntlm.c squid-2.5.STABLE7/src/auth/ntlm/auth_ntlm.c --- squid-2.5.STABLE6/src/auth/ntlm/auth_ntlm.c Sat Apr 17 19:29:52 2004 +++ squid-2.5.STABLE7/src/auth/ntlm/auth_ntlm.c Wed Aug 25 14:27:27 2004 @@ -1,6 +1,6 @@ /* - * $Id: auth_ntlm.c,v 1.17.2.12 2004/04/18 01:29:52 hno Exp $ + * $Id: auth_ntlm.c,v 1.17.2.18 2004/08/25 20:27:27 hno Exp $ * * DEBUG: section 29 NTLM Authenticator * AUTHOR: Robert Collins @@ -87,10 +87,12 @@ static MemPool *ntlm_helper_state_pool = NULL; static MemPool *ntlm_user_pool = NULL; static MemPool *ntlm_request_pool = NULL; +static MemPool *ntlm_challenge_pool = NULL; static auth_ntlm_config *ntlmConfig = NULL; -static hash_table *proxy_auth_cache = NULL; +static hash_table *ntlm_challenge_cache = NULL; +static void authenticateNTLMReleaseServer(ntlm_request_t * ntlm_request); /* * * Private Functions @@ -249,9 +251,10 @@ if (ntlmauthenticators == NULL) ntlmauthenticators = helperStatefulCreate("ntlmauthenticator"); if (ntlmConfig->challengeuses) { - if (!proxy_auth_cache) - proxy_auth_cache = hash_create((HASHCMP *) strcmp, 7921, hash_string); - assert(proxy_auth_cache); + if (!ntlm_challenge_cache) + ntlm_challenge_cache = hash_create((HASHCMP *) strcmp, 7921, hash_string); + if (!ntlm_challenge_pool) + ntlm_challenge_pool = memPoolCreate("NTLM Challenge Cache", sizeof(ntlm_challenge_hash_pointer)); } ntlmauthenticators->cmdline = ntlmConfig->authenticate; ntlmauthenticators->n_to_start = ntlmConfig->authenticateChildren; @@ -379,8 +382,7 @@ xfree(ntlm_request->ntlmauthenticate); if (ntlm_request->authserver != NULL) { debug(29, 9) ("authenticateNTLMRequestFree: releasing server '%p'\n", ntlm_request->authserver); - helperStatefulReleaseServer(ntlm_request->authserver); - ntlm_request->authserver = NULL; + authenticateNTLMReleaseServer(ntlm_request); } memPoolFree(ntlm_request_pool, ntlm_request); } @@ -393,28 +395,19 @@ auth_user_request->scheme_data = NULL; } +static void authenticateNTLMChallengeCacheRemoveLink(ntlm_challenge_hash_pointer * challenge_hash); + static void authenticateNTLMFreeUser(auth_user_t * auth_user) { - dlink_node *link, *tmplink; ntlm_user_t *ntlm_user = auth_user->scheme_data; - auth_user_hash_pointer *proxy_auth_hash; debug(29, 5) ("authenticateNTLMFreeUser: Clearing NTLM scheme data\n"); if (ntlm_user->username) xfree(ntlm_user->username); /* were they linked in by one or more proxy-authenticate headers */ - link = ntlm_user->proxy_auth_list.head; - while (link) { - debug(29, 9) ("authenticateFreeProxyAuthUser: removing proxy_auth hash entry '%p'\n", link->data); - proxy_auth_hash = link->data; - tmplink = link; - link = link->next; - dlinkDelete(tmplink, &ntlm_user->proxy_auth_list); - hash_remove_link(proxy_auth_cache, (hash_link *) proxy_auth_hash); - /* free the key (usually the proxy_auth header) */ - xfree(proxy_auth_hash->key); - memFree(proxy_auth_hash, MEM_AUTH_USER_HASH); + while (ntlm_user->challenge_list.head) { + authenticateNTLMChallengeCacheRemoveLink(ntlm_user->challenge_list.head->data); } memPoolFree(ntlm_user_pool, ntlm_user); auth_user->scheme_data = NULL; @@ -427,6 +420,10 @@ helper_stateful_server *server = ntlm_request->authserver; debug(29, 9) ("authenticateNTLMReleaseServer: releasing server '%p'\n", server); ntlm_request->authserver = NULL; + if (!ntlmConfig->challengeuses) { + ntlm_helper_state_t *helperstate = helperStatefulServerGetData(server); + helperstate->starve = 1; + } helperStatefulReleaseServer(server); } @@ -436,7 +433,7 @@ { helper_stateful_server *server = ntlm_request->authserver; ntlm_helper_state_t *helperstate = helperStatefulServerGetData(server); - debug(29, 9) ("authenticateNTLMReleaseServer: releasing server '%p'\n", server); + debug(29, 9) ("authenticateNTLMResetServer: releasing server '%p'\n", server); ntlm_request->authserver = NULL; helperstate->starve = 1; helperStatefulReleaseServer(server); @@ -505,13 +502,13 @@ helperstate = helperStatefulServerGetData(srv); if (helperstate == NULL) fatal("lost NTLM helper state! quitting\n"); - helperstate->challenge = xstrndup(reply, NTLM_CHALLENGE_SZ + 5); + helperstate->challenge = xstrdup(reply); helperstate->renewed = squid_curtime; /* and we satisfy the request that happended on the refresh boundary */ /* note this code is now in two places FIXME */ assert(ntlm_request->auth_state == AUTHENTICATE_STATE_NEGOTIATE); ntlm_request->authserver = srv; - ntlm_request->authchallenge = xstrndup(reply, NTLM_CHALLENGE_SZ + 5); + ntlm_request->authchallenge = xstrdup(reply); helperstate->challengeuses = 1; } else if (strncasecmp(reply, "AF ", 3) == 0) { /* we're finished, release the helper */ @@ -521,9 +518,7 @@ assert(ntlm_user != NULL); /* we only expect OK when finishing the handshake */ assert(ntlm_request->auth_state == AUTHENTICATE_STATE_RESPONSE); - ntlm_user->username = xstrndup(reply, MAX_LOGIN_SZ); - ntlm_request->authserver = NULL; - helperStatefulReleaseServer(srv); + ntlm_user->username = xstrdup(reply); #ifdef NTLM_FAIL_OPEN } else if (strncasecmp(reply, "LD ", 3) == 0) { /* This is a variant of BH, which rather than deny access @@ -541,7 +536,7 @@ assert(ntlm_user != NULL); /* we only expect LD when finishing the handshake */ assert(ntlm_request->auth_state == AUTHENTICATE_STATE_RESPONSE); - ntlm_user->username = xstrndup(reply, MAX_LOGIN_SZ); + ntlm_user->username = xstrdup(reply); helperstate = helperStatefulServerGetData(ntlm_request->authserver); /* BH code: mark helper as broken */ authenticateNTLMResetServer(ntlm_request); @@ -699,7 +694,7 @@ while ((server != NULL) && authenticateNTLMChangeChallenge_p(helperstate)) { /* flag this helper for challenge changing */ helperstate->starve = 1; - helperStatefulReset(server); + helperStatefulReleaseServer(server); /* Get another server */ server = helperStatefulGetServer(ntlmauthenticators); helperstate = server ? helperStatefulServerGetData(server) : NULL; @@ -734,12 +729,14 @@ helperStatefulSubmit(ntlmauthenticators, buf, authenticateNTLMHandleReply, r, ntlm_request->authserver); } } else { + if (!ntlmConfig->challengeuses) + debug(29, 0) ("authenticateNTLMStart: Reused challenge in server %p even if challenge reuse is disabled!", server); /* (server != NULL and we have a valid challenge) */ /* TODO: turn the below into a function and call from here and handlereply */ /* increment the challenge uses */ helperstate->challengeuses++; /* assign the challenge */ - ntlm_request->authchallenge = xstrndup(helperstate->challenge, NTLM_CHALLENGE_SZ + 5); + ntlm_request->authchallenge = xstrdup(helperstate->challenge); handler(data, NULL); } @@ -792,6 +789,9 @@ statedata->renewed = 0; xfree(statedata->challenge); statedata->challenge = NULL; + while (statedata->user_list.head) { + authenticateNTLMChallengeCacheRemoveLink(statedata->user_list.head->data); + } } } @@ -880,24 +880,34 @@ * Check for this and if found ignore the new link */ static void -authenticateProxyAuthCacheAddLink(const char *key, auth_user_t * auth_user) +authenticateNTLMChallengeCacheAddLink(const char *key, auth_user_t * auth_user, helper_stateful_server * auth_server) { - auth_user_hash_pointer *proxy_auth_hash; - dlink_node *node; + ntlm_challenge_hash_pointer *challenge_hash; ntlm_user_t *ntlm_user; + ntlm_helper_state_t *helperstate = helperStatefulServerGetData(auth_server); ntlm_user = auth_user->scheme_data; - node = ntlm_user->proxy_auth_list.head; /* prevent duplicates */ - while (node) { - if (!strcmp(key, ((auth_user_hash_pointer *) node->data)->key)) - return; - node = node->next; - } - proxy_auth_hash = memAllocate(MEM_AUTH_USER_HASH); - proxy_auth_hash->key = xstrdup(key); - proxy_auth_hash->auth_user = auth_user; - dlinkAddTail(proxy_auth_hash, &proxy_auth_hash->link, &ntlm_user->proxy_auth_list); - hash_join(proxy_auth_cache, (hash_link *) proxy_auth_hash); + if (hash_lookup(ntlm_challenge_cache, key)) + return; + challenge_hash = memPoolAlloc(ntlm_challenge_pool); + challenge_hash->key = xstrdup(key); + challenge_hash->user.auth_user = auth_user; + dlinkAddTail(challenge_hash, &challenge_hash->user.link, &ntlm_user->challenge_list); + challenge_hash->challenge.authserver = auth_server; + dlinkAddTail(challenge_hash, &challenge_hash->challenge.link, &helperstate->user_list); + hash_join(ntlm_challenge_cache, (hash_link *) challenge_hash); +} + +static void +authenticateNTLMChallengeCacheRemoveLink(ntlm_challenge_hash_pointer * challenge_hash) +{ + ntlm_user_t *ntlm_user = challenge_hash->user.auth_user->scheme_data; + ntlm_helper_state_t *helperstate = helperStatefulServerGetData(challenge_hash->challenge.authserver); + hash_remove_link(ntlm_challenge_cache, (hash_link *) challenge_hash); + dlinkDelete(&challenge_hash->user.link, &ntlm_user->challenge_list); + dlinkDelete(&challenge_hash->challenge.link, &helperstate->user_list); + xfree(challenge_hash->key); + memPoolFree(ntlm_challenge_pool, challenge_hash); } @@ -915,10 +925,12 @@ authenticateNTLMAuthenticateUser(auth_user_request_t * auth_user_request, request_t * request, ConnStateData * conn, http_hdr_type type) { const char *proxy_auth; - auth_user_hash_pointer *usernamehash, *proxy_auth_hash = NULL; + auth_user_hash_pointer *usernamehash; + ntlm_challenge_hash_pointer *challenge_hash = NULL; auth_user_t *auth_user; ntlm_request_t *ntlm_request; ntlm_user_t *ntlm_user; + void *srv; LOCAL_ARRAY(char, ntlmhash, NTLM_CHALLENGE_SZ * 2); /* get header */ proxy_auth = httpHeaderGetStr(&request->header, type); @@ -942,7 +954,7 @@ /* we've recieved a negotiate request. pass to a helper */ debug(29, 9) ("authenticateNTLMAuthenticateUser: auth state ntlm none. %s\n", proxy_auth); ntlm_request->auth_state = AUTHENTICATE_STATE_NEGOTIATE; - ntlm_request->ntlmnegotiate = xstrndup(proxy_auth, NTLM_CHALLENGE_SZ + 5); + ntlm_request->ntlmnegotiate = xstrdup(proxy_auth); conn->auth_type = AUTH_NTLM; conn->auth_user_request = auth_user_request; ntlm_request->conn = conn; @@ -982,9 +994,9 @@ ntlm_request->authchallenge); /* see if we already know this user's authenticate */ debug(29, 9) ("aclMatchProxyAuth: cache lookup with key '%s'\n", ntlmhash); - assert(proxy_auth_cache != NULL); - proxy_auth_hash = hash_lookup(proxy_auth_cache, ntlmhash); - if (!proxy_auth_hash) { /* not in the hash table */ + assert(ntlm_challenge_cache != NULL); + challenge_hash = hash_lookup(ntlm_challenge_cache, ntlmhash); + if (!challenge_hash) { /* not in the hash table */ debug(29, 4) ("authenticateNTLMAuthenticateUser: proxy-auth cache miss.\n"); ntlm_request->auth_state = AUTHENTICATE_STATE_RESPONSE; /* verify with the ntlm helper */ @@ -993,8 +1005,8 @@ /* throw away the temporary entry */ ntlm_request->authserver_deferred = 0; authenticateNTLMReleaseServer(ntlm_request); - authenticateAuthUserMerge(auth_user, proxy_auth_hash->auth_user); - auth_user = proxy_auth_hash->auth_user; + authenticateAuthUserMerge(auth_user, challenge_hash->user.auth_user); + auth_user = challenge_hash->user.auth_user; auth_user_request->auth_user = auth_user; ntlm_request->auth_state = AUTHENTICATE_STATE_DONE; /* we found one */ @@ -1026,10 +1038,6 @@ usernamehash = usernamehash->next; } if (usernamehash) { - /* - * add another link from the new proxy_auth to the - * auth_user structure and update the information */ - assert(proxy_auth_hash == NULL); /* we can't seamlessly recheck the username due to the * challenge nature of the protocol. Just free the * temporary auth_user */ @@ -1045,13 +1053,15 @@ snprintf(ntlmhash, sizeof(ntlmhash) - 1, "%s%s", ntlm_request->ntlmauthenticate, ntlm_request->authchallenge); - authenticateProxyAuthCacheAddLink(ntlmhash, auth_user); + authenticateNTLMChallengeCacheAddLink(ntlmhash, auth_user, ntlm_request->authserver); } /* set these to now because this is either a new login from an * existing user or a new user */ auth_user->expiretime = current_time.tv_sec; + srv = ntlm_request->authserver; + ntlm_request->authserver = NULL; + helperStatefulReleaseServer(srv); return; - break; case AUTHENTICATE_STATE_DONE: fatal("authenticateNTLMAuthenticateUser: unexpect auth state DONE! Report a bug to the squid developers.