]> git.ipfire.org Git - thirdparty/squid.git/blame - src/cache_cf.cc
projects / thirdparty / squid.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
SslBump: Support bump-ssl-server-first / fix build errors
[thirdparty/squid.git] / src / cache_cf.cc
CommitLineData
30a4f2a8 1/*
262a0e14 2 * $Id$
30a4f2a8 3 *
b510f3a1 4 * DEBUG: section 03 Configuration File Parsing
30a4f2a8 5 * AUTHOR: Harvest Derived
6 *
2b6662ba 7 * SQUID Web Proxy Cache http://www.squid-cache.org/
e25c139f 8 * ----------------------------------------------------------
30a4f2a8 9 *
2b6662ba 10 * Squid is the result of efforts by numerous individuals from
11 * the Internet community; see the CONTRIBUTORS file for full
12 * details. Many organizations have provided support for Squid's
13 * development; see the SPONSORS file for full details. Squid is
14 * Copyrighted (C) 2001 by the Regents of the University of
15 * California; see the COPYRIGHT file for full details. Squid
16 * incorporates software developed and/or copyrighted by other
17 * sources; see the CREDITS file for full details.
30a4f2a8 18 *
19 * This program is free software; you can redistribute it and/or modify
20 * it under the terms of the GNU General Public License as published by
21 * the Free Software Foundation; either version 2 of the License, or
22 * (at your option) any later version.
26ac0430 23 *
30a4f2a8 24 * This program is distributed in the hope that it will be useful,
25 * but WITHOUT ANY WARRANTY; without even the implied warranty of
26 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
27 * GNU General Public License for more details.
26ac0430 28 *
30a4f2a8 29 * You should have received a copy of the GNU General Public License
30 * along with this program; if not, write to the Free Software
cbdec147 31 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
e25c139f 32 *
30a4f2a8 33 */
cf5fd929 34
f7f3304a 35#include "squid-old.h"
82b7abe3
AJ		 36
37#include "acl/Acl.h"
38#include "acl/Gadgets.h"
39#include "acl/MethodData.h"
40#if USE_ADAPTATION
41#include "adaptation/Config.h"
42#endif
43#if ICAP_CLIENT
44#include "adaptation/icap/Config.h"
45#endif
46#if USE_ECAP
47#include "adaptation/ecap/Config.h"
48#endif
65d448bc 49#include "anyp/PortCfg.h"
95d2589c 50#if USE_SSL
4db984be 51#include "ssl/support.h"
95d2589c
CT		 52#include "ssl/Config.h"
53#endif
2f1431ea 54#if USE_AUTH
2d2b0bb7
AR		 55#include "auth/Config.h"
56#include "auth/Scheme.h"
2f1431ea 57#endif
38450a50 58#include "base/RunnersRegistry.h"
a80a77cf 59#include "ConfigParser.h"
96c2bb61 60#include "CpuAffinityMap.h"
3b581957 61#include "DiskIO/DiskIOModule.h"
82b7abe3
AJ		 62#include "eui/Config.h"
63#if USE_SQUID_ESI
64#include "esi/Parser.h"
65#endif
38e16f92 66#include "format/Format.h"
82b7abe3
AJ		 67#include "HttpRequestMethod.h"
68#include "ident/Config.h"
96d89ea0 69#include "ip/Intercept.h"
b7ac5457 70#include "ip/QosConfig.h"
055421ee 71#include "ip/tools.h"
82b7abe3
AJ		 72#include "log/Config.h"
73#include "MemBuf.h"
8822ebee 74#include "mgr/Registration.h"
c8f4eac4 75#include "Parsing.h"
1fa9b1a7 76#include "rfc1738.h"
82b7abe3
AJ		 77#if SQUID_SNMP
78#include "snmp.h"
79#endif
80#include "Store.h"
81#include "StoreFileSystem.h"
82#include "SwapDir.h"
d295d770 83#include "wordlist.h"
40daaeb8 84#include "ipc/Kids.h"
04f87469 85
52303a3d 86#if HAVE_GLOB_H
592a09dc 87#include <glob.h>
52303a3d 88#endif
1df370e3 89
425de4c8
AJ		 90#if HAVE_LIMITS_H
91#include <limits>
92#endif
93
f4698e0b
CT		 94#if HAVE_LIST
95#include <list>
96#endif
97
95d2589c
CT		 98#if USE_SSL
99#include "ssl/gadgets.h"
100#endif
101
62c7f90e 102#if USE_ADAPTATION
62c7f90e 103static void parse_adaptation_service_set_type();
a22e6cd3 104static void parse_adaptation_service_chain_type();
62c7f90e 105static void parse_adaptation_access_type();
71be37e0
CT		 106static void parse_adaptation_meta_type(Adaptation::Config::MetaHeaders *);
107static void dump_adaptation_meta_type(StoreEntry *, const char *, Adaptation::Config::MetaHeaders &);
108static void free_adaptation_meta_type(Adaptation::Config::MetaHeaders *);
62c7f90e
AR		 109#endif
110
3a69ddf3 111#if ICAP_CLIENT
26cc52cb
AR		 112static void parse_icap_service_type(Adaptation::Icap::Config *);
113static void dump_icap_service_type(StoreEntry *, const char *, const Adaptation::Icap::Config &);
114static void free_icap_service_type(Adaptation::Icap::Config *);
c939dc70
AR		 115static void parse_icap_class_type();
116static void parse_icap_access_type();
8277060a
CT		 117
118static void parse_icap_service_failure_limit(Adaptation::Icap::Config *);
119static void dump_icap_service_failure_limit(StoreEntry *, const char *, const Adaptation::Icap::Config &);
120static void free_icap_service_failure_limit(Adaptation::Icap::Config *);
3a69ddf3 121#endif
122
21a26d31 123#if USE_ECAP
574b508c
AR		 124static void parse_ecap_service_type(Adaptation::Ecap::Config *);
125static void dump_ecap_service_type(StoreEntry *, const char *, const Adaptation::Ecap::Config &);
126static void free_ecap_service_type(Adaptation::Ecap::Config *);
21a26d31
AR		 127#endif
128
f5691f9c 129CBDATA_TYPE(peer);
130
fd0f51c4 131static const char *const T_MILLISECOND_STR = "millisecond";
8813e606 132static const char *const T_SECOND_STR = "second";
133static const char *const T_MINUTE_STR = "minute";
134static const char *const T_HOUR_STR = "hour";
135static const char *const T_DAY_STR = "day";
136static const char *const T_WEEK_STR = "week";
137static const char *const T_FORTNIGHT_STR = "fortnight";
138static const char *const T_MONTH_STR = "month";
139static const char *const T_YEAR_STR = "year";
140static const char *const T_DECADE_STR = "decade";
aa0a0c7c 141
9906e724 142static const char *const B_BYTES_STR = "bytes";
143static const char *const B_KBYTES_STR = "KB";
144static const char *const B_MBYTES_STR = "MB";
145static const char *const B_GBYTES_STR = "GB";
146
4db43fab 147static const char *const list_sep = ", \t\n\r";
b0e7d2d5 148
7684c4b1 149static void parse_access_log(customlog ** customlog_definitions);
d64bef4c 150static int check_null_access_log(customlog *customlog_definitions);
7684c4b1 151static void dump_access_log(StoreEntry * entry, const char *name, customlog * definitions);
7684c4b1 152static void free_access_log(customlog ** definitions);
153
cd748f27 154static void update_maxobjsize(void);
f5b8bbc4 155static void configDoConfigure(void);
156static void parse_refreshpattern(refresh_t **);
9b741834
CT		 157static uint64_t parseTimeUnits(const char *unit, bool allowMsec);
158static void parseTimeLine(time_msec_t * tptr, const char *units, bool allowMsec);
f45dd259 159static void parse_u_short(unsigned short * var);
f5b8bbc4 160static void parse_string(char **);
f5b8bbc4 161static void default_all(void);
162static void defaults_if_none(void);
10d914f6 163static void defaults_postscriptum(void);
f5b8bbc4 164static int parse_line(char *);
76f44481 165static void parse_obsolete(const char *);
f5b8bbc4 166static void parseBytesLine(size_t * bptr, const char *units);
95d2589c
CT		 167#if USE_SSL
168static void parseBytesOptionValue(size_t * bptr, const char *units, char const * value);
169#endif
f64091a7 170#if !USE_DNSHELPER
e210930b
AJ		 171static void parseBytesLineSigned(ssize_t * bptr, const char *units);
172#endif
f5b8bbc4 173static size_t parseBytesUnits(const char *unit);
f5b8bbc4 174static void free_all(void);
94439e4e 175void requirePathnameExists(const char *name, const char *path);
ed7f5615 176static OBJH dump_config;
626096be 177#if USE_HTTP_VIOLATIONS
3b07476b
CT		 178static void free_HeaderManglers(HeaderManglers **pm);
179static void dump_http_header_access(StoreEntry * entry, const char *name, const HeaderManglers *manglers);
180static void parse_http_header_access(HeaderManglers **manglers);
181#define free_http_header_access free_HeaderManglers
182static void dump_http_header_replace(StoreEntry * entry, const char *name, const HeaderManglers *manglers);
183static void parse_http_header_replace(HeaderManglers **manglers);
184#define free_http_header_replace free_HeaderManglers
9e8b2f1c 185#endif
f4698e0b
CT		 186static void dump_HeaderWithAclList(StoreEntry * entry, const char *name, HeaderWithAclList *headers);
187static void parse_HeaderWithAclList(HeaderWithAclList **header);
188static void free_HeaderWithAclList(HeaderWithAclList **header);
6bccf575 189static void parse_denyinfo(acl_deny_info_list ** var);
190static void dump_denyinfo(StoreEntry * entry, const char *name, acl_deny_info_list * var);
191static void free_denyinfo(acl_deny_info_list ** var);
e1a88700 192
0b0cfcf2 193#if USE_WCCPv2
b7ac5457
AJ		 194static void parse_IpAddress_list(Ip::Address_list **);
195static void dump_IpAddress_list(StoreEntry *, const char *, const Ip::Address_list *);
196static void free_IpAddress_list(Ip::Address_list **);
0b0cfcf2 197#if CURRENTLY_UNUSED
b7ac5457 198static int check_null_IpAddress_list(const Ip::Address_list *);
3f38a55e 199#endif /* CURRENTLY_UNUSED */
e1a88700 200#endif /* USE_WCCPv2 */
201
65d448bc
AJ		 202static void parsePortCfg(AnyP::PortCfg **, const char *protocol);
203#define parse_PortCfg(l) parsePortCfg((l), token)
204static void dump_PortCfg(StoreEntry *, const char *, const AnyP::PortCfg *);
205static void free_PortCfg(AnyP::PortCfg **);
e1a88700 206
d193a436 207#if USE_SSL
aebe6888
CT		 208static void parse_sslproxy_cert_sign(sslproxy_cert_sign **cert_sign);
209static void dump_sslproxy_cert_sign(StoreEntry *entry, const char *name, sslproxy_cert_sign *cert_sign);
210static void free_sslproxy_cert_sign(sslproxy_cert_sign **cert_sign);
fb2178bb
CT		 211static void parse_sslproxy_cert_adapt(sslproxy_cert_adapt **cert_adapt);
212static void dump_sslproxy_cert_adapt(StoreEntry *entry, const char *name, sslproxy_cert_adapt *cert_adapt);
213static void free_sslproxy_cert_adapt(sslproxy_cert_adapt **cert_adapt);
caf3666d
AR		 214static void parse_sslproxy_ssl_bump(acl_access **ssl_bump);
215static void dump_sslproxy_ssl_bump(StoreEntry *entry, const char *name, acl_access *ssl_bump);
216static void free_sslproxy_ssl_bump(acl_access **ssl_bump);
d193a436 217#endif /* USE_SSL */
e1a88700 218
ef1955a5 219static void parse_b_size_t(size_t * var);
47f6e231 220static void parse_b_int64_t(int64_t * var);
270b86af 221
96c2bb61
AR		 222static bool parseNamedIntList(const char *data, const String &name, Vector<int> &list);
223
224static void parse_CpuAffinityMap(CpuAffinityMap **const cpuAffinityMap);
225static void dump_CpuAffinityMap(StoreEntry *const entry, const char *const name, const CpuAffinityMap *const cpuAffinityMap);
226static void free_CpuAffinityMap(CpuAffinityMap **const cpuAffinityMap);
227
cfcb6b30 228static int parseOneConfigFile(const char *file_name, unsigned int depth);
229
a385afc3 230/*
231 * LegacyParser is a parser for legacy code that uses the global
232 * approach. This is static so that it is only exposed to cache_cf.
233 * Other modules needing access to a ConfigParser should have it
234 * provided to them in their parserFOO methods.
