diff -u -r -N squid-3.2.0.6/ChangeLog squid-3.2.0.7/ChangeLog --- squid-3.2.0.6/ChangeLog 2011-04-04 14:42:49.000000000 +1200 +++ squid-3.2.0.7/ChangeLog 2011-04-19 12:47:07.000000000 +1200 @@ -1,3 +1,15 @@ +Changes to squid-3.2.0.7 (19 Apr 2011): + + - Regression fix: NTLM and Negotiate auth assertion "RefCountCount() == 2" + - Regression fix: icons/ FHS compliance + - Regression fix: Startup aborts with URL error when --disable-htcp + - Bug 3192: comm.cc:216: "fd_table[fd].halfClosedReader != NULL" + - Add negotiate_wrapper_auth version 1.0.1 + - Fixed %dt logging in the presence of REQMOD + - Fixed chunked request forwarding in ICAP REQMOD presence + - ... all bug fixes and updates from 3.1.12.1 + - ... many code polishings and display cleanups + Changes to squid-3.2.0.6 (04 Apr 2011): - Regression fix: upgrade existing icons @@ -152,6 +164,16 @@ - ... and a great many testing improvements - ... and many documentation updates +Changes to squid-3.1.12.1 (19 Apr 2011): + + - Port from 3.2: Dynamic SSL Certificate generation + - Bug 3194: selinux may prevent ntlm_smb_lm_auth from using /tmp + - Bug 3185: 3.1.11 fails to compile on OpenBSD 4.8 and 4.9 + - Bug 3183: Invalid URL accepted with url host part of only '@' + - Display ERROR in cache.log for invalid configured paths + - Cache Manager: send User-Agent header from cachemgr.cgi + - ... and many portability compile fixes for non-GCC systems. + Changes to squid-3.1.12 (04 Apr 2011): - Regression fix: Use bigger buffer for server reads. diff -u -r -N squid-3.2.0.6/compat/assert.cc squid-3.2.0.7/compat/assert.cc --- squid-3.2.0.6/compat/assert.cc 2011-04-04 14:42:49.000000000 +1200 +++ squid-3.2.0.7/compat/assert.cc 2011-04-19 12:47:07.000000000 +1200 @@ -33,14 +33,6 @@ #include "config.h" -#if HAVE_STDIO_H -#include -#endif - -#if 0 -#include "compat/assert.h" -#endif - void xassert(const char *expr, const char *file, int line) { fprintf(stderr, "assertion failed: %s:%d: \"%s\"\n", file, line, expr); diff -u -r -N squid-3.2.0.6/compat/compat.h squid-3.2.0.7/compat/compat.h --- squid-3.2.0.6/compat/compat.h 2011-04-04 14:42:49.000000000 +1200 +++ squid-3.2.0.7/compat/compat.h 2011-04-19 12:47:07.000000000 +1200 @@ -86,6 +86,9 @@ #include "compat/stdvarargs.h" #include "compat/assert.h" +/* cstdio has a bunch of problems with 64-bit definitions */ +#include "compat/stdio.h" + /*****************************************************/ /* component-specific portabilities */ diff -u -r -N squid-3.2.0.6/compat/compat_shared.h squid-3.2.0.7/compat/compat_shared.h --- squid-3.2.0.6/compat/compat_shared.h 2011-04-04 14:42:49.000000000 +1200 +++ squid-3.2.0.7/compat/compat_shared.h 2011-04-19 12:47:07.000000000 +1200 @@ -34,8 +34,7 @@ /* * DIRENT functionality can apparently come from many places. - * I believe these should really be done by OS-specific compat - * files, but for now its left here. + * With various complaints by different compilers */ #if HAVE_DIRENT_H #include @@ -54,6 +53,15 @@ #endif /* HAVE_NDIR_H */ #endif /* HAVE_DIRENT_H */ +/* The structure dirent also varies between 64-bit and 32-bit environments. + * Define our own dirent_t type for consistent simple internal use. + * NP: GCC seems not to care about the type naming differences. + */ +#if defined(__USE_FILE_OFFSET64) && !defined(__GNUC__) +#define dirent_t struct dirent64 +#else +#define dirent_t struct dirent +#endif /* * Filedescriptor limits in the different select loops diff -u -r -N squid-3.2.0.6/compat/debug.h squid-3.2.0.7/compat/debug.h --- squid-3.2.0.6/compat/debug.h 2011-04-04 14:42:49.000000000 +1200 +++ squid-3.2.0.7/compat/debug.h 2011-04-19 12:47:07.000000000 +1200 @@ -6,10 +6,6 @@ * It shunts the debug messages down stderr for logging by Squid * or display to the user instead of corrupting the stdout data stream. */ - -#if HAVE_STDIO_H -#include -#endif #if HAVE_UNISTD_H #include #endif diff -u -r -N squid-3.2.0.6/compat/eui64_aton.c squid-3.2.0.7/compat/eui64_aton.c --- squid-3.2.0.6/compat/eui64_aton.c 2011-04-04 14:42:49.000000000 +1200 +++ squid-3.2.0.7/compat/eui64_aton.c 2011-04-19 12:47:07.000000000 +1200 @@ -77,10 +77,6 @@ #include "config.h" #include "compat/eui64_aton.h" -#if HAVE_STDIO_H -#include -#endif - /* * Convert an ASCII representation of an EUI-64 to binary form. */ diff -u -r -N squid-3.2.0.6/compat/getnameinfo.c squid-3.2.0.7/compat/getnameinfo.c --- squid-3.2.0.6/compat/getnameinfo.c 2011-04-04 14:42:49.000000000 +1200 +++ squid-3.2.0.7/compat/getnameinfo.c 2011-04-19 12:47:07.000000000 +1200 @@ -80,9 +80,6 @@ #include "compat/inet_ntop.h" #include "compat/getaddrinfo.h" -#if HAVE_STDIO_H -#include -#endif #if HAVE_SYS_SOCKET_H #include #endif diff -u -r -N squid-3.2.0.6/compat/GnuRegex.c squid-3.2.0.7/compat/GnuRegex.c --- squid-3.2.0.6/compat/GnuRegex.c 2011-04-04 14:42:49.000000000 +1200 +++ squid-3.2.0.7/compat/GnuRegex.c 2011-04-19 12:47:07.000000000 +1200 @@ -235,9 +235,6 @@ #define STREQ(s1, s2) ((strcmp (s1, s2) == 0)) -#define MAX(a, b) ((a) > (b) ? (a) : (b)) -#define MIN(a, b) ((a) < (b) ? (a) : (b)) - #if !defined(__MINGW32__) /* MinGW defines boolean */ typedef char boolean; #endif @@ -452,12 +449,6 @@ #ifdef DEBUG -/* We use standard I/O for debugging. */ -#include - -/* It is useful to test things that ``must'' be true when debugging. */ -#include - static int debug = 0; #define DEBUG_STATEMENT(e) e @@ -3147,7 +3138,7 @@ if (bufp->regs_allocated == REGS_UNALLOCATED) { /* No. So allocate them with malloc. We need one * extra element beyond `num_regs' for the `-1' marker * GNU code uses. */ - regs->num_regs = MAX(RE_NREGS, num_regs + 1); + regs->num_regs = max(RE_NREGS, num_regs + 1); regs->start = TALLOC(regs->num_regs, regoff_t); regs->end = TALLOC(regs->num_regs, regoff_t); if (regs->start == NULL || regs->end == NULL) @@ -3176,7 +3167,7 @@ } /* Go through the first `min (num_regs, regs->num_regs)' * registers, since that is all we initialized. */ - for (mcnt = 1; mcnt < MIN(num_regs, regs->num_regs); mcnt++) { + for (mcnt = 1; mcnt < min(num_regs, regs->num_regs); mcnt++) { if (REG_UNSET(regstart[mcnt]) || REG_UNSET(regend[mcnt])) regs->start[mcnt] = regs->end[mcnt] = -1; else { diff -u -r -N squid-3.2.0.6/compat/inet_ntop.c squid-3.2.0.7/compat/inet_ntop.c --- squid-3.2.0.6/compat/inet_ntop.c 2011-04-04 14:42:49.000000000 +1200 +++ squid-3.2.0.7/compat/inet_ntop.c 2011-04-19 12:47:07.000000000 +1200 @@ -68,9 +68,6 @@ #if HAVE_ERRNO_H #include #endif -#if HAVE_STDIO_H -#include -#endif #if HAVE_STRING_H #include #endif diff -u -r -N squid-3.2.0.6/compat/Makefile.am squid-3.2.0.7/compat/Makefile.am --- squid-3.2.0.6/compat/Makefile.am 2011-04-04 14:42:49.000000000 +1200 +++ squid-3.2.0.7/compat/Makefile.am 2011-04-19 12:47:07.000000000 +1200 @@ -31,6 +31,7 @@ initgroups.h \ osdetect.h \ psignal.h \ + stdio.h \ stdvarargs.h \ strnstr.cc \ strsep.h \ diff -u -r -N squid-3.2.0.6/compat/Makefile.in squid-3.2.0.7/compat/Makefile.in --- squid-3.2.0.6/compat/Makefile.in 2011-04-04 14:43:26.000000000 +1200 +++ squid-3.2.0.7/compat/Makefile.in 2011-04-19 12:47:50.000000000 +1200 @@ -350,6 +350,7 @@ initgroups.h \ osdetect.h \ psignal.h \ + stdio.h \ stdvarargs.h \ strnstr.cc \ strsep.h \ diff -u -r -N squid-3.2.0.6/compat/os/linux.h squid-3.2.0.7/compat/os/linux.h --- squid-3.2.0.6/compat/os/linux.h 2011-04-04 14:42:49.000000000 +1200 +++ squid-3.2.0.7/compat/os/linux.h 2011-04-19 12:47:07.000000000 +1200 @@ -40,6 +40,29 @@ #include #endif /* HAVE_SYS_CAPABILITY_H */ +/* + * glob.h is provided by GNU on Linux and contains some unavoidable preprocessor + * logic errors in its 64-bit definitions which are hit by non-GCC compilers. + * + * #if __USE_FILE_OFFSET64 && __GNUC__ < 2 + * # define glob glob64 + * #endif + * #if !defined __USE_FILE_OFFSET64 || __GNUC__ < 2 + * extern "C" glob(...); + * #endif + * extern "C" glob64(...); + * + * ... and multiple "C" definitions of glob64 refuse to compile. + * Because __GNUC__ being undefined equates to 0 and (0 < 2) + */ +#if __USE_FILE_OFFSET64 && __GNUC__ < 2 +#if HAVE_GLOB_H +#undef HAVE_GLOB_H +#endif +#if HAVE_GLOB +#undef HAVE_GLOB +#endif +#endif #endif /* _SQUID_LINUX_ */ #endif /* SQUID_OS_LINUX_H */ diff -u -r -N squid-3.2.0.6/compat/os/openbsd.h squid-3.2.0.7/compat/os/openbsd.h --- squid-3.2.0.6/compat/os/openbsd.h 2011-04-04 14:42:49.000000000 +1200 +++ squid-3.2.0.7/compat/os/openbsd.h 2011-04-19 12:47:07.000000000 +1200 @@ -30,5 +30,13 @@ #define IPV6_V6ONLY 27 // from OpenBSD 4.3 headers. (NP: does not match non-BSD OS values) #endif +/* OpenBSD 4.8 and 4.9 require netinet/in.h before arpa/inet.h */ +#if HAVE_NETINET_IN_H +#include +#endif +#if HAVE_ARPA_INET_H +#include +#endif + #endif /* _SQUID_OPENBSD_ */ #endif /* SQUID_OS_OPENBSD_H */ diff -u -r -N squid-3.2.0.6/compat/stdio.h squid-3.2.0.7/compat/stdio.h --- squid-3.2.0.6/compat/stdio.h 1970-01-01 12:00:00.000000000 +1200 +++ squid-3.2.0.7/compat/stdio.h 2011-04-19 12:47:07.000000000 +1200 @@ -0,0 +1,53 @@ +#ifndef _SQUID_COMPAT_STDIO_H +#define _SQUID_COMPAT_STDIO_H + +/** 64-bit broken + * + * provides fgetpos64, fopen64 if __USE_FILE_OFFSET64 is defined. + * It then checks whether a gcc-specific __REDIRECT macro is available + * (defined in , depending on __GNUC__ begin available). + * If it is not available, it does a preprocessor #define. + * Which undefines, with this comment: + * "// Get rid of those macros defined in in lieu of real functions.". + * When it does a namespace redirection ("namespace std { using ::fgetpos; }") it goes blam, as + * fgetpos64 is available, while fgetpos is not. + */ + +// Import the stdio.h definitions first to do the state setup +#if HAVE_STDIO_H +#include +#endif + +// Check for the buggy case +#if defined(__USE_FILE_OFFSET64) && !defined(__REDIRECT) + +// Define the problem functions as needed +#if defined(fgetpos) +#undef fgetpos +inline int fgetpos(FILE *f, fpos64_t *p) { return fgetpos64(f,p); } +#endif +#if defined(fopen) +#undef fopen +inline FILE * fopen(const char *f, const char *m) { return fopen64(f,m); } +#endif +#if defined(freopen) +#undef freopen +inline FILE * freopen(const char *f, const char *m, FILE *s) { return freopen64(f,m,s); } +#endif +#if defined(fsetpos) +#undef fsetpos +inline int fsetpos(FILE *f, fpos64_t *p) { return fsetpos64(f,p); } +#endif +#if defined(tmpfile) +#undef tmpfile +inline FILE * tmpfile(void) { return tmpfile64(); } +#endif + +#endif /* __USE_FILE_OFFSET64 && !__REDIRECT */ + +// Finally import the stuff we actually use +#if HAVE_CSTDIO +#include +#endif + +#endif /* _SQUID_COMPAT_STDIO_H */ diff -u -r -N squid-3.2.0.6/compat/tempnam.c squid-3.2.0.7/compat/tempnam.c --- squid-3.2.0.6/compat/tempnam.c 2011-04-04 14:42:49.000000000 +1200 +++ squid-3.2.0.7/compat/tempnam.c 2011-04-19 12:47:07.000000000 +1200 @@ -14,9 +14,6 @@ #if HAVE_LIBC_H #include #endif -#if HAVE_STDIO_H -#include -#endif #if HAVE_LIMITS_H #include #endif diff -u -r -N squid-3.2.0.6/configure squid-3.2.0.7/configure --- squid-3.2.0.6/configure 2011-04-04 14:44:13.000000000 +1200 +++ squid-3.2.0.7/configure 2011-04-19 12:48:41.000000000 +1200 @@ -1,7 +1,7 @@ #! /bin/sh # From configure.ac Revision. # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.68 for Squid Web Proxy 3.2.0.6. +# Generated by GNU Autoconf 2.68 for Squid Web Proxy 3.2.0.7. # # Report bugs to . # @@ -575,8 +575,8 @@ # Identity of this package. PACKAGE_NAME='Squid Web Proxy' PACKAGE_TARNAME='squid' -PACKAGE_VERSION='3.2.0.6' -PACKAGE_STRING='Squid Web Proxy 3.2.0.6' +PACKAGE_VERSION='3.2.0.7' +PACKAGE_STRING='Squid Web Proxy 3.2.0.7' PACKAGE_BUGREPORT='http://www.squid-cache.org/bugs/' PACKAGE_URL='' @@ -1567,7 +1567,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures Squid Web Proxy 3.2.0.6 to adapt to many kinds of systems. +\`configure' configures Squid Web Proxy 3.2.0.7 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1637,7 +1637,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of Squid Web Proxy 3.2.0.6:";; + short | recursive ) echo "Configuration of Squid Web Proxy 3.2.0.7:";; esac cat <<\_ACEOF @@ -2012,7 +2012,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -Squid Web Proxy configure 3.2.0.6 +Squid Web Proxy configure 3.2.0.7 generated by GNU Autoconf 2.68 Copyright (C) 2010 Free Software Foundation, Inc. @@ -3108,7 +3108,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by Squid Web Proxy $as_me 3.2.0.6, which was +It was created by Squid Web Proxy $as_me 3.2.0.7, which was generated by GNU Autoconf 2.68. Invocation command line was $ $0 $@ @@ -3927,7 +3927,7 @@ # Define the identity of the package. PACKAGE='squid' - VERSION='3.2.0.6' + VERSION='3.2.0.7' cat >>confdefs.h <<_ACEOF @@ -29509,7 +29509,7 @@ rm -f core -ac_config_files="$ac_config_files Makefile compat/Makefile lib/Makefile lib/ntlmauth/Makefile lib/profiler/Makefile lib/rfcnb/Makefile lib/smblib/Makefile scripts/Makefile src/Makefile src/anyp/Makefile src/base/Makefile src/acl/Makefile src/fs/Makefile src/repl/Makefile src/auth/Makefile src/auth/basic/Makefile src/auth/digest/Makefile src/auth/negotiate/Makefile src/auth/ntlm/Makefile src/adaptation/Makefile src/adaptation/icap/Makefile src/adaptation/ecap/Makefile src/comm/Makefile src/esi/Makefile src/eui/Makefile src/icmp/Makefile src/ident/Makefile src/ip/Makefile src/log/Makefile src/ipc/Makefile src/ssl/Makefile src/mgr/Makefile src/snmp/Makefile contrib/Makefile snmplib/Makefile icons/Makefile errors/Makefile test-suite/Makefile doc/Makefile doc/manuals/Makefile helpers/Makefile helpers/basic_auth/Makefile helpers/basic_auth/DB/Makefile helpers/basic_auth/fake/Makefile helpers/basic_auth/getpwnam/Makefile helpers/basic_auth/LDAP/Makefile helpers/basic_auth/MSNT/Makefile helpers/basic_auth/MSNT-multi-domain/Makefile helpers/basic_auth/NCSA/Makefile helpers/basic_auth/NIS/Makefile helpers/basic_auth/PAM/Makefile helpers/basic_auth/POP3/Makefile helpers/basic_auth/RADIUS/Makefile helpers/basic_auth/SASL/Makefile helpers/basic_auth/SMB/Makefile helpers/basic_auth/SSPI/Makefile helpers/digest_auth/Makefile helpers/digest_auth/eDirectory/Makefile helpers/digest_auth/file/Makefile helpers/digest_auth/LDAP/Makefile helpers/ntlm_auth/Makefile helpers/ntlm_auth/fake/Makefile helpers/ntlm_auth/smb_lm/Makefile helpers/ntlm_auth/SSPI/Makefile helpers/negotiate_auth/Makefile helpers/negotiate_auth/kerberos/Makefile helpers/negotiate_auth/SSPI/Makefile helpers/external_acl/Makefile helpers/external_acl/AD_group/Makefile helpers/external_acl/eDirectory_userip/Makefile helpers/external_acl/file_userip/Makefile helpers/external_acl/kerberos_ldap_group/Makefile helpers/external_acl/LDAP_group/Makefile helpers/external_acl/LM_group/Makefile helpers/external_acl/session/Makefile helpers/external_acl/unix_group/Makefile helpers/external_acl/wbinfo_group/Makefile helpers/log_daemon/Makefile helpers/log_daemon/file/Makefile helpers/url_rewrite/Makefile helpers/url_rewrite/fake/Makefile tools/Makefile tools/purge/Makefile" +ac_config_files="$ac_config_files Makefile compat/Makefile lib/Makefile lib/ntlmauth/Makefile lib/profiler/Makefile lib/rfcnb/Makefile lib/smblib/Makefile scripts/Makefile src/Makefile src/anyp/Makefile src/base/Makefile src/acl/Makefile src/fs/Makefile src/repl/Makefile src/auth/Makefile src/auth/basic/Makefile src/auth/digest/Makefile src/auth/negotiate/Makefile src/auth/ntlm/Makefile src/adaptation/Makefile src/adaptation/icap/Makefile src/adaptation/ecap/Makefile src/comm/Makefile src/esi/Makefile src/eui/Makefile src/icmp/Makefile src/ident/Makefile src/ip/Makefile src/log/Makefile src/ipc/Makefile src/ssl/Makefile src/mgr/Makefile src/snmp/Makefile contrib/Makefile snmplib/Makefile icons/Makefile errors/Makefile test-suite/Makefile doc/Makefile doc/manuals/Makefile helpers/Makefile helpers/basic_auth/Makefile helpers/basic_auth/DB/Makefile helpers/basic_auth/fake/Makefile helpers/basic_auth/getpwnam/Makefile helpers/basic_auth/LDAP/Makefile helpers/basic_auth/MSNT/Makefile helpers/basic_auth/MSNT-multi-domain/Makefile helpers/basic_auth/NCSA/Makefile helpers/basic_auth/NIS/Makefile helpers/basic_auth/PAM/Makefile helpers/basic_auth/POP3/Makefile helpers/basic_auth/RADIUS/Makefile helpers/basic_auth/SASL/Makefile helpers/basic_auth/SMB/Makefile helpers/basic_auth/SSPI/Makefile helpers/digest_auth/Makefile helpers/digest_auth/eDirectory/Makefile helpers/digest_auth/file/Makefile helpers/digest_auth/LDAP/Makefile helpers/ntlm_auth/Makefile helpers/ntlm_auth/fake/Makefile helpers/ntlm_auth/smb_lm/Makefile helpers/ntlm_auth/SSPI/Makefile helpers/negotiate_auth/Makefile helpers/negotiate_auth/kerberos/Makefile helpers/negotiate_auth/SSPI/Makefile helpers/negotiate_auth/wrapper/Makefile helpers/external_acl/Makefile helpers/external_acl/AD_group/Makefile helpers/external_acl/eDirectory_userip/Makefile helpers/external_acl/file_userip/Makefile helpers/external_acl/kerberos_ldap_group/Makefile helpers/external_acl/LDAP_group/Makefile helpers/external_acl/LM_group/Makefile helpers/external_acl/session/Makefile helpers/external_acl/unix_group/Makefile helpers/external_acl/wbinfo_group/Makefile helpers/log_daemon/Makefile helpers/log_daemon/file/Makefile helpers/url_rewrite/Makefile helpers/url_rewrite/fake/Makefile tools/Makefile tools/purge/Makefile" subdirs="$subdirs lib/libTrie" @@ -30234,7 +30234,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by Squid Web Proxy $as_me 3.2.0.6, which was +This file was extended by Squid Web Proxy $as_me 3.2.0.7, which was generated by GNU Autoconf 2.68. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -30300,7 +30300,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -Squid Web Proxy config.status 3.2.0.6 +Squid Web Proxy config.status 3.2.0.7 configured by $0, generated by GNU Autoconf 2.68, with options \\"\$ac_cs_config\\" @@ -30859,6 +30859,7 @@ "helpers/negotiate_auth/Makefile") CONFIG_FILES="$CONFIG_FILES helpers/negotiate_auth/Makefile" ;; "helpers/negotiate_auth/kerberos/Makefile") CONFIG_FILES="$CONFIG_FILES helpers/negotiate_auth/kerberos/Makefile" ;; "helpers/negotiate_auth/SSPI/Makefile") CONFIG_FILES="$CONFIG_FILES helpers/negotiate_auth/SSPI/Makefile" ;; + "helpers/negotiate_auth/wrapper/Makefile") CONFIG_FILES="$CONFIG_FILES helpers/negotiate_auth/wrapper/Makefile" ;; "helpers/external_acl/Makefile") CONFIG_FILES="$CONFIG_FILES helpers/external_acl/Makefile" ;; "helpers/external_acl/AD_group/Makefile") CONFIG_FILES="$CONFIG_FILES helpers/external_acl/AD_group/Makefile" ;; "helpers/external_acl/eDirectory_userip/Makefile") CONFIG_FILES="$CONFIG_FILES helpers/external_acl/eDirectory_userip/Makefile" ;; diff -u -r -N squid-3.2.0.6/configure.ac squid-3.2.0.7/configure.ac --- squid-3.2.0.6/configure.ac 2011-04-04 14:44:13.000000000 +1200 +++ squid-3.2.0.7/configure.ac 2011-04-19 12:48:41.000000000 +1200 @@ -3,7 +3,7 @@ dnl dnl dnl -AC_INIT([Squid Web Proxy],[3.2.0.6],[http://www.squid-cache.org/bugs/],[squid]) +AC_INIT([Squid Web Proxy],[3.2.0.7],[http://www.squid-cache.org/bugs/],[squid]) AC_PREREQ(2.61) AC_CONFIG_HEADERS([include/autoconf.h]) AC_CONFIG_AUX_DIR(cfgaux) @@ -3424,6 +3424,7 @@ helpers/negotiate_auth/Makefile \ helpers/negotiate_auth/kerberos/Makefile \ helpers/negotiate_auth/SSPI/Makefile \ + helpers/negotiate_auth/wrapper/Makefile \ helpers/external_acl/Makefile \ helpers/external_acl/AD_group/Makefile \ helpers/external_acl/eDirectory_userip/Makefile \ diff -u -r -N squid-3.2.0.6/helpers/basic_auth/DB/basic_db_auth.8 squid-3.2.0.7/helpers/basic_auth/DB/basic_db_auth.8 --- squid-3.2.0.6/helpers/basic_auth/DB/basic_db_auth.8 2011-04-04 15:10:19.000000000 +1200 +++ squid-3.2.0.7/helpers/basic_auth/DB/basic_db_auth.8 2011-04-19 13:14:23.000000000 +1200 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BASIC_DB_AUTH 1" -.TH BASIC_DB_AUTH 1 "2011-04-03" "perl v5.10.1" "User Contributed Perl Documentation" +.TH BASIC_DB_AUTH 1 "2011-04-18" "perl v5.10.1" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-3.2.0.6/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8 squid-3.2.0.7/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8 --- squid-3.2.0.6/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8 2011-04-04 15:10:28.000000000 +1200 +++ squid-3.2.0.7/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8 2011-04-19 13:14:26.000000000 +1200 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "EXT_WBINFO_GROUP_ACL.PL.IN 1" -.TH EXT_WBINFO_GROUP_ACL.PL.IN 1 "2011-04-03" "perl v5.10.1" "User Contributed Perl Documentation" +.TH EXT_WBINFO_GROUP_ACL.PL.IN 1 "2011-04-18" "perl v5.10.1" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-3.2.0.6/helpers/negotiate_auth/Makefile.am squid-3.2.0.7/helpers/negotiate_auth/Makefile.am --- squid-3.2.0.6/helpers/negotiate_auth/Makefile.am 2011-04-04 14:42:49.000000000 +1200 +++ squid-3.2.0.7/helpers/negotiate_auth/Makefile.am 2011-04-19 12:47:07.000000000 +1200 @@ -1,3 +1,3 @@ -DIST_SUBDIRS = kerberos SSPI +DIST_SUBDIRS = kerberos SSPI wrapper SUBDIRS = $(NEGOTIATE_AUTH_HELPERS) diff -u -r -N squid-3.2.0.6/helpers/negotiate_auth/Makefile.in squid-3.2.0.7/helpers/negotiate_auth/Makefile.in --- squid-3.2.0.6/helpers/negotiate_auth/Makefile.in 2011-04-04 14:43:34.000000000 +1200 +++ squid-3.2.0.7/helpers/negotiate_auth/Makefile.in 2011-04-19 12:47:59.000000000 +1200 @@ -298,7 +298,7 @@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ -DIST_SUBDIRS = kerberos SSPI +DIST_SUBDIRS = kerberos SSPI wrapper SUBDIRS = $(NEGOTIATE_AUTH_HELPERS) all: all-recursive diff -u -r -N squid-3.2.0.6/helpers/negotiate_auth/wrapper/config.test squid-3.2.0.7/helpers/negotiate_auth/wrapper/config.test --- squid-3.2.0.6/helpers/negotiate_auth/wrapper/config.test 1970-01-01 12:00:00.000000000 +1200 +++ squid-3.2.0.7/helpers/negotiate_auth/wrapper/config.test 2011-04-19 12:47:07.000000000 +1200 @@ -0,0 +1,2 @@ +#!/bin/sh +exit 0 diff -u -r -N squid-3.2.0.6/helpers/negotiate_auth/wrapper/Makefile.am squid-3.2.0.7/helpers/negotiate_auth/wrapper/Makefile.am --- squid-3.2.0.6/helpers/negotiate_auth/wrapper/Makefile.am 1970-01-01 12:00:00.000000000 +1200 +++ squid-3.2.0.7/helpers/negotiate_auth/wrapper/Makefile.am 2011-04-19 12:47:07.000000000 +1200 @@ -0,0 +1,8 @@ +include $(top_srcdir)/src/Common.am + +EXTRA_DIST = config.test + +libexec_PROGRAMS = negotiate_wrapper_auth + +negotiate_wrapper_auth_SOURCES = negotiate_wrapper.cc nw_base64.cc nw_base64.h +negotiate_wrapper_auth_LDADD = $(COMPAT_LIB) $(XTRA_LIBS) diff -u -r -N squid-3.2.0.6/helpers/negotiate_auth/wrapper/Makefile.in squid-3.2.0.7/helpers/negotiate_auth/wrapper/Makefile.in --- squid-3.2.0.6/helpers/negotiate_auth/wrapper/Makefile.in 1970-01-01 12:00:00.000000000 +1200 +++ squid-3.2.0.7/helpers/negotiate_auth/wrapper/Makefile.in 2011-04-19 12:48:01.000000000 +1200 @@ -0,0 +1,745 @@ +# Makefile.in generated by automake 1.11.1 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \ + $(top_srcdir)/src/Common.am +check_PROGRAMS = +TESTS = +@USE_LOADABLE_MODULES_TRUE@am__append_1 = $(INCLTDL) +libexec_PROGRAMS = negotiate_wrapper_auth$(EXEEXT) +subdir = helpers/negotiate_auth/wrapper +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/acinclude/init.m4 \ + $(top_srcdir)/acinclude/squid-util.m4 \ + $(top_srcdir)/acinclude/compiler-flags.m4 \ + $(top_srcdir)/acinclude/os-deps.m4 \ + $(top_srcdir)/acinclude/krb5.m4 $(top_srcdir)/acinclude/pam.m4 \ + $(top_srcdir)/acinclude/lib-checks.m4 \ + $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/include/autoconf.h +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +am__installdirs = "$(DESTDIR)$(libexecdir)" +PROGRAMS = $(libexec_PROGRAMS) +am_negotiate_wrapper_auth_OBJECTS = negotiate_wrapper.$(OBJEXT) \ + nw_base64.