\n"); break; diff -ruN squid-2.5.STABLE6/src/auth/ntlm/auth_ntlm.h squid-2.5.STABLE7/src/auth/ntlm/auth_ntlm.h --- squid-2.5.STABLE6/src/auth/ntlm/auth_ntlm.h Wed Feb 4 10:42:36 2004 +++ squid-2.5.STABLE7/src/auth/ntlm/auth_ntlm.h Wed Aug 25 14:24:04 2004 @@ -27,9 +27,24 @@ struct _ntlm_user { /* what username did this connection get? */ char *username; - dlink_list proxy_auth_list; + dlink_list challenge_list; }; +struct _ntlm_challenge_hash_pointer { + /* first two items must be same as hash_link */ + char *key; + auth_user_hash_pointer *next; + struct { + auth_user_t *auth_user; + dlink_node link; /* other hash entries that point to the same auth_user */ + } user; + struct { + helper_stateful_server *authserver; + dlink_node link; /* other hash entries that point to the same challenge */ + } challenge; +}; + + struct _ntlm_request { /* what negotiate string did the client use? */ char *ntlmnegotiate; @@ -52,6 +67,7 @@ int starve; /* 0= normal operation. 1=don't hand out any more challenges */ int challengeuses; /* the number of times this challenge has been issued */ time_t renewed; + dlink_list user_list; /* ntlm_challenge_hash_pointer list referring to this challenge */ }; /* configuration runtime data */ @@ -67,6 +83,7 @@ typedef struct _ntlm_request ntlm_request_t; typedef struct _ntlm_helper_state_t ntlm_helper_state_t; typedef struct _auth_ntlm_config auth_ntlm_config; +typedef struct _ntlm_challenge_hash_pointer ntlm_challenge_hash_pointer; extern MemPool *ntlm_helper_state_pool; extern MemPool *ntlm_user_pool; diff -ruN squid-2.5.STABLE6/src/cache_cf.c squid-2.5.STABLE7/src/cache_cf.c --- squid-2.5.STABLE6/src/cache_cf.c Thu Apr 29 17:56:50 2004 +++ squid-2.5.STABLE7/src/cache_cf.c Sat Sep 25 05:56:16 2004 @@ -1,6 +1,6 @@ /* - * $Id: cache_cf.c,v 1.396.2.17 2004/04/29 23:56:50 hno Exp $ + * $Id: cache_cf.c,v 1.396.2.18 2004/09/25 11:56:16 hno Exp $ * * DEBUG: section 3 Configuration File Parsing * AUTHOR: Harvest Derived @@ -917,12 +917,20 @@ dump_http_header_access(StoreEntry * entry, const char *name, header_mangler header[]) { int i; + header_mangler *other; for (i = 0; i < HDR_ENUM_END; i++) { - if (header[i].access_list != NULL) { - storeAppendPrintf(entry, "%s ", name); - dump_acl_access(entry, httpHeaderNameById(i), - header[i].access_list); - } + if (header[i].access_list == NULL) + continue; + storeAppendPrintf(entry, "%s ", name); + dump_acl_access(entry, httpHeaderNameById(i), + header[i].access_list); + } + for (other = header[HDR_OTHER].next; other; other = other->next) { + if (other->access_list == NULL) + continue; + storeAppendPrintf(entry, "%s ", name); + dump_acl_access(entry, other->name, + other->access_list); } } @@ -944,9 +952,16 @@ else if (strcmp(t, "Other") == 0) id = HDR_OTHER; else if (id == -1) { - debug(3, 0) ("%s line %d: %s\n", - cfg_filename, config_lineno, config_input_line); - debug(3, 0) ("parse_http_header_access: unknown header name %s.\n", t); + header_mangler *hdr = header[HDR_OTHER].next; + while (hdr && strcasecmp(hdr->name, t) != 0) + hdr = hdr->next; + if (!hdr) { + hdr = xcalloc(1, sizeof *hdr); + hdr->name = xstrdup(t); + hdr->next = header[HDR_OTHER].next; + header[HDR_OTHER].next = hdr; + } + parse_acl_access(&hdr->access_list); return; } if (id != HDR_ENUM_END) { @@ -968,9 +983,22 @@ free_http_header_access(header_mangler header[]) { int i; + header_mangler **hdrp; for (i = 0; i < HDR_ENUM_END; i++) { free_acl_access(&header[i].access_list); } + hdrp = &header[HDR_OTHER].next; + while (*hdrp) { + header_mangler *hdr = *hdrp; + free_acl_access(&hdr->access_list); + if (!hdr->replacement) { + *hdrp = hdr->next; + safe_free(hdr->name); + safe_free(hdr); + } else { + hdrp = &hdr->next; + } + } } static void @@ -978,12 +1006,18 @@ header[]) { int i; + header_mangler *other; for (i = 0; i < HDR_ENUM_END; i++) { if (NULL == header[i].replacement) continue; storeAppendPrintf(entry, "%s %s %s\n", name, httpHeaderNameById(i), header[i].replacement); } + for (other = header[HDR_OTHER].next; other; other = other->next) { + if (other->replacement == NULL) + continue; + storeAppendPrintf(entry, "%s %s %s\n", name, other->name, other->replacement); + } } static void @@ -1004,10 +1038,18 @@ else if (strcmp(t, "Other") == 0) id = HDR_OTHER; else if (id == -1) { - debug(3, 0) ("%s line %d: %s\n", - cfg_filename, config_lineno, config_input_line); - debug(3, 0) ("parse_http_header_replace: unknown header name %s.\n", - t); + header_mangler *hdr = header[HDR_OTHER].next; + while (hdr && strcasecmp(hdr->name, t) != 0) + hdr = hdr->next; + if (!hdr) { + hdr = xcalloc(1, sizeof *hdr); + hdr->name = xstrdup(t); + hdr->next = header[HDR_OTHER].next; + header[HDR_OTHER].next = hdr; + } + if (hdr->replacement != NULL) + safe_free(hdr->replacement); + hdr->replacement = xstrdup(t + strlen(t) + 1); return; } if (id != HDR_ENUM_END) { @@ -1027,9 +1069,22 @@ free_http_header_replace(header_mangler header[]) { int i; + header_mangler **hdrp; for (i = 0; i < HDR_ENUM_END; i++) { if (header[i].replacement != NULL) safe_free(header[i].replacement); + } + hdrp = &header[HDR_OTHER].next; + while (*hdrp) { + header_mangler *hdr = *hdrp; + free_acl_access(&hdr->access_list); + if (!hdr->access_list) { + *hdrp = hdr->next; + safe_free(hdr->name); + safe_free(hdr); + } else { + hdrp = &hdr->next; + } } } #endif diff -ruN squid-2.5.STABLE6/src/carp.c squid-2.5.STABLE7/src/carp.c --- squid-2.5.STABLE6/src/carp.c Thu Jun 19 15:06:19 2003 +++ squid-2.5.STABLE7/src/carp.c Thu Sep 30 03:23:30 2004 @@ -1,6 +1,6 @@ /* - * $Id: carp.c,v 1.15.2.1 2003/06/19 21:06:19 wessels Exp $ + * $Id: carp.c,v 1.15.2.2 2004/09/30 09:23:30 hno Exp $ * * DEBUG: section 39 Cache Array Routing Protocol * AUTHOR: Eric Stern @@ -119,7 +119,7 @@ for (tp = Config.peers; tp; tp = tp->next) { if (0.0 == tp->carp.load_factor) continue; - if (tp->tcp_up != PEER_TCP_MAGIC_COUNT) + if (!peerHTTPOkay(tp, request)) continue; assert(tp->type == PEER_PARENT); combined_hash = (url_hash ^ tp->carp.hash); diff -ruN squid-2.5.STABLE6/src/cf.data.pre squid-2.5.STABLE7/src/cf.data.pre --- squid-2.5.STABLE6/src/cf.data.pre Fri Apr 30 14:40:39 2004 +++ squid-2.5.STABLE7/src/cf.data.pre Fri Oct 8 11:41:10 2004 @@ -1,6 +1,6 @@ # -# $Id: cf.data.pre,v 1.245.2.66 2004/04/30 20:40:39 wessels Exp $ +# $Id: cf.data.pre,v 1.245.2.77 2004/10/08 17:41:10 hno Exp $ # # # SQUID Web Proxy Cache http://www.squid-cache.org/ @@ -67,14 +67,14 @@ requests. You may specify multiple socket addresses. There are three forms: port alone, hostname with port, and IP address with port. If you specify a hostname or IP - address, then Squid binds the socket to that specific + address, Squid binds the socket to that specific address. This replaces the old 'tcp_incoming_address' option. Most likely, you do not need to bind to a specific address, so you can use the port number alone. The default port number is 3128. - If you are running Squid in accelerator mode, then you + If you are running Squid in accelerator mode, you probably want to listen on port 80 also, or instead. The -a command line option will override the *first* port @@ -84,7 +84,7 @@ You may specify multiple socket addresses on multiple lines. If you run Squid on a dual-homed machine with an internal - and an external interface then we recommend you to specify the + and an external interface we recommend you to specify the internal address:port in http_port. This way Squid will only be visible on the internal address. DOC_END @@ -106,11 +106,11 @@ You may specify multiple socket addresses on multiple lines, each with their own SSL certificate and/or options. - + Options: cert= Path to SSL certificate (PEM format) - + key= Path to SSL private key file (PEM format) if not specified, the certificate file is assumed to be a combined certificate and @@ -211,11 +211,11 @@ The default behavior is to not bind to any specific address. - A udp_incoming_address value of 0.0.0.0 indicates that Squid should - listen for UDP messages on all available interfaces. + A udp_incoming_address value of 0.0.0.0 indicates Squid + should listen for UDP messages on all available interfaces. If udp_outgoing_address is set to 255.255.255.255 (the default) - then it will use the same socket as udp_incoming_address. Only + it will use the same socket as udp_incoming_address. Only change this if you want to have ICP queries sent using another address than where this Squid listens for ICP queries from other caches. @@ -277,7 +277,7 @@ htcp carp-load-factor - use 'proxy-only' to specify that objects fetched + use 'proxy-only' to specify objects fetched from this cache should not be saved locally. use 'weight=n' to specify a weighted parent. @@ -303,7 +303,7 @@ should be used in a round-robin fashion in the absence of any ICP queries. - 'multicast-responder' indicates that the named peer + 'multicast-responder' indicates the named peer is a member of a multicast group. ICP queries will not be sent directly to the peer, but ICP replies will be accepted from it. @@ -324,7 +324,7 @@ use 'login=user:password' if this is a personal/workgroup proxy and your parent requires proxy authentication. Note: The string can include URL escapes (i.e. %20 for - spaces). This also means that % must be written as %%. + spaces). This also means % must be written as %%. use 'login=PASS' if users must authenticate against the upstream proxy. This will pass the users credentials @@ -332,7 +332,7 @@ Basic HTTP authentication sheme. Note: To combine this with proxy_auth both proxies must share the same user database as HTTP only allows for one proxy login. - Also be warned that this will expose your users proxy + Also be warned this will expose your users proxy password to the peer. USE WITH CAUTION use 'login=*:password' to pass the username to the @@ -373,7 +373,7 @@ cache as one participating in a CARP array. The 'f' values for all CARP parents must add up to 1.0. - + NOTE: non-ICP/HTCP neighbors must be specified as 'parent'. DOC_END @@ -396,7 +396,7 @@ has the effect such that UDP query packets are sent to 'bigserver' only when the requested object exists on a server in the .edu domain. Prefixing the domainname - with '!' means that the cache will be queried for objects + with '!' means the cache will be queried for objects NOT in that domain. NOTE: * Any number of domains may be given for a cache-host, @@ -596,7 +596,7 @@ low-water mark. As swap utilization gets close to high-water mark object eviction becomes more aggressive. If utilization is close to the low-water mark less replacement is done each time. - + Defaults are 90% and 95%. If you have a large cache, 5% could be hundreds of MB. If this is the case you may wish to set these numbers closer together. @@ -739,7 +739,7 @@ LOC: Config.cacheSwap DOC_START Usage: - + cache_dir Type Directory-Name Fs-specific-data [options] You can specify multiple cache_dir lines to spread the @@ -751,7 +751,7 @@ 'Directory' is a top-level directory where cache swap files will be stored. If you want to use an entire disk - for caching, then this can be the mount-point directory. + for caching, this can be the mount-point directory. The directory must exist and be writable by the Squid process. Squid will NOT create this directory for you. @@ -816,7 +816,7 @@ are limited to 24 bits, the block size determines the maximum size of the COSS partition. The default is 512 bytes, which leads to a maximum cache_dir size of 512<<24, or 8 GB. Note - that you should not change the coss block size after Squid + you should not change the coss block size after Squid has written some objects to the cache_dir. Common options: @@ -881,13 +881,13 @@ a directory. Since this is the index for the whole object list you CANNOT periodically rotate it! - If %s can be used in the file name then it will be replaced with a + If %s can be used in the file name it will be replaced with a a representation of the cache_dir name where each / is replaced with '.'