235 */
236static ConfigParser LegacyParser = ConfigParser();
a9f20260 237
0e4e0e7d 238void
0673c0ba 239self_destruct(void)
090089c4 240{
a9f20260 241 LegacyParser.destruct();
6b8e7481 242}
243
cd748f27 244static void
245update_maxobjsize(void)
246{
247 int i;
47f6e231 248 int64_t ms = -1;
cd748f27 249
250 for (i = 0; i < Config.cacheSwap.n_configured; i++) {
c8f4eac4 251 assert (Config.cacheSwap.swapDirs[i].getRaw());
62e76326 252
c8f4eac4 253 if (dynamic_cast<SwapDir *>(Config.cacheSwap.swapDirs[i].getRaw())->
254 max_objsize > ms)
255 ms = dynamic_cast<SwapDir *>(Config.cacheSwap.swapDirs[i].getRaw())->max_objsize;
cd748f27 256 }
257 store_maxobjsize = ms;
258}
259
76b9daa5 260static void
261SetConfigFilename(char const *file_name, bool is_pipe)
262{
263 cfg_filename = file_name;
264
265 char const *token;
266
267 if (is_pipe)
268 cfg_filename = file_name + 1;
269 else if ((token = strrchr(cfg_filename, '/')))
270 cfg_filename = token + 1;
271}
272
130bff33 273static const char*
274skip_ws(const char* s)
275{
276 while (xisspace(*s))
277 ++s;
278
279 return s;
280}
281
cfcb6b30 282static int
283parseManyConfigFiles(char* files, int depth)
284{
285 int error_count = 0;
d7ac36b9 286 char* saveptr = NULL;
52303a3d 287#if HAVE_GLOB
592a09dc 288 char *path;
289 glob_t globbuf;
290 int i;
291 memset(&globbuf, 0, sizeof(globbuf));
292 for (path = strwordtok(files, &saveptr); path; path = strwordtok(NULL, &saveptr)) {
26ac0430
AJ		 293 if (glob(path, globbuf.gl_pathc ? GLOB_APPEND : 0, NULL, &globbuf) != 0) {
294 fatalf("Unable to find configuration file: %s: %s",
295 path, xstrerror());
296 }
297 }
592a09dc 298 for (i = 0; i < (int)globbuf.gl_pathc; i++) {
26ac0430 299 error_count += parseOneConfigFile(globbuf.gl_pathv[i], depth);
cfcb6b30 300 }
592a09dc 301 globfree(&globbuf);
52303a3d 302#else
303 char* file = strwordtok(files, &saveptr);
304 while (file != NULL) {
26ac0430
AJ		 305 error_count += parseOneConfigFile(file, depth);
306 file = strwordtok(NULL, &saveptr);
52303a3d 307 }
308#endif /* HAVE_GLOB */
cfcb6b30 309 return error_count;
310}
311
d4a3e179
AR		 312static void
313ReplaceSubstr(char*& str, int& len, unsigned substrIdx, unsigned substrLen, const char* newSubstr)
314{
315 assert(str != NULL);
316 assert(newSubstr != NULL);
317
318 unsigned newSubstrLen = strlen(newSubstr);
319 if (newSubstrLen > substrLen)
320 str = (char*)realloc(str, len - substrLen + newSubstrLen + 1);
321
322 // move tail part including zero
323 memmove(str + substrIdx + newSubstrLen, str + substrIdx + substrLen, len - substrIdx - substrLen + 1);
324 // copy new substring in place
325 memcpy(str + substrIdx, newSubstr, newSubstrLen);
326
327 len = strlen(str);
328}
329
330static void
331SubstituteMacro(char*& line, int& len, const char* macroName, const char* substStr)
332{
333 assert(line != NULL);
334 assert(macroName != NULL);
335 assert(substStr != NULL);
336 unsigned macroNameLen = strlen(macroName);
337 while (const char* macroPos = strstr(line, macroName)) // we would replace all occurrences
338 ReplaceSubstr(line, len, macroPos - line, macroNameLen, substStr);
339}
340
341static void
342ProcessMacros(char*& line, int& len)
343{
9de6c973 344 SubstituteMacro(line, len, "${process_name}", TheKidName);
d4a3e179
AR		 345 SubstituteMacro(line, len, "${process_number}", xitoa(KidIdentifier));
346}
347
a7ea9b13
AR		 348static void
349trim_trailing_ws(char* str)
350{
351 assert(str != NULL);
352 unsigned i = strlen(str);
353 while ((i > 0) && xisspace(str[i - 1]))
354 --i;
355 str[i] = '\0';
356}
357
358static const char*
359FindStatement(const char* line, const char* statement)
360{
361 assert(line != NULL);
362 assert(statement != NULL);
363
364 const char* str = skip_ws(line);
365 unsigned len = strlen(statement);
366 if (strncmp(str, statement, len) == 0) {
367 str += len;
368 if (*str == '\0')
369 return str;
370 else if (xisspace(*str))
371 return skip_ws(str);
372 }
373
374 return NULL;
375}
376
377static bool
378StrToInt(const char* str, long& number)
379{
380 assert(str != NULL);
381
382 char* end;
383 number = strtol(str, &end, 0);
384
385 return (end != str) && (*end == '\0'); // returns true if string contains nothing except number
386}
387
388static bool
389EvalBoolExpr(const char* expr)
390{
391 assert(expr != NULL);
392 if (strcmp(expr, "true") == 0) {
393 return true;
394 } else if (strcmp(expr, "false") == 0) {
395 return false;
396 } else if (const char* equation = strchr(expr, '=')) {
397 const char* rvalue = skip_ws(equation + 1);
398 char* lvalue = (char*)xmalloc(equation - expr + 1);
399 xstrncpy(lvalue, expr, equation - expr + 1);
400 trim_trailing_ws(lvalue);
401
402 long number1;
403 if (!StrToInt(lvalue, number1))
404 fatalf("String is not a integer number: '%s'\n", lvalue);
405 long number2;
406 if (!StrToInt(rvalue, number2))
407 fatalf("String is not a integer number: '%s'\n", rvalue);
408
409 xfree(lvalue);
410 return number1 == number2;
411 }
412 fatalf("Unable to evaluate expression '%s'\n", expr);
413 return false; // this place cannot be reached
414}
415
cfcb6b30 416static int
417parseOneConfigFile(const char *file_name, unsigned int depth)
2546fcb3 418{
270b86af 419 FILE *fp = NULL;
cfcb6b30 420 const char *orig_cfg_filename = cfg_filename;
421 const int orig_config_lineno = config_lineno;
270b86af 422 char *token = NULL;
81c161d0 423 char *tmp_line = NULL;
424 int tmp_line_len = 0;
e13ee7ad 425 int err_count = 0;
1741cbad 426 int is_pipe = 0;
cfcb6b30 427
428 debugs(3, 1, "Processing Configuration File: " << file_name << " (depth " << depth << ")");
429 if (depth > 16) {
430 fatalf("WARNING: can't include %s: includes are nested too deeply (>16)!\n", file_name);
431 return 1;
432 }
62e76326 433
1741cbad 434 if (file_name[0] == '!' || file_name[0] == '|') {
62e76326 435 fp = popen(file_name + 1, "r");
436 is_pipe = 1;
1741cbad 437 } else {
62e76326 438 fp = fopen(file_name, "r");
1741cbad 439 }
62e76326 440
1741cbad 441 if (fp == NULL)
cfcb6b30 442 fatalf("Unable to open configuration file: %s: %s", file_name, xstrerror());
62e76326 443
be266cb2 444#if _SQUID_WINDOWS_
c4aefe96 445 setmode(fileno(fp), O_TEXT);
446#endif
62e76326 447
76b9daa5 448 SetConfigFilename(file_name, bool(is_pipe));
62e76326 449
270b86af 450 memset(config_input_line, '\0', BUFSIZ);
62e76326 451
270b86af 452 config_lineno = 0;
62e76326 453
a7ea9b13 454 Vector<bool> if_states;
270b86af 455 while (fgets(config_input_line, BUFSIZ, fp)) {
62e76326 456 config_lineno++;
457
458 if ((token = strchr(config_input_line, '\n')))
459 *token = '\0';
460
d866e2ad 461 if ((token = strchr(config_input_line, '\r')))
462 *token = '\0';
463
f068973f
AJ		 464 // strip any prefix whitespace off the line.
465 const char *p = skip_ws(config_input_line);
466 if (config_input_line != p)
467 memmove(config_input_line, p, strlen(p)+1);
468
62e76326 469 if (strncmp(config_input_line, "#line ", 6) == 0) {
470 static char new_file_name[1024];
471 static char *file;
472 static char new_lineno;
473 token = config_input_line + 6;
474 new_lineno = strtol(token, &file, 0) - 1;
475
476 if (file == token)
477 continue; /* Not a valid #line directive, may be a comment */
478
e4755e29 479 while (*file && xisspace((unsigned char) *file))
62e76326 480 file++;
481
482 if (*file) {
483 if (*file != '"')
484 continue; /* Not a valid #line directive, may be a comment */
485
486 xstrncpy(new_file_name, file + 1, sizeof(new_file_name));
487
488 if ((token = strchr(new_file_name, '"')))
489 *token = '\0';
490
491 cfg_filename = new_file_name;
62e76326 492 }
493
494 config_lineno = new_lineno;
495 }
496
497 if (config_input_line[0] == '#')
498 continue;
499
500 if (config_input_line[0] == '\0')
501 continue;
502
130bff33 503 const char* append = tmp_line_len ? skip_ws(config_input_line) : config_input_line;
504
505 size_t append_len = strlen(append);
62e76326 506
130bff33 507 tmp_line = (char*)xrealloc(tmp_line, tmp_line_len + append_len + 1);
81c161d0 508
130bff33 509 strcpy(tmp_line + tmp_line_len, append);
81c161d0 510
130bff33 511 tmp_line_len += append_len;
81c161d0 512
513 if (tmp_line[tmp_line_len-1] == '\\') {
bf8fe701 514 debugs(3, 5, "parseConfigFile: tmp_line='" << tmp_line << "'");
81c161d0 515 tmp_line[--tmp_line_len] = '\0';
516 continue;
517 }
518
a7ea9b13 519 trim_trailing_ws(tmp_line);
d4a3e179 520 ProcessMacros(tmp_line, tmp_line_len);
dad047ab 521 debugs(3, (opt_parse_cfg_only?1:5), "Processing: " << tmp_line);
62e76326 522
a7ea9b13
AR		 523 if (const char* expr = FindStatement(tmp_line, "if")) {
524 if_states.push_back(EvalBoolExpr(expr)); // store last if-statement meaning
525 } else if (FindStatement(tmp_line, "endif")) {
526 if (!if_states.empty())
527 if_states.pop_back(); // remove last if-statement meaning
528 else
529 fatalf("'endif' without 'if'\n");
530 } else if (FindStatement(tmp_line, "else")) {
531 if (!if_states.empty())
532 if_states.back() = !if_states.back();
533 else
534 fatalf("'else' without 'if'\n");
535 } else if (if_states.empty() || if_states.back()) { // test last if-statement meaning if present
536 /* Handle includes here */
537 if (tmp_line_len >= 9 && strncmp(tmp_line, "include", 7) == 0 && xisspace(tmp_line[7])) {
538 err_count += parseManyConfigFiles(tmp_line + 8, depth + 1);
539 } else if (!parse_line(tmp_line)) {
540 debugs(3, 0, HERE << cfg_filename << ":" << config_lineno << " unrecognized: '" << tmp_line << "'");
541 err_count++;
542 }
26ac0430 543 }
62e76326 544
545 safe_free(tmp_line);
81c161d0 546 tmp_line_len = 0;
547
270b86af 548 }
a7ea9b13
AR		 549 if (!if_states.empty())
550 fatalf("if-statement without 'endif'\n");
62e76326 551
1741cbad 552 if (is_pipe) {
62e76326 553 int ret = pclose(fp);
554
555 if (ret != 0)
556 fatalf("parseConfigFile: '%s' failed with exit code %d\n", file_name, ret);
1741cbad 557 } else {
62e76326 558 fclose(fp);
1741cbad 559 }
62e76326 560
cfcb6b30 561 cfg_filename = orig_cfg_filename;
562 config_lineno = orig_config_lineno;
563
564 return err_count;
565}
566
567int
dd9b1081 568parseConfigFile(const char *file_name)
cfcb6b30 569{
570 int err_count = 0;
571
5817ee13
AJ		 572 debugs(5, 4, HERE);
573
cfcb6b30 574 configFreeMemory();
575
5491c11e 576 ACLMethodData::ThePurgeCount = 0;
cfcb6b30 577 default_all();
578
579 err_count = parseOneConfigFile(file_name, 0);
580
f0b19334 581 defaults_if_none();
f9ad0106 582
10d914f6
CT		 583 defaults_postscriptum();
584
9c46ca97 585 /*
586 * We must call configDoConfigure() before leave_suid() because
587 * configDoConfigure() is where we turn username strings into
588 * uid values.
589 */
590 configDoConfigure();
591
f9ad0106 592 if (!Config.chroot_dir) {
593 leave_suid();
c642c141 594 setUmask(Config.umask);
62493678 595 _db_init(Debug::cache_log, Debug::debugOptions);
f9ad0106 596 enter_suid();
597 }
598
478c4f2f 599 if (opt_send_signal == -1) {
8822ebee 600 Mgr::RegisterAction("config",
d9fc6862
A		 601 "Current Squid Configuration",
602 dump_config,
603 1, 1);
478c4f2f 604 }
605
e13ee7ad 606 return err_count;
f0b19334 607}
270b86af 608
cfcb6b30 609
f0b19334 610static void
611configDoConfigure(void)
612{
f0b19334 613 memset(&Config2, '\0', sizeof(SquidConfig2));
7021844c 614 /* init memory as early as possible */
615 memConfigure();
270b86af 616 /* Sanity checks */
62e76326 617
7895fa18
AJ		 618 if (Config.cacheSwap.swapDirs == NULL) {
619 /* Memory-only cache probably in effect. */
620 /* turn off the cache rebuild delays... */
621 StoreController::store_dirs_rebuilding = 0;
3b581957
DK		 622 } else if (InDaemonMode()) { // no diskers in non-daemon mode
623 for (int i = 0; i < Config.cacheSwap.n_configured; ++i) {
624 const RefCount<SwapDir> sd = Config.cacheSwap.swapDirs[i];
625 if (sd->needsDiskStrand())
626 sd->disker = Config.workers + (++Config.cacheSwap.n_strands);
627 }
7895fa18
AJ		 628 }
629
47df1aa7
AJ		 630 if (Debug::rotateNumber < 0) {
631 Debug::rotateNumber = Config.Log.rotateNumber;
632 }
633
5aecb102 634#if SIZEOF_OFF_T <= 4
635 if (Config.Store.maxObjectSize > 0x7FFF0000) {
26ac0430
AJ		 636 debugs(3, 0, "WARNING: This Squid binary can not handle files larger than 2GB. Limiting maximum_object_size to just below 2GB");
637 Config.Store.maxObjectSize = 0x7FFF0000;
5aecb102 638 }
639#endif
c8f4eac4 640 if (0 == Store::Root().maxSize())
62e76326 641 /* people might want a zero-sized cache on purpose */
642 (void) 0;
cc34568d 643 else if (Store::Root().maxSize() < Config.memMaxSize)
c8f4eac4 644 /* This is bogus. folk with NULL caches will want this */
bf8fe701 645 debugs(3, 0, "WARNING cache_mem is larger than total disk cache space!");
62e76326 646
84f42bac 647 if (Config.Announce.period > 0) {
62e76326 648 Config.onoff.announce = 1;
84f42bac 649 } else if (Config.Announce.period < 1) {
62e76326 650 Config.Announce.period = 86400 * 365; /* one year */
651 Config.onoff.announce = 0;
270b86af 652 }
62e76326 653
d3caee79 654 if (Config.onoff.httpd_suppress_version_string)
655 visible_appname_string = (char *)appname_string;
656 else
7dbca7a4 657 visible_appname_string = (char const *)APP_FULLNAME;
d3caee79 658
f64091a7 659#if USE_DNSHELPER
48d54e4d 660 if (Config.dnsChildren.n_max < 1)
f64091a7 661 fatal("No DNS helpers allocated");
efd900cb 662#endif
62e76326 663
270b86af 664 if (Config.Program.redirect) {
48d54e4d
AJ		 665 if (Config.redirectChildren.n_max < 1) {
666 Config.redirectChildren.n_max = 0;
62e76326 667 wordlistDestroy(&Config.Program.redirect);
668 }
fea2e6e0 669 }
62e76326 670
f1dc9b30 671 if (Config.appendDomain)
62e76326 672 if (*Config.appendDomain != '.')