$(OBJEXT) +negotiate_wrapper_auth_OBJECTS = $(am_negotiate_wrapper_auth_OBJECTS) +@ENABLE_XPROF_STATS_TRUE@am__DEPENDENCIES_1 = $(top_builddir)/lib/profiler/libprofiler.la +am__DEPENDENCIES_2 = $(am__DEPENDENCIES_1) +am__DEPENDENCIES_3 = +negotiate_wrapper_auth_DEPENDENCIES = $(am__DEPENDENCIES_2) \ + $(am__DEPENDENCIES_3) +DEFAULT_INCLUDES = +depcomp = $(SHELL) $(top_srcdir)/cfgaux/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f +CXXCOMPILE = $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ + $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) +LTCXXCOMPILE = $(LIBTOOL) --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ + $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) +CXXLD = $(CXX) +CXXLINK = $(LIBTOOL) --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=link $(CXXLD) $(AM_CXXFLAGS) $(CXXFLAGS) $(AM_LDFLAGS) \ + $(LDFLAGS) -o $@ +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ + $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +CCLD = $(CC) +LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ + $(LDFLAGS) -o $@ +SOURCES = $(negotiate_wrapper_auth_SOURCES) +DIST_SOURCES = $(negotiate_wrapper_auth_SOURCES) +ETAGS = etags +CTAGS = ctags +am__tty_colors = \ +red=; grn=; lgn=; blu=; std= +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +ADAPTATION_LIBS = @ADAPTATION_LIBS@ +ALLOCA = @ALLOCA@ +AMTAR = @AMTAR@ +AR = @AR@ +ARGZ_H = @ARGZ_H@ +AR_R = @AR_R@ +AUTH_LIBS_TO_BUILD = @AUTH_LIBS_TO_BUILD@ +AUTH_MODULES = @AUTH_MODULES@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BASIC_AUTH_HELPERS = @BASIC_AUTH_HELPERS@ +BZR = @BZR@ +CACHE_EFFECTIVE_USER = @CACHE_EFFECTIVE_USER@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CGIEXT = @CGIEXT@ +CHMOD = @CHMOD@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CPPUNITCONFIG = @CPPUNITCONFIG@ +CRYPTLIB = @CRYPTLIB@ +CXX = @CXX@ +CXXCPP = @CXXCPP@ +CXXDEPMODE = @CXXDEPMODE@ +CXXFLAGS = @CXXFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFAULT_HOSTS = @DEFAULT_HOSTS@ +DEFAULT_LOG_DIR = @DEFAULT_LOG_DIR@ +DEFAULT_PID_FILE = @DEFAULT_PID_FILE@ +DEFAULT_SWAP_DIR = @DEFAULT_SWAP_DIR@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@ +DISK_LIBS = @DISK_LIBS@ +DISK_LINKOBJS = @DISK_LINKOBJS@ +DISK_MODULES = @DISK_MODULES@ +DISK_OS_LIBS = @DISK_OS_LIBS@ +DISK_PROGRAMS = @DISK_PROGRAMS@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECAP_LIBS = @ECAP_LIBS@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EPOLL_LIBS = @EPOLL_LIBS@ +EXEEXT = @EXEEXT@ +EXPATLIB = @EXPATLIB@ +EXTERNAL_ACL_HELPERS = @EXTERNAL_ACL_HELPERS@ +EXT_LIBECAP_CFLAGS = @EXT_LIBECAP_CFLAGS@ +EXT_LIBECAP_LIBS = @EXT_LIBECAP_LIBS@ +FALSE = @FALSE@ +FGREP = @FGREP@ +GREP = @GREP@ +ICAP_LIBS = @ICAP_LIBS@ +INCLTDL = @INCLTDL@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +KRB5INCS = @KRB5INCS@ +KRB5LIBS = @KRB5LIBS@ +LBERLIB = @LBERLIB@ +LD = @LD@ +LDAPLIB = @LDAPLIB@ +LDFLAGS = @LDFLAGS@ +LIBADD_DL = @LIBADD_DL@ +LIBADD_DLD_LINK = @LIBADD_DLD_LINK@ +LIBADD_DLOPEN = @LIBADD_DLOPEN@ +LIBADD_SHL_LOAD = @LIBADD_SHL_LOAD@ +LIBLTDL = @LIBLTDL@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBSASL = @LIBSASL@ +LIBTOOL = @LIBTOOL@ +LIB_DB = @LIB_DB@ +LIPO = @LIPO@ +LN = @LN@ +LN_S = @LN_S@ +LOG_DAEMON_HELPERS = @LOG_DAEMON_HELPERS@ +LTDLDEPS = @LTDLDEPS@ +LTDLINCL = @LTDLINCL@ +LTDLOPEN = @LTDLOPEN@ +LTLIBOBJS = @LTLIBOBJS@ +LT_CONFIG_H = @LT_CONFIG_H@ +LT_DLLOADERS = @LT_DLLOADERS@ +LT_DLPREOPEN = @LT_DLPREOPEN@ +MAINT = @MAINT@ +MAKEINFO = @MAKEINFO@ +MINGW_LIBS = @MINGW_LIBS@ +MKDIR = @MKDIR@ +MKDIR_P = @MKDIR_P@ +MV = @MV@ +NEGOTIATE_AUTH_HELPERS = @NEGOTIATE_AUTH_HELPERS@ +NM = @NM@ +NMEDIT = @NMEDIT@ +NTLM_AUTH_HELPERS = @NTLM_AUTH_HELPERS@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PERL = @PERL@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +PO2HTML = @PO2HTML@ +POD2MAN = @POD2MAN@ +RANLIB = @RANLIB@ +REGEXLIB = @REGEXLIB@ +REPL_LIBS = @REPL_LIBS@ +REPL_OBJS = @REPL_OBJS@ +REPL_POLICIES = @REPL_POLICIES@ +RM = @RM@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SH = @SH@ +SHELL = @SHELL@ +SNMPLIB = @SNMPLIB@ +SQUID_CFLAGS = @SQUID_CFLAGS@ +SQUID_CPPUNIT_INC = @SQUID_CPPUNIT_INC@ +SQUID_CPPUNIT_LA = @SQUID_CPPUNIT_LA@ +SQUID_CPPUNIT_LIBS = @SQUID_CPPUNIT_LIBS@ +SQUID_CXXFLAGS = @SQUID_CXXFLAGS@ +SSLLIB = @SSLLIB@ +STORE_LIBS_TO_ADD = @STORE_LIBS_TO_ADD@ +STORE_LIBS_TO_BUILD = @STORE_LIBS_TO_BUILD@ +STORE_TESTS = @STORE_TESTS@ +STRIP = @STRIP@ +TR = @TR@ +TRUE = @TRUE@ +URL_REWRITE_HELPERS = @URL_REWRITE_HELPERS@ +VERSION = @VERSION@ +WIN32_PSAPI = @WIN32_PSAPI@ +XMLLIB = @XMLLIB@ +XTRA_LIBS = @XTRA_LIBS@ +XTRA_OBJS = @XTRA_OBJS@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_CXX = @ac_ct_CXX@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +ac_krb5_config = @ac_krb5_config@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +libdir = @libdir@ +libexecdir = @libexecdir@ +localedir = @localedir@ +localstatedir = @localstatedir@ +ltdl_LIBOBJS = @ltdl_LIBOBJS@ +ltdl_LTLIBOBJS = @ltdl_LTLIBOBJS@ +makesnmplib = @makesnmplib@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +subdirs = @subdirs@ +sys_symbol_underscore = @sys_symbol_underscore@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +AM_CFLAGS = $(SQUID_CFLAGS) +AM_CXXFLAGS = $(SQUID_CXXFLAGS) +CLEANFILES = +INCLUDES = -I$(top_srcdir) -I$(top_srcdir)/include -I$(top_srcdir)/lib \ + -I$(top_srcdir)/src -I$(top_builddir)/include \ + $(SQUID_CPPUNIT_INC) $(KRB5INCS) $(am__append_1) +@ENABLE_XPROF_STATS_FALSE@LIBPROFILER = +@ENABLE_XPROF_STATS_TRUE@LIBPROFILER = $(top_builddir)/lib/profiler/libprofiler.la +COMPAT_LIB = -L$(top_builddir)/compat -lcompat-squid $(LIBPROFILER) +subst_perlshell = sed -e 's,[@]PERL[@],$(PERL),g' <$(srcdir)/$@.pl.in >$@ || ($(RM) -f $@ ; exit 1) +EXTRA_DIST = config.test +negotiate_wrapper_auth_SOURCES = negotiate_wrapper.cc nw_base64.cc nw_base64.h +negotiate_wrapper_auth_LDADD = $(COMPAT_LIB) $(XTRA_LIBS) +all: all-am + +.SUFFIXES: +.SUFFIXES: .cc .lo .o .obj +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/src/Common.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign helpers/negotiate_auth/wrapper/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --foreign helpers/negotiate_auth/wrapper/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): + +clean-checkPROGRAMS: + @list='$(check_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list +install-libexecPROGRAMS: $(libexec_PROGRAMS) + @$(NORMAL_INSTALL) + test -z "$(libexecdir)" || $(MKDIR_P) "$(DESTDIR)$(libexecdir)" + @list='$(libexec_PROGRAMS)'; test -n "$(libexecdir)" || list=; \ + for p in $$list; do echo "$$p $$p"; done | \ + sed 's/$(EXEEXT)$$//' | \ + while read p p1; do if test -f $$p || test -f $$p1; \ + then echo "$$p"; echo "$$p"; else :; fi; \ + done | \ + sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \ + -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ + sed 'N;N;N;s,\n, ,g' | \ + $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ + { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ + if ($$2 == $$4) files[d] = files[d] " " $$1; \ + else { print "f", $$3 "/" $$4, $$1; } } \ + END { for (d in files) print "f", d, files[d] }' | \ + while read type dir files; do \ + if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ + test -z "$$files" || { \ + echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(libexecdir)$$dir'"; \ + $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(libexecdir)$$dir" || exit $$?; \ + } \ + ; done + +uninstall-libexecPROGRAMS: + @$(NORMAL_UNINSTALL) + @list='$(libexec_PROGRAMS)'; test -n "$(libexecdir)" || list=; \ + files=`for p in $$list; do echo "$$p"; done | \ + sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ + -e 's/$$/$(EXEEXT)/' `; \ + test -n "$$list" || exit 0; \ + echo " ( cd '$(DESTDIR)$(libexecdir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(libexecdir)" && rm -f $$files + +clean-libexecPROGRAMS: + @list='$(libexec_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list +negotiate_wrapper_auth$(EXEEXT): $(negotiate_wrapper_auth_OBJECTS) $(negotiate_wrapper_auth_DEPENDENCIES) + @rm -f negotiate_wrapper_auth$(EXEEXT) + $(CXXLINK) $(negotiate_wrapper_auth_OBJECTS) $(negotiate_wrapper_auth_LDADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/negotiate_wrapper.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/nw_base64.Po@am__quote@ + +.cc.o: +@am__fastdepCXX_TRUE@ $(CXXCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCXX_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCXX_FALSE@ $(CXXCOMPILE) -c -o $@ $< + +.cc.obj: +@am__fastdepCXX_TRUE@ $(CXXCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCXX_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCXX_FALSE@ $(CXXCOMPILE) -c -o $@ `$(CYGPATH_W) '$<'` + +.cc.lo: +@am__fastdepCXX_TRUE@ $(LTCXXCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCXX_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCXX_FALSE@ $(LTCXXCOMPILE) -c -o $@ $< + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + mkid -fID $$unique +tags: TAGS + +TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + set x; \ + here=`pwd`; \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: CTAGS +CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +check-TESTS: $(TESTS) + @failed=0; all=0; xfail=0; xpass=0; skip=0; \ + srcdir=$(srcdir); export srcdir; \ + list=' $(TESTS) '; \ + $(am__tty_colors); \ + if test -n "$$list"; then \ + for tst in $$list; do \ + if test -f ./$$tst; then dir=./; \ + elif test -f $$tst; then dir=; \ + else dir="$(srcdir)/"; fi; \ + if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ + all=`expr $$all + 1`; \ + case " $(XFAIL_TESTS) " in \ + *[\ \ ]$$tst[\ \ ]*) \ + xpass=`expr $$xpass + 1`; \ + failed=`expr $$failed + 1`; \ + col=$$red; res=XPASS; \ + ;; \ + *) \ + col=$$grn; res=PASS; \ + ;; \ + esac; \ + elif test $$? -ne 77; then \ + all=`expr $$all + 1`; \ + case " $(XFAIL_TESTS) " in \ + *[\ \ ]$$tst[\ \ ]*) \ + xfail=`expr $$xfail + 1`; \ + col=$$lgn; res=XFAIL; \ + ;; \ + *) \ + failed=`expr $$failed + 1`; \ + col=$$red; res=FAIL; \ + ;; \ + esac; \ + else \ + skip=`expr $$skip + 1`; \ + col=$$blu; res=SKIP; \ + fi; \ + echo "$${col}$$res$${std}: $$tst"; \ + done; \ + if test "$$all" -eq 1; then \ + tests="test"; \ + All=""; \ + else \ + tests="tests"; \ + All="All "; \ + fi; \ + if test "$$failed" -eq 0; then \ + if test "$$xfail" -eq 0; then \ + banner="$$All$$all $$tests passed"; \ + else \ + if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ + banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ + fi; \ + else \ + if test "$$xpass" -eq 0; then \ + banner="$$failed of $$all $$tests failed"; \ + else \ + if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ + banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ + fi; \ + fi; \ + dashes="$$banner"; \ + skipped=""; \ + if test "$$skip" -ne 0; then \ + if test "$$skip" -eq 1; then \ + skipped="($$skip test was not run)"; \ + else \ + skipped="($$skip tests were not run)"; \ + fi; \ + test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ + dashes="$$skipped"; \ + fi; \ + report=""; \ + if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ + report="Please report to $(PACKAGE_BUGREPORT)"; \ + test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ + dashes="$$report"; \ + fi; \ + dashes=`echo "$$dashes" | sed s/./=/g`; \ + if test "$$failed" -eq 0; then \ + echo "$$grn$$dashes"; \ + else \ + echo "$$red$$dashes"; \ + fi; \ + echo "$$banner"; \ + test -z "$$skipped" || echo "$$skipped"; \ + test -z "$$report" || echo "$$report"; \ + echo "$$dashes$$std"; \ + test "$$failed" -eq 0; \ + else :; fi + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am + $(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS) + $(MAKE) $(AM_MAKEFLAGS) check-TESTS +check: check-am +all-am: Makefile $(PROGRAMS) +installdirs: + for dir in "$(DESTDIR)$(libexecdir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + `test -z '$(STRIP)' || \ + echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install +mostlyclean-generic: + +clean-generic: + -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-checkPROGRAMS clean-generic clean-libexecPROGRAMS \ + clean-libtool mostlyclean-am + +distclean: distclean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: install-libexecPROGRAMS + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-libexecPROGRAMS + +.MAKE: check-am install-am install-strip + +.PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \ + clean-checkPROGRAMS clean-generic clean-libexecPROGRAMS \ + clean-libtool ctags distclean distclean-compile \ + distclean-generic distclean-libtool distclean-tags distdir dvi \ + dvi-am html html-am info info-am install install-am \ + install-data install-data-am install-dvi install-dvi-am \ + install-exec install-exec-am install-html install-html-am \ + install-info install-info-am install-libexecPROGRAMS \ + install-man install-pdf install-pdf-am install-ps \ + install-ps-am install-strip installcheck installcheck-am \ + installdirs maintainer-clean maintainer-clean-generic \ + mostlyclean mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool pdf pdf-am ps ps-am tags uninstall \ + uninstall-am uninstall-libexecPROGRAMS + + +$(OBJS): $(top_srcdir)/include/version.h $(top_builddir)/include/autoconf.h + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff -u -r -N squid-3.2.0.6/helpers/negotiate_auth/wrapper/negotiate_wrapper.cc squid-3.2.0.7/helpers/negotiate_auth/wrapper/negotiate_wrapper.cc --- squid-3.2.0.6/helpers/negotiate_auth/wrapper/negotiate_wrapper.cc 1970-01-01 12:00:00.000000000 +1200 +++ squid-3.2.0.7/helpers/negotiate_auth/wrapper/negotiate_wrapper.cc 2011-04-19 12:47:07.000000000 +1200 @@ -0,0 +1,407 @@ +/* + * ----------------------------------------------------------------------------- + * + * Author: Markus Moeller (markus_moeller at compuserve.com) + * + * Copyright (C) 2011 Markus Moeller. All rights reserved. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA. + * + * ----------------------------------------------------------------------------- + */ +/* + * Hosted at http://sourceforge.net/projects/squidkerbauth + */ + +#include "config.h" +#include "nw_base64.h" + +#if HAVE_STRING_H +#include +#endif +#if HAVE_STDIO_H +#include +#endif +#if HAVE_STDLIB_H +#include +#endif +#if HAVE_NETDB_H +#include +#endif +#if HAVE_UNISTD_H +#include +#endif +#if HAVE_TIME_H +#include +#endif +#if HAVE_SYS_TIME_H +#include +#endif +#if HAVE_ERRNO_H +#include +#endif + +#if !defined(HAVE_DECL_XMALLOC) || !HAVE_DECL_XMALLOC +#define xmalloc malloc +#endif +#if !defined(HAVE_DECL_XSTRDUP) || !HAVE_DECL_XSTRDUP +#define xstrdup strdup +#endif +#if !defined(HAVE_DECL_XFREE) || !HAVE_DECL_XFREE +#define xfree free +#endif + +#undef PROGRAM +#define PROGRAM "negotiate_wrapper" +#undef VERSION +#define VERSION "1.0.1" + +#ifndef MAX_AUTHTOKEN_LEN +#define MAX_AUTHTOKEN_LEN 65535 +#endif + +static const unsigned char ntlmProtocol[] = {'N', 'T', 'L', 'M', 'S', 'S', 'P', 0}; + +static const char * +LogTime() +{ + struct tm *tm; + struct timeval now; + static time_t last_t = 0; + static char buf[128]; + + gettimeofday(&now, NULL); + if (now.tv_sec != last_t) { + tm = localtime((time_t *) & now.tv_sec); + strftime(buf, 127, "%Y/%m/%d %H:%M:%S", tm); + last_t = now.tv_sec; + } + return buf; +} + +void usage(void) +{ + fprintf(stderr, "Usage: \n"); + fprintf(stderr, "negotiate_wrapper [-h] [-d] --ntlm ntlm helper + arguments --kerberos kerberos helper + arguments\n"); + fprintf(stderr, "-h help\n"); + fprintf(stderr, "-d full debug\n"); + fprintf(stderr, "--ntlm full ntlm helper path with arguments\n"); + fprintf(stderr, "--kerberos full kerberos helper path with arguments\n"); +} + +int +main(int argc, char *const argv[]) +{ + char buf[MAX_AUTHTOKEN_LEN]; + char tbuff[MAX_AUTHTOKEN_LEN]; + char buff[MAX_AUTHTOKEN_LEN+2]; + char *c; + static int err = 0; + int debug = 0; + int length; + int nstart = 0, kstart = 0; + int nend = 0, kend = 0; + char *token; + char **nargs, **kargs; + int i,j; + int fpid; + FILE *FDKIN,*FDKOUT; + FILE *FDNIN,*FDNOUT; + int pkin[2]; + int pkout[2]; + int pnin[2]; + int pnout[2]; + + setbuf(stdout, NULL); + setbuf(stdin, NULL); + + if (argc ==1 || !strncasecmp(argv[1],"-h",2)) { + usage(); + return 0; + } + + j = 1; + if (!strncasecmp(argv[1],"-d",2)) { + debug = 1; + j = 2; + } + + for (i=j; i kstart) { + kend = nstart-1; + nend = argc-1; + } else { + kend = argc-1; + nend = kstart-1; + } + if (nstart == 0 || kstart == 0 || kend-kstart <= 0 || nend-nstart <= 0 ) { + usage(); + return 0; + } + + if (debug) + fprintf(stderr, "%s| %s: Starting version %s\n", LogTime(), PROGRAM, + VERSION); + + if ((nargs = (char **)xmalloc((nend-nstart+1)*sizeof(char *))) == NULL) { + fprintf(stderr, "%s| %s: Error allocating memory for ntlm helper\n", LogTime(), PROGRAM); + return 1; + } + memcpy(nargs,argv+nstart+1,(nend-nstart)*sizeof(char *)); + nargs[nend-nstart]=NULL; + if (debug) { + fprintf(stderr, "%s| %s: NTLM command: ", LogTime(), PROGRAM); + for (i=0; i(memchr(buf, '\n', sizeof(buf) - 1)); + if (c) { + *c = '\0'; + length = c - buf; + } else { + err = 1; + } + if (err) { + if (debug) + fprintf(stderr, "%s| %s: Oversized message\n", LogTime(), + PROGRAM); + fprintf(stdout, "BH Oversized message\n"); + err = 0; + continue; + } + if (debug) + fprintf(stderr, "%s| %s: Got '%s' from squid (length: %d).\n", + LogTime(), PROGRAM, buf, length); + + if (buf[0] == '\0') { + if (debug) + fprintf(stderr, "%s| %s: Invalid request\n", LogTime(), + PROGRAM); + fprintf(stdout, "BH Invalid request\n"); + continue; + } + if (strlen(buf) < 2) { + if (debug) + fprintf(stderr, "%s| %s: Invalid request [%s]\n", LogTime(), + PROGRAM, buf); + fprintf(stdout, "BH Invalid request\n"); + continue; + } + if (!strncmp(buf, "QQ", 2)) { + fprintf(stdout, "BH quit command\n"); + return 0; + } + if (strncmp(buf, "YR", 2) && strncmp(buf, "KK", 2)) { + if (debug) + fprintf(stderr, "%s| %s: Invalid request [%s]\n", LogTime(), + PROGRAM, buf); + fprintf(stdout, "BH Invalid request\n"); + continue; + } + if (strlen(buf) <= 3) { + if (debug) + fprintf(stderr, "%s| %s: Invalid negotiate request [%s]\n", + LogTime(), PROGRAM, buf); + fprintf(stdout, "BH Invalid negotiate request\n"); + continue; + } + length = nw_base64_decode_len(buf + 3); + if (debug) + fprintf(stderr, "%s| %s: Decode '%s' (decoded length: %d).\n", + LogTime(), PROGRAM, buf + 3, (int) length); + + if ((token = (char *)xmalloc(length)) == NULL) { + fprintf(stderr, "%s| %s: Error allocating memory for token\n", LogTime(), PROGRAM); + return 1; + } + + nw_base64_decode(token, buf + 3, length); + + if ((static_cast(length) >= sizeof(ntlmProtocol) + 1) && + (!memcmp(token, ntlmProtocol, sizeof ntlmProtocol))) { + free(token); + if (debug) + fprintf(stderr, "%s| %s: received type %d NTLM token\n", + LogTime(), PROGRAM, (int) *((unsigned char *) token + + sizeof ntlmProtocol)); + fprintf(FDNIN, "%s\n",buf); + if (fgets(tbuff, sizeof(tbuff) - 1, FDNOUT) == NULL) { + if (ferror(FDNOUT)) { + fprintf(stderr, + "fgets() failed! dying..... errno=%d (%s)\n", + ferror(FDNOUT), strerror(ferror(FDNOUT))); + return 1; + } + fprintf(stderr, "%s| %s: Error reading NTLM helper response\n", + LogTime(), PROGRAM); + return 0; + } + /* + Need to translate NTLM reply to Negotiate reply + AF user => AF blob user + NA reason => NA blob reason + Set blob to '=' + */ + if (strlen(tbuff) >= 3 && (!strncmp(tbuff,"AF ",3) || !strncmp(tbuff,"NA ",3))) { + strncpy(buff,tbuff,3); + buff[3]='='; + for (unsigned int i=2; i<=strlen(tbuff); i++) + buff[i+2] = tbuff[i]; + } else { + strcpy(buff,tbuff); + } + } else { + free(token); + if (debug) + fprintf(stderr, "%s| %s: received Kerberos token\n", + LogTime(), PROGRAM); + + fprintf(FDKIN, "%s\n",buf); + if (fgets(buff, sizeof(buff) - 1, FDKOUT) == NULL) { + if (ferror(FDKOUT)) { + fprintf(stderr, + "fgets() failed! dying..... errno=%d (%s)\n", + ferror(FDKOUT), strerror(ferror(FDKOUT))); + return 1; + } + fprintf(stderr, "%s| %s: Error reading Kerberos helper response\n", + LogTime(), PROGRAM); + return 0; + } + } + fprintf(stdout,"%s",buff); + if (debug) + fprintf(stderr, "%s| %s: Return '%s'\n", + LogTime(), PROGRAM, buff); + } + + return 1; +} diff -u -r -N squid-3.2.0.6/helpers/negotiate_auth/wrapper/nw_base64.cc squid-3.2.0.7/helpers/negotiate_auth/wrapper/nw_base64.cc --- squid-3.2.0.6/helpers/negotiate_auth/wrapper/nw_base64.cc 1970-01-01 12:00:00.000000000 +1200 +++ squid-3.2.0.7/helpers/negotiate_auth/wrapper/nw_base64.cc 2011-04-19 12:47:07.000000000 +1200 @@ -0,0 +1,83 @@ +/* + * Markus Moeller has modified the following code from Squid + */ +#include "config.h" +#include "nw_base64.h" +#include +#include +#include + + +static void nw_base64_init(void); + +static int base64_initialized = 0; +#define BASE64_VALUE_SZ 256 +int base64_value[BASE64_VALUE_SZ]; +const char base64_code[] = + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; + + +static void +nw_base64_init(void) +{ + int i; + + for (i = 0; i < BASE64_VALUE_SZ; i++) + base64_value[i] = -1; + + for (i = 0; i < 64; i++) + base64_value[(int) base64_code[i]] = i; + base64_value[(int)'='] = 0; + + base64_initialized = 1; +} + +void +nw_base64_decode(char *result, const char *data, int result_size) +{ + int j; + int c; + long val; + if (!data) + return; + if (!base64_initialized) + nw_base64_init(); + val = c = 0; + + for (j = 0; *data; data++) { + unsigned int k = ((unsigned char) *data) % BASE64_VALUE_SZ; + if (base64_value[k] < 0) + continue; + val <<= 6; + val += base64_value[k]; + if (++c < 4) + continue; + /* One quantum of four encoding characters/24 bit */ + if (j >= result_size) + break; + result[j++] = val >> 16; /* High 8 bits */ + if (j >= result_size) + break; + result[j++] = (val >> 8) & 0xff; /* Mid 8 bits */ + if (j >= result_size) + break; + result[j++] = val & 0xff; /* Low 8 bits */ + val = c = 0; + } + return; +} + +int +nw_base64_decode_len(const char *data) +{ + int i, j; + + j = 0; + for (i = strlen(data) - 1; i >= 0; i--) { + if (data[i] == '=') + j++; + if (data[i] != '=') + break; + } + return strlen(data) / 4 * 3 - j; +} diff -u -r -N squid-3.2.0.6/helpers/negotiate_auth/wrapper/nw_base64.h squid-3.2.0.7/helpers/negotiate_auth/wrapper/nw_base64.h --- squid-3.2.0.6/helpers/negotiate_auth/wrapper/nw_base64.h 1970-01-01 12:00:00.000000000 +1200 +++ squid-3.2.0.7/helpers/negotiate_auth/wrapper/nw_base64.h 2011-04-19 12:47:07.000000000 +1200 @@ -0,0 +1,11 @@ +#ifndef _NW_BASE64_H +#define _NW_BASE64_H + +/* + * Markus Moeller has modified the following code from Squid + */ + +void nw_base64_decode(char *result, const char *data, int result_size); +int nw_base64_decode_len(const char *data); + +#endif diff -u -r -N squid-3.2.0.6/helpers/ntlm_auth/smb_lm/ntlm_smb_lm_auth.cc squid-3.2.0.7/helpers/ntlm_auth/smb_lm/ntlm_smb_lm_auth.cc --- squid-3.2.0.6/helpers/ntlm_auth/smb_lm/ntlm_smb_lm_auth.cc 2011-04-04 14:42:49.000000000 +1200 +++ squid-3.2.0.7/helpers/ntlm_auth/smb_lm/ntlm_smb_lm_auth.cc 2011-04-19 12:47:07.000000000 +1200 @@ -683,13 +683,6 @@ main(int argc, char *argv[]) { debug("ntlm_auth build " __DATE__ ", " __TIME__ " starting up...\n"); -#if DEBUG - debug("changing dir to /tmp\n"); - if (chdir("/tmp") != 0) { - debug("ERROR: (%d) failed.\n",errno); - return 2; - } -#endif my_program_name = argv[0]; process_options(argc, argv); diff -u -r -N squid-3.2.0.6/icons/Makefile.am squid-3.2.0.7/icons/Makefile.am --- squid-3.2.0.6/icons/Makefile.am 2011-04-04 14:42:49.000000000 +1200 +++ squid-3.2.0.7/icons/Makefile.am 2011-04-19 12:47:07.000000000 +1200 @@ -1,12 +1,12 @@ include $(top_srcdir)/icons/list -icondir = $(localstatedir)/www/squid/icons/silk +icondir = $(datadir)/icons/silk icon_DATA = $(ICONS) EXTRA_DIST = $(ICONS) list SN.png DISTCLEANFILES = install-data-local: SN.png install-iconDATA - $(INSTALL_DATA) $(srcdir)/SN.png "$(DESTDIR)$(localstatedir)/www/squid/icons/" + $(INSTALL_DATA) $(srcdir)/SN.png "$(DESTDIR)$(datadir)/icons/" uninstall-local: - $(RM) $(DESTDIR)$(localstatedir)/www/squid/icons/SN.png + $(RM) $(DESTDIR)$(datadir)/icons/SN.png diff -u -r -N squid-3.2.0.6/icons/Makefile.in squid-3.2.0.7/icons/Makefile.in --- squid-3.2.0.6/icons/Makefile.in 2011-04-04 14:43:37.000000000 +1200 +++ squid-3.2.0.7/icons/Makefile.in 2011-04-19 12:48:03.000000000 +1200 @@ -336,7 +336,7 @@ silk/script_gear.png \ silk/script_palette.png -icondir = $(localstatedir)/www/squid/icons/silk +icondir = $(datadir)/icons/silk icon_DATA = $(ICONS) EXTRA_DIST = $(ICONS) list SN.png DISTCLEANFILES = @@ -552,10 +552,10 @@ install-data-local: SN.png install-iconDATA - $(INSTALL_DATA) $(srcdir)/SN.png "$(DESTDIR)$(localstatedir)/www/squid/icons/" + $(INSTALL_DATA) $(srcdir)/SN.png "$(DESTDIR)$(datadir)/icons/" uninstall-local: - $(RM) $(DESTDIR)$(localstatedir)/www/squid/icons/SN.png + $(RM) $(DESTDIR)$(datadir)/icons/SN.png # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. Binary files squid-3.2.0.6/icons/SN.png and squid-3.2.0.7/icons/SN.png differ diff -u -r -N squid-3.2.0.6/include/version.h squid-3.2.0.7/include/version.h --- squid-3.2.0.6/include/version.h 2011-04-04 14:44:13.000000000 +1200 +++ squid-3.2.0.7/include/version.h 2011-04-19 12:48:41.000000000 +1200 @@ -9,7 +9,7 @@ */ #ifndef SQUID_RELEASE_TIME -#define SQUID_RELEASE_TIME 1301884967 +#define SQUID_RELEASE_TIME 1303174025 #endif #ifndef APP_SHORTNAME diff -u -r -N squid-3.2.0.6/RELEASENOTES.html squid-3.2.0.7/RELEASENOTES.html --- squid-3.2.0.6/RELEASENOTES.html 2011-04-04 15:10:55.000000000 +1200 +++ squid-3.2.0.7/RELEASENOTES.html 2011-04-19 13:14:36.000000000 +1200 @@ -2,10 +2,10 @@ - Squid 3.2.0.6 release notes + Squid 3.2.0.7 release notes -