. This is needed to allow adding/removing cache_dir lines when cache_swap_log is being used. - + If have more than one 'cache_dir', and %s is not used in the name - then these swap logs will have names such as: + these swap logs will have names such as: cache_swap_log.00 cache_swap_log.01 @@ -896,9 +896,9 @@ The numbered extension (which is added automatically) corresponds to the order of the 'cache_dir' lines in this configuration file. If you change the order of the 'cache_dir' - lines in this file, then these log files will NOT correspond to + lines in this file, these log files will NOT correspond to the correct 'cache_dir' entry (unless you manually rename - them). We recommend that you do NOT use this option. It is + them). We recommend you do NOT use this option. It is better to keep these log files in each 'cache_dir' directory. DOC_END @@ -913,7 +913,7 @@ programs use. To disable/enable this emulation, set emulate_httpd_log to 'off' or 'on'. The default is to use the native log format since it includes useful - information that Squid-specific log analyzers use. + information Squid-specific log analyzers use. DOC_END NAME: log_ip_on_direct @@ -1038,10 +1038,10 @@ (and enable the use of picky ftp servers), set this to something reasonable for your domain, like wwwuser@somewhere.net - The reason why this is domainless by default is that the + The reason why this is domainless by default is the request can be made on the behalf of a user in any domain, depending on how the cache is used. - Some ftp server also validate that the email address is valid + Some ftp server also validate the email address is valid (for example perl.com). DOC_END @@ -1061,7 +1061,7 @@ LOC: Config.Ftp.passive DOC_START If your firewall does not allow Squid to use passive - connections, then turn off this option. + connections, turn off this option. DOC_END NAME: ftp_sanitycheck @@ -1073,7 +1073,7 @@ sanity checks of the addresses of FTP data connections ensure the data connection is to the requested server. If you need to allow FTP connections to servers using another IP address for the data - connection then turn this off. + connection turn this off. DOC_END NAME: ftp_telnet_protocol @@ -1087,8 +1087,8 @@ the FTP protocol. If you have trouble accessing files with ASCII code 255 in the - path or similar problems involving this ASCII code then you can - try setting this directive to off. If that helps report to the + path or similar problems involving this ASCII code you can + try setting this directive to off. If that helps, report to the operator of the FTP server in question that their FTP server is broken and does not follow the FTP standard. DOC_END @@ -1134,8 +1134,8 @@ IFDEF: !USE_DNSSERVERS DOC_START DNS Query timeout. If no response is received to a DNS query - within this time then all DNS servers for the queried domain - is assumed to be unavailable. + within this time all DNS servers for the queried domain + are assumed to be unavailable. DOC_END NAME: dns_defnames @@ -1176,10 +1176,10 @@ DOC_START Location of the host-local IP name-address associations database. Most Operating Systems have such a file: under - Un*X it's by default in /etc/hosts MS-Windows NT/2000 places - that in %SystemRoot%(by default + Un*X it's by default in /etc/hosts. MS-Windows NT/2000 places + it in %SystemRoot%(by default c:\winnt)\system32\drivers\etc\hosts, while Windows 9x/ME - places that in %windir%(usually c:\windows)\hosts + places it in %windir%(usually c:\windows)\hosts The file contains newline-separated definitions, in the form ip_address_in_dotted_form name [name ...] names are @@ -1250,7 +1250,7 @@ LOC: Config.onoff.redir_rewrites_host DOC_START By default Squid rewrites any Host: header in redirected - requests. If you are running an accelerator then this may + requests. If you are running an accelerator this may not be a wanted effect of a redirector. DOC_END @@ -1273,14 +1273,14 @@ schemes supported by Squid. format: auth_param scheme parameter [setting] - - The order that authentication schemes are presented to the client is + + The order in which authentication schemes are presented to the client is dependant on the order the scheme first appears in config file. IE has a bug (it's not rfc 2617 compliant) in that it will use the basic scheme if basic is the first entry presented, even if more secure schemes are presented. For now use the order in the recommended settings section below. If other browsers have difficulties (don't - recognise the schemes offered even if you are using basic) then either + recognise the schemes offered even if you are using basic) either put basic first, or disable the other schemes (by commenting out their program entry). @@ -1300,7 +1300,7 @@ type acl. === Parameters for the basic scheme follow. === - + "program" cmdline Specify the command for the external authenticator. Such a program reads a line containing "username password" and replies "OK" or @@ -1317,7 +1317,7 @@ Then, set this line to something like auth_param basic program @DEFAULT_PREFIX@/libexec/ncsa_auth @DEFAULT_PREFIX@/etc/passwd - + "children" numberofchildren The number of authenticator processes to spawn. If you start too few Squid will have to wait for them to process a @@ -1343,6 +1343,13 @@ also use the max_user_ip ACL in an http_access rule. auth_param basic credentialsttl 2 hours + "casesensitive" on|off + Specifies if usernames are case sensitive. Most user databases are + case insensitive allowing the same username to be spelled using both + lower and upper case letters, but some are case sensitive. This + makes a big difference for user_max_ip ACL processing and similar. + auth_param basic casesensitive off + === Parameters for the digest scheme follow === "program" cmdline @@ -1443,7 +1450,7 @@ auth_param ntlm max_challenge_reuses 0 "max_challenge_lifetime" timespan - The maximum time period that a ntlm challenge is reused over. The + The maximum time period a ntlm challenge is reused over. The actual period will be the minimum of this time AND the number of reused challenges. auth_param ntlm max_challenge_lifetime 2 minutes @@ -1484,6 +1491,7 @@ auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours +auth_param basic casesensitive off NOCOMMENT_END DOC_END @@ -1528,9 +1536,9 @@ DOC_START This option defines external acl classes using a helper program to look up the status - + external_acl_type name [options] FORMAT.. /path/to/helper [helper arguments..] - + Options: ttl=n TTL in seconds for cached results (defaults to 3600 @@ -1542,7 +1550,8 @@ to service external acl lookups of this type. Note: see compatibility note below cache=n result cache size, 0 is unbounded (default) - + protocol=3.0 Use URL-escaped strings instead of quoting + FORMAT specifications %LOGIN Authenticated user login name @@ -1569,7 +1578,7 @@ more details. General result syntax: - + OK/ERR keyword=value ... Defined keywords: @@ -1581,13 +1590,16 @@ whitespace, or the whitespace escaped using \. Any quotes or \ characters within the keyword value must be \ escaped. + If protocol=3.0 then URL escaping of the strings is used instead + of the above described quoting format. + Compatibility Note: The children= option was named concurrency= in Squid-2.5.STABLE3 and earlier and such syntax is still accepted to keep compatibility within the Squid-2.5 release. However, the meaning of concurrency= option has changed in Squid-3 and the old syntax of the directive is therefore depreated from Squid-2.5.STABLE4 and later. If you want to be able to easily downgrade to earlier Squid-2.5 - releases then you may want to continue using the old name, if not + releases you may want to continue using the old name, if not please use the new name. DOC_END @@ -1614,7 +1626,7 @@ NAME: request_header_max_size COMMENT: (KB) TYPE: b_size_t -DEFAULT: 10 KB +DEFAULT: 20 KB LOC: Config.maxRequestHeaderSize DOC_START This specifies the maximum size for HTTP headers in a request. @@ -1672,7 +1684,7 @@ for problems which it causes. override-lastmod enforces min age even on objects - that was modified recently. + that were modified recently. reload-into-ims changes client no-cache or ``reload'' to If-Modified-Since requests. Doing this VIOLATES the @@ -1683,7 +1695,7 @@ header. Doing this VIOLATES the HTTP standard. Enabling this feature could make you liable for problems which it causes. - + Basically a cached object is: FRESH if expires < now, else STALE @@ -1694,7 +1706,7 @@ The refresh_pattern lines are checked in the order listed here. The first entry which matches is used. If none of the entries - match, then the default will be used. + match the default will be used. Note, you must uncomment all the default lines if you want to change one. The default setting is only active if none is @@ -1753,7 +1765,7 @@ to '0 KB'. If you want retrievals to always continue if they are being - cached then set 'quick_abort_min' to '-1 KB'. + cached set 'quick_abort_min' to '-1 KB'. DOC_END @@ -1803,7 +1815,7 @@ DOC_START Sets a upper limit on how far into the the file a Range request may be to cause Squid to prefetch the whole file. If beyond this - limit then Squid forwards the Range request as it is and the result + limit Squid forwards the Range request as it is and the result is NOT cached. This is to stop a far ahead range request (lets say start at 17MB) @@ -1811,7 +1823,7 @@ sending anything to the client. A value of -1 causes Squid to always fetch the object from the - beginning so that it may cache the result. (2.0 style) + beginning so it may cache the result. (2.0 style) A value of 0 causes Squid to never fetch more than the client requested. (default) @@ -1896,7 +1908,7 @@ LOC: Config.Timeout.lifetime DEFAULT: 1 day DOC_START - The maximum amount of time that a client (browser) is allowed to + The maximum amount of time a client (browser) is allowed to remain connected to the cache process. This protects the Cache from having a lot of sockets (and hence file descriptors) tied up in a CLOSE_WAIT state from remote clients that go away without @@ -1943,9 +1955,9 @@ DEFAULT: 10 seconds DOC_START Maximum time to wait for IDENT lookups to complete. - + If this is too high, and you enabled IDENT lookups from untrusted - users, then you might be susceptible to denial-of-service by having + users, you might be susceptible to denial-of-service by having many ident requests going at once. DOC_END @@ -2017,7 +2029,7 @@ acl aclname proto HTTP FTP ... acl aclname method GET POST ... acl aclname browser [-i] regexp ... - # pattern match on User-Agent header + # pattern match on User-Agent header (see also req_header below) acl aclname referer_regex [-i] regexp ... # pattern match on Referer header # Referer is highly unreliable, so use with care @@ -2066,22 +2078,27 @@ # This will be matched when the user attempts to log in from more # than different ip addresses. The authenticate_ip_ttl # parameter controls the timeout on the ip entries. - # If -s is specified then the limit is strict, denying browsing + # If -s is specified the limit is strict, denying browsing # from any further IP addresses until the ttl has expired. Without # -s Squid will just annoy the user by "randomly" denying requests. - # (the counter is then reset each time the limit is reached and a + # (the counter is reset each time the limit is reached and a # request is denied) # NOTE: in acceleration mode or where there is mesh of child proxies, # clients may appear to come from multiple addresses if they are # going through proxy farms, so a limit of 1 may cause user problems. acl aclname req_mime_type mime-type1 ... - # regex match agains the mime type of the request generated + # regex match against the mime type of the request generated # by the client. Can be used to detect file upload or some # types HTTP tunelling requests. # NOTE: This does NOT match the reply. You cannot use this # to match the returned file type. + acl aclname req_header header-name [-i] any\.regex\.here + # regex match against any of the known request headers. May be + # thought of as a superset of "browser", "referer" and "mime-type" + # acls. + acl aclname rep_mime_type mime-type1 ... # regex match against the mime type of the reply recieved by # squid. Can be used to detect file download or some @@ -2090,6 +2107,12 @@ # effect in rules that affect the reply data stream such as # http_reply_access. + acl aclname rep_header header-name [-i] any\.regex\.here + # regex match against any of the known response headers. + # Example: + # + # acl many_spaces rep_header Content-Disposition -i [[:space:]]{3,} + acl acl_name external class_name [arguments...] # external ACL lookup via a helper class defined by the # external_acl_type directive. @@ -2139,7 +2162,7 @@ If none of the "access" lines cause a match, the default is the opposite of the last line in the list. If the last line was - deny, then the default is allow. Conversely, if the last line + deny, the default is allow. Conversely, if the last line is allow, the default will be deny. For these reasons, it is a good idea to have an "deny all" or "allow all" entry at the end of your access lists to avoid potential confusion. @@ -2155,8 +2178,8 @@ # Deny CONNECT to other than SSL ports http_access deny CONNECT !SSL_ports # -# We strongly recommend to uncomment the following to protect innocent -# web applications running on the proxy server who think that the