673 fatal("append_domain must begin with a '.'");
674
270b86af 675 if (Config.errHtmlText == NULL)
62e76326 676 Config.errHtmlText = xstrdup(null_string);
677
1b7fae06
AJ		 678#if !HAVE_SETRLIMIT || !defined(RLIMIT_NOFILE)
679 if (Config.max_filedescriptors > 0) {
3a9087af 680 debugs(0, DBG_IMPORTANT, "WARNING: max_filedescriptors disabled. Operating System setrlimit(RLIMIT_NOFILE) is missing.");
1b7fae06
AJ		 681 }
682#elif USE_SELECT || USE_SELECT_WIN32
683 if (Config.max_filedescriptors > FD_SETSIZE) {
3a9087af 684 debugs(0, DBG_IMPORTANT, "WARNING: max_filedescriptors limited to " << FD_SETSIZE << " by select() algorithm.");
1b7fae06
AJ		 685 }
686#endif
687
270b86af 688 storeConfigure();
62e76326 689
52f772de 690 snprintf(ThisCache, sizeof(ThisCache), "%s (%s)",
62e76326 691 uniqueHostname(),
d3caee79 692 visible_appname_string);
fbdba7c4 693
38a6c74e 694 /*
695 * the extra space is for loop detection in client_side.c -- we search
696 * for substrings in the Via header.
697 */
52f772de 698 snprintf(ThisCache2, sizeof(ThisCache), " %s (%s)",
62e76326 699 uniqueHostname(),
d3caee79 700 visible_appname_string);
62e76326 701
b2b40d8c
AJ		 702 /* Use visible_hostname as default surrogate_id */
703 if (!Config.Accel.surrogate_id) {
704 const char *t = getMyHostname();
705 Config.Accel.surrogate_id = xstrdup( (t?t:"unset-id") );
706 }
707
270b86af 708 if (!Config.udpMaxHitObjsz || Config.udpMaxHitObjsz > SQUID_UDP_SO_SNDBUF)
62e76326 709 Config.udpMaxHitObjsz = SQUID_UDP_SO_SNDBUF;
710
270b86af 711 if (Config.appendDomain)
62e76326 712 Config.appendDomainLen = strlen(Config.appendDomain);
270b86af 713 else
62e76326 714 Config.appendDomainLen = 0;
715
31ef19cd
AJ		 716 if (Config.connect_retries > 10) {
717 debugs(0,DBG_CRITICAL, "WARNING: connect_retries cannot be larger than 10. Resetting to 10.");
718 Config.connect_retries = 10;
5210854d 719 }
62e76326 720
f0b19334 721 requirePathnameExists("MIME Config Table", Config.mimeTablePathname);
f64091a7 722#if USE_DNSHELPER
f0b19334 723 requirePathnameExists("cache_dns_program", Config.Program.dnsserver);
efd900cb 724#endif
a3d0a19d 725#if USE_UNLINKD
62e76326 726
f0b19334 727 requirePathnameExists("unlinkd_program", Config.Program.unlinkd);
a3d0a19d 728#endif
82b7abe3 729 requirePathnameExists("logfile_daemon", Log::TheConfig.logfile_daemon);
f0b19334 730 if (Config.Program.redirect)
62e76326 731 requirePathnameExists("redirect_program", Config.Program.redirect->key);
732
f0b19334 733 requirePathnameExists("Icon Directory", Config.icons.directory);
62e76326 734
26ac0430 735 if (Config.errorDirectory)
43000484 736 requirePathnameExists("Error Directory", Config.errorDirectory);
62e76326 737
626096be 738#if USE_HTTP_VIOLATIONS
62e76326 739
9f60cfdf 740 {
62e76326 741 const refresh_t *R;
742
26ac0430 743 for (R = Config.Refresh; R; R = R->next) {
62e76326 744 if (!R->flags.override_expire)
745 continue;
746
bf8fe701 747 debugs(22, 1, "WARNING: use of 'override-expire' in 'refresh_pattern' violates HTTP");
62e76326 748
749 break;
750 }
751
26ac0430 752 for (R = Config.Refresh; R; R = R->next) {
62e76326 753 if (!R->flags.override_lastmod)
754 continue;
755
bf8fe701 756 debugs(22, 1, "WARNING: use of 'override-lastmod' in 'refresh_pattern' violates HTTP");
62e76326 757
758 break;
759 }
760
26ac0430 761 for (R = Config.Refresh; R; R = R->next) {
38f9c547 762 if (!R->flags.reload_into_ims)
763 continue;
764
bf8fe701 765 debugs(22, 1, "WARNING: use of 'reload-into-ims' in 'refresh_pattern' violates HTTP");
38f9c547 766
767 break;
768 }
769
26ac0430 770 for (R = Config.Refresh; R; R = R->next) {
38f9c547 771 if (!R->flags.ignore_reload)
772 continue;
773
bf8fe701 774 debugs(22, 1, "WARNING: use of 'ignore-reload' in 'refresh_pattern' violates HTTP");
38f9c547 775
776 break;
777 }
778
26ac0430 779 for (R = Config.Refresh; R; R = R->next) {
38f9c547 780 if (!R->flags.ignore_no_cache)
781 continue;
782
bf8fe701 783 debugs(22, 1, "WARNING: use of 'ignore-no-cache' in 'refresh_pattern' violates HTTP");
38f9c547 784
785 break;
786 }
787
26ac0430 788 for (R = Config.Refresh; R; R = R->next) {
38f9c547 789 if (!R->flags.ignore_no_store)
790 continue;
791
bf8fe701 792 debugs(22, 1, "WARNING: use of 'ignore-no-store' in 'refresh_pattern' violates HTTP");
38f9c547 793
794 break;
795 }
796
4ca08219 797 for (R = Config.Refresh; R; R = R->next) {
04f7fd38
AJ		 798 if (!R->flags.ignore_must_revalidate)
799 continue;
800 debugs(22, 1, "WARNING: use of 'ignore-must-revalidate' in 'refresh_pattern' violates HTTP");
801 break;
4ca08219
AJ		 802 }
803
26ac0430 804 for (R = Config.Refresh; R; R = R->next) {
38f9c547 805 if (!R->flags.ignore_private)
806 continue;
807
bf8fe701 808 debugs(22, 1, "WARNING: use of 'ignore-private' in 'refresh_pattern' violates HTTP");
38f9c547 809
810 break;
811 }
812
26ac0430 813 for (R = Config.Refresh; R; R = R->next) {
38f9c547 814 if (!R->flags.ignore_auth)
815 continue;
816
bf8fe701 817 debugs(22, 1, "WARNING: use of 'ignore-auth' in 'refresh_pattern' violates HTTP");
38f9c547 818
819 break;
820 }
821
9f60cfdf 822 }
c2f5c744 823#endif
626096be 824#if !USE_HTTP_VIOLATIONS
c2f5c744 825 Config.onoff.via = 1;
826#else
62e76326 827
c2f5c744 828 if (!Config.onoff.via)
bf8fe701 829 debugs(22, 1, "WARNING: HTTP requires the use of Via");
62e76326 830
9f60cfdf 831#endif
62e76326 832
5491c11e
AR		 833 // we enable runtime PURGE checks if there is at least one PURGE method ACL
834 // TODO: replace with a dedicated "purge" ACL option?
3d9019c7 835 Config2.onoff.enable_purge = (ACLMethodData::ThePurgeCount > 0);
62e76326 836
3b07476b 837 Config2.onoff.mangle_request_headers = (Config.request_header_access != NULL);
5967c0bf 838
8749fa47 839 if (geteuid() == 0) {
62e76326 840 if (NULL != Config.effectiveUser) {
841
842 struct passwd *pwd = getpwnam(Config.effectiveUser);
843
5ad8d199 844 if (NULL == pwd) {
62e76326 845 /*
846 * Andres Kroonmaa <andre@online.ee>:
847 * Some getpwnam() implementations (Solaris?) require
848 * an available FD < 256 for opening a FILE* to the
849 * passwd file.
850 * DW:
851 * This should be safe at startup, but might still fail
852 * during reconfigure.
853 */
854 fatalf("getpwnam failed to find userid for effective user '%s'",
855 Config.effectiveUser);
5ad8d199 856 return;
857 }
62e76326 858
859 Config2.effectiveUserID = pwd->pw_uid;
860
861 Config2.effectiveGroupID = pwd->pw_gid;
08ac5ea7 862
cff61cb8 863#if HAVE_PUTENV
864
865 if (pwd->pw_dir && *pwd->pw_dir) {
866 int len;
867 char *env_str = (char *)xcalloc((len = strlen(pwd->pw_dir) + 6), 1);
868 snprintf(env_str, len, "HOME=%s", pwd->pw_dir);
869 putenv(env_str);
870 }
871
872#endif
873
62e76326 874 }
8749fa47 875 } else {
62e76326 876 Config2.effectiveUserID = geteuid();
877 Config2.effectiveGroupID = getegid();
d20b1cd0 878 }
62e76326 879
d20b1cd0 880 if (NULL != Config.effectiveGroup) {
62e76326 881
882 struct group *grp = getgrnam(Config.effectiveGroup);
883
5ad8d199 884 if (NULL == grp) {
62e76326 885 fatalf("getgrnam failed to find groupid for effective group '%s'",
886 Config.effectiveGroup);
5ad8d199 887 return;
888 }
62e76326 889
890 Config2.effectiveGroupID = grp->gr_gid;
d20b1cd0 891 }
62e76326 892
985c86bc 893 HttpRequestMethod::Configure(Config);
a7ad6e4e 894#if USE_SSL
62e76326 895
bf8fe701 896 debugs(3, 1, "Initializing https proxy context");
f9ad0106 897
a82a4fe4 898 Config.ssl_client.sslContext = sslCreateClientContext(Config.ssl_client.cert, Config.ssl_client.key, Config.ssl_client.version, Config.ssl_client.cipher, Config.ssl_client.options, Config.ssl_client.flags, Config.ssl_client.cafile, Config.ssl_client.capath, Config.ssl_client.crlfile);
f9ad0106 899
04401ab0
A		 900 for (peer *p = Config.peers; p != NULL; p = p->next) {
901 if (p->use_ssl) {
902 debugs(3, 1, "Initializing cache_peer " << p->name << " SSL context");
903 p->sslContext = sslCreateClientContext(p->sslcert, p->sslkey, p->sslversion, p->sslcipher, p->ssloptions, p->sslflags, p->sslcafile, p->sslcapath, p->sslcrlfile);
f9ad0106 904 }
905 }
906
04401ab0 907 for (AnyP::PortCfg *s = Config.Sockaddr.http; s != NULL; s = s->next) {
5ae65581 908 if (!s->sslBump)
04401ab0 909 continue;
154dc884 910
04401ab0 911 debugs(3, 1, "Initializing http_port " << s->s << " SSL context");
5ae65581 912 s->configureSslServerContext();
154dc884 913 }
914
04401ab0
A		 915 for (AnyP::PortCfg *s = Config.Sockaddr.https; s != NULL; s = s->next) {
916 debugs(3, 1, "Initializing https_port " << s->s << " SSL context");
5ae65581 917 s->configureSslServerContext();
f9ad0106 918 }
919
a7ad6e4e 920#endif
1f771fed
AJ		 921
922 // prevent infinite fetch loops in the request parser
923 // due to buffer full but not enough data recived to finish parse
924 if (Config.maxRequestBufferSize <= Config.maxRequestHeaderSize) {
d0bbf50e 925 fatalf("Client request buffer of %u bytes cannot hold a request with %u bytes of headers." \
1f771fed 926 " Change client_request_buffer_max or request_header_max_size limits.",
d0bbf50e 927 (uint32_t)Config.maxRequestBufferSize, (uint32_t)Config.maxRequestHeaderSize);
1f771fed 928 }
a0e23afd 929
2f1431ea 930#if USE_AUTH
a0e23afd
AJ		 931 /*
932 * disable client side request pipelining. There is a race with
933 * Negotiate and NTLM when the client sends a second request on an
934 * connection before the authenticate challenge is sent. With
935 * pipelining OFF, the client may fail to authenticate, but squid's
936 * state will be preserved.
937 */
938 if (Config.onoff.pipeline_prefetch) {
9f3d2b2e
AJ		 939 Auth::Config *nego = Auth::Config::Find("Negotiate");
940 Auth::Config *ntlm = Auth::Config::Find("NTLM");
a0e23afd
AJ		 941 if ((nego && nego->active()) || (ntlm && ntlm->active())) {
942 debugs(3, DBG_IMPORTANT, "WARNING: pipeline_prefetch breaks NTLM and Negotiate authentication. Forced OFF.");
943 Config.onoff.pipeline_prefetch = 0;
944 }
945 }
2f1431ea 946#endif
090089c4 947}
948
76f44481
AJ		 949/** Parse a line containing an obsolete directive.
950 * To upgrade it where possible instead of just "Bungled config" for
951 * directives which cannot be marked as simply aliases of the some name.
952 * For example if the parameter order and content has changed.
953 * Or if the directive has been completely removed.