Squid 3.2.0.6 release notes

+

Squid 3.2.0.7 release notes

Squid Developers

@@ -33,7 +33,6 @@
  • 2.7 Surrogate/1.0 protocol extensions to HTTP
  • 2.8 Logging Infrastructure Updated
  • 2.9 Client Bandwidth Limits -
  • 2.10 Dynamic SSL Certificate Generation

    3. Changes to squid.conf since Squid-3.1

    @@ -70,7 +69,7 @@

    1. Notice

    -

    The Squid Team are pleased to announce the release of Squid-3.2.0.6 for testing.

    +

    The Squid Team are pleased to announce the release of Squid-3.2.0.7 for testing.

    This new release is available for download from http://www.squid-cache.org/Versions/v3/3.2/ or the mirrors.

    @@ -104,7 +103,6 @@
  • Surrogate/1.0 protocol extensions to HTTP
  • Logging Infrastructure Updated
  • Client Bandwidth Limits
    • -
  • Dynamic SSL Certificate Generation
  • Better eCAP support

    • @@ -299,6 +297,7 @@
    • squid_kerb_auth - negotiate_kerberos_auth - Authenticate with Kerberos servers.
    • mswin_sspi - negotiate_sspi_auth - Authenticate with a Windows Domain Controller using SSPI.
      • +
    • negotiate_wrapper - negotiate_wrapper_auth - Split Negotiate traffic between Kerberos and NTLM helpers.

    @@ -429,29 +428,6 @@ response data from Squid. This delay may need to be lowered in high-bandwidth environments.

    -

    2.10 Dynamic SSL Certificate Generation -

    - -

    SslBump users know how many certificate warnings a single complex site -(using dedicated image, style, and/or advertisement servers for embedded content) -can generate. The warnings are legitimate and are caused by Squid-provided site -certificate. Two things may be wrong with that certificate: -

      -
    • Squid certificate is not signed by a trusted authority.
      • -
    • Squid certificate name does not match the site domain name.
      • -
    - -Squid can do nothing about (A), but in most targeted environments, users will -trust the "man in the middle" authority and install the corresponding root -certificate.

    - -

    To avoid mismatch (B), the DynamicSslCert feature concentrates on generating -site certificates that match the requested site domain name. Please note that -the browser site name check does not really add much security in an SslBump -environment where the user already trusts the "man in the middle". The check -only adds warnings and creates page rendering problems in browsers that try to -reduce the number of warnings by blocking some embedded content.

    -

    3. Changes to squid.conf since Squid-3.1

    There have been changes to Squid's configuration file since Squid-3.1.

    @@ -567,12 +543,6 @@
    write_timeout

    New setting to limit time spent waiting for data writes to be confirmed.

    - -
    sslcrtd_program
    -

    Specify the location and options of the executable for ssl_crtd process.

    - -
    sslcrtd_children
    -

    Configures the number of sslcrtd processes to spawn

    @@ -798,10 +768,6 @@
    --without-netfiler-conntrack

    Disables the libnetfilter_conntrack library being used for the new qos_flows option mark. default is to auto-detect the library and use where available.

    - -
    --enable-ssl-crtd
    -

    Prevent Squid from directly generation of SSL private key and -certificate request and instead enables the ssl_crtd processes.