only +# We strongly recommend the following be uncommented to protect innocent +# web applications running on the proxy server who think the only # one who can access services on "localhost" is a local user #http_access deny to_localhost # @@ -2186,7 +2209,7 @@ NOTE: if there are no access lines present, the default is to allow all replies - If none of the access lines cause a match, then the opposite of the + If none of the access lines cause a match the opposite of the last line will apply. Thus it is good practice to end the rules with an "allow all" or "deny all" entry. @@ -2234,7 +2257,7 @@ miss_access allow localclients miss_access deny !localclients - This means that only your local clients are allowed to fetch + This means only your local clients are allowed to fetch MISSES and all other clients can only fetch HITS. By default, allow all clients who passed the http_access rules @@ -2325,11 +2348,11 @@ Allows you to map requests to different outgoing IP addresses based on the username or sourceaddress of the user making the request. - + tcp_outgoing_address ipaddr [[!]aclname] ... Example where requests from 10.0.0.0/24 will be forwareded - with source address 10.1.0.1, 10.0.2.0/24 forwarded with + with source address 10.1.0.1, 10.0.2.0/24 forwarded with source address 10.1.0.2 and the rest will be forwarded with source address 10.1.0.3. @@ -2343,6 +2366,19 @@ matching line. DOC_END +NAME: reply_header_max_size +COMMENT: (KB) +TYPE: b_size_t +DEFAULT: 20 KB +LOC: Config.maxReplyHeaderSize +DOC_START + This specifies the maximum size for HTTP headers in a reply. + Reply headers are usually relatively small (about 512 bytes). + Placing a limit on the reply header size will catch certain + bugs (for example with persistent connections) and possibly + buffer-overflow or denial-of-service attacks. +DOC_END + NAME: reply_body_max_size COMMENT: bytes allow|deny acl acl... TYPE: body_size_t @@ -2355,7 +2391,7 @@ such as MP3's and movies. When the reply headers are recieved, the reply_body_max_size lines are processed, and the first line with a result of "allow" is used as the maximum body size for this reply. - This size is then checked twice. First when we get the reply headers, + This size is checked twice. First when we get the reply headers, we check the content-length value. If the content length value exists and is larger than the allowed size, the request is denied and the user receives an error message that says "the request or reply @@ -2391,27 +2427,29 @@ TYPE: string DEFAULT: nobody LOC: Config.effectiveUser -DOC_NONE +DOC_START + If you start Squid as root, it will change its effective/real + UID/GID to the user specified below. The default is to change + to UID to nobody. If you define cache_effective_user, but not + cache_effective_group, Squid sets the GID to the effective + user's default group ID (taken from the password file) and + supplementary group list from the from groups membership of + cache_effective_user. +DOC_END + NAME: cache_effective_group TYPE: string DEFAULT: none LOC: Config.effectiveGroup DOC_START - - If you start Squid as root, it will change its effective/real - UID/GID to the UID/GID specified below. The default is to - change to UID to nobody. If you define cache_effective_user, - but not cache_effective_group, Squid sets the GID the - effective user's default group ID (taken from the password - file). - - If Squid is not started as root, the cache_effective_user - value is ignored and the GID value is unchanged by default. - However, you can make Squid change its GID to another group - that the process owner is a member of. Note that if Squid - is not started as root then you cannot set http_port to a - value lower than 1024. + If you want Squid to run with a specific GID regardless of + the group memberships of the effective user then set this + to the group (or GID) you want Squid to run as. When set + all other group privileges of the effective user is ignored + and only this GID is effective. If Squid is not started as + root the user starting Squid must be member of the specified + group. DOC_END @@ -2421,7 +2459,7 @@ DEFAULT: none DOC_START If you want to present a special hostname in error messages, etc, - then define this. Otherwise, the return value of gethostname() + define this. Otherwise, the return value of gethostname() will be used. If you have multiple caches in a cluster and get errors about IP-forwarding you must set them to have individual names with this setting. @@ -2434,8 +2472,8 @@ DEFAULT: none DOC_START If you want to have multiple machines with the same - 'visible_hostname' then you must give each machine a different - 'unique_hostname' so that forwarding loops can be detected. + 'visible_hostname' you must give each machine a different + 'unique_hostname' so forwarding loops can be detected. DOC_END @@ -2444,7 +2482,7 @@ LOC: Config.hostnameAliases DEFAULT: none DOC_START - A list of other DNS names that your cache has. + A list of other DNS names your cache has. DOC_END COMMENT_START @@ -2535,14 +2573,14 @@ If you want to run Squid as an httpd accelerator, define the host name and port number where the real HTTP server is. - If you want IP based virtual host support then specify the + If you want IP based virtual host support specify the hostname as "virtual". This will make Squid use the IP address where it accepted the request as hostname in the URL. - If you want virtual port support then specify the port as "0". + If you want virtual port support specify the port as "0". NOTE: enabling httpd_accel_host disables proxy-caching and - ICP. If you want these features enabled also, then set + ICP. If you want these features enabled also, set the 'httpd_accel_with_proxy' option. DOC_END @@ -2553,7 +2591,7 @@ DEFAULT: off DOC_START If you are running Squid as an accelerator and have a single backend - server then set this to on. This causes Squid to forward the request + server set this to on. This causes Squid to forward the request to this server, regardles of what any redirectors or Host headers say. @@ -2574,7 +2612,7 @@ LOC: Config.onoff.accel_with_proxy DOC_START If you want to use Squid as both a local httpd accelerator - and as a proxy, change this to 'on'. Note however that your + and as a proxy, change this to 'on'. Note however your proxy users may have trouble to reach the accelerated domains unless their browsers are configured not to use this proxy for those domains (for example via the no_proxy browser configuration @@ -2590,13 +2628,13 @@ HTTP/1.1 requests include a Host: header which is basically the hostname from the URL. The Host: header is used for domain based virutal hosts. If your accelerator needs to provide domain based - virtual hosts on the same IP address then you will need to turn this + virtual hosts on the same IP address you will need to turn this on. - Note that Squid does NOT check the value of the Host header matches + Note Squid does NOT check the value of the Host header matches any of your accelerated server, so it may open a big security hole unless you take care to set up access controls proper. We recommend - that this option remain disabled unless you are sure of what you + this option remain disabled unless you are sure of what you are doing. However, you will need to enable this option if you run Squid @@ -2650,7 +2688,7 @@ Appends local domain name to hostnames without any dots in them. append_domain must begin with a period. - Be warned that there today is Internet names with no dots in + Be warned there are now Internet names with no dots in them using only top-domain names, so setting this may cause some Internet sites to become unavailable. @@ -2698,12 +2736,12 @@ This can be used to return a ERR_ page for requests which do not pass the 'http_access' rules. A single ACL will cause the http_access check to fail. If a 'deny_info' line exists - for that ACL then Squid returns a corresponding error page. + for that ACL Squid returns a corresponding error page. You may use ERR_ pages that come with Squid or create your own pages and put them into the configured errors/ directory. - Alternatively you can specify an error URL. The browsers will then + Alternatively you can specify an error URL. The browsers will get redirected (302) to the specified URL. %s in the redirection URL will be replaced by the requested URL. @@ -2726,7 +2764,7 @@ NAME: memory_pools_limit COMMENT: (bytes) TYPE: b_size_t -DEFAULT: none +DEFAULT: 5 MB LOC: Config.MemPools.limit DOC_START Used only with memory_pools on: @@ -2790,9 +2828,9 @@ If you want to return ICP_HIT for stale cache objects, set this option to 'on'. If you have sibling relationships with caches in other administrative domains, this should be 'off'. If you only - have sibling relationships with caches under your control, then + have sibling relationships with caches under your control, it is probably okay to set this to 'on'. - If set to 'on', then your siblings should use the option "allow-miss" + If set to 'on', your siblings should use the option "allow-miss" on their cache_peer lines for connecting to you. DOC_END @@ -2905,7 +2943,7 @@ DEFAULT: on LOC: Config.onoff.client_db DOC_START - If you want to disable collecting per-client statistics, then + If you want to disable collecting per-client statistics, turn off client_db here. DOC_END @@ -2949,8 +2987,8 @@ replies, enable this option. If your peer has configured Squid (during compilation) with - '--enable-icmp' then that peer will send ICMP pings to origin server - sites of the URLs it receives. If you enable this option then the + '--enable-icmp' that peer will send ICMP pings to origin server + sites of the URLs it receives. If you enable this option the ICP replies from that peer will include the ICMP data (if available). Then, when choosing a parent cache, Squid will choose the parent with the minimal RTT to the origin server. When this happens, the @@ -2994,7 +3032,7 @@ Doing this VIOLATES the HTTP standard. Enabling this feature could make you liable for problems which it causes. - + see also refresh_pattern for a more selective approach. DOC_END @@ -3052,16 +3090,16 @@ acl all src 0.0.0.0/0.0.0.0 never_direct deny local-servers never_direct allow all - - or if squid is inside a firewall and there is local intranet - servers inside the firewall then use something like: + + or if Squid is inside a firewall and there are local intranet + servers inside the firewall use something like: acl local-intranet dstdomain .foo.net acl local-external dstdomain external.foo.net always_direct deny local-external always_direct allow local-intranet never_direct allow all - + This option replaces some v1.1 options such as inside_firewall and firewall_ip. DOC_END @@ -3162,9 +3200,9 @@ LOC: Config.icons.use_short_names DEFAULT: off DOC_START - If this is enabled then Squid will use short URLs for icons. + If this is enabled Squid will use short URLs for icons. - If off then the URLs for icons will always be absolute URLs + If off the URLs for icons will always be absolute URLs including the proxy name and port. DOC_END @@ -3249,7 +3287,7 @@ available network interfaces. If snmp_outgoing_address is set to 255.255.255.255 (the default) - then it will use the same socket as snmp_incoming_address. Only + it will use the same socket as snmp_incoming_address. Only change this if you want to have SNMP replies sent using another address than where this Squid listens for SNMP queries. @@ -3632,14 +3670,14 @@ (matching hierarchy_stoplist or not cachable request type) direct to origin servers. - If you set this to off, then Squid will prefer to send these + If you set this to off, Squid will prefer to send these requests to parents. Note that in most configurations, by turning this off you will only add latency to these request without any improvement in global hit ratio. - If you are inside an firewall then see never_direct instead of + If you are inside an firewall see never_direct instead of this directive. DOC_END @@ -3648,15 +3686,15 @@ LOC: Config.onoff.prefer_direct DEFAULT: off DOC_START - Normally Squid tries to use parents for most requests. If you by some + Normally Squid tries to use parents for most requests. If you for some reason like it to first try going direct and only use a parent if - going direct fails then set this to on. + going direct fails set this to on. By combining nonhierarchical_direct off and prefer_direct on you can set up Squid