954 */
955void
956parse_obsolete(const char *name)
957{
958 // Directives which have been radically changed rather than removed
959 if (!strcmp(name, "url_rewrite_concurrency")) {
254d8ef1
AJ		 960 int cval;
961 parse_int(&cval);
76f44481 962 debugs(3, DBG_CRITICAL, "WARNING: url_rewrite_concurrency upgrade overriding url_rewrite_children settings.");
254d8ef1 963 Config.redirectChildren.concurrency = cval;
76f44481
AJ		 964 }
965}
966
270b86af 967/* Parse a time specification from the config file. Store the
f1dc9b30 968 * result in 'tptr', after converting it to 'units' */
8203a132 969static void
9b741834 970parseTimeLine(time_msec_t * tptr, const char *units, bool allowMsec)
090089c4 971{
972 char *token;
270b86af 973 double d;
fd0f51c4
CT		 974 time_msec_t m;
975 time_msec_t u;
62e76326 976
9b741834 977 if ((u = parseTimeUnits(units, allowMsec)) == 0)
62e76326 978 self_destruct();
979
270b86af 980 if ((token = strtok(NULL, w_space)) == NULL)
62e76326 981 self_destruct();
982
5c20d6fa 983 d = xatof(token);
62e76326 984
270b86af 985 m = u; /* default to 'units' if none specified */
62e76326 986
10738561 987 if (0 == d)
62e76326 988 (void) 0;
10738561 989 else if ((token = strtok(NULL, w_space)) == NULL)
26ac0430
AJ		 990 debugs(3, 0, "WARNING: No units on '" <<
991 config_input_line << "', assuming " <<
992 d << " " << units );
9b741834 993 else if ((m = parseTimeUnits(token, allowMsec)) == 0)
62e76326 994 self_destruct();
995
fd0f51c4 996 *tptr = static_cast<time_msec_t>(m * d);
090089c4 997}
998
fd0f51c4 999static uint64_t
9b741834 1000parseTimeUnits(const char *unit, bool allowMsec)
270b86af 1001{
9b741834 1002 if (allowMsec && !strncasecmp(unit, T_MILLISECOND_STR, strlen(T_MILLISECOND_STR)))
62e76326 1003 return 1;
1004
fd0f51c4
CT		 1005 if (!strncasecmp(unit, T_SECOND_STR, strlen(T_SECOND_STR)))
1006 return 1000;
1007
270b86af 1008 if (!strncasecmp(unit, T_MINUTE_STR, strlen(T_MINUTE_STR)))
fd0f51c4 1009 return 60 * 1000;
62e76326 1010
270b86af 1011 if (!strncasecmp(unit, T_HOUR_STR, strlen(T_HOUR_STR)))
fd0f51c4 1012 return 3600 * 1000;
62e76326 1013
270b86af 1014 if (!strncasecmp(unit, T_DAY_STR, strlen(T_DAY_STR)))
fd0f51c4 1015 return 86400 * 1000;
62e76326 1016
270b86af 1017 if (!strncasecmp(unit, T_WEEK_STR, strlen(T_WEEK_STR)))
fd0f51c4 1018 return 86400 * 7 * 1000;
62e76326 1019
270b86af 1020 if (!strncasecmp(unit, T_FORTNIGHT_STR, strlen(T_FORTNIGHT_STR)))
fd0f51c4 1021 return 86400 * 14 * 1000;
62e76326 1022
270b86af 1023 if (!strncasecmp(unit, T_MONTH_STR, strlen(T_MONTH_STR)))
fd0f51c4 1024 return static_cast<uint64_t>(86400) * 30 * 1000;
62e76326 1025
270b86af 1026 if (!strncasecmp(unit, T_YEAR_STR, strlen(T_YEAR_STR)))
fd0f51c4 1027 return static_cast<uint64_t>(86400 * 1000 * 365.2522);
62e76326 1028
270b86af 1029 if (!strncasecmp(unit, T_DECADE_STR, strlen(T_DECADE_STR)))
fd0f51c4 1030 return static_cast<uint64_t>(86400 * 1000 * 365.2522 * 10);
62e76326 1031
bf8fe701 1032 debugs(3, 1, "parseTimeUnits: unknown time unit '" << unit << "'");
62e76326 1033
270b86af 1034 return 0;
1035}
1036
47f6e231 1037static void
1038parseBytesLine64(int64_t * bptr, const char *units)
1039{
1040 char *token;
1041 double d;
1042 int64_t m;
1043 int64_t u;
1044
9eeb8e4b 1045 if ((u = parseBytesUnits(units)) == 0) {
47f6e231 1046 self_destruct();
9eeb8e4b 1047 return;
1048 }
47f6e231 1049
9eeb8e4b 1050 if ((token = strtok(NULL, w_space)) == NULL) {
47f6e231 1051 self_destruct();
9eeb8e4b 1052 return;
1053 }
47f6e231 1054
1055 if (strcmp(token, "none") == 0 || strcmp(token, "-1") == 0) {
bc41416d 1056 *bptr = -1;
47f6e231 1057 return;
1058 }
1059
1060 d = xatof(token);
1061
1062 m = u; /* default to 'units' if none specified */
1063
1064 if (0.0 == d)
1065 (void) 0;
1066 else if ((token = strtok(NULL, w_space)) == NULL)
26ac0430
AJ		 1067 debugs(3, 0, "WARNING: No units on '" <<
1068 config_input_line << "', assuming " <<
1069 d << " " << units );
9eeb8e4b 1070 else if ((m = parseBytesUnits(token)) == 0) {
47f6e231 1071 self_destruct();
9eeb8e4b 1072 return;
1073 }
47f6e231 1074
1075 *bptr = static_cast<int64_t>(m * d / u);
1076
1077 if (static_cast<double>(*bptr) * 2 != m * d / u * 2)
1078 self_destruct();
1079}
1080
1081
9906e724 1082static void
9e975e4e 1083parseBytesLine(size_t * bptr, const char *units)
9906e724 1084{
1085 char *token;
1086 double d;
47f6e231 1087 int m;
1088 int u;
62e76326 1089
9eeb8e4b 1090 if ((u = parseBytesUnits(units)) == 0) {
62e76326 1091 self_destruct();
9eeb8e4b 1092 return;
1093 }
62e76326 1094
9eeb8e4b 1095 if ((token = strtok(NULL, w_space)) == NULL) {
62e76326 1096 self_destruct();
9eeb8e4b 1097 return;
1098 }
62e76326 1099
f8ecd7d7 1100 if (strcmp(token, "none") == 0 || strcmp(token, "-1") == 0) {
b2d729e6 1101 *bptr = static_cast<size_t>(-1);
ef1955a5 1102 return;
1103 }
1104
5c20d6fa 1105 d = xatof(token);
62e76326 1106
9906e724 1107 m = u; /* default to 'units' if none specified */
62e76326 1108
343f47a3 1109 if (0.0 == d)
62e76326 1110 (void) 0;
4860dc1b 1111 else if ((token = strtok(NULL, w_space)) == NULL)
26ac0430
AJ		 1112 debugs(3, 0, "WARNING: No units on '" <<
1113 config_input_line << "', assuming " <<
1114 d << " " << units );
9eeb8e4b 1115 else if ((m = parseBytesUnits(token)) == 0) {
62e76326 1116 self_destruct();
9eeb8e4b 1117 return;
1118 }
62e76326 1119
e6ccf245 1120 *bptr = static_cast<size_t>(m * d / u);
347ae7c4 1121
a69d485c 1122 if (static_cast<double>(*bptr) * 2 != m * d / u * 2)
347ae7c4 1123 self_destruct();
9906e724 1124}
1125
f64091a7 1126#if !USE_DNSHELPER
e210930b
AJ		 1127static void
1128parseBytesLineSigned(ssize_t * bptr, const char *units)
1129{
1130 char *token;
1131 double d;
1132 int m;
1133 int u;
1134
1135 if ((u = parseBytesUnits(units)) == 0) {
1136 self_destruct();
1137 return;
1138 }
1139
1140 if ((token = strtok(NULL, w_space)) == NULL) {
1141 self_destruct();
1142 return;
1143 }
1144
1145 if (strcmp(token, "none") == 0 || token[0] == '-' /* -N */) {
1146 *bptr = -1;
1147 return;
1148 }
1149
1150 d = xatof(token);
1151
1152 m = u; /* default to 'units' if none specified */
1153
1154 if (0.0 == d)
1155 (void) 0;
1156 else if ((token = strtok(NULL, w_space)) == NULL)
1157 debugs(3, 0, "WARNING: No units on '" <<
1158 config_input_line << "', assuming " <<
1159 d << " " << units );
1160 else if ((m = parseBytesUnits(token)) == 0) {
1161 self_destruct();
1162 return;
1163 }
1164
1165 *bptr = static_cast<size_t>(m * d / u);
1166
1167 if (static_cast<double>(*bptr) * 2 != m * d / u * 2)
1168 self_destruct();
1169}
1170#endif
1171
95d2589c
CT		 1172#if USE_SSL
1173/**
1174 * Parse bytes from a string.
1175 * Similar to the parseBytesLine function but parses the string value instead of
1176 * the current token value.
1177 */
1178static void parseBytesOptionValue(size_t * bptr, const char *units, char const * value)
1179{
1180 int u;
1181 if ((u = parseBytesUnits(units)) == 0) {
1182 self_destruct();
1183 return;
1184 }
1185
1186 // Find number from string beginning.
1187 char const * number_begin = value;
1188 char const * number_end = value;
1189
1190 while ((*number_end >= '0' && *number_end <= '9')) {
1191 number_end++;
1192 }
1193
1194 String number;
1195 number.limitInit(number_begin, number_end - number_begin);
1196
1197 int d = xatoi(number.termedBuf());
1198 int m;
1199 if ((m = parseBytesUnits(number_end)) == 0) {
1200 self_destruct();
1201 return;
1202 }
1203
1204 *bptr = static_cast<size_t>(m * d / u);
1205 if (static_cast<double>(*bptr) * 2 != m * d / u * 2)
1206 self_destruct();
1207}
1208#endif
1209
9906e724 1210static size_t
1211parseBytesUnits(const char *unit)
1212{
1213 if (!strncasecmp(unit, B_BYTES_STR, strlen(B_BYTES_STR)))
62e76326 1214 return 1;
1215
9906e724 1216 if (!strncasecmp(unit, B_KBYTES_STR, strlen(B_KBYTES_STR)))
62e76326 1217 return 1 << 10;
1218
9906e724 1219 if (!strncasecmp(unit, B_MBYTES_STR, strlen(B_MBYTES_STR)))
62e76326 1220 return 1 << 20;
1221
9906e724 1222 if (!strncasecmp(unit, B_GBYTES_STR, strlen(B_GBYTES_STR)))
62e76326 1223 return 1 << 30;
1224
fa37412f 1225 debugs(3, DBG_CRITICAL, "WARNING: Unknown bytes unit '" << unit << "'");
62e76326 1226
9906e724 1227 return 0;
1228}
1229
270b86af 1230/*****************************************************************************
1231 * Max
1232 *****************************************************************************/
1233
8203a132 1234static void
97427e90 1235dump_acl(StoreEntry * entry, const char *name, ACL * ae)
090089c4 1236{
56b63fa1 1237 wordlist *w;
1238 wordlist *v;
62e76326 1239
9ef28b60 1240 while (ae != NULL) {
bf8fe701 1241 debugs(3, 3, "dump_acl: " << name << " " << ae->name);
62e76326 1242 storeAppendPrintf(entry, "%s %s %s ",
1243 name,
1244 ae->name,
1245 ae->typeString());
6bf4f823 1246 v = w = ae->dump();
62e76326 1247
1248 while (v != NULL) {
bf8fe701 1249 debugs(3, 3, "dump_acl: " << name << " " << ae->name << " " << v->key);
62e76326 1250 storeAppendPrintf(entry, "%s ", v->key);
1251 v = v->next;
1252 }
1253
1254 storeAppendPrintf(entry, "\n");
1255 wordlistDestroy(&w);
1256 ae = ae->next;
56b63fa1 1257 }
090089c4 1258}
1259
8203a132 1260static void
97427e90 1261parse_acl(ACL ** ae)
090089c4 1262{
a9f20260 1263 ACL::ParseAclLine(LegacyParser, ae);
f1dc9b30 1264}
1265
1266static void
97427e90 1267free_acl(ACL ** ae)
f1dc9b30 1268{
9ef28b60 1269 aclDestroyAcls(ae);
090089c4 1270}
1271
425de4c8 1272void
76cd39d7 1273dump_acl_list(StoreEntry * entry, ACLList * head)
30a4f2a8 1274{
76cd39d7 1275 ACLList *l;
62e76326 1276
d6827718 1277 for (l = head; l; l = l->next) {