    diff -u -r -N squid-3.2.0.6/src/adaptation/icap/ModXact.cc squid-3.2.0.7/src/adaptation/icap/ModXact.cc --- squid-3.2.0.6/src/adaptation/icap/ModXact.cc 2011-04-04 14:42:49.000000000 +1200 +++ squid-3.2.0.7/src/adaptation/icap/ModXact.cc 2011-04-19 12:47:07.000000000 +1200 @@ -1496,8 +1496,6 @@ // we decided to do preview, now compute its size - Must(wantedSize >= 0); - // cannot preview more than we can backup size_t ad = min(wantedSize, TheBackupLimit); @@ -1766,7 +1764,7 @@ void Adaptation::Icap::VirginBodyAct::progress(size_t size) { Must(active()); - Must(size >= 0); + Must(static_cast(size) >= 0); theStart += static_cast(size); } @@ -1783,7 +1781,6 @@ void Adaptation::Icap::Preview::enable(size_t anAd) { // TODO: check for anAd not exceeding preview size limit - Must(anAd >= 0); Must(!enabled()); theAd = anAd; theState = stWriting; diff -u -r -N squid-3.2.0.6/src/adaptation/icap/Xaction.cc squid-3.2.0.7/src/adaptation/icap/Xaction.cc --- squid-3.2.0.6/src/adaptation/icap/Xaction.cc 2011-04-04 14:42:49.000000000 +1200 +++ squid-3.2.0.7/src/adaptation/icap/Xaction.cc 2011-04-19 12:47:07.000000000 +1200 @@ -358,7 +358,6 @@ reader = NULL; Must(io.flag == COMM_OK); - Must(io.size >= 0); if (!io.size) { commEof = true; diff -u -r -N squid-3.2.0.6/src/anyp/ProtocolType.cc squid-3.2.0.7/src/anyp/ProtocolType.cc --- squid-3.2.0.6/src/anyp/ProtocolType.cc 2011-04-04 15:10:45.000000000 +1200 +++ squid-3.2.0.7/src/anyp/ProtocolType.cc 2011-04-19 13:14:31.000000000 +1200 @@ -15,7 +15,9 @@ "WAIS", "CACHE_OBJECT", "ICP", +#if USE_HTCP "HTCP", +#endif "URN", "WHOIS", "INTERNAL", diff -u -r -N squid-3.2.0.6/src/auth/basic/auth_basic.cc squid-3.2.0.7/src/auth/basic/auth_basic.cc --- squid-3.2.0.6/src/auth/basic/auth_basic.cc 2011-04-04 14:42:49.000000000 +1200 +++ squid-3.2.0.7/src/auth/basic/auth_basic.cc 2011-04-19 12:47:07.000000000 +1200 @@ -40,6 +40,7 @@ #include "squid.h" #include "auth/basic/auth_basic.h" #include "auth/basic/Scheme.h" +#include "auth/basic/User.h" #include "auth/basic/UserRequest.h" #include "auth/Gadgets.h" #include "auth/State.h" @@ -70,13 +71,13 @@ /* internal functions */ bool -AuthBasicConfig::active() const +Auth::Basic::Config::active() const { return authbasic_initialised == 1; } bool -AuthBasicConfig::configured() const +Auth::Basic::Config::configured() const { if ((authenticateProgram != NULL) && (authenticateChildren.n_max != 0) && (basicAuthRealm != NULL)) { @@ -89,36 +90,13 @@ } const char * -AuthBasicConfig::type() const +Auth::Basic::Config::type() const { return Auth::Basic::Scheme::GetInstance()->type(); } -int32_t -BasicUser::ttl() const -{ - if (credentials() != Ok && credentials() != Pending) - return -1; // TTL is obsolete NOW. - - int32_t basic_ttl = expiretime - squid_curtime + static_cast(config)->credentialsTTL; - int32_t global_ttl = static_cast(expiretime - squid_curtime + Config.authenticateTTL); - - return min(basic_ttl, global_ttl); -} - -bool -BasicUser::authenticated() const -{ - if ((credentials() == Ok) && (expiretime + static_cast(config)->credentialsTTL > squid_curtime)) - return true; - - debugs(29, 4, "User not authenticated or credentials need rechecking."); - - return false; -} - void -AuthBasicConfig::fixHeader(AuthUserRequest::Pointer auth_user_request, HttpReply *rep, http_hdr_type hdrType, HttpRequest * request) +Auth::Basic::Config::fixHeader(AuthUserRequest::Pointer auth_user_request, HttpReply *rep, http_hdr_type hdrType, HttpRequest * request) { if (authenticateProgram) { debugs(29, 9, HERE << "Sending type:" << hdrType << " header: 'Basic realm=\"" << basicAuthRealm << "\"'"); @@ -127,7 +105,7 @@ } void -AuthBasicConfig::rotateHelpers() +Auth::Basic::Config::rotateHelpers() { /* schedule closure of existing helpers */ if (basicauthenticators) { @@ -139,7 +117,7 @@ /** shutdown the auth helpers and free any allocated configuration details */ void -AuthBasicConfig::done() +Auth::Basic::Config::done() { authbasic_initialised = 0; @@ -157,11 +135,6 @@ safe_free(basicAuthRealm); } -BasicUser::~BasicUser() -{ - safe_free(passwd); -} - static void authenticateBasicHandleReply(void *data, char *reply) { @@ -182,16 +155,16 @@ assert(r->auth_user_request != NULL); assert(r->auth_user_request->user()->auth_type == Auth::AUTH_BASIC); - /* this is okay since we only play with the BasicUser child fields below + /* this is okay since we only play with the Auth::Basic::User child fields below * and dont pass the pointer itself anywhere */ - BasicUser *basic_auth = dynamic_cast(r->auth_user_request->user().getRaw()); + Auth::Basic::User *basic_auth = dynamic_cast(r->auth_user_request->user().getRaw()); assert(basic_auth != NULL); if (reply && (strncasecmp(reply, "OK", 2) == 0)) - basic_auth->credentials(AuthUser::Ok); + basic_auth->credentials(Auth::Ok); else { - basic_auth->credentials(AuthUser::Failed); + basic_auth->credentials(Auth::Failed); if (t && *t) r->auth_user_request->setDenyMessage(t); @@ -219,7 +192,7 @@ } void -AuthBasicConfig::dump(StoreEntry * entry, const char *name, AuthConfig * scheme) +Auth::Basic::Config::dump(StoreEntry * entry, const char *name, Auth::Config * scheme) { wordlist *list = authenticateProgram; storeAppendPrintf(entry, "%s %s", name, "basic"); @@ -237,7 +210,7 @@ storeAppendPrintf(entry, "%s basic casesensitive %s\n", name, casesensitive ? "on" : "off"); } -AuthBasicConfig::AuthBasicConfig() : +Auth::Basic::Config::Config() : credentialsTTL( 2*60*60 ), casesensitive(0), utf8(0) @@ -245,13 +218,13 @@ basicAuthRealm = xstrdup("Squid proxy-caching web server"); } -AuthBasicConfig::~AuthBasicConfig() +Auth::Basic::Config::~Config() { safe_free(basicAuthRealm); } void -AuthBasicConfig::parse(AuthConfig * scheme, int n_configured, char *param_str) +Auth::Basic::Config::parse(Auth::Config * scheme, int n_configured, char *param_str) { if (strcasecmp(param_str, "program") == 0) { if (authenticateProgram) @@ -281,7 +254,7 @@ helperStats(sentry, basicauthenticators, "Basic Authenticator Statistics"); } -static AuthUser::Pointer +static Auth::User::Pointer authBasicAuthUserFindUsername(const char *username) { AuthUserHashPointer *usernamehash; @@ -300,15 +273,8 @@ return NULL; } -BasicUser::BasicUser(AuthConfig *aConfig) : - AuthUser(aConfig), - passwd(NULL), - auth_queue(NULL), - currentRequest(NULL) -{} - char * -AuthBasicConfig::decodeCleartext(const char *httpAuthHeader) +Auth::Basic::Config::decodeCleartext(const char *httpAuthHeader) { const char *proxy_auth = httpAuthHeader; @@ -342,37 +308,6 @@ return cleartext; } -bool -BasicUser::valid() const -{ - if (username() == NULL) - return false; - if (passwd == NULL) - return false; - return true; -} - -void -BasicUser::updateCached(BasicUser *from) -{ - debugs(29, 9, HERE << "Found user '" << from->username() << "' already in the user cache as '" << this << "'"); - - assert(strcmp(from->username(), username()) == 0); - - if (strcmp(from->passwd, passwd)) { - debugs(29, 4, HERE << "new password found. Updating in user master record and resetting auth state to unchecked"); - credentials(Unchecked); - xfree(passwd); - passwd = from->passwd; - from->passwd = NULL; - } - - if (credentials() == Failed) { - debugs(29, 4, HERE << "last attempt to authenticate this user failed, resetting auth state to unchecked"); - credentials(Unchecked); - } -} - /** * Decode a Basic [Proxy-]Auth string, linking the passed * auth_user_request structure to any existing user structure or creating one @@ -381,7 +316,7 @@ * descriptive message to the user. */ AuthUserRequest::Pointer -AuthBasicConfig::decode(char const *proxy_auth) +Auth::Basic::Config::decode(char const *proxy_auth) { AuthUserRequest::Pointer auth_user_request = dynamic_cast(new AuthBasicUserRequest); /* decode the username */ @@ -393,13 +328,13 @@ if (!cleartext) return auth_user_request; - AuthUser::Pointer lb; + Auth::User::Pointer lb; /* permitted because local_basic is purely local function scope. */ - BasicUser *local_basic = NULL; + Auth::Basic::User *local_basic = NULL; char *seperator = strchr(cleartext, ':'); - lb = local_basic = new BasicUser(this); + lb = local_basic = new Auth::Basic::User(this); if (seperator == NULL) { local_basic->username(cleartext); } else { @@ -432,7 +367,7 @@ } /* now lookup and see if we have a matching auth_user structure in memory. */ - AuthUser::Pointer auth_user; + Auth::User::Pointer auth_user; if ((auth_user = authBasicAuthUserFindUsername(lb->username())) == NULL) { /* the user doesn't exist in the username cache yet */ @@ -452,7 +387,7 @@ assert(auth_user != NULL); } else { /* replace the current cached password with the new one */ - BasicUser *basic_auth = dynamic_cast(auth_user.getRaw()); + Auth::Basic::User *basic_auth = dynamic_cast(auth_user.getRaw()); assert(basic_auth); basic_auth->updateCached(local_basic); auth_user = basic_auth; @@ -466,7 +401,7 @@ /** Initialize helpers and the like for this auth scheme. Called AFTER parsing the * config file */ void -AuthBasicConfig::init(AuthConfig * schemeCfg) +Auth::Basic::Config::init(Auth::Config * schemeCfg) { if (authenticateProgram) { authbasic_initialised = 1; @@ -487,15 +422,16 @@ } void -AuthBasicConfig::registerWithCacheManager(void) +Auth::Basic::Config::registerWithCacheManager(void) { Mgr::RegisterAction("basicauthenticator", "Basic User Authenticator Stats", authenticateBasicStats, 0, 1); } +// XXX: this is a auth management function. Surely not in scope for the credentials storage object void -BasicUser::queueRequest(AuthUserRequest::Pointer auth_user_request, RH * handler, void *data) +Auth::Basic::User::queueRequest(AuthUserRequest::Pointer auth_user_request, RH * handler, void *data) { BasicAuthQueueNode *node; node = static_cast(xcalloc(1, sizeof(BasicAuthQueueNode))); @@ -508,11 +444,12 @@ node->data = cbdataReference(data); } +// XXX: this is a auth management function. Surely not in scope for the credentials storage object void -BasicUser::submitRequest(AuthUserRequest::Pointer auth_user_request, RH * handler, void *data) +Auth::Basic::User::submitRequest(AuthUserRequest::Pointer auth_user_request, RH * handler, void *data) { /* mark the user as having verification in progress */ - credentials(Pending); + credentials(Auth::Pending); authenticateStateData *r = NULL; char buf[8192]; char user[1024], pass[1024]; @@ -520,7 +457,7 @@ r->handler = handler; r->data = cbdataReference(data); r->auth_user_request = auth_user_request; - if (static_cast(config)->utf8) { + if (static_cast(config)->utf8) { latin1_to_utf8(user, sizeof(user), username()); latin1_to_utf8(pass, sizeof(pass), passwd); xstrncpy(user, rfc1738_escape(user), sizeof(user)); diff -u -r -N squid-3.2.0.6/src/auth/basic/auth_basic.h squid-3.2.0.7/src/auth/basic/auth_basic.h --- squid-3.2.0.6/src/auth/basic/auth_basic.h 2011-04-04 14:42:49.000000000 +1200 +++ squid-3.2.0.7/src/auth/basic/auth_basic.h 2011-04-19 12:47:07.000000000 +1200 @@ -7,7 +7,6 @@ #define __AUTH_BASIC_H__ #include "auth/Gadgets.h" -#include "auth/User.h" #include "auth/UserRequest.h" #include "auth/Config.h" #include "helper.h" @@ -25,54 +24,31 @@ void *data; }; -class BasicUser : public AuthUser +namespace Auth { - -public: - MEMPROXY_CLASS(BasicUser); - - BasicUser(AuthConfig *); - ~BasicUser(); - bool authenticated() const; - void queueRequest(AuthUserRequest::Pointer auth_user_request, RH * handler, void *data); - void submitRequest(AuthUserRequest::Pointer auth_user_request, RH * handler, void *data); - - bool valid() const; - - /** Update the cached password for a username. */ - void updateCached(BasicUser *from); - virtual int32_t ttl() const; - - char *passwd; - - BasicAuthQueueNode *auth_queue; - -private: - AuthUserRequest::Pointer currentRequest; -}; - -MEMPROXY_CLASS_INLINE(BasicUser); - -/* configuration runtime data */ - -class AuthBasicConfig : public AuthConfig +namespace Basic { +/** Basic authentication configuration data */ +class Config : public Auth::Config +{ public: - AuthBasicConfig(); - ~AuthBasicConfig(); + Config(); + ~Config(); virtual bool active() const; virtual bool configured() const; virtual AuthUserRequest::Pointer decode(char const *proxy_auth); virtual void done(); virtual void rotateHelpers(); - virtual void dump(StoreEntry *, const char *, AuthConfig *); + virtual void dump(StoreEntry *, const char *, Auth::Config *); virtual void fixHeader(AuthUserRequest::Pointer, HttpReply *, http_hdr_type, HttpRequest *); - virtual void init(AuthConfig *); - virtual void parse(AuthConfig *, int, char *); + virtual void init(Auth::Config *); + virtual void parse(Auth::Config *, int, char *); void decode(char const *httpAuthHeader, AuthUserRequest::Pointer); virtual void registerWithCacheManager(void); virtual const char * type() const; + +public: char *basicAuthRealm; time_t credentialsTTL; int casesensitive; @@ -82,4 +58,7 @@ char * decodeCleartext(const char *httpAuthHeader); }; +} // namespace Basic +} // namespace Auth + #endif /* __AUTH_BASIC_H__ */ diff -u -r -N squid-3.2.0.6/src/auth/basic/Makefile.am squid-3.2.0.7/src/auth/basic/Makefile.am --- squid-3.2.0.6/src/auth/basic/Makefile.am 2011-04-04 14:42:49.000000000 +1200 +++ squid-3.2.0.7/src/auth/basic/Makefile.am 2011-04-19 12:47:07.000000000 +1200 @@ -8,5 +8,7 @@ Scheme.h \ auth_basic.cc \ auth_basic.h \ + User.cc \ + User.h \ UserRequest.cc \ UserRequest.h diff -u -r -N squid-3.2.0.6/src/auth/basic/Makefile.in squid-3.2.0.7/src/auth/basic/Makefile.in --- squid-3.2.0.6/src/auth/basic/Makefile.in 2011-04-04 14:43:43.000000000 +1200 +++ squid-3.2.0.7/src/auth/basic/Makefile.in 2011-04-19 12:48:09.000000000 +1200 @@ -55,7 +55,8 @@ CONFIG_CLEAN_VPATH_FILES = LTLIBRARIES = $(noinst_LTLIBRARIES) libbasic_la_LIBADD = -am_libbasic_la_OBJECTS = Scheme.lo auth_basic.lo UserRequest.lo +am_libbasic_la_OBJECTS = Scheme.lo auth_basic.lo User.lo \ + UserRequest.lo libbasic_la_OBJECTS = $(am_libbasic_la_OBJECTS) DEFAULT_INCLUDES = depcomp = $(SHELL) $(top_srcdir)/cfgaux/depcomp @@ -310,6 +311,8 @@ Scheme.h \ auth_basic.cc \ auth_basic.h \ + User.cc \ + User.h \ UserRequest.cc \ UserRequest.h @@ -375,6 +378,7 @@ -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/Scheme.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/User.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/UserRequest.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/auth_basic.Plo@am__quote@ diff -u -r -N squid-3.2.0.6/src/auth/basic/Scheme.cc squid-3.2.0.7/src/auth/basic/Scheme.cc --- squid-3.2.0.6/src/auth/basic/Scheme.cc 2011-04-04 14:42:49.000000000 +1200 +++ squid-3.2.0.7/src/auth/basic/Scheme.cc 2011-04-19 12:47:07.000000000 +1200 @@ -34,7 +34,7 @@ #include "auth/basic/Scheme.h" #include "helper.h" -/* for AuthConfig */ +/* for Auth::Config */ #include "auth/basic/auth_basic.h" Auth::Scheme::Pointer Auth::Basic::Scheme::_instance = NULL; @@ -65,9 +65,9 @@ debugs(29, DBG_CRITICAL, "Shutdown: Basic authentication."); } -AuthConfig * +Auth::Config * Auth::Basic::Scheme::createConfig() { - AuthBasicConfig *newCfg = new AuthBasicConfig; - return dynamic_cast(newCfg); + Auth::Basic::Config *newCfg = new Auth::Basic::Config; + return dynamic_cast(newCfg); } diff -u -r -N squid-3.2.0.6/src/auth/basic/Scheme.h squid-3.2.0.7/src/auth/basic/Scheme.h --- squid-3.2.0.6/src/auth/basic/Scheme.h 2011-04-04 14:42:49.000000000 +1200 +++ squid-3.2.0.7/src/auth/basic/Scheme.h 2011-04-19 12:47:07.000000000 +1200 @@ -54,7 +54,7 @@ /* per scheme */ virtual char const *type() const; virtual void shutdownCleanup(); - virtual AuthConfig *createConfig(); + virtual Auth::Config *createConfig(); /* Not implemented */ Scheme(Scheme const &); Scheme &operator=(Scheme const &); diff -u -r -N squid-3.2.0.6/src/auth/basic/User.cc squid-3.2.0.7/src/auth/basic/User.cc --- squid-3.2.0.6/src/auth/basic/User.cc 1970-01-01 12:00:00.000000000 +1200 +++ squid-3.2.0.7/src/auth/basic/User.cc 2011-04-19 12:47:07.000000000 +1200 @@ -0,0 +1,72 @@ +#include "config.h" +#include "auth/basic/auth_basic.h" +#include "auth/basic/User.h" +#include "Debug.h" +#include "SquidTime.h" + +Auth::Basic::User::User(Auth::Config *aConfig) : + Auth::User(aConfig), + passwd(NULL), + auth_queue(NULL), + currentRequest(NULL) +{} + +Auth::Basic::User::~User() +{ + safe_free(passwd); +} + +int32_t +Auth::Basic::User::ttl() const +{ + if (credentials() != Auth::Ok && credentials() != Auth::Pending) + return -1; // TTL is obsolete NOW. + + int32_t basic_ttl = expiretime - squid_curtime + static_cast(config)->credentialsTTL; + int32_t global_ttl = static_cast(expiretime - squid_curtime + ::Config.authenticateTTL); + + return min(basic_ttl, global_ttl); +} + +bool +Auth::Basic::User::authenticated() const +{ + if ((credentials() == Auth::Ok) && (expiretime + static_cast(config)->credentialsTTL > squid_curtime)) + return true; + + debugs(29, 4, "User not authenticated or credentials need rechecking."); + + return false; +} + +bool +Auth::Basic::User::valid() const +{ + if (username() == NULL) + return false; + if (passwd == NULL) + return false; + return true; +} + +void +Auth::Basic::User::updateCached(Auth::Basic::User *from) +{ + debugs(29, 9, HERE << "Found user '" << from->username() << "' already in the user cache as '" << this << "'"); + + assert(strcmp(from->username(), username()) == 0); + + if (strcmp(from->passwd, passwd)) { + debugs(29, 4, HERE << "new password found. Updating in user master record and resetting auth state to unchecked"); + credentials(Auth::Unchecked); + xfree(passwd); + passwd = from->passwd; + from->passwd = NULL; + } + + if (credentials() == Auth::Failed) { + debugs(29, 4, HERE << "last attempt to authenticate this user failed, resetting auth state to unchecked"); + credentials(Auth::Unchecked); + } +} + diff -u -r -N squid-3.2.0.6/src/auth/basic/User.h squid-3.2.0.7/src/auth/basic/User.h --- squid-3.2.0.6/src/auth/basic/User.h 1970-01-01 12:00:00.000000000 +1200 +++ squid-3.2.0.7/src/auth/basic/User.h 2011-04-19 12:47:07.000000000 +1200 @@ -0,0 +1,48 @@ +#ifndef _SQUID_AUTH_BASIC_USER_H +#define _SQUID_AUTH_BASIC_USER_H + +#include "auth/User.h" +#include "auth/UserRequest.h" + +class BasicAuthQueueNode; + +namespace Auth +{ + +class Config; + +namespace Basic +{ + +/** User credentials for the Basic authentication protocol */ +class User : public Auth::User +{ +public: + MEMPROXY_CLASS(Auth::Basic::User); + + User(Auth::Config *); + ~User(); + bool authenticated() const; + void queueRequest(AuthUserRequest::Pointer auth_user_request, RH * handler, void *data); + void submitRequest(AuthUserRequest::Pointer auth_user_request, RH * handler, void *data); + + bool valid() const; + + /** Update the cached password for a username. */ + void updateCached(User *from); + virtual int32_t ttl() const; + + char *passwd; + + BasicAuthQueueNode *auth_queue; + +private: + AuthUserRequest::Pointer currentRequest; +}; + +MEMPROXY_CLASS_INLINE(Auth::Basic::User); + +} // namespace Basic +} // namespace Auth + +#endif /* _SQUID_AUTH_BASIC_USER_H */ diff -u -r -N squid-3.2.0.6/src/auth/basic/UserRequest.cc squid-3.2.0.7/src/auth/basic/UserRequest.cc --- squid-3.2.0.6/src/auth/basic/UserRequest.cc 2011-04-04 14:42:49.000000000 +1200 +++ squid-3.2.0.7/src/auth/basic/UserRequest.cc 2011-04-19 12:47:07.000000000 +1200 @@ -1,12 +1,13 @@ #include "config.h" #include "auth/basic/auth_basic.h" +#include "auth/basic/User.h" #include "auth/basic/UserRequest.h" #include "SquidTime.h" int AuthBasicUserRequest::authenticated() const { - BasicUser const *basic_auth = dynamic_cast(user().getRaw()); + Auth::Basic::User const *basic_auth = dynamic_cast(user().getRaw()); if (basic_auth && basic_auth->authenticated()) return 1; @@ -22,11 +23,11 @@ assert(user() != NULL); /* if the password is not ok, do an identity */ - if (!user() || user()->credentials() != AuthUser::Ok) + if (!user() || user()->credentials() != Auth::Ok) return; /* are we about to recheck the credentials externally? */ - if ((user()->expiretime + static_cast(AuthConfig::Find("basic"))->credentialsTTL) <= squid_curtime) { + if ((user()->expiretime + static_cast(Auth::Config::Find("basic"))->credentialsTTL) <= squid_curtime) { debugs(29, 4, HERE << "credentials expired - rechecking"); return; } @@ -50,16 +51,16 @@ switch (user()->credentials()) { - case AuthUser::Unchecked: - case AuthUser::Pending: + case Auth::Unchecked: + case Auth::Pending: return -1; - case AuthUser::Ok: - if (user()->expiretime + static_cast(AuthConfig::Find("basic"))->credentialsTTL <= squid_curtime) + case Auth::Ok: + if (user()->expiretime + static_cast(Auth::Config::Find("basic"))->credentialsTTL <= squid_curtime) return -1; return 0; - case AuthUser::Failed: + case Auth::Failed: return 0; default: @@ -72,18 +73,18 @@ AuthBasicUserRequest::module_start(RH * handler, void *data) { assert(user()->auth_type == Auth::AUTH_BASIC); - BasicUser *basic_auth = dynamic_cast(user().getRaw()); + Auth::Basic::User *basic_auth = dynamic_cast(user().getRaw()); assert(basic_auth != NULL); debugs(29, 9, HERE << "'" << basic_auth->username() << ":" << basic_auth->passwd << "'"); - if (static_cast(AuthConfig::Find("basic"))->authenticateProgram == NULL) { + if (static_cast(Auth::Config::Find("basic"))->authenticateProgram == NULL) { debugs(29, DBG_CRITICAL, "ERROR: No Basic authentication program configured."); handler(data, NULL); return; } /* check to see if the auth_user already has a request outstanding */ - if (user()->credentials() == AuthUser::Pending) { + if (user()->credentials() == Auth::Pending) { /* there is a request with the same credentials already being verified */ basic_auth->queueRequest(this, handler, data); return; diff -u -r -N squid-3.2.0.6/src/auth/Config.cc squid-3.2.0.7/src/auth/Config.cc --- squid-3.2.0.6/src/auth/Config.cc 2011-04-04 14:42:49.000000000 +1200 +++ squid-3.2.0.7/src/auth/Config.cc 2011-04-19 12:47:07.000000000 +1200 @@ -36,21 +36,22 @@ #include "auth/Config.h" #include "auth/UserRequest.h" -Auth::authConfig Auth::TheConfig; +Auth::ConfigVector Auth::TheConfig; /** - * Get Auth User: Return a filled out auth_user structure for the given - * Proxy Auth (or Auth) header. It may be a cached Auth User or a new - * Unauthenticated structure. The structure is given an initial lock here. + * Get an User credentials object filled out for the given Proxy- or WWW-Authenticate header. + * Any decoding which needs to be done will be done. + * + * It may be a cached AuthUser or a new Unauthenticated object. * It may also be NULL reflecting that no user could be created. */ AuthUserRequest::Pointer -AuthConfig::CreateAuthUser(const char *proxy_auth) +Auth::Config::CreateAuthUser(const char *proxy_auth) { assert(proxy_auth != NULL); - debugs(29, 9, "AuthConfig::CreateAuthUser: header = '" << proxy_auth << "'"); + debugs(29, 9, HERE << "header = '" << proxy_auth << "'"); - AuthConfig *config = Find(proxy_auth); + Auth::Config *config = Find(proxy_auth); if (config == NULL || !config->active()) { debugs(29, (shutting_down?3:DBG_IMPORTANT), (shutting_down?"":"WARNING: ") << @@ -61,17 +62,17 @@ return config->decode(proxy_auth); } -AuthConfig * -AuthConfig::Find(const char *proxy_auth) +Auth::Config * +Auth::Config::Find(const char *proxy_auth) { - for (Auth::authConfig::iterator i = Auth::TheConfig.begin(); i != Auth::TheConfig.end(); ++i) + for (Auth::ConfigVector::iterator i = Auth::TheConfig.begin(); i != Auth::TheConfig.end(); ++i) if (strncasecmp(proxy_auth, (*i)->type(), strlen((*i)->type())) == 0) return *i; return NULL; } -/* Default behaviour is to expose nothing */ +/** Default behaviour is to expose nothing */ void -AuthConfig::registerWithCacheManager(void) +Auth::Config::registerWithCacheManager(void) {} diff -u -r -N squid-3.2.0.6/src/auth/Config.h squid-3.2.0.7/src/auth/Config.h --- squid-3.2.0.6/src/auth/Config.h 2011-04-04 14:42:49.000000000 +1200 +++ squid-3.2.0.7/src/auth/Config.h 2011-04-19 12:47:07.000000000 +1200 @@ -29,8 +29,8 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA. * */ -#ifndef SQUID_AUTHCONFIG_H -#define SQUID_AUTHCONFIG_H +#ifndef SQUID_AUTH_CONFIG_H +#define SQUID_AUTH_CONFIG_H #if USE_AUTH @@ -45,28 +45,30 @@ /* for http_hdr_type parameters-by-value */ #include "HttpHeader.h" +namespace Auth +{ /** - \ingroup AuthAPI - \par + * \ingroup AuthAPI + * \par * I am the configuration for an auth scheme. * Currently each scheme has only one instance of me, * but this may change. - \par + * \par * This class is treated like a ref counted class. * If the children ever stop being singletons, implement the * ref counting... */ -class AuthConfig +class Config { public: static AuthUserRequest::Pointer CreateAuthUser(const char *proxy_auth); - static AuthConfig *Find(const char *proxy_auth); - AuthConfig() : authenticateChildren(20), authenticateProgram(NULL) {} + static Config *Find(const char *proxy_auth); + Config() : authenticateChildren(20), authenticateProgram(NULL) {} - virtual ~AuthConfig() {} + virtual ~Config() {} /** * Used by squid to determine whether the auth module has successfully initialised itself with the current configuration. @@ -117,16 +119,20 @@ * Responsible for writing to the StoreEntry the configuration parameters that a user * would put in a config file to recreate the running configuration. */ - virtual void dump(StoreEntry *, const char *, AuthConfig *) = 0; + virtual void dump(StoreEntry *, const char *, Config *) = 0; /** add headers as needed when challenging for auth */ virtual void fixHeader(AuthUserRequest::Pointer, HttpReply *, http_hdr_type, HttpRequest *) = 0; + /** prepare to handle requests */ - virtual void init(AuthConfig *) = 0; + virtual void init(Config *) = 0; + /** expose any/all statistics to a CacheManager */ virtual void registerWithCacheManager(void); + /** parse config options */ - virtual void parse(AuthConfig *, int, char *) = 0; + virtual void parse(Config *, int, char *) = 0; + /** the http string id */ virtual const char * type() const = 0; @@ -135,12 +141,9 @@ wordlist *authenticateProgram; ///< Helper program to run, includes all parameters }; -namespace Auth -{ - -typedef Vector authConfig; +typedef Vector ConfigVector; -extern authConfig TheConfig; +extern ConfigVector TheConfig; } // namespace Auth diff -u -r -N squid-3.2.0.6/src/auth/CredentialState.cc squid-3.2.0.7/src/auth/CredentialState.cc --- squid-3.2.0.6/src/auth/CredentialState.cc 1970-01-01 12:00:00.000000000 +1200 +++ squid-3.2.0.7/src/auth/CredentialState.cc 2011-04-19 13:14:32.000000000 +1200 @@ -0,0 +1,16 @@ +/* + * Auto-Generated File. Changes will be destroyed. + */ +#include "config.h" +#include "auth/CredentialState.h" +namespace Auth +{ + +const char *CredentialState_str[] = { + "Unchecked", + "Ok", + "Pending", + "Handshake", + "Failed" +}; +}; // namespace Auth diff -u -r -N squid-3.2.0.6/src/auth/CredentialState.h squid-3.2.0.7/src/auth/CredentialState.h --- squid-3.2.0.6/src/auth/CredentialState.h 1970-01-01 12:00:00.000000000 +1200 +++ squid-3.2.0.7/src/auth/CredentialState.h 2011-04-19 12:47:07.000000000 +1200 @@ -0,0 +1,19 @@ +#ifndef _SQUID_AUTH_CREDENTIALSTATE_H +#define _SQUID_AUTH_CREDENTIALSTATE_H + +namespace Auth +{ + +typedef enum { + Unchecked, + Ok, + Pending, + Handshake, + Failed +} CredentialState; + +extern const char *CredentialState_str[]; + +} // namespace Auth + +#endif /* _SQUID_AUTH_CREDENTIALSTATE_H */ diff -u -r -N squid-3.2.0.6/src/auth/digest/auth_digest.cc squid-3.2.0.7/src/auth/digest/auth_digest.cc --- squid-3.2.0.6/src/auth/digest/auth_digest.cc 2011-04-04 14:42:49.000000000 +1200 +++ squid-3.2.0.7/src/auth/digest/auth_digest.cc 2011-04-19 12:47:07.000000000 +1200 @@ -41,8 +41,10 @@ #include "rfc2617.h" #include "auth/digest/auth_digest.h" #include "auth/digest/Scheme.h" +#include "auth/digest/User.h" #include "auth/digest/UserRequest.h" #include "auth/Gadgets.h" +#include "auth/State.h" #include "base64.h" #include "event.h" #include "mgr/Registration.h" @@ -110,7 +112,6 @@ static int authDigestNonceLinks(digest_nonce_h * nonce); #endif static void authDigestNonceUserUnlink(digest_nonce_h * nonce); -static void authDigestNoncePurge(digest_nonce_h * nonce); static void authDigestNonceEncode(digest_nonce_h * nonce) @@ -225,7 +226,7 @@ if (!digest_nonce_cache) { digest_nonce_cache = hash_create((HASHCMP *) strcmp, 7921, hash_string); assert(digest_nonce_cache); - eventAdd("Digest none cache maintenance", authenticateDigestNonceCacheCleanup, NULL, static_cast(AuthConfig::Find("digest"))->nonceGCInterval, 1); + eventAdd("Digest none cache maintenance", authenticateDigestNonceCacheCleanup, NULL, static_cast(Auth::Config::Find("digest"))->nonceGCInterval, 1); } } @@ -288,8 +289,8 @@ debugs(29, 3, "authenticateDigestNonceCacheCleanup: Finished cleaning the nonce cache."); - if (static_cast(AuthConfig::Find("digest"))->active()) - eventAdd("Digest none cache maintenance", authenticateDigestNonceCacheCleanup, NULL, static_cast(AuthConfig::Find("digest"))->nonceGCInterval, 1); + if (static_cast(Auth::Config::Find("digest"))->active()) + eventAdd("Digest none cache maintenance", authenticateDigestNonceCacheCleanup, NULL, static_cast(Auth::Config::Find("digest"))->nonceGCInterval, 1); } static void @@ -376,12 +377,12 @@ } /* is the nonce-count ok ? */ - if (!static_cast(AuthConfig::Find("digest"))->CheckNonceCount) { + if (!static_cast(Auth::Config::Find("digest"))->CheckNonceCount) { nonce->nc++; return -1; /* forced OK by configuration */ } - if ((static_cast(AuthConfig::Find("digest"))->NonceStrictness && intnc != nonce->nc + 1) || + if ((static_cast(Auth::Config::Find("digest"))->NonceStrictness && intnc != nonce->nc + 1) || intnc < nonce->nc + 1) { debugs(29, 4, "authDigestNonceIsValid: Nonce count doesn't match"); nonce->flags.valid = 0; @@ -406,10 +407,10 @@ return -1; /* has it's max duration expired? */ - if (nonce->noncedata.creationtime + static_cast(AuthConfig::Find("digest"))->noncemaxduration < current_time.tv_sec) { + if (nonce->noncedata.creationtime + static_cast(Auth::Config::Find("digest"))->noncemaxduration < current_time.tv_sec) { debugs(29, 4, "authDigestNonceIsStale: Nonce is too old. " << nonce->noncedata.creationtime << " " << - static_cast(AuthConfig::Find("digest"))->noncemaxduration << " " << + static_cast(Auth::Config::Find("digest"))->noncemaxduration << " " << current_time.tv_sec); nonce->flags.valid = 0; @@ -422,7 +423,7 @@ return -1; } - if (nonce->nc > static_cast(AuthConfig::Find("digest"))->noncemaxuses) { + if (nonce->nc > static_cast(Auth::Config::Find("digest"))->noncemaxuses) { debugs(29, 4, "authDigestNoncelastRequest: Nonce count over user limit"); nonce->flags.valid = 0; return -1; @@ -447,7 +448,7 @@ return -1; } - if (nonce->nc >= static_cast(AuthConfig::Find("digest"))->noncemaxuses - 1) { + if (nonce->nc >= static_cast(Auth::Config::Find("digest"))->noncemaxuses - 1) { debugs(29, 4, "authDigestNoncelastRequest: Nonce count about to hit user limit"); return -1; } @@ -456,7 +457,7 @@ return 0; } -static void +void authDigestNoncePurge(digest_nonce_h * nonce) { if (!nonce) @@ -474,7 +475,7 @@ } /* USER related functions */ -static AuthUser::Pointer +static Auth::User::Pointer authDigestUserFindUsername(const char *username) { AuthUserHashPointer *usernamehash; @@ -493,7 +494,7 @@ } void -AuthDigestConfig::rotateHelpers() +Auth::Digest::Config::rotateHelpers() { /* schedule closure of existing helpers */ if (digestauthenticators) { @@ -504,7 +505,7 @@ } void -AuthDigestConfig::dump(StoreEntry * entry, const char *name, AuthConfig * scheme) +Auth::Digest::Config::dump(StoreEntry * entry, const char *name, Auth::Config * scheme) { wordlist *list = authenticateProgram; debugs(29, 9, "authDigestCfgDump: Dumping configuration"); @@ -524,13 +525,13 @@ } bool -AuthDigestConfig::active() const +Auth::Digest::Config::active() const { return authdigest_initialised == 1; } bool -AuthDigestConfig::configured() const +Auth::Digest::Config::configured() const { if ((authenticateProgram != NULL) && (authenticateChildren.n_max != 0) && @@ -542,7 +543,7 @@ /* add the [www-|Proxy-]authenticate header on a 407 or 401 reply */ void -AuthDigestConfig::fixHeader(AuthUserRequest::Pointer auth_user_request, HttpReply *rep, http_hdr_type hdrType, HttpRequest * request) +Auth::Digest::Config::fixHeader(AuthUserRequest::Pointer auth_user_request, HttpReply *rep, http_hdr_type hdrType, HttpRequest * request) { if (!authenticateProgram) return; @@ -569,48 +570,10 @@ httpHeaderPutStrf(&rep->header, hdrType, "Digest realm=\"%s\", nonce=\"%s\", qop=\"%s\", stale=%s", digestAuthRealm, authenticateDigestNonceNonceb64(nonce), QOP_AUTH, stale ? "true" : "false"); } -DigestUser::~DigestUser() -{ - dlink_node *link, *tmplink; - link = nonces.head; - - while (link) { - tmplink = link; - link = link->next; - dlinkDelete(tmplink, &nonces); - authDigestNoncePurge(static_cast < digest_nonce_h * >(tmplink->data)); - authDigestNonceUnlink(static_cast < digest_nonce_h * >(tmplink->data)); - dlinkNodeDelete(tmplink); - } -} - -int32_t -DigestUser::ttl() const -{ - int32_t global_ttl = static_cast(expiretime - squid_curtime + Config.authenticateTTL); - - /* find the longest lasting nonce. */ - int32_t latest_nonce = -1; - dlink_node *link = nonces.head; - while (link) { - digest_nonce_h *nonce = static_cast(link->data); - if (nonce->flags.valid && nonce->noncedata.creationtime > latest_nonce) - latest_nonce = nonce->noncedata.creationtime; - - link = link->next; - } - if (latest_nonce == -1) - return min(-1, global_ttl); - - int32_t nonce_ttl = latest_nonce - current_time.tv_sec + static_cast(AuthConfig::Find("digest"))->noncemaxduration; - - return min(nonce_ttl, global_ttl); -} - /* Initialize helpers and the like for this auth scheme. Called AFTER parsing the * config file */ void -AuthDigestConfig::init(AuthConfig * scheme) +Auth::Digest::Config::init(Auth::Config * scheme) { if (authenticateProgram) { DigestFieldsInfo = httpHeaderBuildFieldsInfo(DigestAttrs, DIGEST_ENUM_END); @@ -633,7 +596,7 @@ } void -AuthDigestConfig::registerWithCacheManager(void) +Auth::Digest::Config::registerWithCacheManager(void) { Mgr::RegisterAction("digestauthenticator", "Digest User Authenticator Stats", @@ -642,7 +605,7 @@ /* free any allocated configuration details */ void -AuthDigestConfig::done() +Auth::Digest::Config::done() { authdigest_initialised = 0; @@ -666,7 +629,7 @@ safe_free(digestAuthRealm); } -AuthDigestConfig::AuthDigestConfig() +Auth::Digest::Config::Config() { /* TODO: move into initialisation list */ /* 5 minutes */ @@ -682,7 +645,7 @@ } void -AuthDigestConfig::parse(AuthConfig * scheme, int n_configured, char *param_str) +Auth::Digest::Config::parse(Auth::Config * scheme, int n_configured, char *param_str) { if (strcasecmp(param_str, "program") == 0) { if (authenticateProgram) @@ -715,7 +678,7 @@ } const char * -AuthDigestConfig::type() const +Auth::Digest::Config::type() const { return Auth::Digest::Scheme::GetInstance()->type(); } @@ -732,7 +695,7 @@ static void authDigestNonceUserUnlink(digest_nonce_h * nonce) { - DigestUser *digest_user; + Auth::Digest::User *digest_user; dlink_node *link, *tmplink; if (!nonce) @@ -767,17 +730,15 @@ } /* authDigestUserLinkNonce: add a nonce to a given user's struct */ - static void -authDigestUserLinkNonce(DigestUser * user, digest_nonce_h * nonce) +authDigestUserLinkNonce(Auth::Digest::User * user, digest_nonce_h * nonce) { dlink_node *node; - DigestUser *digest_user; if (!user || !nonce) return; - digest_user = user; + Auth::Digest::User *digest_user = user; node = digest_user->nonces.head; @@ -810,7 +771,7 @@ /* log the username */ debugs(29, 9, "authDigestLogUsername: Creating new user for logging '" << username << "'"); - AuthUser::Pointer digest_user = new DigestUser(static_cast(AuthConfig::Find("digest"))); + Auth::User::Pointer digest_user = new Auth::Digest::User(static_cast(Auth::Config::Find("digest"))); /* save the credentials */ digest_user->username(username); /* set the auth_user type */ @@ -825,7 +786,7 @@ * Auth_user structure. */ AuthUserRequest::Pointer -AuthDigestConfig::decode(char const *proxy_auth) +Auth::Digest::Config::decode(char const *proxy_auth) { const char *item; const char *p; @@ -1045,7 +1006,7 @@ /* we couldn't find a matching nonce! */ debugs(29, 2, "authenticateDigestDecode: Unexpected or invalid nonce received"); if (digest_request->user() != NULL) - digest_request->user()->credentials(AuthUser::Failed); + digest_request->user()->credentials(Auth::Failed); return authDigestLogUsername(username, digest_request); } @@ -1064,14 +1025,14 @@ /* we don't send or parse opaques. Ok so we're flexable ... */ /* find the user */ - DigestUser *digest_user; + Auth::Digest::User *digest_user; - AuthUser::Pointer auth_user; + Auth::User::Pointer auth_user; if ((auth_user = authDigestUserFindUsername(username)) == NULL) { /* the user doesn't exist in the username cache yet */ debugs(29, 9, "authDigestDecodeAuth: Creating new digest user '" << username << "'"); - digest_user = new DigestUser(this); + digest_user = new Auth::Digest::User(this); /* auth_user is a parent */ auth_user = digest_user; /* save the username */ @@ -1091,7 +1052,7 @@ authDigestUserLinkNonce(digest_user, nonce); } else { debugs(29, 9, "authDigestDecodeAuth: Found user '" << username << "' in the user cache as '" << auth_user << "'"); - digest_user = static_cast(auth_user.getRaw()); + digest_user = static_cast(auth_user.getRaw()); xfree(username); } @@ -1109,6 +1070,3 @@ return digest_request; } - -DigestUser::DigestUser(AuthConfig *aConfig) : AuthUser(aConfig), HA1created (0) -{} diff -u -r -N squid-3.2.0.6/src/auth/digest/auth_digest.h squid-3.2.0.7/src/auth/digest/auth_digest.h --- squid-3.2.0.6/src/auth/digest/auth_digest.h 2011-04-04 14:42:49.000000000 +1200 +++ squid-3.2.0.7/src/auth/digest/auth_digest.h 2011-04-19 12:47:07.000000000 +1200 @@ -8,43 +8,23 @@ #include "auth/Config.h" #include "auth/Gadgets.h" -#include "auth/State.h" -#include "auth/User.h" #include "auth/UserRequest.h" #include "helper.h" #include "rfc2617.h" -/* Generic */ +namespace Auth +{ +namespace Digest +{ +class User; +} +} +/* Generic */ typedef struct _digest_nonce_data digest_nonce_data; - typedef struct _digest_nonce_h digest_nonce_h; -class DigestUser : public AuthUser -{ - -public: - MEMPROXY_CLASS(DigestUser); - - DigestUser(AuthConfig *); - ~DigestUser(); - int authenticated() const; - - virtual int32_t ttl() const; - - HASH HA1; - int HA1created; - - /* what nonces have been allocated to this user */ - dlink_list nonces; - -}; - -MEMPROXY_CLASS_INLINE(DigestUser); - - /* data to be encoded into the nonce's b64 representation */ - struct _digest_nonce_data { time_t creationtime; /* in memory address of the nonce struct (similar purpose to an ETag) */ @@ -61,7 +41,7 @@ /* reference count */ short references; /* the auth_user this nonce has been tied to */ - DigestUser *user; + Auth::Digest::User *user; /* has this nonce been invalidated ? */ struct { @@ -75,25 +55,31 @@ extern const char *authenticateDigestNonceNonceb64(const digest_nonce_h * nonce); extern int authDigestNonceLastRequest(digest_nonce_h * nonce); extern void authenticateDigestNonceShutdown(void); +extern void authDigestNoncePurge(digest_nonce_h * nonce); -/* configuration runtime data */ - -class AuthDigestConfig : public AuthConfig +namespace Auth +{ +namespace Digest { +/** Digest Authentication configuration data */ +class Config : public Auth::Config +{ public: - AuthDigestConfig(); + Config(); virtual bool active() const; virtual bool configured() const; virtual AuthUserRequest::Pointer decode(char const *proxy_auth); virtual void done(); virtual void rotateHelpers(); - virtual void dump(StoreEntry *, const char *, AuthConfig *); + virtual void dump(StoreEntry *, const char *, Auth::Config *); virtual void fixHeader(AuthUserRequest::Pointer, HttpReply *, http_hdr_type, HttpRequest *); - virtual void init(AuthConfig *); - virtual void parse(AuthConfig *, int, char *); + virtual void init(Auth::Config *); + virtual void parse(Auth::Config *, int, char *); virtual void registerWithCacheManager(void); virtual const char * type() const; + +public: char *digestAuthRealm; time_t nonceGCInterval; time_t noncemaxduration; @@ -104,7 +90,8 @@ int utf8; }; -typedef class AuthDigestConfig auth_digest_config; +} // namespace Digest +} // namespace Auth /* strings */ #define QOP_AUTH "auth" diff -u -r -N squid-3.2.0.6/src/auth/digest/Makefile.am squid-3.2.0.7/src/auth/digest/Makefile.am --- squid-3.2.0.6/src/auth/digest/Makefile.am 2011-04-04 14:42:49.000000000 +1200 +++ squid-3.2.0.7/src/auth/digest/Makefile.am 2011-04-19 12:47:07.000000000 +1200 @@ -8,5 +8,7 @@ Scheme.h \ auth_digest.cc \ auth_digest.h \ + User.cc \ + User.h \ UserRequest.cc \ UserRequest.h diff -u -r -N squid-3.2.0.6/src/auth/digest/Makefile.in squid-3.2.0.7/src/auth/digest/Makefile.in --- squid-3.2.0.6/src/auth/digest/Makefile.in 2011-04-04 14:43:43.000000000 +1200 +++ squid-3.2.0.7/src/auth/digest/Makefile.in 2011-04-19 12:48:10.000000000 +1200 @@ -55,7 +55,8 @@ CONFIG_CLEAN_VPATH_FILES = LTLIBRARIES = $(noinst_LTLIBRARIES) libdigest_la_LIBADD = -am_libdigest_la_OBJECTS = Scheme.lo auth_digest.lo UserRequest.lo +am_libdigest_la_OBJECTS = Scheme.lo auth_digest.lo User.lo \ + UserRequest.lo libdigest_la_OBJECTS = $(am_libdigest_la_OBJECTS) DEFAULT_INCLUDES = depcomp = $(SHELL) $(top_srcdir)/cfgaux/depcomp @@ -310,6 +311,8 @@ Scheme.h \ auth_digest.cc \ auth_digest.h \ + User.cc \ + User.h \ UserRequest.cc \ UserRequest.h @@ -375,6 +378,7 @@ -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/Scheme.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/User.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/UserRequest.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/auth_digest.Plo@am__quote@ diff -u -r -N squid-3.2.0.6/src/auth/digest/Scheme.cc squid-3.2.0.7/src/auth/digest/Scheme.cc --- squid-3.2.0.6/src/auth/digest/Scheme.cc 2011-04-04 14:42:49.000000000 +1200 +++ squid-3.2.0.7/src/auth/digest/Scheme.cc 2011-04-19 12:47:07.000000000 +1200 @@ -65,11 +65,11 @@ debugs(29, DBG_CRITICAL, "Shutdown: Digest authentication."); } -AuthConfig * +Auth::Config * Auth::Digest::Scheme::createConfig() { - AuthDigestConfig *digestCfg = new AuthDigestConfig; - return dynamic_cast(digestCfg); + Auth::Digest::Config *digestCfg = new Auth::Digest::Config; + return dynamic_cast(digestCfg); } void @@ -81,7 +81,7 @@ hash_first(proxy_auth_username_cache); while ((usernamehash = static_cast(hash_next(proxy_auth_username_cache)) )) { - AuthUser::Pointer auth_user = usernamehash->user(); + Auth::User::Pointer auth_user = usernamehash->user(); if (strcmp(auth_user->config->type(), "digest") == 0) { hash_remove_link(proxy_auth_username_cache, static_cast(usernamehash)); diff -u -r -N squid-3.2.0.6/src/auth/digest/Scheme.h squid-3.2.0.7/src/auth/digest/Scheme.h --- squid-3.2.0.6/src/auth/digest/Scheme.h 2011-04-04 14:42:49.000000000 +1200 +++ squid-3.2.0.7/src/auth/digest/Scheme.h 2011-04-19 12:47:07.000000000 +1200 @@ -54,7 +54,7 @@ /* per scheme */ virtual char const *type () const; virtual void shutdownCleanup(); - virtual AuthConfig *createConfig(); + virtual Auth::Config *createConfig(); /* Not implemented */ Scheme(Scheme const &); diff -u -r -N squid-3.2.0.6/src/auth/digest/User.cc squid-3.2.0.7/src/auth/digest/User.cc --- squid-3.2.0.6/src/auth/digest/User.cc 1970-01-01 12:00:00.000000000 +1200 +++ squid-3.2.0.7/src/auth/digest/User.cc 2011-04-19 12:47:07.000000000 +1200 @@ -0,0 +1,49 @@ +#include "config.h" +#include "auth/digest/auth_digest.h" +#include "auth/digest/User.h" +#include "Debug.h" +#include "dlink.h" +#include "SquidTime.h" + +Auth::Digest::User::User(Auth::Config *aConfig) : + Auth::User(aConfig), + HA1created(0) +{} + +Auth::Digest::User::~User() +{ + dlink_node *link, *tmplink; + link = nonces.head; + + while (link) { + tmplink = link; + link = link->next; + dlinkDelete(tmplink, &nonces); + authDigestNoncePurge(static_cast < digest_nonce_h * >(tmplink->data)); + authDigestNonceUnlink(static_cast < digest_nonce_h * >(tmplink->data)); + dlinkNodeDelete(tmplink); + } +} + +int32_t +Auth::Digest::User::ttl() const +{ + int32_t global_ttl = static_cast(expiretime - squid_curtime + ::Config.authenticateTTL); + + /* find the longest lasting nonce. */ + int32_t latest_nonce = -1; + dlink_node *link = nonces.head; + while (link) { + digest_nonce_h *nonce = static_cast(link->data); + if (nonce->flags.valid && nonce->noncedata.creationtime > latest_nonce) + latest_nonce = nonce->noncedata.creationtime; + + link = link->next; + } + if (latest_nonce == -1) + return min(-1, global_ttl); + + int32_t nonce_ttl = latest_nonce - current_time.tv_sec + static_cast(Auth::Config::Find("digest"))->noncemaxduration; + + return min(nonce_ttl, global_ttl); +} diff -u -r -N squid-3.2.0.6/src/auth/digest/User.h squid-3.2.0.7/src/auth/digest/User.h --- squid-3.2.0.6/src/auth/digest/User.h 1970-01-01 12:00:00.000000000 +1200 +++ squid-3.2.0.7/src/auth/digest/User.h 2011-04-19 12:47:07.000000000 +1200 @@ -0,0 +1,35 @@ +#ifndef _SQUID_AUTH_DIGEST_USER_H +#define _SQUID_AUTH_DIGEST_USER_H + +#include "auth/User.h" + +namespace Auth +{ +namespace Digest +{ + +/** User credentials for the Digest authentication protocol */ +class User : public Auth::User +{ +public: + MEMPROXY_CLASS(Auth::Digest::User); + + User(Auth::Config *); + ~User(); + int authenticated() const; + + virtual int32_t ttl() const; + + HASH HA1; + int HA1created; + + /* what nonces have been allocated to this user */ + dlink_list nonces; +}; + +MEMPROXY_CLASS_INLINE(Auth::Digest::User); + +} // namespace Digest +} // namespace Auth + +#endif /* _SQUID_AUTH_DIGEST_USER_H */ diff -u -r -N squid-3.2.0.6/src/auth/digest/UserRequest.cc squid-3.2.0.7/src/auth/digest/UserRequest.cc --- squid-3.2.0.6/src/auth/digest/UserRequest.cc 2011-04-04 14:42:49.000000000 +1200 +++ squid-3.2.0.7/src/auth/digest/UserRequest.cc 2011-04-19 12:47:07.000000000 +1200 @@ -1,5 +1,6 @@ #include "config.h" #include "auth/digest/auth_digest.h" +#include "auth/digest/User.h" #include "auth/digest/UserRequest.h" #include "auth/State.h" #include "charset.h" @@ -45,7 +46,7 @@ int AuthDigestUserRequest::authenticated() const { - if (user() != NULL && user()->credentials() == AuthUser::Ok) + if (user() != NULL && user()->credentials() == Auth::Ok) return 1; return 0; @@ -61,26 +62,26 @@ HASHHEX Response; /* if the check has corrupted the user, just return */ - if (user() == NULL || user()->credentials() == AuthUser::Failed) { + if (user() == NULL || user()->credentials() == Auth::Failed) { return; } - AuthUser::Pointer auth_user = user(); + Auth::User::Pointer auth_user = user(); - DigestUser *digest_user = dynamic_cast(auth_user.getRaw()); + Auth::Digest::User *digest_user = dynamic_cast(auth_user.getRaw()); assert(digest_user != NULL); AuthDigestUserRequest *digest_request = this; /* do we have the HA1 */ if (!digest_user->HA1created) { - auth_user->credentials(AuthUser::Pending); + auth_user->credentials(Auth::Pending); return; } if (digest_request->nonce == NULL) { /* this isn't a nonce we issued */ - auth_user->credentials(AuthUser::Failed); + auth_user->credentials(Auth::Failed); return; } @@ -98,11 +99,11 @@ if (!digest_request->flags.helper_queried) { /* Query the helper in case the password has changed */ digest_request->flags.helper_queried = 1; - auth_user->credentials(AuthUser::Pending); + auth_user->credentials(Auth::Pending); return; } - if (static_cast(AuthConfig::Find("digest"))->PostWorkaround && request->method != METHOD_GET) { + if (static_cast(Auth::Config::Find("digest"))->PostWorkaround && request->method != METHOD_GET) { /* Ugly workaround for certain very broken browsers using the * wrong method to calculate the request-digest on POST request. * This should be deleted once Digest authentication becomes more @@ -114,7 +115,7 @@ RequestMethodStr(METHOD_GET), digest_request->uri, HA2, Response); if (strcasecmp(digest_request->response, Response)) { - auth_user->credentials(AuthUser::Failed); + auth_user->credentials(Auth::Failed); digest_request->flags.invalid_password = 1; digest_request->setDenyMessage("Incorrect password"); return; @@ -139,7 +140,7 @@ } } } else { - auth_user->credentials(AuthUser::Failed); + auth_user->credentials(Auth::Failed); digest_request->flags.invalid_password = 1; digest_request->setDenyMessage("Incorrect password"); return; @@ -148,13 +149,13 @@ /* check for stale nonce */ if (!authDigestNonceIsValid(digest_request->nonce, digest_request->nc)) { debugs(29, 3, "authenticateDigestAuthenticateuser: user '" << auth_user->username() << "' validated OK but nonce stale"); - auth_user->credentials(AuthUser::Failed); + auth_user->credentials(Auth::Failed); digest_request->setDenyMessage("Stale nonce"); return; } } - auth_user->credentials(AuthUser::Ok); + auth_user->credentials(Auth::Ok); /* password was checked and did match */ debugs(29, 4, "authenticateDigestAuthenticateuser: user '" << auth_user->username() << "' validated OK"); @@ -173,15 +174,15 @@ switch (user()->credentials()) { - case AuthUser::Ok: + case Auth::Ok: return 0; - case AuthUser::Failed: + case Auth::Failed: /* send new challenge */ return 1; - case AuthUser::Unchecked: - case AuthUser::Pending: + case Auth::Unchecked: + case Auth::Pending: return -1; default: @@ -209,7 +210,7 @@ return; #endif - if ((static_cast(AuthConfig::Find("digest"))->authenticateProgram) && authDigestNonceLastRequest(nonce)) { + if ((static_cast(Auth::Config::Find("digest"))->authenticateProgram) && authDigestNonceLastRequest(nonce)) { flags.authinfo_sent = 1; debugs(29, 9, "authDigestAddHead: Sending type:" << type << " header: 'nextnonce=\"" << authenticateDigestNonceNonceb64(nonce) << "\""); httpHeaderPutStrf(&rep->header, type, "nextnonce=\"%s\"", authenticateDigestNonceNonceb64(nonce)); @@ -237,7 +238,7 @@ type = accel ? HDR_AUTHENTICATION_INFO : HDR_PROXY_AUTHENTICATION_INFO; - if ((static_cast(digestScheme::GetInstance()->getConfig())->authenticate) && authDigestNonceLastRequest(nonce)) { + if ((static_cast(digestScheme::GetInstance()->getConfig())->authenticate) && authDigestNonceLastRequest(nonce)) { debugs(29, 9, "authDigestAddTrailer: Sending type:" << type << " header: 'nextnonce=\"" << authenticateDigestNonceNonceb64(nonce) << "\""); httpTrailerPutStrf(&rep->header, type, "nextnonce=\"%s\"", authenticateDigestNonceNonceb64(nonce)); } @@ -254,7 +255,7 @@ assert(user() != NULL && user()->auth_type == Auth::AUTH_DIGEST); debugs(29, 9, "authenticateStart: '\"" << user()->username() << "\":\"" << realm << "\"'"); - if (static_cast(AuthConfig::Find("digest"))->authenticateProgram == NULL) { + if (static_cast(Auth::Config::Find("digest"))->authenticateProgram == NULL) { debugs(29, DBG_CRITICAL, "ERROR: No Digest authentication program configured."); handler(data, NULL); return; @@ -264,7 +265,7 @@ r->handler = handler; r->data = cbdataReference(data); r->auth_user_request = static_cast(this); - if (static_cast(AuthConfig::Find("digest"))->utf8) { + if (static_cast(Auth::Config::Find("digest"))->utf8) { char userstr[1024]; latin1_to_utf8(userstr, sizeof(userstr), user()->username()); snprintf(buf, 8192, "\"%s\":\"%s\"\n", userstr, realm); @@ -299,14 +300,14 @@ AuthDigestUserRequest *digest_request = dynamic_cast(auth_user_request.getRaw()); assert(digest_request); - digest_request->user()->credentials(AuthUser::Failed); + digest_request->user()->credentials(Auth::Failed); digest_request->flags.invalid_password = 1; if (t && *t) digest_request->setDenyMessage(t); } else if (reply) { /* allow this because the digest_request pointer is purely local */ - DigestUser *digest_user = dynamic_cast(auth_user_request->user().getRaw()); + Auth::Digest::User *digest_user = dynamic_cast(auth_user_request->user().getRaw()); assert(digest_user != NULL); CvtBin(reply, digest_user->HA1); diff -u -r -N squid-3.2.0.6/src/auth/Gadgets.cc squid-3.2.0.7/src/auth/Gadgets.cc --- squid-3.2.0.6/src/auth/Gadgets.cc 2011-04-04 14:42:49.000000000 +1200 +++ squid-3.2.0.7/src/auth/Gadgets.cc 2011-04-19 12:47:07.000000000 +1200 @@ -56,7 +56,7 @@ { int rv = 0; - for (Auth::authConfig::iterator i = Auth::TheConfig.begin(); i != Auth::TheConfig.end(); ++i) + for (Auth::ConfigVector::iterator i = Auth::TheConfig.begin(); i != Auth::TheConfig.end(); ++i) if ((*i)->configured()) ++rv; @@ -76,34 +76,34 @@ } static void -authenticateRegisterWithCacheManager(Auth::authConfig * config) +authenticateRegisterWithCacheManager(Auth::ConfigVector * config) { - for (Auth::authConfig::iterator i = config->begin(); i != config->end(); ++i) { - AuthConfig *scheme = *i; + for (Auth::ConfigVector::iterator i = config->begin(); i != config->end(); ++i) { + Auth::Config *scheme = *i; scheme->registerWithCacheManager(); } } void -authenticateInit(Auth::authConfig * config) +authenticateInit(Auth::ConfigVector * config) { /* Do this first to clear memory and remove dead state on a reconfigure */ if (proxy_auth_username_cache) - AuthUser::CachedACLsReset(); + Auth::User::CachedACLsReset(); /* If we do not have any auth config state to create stop now. */ if (!config) return; - for (Auth::authConfig::iterator i = config->begin(); i != config->end(); ++i) { - AuthConfig *schemeCfg = *i; + for (Auth::ConfigVector::iterator i = config->begin(); i != config->end(); ++i) { + Auth::Config *schemeCfg = *i; if (schemeCfg->configured()) schemeCfg->init(schemeCfg); } if (!proxy_auth_username_cache) - AuthUser::cacheInit(); + Auth::User::cacheInit(); authenticateRegisterWithCacheManager(config); } @@ -111,7 +111,7 @@ void authenticateRotate(void) { - for (Auth::authConfig::iterator i = Auth::TheConfig.begin(); i != Auth::TheConfig.end(); ++i) + for (Auth::ConfigVector::iterator i = Auth::TheConfig.begin(); i != Auth::TheConfig.end(); ++i) if ((*i)->configured()) (*i)->rotateHelpers(); } @@ -137,7 +137,7 @@ Auth::TheConfig.clean(); } -AuthUserHashPointer::AuthUserHashPointer(AuthUser::Pointer anAuth_user): +AuthUserHashPointer::AuthUserHashPointer(Auth::User::Pointer anAuth_user): auth_user(anAuth_user) { key = (void *)anAuth_user->username(); @@ -145,7 +145,7 @@ hash_join(proxy_auth_username_cache, (hash_link *) this); } -AuthUser::Pointer +Auth::User::Pointer AuthUserHashPointer::user() const { return auth_user; diff -u -r -N squid-3.2.0.6/src/auth/Gadgets.h squid-3.2.0.7/src/auth/Gadgets.h --- squid-3.2.0.6/src/auth/Gadgets.h 2011-04-04 14:42:49.000000000 +1200 +++ squid-3.2.0.7/src/auth/Gadgets.h 2011-04-19 12:47:07.000000000 +1200 @@ -40,8 +40,6 @@ #include "auth/Config.h" #include "auth/User.h" -class AuthUser; - /** \ingroup AuthAPI * @@ -61,13 +59,13 @@ public: MEMPROXY_CLASS(AuthUserHashPointer); - AuthUserHashPointer(AuthUser::Pointer); + AuthUserHashPointer(Auth::User::Pointer); ~AuthUserHashPointer() { auth_user = NULL; }; - AuthUser::Pointer user() const; + Auth::User::Pointer user() const; private: - AuthUser::Pointer auth_user; + Auth::User::Pointer auth_user; }; MEMPROXY_CLASS_INLINE(AuthUserHashPointer); @@ -86,7 +84,7 @@ typedef void AUTHSSTATS(StoreEntry *); /// \ingroup AuthAPI -extern void authenticateInit(Auth::authConfig *); +extern void authenticateInit(Auth::ConfigVector *); /** \ingroup AuthAPI * Remove all idle authentication state. Intended for use by reconfigure. diff -u -r -N squid-3.2.0.6/src/auth/Makefile.am squid-3.2.0.7/src/auth/Makefile.am --- squid-3.2.0.6/src/auth/Makefile.am 2011-04-04 14:42:49.000000000 +1200 +++ squid-3.2.0.7/src/auth/Makefile.am 2011-04-19 12:47:07.000000000 +1200 @@ -14,6 +14,8 @@ Type.cc \ Config.cc \ Config.h \ + CredentialState.cc \ + CredentialState.h \ Gadgets.cc \ Gadgets.h \ Scheme.cc \ @@ -40,7 +42,10 @@ AclProxyAuth.h \ AuthAclState.h +CredentialState.cc: CredentialState.h $(top_srcdir)/src/mk-string-arrays.awk + $(AWK) -f $(top_srcdir)/src/mk-string-arrays.awk < $(srcdir)/CredentialState.h > $@ || (rm -f $@ ; exit 1) + Type.cc: Type.h $(top_srcdir)/src/mk-string-arrays.awk $(AWK) -f $(top_srcdir)/src/mk-string-arrays.awk < $(srcdir)/Type.h > $@ || (rm -f $@ ; exit 1) -CLEANFILES += Type.cc +CLEANFILES += CredentialState.cc Type.cc diff -u -r -N squid-3.2.0.6/src/auth/Makefile.in squid-3.2.0.7/src/auth/Makefile.in --- squid-3.2.0.6/src/auth/Makefile.in 2011-04-04 14:43:42.000000000 +1200 +++ squid-3.2.0.7/src/auth/Makefile.in 2011-04-19 12:48:09.000000000 +1200 @@ -58,8 +58,8 @@ am_libacls_la_OBJECTS = Acl.lo AclMaxUserIp.lo AclProxyAuth.lo libacls_la_OBJECTS = $(am_libacls_la_OBJECTS) am__DEPENDENCIES_1 = -am_libauth_la_OBJECTS = Type.lo Config.lo Gadgets.lo Scheme.lo \ - State.lo User.lo UserRequest.lo +am_libauth_la_OBJECTS = Type.lo Config.lo CredentialState.lo \ + Gadgets.lo Scheme.lo State.lo User.lo UserRequest.lo libauth_la_OBJECTS = $(am_libauth_la_OBJECTS) DEFAULT_INCLUDES = depcomp = $(SHELL) $(top_srcdir)/cfgaux/depcomp @@ -336,7 +336,7 @@ top_srcdir = @top_srcdir@ AM_CFLAGS = $(SQUID_CFLAGS) AM_CXXFLAGS = $(SQUID_CXXFLAGS) -CLEANFILES = testHeaders Type.cc +CLEANFILES = testHeaders CredentialState.cc Type.cc TESTS = testHeaders INCLUDES = -I$(top_srcdir) -I$(top_srcdir)/include -I$(top_srcdir)/lib \ -I$(top_srcdir)/src -I$(top_builddir)/include \ @@ -353,6 +353,8 @@ Type.cc \ Config.cc \ Config.h \ + CredentialState.cc \ + CredentialState.h \ Gadgets.cc \ Gadgets.h \ Scheme.cc \ @@ -444,6 +446,7 @@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/AclMaxUserIp.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/AclProxyAuth.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/Config.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/CredentialState.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/Gadgets.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/Scheme.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/State.Plo@am__quote@ @@ -894,6 +897,9 @@ .PHONY: testHeaders +CredentialState.cc: CredentialState.h $(top_srcdir)/src/mk-string-arrays.awk + $(AWK) -f $(top_srcdir)/src/mk-string-arrays.awk < $(srcdir)/CredentialState.h > $@ || (rm -f $@ ; exit 1) + Type.cc: Type.h $(top_srcdir)/src/mk-string-arrays.awk $(AWK) -f $(top_srcdir)/src/mk-string-arrays.awk < $(srcdir)/Type.h > $@ || (rm -f $@ ; exit 1) diff -u -r -N squid-3.2.0.6/src/auth/negotiate/auth_negotiate.cc squid-3.2.0.7/src/auth/negotiate/auth_negotiate.cc --- squid-3.2.0.6/src/auth/negotiate/auth_negotiate.cc 2011-04-04 14:42:49.000000000 +1200 +++ squid-3.2.0.7/src/auth/negotiate/auth_negotiate.cc 2011-04-19 12:47:07.000000000 +1200 @@ -48,6 +48,7 @@ #include "HttpRequest.h" #include "SquidTime.h" #include "auth/negotiate/Scheme.h" +#include "auth/negotiate/User.h" #include "auth/negotiate/UserRequest.h" #include "wordlist.h" @@ -66,7 +67,7 @@ static int authnegotiate_initialised = 0; /// \ingroup AuthNegotiateInternal -AuthNegotiateConfig negotiateConfig; +Auth::Negotiate::Config negotiateConfig; /// \ingroup AuthNegotiateInternal static hash_table *proxy_auth_cache = NULL; @@ -78,7 +79,7 @@ */ void -AuthNegotiateConfig::rotateHelpers() +Auth::Negotiate::Config::rotateHelpers() { /* schedule closure of existing helpers */ if (negotiateauthenticators) { @@ -89,7 +90,7 @@ } void -AuthNegotiateConfig::done() +Auth::Negotiate::Config::done() { authnegotiate_initialised = 0; @@ -106,11 +107,11 @@ if (authenticateProgram) wordlistDestroy(&authenticateProgram); - debugs(29, 2, "negotiateScheme::done: Negotiate authentication Shutdown."); + debugs(29, DBG_IMPORTANT, "Reconfigure: Negotiate authentication configuration cleared."); } void -AuthNegotiateConfig::dump(StoreEntry * entry, const char *name, AuthConfig * scheme) +Auth::Negotiate::Config::dump(StoreEntry * entry, const char *name, Auth::Config * scheme) { wordlist *list = authenticateProgram; storeAppendPrintf(entry, "%s %s", name, "negotiate"); @@ -126,11 +127,11 @@ } -AuthNegotiateConfig::AuthNegotiateConfig() : keep_alive(1) +Auth::Negotiate::Config::Config() : keep_alive(1) { } void -AuthNegotiateConfig::parse(AuthConfig * scheme, int n_configured, char *param_str) +Auth::Negotiate::Config::parse(Auth::Config * scheme, int n_configured, char *param_str) { if (strcasecmp(param_str, "program") == 0) { if (authenticateProgram) @@ -144,12 +145,12 @@ } else if (strcasecmp(param_str, "keep_alive") == 0) { parse_onoff(&keep_alive); } else { - debugs(29, 0, "AuthNegotiateConfig::parse: unrecognised negotiate auth scheme parameter '" << param_str << "'"); + debugs(29, DBG_CRITICAL, "ERROR: unrecognised Negotiate auth scheme parameter '" << param_str << "'"); } } const char * -AuthNegotiateConfig::type() const +Auth::Negotiate::Config::type() const { return Auth::Negotiate::Scheme::GetInstance()->type(); } @@ -159,7 +160,7 @@ * Called AFTER parsing the config file */ void -AuthNegotiateConfig::init(AuthConfig * scheme) +Auth::Negotiate::Config::init(Auth::Config * scheme) { if (authenticateProgram) { @@ -186,7 +187,7 @@ } void -AuthNegotiateConfig::registerWithCacheManager(void) +Auth::Negotiate::Config::registerWithCacheManager(void) { Mgr::RegisterAction("negotiateauthenticator", "Negotiate User Authenticator Stats", @@ -194,27 +195,27 @@ } bool -AuthNegotiateConfig::active() const +Auth::Negotiate::Config::active() const { return authnegotiate_initialised == 1; } bool -AuthNegotiateConfig::configured() const +Auth::Negotiate::Config::configured() const { if (authenticateProgram && (authenticateChildren.n_max != 0)) { - debugs(29, 9, "AuthNegotiateConfig::configured: returning configured"); + debugs(29, 9, HERE << "returning configured"); return true; } - debugs(29, 9, "AuthNegotiateConfig::configured: returning unconfigured"); + debugs(29, 9, HERE << "returning unconfigured"); return false; } /* Negotiate Scheme */ void -AuthNegotiateConfig::fixHeader(AuthUserRequest::Pointer auth_user_request, HttpReply *rep, http_hdr_type reqType, HttpRequest * request) +Auth::Negotiate::Config::fixHeader(AuthUserRequest::Pointer auth_user_request, HttpReply *rep, http_hdr_type reqType, HttpRequest * request) { AuthNegotiateUserRequest *negotiate_request; @@ -227,7 +228,7 @@ /* New request, no user details */ if (auth_user_request == NULL) { - debugs(29, 9, "AuthNegotiateConfig::fixHeader: Sending type:" << reqType << " header: 'Negotiate'"); + debugs(29, 9, HERE << "Sending type:" << reqType << " header: 'Negotiate'"); httpHeaderPutStrf(&rep->header, reqType, "Negotiate"); if (!keep_alive) { @@ -241,59 +242,48 @@ switch (negotiate_request->user()->credentials()) { - case AuthUser::Failed: + case Auth::Failed: /* here it makes sense to drop the connection, as auth is * tied to it, even if MAYBE the client could handle it - Kinkie */ rep->header.delByName("keep-alive"); request->flags.proxy_keepalive = 0; /* fall through */ - case AuthUser::Ok: + case Auth::Ok: /* Special case: authentication finished OK but disallowed by ACL. * Need to start over to give the client another chance. */ if (negotiate_request->server_blob) { - debugs(29, 9, "authenticateNegotiateFixErrorHeader: Sending type:" << reqType << " header: 'Negotiate " << negotiate_request->server_blob << "'"); + debugs(29, 9, HERE << "Sending type:" << reqType << " header: 'Negotiate " << negotiate_request->server_blob << "'"); httpHeaderPutStrf(&rep->header, reqType, "Negotiate %s", negotiate_request->server_blob); safe_free(negotiate_request->server_blob); } else { - debugs(29, 9, "authenticateNegotiateFixErrorHeader: Connection authenticated"); + debugs(29, 9, HERE << "Connection authenticated"); httpHeaderPutStrf(&rep->header, reqType, "Negotiate"); } break; - case AuthUser::Unchecked: + case Auth::Unchecked: /* semantic change: do not drop the connection. * 2.5 implementation used to keep it open - Kinkie */ - debugs(29, 9, "AuthNegotiateConfig::fixHeader: Sending type:" << reqType << " header: 'Negotiate'"); + debugs(29, 9, HERE << "Sending type:" << reqType << " header: 'Negotiate'"); httpHeaderPutStrf(&rep->header, reqType, "Negotiate"); break; - case AuthUser::Handshake: + case Auth::Handshake: /* we're waiting for a response from the client. Pass it the blob */ - debugs(29, 9, "AuthNegotiateConfig::fixHeader: Sending type:" << reqType << " header: 'Negotiate " << negotiate_request->server_blob << "'"); + debugs(29, 9, HERE << "Sending type:" << reqType << " header: 'Negotiate " << negotiate_request->server_blob << "'"); httpHeaderPutStrf(&rep->header, reqType, "Negotiate %s", negotiate_request->server_blob); safe_free(negotiate_request->server_blob); break; default: - debugs(29, DBG_CRITICAL, "AuthNegotiateConfig::fixHeader: state " << negotiate_request->user()->credentials() << "."); + debugs(29, DBG_CRITICAL, "ERROR: Negotiate auth fixHeader: state " << negotiate_request->user()->credentials() << "."); fatal("unexpected state in AuthenticateNegotiateFixErrorHeader.