to use a parent as a backup path if going direct fails. - Note: If you want Squid to use parents for all requests then see + Note: If you want Squid to use parents for all requests see the never_direct directive. prefer_direct only modifies how Squid acts on cachable requests. DOC_END @@ -3699,7 +3737,7 @@ redirectors. You should only enable this if the redirectors are not critical to your caching system. If you use redirectors for access control, and you enable this option, - then users may have access to pages that they should not + users may have access to pages they should not be allowed to request. DOC_END @@ -3709,7 +3747,7 @@ DEFAULT: on DOC_START By default Squid checks that DNS responses are received - from the same IP addresses that they are sent to. If they + from the same IP addresses they are sent to. If they don't match, Squid ignores the response and writes a warning message to cache.log. You can allow responses from unknown nameservers by setting this option to 'off'. @@ -3825,6 +3863,19 @@ after 10 seconds timeout. DOC_END +NAME: balance_on_multiple_ip +TYPE: onoff +LOC: Config.onoff.balance_on_multiple_ip +DEFAULT: on +DOC_START + Some load balancing servers based on round robin DNS have been + found not to preserve user session state across requests + to different IP addresses. + + By default Squid rotates IP's per request. By disabling + this directive only connection failure trigers rotation. +DOC_END + NAME: pipeline_prefetch TYPE: onoff LOC: Config.onoff.pipeline_prefetch @@ -3961,7 +4012,7 @@ system call. This sleep may help the situation where your system reports fork() failures due to lack of (virtual) memory. Note, however, that if you have a lot of child - processes, then these sleep delays will add up and your + processes, these sleep delays will add up and your Squid will not service requests for some amount of time until all the child processes have been started. DOC_END diff -ruN squid-2.5.STABLE6/src/client_db.c squid-2.5.STABLE7/src/client_db.c --- squid-2.5.STABLE6/src/client_db.c Fri Feb 23 13:59:50 2001 +++ squid-2.5.STABLE7/src/client_db.c Mon Oct 11 14:25:52 2004 @@ -1,6 +1,6 @@ /* - * $Id: client_db.c,v 1.53 2001/02/23 20:59:50 hno Exp $ + * $Id: client_db.c,v 1.53.2.4 2004/10/11 20:25:52 hno Exp $ * * DEBUG: section 0 Client Database * AUTHOR: Duane Wessels @@ -38,6 +38,15 @@ static hash_table *client_table = NULL; static ClientInfo *clientdbAdd(struct in_addr addr); static FREE clientdbFreeItem; +static void clientdbStartGC(void); +static void clientdbScheduledGC(void *); + +static int max_clients = 32; +static int cleanup_running = 0; +static int cleanup_scheduled = 0; +static int cleanup_removed; + +#define CLIENT_DB_HASH_SIZE 467 static ClientInfo * clientdbAdd(struct in_addr addr) @@ -48,6 +57,10 @@ c->addr = addr; hash_join(client_table, &c->hash); statCounter.client_http.clients++; + if ((statCounter.client_http.clients > max_clients) && !cleanup_running && cleanup_scheduled < 2) { + cleanup_scheduled++; + eventAdd("client_db garbage collector", clientdbScheduledGC, NULL, 90, 0); + } return c; } @@ -56,7 +69,7 @@ { if (client_table) return; - client_table = hash_create((HASHCMP *) strcmp, 467, hash_string); + client_table = hash_create((HASHCMP *) strcmp, CLIENT_DB_HASH_SIZE, hash_string); cachemgrRegister("client_list", "Cache Client List", clientdbDump, @@ -89,6 +102,7 @@ if (LOG_UDP_HIT == ltype) kb_incr(&c->Icp.hit_kbytes_out, size); } + c->last_seen = squid_curtime; } /* @@ -224,6 +238,64 @@ hashFreeItems(client_table, clientdbFreeItem); hashFreeMemory(client_table); client_table = NULL; +} + +static void +clientdbScheduledGC(void *unused) +{ + cleanup_scheduled = 0; + clientdbStartGC(); +} + +static void +clientdbGC(void *unused) +{ + static int bucket = 0; + hash_link *link_next; + + link_next = hash_get_bucket(client_table, bucket++); + while (link_next != NULL) { + ClientInfo *c = (ClientInfo *) link_next; + int age = squid_curtime - c->last_seen; + link_next = link_next->next; + if (c->n_established) + continue; + + if (age < 24 * 3600 && c->Http.n_requests > 100) + continue; + if (age < 4 * 3600 && (c->Http.n_requests > 10 || c->Icp.n_requests > 10)) + continue; + if (age < 5 * 60 && (c->Http.n_requests > 1 || c->Icp.n_requests > 1)) + continue; + if (age < 60) + continue; + hash_remove_link(client_table, &c->hash); + clientdbFreeItem(c); + statCounter.client_http.clients--; + cleanup_removed++; + } + + if (bucket < CLIENT_DB_HASH_SIZE) + eventAdd("client_db garbage collector", clientdbGC, NULL, 0.15, 0); + else { + bucket = 0; + cleanup_running = 0; + max_clients = statCounter.client_http.clients * 3 / 2; + if (!cleanup_scheduled) { + cleanup_scheduled = 1; + eventAdd("client_db garbage collector", clientdbScheduledGC, NULL, 3 * 3600, 0); + } + debug(49, 2) ("clientdbGC: Removed %d entries\n", cleanup_removed); + } +} + +static void +clientdbStartGC(void) +{ + max_clients = statCounter.client_http.clients; + cleanup_running = 1; + cleanup_removed = 0; + clientdbGC(NULL); } #if SQUID_SNMP diff -ruN squid-2.5.STABLE6/src/client_side.c squid-2.5.STABLE7/src/client_side.c --- squid-2.5.STABLE6/src/client_side.c Mon May 31 16:57:09 2004 +++ squid-2.5.STABLE7/src/client_side.c Tue Oct 5 16:34:42 2004 @@ -1,6 +1,6 @@ /* - * $Id: client_side.c,v 1.561.2.55 2004/05/31 22:57:09 hno Exp $ + * $Id: client_side.c,v 1.561.2.60 2004/10/05 22:34:42 hno Exp $ * * DEBUG: section 33 Client-side Routines * AUTHOR: Duane Wessels @@ -129,6 +129,8 @@ static int clientRequestBodyTooLarge(int clen); static void clientProcessBody(ConnStateData * conn); static void clientEatRequestBody(clientHttpRequest *); +static BODY_HANDLER clientReadBody; +static void clientAbortBody(request_t * req); static int checkAccelOnly(clientHttpRequest * http) @@ -360,9 +362,11 @@ new_request->auth_user_request = old_request->auth_user_request; authenticateAuthUserRequestLock(new_request->auth_user_request); } - if (old_request->body_connection) { - new_request->body_connection = old_request->body_connection; - old_request->body_connection = NULL; + if (old_request->body_reader) { + new_request->body_reader = old_request->body_reader; + new_request->body_reader_data = old_request->body_reader_data; + old_request->body_reader = NULL; + old_request->body_reader_data = NULL; } new_request->content_length = old_request->content_length; new_request->flags.proxy_keepalive = old_request->flags.proxy_keepalive; @@ -813,10 +817,7 @@ MemObject *mem = NULL; debug(33, 3) ("httpRequestFree: %s\n", storeUrl(http->entry)); if (!clientCheckTransferDone(http)) { - if (request && request->body_connection) { - clientAbortBody(request); /* abort request body transter */ - request->body_connection = NULL; - } + requestAbortBody(request); /* abort request body transter */ /* HN: This looks a bit odd.. why should client_side care about * the ICP selection status? */ @@ -1584,15 +1585,6 @@ if (checkNegativeHit(e)) { http->log_type = LOG_TCP_NEGATIVE_HIT; clientSendMoreData(data, buf, size); - } else if (r->method == METHOD_HEAD) { - /* - * RFC 2068 seems to indicate there is no "conditional HEAD" - * request. We cannot validate a cached object for a HEAD - * request, nor can we return 304. - */ - if (e->mem_status == IN_MEMORY) - http->log_type = LOG_TCP_MEM_HIT; - clientSendMoreData(data, buf, size); } else if (!Config.onoff.offline && refreshCheckHTTP(e, r) && !http->flags.internal) { debug(33, 5) ("clientCacheHit: in refreshCheck() block\n"); /* @@ -1673,7 +1665,9 @@ /* * plain ol' cache hit */ - if (e->mem_status == IN_MEMORY) + if (e->store_status != STORE_OK) + http->log_type = LOG_TCP_MISS; + else if (e->mem_status == IN_MEMORY) http->log_type = LOG_TCP_MEM_HIT; else if (Config.onoff.offline) http->log_type = LOG_TCP_OFFLINE_HIT; @@ -2227,7 +2221,7 @@ } else if (clientGotNotEnough(http)) { debug(33, 5) ("clientWriteComplete: client didn't get all it expected\n"); comm_close(fd); - } else if (http->request->body_connection) { + } else if (http->request->body_reader == clientReadBody) { debug(33, 5) ("clientWriteComplete: closing, but first we need to read the rest of the request\n"); /* XXX We assumes the reply does fit in the TCP transmit window. * If not the connection may stall while sending the reply @@ -2332,13 +2326,23 @@ e = http->entry = storeGetPublicByRequest(r); else e = http->entry = NULL; - /* Release negatively cached IP-cache entries on reload */ - if (r->flags.nocache) + /* Release IP-cache entries on reload */ + if (r->flags.nocache) { +#if USE_DNSSERVERS ipcacheInvalidate(r->host); +#else + ipcacheInvalidateNegative(r->host); +#endif /* USE_DNSSERVERS */ + } #if HTTP_VIOLATIONS - else if (r->flags.nocache_hack) + else if (r->flags.nocache_hack) { +#if USE_DNSSERVERS ipcacheInvalidate(r->host); -#endif +#else + ipcacheInvalidateNegative(r->host); +#endif /* USE_DNSSERVERS */ + } +#endif /* HTTP_VIOLATIONS */ #if USE_CACHE_DIGESTS http->lookup_type = e ? "HIT" : "MISS"; #endif @@ -2594,6 +2598,12 @@ xmemcpy(inbuf, conn->in.buf, req_sz); *(inbuf + req_sz) = '\0'; + /* Enforce max_request_size */ + if (req_sz >= Config.maxRequestHeaderSize) { + debug(33, 5) ("parseHttpRequest: Too large request\n"); + xfree(inbuf); + return parseHttpRequestAbort(conn, "error:request-too-large"); + } /* Barf on NULL characters in the headers */ if (strlen(inbuf) != req_sz) { debug(33, 1) ("parseHttpRequest: Requestheader contains NULL characters\n"); @@ -3103,7 +3113,9 @@ /* Do we expect a request-body? */ if (request->content_length > 0) { conn->body.size_left = request->content_length; - request->body_connection = conn; + request->body_reader = clientReadBody; + request->body_reader_data = conn; + cbdataLock(conn); /* Is it too large? */ if (clientRequestBodyTooLarge(request->content_length)) { err = errorCon(ERR_TOO_BIG, HTTP_REQUEST_ENTITY_TOO_LARGE); @@ -3159,15 +3171,20 @@ } /* file_read like function, for reading body content */ -void +static void clientReadBody(request_t * request, char *buf, size_t size, CBCB * callback, void *cbdata) { - ConnStateData *conn = request->body_connection; + ConnStateData *conn = request->body_reader_data; + if (!callback) { + clientAbortBody(request); + return; + } if (!conn) { debug(33, 5) ("clientReadBody: no body to read, request=%p\n", request); callback(buf, 0, cbdata); /* Signal end of body */ return; } + assert(cbdataValid(conn)); debug(33, 2) ("clientReadBody: start fd=%d body_size=%lu in.offset=%ld cb=%p req=%p\n", conn->fd, (unsigned long int) conn->body.size_left, (long int) conn->in.offset, callback, request); conn->body.callback = callback; conn->body.cbdata = cbdata; @@ -3209,7 +3226,7 @@ ConnStateData *conn = http->conn; cbdataLock(conn); if (conn->body.request) - clientAbortBody(conn->body.request); + requestAbortBody(conn->body.request); if (cbdataValid(conn)) clientEatRequestBodyHandler(NULL, -1, http); cbdataUnlock(conn); @@ -3252,8 +3269,12 @@ xmemmove(conn->in.buf, conn->in.buf + size, conn->in.offset); /* Remove request link if this is the last part of the body, as * clientReadRequest automatically continues to process next request */ - if (conn->body.size_left <= 0 && request != NULL) - request->body_connection = NULL; + if (conn->body.size_left <= 0 && request != NULL) { + request->body_reader = NULL; + if (request->body_reader_data) + cbdataUnlock(request->body_reader_data); + request->body_reader_data = NULL; + } /* Remove clientReadBody arguments (the call is completed) */ conn->body.request = NULL; conn->body.callback = NULL; @@ -3274,14 +3295,16 @@ } /* Abort a body request */ -void +static void clientAbortBody(request_t * request) { - ConnStateData *conn = request->body_connection; + ConnStateData *conn = request->body_reader_data; char *buf; CBCB *callback; void *cbdata; int valid; + if (!cbdataValid(conn)) + return; if (!conn->body.callback || conn->body.request != request) return; buf = conn->body.buf; diff -ruN squid-2.5.STABLE6/src/comm.c squid-2.5.STABLE7/src/comm.c --- squid-2.5.STABLE6/src/comm.c Sat Nov 29 11:52:59 2003 +++ squid-2.5.STABLE7/src/comm.c Mon Sep 27 12:17:39 2004 @@ -1,6 +1,6 @@ /* - * $Id: comm.c,v 1.324.2.3 2003/11/29 18:52:59 hno Exp $ + * $Id: comm.c,v 1.324.2.4 2004/09/27 18:17:39 hno Exp $ * * DEBUG: section 5 Socket Functions * AUTHOR: Harvest Derived @@ -290,7 +290,8 @@ } assert(ia->cur < ia->count); cs->in_addr = ia->in_addrs[ia->cur]; - ipcacheCycleAddr(cs->host, NULL); + if (Config.onoff.balance_on_multiple_ip) + ipcacheCycleAddr(cs->host, NULL); cs->addrcount = ia->count; cs->connstart = squid_curtime; commConnectHandle(cs->fd, cs); diff -ruN squid-2.5.STABLE6/src/dns_internal.c squid-2.5.STABLE7/src/dns_internal.c --- squid-2.5.STABLE6/src/dns_internal.c Mon May 31 17:33:52 2004 +++ squid-2.5.STABLE7/src/dns_internal.c Thu Jul 29 07:26:20 2004 @@ -1,6 +1,6 @@ /* - * $Id: dns_internal.c,v 1.45.2.3 2004/05/31 23:33:52 hno Exp $ + * $Id: dns_internal.c,v 1.45.2.5 2004/07/29 13:26:20 hno Exp $ * * DEBUG: section 78 DNS lookups; interacts with lib/rfc1035.c * AUTHOR: Duane Wessels @@ -54,6 +54,8 @@ typedef struct _ns ns; struct _idns_query { + hash_link hash; + char query[RFC1035_MAXHOSTNAMESZ + 1]; char buf[512]; size_t sz; unsigned short id; @@ -66,6 +68,7 @@ int attempt; const char *error; int rcode; + idns_query *queue; }; struct _ns { @@ -80,6 +83,7 @@ static int nns_alloc = 0; static dlink_list lru_list; static int event_queued = 0; +static hash_table *idns_lookup_hash = NULL; static OBJH idnsStats; static void idnsAddNameserver(const char *buf); @@ -440,10 +444,32 @@ } static void +idnsCallback(idns_query * q, rfc1035_rr * answers, int n, const char *error) +{ + int valid; + valid = cbdataValid(q->callback_data); + cbdataUnlock(q->callback_data); + if (valid) + q->callback(q->callback_data, answers, n, error); + while (q->queue) { + idns_query *q2 = q->queue; + q->queue = q2->queue; + valid = cbdataValid(q2->callback_data); + cbdataUnlock(q2->callback_data); + if (valid) + q2->callback(q2->callback_data, answers, n, error); + memFree(q2, MEM_IDNS_QUERY); + } + if (q->hash.key) { + hash_remove_link(idns_lookup_hash, &q->hash); + q->hash.key = NULL; + } +} + +static void idnsGrokReply(const char *buf, size_t sz) { int n; - int valid; rfc1035_rr *answers = NULL; unsigned short rid = 0xFFFF; idns_query *q; @@ -483,10 +509,7 @@ return; } } - valid = cbdataValid(q->callback_data); - cbdataUnlock(q->callback_data); - if (valid) - q->callback(q->callback_data, answers, n, q->error); + idnsCallback(q, answers, n, q->error); rfc1035RRDestroy(answers, n); memFree(q, MEM_IDNS_QUERY); } @@ -585,17 +608,13 @@ if (tvSubDsec(q->start_t, current_time) < Config.Timeout.idns_query) { idnsSendQuery(q); } else { - int v = cbdataValid(q->callback_data); debug(78, 2) ("idnsCheckQueue: ID %x: giving up after %d tries and %5.1f seconds\n", (int) q->id, q->nsends, tvSubDsec(q->start_t, current_time)); - cbdataUnlock(q->callback_data); - if (v) { - if (q->rcode != 0) - q->callback(q->callback_data, NULL, -q->rcode, q->error); - else - q->callback(q->callback_data, NULL, -16, "Timeout"); - } + if (q->rcode != 0) + idnsCallback(q, NULL, -q->rcode, q->error); + else + idnsCallback(q, NULL, -16, "Timeout"); memFree(q, MEM_IDNS_QUERY); } } @@ -672,6 +691,7 @@ "Internal DNS Statistics", idnsStats, 0, 1); memset(RcodeMatrix, '\0', sizeof(RcodeMatrix)); + idns_lookup_hash = hash_create((HASHCMP *) strcmp, 103, hash_string); init++; } } @@ -686,10 +706,37 @@ idnsFreeNameservers(); } +static int +idnsCachedLookup(const char *key, IDNSCB * callback, void *data) +{ + idns_query *q; + idns_query *old = hash_lookup(idns_lookup_hash, key); + if (!old) + return 0; + q = memAllocate(MEM_IDNS_QUERY); + q->callback = callback; + q->callback_data = data; + cbdataLock(q->callback_data); + q->queue = old->queue; + old->queue = q; + return 1; +} + +static void +idnsCacheQuery(idns_query * q, const char *key) +{ + xstrncpy(q->query, key, sizeof(q->query)); + q->hash.key = q->query; + hash_join(idns_lookup_hash, &q->hash); +} + void idnsALookup(const char *name, IDNSCB * callback, void *data) { - idns_query *q = memAllocate(MEM_IDNS_QUERY); + idns_query *q; + if (idnsCachedLookup(name, callback, data)) + return; + q = memAllocate(MEM_IDNS_QUERY); q->sz = sizeof(q->buf); q->id = rfc1035BuildAQuery(name, q->buf, &q->sz); if (0 == q->id) { @@ -704,21 +751,27 @@ q->callback_data = data; cbdataLock(q->callback_data); q->start_t = current_time; + idnsCacheQuery(q, name); idnsSendQuery(q); } void idnsPTRLookup(const struct in_addr addr, IDNSCB * callback, void *data) { - idns_query *q = memAllocate(MEM_IDNS_QUERY); + idns_query *q; + const char *ip = inet_ntoa(addr); + if (idnsCachedLookup(ip, callback, data)) + return; + q = memAllocate(MEM_IDNS_QUERY); q->sz = sizeof(q->buf); q->id = rfc1035BuildPTRQuery(addr, q->buf, &q->sz); debug(78, 3) ("idnsPTRLookup: buf is %d bytes for %s, id = %#hx\n", - (int) q->sz, inet_ntoa(addr), q->id); + (int) q->sz, ip, q->id); q->callback = callback; q->callback_data = data; cbdataLock(q->callback_data); q->start_t = current_time; + idnsCacheQuery(q, ip); idnsSendQuery(q); } diff -ruN squid-2.5.STABLE6/src/enums.h squid-2.5.STABLE7/src/enums.h --- squid-2.5.STABLE6/src/enums.h Wed Feb 4 10:42:28 2004 +++ squid-2.5.STABLE7/src/enums.h Tue Oct 5 15:31:26 2004 @@ -1,6 +1,6 @@ /* - * $Id: enums.h,v 1.203.2.10 2004/02/04 17:42:28 hno Exp $ + * $Id: enums.h,v 1.203.2.13 2004/10/05 21:31:26 hno Exp $ * * * SQUID Web Proxy Cache http://www.squid-cache.org/ @@ -134,6 +134,8 @@ ACL_MAXCONN, ACL_REQ_MIME_TYPE, ACL_REP_MIME_TYPE, + ACL_REP_HEADER, + ACL_REQ_HEADER, ACL_MAX_USER_IP, ACL_EXTERNAL, ACL_URLLOGIN, @@ -188,6 +190,7 @@ HDR_CACHE_CONTROL, HDR_CONNECTION, HDR_CONTENT_BASE, + HDR_CONTENT_DISPOSITION, HDR_CONTENT_ENCODING, HDR_CONTENT_LANGUAGE, HDR_CONTENT_LENGTH, @@ -480,7 +483,8 @@ HTTP_GATEWAY_TIMEOUT = 504, HTTP_HTTP_VERSION_NOT_SUPPORTED = 505, HTTP_INSUFFICIENT_STORAGE = 507, /* RFC2518 section 10.6 */ - HTTP_INVALID_HEADER = 600 /* Squid header parsing error */ + HTTP_INVALID_HEADER = 600, /* Squid header parsing error */ + HTTP_HEADER_TOO_LARGE = 601 /* Header too large to process */ } http_status; /* diff -ruN squid-2.5.STABLE6/src/errorpage.c squid-2.5.STABLE7/src/errorpage.c --- squid-2.5.STABLE6/src/errorpage.c Mon Mar 29 02:41:36 2004 +++ squid-2.5.STABLE7/src/errorpage.c Fri Aug 6 05:05:05 2004 @@ -1,6 +1,6 @@ /* - * $Id: errorpage.c,v 1.167.2.10 2004/03/29 09:41:36 hno Exp $ + * $Id: errorpage.c,v 1.167.2.12 2004/08/06 11:05:05 hno Exp $ * * DEBUG: section 4 Error Generation * AUTHOR: Duane Wessels @@ -584,6 +584,7 @@ break; default: memBufPrintf(&mb, "%%%c", token); + do_quote = 0; break; } if (!p) diff -ruN squid-2.5.STABLE6/src/external_acl.c squid-2.5.STABLE7/src/external_acl.c --- squid-2.5.STABLE6/src/external_acl.c Tue Feb 17 21:00:08 2004 +++ squid-2.5.STABLE7/src/external_acl.c Sat Aug 14 15:01:33 2004 @@ -1,6 +1,6 @@ /* - * $Id: external_acl.c,v 1.1.2.30 2004/02/18 04:00:08 hno Exp $ + * $Id: external_acl.c,v 1.1.2.31 2004/08/14 21:01:33 hno Exp $ * * DEBUG: section 82 External ACL * AUTHOR: Henrik Nordstrom, MARA Systems AB @@ -89,6 +89,10 @@ int cache_entries; dlink_list queue; int require_auth; + enum { + QUOTE_METHOD_SHELL = 1, + QUOTE_METHOD_URL + } quote; }; struct _external_acl_format { @@ -169,6 +173,7 @@ if (!token) self_destruct(); a->name = xstrdup(token); + a->quote = QUOTE_METHOD_SHELL; token = strtok(NULL, w_space); /* Parse options */ @@ -183,6 +188,14 @@ a->children = atoi(token + 12); } else if (strncmp(token, "cache=", 6) == 0) { a->cache_size = atoi(token + 6); + } else if (strcmp(token, "protocol=2.5") == 0) { + a->quote = QUOTE_METHOD_SHELL; + } else if (strcmp(token, "protocol=3.0") == 0) { + a->quote = QUOTE_METHOD_URL; + } else if (strcmp(token, "quote=url") == 0) { + a->quote = QUOTE_METHOD_URL; + } else if (strcmp(token, "quote=shell") == 0) { + a->quote = QUOTE_METHOD_SHELL; } else { break; } @@ -558,14 +571,24 @@ str = "-"; if (!first) memBufAppend(&mb, " ", 1); - strwordquote(&mb, str); + if (acl_data->def->quote == QUOTE_METHOD_URL) { + const char *quoted = rfc1738_escape(str); + memBufAppend(&mb, quoted, strlen(quoted)); + } else { + strwordquote(&mb, str); + } stringClean(&sb); first = 0; } for (arg = acl_data->arguments; arg; arg = arg->next) { if (!first) memBufAppend(&mb, " ", 1); - strwordquote(&mb, arg->key); + if (acl_data->def->quote == QUOTE_METHOD_URL) { + const char *quoted = rfc1738_escape(arg->key); + memBufAppend(&mb, quoted, strlen(quoted)); + } else { + strwordquote(&mb, arg->key); + } first = 0; } return mb.buf; @@ -708,6 +731,8 @@ value = strchr(token, '='); if (value) { *value++ = '\0'; /* terminate the token, and move up to the value */ + if (state->def->quote == QUOTE_METHOD_URL) + rfc1738_unescape(value); if (strcmp(token, "user") == 0) user = value; else if (strcmp(token, "error") == 0) diff -ruN squid-2.5.STABLE6/src/forward.c squid-2.5.STABLE7/src/forward.c --- squid-2.5.STABLE6/src/forward.c Wed Feb 18 06:44:55 2004 +++ squid-2.5.STABLE7/src/forward.c Tue Oct 5 16:34:42 2004 @@ -1,6 +1,6 @@ /* - * $Id: forward.c,v 1.82.2.12 2004/02/18 13:44:55 hno Exp $ + * $Id: forward.c,v 1.82.2.13 2004/10/05 22:34:42 hno Exp $ * * DEBUG: section 17 Request Forwarding * AUTHOR: Duane Wessels @@ -152,7 +152,7 @@ /* If there is a request body then Squid can only try once * even if the method is indempotent */ - if (fwdState->request->body_connection) + if (fwdState->request->body_reader) return 0; /* RFC2616 9.1 Safe and Idempotent Methods */ diff -ruN squid-2.5.STABLE6/src/fs/Makefile.in squid-2.5.STABLE7/src/fs/Makefile.in --- squid-2.5.STABLE6/src/fs/Makefile.in Tue Jun 8 05:37:23 2004 +++ squid-2.5.STABLE7/src/fs/Makefile.in Sat Jul 10 06:11:49 2004 @@ -15,7 +15,7 @@ # Makefile for storage modules in the Squid Object Cache server # -# $Id: Makefile.in,v 1.8.2.8 2004/06/08 11:37:23 hno Exp $ +# $Id: Makefile.in,v 1.8.2.10 2004/07/10 12:11:49 hno Exp $ # SHELL = @SHELL@ diff -ruN squid-2.5.STABLE6/src/fs/aufs/store_dir_aufs.c squid-2.5.STABLE7/src/fs/aufs/store_dir_aufs.c --- squid-2.5.STABLE6/src/fs/aufs/store_dir_aufs.c Wed Aug 6 08:16:26 2003 +++ squid-2.5.STABLE7/src/fs/aufs/store_dir_aufs.c Wed Aug 25 15:07:25 2004 @@ -1,6 +1,6 @@ /* - * $Id: store_dir_aufs.c,v 1.40.2.8 2003/08/06 14:16:26 hno Exp $ + * $Id: store_dir_aufs.c,v 1.40.2.9 2004/08/25 21:07:25 hno Exp $ * * DEBUG: section 47 Store Directory Routines * AUTHOR: Duane Wessels @@ -320,6 +320,10 @@ char *path; int fd; path = storeAufsDirSwapLogFile(sd, NULL); + if (aioinfo->swaplog_fd >= 0) { + debug(50, 1) ("storeAufsDirOpenSwapLog: %s already open\n", path); + return; + } fd = file_open(path, O_WRONLY | O_CREAT | O_BINARY); if (fd < 0) { debug(50, 1) ("%s: %s\n", path, xstrerror()); @@ -963,6 +967,10 @@ state->new = xstrdup(storeAufsDirSwapLogFile(sd, ".clean")); state->fd = file_open(state->new, O_WRONLY | O_CREAT | O_TRUNC | O_BINARY); if (state->fd < 0) { + debug(50, 0) ("storeDirWriteCleanStart: %s: open: %s\n", + state->new, xstrerror()); + debug(50, 0) ("storeDirWriteCleanStart: Current swap logfile " + "not replaced.\n"); xfree(state->new); xfree(state); return -1; diff -ruN squid-2.5.STABLE6/src/fs/diskd/Makefile.in squid-2.5.STABLE7/src/fs/diskd/Makefile.in --- squid-2.5.STABLE6/src/fs/diskd/Makefile.in Tue Jun 8 05:37:23 2004 +++ squid-2.5.STABLE7/src/fs/diskd/Makefile.in Sat Jul 10 06:11:50 2004 @@ -16,7 +16,7 @@ # # Makefile for the DISKD storage driver for the Squid Object Cache server # -# $Id: Makefile.in,v 1.6.2.7 2004/06/08 11:37:23 hno Exp $ +# $Id: Makefile.in,v 1.6.2.9 2004/07/10 12:11:50 hno Exp $ # SHELL = @SHELL@ diff -ruN squid-2.5.STABLE6/src/fs/ufs/store_dir_ufs.c squid-2.5.STABLE7/src/fs/ufs/store_dir_ufs.c --- squid-2.5.STABLE6/src/fs/ufs/store_dir_ufs.c Mon May 31 16:03:31 2004 +++ squid-2.5.STABLE7/src/fs/ufs/store_dir_ufs.c Wed Aug 25 15:07:25 2004 @@ -1,6 +1,6 @@ /* - * $Id: store_dir_ufs.c,v 1.39.2.8 2004/05/31 22:03:31 hno Exp $ + * $Id: store_dir_ufs.c,v 1.39.2.10 2004/08/25 21:07:25 hno Exp $ * * DEBUG: section 47 Store Directory Routines * AUTHOR: Duane Wessels @@ -319,6 +319,10 @@ char *path; int fd; path = storeUfsDirSwapLogFile(sd, NULL); + if (ufsinfo->swaplog_fd >= 0) { + debug(50, 1) ("storeUfsDirOpenSwapLog: %s already open\n", path); + return; + } fd = file_open(path, O_WRONLY | O_CREAT | O_BINARY); if (fd < 0) { debug(50, 1) ("%s: %s\n", path, xstrerror()); @@ -961,6 +965,10 @@ state->new = xstrdup(storeUfsDirSwapLogFile(sd, ".clean")); state->fd = file_open(state->new, O_WRONLY | O_CREAT | O_TRUNC | O_BINARY); if (state->fd < 0) { + debug(50, 0) ("storeDirWriteCleanStart: %s: open: %s\n", + state->new, xstrerror()); + debug(50, 0) ("storeDirWriteCleanStart: Current swap logfile " + "not replaced.