62e76326 1278 storeAppendPrintf(entry, " %s%s",
1279 l->op ? null_string : "!",
1280 l->_acl->name);
d6827718 1281 }
1282}
1283
b67e2c8c 1284void
d6827718 1285dump_acl_access(StoreEntry * entry, const char *name, acl_access * head)
1286{
1287 acl_access *l;
62e76326 1288
d6827718 1289 for (l = head; l; l = l->next) {
62e76326 1290 storeAppendPrintf(entry, "%s %s",
1291 name,
1292 l->allow ? "Allow" : "Deny");
1293 dump_acl_list(entry, l->aclList);
1294 storeAppendPrintf(entry, "\n");
56b63fa1 1295 }
30a4f2a8 1296}
090089c4 1297
8203a132 1298static void
16300b58 1299parse_acl_access(acl_access ** head)
090089c4 1300{
a9f20260 1301 aclParseAccessLine(LegacyParser, head);
090089c4 1302}
1303
0153d498 1304static void
16300b58 1305free_acl_access(acl_access ** head)
0153d498 1306{
a47b9029 1307 aclDestroyAccessList(head);
0153d498 1308}
1309
8203a132 1310static void
b7ac5457 1311dump_address(StoreEntry * entry, const char *name, Ip::Address &addr)
270b86af 1312{
cc192b50 1313 char buf[MAX_IPSTRLEN];
1314 storeAppendPrintf(entry, "%s %s\n", name, addr.NtoA(buf,MAX_IPSTRLEN) );
270b86af 1315}
1316
1317static void
b7ac5457 1318parse_address(Ip::Address *addr)
090089c4 1319{
270b86af 1320 char *token = strtok(NULL, w_space);
1321
9eeb8e4b 1322 if (!token) {
62e76326 1323 self_destruct();
9eeb8e4b 1324 return;
1325 }
62e76326 1326
9f2665ee 1327 if (!strcmp(token,"any_addr"))
cc192b50 1328 addr->SetAnyAddr();
9f2665ee 1329 else if ( (!strcmp(token,"no_addr")) || (!strcmp(token,"full_mask")) )
cc192b50 1330 addr->SetNoAddr();
9f2665ee 1331 else if ( (*addr = token) ) // try parse numeric/IPA
26ac0430 1332 (void) 0;
9f2665ee
AJ		 1333 else
1334 addr->GetHostByName(token); // dont use ipcache
090089c4 1335}
1336
0153d498 1337static void
b7ac5457 1338free_address(Ip::Address *addr)
0153d498 1339{
cc192b50 1340 addr->SetEmpty();
0153d498 1341}
1342
d6827718 1343CBDATA_TYPE(acl_address);
1344
1345static void
1346dump_acl_address(StoreEntry * entry, const char *name, acl_address * head)
1347{
cc192b50 1348 char buf[MAX_IPSTRLEN];
d6827718 1349 acl_address *l;
62e76326 1350
d6827718 1351 for (l = head; l; l = l->next) {
cc192b50 1352 if (!l->addr.IsAnyAddr())
1353 storeAppendPrintf(entry, "%s %s", name, l->addr.NtoA(buf,MAX_IPSTRLEN));
62e76326 1354 else
1355 storeAppendPrintf(entry, "%s autoselect", name);
1356
1357 dump_acl_list(entry, l->aclList);
1358
1359 storeAppendPrintf(entry, "\n");
d6827718 1360 }
1361}
1362
1363static void
1364freed_acl_address(void *data)
1365{
e6ccf245 1366 acl_address *l = static_cast<acl_address *>(data);
29b8d8d6 1367 aclDestroyAclList(&l->aclList);
d6827718 1368}
1369
1370static void
1371parse_acl_address(acl_address ** head)
1372{
1373 acl_address *l;
1374 acl_address **tail = head; /* sane name below */
1375 CBDATA_INIT_TYPE_FREECB(acl_address, freed_acl_address);
1376 l = cbdataAlloc(acl_address);
1377 parse_address(&l->addr);
a9f20260 1378 aclParseAclList(LegacyParser, &l->aclList);
62e76326 1379
d6827718 1380 while (*tail)
62e76326 1381 tail = &(*tail)->next;
1382
d6827718 1383 *tail = l;
1384}
1385
1386static void
1387free_acl_address(acl_address ** head)
1388{
1389 while (*head) {
62e76326 1390 acl_address *l = *head;
1391 *head = l->next;
1392 cbdataFree(l);
d6827718 1393 }
1394}
1395
1396CBDATA_TYPE(acl_tos);
1397
1398static void
1399dump_acl_tos(StoreEntry * entry, const char *name, acl_tos * head)
1400{
1401 acl_tos *l;
62e76326 1402
d6827718 1403 for (l = head; l; l = l->next) {
62e76326 1404 if (l->tos > 0)
1405 storeAppendPrintf(entry, "%s 0x%02X", name, l->tos);
1406 else
1407 storeAppendPrintf(entry, "%s none", name);
1408
1409 dump_acl_list(entry, l->aclList);
1410
1411 storeAppendPrintf(entry, "\n");
d6827718 1412 }
1413}
1414
1415static void
1416freed_acl_tos(void *data)
1417{
e6ccf245 1418 acl_tos *l = static_cast<acl_tos *>(data);
29b8d8d6 1419 aclDestroyAclList(&l->aclList);
d6827718 1420}
1421
1422static void
1423parse_acl_tos(acl_tos ** head)
1424{
1425 acl_tos *l;
1426 acl_tos **tail = head; /* sane name below */
425de4c8 1427 unsigned int tos; /* Initially uint for strtoui. Casted to tos_t before return */
d6827718 1428 char *token = strtok(NULL, w_space);
62e76326 1429
9eeb8e4b 1430 if (!token) {
62e76326 1431 self_destruct();
9eeb8e4b 1432 return;
1433 }
62e76326 1434
425de4c8 1435 if (!xstrtoui(token, NULL, &tos, 0, std::numeric_limits<tos_t>::max())) {
62e76326 1436 self_destruct();
9eeb8e4b 1437 return;
1438 }
62e76326 1439
d6827718 1440 CBDATA_INIT_TYPE_FREECB(acl_tos, freed_acl_tos);
62e76326 1441
d6827718 1442 l = cbdataAlloc(acl_tos);
62e76326 1443
425de4c8 1444 l->tos = (tos_t)tos;
62e76326 1445
a9f20260 1446 aclParseAclList(LegacyParser, &l->aclList);
62e76326 1447
d6827718 1448 while (*tail)
62e76326 1449 tail = &(*tail)->next;
1450
d6827718 1451 *tail = l;
1452}
1453
1454static void
1455free_acl_tos(acl_tos ** head)
1456{
1457 while (*head) {
62e76326 1458 acl_tos *l = *head;
1459 *head = l->next;
1460 l->next = NULL;
1461 cbdataFree(l);
d6827718 1462 }
1463}
1464
11e8cfe3 1465#if SO_MARK && USE_LIBCAP
f4f6c2e0 1466
425de4c8
AJ		 1467CBDATA_TYPE(acl_nfmark);
1468
1469static void
1470dump_acl_nfmark(StoreEntry * entry, const char *name, acl_nfmark * head)
1471{
1472 acl_nfmark *l;
1473
1474 for (l = head; l; l = l->next) {
1475 if (l->nfmark > 0)
1476 storeAppendPrintf(entry, "%s 0x%02X", name, l->nfmark);
1477 else
1478 storeAppendPrintf(entry, "%s none", name);
1479
1480 dump_acl_list(entry, l->aclList);
1481
1482 storeAppendPrintf(entry, "\n");
1483 }
1484}
1485
1486static void
1487freed_acl_nfmark(void *data)
1488{
1489 acl_nfmark *l = static_cast<acl_nfmark *>(data);
1490 aclDestroyAclList(&l->aclList);
1491}
1492
1493static void
1494parse_acl_nfmark(acl_nfmark ** head)
1495{
1496 acl_nfmark *l;
1497 acl_nfmark **tail = head; /* sane name below */
1498 nfmark_t mark;
1499 char *token = strtok(NULL, w_space);
1500
1501 if (!token) {
1502 self_destruct();
1503 return;
1504 }
1505
1506 if (!xstrtoui(token, NULL, &mark, 0, std::numeric_limits<nfmark_t>::max())) {
1507 self_destruct();
1508 return;
1509 }
1510
1511 CBDATA_INIT_TYPE_FREECB(acl_nfmark, freed_acl_nfmark);
1512
1513 l = cbdataAlloc(acl_nfmark);
1514
1515 l->nfmark = mark;
1516
1517 aclParseAclList(LegacyParser, &l->aclList);
1518
1519 while (*tail)
1520 tail = &(*tail)->next;
1521
1522 *tail = l;
1523}
1524
1525static void
1526free_acl_nfmark(acl_nfmark ** head)
1527{
1528 while (*head) {
1529 acl_nfmark *l = *head;
1530 *head = l->next;
1531 l->next = NULL;
1532 cbdataFree(l);
1533 }
1534}
f4f6c2e0 1535#endif /* SO_MARK */
425de4c8 1536
ef1955a5 1537CBDATA_TYPE(acl_size_t);
1538
1539static void
1540dump_acl_b_size_t(StoreEntry * entry, const char *name, acl_size_t * head)
1541{
1542 acl_size_t *l;
1543
1544 for (l = head; l; l = l->next) {
ed013b6c 1545 if (l->size != -1)
ef1955a5 1546 storeAppendPrintf(entry, "%s %d %s\n", name, (int) l->size, B_BYTES_STR);
1547 else
1548 storeAppendPrintf(entry, "%s none", name);
1549
1550 dump_acl_list(entry, l->aclList);
1551
1552 storeAppendPrintf(entry, "\n");
1553 }
1554}
1555
1556static void
1557freed_acl_b_size_t(void *data)
1558{
1559 acl_size_t *l = static_cast<acl_size_t *>(data);
1560 aclDestroyAclList(&l->aclList);
1561}
1562
1563static void
1564parse_acl_b_size_t(acl_size_t ** head)
1565{
1566 acl_size_t *l;
1567 acl_size_t **tail = head; /* sane name below */
1568
1569 CBDATA_INIT_TYPE_FREECB(acl_size_t, freed_acl_b_size_t);
1570
1571 l = cbdataAlloc(acl_size_t);
1572
47f6e231 1573 parse_b_int64_t(&l->size);
ef1955a5 1574
a9f20260 1575 aclParseAclList(LegacyParser, &l->aclList);
ef1955a5 1576
1577 while (*tail)
1578 tail = &(*tail)->next;
1579
1580 *tail = l;
1581}
1582
1583static void
1584free_acl_b_size_t(acl_size_t ** head)
1585{
1586 while (*head) {
1587 acl_size_t *l = *head;
1588 *head = l->next;
1589 l->next = NULL;
1590 cbdataFree(l);
1591 }
1592}
1593
9a0a18de 1594#if USE_DELAY_POOLS
59715b38 1595
b67e2c8c 1596#include "DelayPools.h"
1597#include "DelayConfig.h"
59715b38 1598/* do nothing - free_delay_pool_count is the magic free function.
ae870270 1599 * this is why delay_pool_count isn't just marked TYPE: u_short
59715b38 1600 */
1601#define free_delay_pool_class(X)
1602#define free_delay_pool_access(X)
1603#define free_delay_pool_rates(X)
1604#define dump_delay_pool_class(X, Y, Z)
1605#define dump_delay_pool_access(X, Y, Z)
1606#define dump_delay_pool_rates(X, Y, Z)
1607
1608static void
b67e2c8c 1609free_delay_pool_count(DelayConfig * cfg)
59715b38 1610{
b67e2c8c 1611 cfg->freePoolCount();
59715b38 1612}
1613
1614static void
b67e2c8c 1615dump_delay_pool_count(StoreEntry * entry, const char *name, DelayConfig &cfg)
59715b38 1616{
b67e2c8c 1617 cfg.dumpPoolCount (entry, name);
59715b38 1618}
1619
1620static void
b67e2c8c 1621parse_delay_pool_count(DelayConfig * cfg)
59715b38 1622{
b67e2c8c 1623 cfg->parsePoolCount();
59715b38 1624}
1625
1626static void
b67e2c8c 1627parse_delay_pool_class(DelayConfig * cfg)
59715b38 1628{
b67e2c8c 1629 cfg->parsePoolClass();
59715b38 1630}
1631
1632static void
b67e2c8c 1633parse_delay_pool_rates(DelayConfig * cfg)
59715b38 1634{
b67e2c8c 1635 cfg->parsePoolRates();
59715b38 1636}
1637
1638static void
b67e2c8c 1639parse_delay_pool_access(DelayConfig * cfg)
59715b38 1640{
a9f20260 1641 cfg->parsePoolAccess(LegacyParser);
59715b38 1642}
62e76326 1643
59715b38 1644#endif
1645
9a0a18de 1646#if USE_DELAY_POOLS
b4cd430a
CT		 1647#include "ClientDelayConfig.h"
1648/* do nothing - free_client_delay_pool_count is the magic free function.