\n"); } } } -NegotiateUser::~NegotiateUser() -{ - debugs(29, 5, "NegotiateUser::~NegotiateUser: doing nothing to clearNegotiate scheme data for '" << this << "'"); -} - -int32_t -NegotiateUser::ttl() const -{ - return -1; // Negotiate cannot be cached. -} - static void authenticateNegotiateStats(StoreEntry * sentry) { @@ -305,9 +295,9 @@ * Auth_user structure. */ AuthUserRequest::Pointer -AuthNegotiateConfig::decode(char const *proxy_auth) +Auth::Negotiate::Config::decode(char const *proxy_auth) { - NegotiateUser *newUser = new NegotiateUser(&negotiateConfig); + Auth::Negotiate::User *newUser = new Auth::Negotiate::User(&negotiateConfig); AuthUserRequest *auth_user_request = new AuthNegotiateUserRequest(); assert(auth_user_request->user() == NULL); @@ -315,11 +305,6 @@ auth_user_request->user()->auth_type = Auth::AUTH_NEGOTIATE; /* all we have to do is identify that it's Negotiate - the helper does the rest */ - debugs(29, 9, "AuthNegotiateConfig::decode: Negotiate authentication"); + debugs(29, 9, HERE << "decode Negotiate authentication"); return auth_user_request; } - -NegotiateUser::NegotiateUser(AuthConfig *aConfig) : AuthUser (aConfig) -{ - proxy_auth_list.head = proxy_auth_list.tail = NULL; -} diff -u -r -N squid-3.2.0.6/src/auth/negotiate/auth_negotiate.h squid-3.2.0.7/src/auth/negotiate/auth_negotiate.h --- squid-3.2.0.6/src/auth/negotiate/auth_negotiate.h 2011-04-04 14:42:49.000000000 +1200 +++ squid-3.2.0.7/src/auth/negotiate/auth_negotiate.h 2011-04-19 12:47:07.000000000 +1200 @@ -8,8 +8,6 @@ #include "auth/Config.h" #include "auth/Gadgets.h" -#include "auth/State.h" -#include "auth/User.h" #include "auth/UserRequest.h" #include "helper.h" @@ -21,45 +19,35 @@ /// \ingroup AuthNegotiateAPI #define DefaultAuthenticateChildrenMax 32 /* 32 processes */ -/// \ingroup AuthNegotiateAPI -class NegotiateUser : public AuthUser +namespace Auth { - -public: - MEMPROXY_CLASS(NegotiateUser); - NegotiateUser(AuthConfig *); - ~NegotiateUser(); - virtual int32_t ttl() const; - - dlink_list proxy_auth_list; -}; - -MEMPROXY_CLASS_INLINE(NegotiateUser); - -extern statefulhelper *negotiateauthenticators; - -/* configuration runtime data */ - -/// \ingroup AuthNegotiateAPI -class AuthNegotiateConfig : public AuthConfig +namespace Negotiate { +/** Negotiate Authentication configuration data */ +class Config : public Auth::Config +{ public: - AuthNegotiateConfig(); + Config(); virtual bool active() const; virtual bool configured() const; virtual AuthUserRequest::Pointer decode(char const *proxy_auth); virtual void done(); virtual void rotateHelpers(); - virtual void dump(StoreEntry *, const char *, AuthConfig *); + virtual void dump(StoreEntry *, const char *, Auth::Config *); virtual void fixHeader(AuthUserRequest::Pointer, HttpReply *, http_hdr_type, HttpRequest *); - virtual void init(AuthConfig *); - virtual void parse(AuthConfig *, int, char *); + virtual void init(Auth::Config *); + virtual void parse(Auth::Config *, int, char *); virtual void registerWithCacheManager(void); virtual const char * type() const; + +public: int keep_alive; }; -extern AuthNegotiateConfig negotiateConfig; +} // namespace Negotiate +} // namespace Auth + +extern statefulhelper *negotiateauthenticators; #endif diff -u -r -N squid-3.2.0.6/src/auth/negotiate/Makefile.am squid-3.2.0.7/src/auth/negotiate/Makefile.am --- squid-3.2.0.6/src/auth/negotiate/Makefile.am 2011-04-04 14:42:49.000000000 +1200 +++ squid-3.2.0.7/src/auth/negotiate/Makefile.am 2011-04-19 12:47:07.000000000 +1200 @@ -8,5 +8,7 @@ Scheme.h \ auth_negotiate.cc \ auth_negotiate.h \ + User.cc \ + User.h \ UserRequest.cc \ UserRequest.h diff -u -r -N squid-3.2.0.6/src/auth/negotiate/Makefile.in squid-3.2.0.7/src/auth/negotiate/Makefile.in --- squid-3.2.0.6/src/auth/negotiate/Makefile.in 2011-04-04 14:43:43.000000000 +1200 +++ squid-3.2.0.7/src/auth/negotiate/Makefile.in 2011-04-19 12:48:10.000000000 +1200 @@ -55,7 +55,7 @@ CONFIG_CLEAN_VPATH_FILES = LTLIBRARIES = $(noinst_LTLIBRARIES) libnegotiate_la_LIBADD = -am_libnegotiate_la_OBJECTS = Scheme.lo auth_negotiate.lo \ +am_libnegotiate_la_OBJECTS = Scheme.lo auth_negotiate.lo User.lo \ UserRequest.lo libnegotiate_la_OBJECTS = $(am_libnegotiate_la_OBJECTS) DEFAULT_INCLUDES = @@ -311,6 +311,8 @@ Scheme.h \ auth_negotiate.cc \ auth_negotiate.h \ + User.cc \ + User.h \ UserRequest.cc \ UserRequest.h @@ -376,6 +378,7 @@ -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/Scheme.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/User.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/UserRequest.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/auth_negotiate.Plo@am__quote@ diff -u -r -N squid-3.2.0.6/src/auth/negotiate/Scheme.cc squid-3.2.0.7/src/auth/negotiate/Scheme.cc --- squid-3.2.0.6/src/auth/negotiate/Scheme.cc 2011-04-04 14:42:49.000000000 +1200 +++ squid-3.2.0.7/src/auth/negotiate/Scheme.cc 2011-04-19 12:47:07.000000000 +1200 @@ -62,9 +62,9 @@ debugs(29, DBG_CRITICAL, "Shutdown: Negotiate authentication."); } -AuthConfig * +Auth::Config * Auth::Negotiate::Scheme::createConfig() { - AuthNegotiateConfig *negotiateCfg = new AuthNegotiateConfig; - return dynamic_cast(negotiateCfg); + Auth::Negotiate::Config *negotiateCfg = new Auth::Negotiate::Config; + return dynamic_cast(negotiateCfg); } diff -u -r -N squid-3.2.0.6/src/auth/negotiate/Scheme.h squid-3.2.0.7/src/auth/negotiate/Scheme.h --- squid-3.2.0.6/src/auth/negotiate/Scheme.h 2011-04-04 14:42:49.000000000 +1200 +++ squid-3.2.0.7/src/auth/negotiate/Scheme.h 2011-04-19 12:47:07.000000000 +1200 @@ -54,7 +54,7 @@ /* per scheme */ virtual char const *type() const; virtual void shutdownCleanup(); - virtual AuthConfig *createConfig(); + virtual Auth::Config *createConfig(); /* Not implemented */ Scheme (Scheme const &); diff -u -r -N squid-3.2.0.6/src/auth/negotiate/User.cc squid-3.2.0.7/src/auth/negotiate/User.cc --- squid-3.2.0.6/src/auth/negotiate/User.cc 1970-01-01 12:00:00.000000000 +1200 +++ squid-3.2.0.7/src/auth/negotiate/User.cc 2011-04-19 12:47:07.000000000 +1200 @@ -0,0 +1,21 @@ +#include "config.h" +#include "auth/Config.h" +#include "auth/negotiate/User.h" +#include "Debug.h" + +Auth::Negotiate::User::User(Auth::Config *aConfig) : + Auth::User(aConfig) +{ + proxy_auth_list.head = proxy_auth_list.tail = NULL; +} + +Auth::Negotiate::User::~User() +{ + debugs(29, 5, HERE << "doing nothing to clear Negotiate scheme data for '" << this << "'"); +} + +int32_t +Auth::Negotiate::User::ttl() const +{ + return -1; // Negotiate cannot be cached. +} diff -u -r -N squid-3.2.0.6/src/auth/negotiate/User.h squid-3.2.0.7/src/auth/negotiate/User.h --- squid-3.2.0.6/src/auth/negotiate/User.h 1970-01-01 12:00:00.000000000 +1200 +++ squid-3.2.0.7/src/auth/negotiate/User.h 2011-04-19 12:47:07.000000000 +1200 @@ -0,0 +1,31 @@ +#ifndef _SQUID_AUTH_NEGOTIATE_USER_H +#define _SQUID_AUTH_NEGOTIATE_USER_H + +#include "auth/User.h" + +namespace Auth +{ + +class Config; + +namespace Negotiate +{ + +/** User credentials for the Negotiate authentication protocol */ +class User : public Auth::User +{ +public: + MEMPROXY_CLASS(Auth::Negotiate::User); + User(Auth::Config *); + ~User(); + virtual int32_t ttl() const; + + dlink_list proxy_auth_list; +}; + +MEMPROXY_CLASS_INLINE(Auth::Negotiate::User); + +} // namespace Negotiate +} // namespace Auth + +#endif /* _SQUID_AUTH_NEGOTIATE_USER_H */ diff -u -r -N squid-3.2.0.6/src/auth/negotiate/UserRequest.cc squid-3.2.0.7/src/auth/negotiate/UserRequest.cc --- squid-3.2.0.6/src/auth/negotiate/UserRequest.cc 2011-04-04 14:42:49.000000000 +1200 +++ squid-3.2.0.7/src/auth/negotiate/UserRequest.cc 2011-04-19 12:47:07.000000000 +1200 @@ -1,6 +1,7 @@ #include "config.h" #include "auth/negotiate/auth_negotiate.h" #include "auth/negotiate/UserRequest.h" +#include "auth/State.h" #include "auth/User.h" #include "helper.h" #include "HttpReply.h" @@ -48,7 +49,7 @@ int AuthNegotiateUserRequest::authenticated() const { - if (user() != NULL && user()->credentials() == AuthUser::Ok) { + if (user() != NULL && user()->credentials() == Auth::Ok) { debugs(29, 9, HERE << "user authenticated."); return 1; } @@ -71,14 +72,14 @@ switch (user()->credentials()) { - case AuthUser::Handshake: + case Auth::Handshake: assert(server_blob); return 1; /* send to client */ - case AuthUser::Ok: + case Auth::Ok: return 0; /* do nothing */ - case AuthUser::Failed: + case Auth::Failed: return -2; default: @@ -121,7 +122,7 @@ debugs(29, 8, HERE << "auth state is '" << user()->credentials() << "'"); - if (static_cast(AuthConfig::Find("negotiate"))->authenticateProgram == NULL) { + if (static_cast(Auth::Config::Find("negotiate"))->authenticateProgram == NULL) { debugs(29, DBG_CRITICAL, "ERROR: No Negotiate authentication program configured."); handler(data, NULL); return; @@ -132,7 +133,7 @@ r->data = cbdataReference(data); r->auth_user_request = this; - if (user()->credentials() == AuthUser::Pending) { + if (user()->credentials() == Auth::Pending) { snprintf(buf, MAX_AUTHTOKEN_LEN, "YR %s\n", client_blob); //CHECKME: can ever client_blob be 0 here? } else { snprintf(buf, MAX_AUTHTOKEN_LEN, "KK %s\n", client_blob); @@ -187,7 +188,7 @@ /** Check that we are in the client side, where we can generate auth challenges */ if (conn == NULL) { - user()->credentials(AuthUser::Failed); + user()->credentials(Auth::Failed); debugs(29, DBG_IMPORTANT, "WARNING: Negotiate Authentication attempt to perform authentication without a connection!"); return; } @@ -221,10 +222,10 @@ switch (user()->credentials()) { - case AuthUser::Unchecked: + case Auth::Unchecked: /* we've received a negotiate request. pass to a helper */ debugs(29, 9, HERE << "auth state negotiate none. Received blob: '" << proxy_auth << "'"); - user()->credentials(AuthUser::Pending); + user()->credentials(Auth::Pending); safe_free(client_blob); client_blob=xstrdup(blob); assert(conn->auth_user_request == NULL); @@ -233,11 +234,11 @@ HTTPMSGLOCK(request); break; - case AuthUser::Pending: + case Auth::Pending: debugs(29, 1, HERE << "need to ask helper"); break; - case AuthUser::Handshake: + case Auth::Handshake: /* we should have received a blob from the client. Hand it off to * some helper */ safe_free(client_blob); @@ -248,11 +249,11 @@ HTTPMSGLOCK(request); break; - case AuthUser::Ok: + case Auth::Ok: fatal("AuthNegotiateUserRequest::authenticate: unexpected auth state DONE! Report a bug to the squid developers.\n"); break; - case AuthUser::Failed: + case Auth::Failed: /* we've failed somewhere in authentication */ debugs(29, 9, HERE << "auth state negotiate failed. " << proxy_auth); break; @@ -320,11 +321,11 @@ negotiate_request->request->flags.must_keepalive = 1; if (negotiate_request->request->flags.proxy_keepalive) { negotiate_request->server_blob = xstrdup(blob); - auth_user_request->user()->credentials(AuthUser::Handshake); + auth_user_request->user()->credentials(Auth::Handshake); auth_user_request->denyMessage("Authentication in progress"); debugs(29, 4, HERE << "Need to challenge the client with a server blob '" << blob << "'"); } else { - auth_user_request->user()->credentials(AuthUser::Failed); + auth_user_request->user()->credentials(Auth::Failed); auth_user_request->denyMessage("NTLM authentication requires a persistent connection"); } } else if (strncasecmp(reply, "AF ", 3) == 0 && arg != NULL) { @@ -338,15 +339,13 @@ safe_free(negotiate_request->server_blob); negotiate_request->server_blob = xstrdup(blob); negotiate_request->releaseAuthServer(); - auth_user_request->user()->credentials(AuthUser::Ok); - debugs(29, 4, HERE << "Successfully validated user via Negotiate. Username '" << blob << "'"); /* connection is authenticated */ debugs(29, 4, HERE << "authenticated user " << auth_user_request->user()->username()); /* see if this is an existing user with a different proxy_auth * string */ AuthUserHashPointer *usernamehash = static_cast(hash_lookup(proxy_auth_username_cache, auth_user_request->user()->username())); - AuthUser::Pointer local_auth_user = negotiate_request->user(); + Auth::User::Pointer local_auth_user = negotiate_request->user(); while (usernamehash && (usernamehash->user()->auth_type != Auth::AUTH_NEGOTIATE || strcmp(usernamehash->user()->username(), auth_user_request->user()->username()) != 0)) usernamehash = static_cast(usernamehash->next); @@ -356,9 +355,9 @@ * Just free the temporary auth_user after merging as * much of it new state into the existing one as possible */ usernamehash->user()->absorb(local_auth_user); - local_auth_user = usernamehash->user(); /* from here on we are working with the original cached credentials. */ - negotiate_request->_auth_user = local_auth_user; + local_auth_user = usernamehash->user(); + auth_user_request->user(local_auth_user); } else { /* store user in hash's */ local_auth_user->addToNameCache(); @@ -366,8 +365,8 @@ /* set these to now because this is either a new login from an * existing user or a new user */ local_auth_user->expiretime = current_time.tv_sec; - negotiate_request->releaseAuthServer(); - negotiate_request->user()->credentials(AuthUser::Ok); + auth_user_request->user()->credentials(Auth::Ok); + debugs(29, 4, HERE << "Successfully validated user via Negotiate. Username '" << blob << "'"); } else if (strncasecmp(reply, "NA ", 3) == 0 && arg != NULL) { /* authentication failure (wrong password, etc.) */ @@ -376,7 +375,7 @@ *arg++ = '\0'; auth_user_request->denyMessage(arg); - negotiate_request->user()->credentials(AuthUser::Failed); + negotiate_request->user()->credentials(Auth::Failed); safe_free(negotiate_request->server_blob); negotiate_request->server_blob = xstrdup(blob); negotiate_request->releaseAuthServer(); @@ -388,7 +387,7 @@ * If after a KK deny the user's request w/ 407 and mark the helper as * Needing YR. */ auth_user_request->denyMessage(blob); - auth_user_request->user()->credentials(AuthUser::Failed); + auth_user_request->user()->credentials(Auth::Failed); safe_free(negotiate_request->server_blob); negotiate_request->releaseAuthServer(); debugs(29, DBG_IMPORTANT, "ERROR: Negotiate Authentication validating user. Error returned '" << reply << "'"); diff -u -r -N squid-3.2.0.6/src/auth/ntlm/auth_ntlm.cc squid-3.2.0.7/src/auth/ntlm/auth_ntlm.cc --- squid-3.2.0.6/src/auth/ntlm/auth_ntlm.cc 2011-04-04 14:42:49.000000000 +1200 +++ squid-3.2.0.7/src/auth/ntlm/auth_ntlm.cc 2011-04-19 12:47:07.000000000 +1200 @@ -41,6 +41,7 @@ #include "auth/Gadgets.h" #include "auth/ntlm/auth_ntlm.h" #include "auth/ntlm/Scheme.h" +#include "auth/ntlm/User.h" #include "auth/ntlm/UserRequest.h" #include "auth/State.h" #include "mgr/Registration.h" @@ -66,7 +67,7 @@ */ void -AuthNTLMConfig::rotateHelpers() +Auth::Ntlm::Config::rotateHelpers() { /* schedule closure of existing helpers */ if (ntlmauthenticators) { @@ -78,7 +79,7 @@ /* free any allocated configuration details */ void -AuthNTLMConfig::done() +Auth::Ntlm::Config::done() { authntlm_initialised = 0; @@ -95,11 +96,11 @@ if (authenticateProgram) wordlistDestroy(&authenticateProgram); - debugs(29, 2, "ntlmScheme::done: NTLM authentication Shutdown."); + debugs(29, DBG_IMPORTANT, "Reconfigure: NTLM authentication configuration cleared."); } void -AuthNTLMConfig::dump(StoreEntry * entry, const char *name, AuthConfig * scheme) +Auth::Ntlm::Config::dump(StoreEntry * entry, const char *name, Auth::Config * scheme) { wordlist *list = authenticateProgram; storeAppendPrintf(entry, "%s %s", name, "ntlm"); @@ -115,11 +116,11 @@ } -AuthNTLMConfig::AuthNTLMConfig() : keep_alive(1) +Auth::Ntlm::Config::Config() : keep_alive(1) { } void -AuthNTLMConfig::parse(AuthConfig * scheme, int n_configured, char *param_str) +Auth::Ntlm::Config::parse(Auth::Config * scheme, int n_configured, char *param_str) { if (strcasecmp(param_str, "program") == 0) { if (authenticateProgram) @@ -133,12 +134,12 @@ } else if (strcasecmp(param_str, "keep_alive") == 0) { parse_onoff(&keep_alive); } else { - debugs(29, 0, "AuthNTLMConfig::parse: unrecognised ntlm auth scheme parameter '" << param_str << "'"); + debugs(29, DBG_CRITICAL, "ERROR unrecognised NTLM auth scheme parameter '" << param_str << "'"); } } const char * -AuthNTLMConfig::type() const +Auth::Ntlm::Config::type() const { return Auth::Ntlm::Scheme::GetInstance()->type(); } @@ -146,7 +147,7 @@ /* Initialize helpers and the like for this auth scheme. Called AFTER parsing the * config file */ void -AuthNTLMConfig::init(AuthConfig * scheme) +Auth::Ntlm::Config::init(Auth::Config * scheme) { if (authenticateProgram) { @@ -173,7 +174,7 @@ } void -AuthNTLMConfig::registerWithCacheManager(void) +Auth::Ntlm::Config::registerWithCacheManager(void) { Mgr::RegisterAction("ntlmauthenticator", "NTLM User Authenticator Stats", @@ -181,27 +182,27 @@ } bool -AuthNTLMConfig::active() const +Auth::Ntlm::Config::active() const { return authntlm_initialised == 1; } bool -AuthNTLMConfig::configured() const +Auth::Ntlm::Config::configured() const { if ((authenticateProgram != NULL) && (authenticateChildren.n_max != 0)) { - debugs(29, 9, "AuthNTLMConfig::configured: returning configured"); + debugs(29, 9, HERE << "returning configured"); return true; } - debugs(29, 9, "AuthNTLMConfig::configured: returning unconfigured"); + debugs(29, 9, HERE << "returning unconfigured"); return false; } /* NTLM Scheme */ void -AuthNTLMConfig::fixHeader(AuthUserRequest::Pointer auth_user_request, HttpReply *rep, http_hdr_type hdrType, HttpRequest * request) +Auth::Ntlm::Config::fixHeader(AuthUserRequest::Pointer auth_user_request, HttpReply *rep, http_hdr_type hdrType, HttpRequest * request) { if (!authenticateProgram) return; @@ -212,7 +213,7 @@ /* New request, no user details */ if (auth_user_request == NULL) { - debugs(29, 9, "AuthNTLMConfig::fixHeader: Sending type:" << hdrType << " header: 'NTLM'"); + debugs(29, 9, HERE << "Sending type:" << hdrType << " header: 'NTLM'"); httpHeaderPutStrf(&rep->header, hdrType, "NTLM"); if (!keep_alive) { @@ -225,50 +226,39 @@ switch (ntlm_request->user()->credentials()) { - case AuthUser::Failed: + case Auth::Failed: /* here it makes sense to drop the connection, as auth is * tied to it, even if MAYBE the client could handle it - Kinkie */ request->flags.proxy_keepalive = 0; /* fall through */ - case AuthUser::Ok: + case Auth::Ok: /* Special case: authentication finished OK but disallowed by ACL. * Need to start over to give the client another chance. */ /* fall through */ - case AuthUser::Unchecked: + case Auth::Unchecked: /* semantic change: do not drop the connection. * 2.5 implementation used to keep it open - Kinkie */ - debugs(29, 9, "AuthNTLMConfig::fixHeader: Sending type:" << hdrType << " header: 'NTLM'"); + debugs(29, 9, HERE << "Sending type:" << hdrType << " header: 'NTLM'"); httpHeaderPutStrf(&rep->header, hdrType, "NTLM"); break; - case AuthUser::Handshake: + case Auth::Handshake: /* we're waiting for a response from the client. Pass it the blob */ - debugs(29, 9, "AuthNTLMConfig::fixHeader: Sending type:" << hdrType << " header: 'NTLM " << ntlm_request->server_blob << "'"); + debugs(29, 9, HERE << "Sending type:" << hdrType << " header: 'NTLM " << ntlm_request->server_blob << "'"); httpHeaderPutStrf(&rep->header, hdrType, "NTLM %s", ntlm_request->server_blob); safe_free(ntlm_request->server_blob); break; default: - debugs(29, DBG_CRITICAL, "AuthNTLMConfig::fixHeader: state " << ntlm_request->user()->credentials() << "."); + debugs(29, DBG_CRITICAL, "NTLM Auth fixHeader: state " << ntlm_request->user()->credentials() << "."); fatal("unexpected state in AuthenticateNTLMFixErrorHeader.\n"); } } } -NTLMUser::~NTLMUser() -{ - debugs(29, 5, "NTLMUser::~NTLMUser: doing nothing to clearNTLM scheme data for '" << this << "'"); -} - -int32_t -NTLMUser::ttl() const -{ - return -1; // NTLM credentials cannot be cached. -} - static void authenticateNTLMStats(StoreEntry * sentry) { @@ -280,9 +270,9 @@ * Auth_user structure. */ AuthUserRequest::Pointer -AuthNTLMConfig::decode(char const *proxy_auth) +Auth::Ntlm::Config::decode(char const *proxy_auth) { - NTLMUser *newUser = new NTLMUser(AuthConfig::Find("ntlm")); + Auth::Ntlm::User *newUser = new Auth::Ntlm::User(Auth::Config::Find("ntlm")); AuthUserRequest::Pointer auth_user_request = new AuthNTLMUserRequest(); assert(auth_user_request->user() == NULL); @@ -290,11 +280,6 @@ auth_user_request->user()->auth_type = Auth::AUTH_NTLM; /* all we have to do is identify that it's NTLM - the helper does the rest */ - debugs(29, 9, "AuthNTLMConfig::decode: NTLM authentication"); + debugs(29, 9, HERE << "decode: NTLM authentication"); return auth_user_request; } - -NTLMUser::NTLMUser (AuthConfig *aConfig) : AuthUser (aConfig) -{ - proxy_auth_list.head = proxy_auth_list.tail = NULL; -} diff -u -r -N squid-3.2.0.6/src/auth/ntlm/auth_ntlm.h squid-3.2.0.7/src/auth/ntlm/auth_ntlm.h --- squid-3.2.0.6/src/auth/ntlm/auth_ntlm.h 2011-04-04 14:42:49.000000000 +1200 +++ squid-3.2.0.7/src/auth/ntlm/auth_ntlm.h 2011-04-19 12:47:07.000000000 +1200 @@ -6,52 +6,43 @@ #ifndef __AUTH_NTLM_H__ #define __AUTH_NTLM_H__ #include "auth/Gadgets.h" -#include "auth/User.h" #include "auth/UserRequest.h" #include "auth/Config.h" #include "helper.h" #define DefaultAuthenticateChildrenMax 32 /* 32 processes */ -class NTLMUser : public AuthUser -{ - -public: - MEMPROXY_CLASS(NTLMUser); - NTLMUser(AuthConfig *); - ~NTLMUser(); - - virtual int32_t ttl() const; - - dlink_list proxy_auth_list; -}; - -MEMPROXY_CLASS_INLINE(NTLMUser); +class HttpRequest; +class StoreEntry; -typedef class NTLMUser ntlm_user_t; - -/* configuration runtime data */ - -class AuthNTLMConfig : public AuthConfig +namespace Auth +{ +namespace Ntlm { +/** NTLM Authentication configuration data */ +class Config : public Auth::Config +{ public: - AuthNTLMConfig(); + Config(); virtual bool active() const; virtual bool configured() const; virtual AuthUserRequest::Pointer decode(char const *proxy_auth); virtual void done(); virtual void rotateHelpers(); - virtual void dump(StoreEntry *, const char *, AuthConfig *); + virtual void dump(StoreEntry *, const char *, Auth::Config *); virtual void fixHeader(AuthUserRequest::Pointer, HttpReply *, http_hdr_type, HttpRequest *); - virtual void init(AuthConfig *); - virtual void parse(AuthConfig *, int, char *); + virtual void init(Auth::Config *); + virtual void parse(Auth::Config *, int, char *); virtual void registerWithCacheManager(void); virtual const char * type() const; + +public: int keep_alive; }; -typedef class AuthNTLMConfig auth_ntlm_config; +} // namespace Ntlm +} // namespace Auth extern statefulhelper *ntlmauthenticators; diff -u -r -N squid-3.2.0.6/src/auth/ntlm/Makefile.am squid-3.2.0.7/src/auth/ntlm/Makefile.am --- squid-3.2.0.6/src/auth/ntlm/Makefile.am 2011-04-04 14:42:49.000000000 +1200 +++ squid-3.2.0.7/src/auth/ntlm/Makefile.am 2011-04-19 12:47:07.000000000 +1200 @@ -8,5 +8,7 @@ Scheme.h \ auth_ntlm.cc \ auth_ntlm.h \ + User.cc \ + User.h \ UserRequest.cc \ UserRequest.h diff -u -r -N squid-3.2.0.6/src/auth/ntlm/Makefile.in squid-3.2.0.7/src/auth/ntlm/Makefile.in --- squid-3.2.0.6/src/auth/ntlm/Makefile.in 2011-04-04 14:43:44.000000000 +1200 +++ squid-3.2.0.7/src/auth/ntlm/Makefile.in 2011-04-19 12:48:11.000000000 +1200 @@ -55,7 +55,7 @@ CONFIG_CLEAN_VPATH_FILES = LTLIBRARIES = $(noinst_LTLIBRARIES) libntlm_la_LIBADD = -am_libntlm_la_OBJECTS = Scheme.lo auth_ntlm.lo UserRequest.lo +am_libntlm_la_OBJECTS = Scheme.lo auth_ntlm.lo User.lo UserRequest.lo libntlm_la_OBJECTS = $(am_libntlm_la_OBJECTS) DEFAULT_INCLUDES = depcomp = $(SHELL) $(top_srcdir)/cfgaux/depcomp @@ -310,6 +310,8 @@ Scheme.h \ auth_ntlm.cc \ auth_ntlm.h \ + User.cc \ + User.h \ UserRequest.cc \ UserRequest.h @@ -375,6 +377,7 @@ -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/Scheme.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/User.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/UserRequest.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/auth_ntlm.Plo@am__quote@ diff -u -r -N squid-3.2.0.6/src/auth/ntlm/Scheme.cc squid-3.2.0.7/src/auth/ntlm/Scheme.cc --- squid-3.2.0.6/src/auth/ntlm/Scheme.cc 2011-04-04 14:42:49.000000000 +1200 +++ squid-3.2.0.7/src/auth/ntlm/Scheme.cc 2011-04-19 12:47:07.000000000 +1200 @@ -63,9 +63,9 @@ debugs(29, DBG_CRITICAL, "Shutdown: NTLM authentication."); } -AuthConfig * +Auth::Config * Auth::Ntlm::Scheme::createConfig() { - auth_ntlm_config *ntlmCfg = new auth_ntlm_config; - return dynamic_cast(ntlmCfg); + Auth::Ntlm::Config *ntlmCfg = new Auth::Ntlm::Config; + return dynamic_cast(ntlmCfg); } diff -u -r -N squid-3.2.0.6/src/auth/ntlm/Scheme.h squid-3.2.0.7/src/auth/ntlm/Scheme.h --- squid-3.2.0.6/src/auth/ntlm/Scheme.h 2011-04-04 14:42:49.000000000 +1200 +++ squid-3.2.0.7/src/auth/ntlm/Scheme.h 2011-04-19 12:47:07.000000000 +1200 @@ -54,7 +54,7 @@ /* per scheme */ virtual char const *type() const; virtual void shutdownCleanup(); - virtual AuthConfig *createConfig(); + virtual Auth::Config *createConfig(); /* Not implemented */ Scheme (Scheme const &); diff -u -r -N squid-3.2.0.6/src/auth/ntlm/User.cc squid-3.2.0.7/src/auth/ntlm/User.cc --- squid-3.2.0.6/src/auth/ntlm/User.cc 1970-01-01 12:00:00.000000000 +1200 +++ squid-3.2.0.7/src/auth/ntlm/User.cc 2011-04-19 12:47:07.000000000 +1200 @@ -0,0 +1,21 @@ +#include "config.h" +#include "auth/Config.h" +#include "auth/ntlm/User.h" +#include "Debug.h" + +Auth::Ntlm::User::User(Auth::Config *aConfig) : + Auth::User(aConfig) +{ + proxy_auth_list.head = proxy_auth_list.tail = NULL; +} + +Auth::Ntlm::User::~User() +{ + debugs(29, 5, HERE << "doing nothing to clear NTLM scheme data for '" << this << "'"); +} + +int32_t +Auth::Ntlm::User::ttl() const +{ + return -1; // NTLM credentials cannot be cached. +} diff -u -r -N squid-3.2.0.6/src/auth/ntlm/User.h squid-3.2.0.7/src/auth/ntlm/User.h --- squid-3.2.0.6/src/auth/ntlm/User.h 1970-01-01 12:00:00.000000000 +1200 +++ squid-3.2.0.7/src/auth/ntlm/User.h 2011-04-19 12:47:07.000000000 +1200 @@ -0,0 +1,32 @@ +#ifndef _SQUID_AUTH_NTLM_USER_H +#define _SQUID_AUTH_NTLM_USER_H + +#include "auth/User.h" + +namespace Auth +{ + +class Config; + +namespace Ntlm +{ + +/** User credentials for the NTLM authentication protocol */ +class User : public Auth::User +{ +public: + MEMPROXY_CLASS(Auth::Ntlm::User); + User(Auth::Config *); + ~User(); + + virtual int32_t ttl() const; + + dlink_list proxy_auth_list; +}; + +MEMPROXY_CLASS_INLINE(Auth::Ntlm::User); + +} // namespace Ntlm +} // namespace Auth + +#endif /* _SQUID_AUTH_NTLM_USER_H */ diff -u -r -N squid-3.2.0.6/src/auth/ntlm/UserRequest.cc squid-3.2.0.7/src/auth/ntlm/UserRequest.cc --- squid-3.2.0.6/src/auth/ntlm/UserRequest.cc 2011-04-04 14:42:49.000000000 +1200 +++ squid-3.2.0.7/src/auth/ntlm/UserRequest.cc 2011-04-19 12:47:07.000000000 +1200 @@ -51,14 +51,14 @@ switch (user()->credentials()) { - case AuthUser::Handshake: + case Auth::Handshake: assert(server_blob); return 1; /* send to client */ - case AuthUser::Ok: + case Auth::Ok: return 0; /* do nothing */ - case AuthUser::Failed: + case Auth::Failed: return -2; default: @@ -79,7 +79,7 @@ debugs(29, 8, HERE << "credentials state is '" << user()->credentials() << "'"); - if (static_cast(AuthConfig::Find("ntlm"))->authenticateProgram == NULL) { + if (static_cast(Auth::Config::Find("ntlm"))->authenticateProgram == NULL) { debugs(29, DBG_CRITICAL, "ERROR: NTLM Start: no NTLM program configured."); handler(data, NULL); return; @@ -90,7 +90,7 @@ r->data = cbdataReference(data); r->auth_user_request = this; - if (user()->credentials() == AuthUser::Pending) { + if (user()->credentials() == Auth::Pending) { snprintf(buf, 8192, "YR %s\n", client_blob); //CHECKME: can ever client_blob be 0 here? } else { snprintf(buf, 8192, "KK %s\n", client_blob); @@ -141,7 +141,7 @@ int AuthNTLMUserRequest::authenticated() const { - if (user()->credentials() == AuthUser::Ok) { + if (user()->credentials() == Auth::Ok) { debugs(29, 9, "AuthNTLMUserRequest::authenticated: user authenticated."); return 1; } @@ -162,7 +162,7 @@ * auth challenges */ if (conn == NULL || !cbdataReferenceValid(conn)) { - user()->credentials(AuthUser::Failed); + user()->credentials(Auth::Failed); debugs(29, 1, "AuthNTLMUserRequest::authenticate: attempt to perform authentication without a connection!"); return; } @@ -197,10 +197,10 @@ switch (user()->credentials()) { - case AuthUser::Unchecked: + case Auth::Unchecked: /* we've received a ntlm request. pass to a helper */ debugs(29, 9, "AuthNTLMUserRequest::authenticate: auth state ntlm none. Received blob: '" << proxy_auth << "'"); - user()->credentials(AuthUser::Pending); + user()->credentials(Auth::Pending); safe_free(client_blob); client_blob=xstrdup(blob); assert(conn->auth_user_request == NULL); @@ -209,11 +209,11 @@ HTTPMSGLOCK(request); break; - case AuthUser::Pending: + case Auth::Pending: debugs(29, 1, "AuthNTLMUserRequest::authenticate: need to ask helper"); break; - case AuthUser::Handshake: + case Auth::Handshake: /* we should have received a blob from the client. Hand it off to * some helper */ safe_free(client_blob); @@ -225,11 +225,11 @@ HTTPMSGLOCK(request); break; - case AuthUser::Ok: + case Auth::Ok: fatal("AuthNTLMUserRequest::authenticate: unexpect auth state DONE! Report a bug to the squid developers.