\n"); xfree(state->new); xfree(state); return -1; @@ -1636,6 +1644,7 @@ ufsinfo->swaplog_fd = -1; ufsinfo->map = NULL; /* Debugging purposes */ ufsinfo->suggest = 0; + ufsinfo->open_files = 0; sd->init = storeUfsDirInit; sd->newfs = storeUfsDirNewfs; sd->dump = storeUfsDirDump; diff -ruN squid-2.5.STABLE6/src/fs/ufs/store_io_ufs.c squid-2.5.STABLE7/src/fs/ufs/store_io_ufs.c --- squid-2.5.STABLE6/src/fs/ufs/store_io_ufs.c Mon May 31 16:03:31 2004 +++ squid-2.5.STABLE7/src/fs/ufs/store_io_ufs.c Sat Jul 17 13:44:20 2004 @@ -1,6 +1,6 @@ /* - * $Id: store_io_ufs.c,v 1.9.2.2 2004/05/31 22:03:31 hno Exp $ + * $Id: store_io_ufs.c,v 1.9.2.4 2004/07/17 19:44:20 hno Exp $ * * DEBUG: section 79 Storage Manager UFS Interface * AUTHOR: Duane Wessels @@ -108,7 +108,7 @@ debug(79, 3) ("storeUfsCreate: fileno %08X\n", filn); fd = file_open(path, mode); if (fd < 0) { - debug(79, 3) ("storeUfsCreate: got failure (%d)\n", errno); + debug(79, 1) ("storeUfsCreate: Failed to create %s (%s)\n", path, xstrerror()); return NULL; } debug(79, 3) ("storeUfsCreate: opened FD %d\n", fd); diff -ruN squid-2.5.STABLE6/src/ftp.c squid-2.5.STABLE7/src/ftp.c --- squid-2.5.STABLE6/src/ftp.c Mon May 31 17:14:37 2004 +++ squid-2.5.STABLE7/src/ftp.c Tue Oct 5 16:34:42 2004 @@ -1,6 +1,6 @@ /* - * $Id: ftp.c,v 1.316.2.14 2004/05/31 23:14:37 hno Exp $ + * $Id: ftp.c,v 1.316.2.15 2004/10/05 22:34:42 hno Exp $ * * DEBUG: section 9 File Transfer Protocol (FTP) * AUTHOR: Harvest Derived @@ -2309,7 +2309,7 @@ return; if (!err) { /* Shedule the rest of the request */ - clientReadBody(ftpState->request, ftpState->data.buf, ftpState->data.size, ftpRequestBody, ftpState); + requestReadBody(ftpState->request, ftpState->data.buf, ftpState->data.size, ftpRequestBody, ftpState); } else { debug(9, 1) ("ftpDataWriteCallback: write error: %s\n", xstrerror()); ftpFailed(ftpState, ERR_WRITE_ERROR); @@ -2322,7 +2322,7 @@ FtpStateData *ftpState = (FtpStateData *) data; debug(9, 3) ("ftpDataWrite\n"); /* This starts the body transfer */ - clientReadBody(ftpState->request, ftpState->data.buf, ftpState->data.size, ftpRequestBody, ftpState); + requestReadBody(ftpState->request, ftpState->data.buf, ftpState->data.size, ftpRequestBody, ftpState); } static void diff -ruN squid-2.5.STABLE6/src/http.c squid-2.5.STABLE7/src/http.c --- squid-2.5.STABLE6/src/http.c Tue Jun 8 04:54:07 2004 +++ squid-2.5.STABLE7/src/http.c Thu Oct 7 12:43:44 2004 @@ -1,6 +1,6 @@ /* - * $Id: http.c,v 1.384.2.16 2004/06/08 10:54:07 hno Exp $ + * $Id: http.c,v 1.384.2.19 2004/10/07 18:43:44 hno Exp $ * * DEBUG: section 11 Hypertext Transfer Protocol (HTTP) * AUTHOR: Harvest Derived @@ -65,18 +65,15 @@ if (httpState == NULL) return; if (httpState->body_buf) { - if (httpState->orig_request->body_connection) { - clientAbortBody(httpState->orig_request); - } + requestAbortBody(httpState->orig_request); if (httpState->body_buf) { memFree(httpState->body_buf, MEM_8K_BUF); httpState->body_buf = NULL; } } storeUnlockObject(httpState->entry); - if (httpState->reply_hdr) { - memFree(httpState->reply_hdr, MEM_8K_BUF); - httpState->reply_hdr = NULL; + if (!memBufIsNull(&httpState->reply_hdr)) { + memBufClean(&httpState->reply_hdr); } requestUnlink(httpState->request); requestUnlink(httpState->orig_request); @@ -320,6 +317,7 @@ case HTTP_UNAUTHORIZED: case HTTP_PROXY_AUTHENTICATION_REQUIRED: case HTTP_INVALID_HEADER: /* Squid header parsing error */ + case HTTP_HEADER_TOO_LARGE: default: /* Unknown status code */ return 0; /* NOTREACHED */ @@ -371,6 +369,7 @@ } stringClean(&vary); #if X_ACCELERATOR_VARY + pos = NULL; vary = httpHeaderGetList(&reply->header, HDR_X_ACCELERATOR_VARY); while (strListGetItem(&vary, ',', &item, &ilen, &pos)) { char *name = xmalloc(ilen + 1); @@ -395,50 +394,61 @@ } /* rewrite this later using new interfaces @?@ */ -void +static void httpProcessReplyHeader(HttpStateData * httpState, const char *buf, int size) { - char *t = NULL; StoreEntry *entry = httpState->entry; - int room; size_t hdr_len; + size_t hdr_size = headersEnd(buf, size); HttpReply *reply = entry->mem_obj->reply; Ctx ctx; debug(11, 3) ("httpProcessReplyHeader: key '%s'\n", storeKeyText(entry->hash.key)); - if (httpState->reply_hdr == NULL) - httpState->reply_hdr = memAllocate(MEM_8K_BUF); + if (memBufIsNull(&httpState->reply_hdr)) + memBufDefInit(&httpState->reply_hdr); assert(httpState->reply_hdr_state == 0); - hdr_len = httpState->reply_hdr_size; - room = 8191 - hdr_len; - xmemcpy(httpState->reply_hdr + hdr_len, buf, room < size ? room : size); - hdr_len += room < size ? room : size; - httpState->reply_hdr[hdr_len] = '\0'; - httpState->reply_hdr_size = hdr_len; - if (hdr_len > 4 && strncmp(httpState->reply_hdr, "HTTP/", 5)) { - debug(11, 3) ("httpProcessReplyHeader: Non-HTTP-compliant header: '%s'\n", httpState->reply_hdr); + if (hdr_size) + memBufAppend(&httpState->reply_hdr, buf, hdr_size); + else + memBufAppend(&httpState->reply_hdr, buf, size); + hdr_len = httpState->reply_hdr.size; + if (hdr_len > 4 && strncmp(httpState->reply_hdr.buf, "HTTP/", 5)) { + debug(11, 3) ("httpProcessReplyHeader: Non-HTTP-compliant header: '%s'\n", httpState->reply_hdr.buf); httpState->reply_hdr_state += 2; + memBufClean(&httpState->reply_hdr); reply->sline.status = HTTP_INVALID_HEADER; return; } - t = httpState->reply_hdr + hdr_len; + if (hdr_size != hdr_len) + hdr_size = headersEnd(httpState->reply_hdr.buf, hdr_len); + if (hdr_size) + hdr_len = hdr_size; + if (hdr_len > Config.maxReplyHeaderSize) { + debug(11, 1) ("httpProcessReplyHeader: Too large reply header\n"); + if (!memBufIsNull(&httpState->reply_hdr)) + memBufClean(&httpState->reply_hdr); + reply->sline.status = HTTP_HEADER_TOO_LARGE; + return; + } /* headers can be incomplete only if object still arriving */ - if (!httpState->eof) { - size_t k = headersEnd(httpState->reply_hdr, 8192); - if (0 == k) + if (!hdr_size) { + if (httpState->eof) + hdr_size = hdr_len; + else return; /* headers not complete */ - t = httpState->reply_hdr + k; } - *t = '\0'; + /* Cut away any excess body data (only needed for debug?) */ + memBufAppend(&httpState->reply_hdr, "\0", 1); + httpState->reply_hdr.buf[hdr_size] = '\0'; httpState->reply_hdr_state++; assert(httpState->reply_hdr_state == 1); ctx = ctx_enter(entry->mem_obj->url); httpState->reply_hdr_state++; debug(11, 9) ("GOT HTTP REPLY HDR:\n---------\n%s\n----------\n", - httpState->reply_hdr); + httpState->reply_hdr.buf); /* Parse headers into reply structure */ /* what happens if we fail to parse here? */ - httpReplyParse(reply, httpState->reply_hdr, hdr_len); + httpReplyParse(reply, httpState->reply_hdr.buf, hdr_size); storeTimestampsSet(entry); /* Check if object is cacheable or not based on reply code */ debug(11, 3) ("httpProcessReplyHeader: HTTP CODE: %d\n", reply->sline.status); @@ -489,7 +499,7 @@ if (Config.onoff.detect_broken_server_pconns && httpReplyBodySize(httpState->request->method, reply) == -1) { debug(11, 1) ("httpProcessReplyHeader: Impossible keep-alive header from '%s'\n", storeUrl(entry)); debug(11, 2) ("GOT HTTP REPLY HDR:\n---------\n%s\n----------\n", - httpState->reply_hdr); + httpState->reply_hdr.buf); httpState->flags.keepalive_broken = 1; } } @@ -600,7 +610,7 @@ clen >>= 1; IOStats.Http.read_hist[bin]++; } - if (!httpState->reply_hdr && len > 0 && fd_table[fd].uses > 1) { + if (!httpState->reply_hdr.size && len > 0 && fd_table[fd].uses > 1) { /* Skip whitespace */ while (len > 0 && xisspace(*buf)) xmemmove(buf, buf + 1, len--); @@ -618,7 +628,7 @@ commSetSelect(fd, COMM_SELECT_READ, httpReadReply, httpState, 0); } else if (entry->mem_obj->inmem_hi == 0) { ErrorState *err; - err = errorCon(ERR_READ_ERROR, HTTP_INTERNAL_SERVER_ERROR); + err = errorCon(ERR_READ_ERROR, HTTP_BAD_GATEWAY); err->request = requestLink((request_t *) request); err->xerrno = errno; fwdFail(httpState->fwd, err); @@ -628,7 +638,7 @@ } } else if (len == 0 && entry->mem_obj->inmem_hi == 0) { ErrorState *err; - err = errorCon(ERR_ZERO_SIZE_OBJECT, HTTP_SERVICE_UNAVAILABLE); + err = errorCon(ERR_ZERO_SIZE_OBJECT, HTTP_BAD_GATEWAY); err->xerrno = errno; err->request = requestLink((request_t *) request); fwdFail(httpState->fwd, err); @@ -645,11 +655,31 @@ * we want to process the reply headers. */ httpProcessReplyHeader(httpState, buf, len); - fwdComplete(httpState->fwd); + if (entry->mem_obj->reply->sline.status == HTTP_HEADER_TOO_LARGE) { + ErrorState *err; + storeEntryReset(entry); + err = errorCon(ERR_TOO_BIG, HTTP_BAD_GATEWAY); + err->request = requestLink((request_t *) request); + fwdFail(httpState->fwd, err); + httpState->fwd->flags.dont_retry = 1; + } else { + fwdComplete(httpState->fwd); + } comm_close(fd); + return; } else { if (httpState->reply_hdr_state < 2) { httpProcessReplyHeader(httpState, buf, len); + if (entry->mem_obj->reply->sline.status == HTTP_HEADER_TOO_LARGE) { + ErrorState *err; + storeEntryReset(entry); + err = errorCon(ERR_TOO_BIG, HTTP_BAD_GATEWAY); + err->request = requestLink((request_t *) request); + fwdFail(httpState->fwd, err); + httpState->fwd->flags.dont_retry = 1; + comm_close(fd); + return; + } if (httpState->reply_hdr_state == 2) { http_status s = entry->mem_obj->reply->sline.status; #if WIP_FWD_LOG @@ -719,7 +749,7 @@ return; if (errflag) { if (entry->mem_obj->inmem_hi == 0) { - err = errorCon(ERR_WRITE_ERROR, HTTP_INTERNAL_SERVER_ERROR); + err = errorCon(ERR_WRITE_ERROR, HTTP_BAD_GATEWAY); err->xerrno = errno; err->request = requestLink(httpState->orig_request); errorAppendEntry(entry, err); @@ -1002,7 +1032,7 @@ commSetTimeout(fd, Config.Timeout.lifetime, httpTimeout, httpState); commSetSelect(fd, COMM_SELECT_READ, httpReadReply, httpState, 0); - if (httpState->orig_request->body_connection) + if (httpState->orig_request->body_reader) sendHeaderDone = httpSendRequestEntry; else sendHeaderDone = httpSendComplete; @@ -1175,7 +1205,7 @@ return; if (errflag) { if (entry->mem_obj->inmem_hi == 0) { - err = errorCon(ERR_WRITE_ERROR, HTTP_INTERNAL_SERVER_ERROR); + err = errorCon(ERR_WRITE_ERROR, HTTP_BAD_GATEWAY); err->xerrno = errno; err->request = requestLink(httpState->orig_request); errorAppendEntry(entry, err); @@ -1188,7 +1218,7 @@ return; } httpState->body_buf = memAllocate(MEM_8K_BUF); - clientReadBody(httpState->orig_request, httpState->body_buf, 8192, httpRequestBodyHandler, httpState); + requestReadBody(httpState->orig_request, httpState->body_buf, 8192, httpRequestBodyHandler, httpState); } void diff -ruN squid-2.5.STABLE6/src/ipcache.c squid-2.5.STABLE7/src/ipcache.c --- squid-2.5.STABLE6/src/ipcache.c Thu Feb 12 02:32:09 2004 +++ squid-2.5.STABLE7/src/ipcache.c Mon Sep 27 12:17:39 2004 @@ -1,6 +1,6 @@ /* - * $Id: ipcache.c,v 1.236.2.3 2004/02/12 09:32:09 hno Exp $ + * $Id: ipcache.c,v 1.236.2.4 2004/09/27 18:17:39 hno Exp $ * * DEBUG: section 14 IP Cache * AUTHOR: Harvest Derived @@ -116,6 +116,7 @@ static void ipcacheRelease(ipcache_entry * i) { + debug(14, 3) ("ipcacheRelease: Releasing entry for '%s'\n", (const char *) i->hash.key); hash_remove_link(ip_table, (hash_link *) i); dlinkDelete(&i->lru, &lru_list); ipcacheFreeEntry(i); @@ -332,7 +333,7 @@ return i; } assert(answers); - for (j = 0, k = 0; k < nr; k++) { + for (k = 0; k < nr; k++) { if (answers[k].type != RFC1035_TYPE_A) continue; if (answers[k].class != RFC1035_CLASS_IN) @@ -582,6 +583,20 @@ */ } +void +ipcacheInvalidateNegative(const char *name) +{ + ipcache_entry *i; + if ((i = ipcache_get(name)) == NULL) + return; + if (i->flags.negcached) + i->expires = squid_curtime; + /* + * NOTE, don't call ipcacheRelease here becuase we might be here due + * to a thread started from a callback. + */ +} + ipcache_addrs * ipcacheCheckNumeric(const char *name) { @@ -669,6 +684,7 @@ if (!ia->bad_mask[k]) { ia->bad_mask[k] = TRUE; ia->badcount++; + i->expires = XMIN(squid_curtime + XMAX(60, Config.negativeDnsTtl), i->expires); debug(14, 2) ("ipcacheMarkBadAddr: %s [%s]\n", name, inet_ntoa(addr)); } ipcacheCycleAddr(name, ia); diff -ruN squid-2.5.STABLE6/src/protos.h squid-2.5.STABLE7/src/protos.h --- squid-2.5.STABLE6/src/protos.h Wed Feb 4 10:42:28 2004 +++ squid-2.5.STABLE7/src/protos.h Tue Oct 5 16:34:42 2004 @@ -1,6 +1,6 @@ /* - * $Id: protos.h,v 1.420.2.22 2004/02/04 17:42:28 hno Exp $ + * $Id: protos.h,v 1.420.2.25 2004/10/05 22:34:42 hno Exp $ * * * SQUID Web Proxy Cache http://www.squid-cache.org/ @@ -141,8 +141,6 @@ extern void clientHttpConnectionsClose(void); extern StoreEntry *clientCreateStoreEntry(clientHttpRequest *, method_t, request_flags); extern int isTcpHit(log_type); -extern void clientReadBody(request_t * req, char *buf, size_t size, CBCB * callback, void *data); -extern void clientAbortBody(request_t * req); extern int commSetNonBlocking(int fd); extern int commUnsetNonBlocking(int fd); @@ -304,8 +302,6 @@ /* http.c */ extern int httpCachable(method_t); extern void httpStart(FwdState *); -extern void httpParseReplyHeaders(const char *, http_reply *); -extern void httpProcessReplyHeader(HttpStateData *, const char *, int); extern mb_size_t httpBuildRequestPrefix(request_t * request, request_t * orig_request, StoreEntry * entry, @@ -521,6 +517,8 @@ extern int httpRequestPrefixLen(const request_t * req); extern int httpRequestHdrAllowed(const HttpHeaderEntry * e, String * strConnection); extern int httpRequestHdrAllowedByName(http_hdr_type id); +extern void requestReadBody(request_t * request, char *buf, size_t size, CBCB * callback, void *cbdata); +extern void requestAbortBody(request_t * request); extern void icmpOpen(void); extern void icmpClose(void); @@ -585,10 +583,9 @@ extern EVH ipcache_purgelru; extern const ipcache_addrs *ipcache_gethostbyname(const char *, int flags); extern void ipcacheInvalidate(const char *); -extern void ipcacheReleaseInvalid(const char *); +extern void ipcacheInvalidateNegative(const char *); extern void ipcache_init(void); extern void stat_ipcache_get(StoreEntry *); -extern int ipcacheQueueDrain(void); extern void ipcacheCycleAddr(const char *name, ipcache_addrs *); extern void ipcacheMarkBadAddr(const char *name, struct in_addr); extern void ipcacheMarkGoodAddr(const char *name, struct in_addr); diff -ruN squid-2.5.STABLE6/src/repl/Makefile.in squid-2.5.STABLE7/src/repl/Makefile.in --- squid-2.5.STABLE6/src/repl/Makefile.in Tue Jun 8 05:37:23 2004 +++ squid-2.5.STABLE7/src/repl/Makefile.in Sat Jul 10 06:11:50 2004 @@ -15,7 +15,7 @@ # Makefile for storage modules in the Squid Object Cache server # -# $Id: Makefile.in,v 1.7.2.8 2004/06/08 11:37:23 hno Exp $ +# $Id: Makefile.in,v 1.7.2.10 2004/07/10 12:11:50 hno Exp $ # SHELL = @SHELL@ diff -ruN squid-2.5.STABLE6/src/repl/heap/store_repl_heap.c squid-2.5.STABLE7/src/repl/heap/store_repl_heap.c --- squid-2.5.STABLE6/src/repl/heap/store_repl_heap.c Sun Jul 21 18:07:17 2002 +++ squid-2.5.STABLE7/src/repl/heap/store_repl_heap.c Thu Aug 5 14:23:01 2004 @@ -1,6 +1,6 @@ /* - * $Id: store_repl_heap.c,v 1.8.2.1 2002/07/22 00:07:17 hno Exp $ + * $Id: store_repl_heap.c,v 1.8.2.2 2004/08/05 20:23:01 hno Exp $ * * DEBUG: section ? HEAP based removal policies * AUTHOR: Henrik Nordstrom @@ -191,6 +191,7 @@ age = heap_peepminkey(heap->heap); entry = heap_extractmin(heap->heap); if (storeEntryLocked(entry)) { + storeLockObject(entry); linklistPush(&heap_walker->locked_entries, entry); goto try_again; } @@ -220,6 +221,7 @@ while ((entry = linklistShift(&heap_walker->locked_entries))) { heap_node *node = heap_insert(heap->heap, entry); SET_POLICY_NODE(entry, node); + storeUnlockObject(entry); } safe_free(walker->_data); cbdataFree(walker); diff -ruN squid-2.5.STABLE6/src/squid.h squid-2.5.STABLE7/src/squid.h --- squid-2.5.STABLE6/src/squid.h Sun Mar 9 11:41:27 2003 +++ squid-2.5.STABLE7/src/squid.h Mon Aug 9 07:54:23 2004 @@ -1,6 +1,6 @@ /* - * $Id: squid.h,v 1.216.2.6 2003/03/09 18:41:27 hno Exp $ + * $Id: squid.h,v 1.216.2.7 2004/08/09 13:54:23 hno Exp $ * * AUTHOR: Duane Wessels * @@ -418,6 +418,10 @@ #if !HAVE_SNPRINTF #include "snprintf.h" +#endif + +#if !HAVE_INITGROUPS +#include "initgroups.h" #endif #define XMIN(x,y) ((x)<(y)? (x) : (y)) diff -ruN squid-2.5.STABLE6/src/ssl.c squid-2.5.STABLE7/src/ssl.c --- squid-2.5.STABLE6/src/ssl.c Mon Jun 7 15:20:34 2004 +++ squid-2.5.STABLE7/src/ssl.c Mon Sep 27 12:07:30 2004 @@ -1,6 +1,6 @@ /* - * $Id: ssl.c,v 1.118.2.6 2004/06/07 21:20:34 hno Exp $ + * $Id: ssl.c,v 1.118.2.7 2004/09/27 18:07:30 hno Exp $ * * DEBUG: section 26 Secure Sockets Layer Proxy * AUTHOR: Duane Wessels @@ -51,6 +51,7 @@ #if DELAY_POOLS delay_id delay_id; #endif + int connected; } SslStateData; static const char *const conn_established = "HTTP/1.0 200 Connection established\r\n\r\n"; @@ -91,7 +92,9 @@ debug(26, 3) ("sslClientClosed: FD %d\n", fd); assert(fd == sslState->client.fd); sslState->client.fd = -1; - if (sslState->server.fd == -1) + if (sslState->server.fd != -1) + comm_close(sslState->server.fd); + else sslStateFree(sslState); } @@ -152,7 +155,9 @@ } else if (sslState->client.len == 0) { comm_close(sslState->server.fd); } - if (sslState->server.fd > -1) { + if (!sslState->connected) { + /* Not yet connected. wait.. */ + } else if (sslState->server.fd > -1) { if (sslState->client.len > 0) { commSetSelect(sslState->server.fd, COMM_SELECT_WRITE, @@ -354,13 +359,7 @@ { SslStateData *sslState = data; debug(26, 3) ("sslTimeout: FD %d\n", fd); - /* temporary lock to save our own feets (comm_close -> sslClientClosed -> Free) */ - cbdataLock(sslState); - if (sslState->client.fd > -1) - comm_close(sslState->client.fd); - if (sslState->server.fd > -1) - comm_close(sslState->server.fd); - cbdataUnlock(sslState); + comm_close(sslState->client.fd); } static void @@ -379,13 +378,7 @@ { SslStateData *sslState = data; assert(sslState != NULL); - /* temporary lock to save our own feets (comm_close -> sslClientClosed -> Free) */ - cbdataLock(sslState); - if (sslState->client.fd > -1) - comm_close(sslState->client.fd); - if (sslState->server.fd > -1) - comm_close(sslState->server.fd); - cbdataUnlock(sslState); + comm_close(sslState->client.fd); } @@ -424,6 +417,7 @@ err->callback_data = sslState; errorSend(sslState->client.fd, err); } else { + sslState->connected = 1; if (sslState->servers->peer) sslProxyConnected(sslState->server.fd, sslState); else @@ -557,19 +551,11 @@ Config.Timeout.lifetime, sslTimeout, sslState); - commSetTimeout(sslState->server.fd, - Config.Timeout.connect, - sslConnectTimeout, - sslState); + sslSetSelect(sslState); peerSelect(request, NULL, sslPeerSelectComplete, sslState); - /* - * Disable the client read handler until peer selection is complete - * Take control away from client_side.c. - */ - commSetSelect(sslState->client.fd, COMM_SELECT_READ, NULL, NULL, 0); } static void @@ -599,10 +585,6 @@ debug(26, 3) ("sslProxyConnected: Sending {%s}\n", sslState->client.buf); sslState->client.len = mb.size; memBufClean(&mb); - commSetTimeout(sslState->server.fd, - Config.Timeout.read, - sslTimeout, - sslState); sslSetSelect(sslState); } @@ -647,6 +629,10 @@ sslState->delay_id = 0; } #endif + commSetTimeout(sslState->server.fd, + Config.Timeout.connect, + sslConnectTimeout, + sslState); commConnectStart(sslState->server.fd, sslState->host, sslState->port, diff -ruN squid-2.5.STABLE6/src/stat.c squid-2.5.STABLE7/src/stat.c --- squid-2.5.STABLE6/src/stat.c Sun Jun 22 15:32:10 2003 +++ squid-2.5.STABLE7/src/stat.c Sat Jul 17 14:09:23 2004 @@ -1,6 +1,6 @@ /* - * $Id: stat.c,v 1.351.2.9 2003/06/22 21:32:10 wessels Exp $ + * $Id: stat.c,v 1.351.2.10 2004/07/17 20:09:23 hno Exp $ * * DEBUG: section 18 Cache Manager Statistics * AUTHOR: Harvest Derived @@ -1446,6 +1446,9 @@ (long int) http->start.tv_sec, (int) http->start.tv_usec, tvSubDsec(http->start, current_time)); +#if DELAY_POOLS + storeAppendPrintf(s, "delay_pool %d\n", delayClient(http) >> 16); +#endif storeAppendPrintf(s, "\n"); } } diff -ruN squid-2.5.STABLE6/src/structs.h squid-2.5.STABLE7/src/structs.h --- squid-2.5.STABLE6/src/structs.h Sun Apr 18 17:43:30 2004 +++ squid-2.5.STABLE7/src/structs.h Tue Oct 5 16:56:36 2004 @@ -1,6 +1,6 @@ /* - * $Id: structs.h,v 1.408.2.24 2004/04/18 23:43:30 hno Exp $ + * $Id: structs.h,v 1.408.2.30 2004/10/05 22:56:36 hno Exp $ * * * SQUID Web Proxy Cache http://www.squid-cache.org/ @@ -88,6 +88,13 @@ void *acl_data; }; +struct _acl_hdr_data { + acl_hdr_data *next; + relist *reglist; + http_hdr_type hdr_id; + const char *hdr_name; +}; + struct _auth_user_hash_pointer { /* first two items must be same as hash_link */ char *key; @@ -214,6 +221,9 @@ struct _header_mangler { acl_access *access_list; char *replacement; + /* What follows is only used by HDR_OTHER to build a list of named headers */ + char *name; + header_mangler *next; }; struct _body_size { @@ -421,6 +431,7 @@ } Timeout; size_t maxRequestHeaderSize; size_t maxRequestBodySize; + size_t maxReplyHeaderSize; dlink_list ReplyBodySize; struct { u_short icp; @@ -594,6 +605,7 @@ int pipeline_prefetch; int request_entities; int detect_broken_server_pconns; + int balance_on_multiple_ip; } onoff; acl *aclList; struct { @@ -976,8 +988,7 @@ struct _HttpStateData { StoreEntry *entry; request_t *request; - char *reply_hdr; - size_t reply_hdr_size; + MemBuf reply_hdr; int reply_hdr_state; peer *peer; /* peer request made to */ int eof; /* reached end-of-object? */ @@ -1661,13 +1672,14 @@ struct in_addr my_addr; unsigned short my_port; HttpHeader header; - ConnStateData *body_connection; /* used by clientReadBody() */ int content_length; HierarchyLogEntry hier; err_type err_type; char *peer_login; /* Configured peer login:password */ time_t lastmod; /* Used on refreshes */ const char *vary_headers; /* Used when varying entities are detected. Changes how the store key is calculated */ + BODY_HANDLER *body_reader; + void *body_reader_data; }; struct _cachemgr_passwd { @@ -1940,6 +1952,7 @@ int n_denied; } cutoff; int n_established; /* number of current established connections */ + time_t last_seen; }; struct _CacheDigest { diff -ruN squid-2.5.STABLE6/src/tools.c squid-2.5.STABLE7/src/tools.c --- squid-2.5.STABLE6/src/tools.c Tue Jun 24 14:52:26 2003 +++ squid-2.5.STABLE7/src/tools.c Sat Aug 14 15:01:33 2004 @@ -1,6 +1,6 @@ /* - * $Id: tools.c,v 1.213.2.8 2003/06/24 20:52:26 wessels Exp $ + * $Id: tools.c,v 1.213.2.10 2004/08/14 21:01:33 hno Exp $ * * DEBUG: section 21 Misc Functions * AUTHOR: Harvest Derived @@ -516,18 +516,29 @@ leave_suid(void) { debug(21, 3) ("leave_suid: PID %d called\n", (int) getpid()); + if (Config.effectiveGroup) { +#if HAVE_SETGROUPS + setgroups(1, &Config2.effectiveGroupID); +#endif + if (setgid(Config2.effectiveGroupID) < 0) + debug(50, 0) ("ALERT: setgid: %s\n", xstrerror()); + } if (geteuid() != 0) return; /* Started as a root, check suid option */ if (Config.effectiveUser == NULL) return; -#if HAVE_SETGROUPS - setgroups(1, &Config2.effectiveGroupID); -#endif - if (setgid(Config2.effectiveGroupID) < 0) - debug(50, 0) ("ALERT: setgid: %s\n", xstrerror()); debug(21, 3) ("leave_suid: PID %d giving up root, becoming '%s'\n", (int) getpid(), Config.effectiveUser); + if (!Config.effectiveGroup) { + if (setgid(Config2.effectiveGroupID) < 0) + debug(50, 0) ("ALERT: setgid: %s\n", xstrerror()); + if (initgroups(Config.effectiveUser, Config2.effectiveGroupID) < 0) { + debug(50, 0) ("ALERT: initgroups: unable to set groups for User %s " + "and Group %u", Config.effectiveUser, + (unsigned) Config2.effectiveGroupID); + } + } #if HAVE_SETRESUID if (setresuid(Config2.effectiveUserID, Config2.effectiveUserID, 0) < 0) debug(50, 0) ("ALERT: setresuid: %s\n", xstrerror()); @@ -1051,7 +1062,18 @@ switch (ch) { case '\\': p++; - *d++ = ch = *p; + switch (*p) { + case 'n': + ch = '\n'; + break; + case 'r': + ch = '\r'; + break; + default: + ch = *p; + break; + } + *d++ = ch; if (ch) p++; break; @@ -1090,10 +1112,22 @@ int l = strcspn(str, "\"\\"); memBufAppend(mb, str, l); str += l; - while (*str == '"' || *str == '\\') { + switch (*str) { + case '\n': + memBufAppend(mb, "\\n", 2); + str++; + break; + case '\r': + memBufAppend(mb, "\\r", 2); + str++; + break; + case '\0': + break; + default: memBufAppend(mb, "\\", 1); memBufAppend(mb, str, 1); str++; + break; } } if (quoted) diff -ruN squid-2.5.STABLE6/src/typedefs.h squid-2.5.STABLE7/src/typedefs.h --- squid-2.5.STABLE6/src/typedefs.h Wed Feb 4 10:42:29 2004 +++ squid-2.5.STABLE7/src/typedefs.h Tue Oct 5 16:34:42 2004 @@ -1,6 +1,6 @@ /* - * $Id: typedefs.h,v 1.132.2.4 2004/02/04 17:42:29 hno Exp $ + * $Id: typedefs.h,v 1.132.2.6 2004/10/05 22:34:42 hno Exp $ * * * SQUID Web Proxy Cache http://www.squid-cache.org/ @@ -66,6 +66,7 @@ typedef struct _auth_user_hash_pointer auth_user_hash_pointer; typedef struct _auth_user_ip_t auth_user_ip_t; typedef struct _acl_proxy_auth_match_cache acl_proxy_auth_match_cache; +typedef struct _acl_hdr_data acl_hdr_data; typedef struct _authscheme_entry authscheme_entry_t; typedef struct _authScheme authScheme; typedef struct _acl_user_data acl_user_data; @@ -235,6 +236,7 @@ typedef int READ_HANDLER(int, char *, int); typedef int WRITE_HANDLER(int, const char *, int); typedef void CBCB(char *buf, ssize_t size, void *data); +typedef void BODY_HANDLER(request_t * req, char *, size_t, CBCB *, void *); typedef void STIOCB(void *their_data, int errflag, storeIOState *); typedef void STFNCB(void *their_data, int errflag, storeIOState *);