ae870270 1649 * this is why client_delay_pool_count isn't just marked TYPE: u_short
b4cd430a
CT		 1650 */
1651
1652#define free_client_delay_pool_access(X)
1653#define free_client_delay_pool_rates(X)
1654#define dump_client_delay_pool_access(X, Y, Z)
1655#define dump_client_delay_pool_rates(X, Y, Z)
1656
1657static void
1658free_client_delay_pool_count(ClientDelayConfig * cfg)
1659{
1660 cfg->freePoolCount();
1661}
1662
1663static void
1664dump_client_delay_pool_count(StoreEntry * entry, const char *name, ClientDelayConfig &cfg)
1665{
1666 cfg.dumpPoolCount (entry, name);
1667}
1668
1669static void
1670parse_client_delay_pool_count(ClientDelayConfig * cfg)
1671{
1672 cfg->parsePoolCount();
1673}
1674
1675static void
1676parse_client_delay_pool_rates(ClientDelayConfig * cfg)
1677{
1678 cfg->parsePoolRates();
1679}
1680
1681static void
1682parse_client_delay_pool_access(ClientDelayConfig * cfg)
1683{
1684 cfg->parsePoolAccess(LegacyParser);
1685}
1686#endif
1687
626096be 1688#if USE_HTTP_VIOLATIONS
97474590 1689static void
3b07476b 1690dump_http_header_access(StoreEntry * entry, const char *name, const HeaderManglers *manglers)
e3dd531e 1691{
3b07476b
CT		 1692 if (manglers)
1693 manglers->dumpAccess(entry, name);
97474590 1694}
e3dd531e 1695
97474590 1696static void
3b07476b 1697parse_http_header_access(HeaderManglers **pm)
97474590 1698{
97474590 1699 char *t = NULL;
62e76326 1700
97474590 1701 if ((t = strtok(NULL, w_space)) == NULL) {
bf8fe701 1702 debugs(3, 0, "" << cfg_filename << " line " << config_lineno << ": " << config_input_line);
1703 debugs(3, 0, "parse_http_header_access: missing header name.");
62e76326 1704 return;
97474590 1705 }
62e76326 1706
3b07476b
CT		 1707 if (!*pm)
1708 *pm = new HeaderManglers;
1709 HeaderManglers *manglers = *pm;
1710 header_mangler *mangler = manglers->track(t);
1711 assert(mangler);
1712 parse_acl_access(&mangler->access_list);
6bccf575 1713}
1714
1715static void
3b07476b 1716free_HeaderManglers(HeaderManglers **pm)
6bccf575 1717{
3b07476b
CT		 1718 // we delete the entire http_header_* mangler configuration at once
1719 if (const HeaderManglers *manglers = *pm) {
1720 delete manglers;
1721 *pm = NULL;
6bccf575 1722 }
1723}
1724
1725static void
3b07476b 1726dump_http_header_replace(StoreEntry * entry, const char *name, const HeaderManglers *manglers)
6bccf575 1727{
3b07476b
CT		 1728 if (manglers)
1729 manglers->dumpReplacement(entry, name);
97474590 1730}
e3dd531e 1731
97474590 1732static void
3b07476b 1733parse_http_header_replace(HeaderManglers **pm)
e3dd531e 1734{
6bccf575 1735 char *t = NULL;
62e76326 1736
6bccf575 1737 if ((t = strtok(NULL, w_space)) == NULL) {
bf8fe701 1738 debugs(3, 0, "" << cfg_filename << " line " << config_lineno << ": " << config_input_line);
1739 debugs(3, 0, "parse_http_header_replace: missing header name.");
62e76326 1740 return;
6bccf575 1741 }
62e76326 1742
3b07476b 1743 const char *value = t + strlen(t) + 1;
62e76326 1744
3b07476b
CT		 1745 if (!*pm)
1746 *pm = new HeaderManglers;
1747 HeaderManglers *manglers = *pm;
1748 manglers->setReplacement(t, value);
97474590 1749}
62e76326 1750
9e8b2f1c 1751#endif
97474590 1752
e90100aa 1753static void
e1f7507e 1754dump_cachedir(StoreEntry * entry, const char *name, SquidConfig::_cacheSwap swap)
e90100aa 1755{
f53b06f9 1756 SwapDir *s;
1757 int i;
d3b3ab85 1758 assert (entry);
62e76326 1759
a7d59104 1760 for (i = 0; i < swap.n_configured; i++) {
c8f4eac4 1761 s = dynamic_cast<SwapDir *>(swap.swapDirs[i].getRaw());
26ac0430 1762 if (!s) continue;
59b2d47f 1763 storeAppendPrintf(entry, "%s %s %s", name, s->type(), s->path);
62e76326 1764 s->dump(*entry);
62e76326 1765 storeAppendPrintf(entry, "\n");
f53b06f9 1766 }
1767}
1768
53ad48e6 1769static int
1770check_null_string(char *s)
1771{
1772 return s == NULL;
1773}
1774
2f1431ea 1775#if USE_AUTH
94439e4e 1776static void
9f3d2b2e 1777parse_authparam(Auth::ConfigVector * config)
94439e4e 1778{
1779 char *type_str;
1780 char *param_str;
94439e4e 1781
1782 if ((type_str = strtok(NULL, w_space)) == NULL)
62e76326 1783 self_destruct();
94439e4e 1784
1785 if ((param_str = strtok(NULL, w_space)) == NULL)
62e76326 1786 self_destruct();
94439e4e 1787
5817ee13 1788 /* find a configuration for the scheme in the currently parsed configs... */
9f3d2b2e 1789 Auth::Config *schemeCfg = Auth::Config::Find(type_str);
62e76326 1790
5817ee13
AJ		 1791 if (schemeCfg == NULL) {
1792 /* Create a configuration based on the scheme info */
c6cf8dee 1793 Auth::Scheme::Pointer theScheme = Auth::Scheme::Find(type_str);
f5691f9c 1794
5817ee13
AJ		 1795 if (theScheme == NULL) {
1796 debugs(3, DBG_CRITICAL, "Parsing Config File: Unknown authentication scheme '" << type_str << "'.");
1797 self_destruct();
62e76326 1798 }
94439e4e 1799
f5691f9c 1800 config->push_back(theScheme->createConfig());
9f3d2b2e 1801 schemeCfg = Auth::Config::Find(type_str);
5817ee13
AJ		 1802 if (schemeCfg == NULL) {
1803 debugs(3, DBG_CRITICAL, "Parsing Config File: Corruption configuring authentication scheme '" << type_str << "'.");
1804 self_destruct();
1805 }
94439e4e 1806 }
62e76326 1807
5817ee13 1808 schemeCfg->parse(schemeCfg, config->size(), param_str);
94439e4e 1809}
1810
1811static void
9f3d2b2e 1812free_authparam(Auth::ConfigVector * cfg)
94439e4e 1813{
5817ee13
AJ		 1814 /* Wipe the Auth globals and Detach/Destruct component config + state. */
1815 cfg->clean();
62e76326 1816
5817ee13 1817 /* remove our pointers to the probably-dead sub-configs */
f5691f9c 1818 while (cfg->size()) {
5817ee13
AJ		 1819 cfg->pop_back();
1820 }
1821
1822 /* on reconfigure initialize new auth schemes for the new config. */
ec5858ff 1823 if (reconfiguring) {
ccd8a22a 1824 Auth::Init();
94439e4e 1825 }
94439e4e 1826}
1827
1828static void
9f3d2b2e 1829dump_authparam(StoreEntry * entry, const char *name, Auth::ConfigVector cfg)
94439e4e 1830{
9f3d2b2e 1831 for (Auth::ConfigVector::iterator i = cfg.begin(); i != cfg.end(); ++i)
f5691f9c 1832 (*i)->dump(entry, name, (*i));
94439e4e 1833}
2f1431ea 1834#endif /* USE_AUTH */
94439e4e 1835
59b2d47f 1836/* TODO: just return the object, the # is irrelevant */
cd748f27 1837static int
1838find_fstype(char *type)
1839{
59b2d47f 1840 for (size_t i = 0; i < StoreFileSystem::FileSystems().size(); ++i)
1841 if (strcasecmp(type, StoreFileSystem::FileSystems().items[i]->type()) == 0)
1842 return (int)i;
62e76326 1843
cd748f27 1844 return (-1);
1845}
1846
0e4e0e7d 1847static void
e1f7507e 1848parse_cachedir(SquidConfig::_cacheSwap * swap)
0e4e0e7d 1849{
1850 char *type_str;
cd748f27 1851 char *path_str;
c8f4eac4 1852 RefCount<SwapDir> sd;
cd748f27 1853 int i;
1854 int fs;
cd748f27 1855
0e4e0e7d 1856 if ((type_str = strtok(NULL, w_space)) == NULL)
62e76326 1857 self_destruct();
cd748f27 1858
cd748f27 1859 if ((path_str = strtok(NULL, w_space)) == NULL)
62e76326 1860 self_destruct();
cd748f27 1861
c9e2e0e8 1862 fs = find_fstype(type_str);
1863
1864 if (fs < 0)
1865 self_destruct();
1866
1867 /* reconfigure existing dir */
cd748f27 1868
1869 for (i = 0; i < swap->n_configured; i++) {
c8f4eac4 1870 assert (swap->swapDirs[i].getRaw());
62e76326 1871
2c9e9cba 1872 if ((strcasecmp(path_str, dynamic_cast<SwapDir *>(swap->swapDirs[i].getRaw())->path)) == 0) {
c9e2e0e8 1873 /* this is specific to on-fs Stores. The right
26ac0430 1874 * way to handle this is probably to have a mapping
c9e2e0e8 1875 * from paths to stores, and have on-fs stores
1876 * register with that, and lookip in that in their
1877 * own setup logic. RBC 20041225. TODO.
1878 */
c8f4eac4 1879
1880 sd = dynamic_cast<SwapDir *>(swap->swapDirs[i].getRaw());
1881
ca6483eb 1882 if (strcmp(sd->type(), StoreFileSystem::FileSystems().items[fs]->type()) != 0) {
bf8fe701 1883 debugs(3, 0, "ERROR: Can't change type of existing cache_dir " <<
1884 sd->type() << " " << sd->path << " to " << type_str << ". Restart required");
c9e2e0e8 1885 return;
1886 }
1887
afa75e4b 1888 sd->reconfigure();
c8f4eac4 1889
62e76326 1890 update_maxobjsize();
c8f4eac4 1891
62e76326 1892 return;
1893 }
cd748f27 1894 }
1895
c9e2e0e8 1896 /* new cache_dir */
af6a12ee 1897 if (swap->n_configured > 63) {
2c9e9cba
AJ		 1898 /* 7 bits, signed */
1899 debugs(3, DBG_CRITICAL, "WARNING: There is a fixed maximum of 63 cache_dir entries Squid can handle.");
1900 debugs(3, DBG_CRITICAL, "WARNING: '" << path_str << "' is one to many.");
1901 self_destruct();
1902 return;
1903 }
dc986280 1904
cd748f27 1905 allocate_new_swapdir(swap);
c9e2e0e8 1906
59b2d47f 1907 swap->swapDirs[swap->n_configured] = StoreFileSystem::FileSystems().items[fs]->createSwapDir();
c9e2e0e8 1908
c8f4eac4 1909 sd = dynamic_cast<SwapDir *>(swap->swapDirs[swap->n_configured].getRaw());
c9e2e0e8 1910
8e8d4f30 1911 /* parse the FS parameters and options */
d3b3ab85 1912 sd->parse(swap->n_configured, path_str);
c9e2e0e8 1913
d3b3ab85 1914 ++swap->n_configured;
14911a4e 1915
cd748f27 1916 /* Update the max object size */
1917 update_maxobjsize();
752c3b27 1918}
1919
2d72d4fd 1920static const char *
505e35db 1921peer_type_str(const peer_t type)
1922{
1f140227 1923 const char * result;
1924
0cdcddb9 1925 switch (type) {
62e76326 1926
505e35db 1927 case PEER_PARENT:
1f140227 1928 result = "parent";
62e76326 1929 break;
1930
505e35db 1931 case PEER_SIBLING:
1f140227 1932 result = "sibling";
62e76326 1933 break;
1934
505e35db 1935 case PEER_MULTICAST:
1f140227 1936 result = "multicast";
62e76326 1937 break;
1938
505e35db 1939 default:
1f140227 1940 result = "unknown";
62e76326 1941 break;
505e35db 1942 }
1f140227 1943
1944 return result;
505e35db 1945}
1946
f1dc9b30 1947static void
a7d59104 1948dump_peer(StoreEntry * entry, const char *name, peer * p)
98ffb7e4 1949{
505e35db 1950 domain_ping *d;
505e35db 1951 domain_type *t;
1952 LOCAL_ARRAY(char, xname, 128);
62e76326 1953
d41de3c1 1954 while (p != NULL) {
4bc48d15 1955 storeAppendPrintf(entry, "%s %s %s %d %d name=%s",
62e76326 1956 name,
1957 p->host,
1958 neighborTypeStr(p),
1959 p->http_port,
4bc48d15
AJ		 1960 p->icp.port,
1961 p->name);
62e76326 1962 dump_peer_options(entry, p);
1963
1964 for (d = p->peer_domain; d; d = d->next) {
1965 storeAppendPrintf(entry, "cache_peer_domain %s %s%s\n",
1966 p->host,
1967 d->do_ping ? null_string : "!",
1968 d->domain);
1969 }
1970
1971 if (p->access) {
1972 snprintf(xname, 128, "cache_peer_access %s", p->name);
1973 dump_acl_access(entry, xname, p->access);
1974 }
1975
1976 for (t = p->typelist; t; t = t->next) {
1977 storeAppendPrintf(entry, "neighbor_type_domain %s %s %s\n",
1978 p->host,
1979 peer_type_str(t->type),
1980 t->domain);
1981 }
1982
1983 p = p->next;
d41de3c1 1984 }
98ffb7e4 1985}
1986
86ae97bb
AJ		 1987/**
1988 * utility function to prevent getservbyname() being called with a numeric value
1989 * on Windows at least it returns garage results.
1990 */
1991static bool
1992isUnsignedNumeric(const char *str, size_t len)
1993{
1994 if (len < 1) return false;
1995
1996 for (; len >0 && *str; str++, len--) {
1997 if (! isdigit(*str))
1998 return false;
1999 }
2000 return true;
2001}
2002
609fac72 2003/**
2004 \param proto 'tcp' or 'udp' for protocol
2005 \returns Port the named service is supposed to be listening on.
2006 */
f45dd259 2007static unsigned short
609fac72 2008GetService(const char *proto)
2009{
2010 struct servent *port = NULL;
2011 /** Parses a port number or service name from the squid.conf */
2012 char *token = strtok(NULL, w_space);
2013 if (token == NULL) {
26ac0430
AJ		 2014 self_destruct();
2015 return 0; /* NEVER REACHED */
609fac72 2016 }
2017 /** Returns either the service port number from /etc/services */
e1381638 2018 if ( !isUnsignedNumeric(token, strlen(token)) )
86ae97bb 2019 port = getservbyname(token, proto);
609fac72 2020 if (port != NULL) {
f45dd259 2021 return ntohs((unsigned short)port->s_port);
609fac72 2022 }
2023 /** Or a numeric translation of the config text. */
2024 return xatos(token);
2025}
2026
2027/**
2028 \returns Port the named TCP service is supposed to be listening on.
2029 \copydoc GetService(const char *proto)
2030 */
f45dd259 2031inline unsigned short
609fac72 2032GetTcpService(void)
2033{
2034 return GetService("tcp");
2035}
2036
2037/**
2038 \returns Port the named UDP service is supposed to be listening on.