\n"); break; - case AuthUser::Failed: + case Auth::Failed: /* we've failed somewhere in authentication */ debugs(29, 9, "AuthNTLMUserRequest::authenticate: auth state ntlm failed. " << proxy_auth); break; @@ -287,11 +287,11 @@ ntlm_request->request->flags.must_keepalive = 1; if (ntlm_request->request->flags.proxy_keepalive) { ntlm_request->server_blob = xstrdup(blob); - ntlm_request->user()->credentials(AuthUser::Handshake); + ntlm_request->user()->credentials(Auth::Handshake); auth_user_request->denyMessage("Authentication in progress"); debugs(29, 4, "authenticateNTLMHandleReply: Need to challenge the client with a server blob '" << blob << "'"); } else { - ntlm_request->user()->credentials(AuthUser::Failed); + ntlm_request->user()->credentials(Auth::Failed); auth_user_request->denyMessage("NTLM authentication requires a persistent connection"); } } else if (strncasecmp(reply, "AF ", 3) == 0) { @@ -306,17 +306,18 @@ /* see if this is an existing user with a different proxy_auth * string */ auth_user_hash_pointer *usernamehash = static_cast(hash_lookup(proxy_auth_username_cache, auth_user_request->user()->username())); - AuthUser::Pointer local_auth_user = ntlm_request->user(); + Auth::User::Pointer local_auth_user = ntlm_request->user(); while (usernamehash && (usernamehash->user()->auth_type != Auth::AUTH_NTLM || strcmp(usernamehash->user()->username(), auth_user_request->user()->username()) != 0)) usernamehash = static_cast(usernamehash->next); if (usernamehash) { /* we can't seamlessly recheck the username due to the * challenge-response nature of the protocol. - * Just free the temporary auth_user */ + * Just free the temporary auth_user after merging as + * much of it new state into the existing one as possible */ usernamehash->user()->absorb(local_auth_user); local_auth_user = usernamehash->user(); - ntlm_request->_auth_user = local_auth_user; + auth_user_request->user(local_auth_user); } else { /* store user in hash's */ local_auth_user->addToNameCache(); @@ -325,11 +326,11 @@ * existing user or a new user */ local_auth_user->expiretime = current_time.tv_sec; ntlm_request->releaseAuthServer(); - local_auth_user->credentials(AuthUser::Ok); + local_auth_user->credentials(Auth::Ok); } else if (strncasecmp(reply, "NA ", 3) == 0) { /* authentication failure (wrong password, etc.) */ auth_user_request->denyMessage(blob); - ntlm_request->user()->credentials(AuthUser::Failed); + ntlm_request->user()->credentials(Auth::Failed); safe_free(ntlm_request->server_blob); ntlm_request->releaseAuthServer(); debugs(29, 4, "authenticateNTLMHandleReply: Failed validating user via NTLM. Error returned '" << blob << "'"); @@ -340,7 +341,7 @@ * If after a KK deny the user's request w/ 407 and mark the helper as * Needing YR. */ auth_user_request->denyMessage(blob); - auth_user_request->user()->credentials(AuthUser::Failed); + auth_user_request->user()->credentials(Auth::Failed); safe_free(ntlm_request->server_blob); ntlm_request->releaseAuthServer(); debugs(29, 1, "authenticateNTLMHandleReply: Error validating user via NTLM. Error returned '" << reply << "'"); diff -u -r -N squid-3.2.0.6/src/auth/Scheme.h squid-3.2.0.7/src/auth/Scheme.h --- squid-3.2.0.6/src/auth/Scheme.h 2011-04-04 14:42:49.000000000 +1200 +++ squid-3.2.0.7/src/auth/Scheme.h 2011-04-19 12:47:07.000000000 +1200 @@ -38,8 +38,6 @@ #include "Array.h" #include "RefCount.h" -class AuthConfig; - /** \defgroup AuthSchemeAPI Authentication Scheme API \ingroup AuthAPI @@ -48,6 +46,8 @@ namespace Auth { +class Config; + /** * \ingroup AuthAPI * \ingroup AuthSchemeAPI @@ -56,8 +56,7 @@ * store the scheme metadata. * \par * Should we need multiple configs of a single scheme, - * a new class AuthConfiguration should be made, and the - * config specific calls on Auth::Scheme moved to it. + * a new class should be made, and the config specific calls on Auth::Scheme moved to it. */ class Scheme : public RefCountable { @@ -90,7 +89,7 @@ /* per scheme methods */ virtual char const *type() const = 0; virtual void shutdownCleanup() = 0; - virtual AuthConfig *createConfig() = 0; + virtual Auth::Config *createConfig() = 0; // Not implemented Scheme(Scheme const &); diff -u -r -N squid-3.2.0.6/src/auth/User.cc squid-3.2.0.7/src/auth/User.cc --- squid-3.2.0.6/src/auth/User.cc 2011-04-04 14:42:49.000000000 +1200 +++ squid-3.2.0.7/src/auth/User.cc 2011-04-19 12:47:07.000000000 +1200 @@ -51,33 +51,30 @@ // This should be converted into a pooled type. Does not need to be cbdata CBDATA_TYPE(AuthUserIP); -time_t AuthUser::last_discard = 0; +time_t Auth::User::last_discard = 0; -const char *CredentialsState_str[] = { "Unchecked", "Ok", "Pending", "Handshake", "Failed" }; - - -AuthUser::AuthUser(AuthConfig *aConfig) : +Auth::User::User(Auth::Config *aConfig) : auth_type(Auth::AUTH_UNKNOWN), config(aConfig), ipcount(0), expiretime(0), - credentials_state(Unchecked), + credentials_state(Auth::Unchecked), username_(NULL) { proxy_auth_list.head = proxy_auth_list.tail = NULL; proxy_match_cache.head = proxy_match_cache.tail = NULL; ip_list.head = ip_list.tail = NULL; - debugs(29, 5, "AuthUser::AuthUser: Initialised auth_user '" << this << "'."); + debugs(29, 5, HERE << "Initialised auth_user '" << this << "'."); } -AuthUser::CredentialsState -AuthUser::credentials() const +Auth::CredentialState +Auth::User::credentials() const { return credentials_state; } void -AuthUser::credentials(CredentialsState newCreds) +Auth::User::credentials(CredentialState newCreds) { credentials_state = newCreds; } @@ -89,26 +86,19 @@ * two users _can_ be merged without invalidating all the request * scheme data. The scheme is also responsible for merging any user * related scheme data itself. + * The caller is responsible for altering all refcount pointers to + * the 'from' object. They are invalid once this method is complete. */ void -AuthUser::absorb(AuthUser::Pointer from) +Auth::User::absorb(Auth::User::Pointer from) { - - /* RefCount children CANNOT be merged like this. The external AuthUser::Pointer's cannot be changed. */ - - /* check that we only have the two references: - * 1) our function scope - * 2) the parsing function scope) - */ - assert(from->RefCountCount() == 2); - /* * XXX Incomplete: it should merge in hash references too and ask the module to merge in scheme data * dlink_list proxy_auth_list; * dlink_list proxy_match_cache; */ - debugs(29, 5, "authenticateAuthUserMerge auth_user '" << from << "' into auth_user '" << this << "'."); + debugs(29, 5, HERE << "auth_user '" << from << "' into auth_user '" << this << "'."); /* absorb the list of IP address sources (for max_user_ip controls) */ AuthUserIP *new_ipdata; @@ -116,7 +106,7 @@ new_ipdata = static_cast(from->ip_list.head->data); /* If this IP has expired - ignore the expensive merge actions. */ - if (new_ipdata->ip_expiretime + Config.authenticateIpTTL < squid_curtime) { + if (new_ipdata->ip_expiretime + ::Config.authenticateIpTTL < squid_curtime) { /* This IP has expired - remove from the source list */ dlinkDelete(&new_ipdata->node, &(from->ip_list)); cbdataFree(new_ipdata); @@ -135,7 +125,7 @@ /* update IP ttl and stop searching. */ ipdata->ip_expiretime = max(ipdata->ip_expiretime, new_ipdata->ip_expiretime); break; - } else if (ipdata->ip_expiretime + Config.authenticateIpTTL < squid_curtime) { + } else if (ipdata->ip_expiretime + ::Config.authenticateIpTTL < squid_curtime) { /* This IP has expired - cleanup the destination list */ dlinkDelete(&ipdata->node, &ip_list); cbdataFree(ipdata); @@ -159,9 +149,9 @@ } } -AuthUser::~AuthUser() +Auth::User::~User() { - debugs(29, 5, "AuthUser::~AuthUser: Freeing auth_user '" << this << "'."); + debugs(29, 5, HERE << "Freeing auth_user '" << this << "'."); assert(RefCountCount() == 0); /* free cached acl results */ @@ -178,26 +168,26 @@ } void -AuthUser::cacheInit(void) +Auth::User::cacheInit(void) { if (!proxy_auth_username_cache) { /* First time around, 7921 should be big enough */ proxy_auth_username_cache = hash_create((HASHCMP *) strcmp, 7921, hash_string); assert(proxy_auth_username_cache); - eventAdd("User Cache Maintenance", cacheCleanup, NULL, Config.authenticateGCInterval, 1); + eventAdd("User Cache Maintenance", cacheCleanup, NULL, ::Config.authenticateGCInterval, 1); last_discard = squid_curtime; } } void -AuthUser::CachedACLsReset() +Auth::User::CachedACLsReset() { /* * This must complete all at once, because we are ensuring correctness. */ AuthUserHashPointer *usernamehash; - AuthUser::Pointer auth_user; - debugs(29, 3, "AuthUser::CachedACLsReset: Flushing the ACL caches for all users."); + Auth::User::Pointer auth_user; + debugs(29, 3, HERE << "Flushing the ACL caches for all users."); hash_first(proxy_auth_username_cache); while ((usernamehash = ((AuthUserHashPointer *) hash_next(proxy_auth_username_cache)))) { @@ -206,11 +196,11 @@ aclCacheMatchFlush(&auth_user->proxy_match_cache); } - debugs(29, 3, "AuthUser::CachedACLsReset: Finished."); + debugs(29, 3, HERE << "Finished."); } void -AuthUser::cacheCleanup(void *datanotused) +Auth::User::cacheCleanup(void *datanotused) { /* * We walk the hash by username as that is the unique key we use. @@ -218,10 +208,10 @@ * entries at a time. Lets see how it flys first. */ AuthUserHashPointer *usernamehash; - AuthUser::Pointer auth_user; + Auth::User::Pointer auth_user; char const *username = NULL; - debugs(29, 3, "AuthUser::cacheCleanup: Cleaning the user cache now"); - debugs(29, 3, "AuthUser::cacheCleanup: Current time: " << current_time.tv_sec); + debugs(29, 3, HERE << "Cleaning the user cache now"); + debugs(29, 3, HERE << "Current time: " << current_time.tv_sec); hash_first(proxy_auth_username_cache); while ((usernamehash = ((AuthUserHashPointer *) hash_next(proxy_auth_username_cache)))) { @@ -230,17 +220,17 @@ /* if we need to have indedendent expiry clauses, insert a module call * here */ - debugs(29, 4, "AuthUser::cacheCleanup: Cache entry:\n\tType: " << + debugs(29, 4, HERE << "Cache entry:\n\tType: " << auth_user->auth_type << "\n\tUsername: " << username << "\n\texpires: " << - (long int) (auth_user->expiretime + Config.authenticateTTL) << + (long int) (auth_user->expiretime + ::Config.authenticateTTL) << "\n\treferences: " << (long int) auth_user->RefCountCount()); - if (auth_user->expiretime + Config.authenticateTTL <= current_time.tv_sec) { - debugs(29, 5, "AuthUser::cacheCleanup: Removing user " << username << " from cache due to timeout."); + if (auth_user->expiretime + ::Config.authenticateTTL <= current_time.tv_sec) { + debugs(29, 5, HERE << "Removing user " << username << " from cache due to timeout."); /* Old credentials are always removed. Existing users must hold their own - * AuthUser::Pointer to the credentials. Cache exists only for finding + * Auth::User::Pointer to the credentials. Cache exists only for finding * and re-using current valid credentials. */ hash_remove_link(proxy_auth_username_cache, usernamehash); @@ -248,13 +238,13 @@ } } - debugs(29, 3, "AuthUser::cacheCleanup: Finished cleaning the user cache."); - eventAdd("User Cache Maintenance", cacheCleanup, NULL, Config.authenticateGCInterval, 1); + debugs(29, 3, HERE << "Finished cleaning the user cache."); + eventAdd("User Cache Maintenance", cacheCleanup, NULL, ::Config.authenticateGCInterval, 1); last_discard = squid_curtime; } void -AuthUser::clearIp() +Auth::User::clearIp() { AuthUserIP *ipdata, *tempnode; @@ -276,7 +266,7 @@ } void -AuthUser::removeIp(Ip::Address ipaddr) +Auth::User::removeIp(Ip::Address ipaddr) { AuthUserIP *ipdata = (AuthUserIP *) ip_list.head; @@ -299,7 +289,7 @@ } void -AuthUser::addIp(Ip::Address ipaddr) +Auth::User::addIp(Ip::Address ipaddr) { AuthUserIP *ipdata = (AuthUserIP *) ip_list.head; int found = 0; @@ -320,7 +310,7 @@ found = 1; /* update IP ttl */ ipdata->ip_expiretime = squid_curtime; - } else if (ipdata->ip_expiretime + Config.authenticateIpTTL < squid_curtime) { + } else if (ipdata->ip_expiretime + ::Config.authenticateIpTTL < squid_curtime) { /* This IP has expired - remove from the seen list */ dlinkDelete(&ipdata->node, &ip_list); cbdataFree(ipdata); @@ -346,14 +336,14 @@ ipcount++; - debugs(29, 2, "authenticateAuthUserAddIp: user '" << username() << "' has been seen at a new IP address (" << ipaddr << ")"); + debugs(29, 2, HERE << "user '" << username() << "' has been seen at a new IP address (" << ipaddr << ")"); } /** - * Add the AuthUser structure to the username cache. + * Add the Auth::User structure to the username cache. */ void -AuthUser::addToNameCache() +Auth::User::addToNameCache() { /* AuthUserHashPointer will self-register with the username cache */ new AuthUserHashPointer(this); @@ -363,13 +353,14 @@ * Dump the username cache statictics for viewing... */ void -AuthUser::UsernameCacheStats(StoreEntry *output) +Auth::User::UsernameCacheStats(StoreEntry *output) { AuthUserHashPointer *usernamehash; /* overview of username cache */ storeAppendPrintf(output, "Cached Usernames: %d of %d\n", proxy_auth_username_cache->count, proxy_auth_username_cache->size); - storeAppendPrintf(output, "Next Garbage Collection in %d seconds.\n", static_cast(last_discard + Config.authenticateGCInterval - squid_curtime)); + storeAppendPrintf(output, "Next Garbage Collection in %d seconds.\n", + static_cast(last_discard + ::Config.authenticateGCInterval - squid_curtime)); /* cache dump column titles */ storeAppendPrintf(output, "\n%-15s %-9s %-9s %-9s %s\n", @@ -382,13 +373,13 @@ hash_first(proxy_auth_username_cache); while ((usernamehash = ((AuthUserHashPointer *) hash_next(proxy_auth_username_cache)))) { - AuthUser::Pointer auth_user = usernamehash->user(); + Auth::User::Pointer auth_user = usernamehash->user(); storeAppendPrintf(output, "%-15s %-9s %-9d %-9d %s\n", Auth::Type_str[auth_user->auth_type], - CredentialsState_str[auth_user->credentials()], + CredentialState_str[auth_user->credentials()], auth_user->ttl(), - static_cast(auth_user->expiretime - squid_curtime + Config.authenticateTTL), + static_cast(auth_user->expiretime - squid_curtime + ::Config.authenticateTTL), auth_user->username() ); } diff -u -r -N squid-3.2.0.6/src/auth/User.cci squid-3.2.0.7/src/auth/User.cci --- squid-3.2.0.6/src/auth/User.cci 2011-04-04 14:42:49.000000000 +1200 +++ squid-3.2.0.7/src/auth/User.cci 2011-04-19 12:47:07.000000000 +1200 @@ -34,13 +34,13 @@ */ char const * -AuthUser::username () const +Auth::User::username () const { return username_; } void -AuthUser::username(char const *aString) +Auth::User::username(char const *aString) { if (aString) { assert(!username_); diff -u -r -N squid-3.2.0.6/src/auth/User.h squid-3.2.0.7/src/auth/User.h --- squid-3.2.0.6/src/auth/User.h 2011-04-04 14:42:49.000000000 +1200 +++ squid-3.2.0.7/src/auth/User.h 2011-04-19 12:47:07.000000000 +1200 @@ -31,20 +31,25 @@ * Copyright (c) 2003, Robert Collins */ -#ifndef SQUID_AUTHUSER_H -#define SQUID_AUTHUSER_H +#ifndef SQUID_AUTH_USER_H +#define SQUID_AUTH_USER_H #if USE_AUTH +#include "auth/CredentialState.h" #include "auth/Type.h" #include "dlink.h" #include "ip/Address.h" #include "RefCount.h" -class AuthConfig; class AuthUserHashPointer; class StoreEntry; +namespace Auth +{ + +class Config; + /** * \ingroup AuthAPI * This is the main user related structure. It stores user-related data, @@ -53,10 +58,10 @@ * structure is the cached ACL match results. This structure, is private to * the authentication framework. */ -class AuthUser : public RefCountable +class User : public RefCountable { public: - typedef RefCount Pointer; + typedef RefCount Pointer; /* extra fields for proxy_auth */ /* auth_type and auth_module are deprecated. Do Not add new users of these fields. @@ -65,18 +70,19 @@ /** \deprecated this determines what scheme owns the user data. */ Auth::Type auth_type; /** the config for this user */ - AuthConfig *config; + Auth::Config *config; /** we may have many proxy-authenticate strings that decode to the same user */ dlink_list proxy_auth_list; dlink_list proxy_match_cache; size_t ipcount; long expiretime; +public: static void cacheInit(); static void CachedACLsReset(); - void absorb(AuthUser::Pointer from); - virtual ~AuthUser(); + void absorb(Auth::User::Pointer from); + virtual ~User(); _SQUID_INLINE_ char const *username() const; _SQUID_INLINE_ void username(char const *); @@ -94,9 +100,8 @@ void addToNameCache(); static void UsernameCacheStats(StoreEntry * output); - enum CredentialsState { Unchecked, Ok, Pending, Handshake, Failed }; - CredentialsState credentials() const; - void credentials(CredentialsState); + CredentialState credentials() const; + void credentials(CredentialState); private: /** @@ -107,10 +112,10 @@ * Handshake happening in stateful auth. * Failed auth */ - CredentialsState credentials_state; + CredentialState credentials_state; protected: - AuthUser(AuthConfig *); + User(Auth::Config *); private: /** @@ -130,11 +135,11 @@ dlink_list ip_list; }; -extern const char *CredentialsState_str[]; +} // namespace Auth #if _USE_INLINE_ #include "auth/User.cci" #endif #endif /* USE_AUTH */ -#endif /* SQUID_AUTHUSER_H */ +#endif /* SQUID_AUTH_USER_H */ diff -u -r -N squid-3.2.0.6/src/auth/UserRequest.cc squid-3.2.0.7/src/auth/UserRequest.cc --- squid-3.2.0.6/src/auth/UserRequest.cc 2011-04-04 14:42:49.000000000 +1200 +++ squid-3.2.0.7/src/auth/UserRequest.cc 2011-04-19 12:47:07.000000000 +1200 @@ -80,17 +80,17 @@ debugs(29, 9, HERE << "Validating AuthUserRequest '" << this << "'."); if (user() == NULL) { - debugs(29, 4, HERE << "No associated AuthUser data"); + debugs(29, 4, HERE << "No associated Auth::User data"); return false; } if (user()->auth_type == Auth::AUTH_UNKNOWN) { - debugs(29, 4, HERE << "AuthUser '" << user() << "' uses unknown scheme."); + debugs(29, 4, HERE << "Auth::User '" << user() << "' uses unknown scheme."); return false; } if (user()->auth_type == Auth::AUTH_BROKEN) { - debugs(29, 4, HERE << "AuthUser '" << user() << "' is broken for it's scheme."); + debugs(29, 4, HERE << "Auth::User '" << user() << "' is broken for it's scheme."); return false; } @@ -161,7 +161,7 @@ static void authenticateAuthUserRequestSetIp(AuthUserRequest::Pointer auth_user_request, Ip::Address &ipaddr) { - AuthUser::Pointer auth_user = auth_user_request->user(); + Auth::User::Pointer auth_user = auth_user_request->user(); if (!auth_user) return; @@ -172,7 +172,7 @@ void authenticateAuthUserRequestRemoveIp(AuthUserRequest::Pointer auth_user_request, Ip::Address const &ipaddr) { - AuthUser::Pointer auth_user = auth_user_request->user(); + Auth::User::Pointer auth_user = auth_user_request->user(); if (!auth_user) return; @@ -346,7 +346,7 @@ debugs(29, 9, HERE << "This is a new checklist test on FD:" << (conn != NULL ? conn->fd : -1) ); if (proxy_auth && request->auth_user_request == NULL && conn != NULL && conn->auth_user_request != NULL) { - AuthConfig * scheme = AuthConfig::Find(proxy_auth); + Auth::Config * scheme = Auth::Config::Find(proxy_auth); if (conn->auth_user_request->user() == NULL || conn->auth_user_request->user()->config != scheme) { debugs(29, 1, "WARNING: Unexpected change of authentication scheme from '" << @@ -362,7 +362,7 @@ /* beginning of a new request check */ debugs(29, 4, HERE << "No connection authentication type"); - *auth_user_request = AuthConfig::CreateAuthUser(proxy_auth); + *auth_user_request = Auth::Config::CreateAuthUser(proxy_auth); if (*auth_user_request == NULL) return AUTH_ACL_CHALLENGE; else if (!(*auth_user_request)->valid()) { @@ -526,8 +526,8 @@ else { /* call each configured & running authscheme */ - for (Auth::authConfig::iterator i = Auth::TheConfig.begin(); i != Auth::TheConfig.end(); ++i) { - AuthConfig *scheme = *i; + for (Auth::ConfigVector::iterator i = Auth::TheConfig.begin(); i != Auth::TheConfig.end(); ++i) { + Auth::Config *scheme = *i; if (scheme->active()) scheme->fixHeader(NULL, rep, type, request); diff -u -r -N squid-3.2.0.6/src/auth/UserRequest.h squid-3.2.0.7/src/auth/UserRequest.h --- squid-3.2.0.6/src/auth/UserRequest.h 2011-04-04 14:42:49.000000000 +1200 +++ squid-3.2.0.7/src/auth/UserRequest.h 2011-04-19 12:47:07.000000000 +1200 @@ -78,7 +78,7 @@ * it has request specific data, and links to user specific data * the user */ - AuthUser::Pointer _auth_user; + Auth::User::Pointer _auth_user; /** * Used by squid to determine what the next step in performing authentication for a given scheme is. @@ -128,11 +128,11 @@ */ virtual void module_start(RH *handler, void *data) = 0; - virtual AuthUser::Pointer user() {return _auth_user;} + virtual Auth::User::Pointer user() {return _auth_user;} - virtual const AuthUser::Pointer user() const {return _auth_user;} + virtual const Auth::User::Pointer user() const {return _auth_user;} - virtual void user(AuthUser::Pointer aUser) {_auth_user=aUser;} + virtual void user(Auth::User::Pointer aUser) {_auth_user=aUser;} static AuthAclState tryToAuthenticateAndSetAuthUser(AuthUserRequest::Pointer *, http_hdr_type, HttpRequest *, ConnStateData *, Ip::Address &); static void addReplyAuthHeader(HttpReply * rep, AuthUserRequest::Pointer auth_user_request, HttpRequest * request, int accelerated, int internal); diff -u -r -N squid-3.2.0.6/src/AuthReg.cc squid-3.2.0.7/src/AuthReg.cc --- squid-3.2.0.6/src/AuthReg.cc 2011-04-04 14:42:49.000000000 +1200 +++ squid-3.2.0.7/src/AuthReg.cc 2011-04-19 12:47:07.000000000 +1200 @@ -2,9 +2,6 @@ #if USE_AUTH -#include "Debug.h" -#include "protos.h" - #if HAVE_AUTH_MODULE_BASIC #include "auth/basic/Scheme.h" #endif @@ -18,31 +15,34 @@ #include "auth/ntlm/Scheme.h" #endif +#include "Debug.h" +#include "protos.h" + /** * Initialize the authentication modules (if any) * This is required once, before any configuration actions are taken. */ void -InitAuthSchemes() +Auth::Init() { - debugs(29,1,"Initializing Authentication Schemes ..."); + debugs(29,DBG_IMPORTANT,"Startup: Initializing Authentication Schemes ..."); #if HAVE_AUTH_MODULE_BASIC static const char *basic_type = Auth::Basic::Scheme::GetInstance()->type(); - debugs(29,1,"Initialized Authentication Scheme '" << basic_type << "'"); + debugs(29,DBG_IMPORTANT,"Startup: Initialized Authentication Scheme '" << basic_type << "'"); #endif #if HAVE_AUTH_MODULE_DIGEST static const char *digest_type = Auth::Digest::Scheme::GetInstance()->type(); - debugs(29,1,"Initialized Authentication Scheme '" << digest_type << "'"); + debugs(29,DBG_IMPORTANT,"Startup: Initialized Authentication Scheme '" << digest_type << "'"); #endif #if HAVE_AUTH_MODULE_NEGOTIATE static const char *negotiate_type = Auth::Negotiate::Scheme::GetInstance()->type(); - debugs(29,1,"Initialized Authentication Scheme '" << negotiate_type << "'"); + debugs(29,DBG_IMPORTANT,"Startup: Initialized Authentication Scheme '" << negotiate_type << "'"); #endif #if HAVE_AUTH_MODULE_NTLM static const char *ntlm_type = Auth::Ntlm::Scheme::GetInstance()->type(); - debugs(29,1,"Initialized Authentication Scheme '" << ntlm_type << "'"); + debugs(29,DBG_IMPORTANT,"Startup: Initialized Authentication Scheme '" << ntlm_type << "'"); #endif - debugs(29,1,"Initializing Authentication Schemes Complete."); + debugs(29,DBG_IMPORTANT,"Startup: Initialized Authentication."); } #endif /* USE_AUTH */ diff -u -r -N squid-3.2.0.6/src/cache_cf.cc squid-3.2.0.7/src/cache_cf.cc --- squid-3.2.0.6/src/cache_cf.cc 2011-04-04 14:42:49.000000000 +1200 +++ squid-3.2.0.7/src/cache_cf.cc 2011-04-19 12:47:07.000000000 +1200 @@ -927,8 +927,8 @@ * state will be preserved. */ if (Config.onoff.pipeline_prefetch) { - AuthConfig *nego = AuthConfig::Find("Negotiate"); - AuthConfig *ntlm = AuthConfig::Find("NTLM"); + Auth::Config *nego = Auth::Config::Find("Negotiate"); + Auth::Config *ntlm = Auth::Config::Find("NTLM"); if ((nego && nego->active()) || (ntlm && ntlm->active())) { debugs(3, DBG_IMPORTANT, "WARNING: pipeline_prefetch breaks NTLM and Negotiate authentication. Forced OFF."); Config.onoff.pipeline_prefetch = 0; @@ -1835,7 +1835,7 @@ #if USE_AUTH static void -parse_authparam(Auth::authConfig * config) +parse_authparam(Auth::ConfigVector * config) { char *type_str; char *param_str; @@ -1847,7 +1847,7 @@ self_destruct(); /* find a configuration for the scheme in the currently parsed configs... */ - AuthConfig *schemeCfg = AuthConfig::Find(type_str); + Auth::Config *schemeCfg = Auth::Config::Find(type_str); if (schemeCfg == NULL) { /* Create a configuration based on the scheme info */ @@ -1859,7 +1859,7 @@ } config->push_back(theScheme->createConfig()); - schemeCfg = AuthConfig::Find(type_str); + schemeCfg = Auth::Config::Find(type_str); if (schemeCfg == NULL) { debugs(3, DBG_CRITICAL, "Parsing Config File: Corruption configuring authentication scheme '" << type_str << "'."); self_destruct(); @@ -1870,7 +1870,7 @@ } static void -free_authparam(Auth::authConfig * cfg) +free_authparam(Auth::ConfigVector * cfg) { /* Wipe the Auth globals and Detach/Destruct component config + state. */ cfg->clean(); @@ -1882,14 +1882,14 @@ /* on reconfigure initialize new auth schemes for the new config. */ if (reconfiguring) { - InitAuthSchemes(); + Auth::Init(); } } static void -dump_authparam(StoreEntry * entry, const char *name, authConfig cfg) +dump_authparam(StoreEntry * entry, const char *name, Auth::ConfigVector cfg) { - for (authConfig::iterator i = cfg.begin(); i != cfg.end(); ++i) + for (Auth::ConfigVector::iterator i = cfg.begin(); i != cfg.end(); ++i) (*i)->dump(entry, name, (*i)); } #endif /* USE_AUTH */ @@ -4027,10 +4027,13 @@ } if (stat(path, &sb) < 0) { + debugs(0, DBG_CRITICAL, (opt_parse_cfg_only?"FATAL ":"") << "ERROR: " << name << " " << path << ": " << xstrerror()); + // keep going to find more issues if we are only checking the config file with "-k parse" + if (opt_parse_cfg_only) + return; + // this is fatal if it is found during startup or reconfigure if (opt_send_signal == -1 || opt_send_signal == SIGHUP) fatalf("%s %s: %s", name, path, xstrerror()); - else - fprintf(stderr, "WARNING: %s %s: %s\n", name, path, xstrerror()); } } diff -u -r -N squid-3.2.0.6/src/cf.data.pre squid-3.2.0.7/src/cf.data.pre --- squid-3.2.0.6/src/cf.data.pre 2011-04-04 14:42:49.000000000 +1200 +++ squid-3.2.0.7/src/cf.data.pre 2011-04-19 12:47:07.000000000 +1200 @@ -4155,10 +4155,10 @@ DEFAULT: on LOC: Adaptation::Config::use_indirect_client DOC_START - Controls whether the indirect client address - (see follow_x_forwarded_for) instead of the - direct client address is passed to an ICAP - server as "X-Client-IP". + Controls whether the indirect client IP address (instead of the direct + client IP address) is passed to adaptation services. + + See also: follow_x_forwarded_for adaptation_send_client_ip DOC_END NAME: via @@ -4935,7 +4935,7 @@ For a class 5 delay pool: -delay_parameters pool tag +delay_parameters pool tagrate The variables here are: @@ -4943,19 +4943,19 @@ number specified in delay_pools as used in delay_class lines. - aggregate the "delay parameters" for the aggregate bucket + aggregate the speed limit parameters for the aggregate bucket (class 1, 2, 3). - individual the "delay parameters" for the individual + individual the speed limit parameters for the individual buckets (class 2, 3). - network the "delay parameters" for the network buckets + network the speed limit parameters for the network buckets (class 3). - user the delay parameters for the user buckets + user the speed limit parameters for the user buckets (class 4). - tag the delay parameters for the tag buckets + tagrate the speed limit parameters for the tag buckets (class 5). A pair of delay parameters is written restore/maximum, where restore is @@ -6427,7 +6427,11 @@ LOC: Adaptation::Config::send_client_ip DEFAULT: off DOC_START - This adds the header "X-Client-IP" to ICAP requests. + If enabled, Squid shares HTTP client IP information with adaptation + services. For ICAP, Squid adds the X-Client-IP header to ICAP requests. + For eCAP, Squid sets the libecap::metaClientIp transaction option. + + See also: adaptation_uses_indirect_client DOC_END NAME: adaptation_send_username icap_send_client_username diff -u -r -N squid-3.2.0.6/src/client_side.cc squid-3.2.0.7/src/client_side.cc --- squid-3.2.0.6/src/client_side.cc 2011-04-04 14:42:49.000000000 +1200 +++ squid-3.2.0.7/src/client_side.cc 2011-04-19 12:47:07.000000000 +1200 @@ -606,7 +606,11 @@ } #endif + // Adapted request, if any, inherits and then collects all the stats, but + // the virgin request gets logged instead; copy the stats to log them. + // TODO: avoid losses by keeping these stats in a shared history object? if (aLogEntry->request) { + aLogEntry->request->dnsWait = request->dnsWait; aLogEntry->request->errType = request->errType; aLogEntry->request->errDetail = request->errDetail; } @@ -759,7 +763,7 @@ { debugs(33, 2, "ConnStateData::swanSong: FD " << fd); fd = -1; - flags.readMoreRequests = false; + flags.readMore = false; clientdbEstablished(peer, -1); /* decrement */ assert(areAllContextsForThisConnection()); freeAllContexts(); @@ -1511,7 +1515,6 @@ ClientSocketContext::keepaliveNextRequest() { ConnStateData * conn = http->getConn(); - bool do_next_read = false; debugs(33, 3, "ClientSocketContext::keepaliveNextRequest: FD " << conn->fd); connIsFinished(); @@ -1532,7 +1535,7 @@ * from our read buffer we may never re-register for another client read. */ - if (conn->clientParseRequest(do_next_read)) { + if (conn->clientParseRequests()) { debugs(33, 3, "clientSocketContext::keepaliveNextRequest: FD " << conn->fd << ": parsed next request from buffer"); } @@ -1562,9 +1565,12 @@ if ((deferredRequest = conn->getCurrentContext()).getRaw()) { debugs(33, 3, "ClientSocketContext:: FD " << conn->fd << ": calling PushDeferredIfNeeded"); ClientSocketContextPushDeferredIfNeeded(deferredRequest, conn); - } else { + } else if (conn->flags.readMore) { debugs(33, 3, "ClientSocketContext:: FD " << conn->fd << ": calling conn->readNextRequest()"); conn->readNextRequest(); + } else { + // XXX: Can this happen? CONNECT tunnels have deferredRequest set. + debugs(33, DBG_IMPORTANT, HERE << "abandoning FD " << conn->fd); } } @@ -2393,16 +2399,7 @@ } void -ConnStateData::clientMaybeReadData(int do_next_read) -{ - if (do_next_read) { - flags.readMoreRequests = true; - readSomeData(); - } -} - -void -ConnStateData::clientAfterReadingRequests(int do_next_read) +ConnStateData::clientAfterReadingRequests() { // Were we expecting to read more request body from half-closed connection? if (mayNeedToReadMoreBody() && commIsHalfClosed(fd)) { @@ -2411,7 +2408,8 @@ return; } - clientMaybeReadData (do_next_read); + if (flags.readMore) + readSomeData(); } static void @@ -2448,7 +2446,7 @@ } assert(context->http->out.offset == 0); context->pullData(); - conn->flags.readMoreRequests = false; + conn->flags.readMore = false; goto finish; } @@ -2462,7 +2460,7 @@ repContext->setReplyToError(ERR_INVALID_URL, HTTP_BAD_REQUEST, method, http->uri, conn->peer, NULL, NULL, NULL); assert(context->http->out.offset == 0); context->pullData(); - conn->flags.readMoreRequests = false; + conn->flags.readMore = false; goto finish; } @@ -2481,7 +2479,7 @@ repContext->setReplyToError(ERR_UNSUP_HTTPVERSION, HTTP_HTTP_VERSION_NOT_SUPPORTED, method, http->uri, conn->peer, NULL, HttpParserHdrBuf(hp), NULL); assert(context->http->out.offset == 0); context->pullData(); - conn->flags.readMoreRequests = false; + conn->flags.readMore = false; goto finish; } @@ -2498,7 +2496,7 @@ repContext->setReplyToError(ERR_INVALID_REQ, HTTP_BAD_REQUEST, method, http->uri, conn->peer, NULL, NULL, NULL); assert(context->http->out.offset == 0); context->pullData(); - conn->flags.readMoreRequests = false; + conn->flags.readMore = false; goto finish; } @@ -2566,7 +2564,7 @@ conn->peer, request, NULL, NULL); assert(context->http->out.offset == 0); context->pullData(); - conn->flags.readMoreRequests = false; + conn->flags.readMore = false; goto finish; } @@ -2580,7 +2578,7 @@ conn->peer, request, NULL, NULL); assert(context->http->out.offset == 0); context->pullData(); - conn->flags.readMoreRequests = false; + conn->flags.readMore = false; goto finish; } @@ -2595,6 +2593,7 @@ http->uri, conn->peer, request, NULL, NULL); assert(context->http->out.offset == 0); context->pullData(); + conn->flags.readMore = false; goto finish; } } @@ -2602,9 +2601,11 @@ http->request = HTTPMSGLOCK(request); clientSetKeepaliveFlag(http); - /* If this is a CONNECT, don't schedule a read - ssl.c will handle it */ - if (http->request->method == METHOD_CONNECT) + // Let tunneling code be fully responsible for CONNECT requests + if (http->request->method == METHOD_CONNECT) { context->mayUseConnection(true); + conn->flags.readMore = false; + } /* Do we expect a request-body? */ expectBody = chunked || request->content_length > 0; @@ -2627,6 +2628,7 @@ conn->peer, http->request, NULL, NULL); assert(context->http->out.offset == 0); context->pullData(); + conn->flags.readMore = false; goto finish; } @@ -2635,10 +2637,11 @@ if (!conn->handleRequestBodyData()) goto finish; - if (!request->body_pipe->productionEnded()) - conn->readSomeData(); - - context->mayUseConnection(!request->body_pipe->productionEnded()); + if (!request->body_pipe->productionEnded()) { + debugs(33, 5, HERE << "need more request body"); + context->mayUseConnection(true); + assert(conn->flags.readMore); + } } http->calloutContext = new ClientRequestContext(http); @@ -2658,7 +2661,7 @@ */ if (http->request->flags.resetTCP() && conn->fd > -1) { debugs(33, 3, HERE << "Sending TCP RST on FD " << conn->fd); - conn->flags.readMoreRequests = false; + conn->flags.readMore = false; comm_reset_close(conn->fd); return; } @@ -2692,11 +2695,9 @@ * Attempt to parse one or more requests from the input buffer. * If a request is successfully parsed, even if the next request * is only partially parsed, it will return TRUE. - * do_next_read is updated to indicate whether a read should be - * scheduled. */ bool -ConnStateData::clientParseRequest(bool &do_next_read) +ConnStateData::clientParseRequests() { HttpRequestMethod method; bool parsed_req = false; @@ -2705,8 +2706,8 @@ debugs(33, 5, HERE << "FD " << fd << ": attempting to parse"); // Loop while we have read bytes that are not needed for producing the body - // On errors, bodyPipe may become nil, but readMoreRequests will be cleared - while (in.notYetUsed > 0 && !bodyPipe && flags.readMoreRequests) { + // On errors, bodyPipe may become nil, but readMore will be cleared + while (in.notYetUsed > 0 && !bodyPipe && flags.readMore) { connStripBufferWhitespace(this); /* Don't try to parse if the buffer is empty */ @@ -2749,8 +2750,8 @@ parsed_req = true; // XXX: do we really need to parse everything right NOW ? if (context->mayUseConnection()) { - debugs(33, 3, HERE << "Not reading, as this request may need the connection"); - return false; + debugs(33, 3, HERE << "Not parsing new requests, as this request may need the connection"); + break; } } } @@ -2765,7 +2766,6 @@ debugs(33,5,HERE << "clientReadRequest FD " << io.fd << " size " << io.size); Must(reading()); reader = NULL; - bool do_next_read = 1; /* the default _is_ to read data! - adrian */ assert (io.fd == fd); @@ -2810,8 +2810,6 @@ commMarkHalfClosed(fd); - do_next_read = 0; - fd_note(fd, "half-closed"); /* There is one more close check at the end, to detect aborted @@ -2826,7 +2824,7 @@ if (getConcurrentRequestCount() == 0) fd_note(fd, "Reading next request"); - if (!clientParseRequest(do_next_read)) { + if (!clientParseRequests()) { if (!isOpen()) return; /* @@ -2847,7 +2845,7 @@ if (!isOpen()) return; - clientAfterReadingRequests(do_next_read); + clientAfterReadingRequests(); } /** @@ -2998,7 +2996,7 @@ debugs(33, 3, HERE << "aborting chunked request without error " << error); comm_reset_close(fd); #endif - flags.readMoreRequests = false; + flags.readMore = false; } void @@ -3142,7 +3140,7 @@ } - result->flags.readMoreRequests = true; + result->flags.readMore = true; return result; } diff -u -r -N squid-3.2.0.6/src/client_side.h squid-3.2.0.7/src/client_side.h --- squid-3.2.0.6/src/client_side.h 2011-04-04 14:42:49.000000000 +1200 +++ squid-3.2.0.7/src/client_side.h 2011-04-19 12:47:07.000000000 +1200 @@ -152,7 +152,7 @@ void freeAllContexts(); void notifyAllContexts(const int xerrno); ///< tell everybody about the err /// Traffic parsing - bool clientParseRequest(bool &do_next_read); + bool clientParseRequests(); void readNextRequest(); bool maybeMakeSpaceAvailable(); ClientSocketContext::Pointer getCurrentContext() const; @@ -213,7 +213,7 @@ #endif struct { - bool readMoreRequests; + bool readMore; ///< needs comm_read (for this request or new requests) bool swanSang; // XXX: temporary flag to check proper cleanup } flags; struct { @@ -306,8 +306,7 @@ private: int connReadWasError(comm_err_t flag, int size, int xerrno); int connFinishedWithConn(int size); - void clientMaybeReadData(int do_next_read); - void clientAfterReadingRequests(int do_next_read); + void clientAfterReadingRequests(); private: HttpParser parser_; diff -u -r -N squid-3.2.0.6/src/comm/ModPoll.cc squid-3.2.0.7/src/comm/ModPoll.cc --- squid-3.2.0.6/src/comm/ModPoll.cc 2011-04-04 14:42:49.000000000 +1200 +++ squid-3.2.0.7/src/comm/ModPoll.cc 2011-04-19 12:47:07.000000000 +1200 @@ -414,7 +414,7 @@ * Note that this will only ever trigger when there are no log files * and stdout/err/in are all closed too. */ - if (nfds == 0 && !npending) { + if (nfds == 0 && npending == 0) { if (shutting_down) return COMM_SHUTDOWN; else @@ -428,7 +428,7 @@ ++statCounter.select_loops; PROF_stop(comm_poll_normal); - if (num >= 0 || npending >= 0) + if (num >= 0 || npending > 0) break; if (ignoreErrno(errno)) diff -u -r -N squid-3.2.0.6/src/DelayUser.cc squid-3.2.0.7/src/DelayUser.cc --- squid-3.2.0.6/src/DelayUser.cc 2011-04-04 14:42:49.000000000 +1200 +++ squid-3.2.0.7/src/DelayUser.cc 2011-04-19 12:47:07.000000000 +1200 @@ -186,7 +186,7 @@ ::operator delete(address); } -DelayUserBucket::DelayUserBucket(AuthUser::Pointer aUser) : authUser(aUser) +DelayUserBucket::DelayUserBucket(Auth::User::Pointer aUser) : authUser(aUser) { debugs(77, 3, "DelayUserBucket::DelayUserBucket"); } @@ -204,7 +204,7 @@ theBucket.stats(entry); } -DelayUser::Id::Id(DelayUser::Pointer aDelayUser, AuthUser::Pointer aUser) : theUser(aDelayUser) +DelayUser::Id::Id(DelayUser::Pointer aDelayUser, Auth::User::Pointer aUser) : theUser(aDelayUser) { theBucket = new DelayUserBucket(aUser); DelayUserBucket::Pointer const *existing = theUser->buckets.find(theBucket, DelayUserCmp); diff -u -r -N squid-3.2.0.6/src/DelayUser.h squid-3.2.0.7/src/DelayUser.h --- squid-3.2.0.6/src/DelayUser.h 2011-04-04 14:42:49.000000000 +1200 +++ squid-3.2.0.7/src/DelayUser.h 2011-04-19 12:47:07.000000000 +1200 @@ -58,10 +58,10 @@ void operator delete (void *); void stats(StoreEntry *)const; - DelayUserBucket(AuthUser::Pointer); + DelayUserBucket(Auth::User::Pointer); ~DelayUserBucket(); DelayBucket theBucket; - AuthUser::Pointer authUser; + Auth::User::Pointer authUser; }; /// \ingroup DelayPoolsAPI @@ -90,7 +90,7 @@ public: void *operator new(size_t); void operator delete (void *); - Id(RefCount, AuthUser::Pointer); + Id(RefCount, Auth::User::Pointer); ~Id(); virtual int bytesWanted (int min, int max) const; virtual void bytesIn(int qty); diff -u -r -N squid-3.2.0.6/src/DiskIO/AIO/async_io.h squid-3.2.0.7/src/DiskIO/AIO/async_io.h --- squid-3.2.0.6/src/DiskIO/AIO/async_io.h 2011-04-04 14:42:49.000000000 +1200 +++ squid-3.2.0.7/src/DiskIO/AIO/async_io.h 2011-04-19 12:47:07.000000000 +1200 @@ -32,7 +32,6 @@ AQ_ENTRY_WRITE } async_queue_entry_type_t; - typedef struct _async_queue_entry async_queue_entry_t; typedef struct _async_queue async_queue_t; @@ -45,7 +44,12 @@ async_queue_entry_state_t aq_e_state; async_queue_entry_type_t aq_e_type; + /* 64-bit environments with non-GCC complain about the type mismatch on Linux */ +#if defined(__USE_FILE_OFFSET64) && !defined(__GNUC__) + struct aiocb64 aq_e_aiocb; +#else struct aiocb aq_e_aiocb; +#endif AIODiskFile *theFile; void *aq_e_callback_data; FREE *aq_e_free; diff -u -r -N squid-3.2.0.6/src/fs/ufs/store_dir_ufs.cc squid-3.2.0.7/src/fs/ufs/store_dir_ufs.cc --- squid-3.2.0.6/src/fs/ufs/store_dir_ufs.cc 2011-04-04 14:42:49.000000000 +1200 +++ squid-3.2.0.7/src/fs/ufs/store_dir_ufs.cc 2011-04-19 12:47:07.000000000 +1200 @@ -1063,7 +1063,6 @@ { DIR *dir_pointer = NULL; - struct dirent *de = NULL; LOCAL_ARRAY(char, p1, MAXPATHLEN + 1); LOCAL_ARRAY(char, p2, MAXPATHLEN + 1); @@ -1107,6 +1106,7 @@ return 0; } + dirent_t *de; while ((de = readdir(dir_pointer)) != NULL && k < 20) { if (sscanf(de->d_name, "%X", &swapfileno) != 1) continue; diff -u -r -N squid-3.2.0.6/src/fs/ufs/ufscommon.h squid-3.2.0.7/src/fs/ufs/ufscommon.h --- squid-3.2.0.6/src/fs/ufs/ufscommon.h 2011-04-04 14:42:49.000000000 +1200 +++ squid-3.2.0.7/src/fs/ufs/ufscommon.h 2011-04-19 12:47:07.000000000 +1200 @@ -399,7 +399,7 @@ int done; int fn; - struct dirent *entry; + dirent_t *entry; DIR *td; char fullpath[MAXPATHLEN]; char fullfilename[MAXPATHLEN]; diff -u -r -N squid-3.2.0.6/src/http.cc squid-3.2.0.7/src/http.cc --- squid-3.2.0.6/src/http.cc 2011-04-04 14:42:49.000000000 +1200 +++ squid-3.2.0.7/src/http.cc 2011-04-19 12:47:07.000000000 +1200 @@ -1966,6 +1966,13 @@ case HDR_PROXY_CONNECTION: // SHOULD ignore. But doing so breaks things. break; + case HDR_CONTENT_LENGTH: + // pass through unless we chunk; also, keeping this away from default + // prevents request smuggling via Connection: Content-Length tricks + if (!flags.chunked_request) + hdr_out->addEntry(e->clone()); + break; + case HDR_X_FORWARDED_FOR: case HDR_CACHE_CONTROL: @@ -2088,8 +2095,8 @@ Dialer, this, HttpStateData::sentRequestBody); Must(!flags.chunked_request); - // Preserve original chunked encoding unless we learned the length. - if (orig_request->header.chunked() && orig_request->content_length < 0) + // use chunked encoding if we do not know the length + if (orig_request->content_length < 0) flags.chunked_request = 1; } else { assert(!requestBodySource); diff -u -r -N squid-3.2.0.6/src/main.cc squid-3.2.0.7/src/main.cc --- squid-3.2.0.6/src/main.cc 2011-04-04 14:42:49.000000000 +1200 +++ squid-3.2.0.7/src/main.cc 2011-04-19 12:47:07.000000000 +1200 @@ -1368,7 +1368,7 @@ /* we may want the parsing process to set this up in the future */ Store::Root(new StoreController); #if USE_AUTH - InitAuthSchemes(); /* required for config parsing */ + Auth::Init(); /* required for config parsing */ #endif Ip::ProbeTransport(); // determine IPv4 or IPv6 capabilities before parsing. diff -u -r -N squid-3.2.0.6/src/Makefile.am squid-3.2.0.7/src/Makefile.am --- squid-3.2.0.6/src/Makefile.am 2011-04-04 14:42:49.000000000 +1200 +++ squid-3.2.0.7/src/Makefile.am 2011-04-19 12:47:07.000000000 +1200 @@ -820,7 +820,7 @@ DEFAULT_UNLINKD = $(libexecdir)/`echo unlinkd | sed '$(transform);s/$$/$(EXEEXT)/'` DEFAULT_LOGFILED = $(libexecdir)/`echo log_file_daemon | sed '$(transform);s/$$/$(EXEEXT)/'` DEFAULT_DISKD = $(libexecdir)/`echo diskd | sed '$(transform);s/$$/$(EXEEXT)/'` -DEFAULT_ICON_DIR = $(localstatedir)/www/squid/icons +DEFAULT_ICON_DIR = $(datadir)/icons DEFAULT_ERROR_DIR = $(datadir)/errors # Make location configure settings available to the code @@ -913,19 +913,7 @@ EXTRA_DIST += squid.8.in CLEANFILES += squid.8 -## check for existing Squid icons (used to be $datadir/icons). -## move them into the new icons location so we dont break anyones existing mime.conf -mimeconf-Upgrade-Shuffle: - @if test -d $(DESTDIR)$(datadir)/icons; then \ - mv $(DESTDIR)$(datadir)/icons/* $(DESTDIR)$(DEFAULT_ICON_DIR)/; \ - $(RM) -r $(DESTDIR)$(datadir)/icons; \ - echo "NOTICE: "; \ - echo "NOTICE: The Squid icons have been upgraded. Please update your $(DESTDIR)$(DEFAULT_MIME_TABLE)." ; \ - echo "NOTICE: $(DESTDIR)$(DEFAULT_MIME_TABLE).default contains the new icon configuration." ; \ - echo "NOTICE: "; \ - fi - -install-data-local: install-sysconfDATA install-dataDATA mimeconf-Upgrade-Shuffle +install-data-local: install-sysconfDATA install-dataDATA @if test -f $(DESTDIR)$(DEFAULT_MIME_TABLE) ; then \ echo "$@ will not overwrite existing $(DESTDIR)$(DEFAULT_MIME_TABLE)" ; \ else \ diff -u -r -N squid-3.2.0.6/src/Makefile.in squid-3.2.0.7/src/Makefile.in --- squid-3.2.0.6/src/Makefile.in 2011-04-04 14:43:41.000000000 +1200 +++ squid-3.2.0.7/src/Makefile.in 2011-04-19 12:48:07.000000000 +1200 @@ -2289,7 +2289,7 @@ DEFAULT_UNLINKD = $(libexecdir)/`echo unlinkd | sed '$(transform);s/$$/$(EXEEXT)/'` DEFAULT_LOGFILED = $(libexecdir)/`echo log_file_daemon | sed '$(transform);s/$$/$(EXEEXT)/'` DEFAULT_DISKD = $(libexecdir)/`echo diskd | sed '$(transform);s/$$/$(EXEEXT)/'` -DEFAULT_ICON_DIR = $(localstatedir)/www/squid/icons +DEFAULT_ICON_DIR = $(datadir)/icons DEFAULT_ERROR_DIR = $(datadir)/errors SUBSTITUTE = sed "\ s%@DEFAULT_ERROR_DIR@%$(DEFAULT_ERROR_DIR)%g;\ @@ -5719,17 +5719,7 @@ squid.8: $(srcdir)/squid.8.in Makefile $(SUBSTITUTE) < $(srcdir)/squid.8.in > $@ -mimeconf-Upgrade-Shuffle: - @if test -d $(DESTDIR)$(datadir)/icons; then \ - mv $(DESTDIR)$(datadir)/icons/* $(DESTDIR)$(DEFAULT_ICON_DIR)/; \ - $(RM) -r $(DESTDIR)$(datadir)/icons; \ - echo "NOTICE: "; \ - echo "NOTICE: The Squid icons have been upgraded. Please update your $(DESTDIR)$(DEFAULT_MIME_TABLE)." ; \ - echo "NOTICE: $(DESTDIR)$(DEFAULT_MIME_TABLE).default contains the new icon configuration." ; \ - echo "NOTICE: "; \ - fi - -install-data-local: install-sysconfDATA install-dataDATA mimeconf-Upgrade-Shuffle +install-data-local: install-sysconfDATA install-dataDATA @if test -f $(DESTDIR)$(DEFAULT_MIME_TABLE) ; then \ echo "$@ will not overwrite existing $(DESTDIR)$(DEFAULT_MIME_TABLE)" ; \ else \ diff -u -r -N squid-3.2.0.6/src/MemBlob.cc squid-3.2.0.7/src/MemBlob.cc --- squid-3.2.0.6/src/MemBlob.cc 2011-04-04 14:42:49.000000000 +1200 +++ squid-3.2.0.7/src/MemBlob.cc 2011-04-19 12:47:07.000000000 +1200 @@ -32,16 +32,14 @@ #include "config.h" #include "base/TextException.h" #include "Debug.h" +#include "Mem.h" #include "MemBlob.h" +#include "protos.h" + #if HAVE_IOSTREAM #include #endif -#define MEMBLOB_USES_MEM_POOLS 0 - -#if MEMBLOB_USES_MEM_POOLS -#include "protos.h" -#endif MemBlobStats MemBlob::Stats; InstanceIdDefinitions(MemBlob, "blob"); @@ -90,13 +88,8 @@ MemBlob::~MemBlob() { -#if MEMBLOB_USES_MEM_POOLS - //no mempools for now - // \todo reinstate mempools use - memFreeString(capacity,mem); -#else - xfree(mem); -#endif + if (mem || capacity) + memFreeString(capacity,mem); Stats.liveBytes -= capacity; --Stats.live; @@ -106,45 +99,16 @@ << " size=" << size); } -/** - * Given the requested minimum size, return a rounded allocation size - * for the backing store. - * This is a stopgap call, this job is eventually expected to be handled - * by MemPools via memAllocString. - */ -MemBlob::size_type -MemBlob::calcAllocSize(const size_type sz) const -{ - if (sz <= 36) return 36; - if (sz <= 128) return 128; - if (sz <= 512) return 512; - if (sz <= 4096) return RoundTo(sz, 512); - // XXX: recover squidSystemPageSize functionality. It's easy for - // the main squid, harder for tests -#if 0 - return RoundTo(sz, squidSystemPageSize); -#else - return RoundTo(sz, 4096); -#endif -} - /** Allocate an available space area of at least minSize bytes in size. * Must be called by constructors and only by constructors. */ void MemBlob::memAlloc(const size_type minSize) { - size_t actualAlloc = calcAllocSize(minSize); + size_t actualAlloc = minSize; Must(!mem); -#if MEMBLOB_USES_MEM_POOLS - // XXX: for now, do without mempools. In order to do it, MemPools - // need to be singletons so that initialization order can be enforced - mem = static_cast(memAllocString(minSize, &actualAlloc)); -#else - // \todo reinstate mempools use - mem = static_cast(xmalloc(actualAlloc)); -#endif + mem = static_cast(memAllocString(actualAlloc, &actualAlloc)); Must(mem); capacity = actualAlloc; diff -u -r -N squid-3.2.0.6/src/MemBlob.h squid-3.2.0.7/src/MemBlob.h --- squid-3.2.0.6/src/MemBlob.h 2011-04-04 14:42:49.000000000 +1200 +++ squid-3.2.0.7/src/MemBlob.h 2011-04-19 12:47:07.000000000 +1200 @@ -122,7 +122,6 @@ static MemBlobStats Stats; ///< class-wide statistics void memAlloc(const size_type memSize); - size_type calcAllocSize(const size_type minSize) const; /// whether the offset points to the end of the used area bool isAppendOffset(const size_type off) const { return off == size; } diff -u -r -N squid-3.2.0.6/src/mem.cc squid-3.2.0.7/src/mem.cc --- squid-3.2.0.6/src/mem.cc 2011-04-04 14:42:49.000000000 +1200 +++ squid-3.2.0.7/src/mem.cc 2011-04-19 12:47:07.000000000 +1200 @@ -61,8 +61,15 @@ static double xm_time = 0; static double xm_deltat = 0; +/* all pools are ready to be used */ +static bool MemIsInitialized = false; + /* string pools */ -#define mem_str_pool_count 3 +#define mem_str_pool_count 6 + +// 4 bytes bigger than the biggest string pool size +// which is in turn calculated from SmallestStringBeforeMemIsInitialized +static const size_t SmallestStringBeforeMemIsInitialized = 1024*16+4; static const struct { const char *name; @@ -78,8 +85,18 @@ "Medium Strings", MemAllocator::RoundedSize(128), }, /* to fit most urls */ { - "Long Strings", MemAllocator::RoundedSize(512) - } /* other */ + "Long Strings", MemAllocator::RoundedSize(512), + }, + { + "1KB Strings", MemAllocator::RoundedSize(1024), + }, + { + "4KB Strings", MemAllocator::RoundedSize(4*1024), + }, + { + "16KB Strings", + MemAllocator::RoundedSize(SmallestStringBeforeMemIsInitialized-4) + } }; static struct { @@ -190,14 +207,20 @@ MemPools[type]->freeOne(p); } -/* allocate a variable size buffer using best-fit pool */ +/* allocate a variable size buffer using best-fit string pool */ void * memAllocString(size_t net_size, size_t * gross_size) { - int i; MemAllocator *pool = NULL; assert(gross_size); + // if pools are not yet ready, make sure that + // the requested size is not poolable so that the right deallocator + // will be used + if (!MemIsInitialized && net_size < SmallestStringBeforeMemIsInitialized) + net_size = SmallestStringBeforeMemIsInitialized; + + unsigned int i; for (i = 0; i < mem_str_pool_count; ++i) { if (net_size <= StrPoolsAttrs[i].obj_size) { pool = StrPools[i].pool; @@ -207,6 +230,7 @@ *gross_size = pool ? StrPoolsAttrs[i].obj_size : net_size; assert(*gross_size >= net_size); + // may forget [de]allocations until MemIsInitialized memMeterInc(StrCountMeter); memMeterAdd(StrVolumeMeter, *gross_size); return pool ? pool->alloc() : xcalloc(1, net_size); @@ -228,18 +252,20 @@ void memFreeString(size_t size, void *buf) { - int i; MemAllocator *pool = NULL; - assert(size && buf); + assert(buf); - for (i = 0; i < mem_str_pool_count; ++i) { - if (size <= StrPoolsAttrs[i].obj_size) { - assert(size == StrPoolsAttrs[i].obj_size); - pool = StrPools[i].pool; - break; + if (MemIsInitialized) { + for (unsigned int i = 0; i < mem_str_pool_count; ++i) { + if (size <= StrPoolsAttrs[i].obj_size) { + assert(size == StrPoolsAttrs[i].obj_size); + pool = StrPools[i].pool; + break; + } } } + // may forget [de]allocations until MemIsInitialized memMeterDec(StrCountMeter); memMeterDel(StrVolumeMeter, size); pool ? pool->freeOne(buf) : xfree(buf); @@ -438,6 +464,7 @@ debugs(13, 1, "Notice: " << StrPoolsAttrs[i].name << " is " << StrPools[i].pool->objectSize() << " bytes instead of requested " << StrPoolsAttrs[i].obj_size << " bytes"); } + MemIsInitialized = true; /** \par * finally register with the cache manager */ RegisterWithCacheManager(); diff -u -r -N squid-3.2.0.6/src/mk-string-arrays.awk squid-3.2.0.7/src/mk-string-arrays.awk --- squid-3.2.0.6/src/mk-string-arrays.awk 2011-04-04 14:42:49.000000000 +1200 +++ squid-3.2.0.7/src/mk-string-arrays.awk 2011-04-19 12:47:07.000000000 +1200 @@ -37,6 +37,13 @@ next } +/^#/ { + if (codeSkip) next + + Wrapper[++e] = $0 + next +} + /^} / { split($2, t, ";") # remove ; type = t[1] @@ -50,7 +57,9 @@ print "\nconst char *" type "_str[] = {" for ( i = 1; i < e; ++i) - print "\t\"" Element[i] "\"," + if (Wrapper[i]) print Wrapper[i] + else print "\t\"" Element[i] "\"," + print "\t\"" Element[i] "\"" print "};" if (namespace) print "}; // namespace " namespace diff -u -r -N squid-3.2.0.6/src/protos.h squid-3.2.0.7/src/protos.h --- squid-3.2.0.6/src/protos.h 2011-04-04 14:42:49.000000000 +1200 +++ squid-3.2.0.7/src/protos.h 2011-04-19 12:47:07.000000000 +1200 @@ -804,8 +804,11 @@ SQUIDCEXTERN char *peer_proxy_negotiate_auth(char *principal_name, char *proxy); #endif - /* call to ensure the auth component schemes exist. */ - SQUIDCEXTERN void InitAuthSchemes(void); + namespace Auth { + /* call to ensure the auth component schemes exist. */ + extern void Init(void); + } // namespace Auth + #endif /* USE_AUTH */ #endif /* SQUID_PROTOS_H */ diff -u -r -N squid-3.2.0.6/src/stat.cc squid-3.2.0.7/src/stat.cc --- squid-3.2.0.6/src/stat.cc 2011-04-04 14:42:49.000000000 +1200 +++ squid-3.2.0.7/src/stat.cc 2011-04-19 12:47:07.000000000 +1200 @@ -1376,7 +1376,7 @@ #if USE_AUTH Mgr::RegisterAction("username_cache", "Active Cached Usernames", - AuthUser::UsernameCacheStats, 0, 1); + Auth::User::UsernameCacheStats, 0, 1); #endif #if DEBUG_OPENFD Mgr::RegisterAction("openfd_objects", "Objects with Swapout files open", diff -u -r -N squid-3.2.0.6/src/tests/testAuth.cc squid-3.2.0.7/src/tests/testAuth.cc --- squid-3.2.0.6/src/tests/testAuth.cc 2011-04-04 14:42:49.000000000 +1200 +++ squid-3.2.0.7/src/tests/testAuth.cc 2011-04-19 12:47:07.000000000 +1200 @@ -59,12 +59,12 @@ } static -AuthConfig * +Auth::Config * getConfig(char const *type_str) { - Auth::authConfig &config = Auth::TheConfig; + Auth::ConfigVector &config = Auth::TheConfig; /* find a configuration for the scheme */ - AuthConfig *scheme = AuthConfig::Find(type_str); + Auth::Config *scheme = Auth::Config::Find(type_str); if (scheme == NULL) { /* Create a configuration */ @@ -85,9 +85,9 @@ static void -setup_scheme(AuthConfig *scheme, char const **params, unsigned param_count) +setup_scheme(Auth::Config *scheme, char const **params, unsigned param_count) { - Auth::authConfig &config = Auth::TheConfig; + Auth::ConfigVector &config = Auth::TheConfig; for (unsigned position=0; position < param_count; position++) { char *param_str=xstrdup(params[position]); @@ -107,7 +107,7 @@ Mem::Init(); - Auth::authConfig &config = Auth::TheConfig; + Auth::ConfigVector &config = Auth::TheConfig; char const *digest_parms[]= {"program /home/robertc/install/squid/libexec/digest_pw_auth /home/robertc/install/squid/etc/digest.pwd", "realm foo" @@ -134,7 +134,7 @@ }; for (unsigned scheme=0; scheme < 4; scheme++) { - AuthConfig *schemeConfig; + Auth::Config *schemeConfig; schemeConfig = getConfig(params[scheme].name); if (schemeConfig != NULL) setup_scheme(schemeConfig, params[scheme].params, @@ -149,7 +149,7 @@ setup=true; } -/* AuthConfig::CreateAuthUser works for all +/* Auth::Config::CreateAuthUser works for all * authentication types */ void @@ -159,7 +159,7 @@ fake_auth_setup(); for (Auth::Scheme::iterator i = Auth::Scheme::GetSchemes().begin(); i != Auth::Scheme::GetSchemes().end(); ++i) { - AuthUserRequest::Pointer authRequest = AuthConfig::CreateAuthUser(find_proxy_auth((*i)->type())); + AuthUserRequest::Pointer authRequest = Auth::Config::CreateAuthUser(find_proxy_auth((*i)->type())); CPPUNIT_ASSERT(authRequest != NULL); } } @@ -180,14 +180,14 @@ for (Auth::Scheme::iterator i = Auth::Scheme::GetSchemes().begin(); i != Auth::Scheme::GetSchemes().end(); ++i) { // create a user request // check its scheme matches *i - AuthUserRequest::Pointer authRequest = AuthConfig::CreateAuthUser(find_proxy_auth((*i)->type())); + AuthUserRequest::Pointer authRequest = Auth::Config::CreateAuthUser(find_proxy_auth((*i)->type())); CPPUNIT_ASSERT_EQUAL(authRequest->scheme(), *i); } } #if HAVE_AUTH_MODULE_BASIC +#include "auth/basic/User.h" #include "auth/basic/UserRequest.h" -#include "auth/basic/auth_basic.h" /* AuthBasicUserRequest::AuthBasicUserRequest works */ void @@ -202,7 +202,7 @@ testAuthBasicUserRequest::username() { AuthUserRequest::Pointer temp = new AuthBasicUserRequest(); - BasicUser *basic_auth=new BasicUser(AuthConfig::Find("basic")); + Auth::Basic::User *basic_auth=new Auth::Basic::User(Auth::Config::Find("basic")); basic_auth->username("John"); temp->user(basic_auth); CPPUNIT_ASSERT_EQUAL(0, strcmp("John", temp->username())); @@ -210,7 +210,8 @@ #endif /* HAVE_AUTH_MODULE_BASIC */ #if HAVE_AUTH_MODULE_DIGEST -#include "auth/digest/auth_digest.h" +#include "auth/digest/User.h" +#include "auth/digest/UserRequest.h" /* AuthDigestUserRequest::AuthDigestUserRequest works */ void @@ -225,7 +226,7 @@ testAuthDigestUserRequest::username() { AuthUserRequest::Pointer temp = new AuthDigestUserRequest(); - DigestUser *duser=new DigestUser(AuthConfig::Find("digest")); + Auth::Digest::User *duser=new Auth::Digest::User(Auth::Config::Find("digest")); duser->username("John"); temp->user(duser); CPPUNIT_ASSERT_EQUAL(0, strcmp("John", temp->username())); @@ -233,7 +234,8 @@ #endif /* HAVE_AUTH_MODULE_DIGEST */ #if HAVE_AUTH_MODULE_NTLM -#include "auth/ntlm/auth_ntlm.h" +#include "auth/ntlm/User.h" +#include "auth/ntlm/UserRequest.h" /* AuthNTLMUserRequest::AuthNTLMUserRequest works */ void @@ -248,7 +250,7 @@ testAuthNTLMUserRequest::username() { AuthUserRequest::Pointer temp = new AuthNTLMUserRequest(); - NTLMUser *nuser=new NTLMUser(AuthConfig::Find("ntlm")); + Auth::Ntlm::User *nuser=new Auth::Ntlm::User(Auth::Config::Find("ntlm")); nuser->username("John"); temp->user(nuser); CPPUNIT_ASSERT_EQUAL(0, strcmp("John", temp->username())); @@ -256,7 +258,8 @@ #endif /* HAVE_AUTH_MODULE_NTLM */ #if HAVE_AUTH_MODULE_NEGOTIATE -#include "auth/negotiate/auth_negotiate.h" +#include "auth/negotiate/User.h" +#include "auth/negotiate/UserRequest.h" /* AuthNegotiateUserRequest::AuthNegotiateUserRequest works */ void @@ -271,7 +274,7 @@ testAuthNegotiateUserRequest::username() { AuthUserRequest::Pointer temp = new AuthNegotiateUserRequest(); - NegotiateUser *nuser=new NegotiateUser(AuthConfig::Find("negotiate")); + Auth::Negotiate::User *nuser=new Auth::Negotiate::User(Auth::Config::Find("negotiate")); nuser->username("John"); temp->user(nuser); CPPUNIT_ASSERT_EQUAL(0, strcmp("John", temp->username())); diff -u -r -N squid-3.2.0.6/src/tools.cc squid-3.2.0.7/src/tools.cc --- squid-3.2.0.6/src/tools.cc 2011-04-04 14:42:49.000000000 +1200 +++ squid-3.2.0.7/src/tools.cc 2011-04-19 12:47:07.000000000 +1200 @@ -966,7 +966,16 @@ setMaxFD(void) { #if HAVE_SETRLIMIT && defined(RLIMIT_NOFILE) + + /* On Linux with 64-bit file support the sys/resource.h header + * uses #define to change the function definition to require rlimit64 + */ +#if defined(getrlimit) + struct rlimit64 rl; // Assume its a 64-bit redefine anyways. +#else struct rlimit rl; +#endif + if (getrlimit(RLIMIT_NOFILE, &rl) < 0) { debugs(50, DBG_CRITICAL, "setrlimit: RLIMIT_NOFILE: " << xstrerror()); } else if (Config.max_filedescriptors > 0) { @@ -1002,7 +1011,16 @@ { #if HAVE_SETRLIMIT && defined(RLIMIT_NOFILE) && !_SQUID_CYGWIN_ /* limit system filedescriptors to our own limit */ + + /* On Linux with 64-bit file support the sys/resource.h header + * uses #define to change the function definition to require rlimit64 + */ +#if defined(getrlimit) + struct rlimit64 rl; // Assume its a 64-bit redefine anyways. +#else struct rlimit rl; +#endif + if (getrlimit(RLIMIT_NOFILE, &rl) < 0) { debugs(50, DBG_CRITICAL, "setrlimit: RLIMIT_NOFILE: " << xstrerror()); } else { diff -u -r -N squid-3.2.0.6/src/typedefs.h squid-3.2.0.7/src/typedefs.h --- squid-3.2.0.6/src/typedefs.h 2011-04-04 14:42:49.000000000 +1200 +++ squid-3.2.0.7/src/typedefs.h 2011-04-19 12:47:07.000000000 +1200 @@ -51,12 +51,6 @@ /// \deprecated Use AuthUserHashPointer instead. typedef struct AuthUserHashPointer auth_user_hash_pointer; -/* temporary: once Config is fully hidden, this shouldn't be needed */ -#include "Array.h" - -class AuthConfig; -typedef Vector authConfig; - struct http_port_list; struct https_port_list; diff -u -r -N squid-3.2.0.6/src/url.cc squid-3.2.0.7/src/url.cc --- squid-3.2.0.6/src/url.cc 2011-04-04 14:42:49.000000000 +1200 +++ squid-3.2.0.7/src/url.cc 2011-04-19 12:47:07.000000000 +1200 @@ -326,6 +326,12 @@ } } + // Bug 3183 sanity check: If scheme is present, host must be too. + if (protocol != AnyP::PROTO_NONE && (host == NULL || *host == '\0')) { + debugs(23, DBG_IMPORTANT, "SECURITY WARNING: Missing hostname in URL '" << url << "'. see access.log for details."); + return NULL; + } + if (t && *t == ':') { *t = '\0'; t++; diff -u -r -N squid-3.2.0.6/tools/cachemgr.cc squid-3.2.0.7/tools/cachemgr.cc --- squid-3.2.0.6/tools/cachemgr.cc 2011-04-04 14:42:49.000000000 +1200 +++ squid-3.2.0.7/tools/cachemgr.cc 2011-04-19 12:47:07.000000000 +1200 @@ -842,6 +842,7 @@ l = snprintf(buf, sizeof(buf), "GET cache_object://%s/%s%s%s HTTP/1.0\r\n" + "User-Agent: cachemgr.cgi/%s\r\n" "Accept: */*\r\n" "%s" /* Authentication info or nothing */ "\r\n", @@ -849,6 +850,7 @@ req->action, req->workers? "?workers=" : (req->processes ? "?processes=" : ""), req->workers? req->workers : (req->processes ? req->processes: ""), + VERSION, make_auth_header(req)); if (write(s, buf, l) < 0) { fprintf(stderr,"ERROR: (%d) writing request: '%s'\n", errno, buf); diff -u -r -N squid-3.2.0.6/tools/purge/purge.cc squid-3.2.0.7/tools/purge/purge.cc --- squid-3.2.0.6/tools/purge/purge.cc 2011-04-04 14:42:49.000000000 +1200 +++ squid-3.2.0.7/tools/purge/purge.cc 2011-04-19 12:47:07.000000000 +1200 @@ -480,7 +480,7 @@ // list (IN): list of rexps to match URLs against // returns: true, if every subdir && action was successful. { - struct dirent* entry; + dirent_t * entry; if ( debugFlag & 0x01 ) fprintf( stderr, "# [2] %s\n", directory ); @@ -522,7 +522,7 @@ // returns: true, if every subdir && action was successful. // warning: this function is once-recursive, no deeper. { - struct dirent* entry; + dirent_t* entry; if ( debugFlag & 0x01 ) fprintf( stderr, "# [%d] %s\n", (level ? 1 : 0), dirname );