2039 \copydoc GetService(const char *proto)
2040 */
f45dd259 2041inline unsigned short
609fac72 2042GetUdpService(void)
2043{
2044 return GetService("udp");
2045}
2046
8203a132 2047static void
40a1495e 2048parse_peer(peer ** head)
7813c6d5 2049{
270b86af 2050 char *token = NULL;
40a1495e 2051 peer *p;
f5691f9c 2052 CBDATA_INIT_TYPE_FREECB(peer, peerDestroy);
72711e31 2053 p = cbdataAlloc(peer);
40a1495e 2054 p->http_port = CACHE_HTTP_PORT;
399cabec 2055 p->icp.port = CACHE_ICP_PORT;
40a1495e 2056 p->weight = 1;
d1b63fc8 2057 p->basetime = 0;
dc835977 2058 p->stats.logged_state = PEER_ALIVE;
62e76326 2059
e481c2dc 2060 if ((token = strtok(NULL, w_space)) == NULL)
62e76326 2061 self_destruct();
2062
40a1495e 2063 p->host = xstrdup(token);
26ac0430 2064
be753325 2065 p->name = xstrdup(token);
62e76326 2066
e481c2dc 2067 if ((token = strtok(NULL, w_space)) == NULL)
62e76326 2068 self_destruct();
2069
40a1495e 2070 p->type = parseNeighborType(token);
62e76326 2071
0d5a2006 2072 if (p->type == PEER_MULTICAST) {
2073 p->options.no_digest = 1;
2074 p->options.no_netdb_exchange = 1;
2075 }
2076
609fac72 2077 p->http_port = GetTcpService();
62e76326 2078
0e656b69 2079 if (!p->http_port)
2080 self_destruct();
62e76326 2081
609fac72 2082 p->icp.port = GetUdpService();
d67acb4e 2083 p->connection_auth = 2; /* auto */
62e76326 2084
270b86af 2085 while ((token = strtok(NULL, w_space))) {
62e76326 2086 if (!strcasecmp(token, "proxy-only")) {
2087 p->options.proxy_only = 1;
2088 } else if (!strcasecmp(token, "no-query")) {
2089 p->options.no_query = 1;
2090 } else if (!strcasecmp(token, "background-ping")) {
2091 p->options.background_ping = 1;
2092 } else if (!strcasecmp(token, "no-digest")) {
2093 p->options.no_digest = 1;
b0758e04
AJ		 2094 } else if (!strcasecmp(token, "no-tproxy")) {
2095 p->options.no_tproxy = 1;
62e76326 2096 } else if (!strcasecmp(token, "multicast-responder")) {
2097 p->options.mcast_responder = 1;
8a368316 2098#if PEER_MULTICAST_SIBLINGS
79ddb8e2 2099 } else if (!strcasecmp(token, "multicast-siblings")) {
8a368316
AJ		 2100 p->options.mcast_siblings = 1;
2101#endif
62e76326 2102 } else if (!strncasecmp(token, "weight=", 7)) {
2103 p->weight = xatoi(token + 7);
2104 } else if (!strncasecmp(token, "basetime=", 9)) {
2105 p->basetime = xatoi(token + 9);
2106 } else if (!strcasecmp(token, "closest-only")) {
2107 p->options.closest_only = 1;
2108 } else if (!strncasecmp(token, "ttl=", 4)) {
2109 p->mcast.ttl = xatoi(token + 4);
2110
2111 if (p->mcast.ttl < 0)
2112 p->mcast.ttl = 0;
2113
2114 if (p->mcast.ttl > 128)
2115 p->mcast.ttl = 128;
2116 } else if (!strcasecmp(token, "default")) {
2117 p->options.default_parent = 1;
2118 } else if (!strcasecmp(token, "round-robin")) {
2119 p->options.roundrobin = 1;
2120 } else if (!strcasecmp(token, "weighted-round-robin")) {
2121 p->options.weighted_roundrobin = 1;
dc9d133b 2122#if USE_HTCP
62e76326 2123 } else if (!strcasecmp(token, "htcp")) {
2124 p->options.htcp = 1;
18191440
AJ		 2125 } else if (!strncasecmp(token, "htcp=", 5) || !strncasecmp(token, "htcp-", 5)) {
2126 /* Note: The htcp- form is deprecated, replaced by htcp= */
4f4fa815 2127 p->options.htcp = 1;
18191440
AJ		 2128 char *tmp = xstrdup(token+5);
2129 char *mode, *nextmode;
2130 for (mode = nextmode = tmp; mode; mode = nextmode) {
2131 nextmode = strchr(mode, ',');
18191440
AJ		 2132 if (nextmode)
2133 *nextmode++ = '\0';
2134 if (!strcasecmp(mode, "no-clr")) {
2135 if (p->options.htcp_only_clr)
2136 fatalf("parse_peer: can't set htcp-no-clr and htcp-only-clr simultaneously");
2137 p->options.htcp_no_clr = 1;
2138 } else if (!strcasecmp(mode, "no-purge-clr")) {
2139 p->options.htcp_no_purge_clr = 1;
2140 } else if (!strcasecmp(mode, "only-clr")) {
2141 if (p->options.htcp_no_clr)
2142 fatalf("parse_peer: can't set htcp no-clr and only-clr simultaneously");
2143 p->options.htcp_only_clr = 1;
2144 } else if (!strcasecmp(mode, "forward-clr")) {
2145 p->options.htcp_forward_clr = 1;
2146 } else if (!strcasecmp(mode, "oldsquid")) {
2147 p->options.htcp_oldsquid = 1;
2148 } else {
2149 fatalf("invalid HTCP mode '%s'", mode);
2150 }
2151 }
2152 safe_free(tmp);
dc9d133b 2153#endif
62e76326 2154 } else if (!strcasecmp(token, "no-netdb-exchange")) {
2155 p->options.no_netdb_exchange = 1;
62e76326 2156
2157 } else if (!strcasecmp(token, "carp")) {
2158 if (p->type != PEER_PARENT)
2159 fatalf("parse_peer: non-parent carp peer %s/%d\n", p->host, p->http_port);
2160
2161 p->options.carp = 1;
de03b596
FC		 2162 } else if (!strncasecmp(token, "carp-key=", 9)) {
2163 if (p->options.carp != 1)
2164 fatalf("parse_peer: carp-key specified on non-carp peer %s/%d\n", p->host, p->http_port);
2165 p->options.carp_key.set=1;
2166 char *nextkey=token+strlen("carp-key="), *key=nextkey;
2167 for (; key; key = nextkey) {
96f6f33b
A		 2168 nextkey=strchr(key,',');
2169 if (nextkey) ++nextkey; // skip the comma, any
2170 if (0==strncasecmp(key,"scheme",6)) {
2171 p->options.carp_key.scheme=1;
2172 } else if (0==strncasecmp(key,"host",4)) {
2173 p->options.carp_key.host=1;
2174 } else if (0==strncasecmp(key,"port",4)) {
2175 p->options.carp_key.port=1;
2176 } else if (0==strncasecmp(key,"path",4)) {
2177 p->options.carp_key.path=1;
2178 } else if (0==strncasecmp(key,"params",6)) {
2179 p->options.carp_key.params=1;
2180 } else {
2181 fatalf("invalid carp-key '%s'",key);
2182 }
de03b596 2183 }
f7e1d9ce 2184 } else if (!strcasecmp(token, "userhash")) {
2f1431ea 2185#if USE_AUTH
f7e1d9ce
HN		 2186 if (p->type != PEER_PARENT)
2187 fatalf("parse_peer: non-parent userhash peer %s/%d\n", p->host, p->http_port);
2188
2189 p->options.userhash = 1;
2f1431ea
AJ		 2190#else
2191 fatalf("parse_peer: userhash requires authentication. peer %s/%d\n", p->host, p->http_port);
2192#endif
f7e1d9ce
HN		 2193 } else if (!strcasecmp(token, "sourcehash")) {
2194 if (p->type != PEER_PARENT)
2195 fatalf("parse_peer: non-parent sourcehash peer %s/%d\n", p->host, p->http_port);
2196
2197 p->options.sourcehash = 1;
2198
62e76326 2199 } else if (!strcasecmp(token, "no-delay")) {
9a0a18de 2200#if USE_DELAY_POOLS
62e76326 2201 p->options.no_delay = 1;
9a0a18de
AJ		 2202#else
2203 debugs(0, DBG_CRITICAL, "WARNING: cache_peer option 'no-delay' requires --enable-delay-pools");
afd88fbe 2204#endif
62e76326 2205 } else if (!strncasecmp(token, "login=", 6)) {
2206 p->login = xstrdup(token + 6);
2207 rfc1738_unescape(p->login);
2208 } else if (!strncasecmp(token, "connect-timeout=", 16)) {
2209 p->connect_timeout = xatoi(token + 16);
ff9970cc
AJ		 2210 } else if (!strncasecmp(token, "connect-fail-limit=", 19)) {
2211 p->connect_fail_limit = xatoi(token + 19);
7e3ce7b9 2212#if USE_CACHE_DIGESTS
62e76326 2213 } else if (!strncasecmp(token, "digest-url=", 11)) {
2214 p->digest_url = xstrdup(token + 11);
7e3ce7b9 2215#endif
62e76326 2216
2217 } else if (!strcasecmp(token, "allow-miss")) {
2218 p->options.allow_miss = 1;
2219 } else if (!strncasecmp(token, "max-conn=", 9)) {
2220 p->max_conn = xatoi(token + 9);
2221 } else if (!strcasecmp(token, "originserver")) {
2222 p->options.originserver = 1;
2223 } else if (!strncasecmp(token, "name=", 5)) {
2224 safe_free(p->name);
2225
2226 if (token[5])
2227 p->name = xstrdup(token + 5);
2228 } else if (!strncasecmp(token, "forceddomain=", 13)) {
2229 safe_free(p->domain);
2230
2231 if (token[13])
2232 p->domain = xstrdup(token + 13);
2233
a7ad6e4e 2234#if USE_SSL
62e76326 2235
2236 } else if (strcmp(token, "ssl") == 0) {
2237 p->use_ssl = 1;
2238 } else if (strncmp(token, "sslcert=", 8) == 0) {
2239 safe_free(p->sslcert);
2240 p->sslcert = xstrdup(token + 8);
2241 } else if (strncmp(token, "sslkey=", 7) == 0) {
2242 safe_free(p->sslkey);
2243 p->sslkey = xstrdup(token + 7);
2244 } else if (strncmp(token, "sslversion=", 11) == 0) {
2245 p->sslversion = atoi(token + 11);
2246 } else if (strncmp(token, "ssloptions=", 11) == 0) {
2247 safe_free(p->ssloptions);
2248 p->ssloptions = xstrdup(token + 11);
2249 } else if (strncmp(token, "sslcipher=", 10) == 0) {
2250 safe_free(p->sslcipher);
2251 p->sslcipher = xstrdup(token + 10);
2252 } else if (strncmp(token, "sslcafile=", 10) == 0) {
2253 safe_free(p->sslcafile);
a82a4fe4 2254 p->sslcafile = xstrdup(token + 10);
62e76326 2255 } else if (strncmp(token, "sslcapath=", 10) == 0) {
2256 safe_free(p->sslcapath);
a82a4fe4 2257 p->sslcapath = xstrdup(token + 10);
2258 } else if (strncmp(token, "sslcrlfile=", 11) == 0) {
2259 safe_free(p->sslcrlfile);
2260 p->sslcapath = xstrdup(token + 10);
62e76326 2261 } else if (strncmp(token, "sslflags=", 9) == 0) {
2262 safe_free(p->sslflags);
2263 p->sslflags = xstrdup(token + 9);
2264 } else if (strncmp(token, "ssldomain=", 10) == 0) {
2265 safe_free(p->ssldomain);
2266 p->ssldomain = xstrdup(token + 10);
a7ad6e4e 2267#endif
62e76326 2268
2269 } else if (strcmp(token, "front-end-https") == 0) {
2270 p->front_end_https = 1;
2271 } else if (strcmp(token, "front-end-https=on") == 0) {
2272 p->front_end_https = 1;
2273 } else if (strcmp(token, "front-end-https=auto") == 0) {
2274 p->front_end_https = 2;
26ac0430 2275 } else if (strcmp(token, "connection-auth=off") == 0) {
d67acb4e
AJ		 2276 p->connection_auth = 0;
2277 } else if (strcmp(token, "connection-auth") == 0) {
2278 p->connection_auth = 1;
2279 } else if (strcmp(token, "connection-auth=on") == 0) {
2280 p->connection_auth = 1;
2281 } else if (strcmp(token, "connection-auth=auto") == 0) {
2282 p->connection_auth = 2;
62e76326 2283 } else {
bf8fe701 2284 debugs(3, 0, "parse_peer: token='" << token << "'");
62e76326 2285 self_destruct();
2286 }
270b86af 2287 }
62e76326 2288
be753325 2289 if (peerFindByName(p->name))
62e76326 2290 fatalf("ERROR: cache_peer %s specified twice\n", p->name);
2291
40a1495e 2292 if (p->weight < 1)
62e76326 2293 p->weight = 1;
2294
ff9970cc 2295 if (p->connect_fail_limit < 1)
a4d889e0 2296 p->connect_fail_limit = 10;
ff9970cc 2297
399cabec 2298 p->icp.version = ICP_VERSION_CURRENT;
62e76326 2299
cfd66529 2300 p->testing_now = false;
62e76326 2301
e13ee7ad 2302#if USE_CACHE_DIGESTS
62e76326 2303
e13ee7ad 2304 if (!p->options.no_digest) {
62e76326 2305 /* XXX This looks odd.. who has the original pointer
2306 * then?
2307 */
2308 PeerDigest *pd = peerDigestCreate(p);
2309 p->digest = cbdataReference(pd);
8a6218c6 2310 }
62e76326 2311
e13ee7ad 2312#endif
cc192b50 2313
2314 p->index = ++Config.npeers;
2315
0153d498 2316 while (*head != NULL)
62e76326 2317 head = &(*head)->next;
2318
0153d498 2319 *head = p;
62e76326 2320
32a47e3e 2321 peerClearRRStart();
0153d498 2322}
2323
2324static void
40a1495e 2325free_peer(peer ** P)
0153d498 2326{
40a1495e 2327 peer *p;
62e76326 2328
79d39a72 2329 while ((p = *P) != NULL) {
62e76326 2330 *P = p->next;
3855c318 2331#if USE_CACHE_DIGESTS
62e76326 2332
2333 cbdataReferenceDone(p->digest);
3855c318 2334#endif
62e76326 2335
2336 cbdataFree(p);
a47b9029 2337 }
62e76326 2338
987c67d1 2339 Config.npeers = 0;
270b86af 2340}
2341
2342static void
a7d59104 2343dump_cachemgrpasswd(StoreEntry * entry, const char *name, cachemgr_passwd * list)
270b86af 2344{
d41de3c1 2345 wordlist *w;
62e76326 2346
d41de3c1 2347 while (list != NULL) {
62e76326 2348 if (strcmp(list->passwd, "none") && strcmp(list->passwd, "disable"))
2349 storeAppendPrintf(entry, "%s XXXXXXXXXX", name);
2350 else
2351 storeAppendPrintf(entry, "%s %s", name, list->passwd);
2352
2353 for (w = list->actions; w != NULL; w = w->next) {
2354 storeAppendPrintf(entry, " %s", w->key);
2355 }
2356
2357 storeAppendPrintf(entry, "\n");
2358 list = list->next;
d41de3c1 2359 }
270b86af 2360}
2361
2362static void
a47b9029 2363parse_cachemgrpasswd(cachemgr_passwd ** head)
270b86af 2364{
2365 char *passwd = NULL;
2366 wordlist *actions = NULL;
22f3fd98 2367 cachemgr_passwd *p;
2368 cachemgr_passwd **P;
270b86af 2369 parse_string(&passwd);
2370 parse_wordlist(&actions);
e6ccf245 2371 p = static_cast<cachemgr_passwd *>(xcalloc(1, sizeof(cachemgr_passwd)));
22f3fd98 2372 p->passwd = passwd;
2373 p->actions = actions;
62e76326 2374
26aa7e31 2375 for (P = head; *P; P = &(*P)->next) {
62e76326 2376 /*
2377 * See if any of the actions from this line already have a
2378 * password from previous lines. The password checking
2379 * routines in cache_manager.c take the the password from
2380 * the first cachemgr_passwd struct that contains the
2381 * requested action. Thus, we should warn users who might
2382 * think they can have two passwords for the same action.
2383 */
2384 wordlist *w;
2385 wordlist *u;
2386
2387 for (w = (*P)->actions; w; w = w->next) {
2388 for (u = actions; u; u = u->next) {
2389 if (strcmp(w->key, u->key))
2390 continue;
2391
bf8fe701 2392 debugs(0, 0, "WARNING: action '" << u->key << "' (line " << config_lineno << ") already has a password");
62e76326 2393 }
2394 }
26aa7e31 2395 }
62e76326 2396
22f3fd98 2397 *P = p;
270b86af 2398}
2399
2400static void
a47b9029 2401free_cachemgrpasswd(cachemgr_passwd ** head)
270b86af 2402{
a47b9029 2403 cachemgr_passwd *p;
62e76326 2404
79d39a72 2405 while ((p = *head) != NULL) {
62e76326 2406 *head = p->next;
2407 xfree(p->passwd);
2408 wordlistDestroy(&p->actions);
2409 xfree(p);
a47b9029 2410 }
270b86af 2411}
2412
8203a132 2413static void
16300b58 2414dump_denyinfo(StoreEntry * entry, const char *name, acl_deny_info_list * var)
270b86af 2415{
d41de3c1 2416 acl_name_list *a;
62e76326 2417
d41de3c1 2418 while (var != NULL) {
62e76326 2419 storeAppendPrintf(entry, "%s %s", name, var->err_page_name);
2420
2421 for (a = var->acl_list; a != NULL; a = a->next)
2422 storeAppendPrintf(entry, " %s", a->name);
2423
2424 storeAppendPrintf(entry, "\n");
2425
2426 var = var->next;
d41de3c1 2427 }
270b86af 2428}
2429
2430static void
16300b58 2431parse_denyinfo(acl_deny_info_list ** var)
6e40f263 2432{
f1dc9b30 2433 aclParseDenyInfoLine(var);
6e40f263 2434}
403279e0 2435
1273d501 2436void
a47b9029 2437free_denyinfo(acl_deny_info_list ** list)
3c5557f9 2438{
56b63fa1 2439 acl_deny_info_list *a = NULL;
2440 acl_deny_info_list *a_next = NULL;
2441 acl_name_list *l = NULL;
2442 acl_name_list *l_next = NULL;
62e76326 2443
1273d501 2444 for (a = *list; a; a = a_next) {
62e76326 2445 for (l = a->acl_list; l; l = l_next) {
2446 l_next = l->next;
2447 memFree(l, MEM_ACL_NAME_LIST);
2448 l = NULL;
2449 }
2450
2451 a_next = a->next;
2452 memFree(a, MEM_ACL_DENY_INFO_LIST);
2453 a = NULL;
1273d501 2454 }
62e76326 2455
1273d501 2456 *list = NULL;
270b86af 2457}
2458
2459static void
505e35db 2460parse_peer_access(void)
270b86af 2461{
2462 char *host = NULL;
505e35db 2463 peer *p;
62e76326 2464
270b86af 2465 if (!(host = strtok(NULL, w_space)))
62e76326 2466 self_destruct();
2467
0cdcddb9 2468 if ((p = peerFindByName(host)) == NULL) {
bf8fe701 2469 debugs(15, 0, "" << cfg_filename << ", line " << config_lineno << ": No cache_peer '" << host << "'");
62e76326 2470 return;
0cdcddb9 2471 }
62e76326 2472
a9f20260 2473 aclParseAccessLine(LegacyParser, &p->access);
270b86af 2474}
2475
270b86af 2476static void
2477parse_hostdomain(void)
2478{
2479 char *host = NULL;
2480 char *domain = NULL;
62e76326 2481
270b86af 2482 if (!(host = strtok(NULL, w_space)))
62e76326 2483 self_destruct();
2484
f1dc9b30 2485 while ((domain = strtok(NULL, list_sep))) {
62e76326 2486 domain_ping *l = NULL;
2487 domain_ping **L = NULL;
2488 peer *p;
2489
2490 if ((p = peerFindByName(host)) == NULL) {
bf8fe701 2491 debugs(15, 0, "" << cfg_filename << ", line " << config_lineno << ": No cache_peer '" << host << "'");
62e76326 2492 continue;
2493 }
2494
2495 l = static_cast<domain_ping *>(xcalloc(1, sizeof(domain_ping)));
2496 l->do_ping = 1;
2497
2498 if (*domain == '!') { /* check for !.edu */
2499 l->do_ping = 0;
2500 domain++;
2501 }
2502
2503 l->domain = xstrdup(domain);
2504
3d0ac046 2505 for (L = &(p->peer_domain); *L; L = &((*L)->next));
62e76326 2506 *L = l;
f1dc9b30 2507 }
270b86af 2508}
2509
2510static void
2511parse_hostdomaintype(void)
2512{
2513 char *host = NULL;
2514 char *type = NULL;
2515 char *domain = NULL;
62e76326 2516
270b86af 2517 if (!(host = strtok(NULL, w_space)))
62e76326 2518 self_destruct();
2519
270b86af 2520 if (!(type = strtok(NULL, w_space)))
62e76326 2521 self_destruct();
2522
f1dc9b30 2523 while ((domain = strtok(NULL, list_sep))) {
62e76326 2524 domain_type *l = NULL;
2525 domain_type **L = NULL;
2526 peer *p;
2527
2528 if ((p = peerFindByName(host)) == NULL) {
bf8fe701 2529 debugs(15, 0, "" << cfg_filename << ", line " << config_lineno << ": No cache_peer '" << host << "'");
62e76326 2530 return;
2531 }
2532
2533 l = static_cast<domain_type *>(xcalloc(1, sizeof(domain_type)));
2534 l->type = parseNeighborType(type);
2535 l->domain = xstrdup(domain);
2536
3d0ac046 2537 for (L = &(p->typelist); *L; L = &((*L)->next));
62e76326 2538 *L = l;
f1dc9b30 2539 }
270b86af 2540}
2541
270b86af 2542static void
a7d59104 2543dump_int(StoreEntry * entry, const char *name, int var)
270b86af 2544{
f53b06f9 2545 storeAppendPrintf(entry, "%s %d\n", name, var);
270b86af 2546}
c1c29eb6 2547
94439e4e 2548void
270b86af 2549parse_int(int *var)
2550{
270b86af 2551 int i;
0e4e0e7d 2552 i = GetInteger();
270b86af 2553 *var = i;
2554}
090089c4 2555
0153d498 2556static void
2557free_int(int *var)
2558{
a47b9029 2559 *var = 0;
0153d498 2560}
2561
270b86af 2562static void
a7d59104 2563dump_onoff(StoreEntry * entry, const char *name, int var)
270b86af 2564{
f53b06f9 2565 storeAppendPrintf(entry, "%s %s\n", name, var ? "on" : "off");
270b86af 2566}
090089c4 2567
d205783b 2568void
270b86af 2569parse_onoff(int *var)
2570{
2571 char *token = strtok(NULL, w_space);
090089c4 2572
270b86af 2573 if (token == NULL)
62e76326 2574 self_destruct();
2575
270b86af 2576 if (!strcasecmp(token, "on") || !strcasecmp(token, "enable"))
62e76326 2577 *var = 1;
270b86af 2578 else
62e76326 2579 *var = 0;
270b86af 2580}
e90100aa 2581
0153d498 2582#define free_onoff free_int
52d3f198 2583
2584static void
2585dump_tristate(StoreEntry * entry, const char *name, int var)
2586{
2587 const char *state;
2588
2589 if (var > 0)
2590 state = "on";
2591 else if (var < 0)
2592 state = "warn";
2593 else
2594 state = "off";
2595
2596 storeAppendPrintf(entry, "%s %s\n", name, state);
2597}
2598
2599static void
2600parse_tristate(int *var)
2601{
2602 char *token = strtok(NULL, w_space);
2603
2604 if (token == NULL)
2605 self_destruct();
2606
2607 if (!strcasecmp(token, "on") || !strcasecmp(token, "enable"))
2608 *var = 1;
2609 else if (!strcasecmp(token, "warn"))
2610 *var = -1;
2611 else
2612 *var = 0;
2613}
2614
2615#define free_tristate free_int
30a4f2a8 2616
270b86af 2617static void
a7d59104 2618dump_refreshpattern(StoreEntry * entry, const char *name, refresh_t * head)
270b86af 2619{
d41de3c1 2620 while (head != NULL) {
0e1d7629 2621 storeAppendPrintf(entry, "%s%s %s %d %d%% %d",
62e76326 2622 name,
2623 head->flags.icase ? " -i" : null_string,
2624 head->pattern,
2625 (int) head->min / 60,
2626 (int) (100.0 * head->pct + 0.5),
2627 (int) head->max / 60);
4c3ef9b2 2628
570d3f75
AJ		 2629 if (head->max_stale >= 0)
2630 storeAppendPrintf(entry, " max-stale=%d", head->max_stale);
2631
4c3ef9b2 2632 if (head->flags.refresh_ims)
2633 storeAppendPrintf(entry, " refresh-ims");
2634
3d8b6ba4
AJ		 2635 if (head->flags.store_stale)
2636 storeAppendPrintf(entry, " store-stale");
2637
626096be 2638#if USE_HTTP_VIOLATIONS
62e76326 2639
2640 if (head->flags.override_expire)
2641 storeAppendPrintf(entry, " override-expire");
2642
2643 if (head->flags.override_lastmod)
2644 storeAppendPrintf(entry, " override-lastmod");
2645
2646 if (head->flags.reload_into_ims)
2647 storeAppendPrintf(entry, " reload-into-ims");
2648
2649 if (head->flags.ignore_reload)
2650 storeAppendPrintf(entry, " ignore-reload");
2651
38f9c547 2652 if (head->flags.ignore_no_cache)
2653 storeAppendPrintf(entry, " ignore-no-cache");
2654
2655 if (head->flags.ignore_no_store)
2656 storeAppendPrintf(entry, " ignore-no-store");
2657
4ca08219
AJ		 2658 if (head->flags.ignore_must_revalidate)
2659 storeAppendPrintf(entry, " ignore-must-revalidate");
2660
38f9c547 2661 if (head->flags.ignore_private)
2662 storeAppendPrintf(entry, " ignore-private");
2663
2664 if (head->flags.ignore_auth)
2665 storeAppendPrintf(entry, " ignore-auth");
2666
9f60cfdf 2667#endif
62e76326 2668
2669 storeAppendPrintf(entry, "\n");
2670
2671 head = head->next;
d41de3c1 2672 }
270b86af 2673}
090089c4 2674
270b86af 2675static void
f1dc9b30 2676parse_refreshpattern(refresh_t ** head)
270b86af 2677{
f1dc9b30 2678 char *token;
2679 char *pattern;
2680 time_t min = 0;
c3f6d204 2681 double pct = 0.0;
f1dc9b30 2682 time_t max = 0;
4c3ef9b2 2683 int refresh_ims = 0;
3d8b6ba4 2684 int store_stale = 0;
570d3f75 2685 int max_stale = -1;
3d8b6ba4 2686
626096be 2687#if USE_HTTP_VIOLATIONS
62e76326 2688
1dfa1d81 2689 int override_expire = 0;
2690 int override_lastmod = 0;
cbe3a719 2691 int reload_into_ims = 0;
2692 int ignore_reload = 0;
38f9c547 2693 int ignore_no_cache = 0;
2694 int ignore_no_store = 0;
4ca08219 2695 int ignore_must_revalidate = 0;
38f9c547 2696 int ignore_private = 0;
2697 int ignore_auth = 0;
9f60cfdf 2698#endif
62e76326 2699
f1dc9b30 2700 int i;
2701 refresh_t *t;
2702 regex_t comp;
2703 int errcode;
2704 int flags = REG_EXTENDED | REG_NOSUB;
62e76326 2705
9eeb8e4b 2706 if ((token = strtok(NULL, w_space)) == NULL) {
62e76326 2707 self_destruct();
9eeb8e4b 2708 return;
2709 }
62e76326 2710
f1dc9b30 2711 if (strcmp(token, "-i") == 0) {
62e76326 2712 flags |= REG_ICASE;
2713 token = strtok(NULL, w_space);
f1dc9b30 2714 } else if (strcmp(token, "+i") == 0) {
62e76326 2715 flags &= ~REG_ICASE;
2716 token = strtok(NULL, w_space);
f1dc9b30 2717 }
62e76326 2718
9eeb8e4b 2719 if (token == NULL) {
62e76326 2720 self_destruct();
9eeb8e4b 2721 return;
2722 }
62e76326 2723
f1dc9b30 2724 pattern = xstrdup(token);
62e76326 2725
0e4e0e7d 2726 i = GetInteger(); /* token: min */
62e76326 2727
a632ba71
AJ		 2728 /* catch negative and insanely huge values close to 32-bit wrap */
2729 if (i < 0) {
2730 debugs(3, DBG_IMPORTANT, "WARNING: refresh_pattern minimum age negative. Cropped back to zero.");
2731 i = 0;
2732 }
2733 if (i > 60*24*365) {
2734 debugs(3, DBG_IMPORTANT, "WARNING: refresh_pattern minimum age too high. Cropped back to 1 year.");
2735 i = 60*24*365;
2736 }
2737
f1dc9b30 2738 min = (time_t) (i * 60); /* convert minutes to seconds */
62e76326 2739
0e4e0e7d 2740 i = GetInteger(); /* token: pct */
62e76326 2741
c3f6d204 2742 pct = (double) i / 100.0;
62e76326 2743
0e4e0e7d 2744 i = GetInteger(); /* token: max */
62e76326 2745
a632ba71
AJ		 2746 /* catch negative and insanely huge values close to 32-bit wrap */
2747 if (i < 0) {
2748 debugs(3, DBG_IMPORTANT, "WARNING: refresh_pattern maximum age negative. Cropped back to zero.");
2749 i = 0;
2750 }
2751 if (i > 60*24*365) {
2752 debugs(3, DBG_IMPORTANT, "WARNING: refresh_pattern maximum age too high. Cropped back to 1 year.");
2753 i = 60*24*365;
2754 }
2755
f1dc9b30 2756 max = (time_t) (i * 60); /* convert minutes to seconds */
62e76326 2757
1dfa1d81 2758 /* Options */
2759 while ((token = strtok(NULL, w_space)) != NULL) {
4c3ef9b2 2760 if (!strcmp(token, "refresh-ims")) {
2761 refresh_ims = 1;
3d8b6ba4
AJ		 2762 } else if (!strcmp(token, "store-stale")) {
2763 store_stale = 1;
570d3f75
AJ		 2764 } else if (!strncmp(token, "max-stale=", 10)) {
2765 max_stale = atoi(token + 10);
626096be 2766#if USE_HTTP_VIOLATIONS
62e76326 2767
4c3ef9b2 2768 } else if (!strcmp(token, "override-expire"))
62e76326 2769 override_expire = 1;
2770 else if (!strcmp(token, "override-lastmod"))
2771 override_lastmod = 1;
38f9c547 2772 else if (!strcmp(token, "ignore-no-cache"))
2773 ignore_no_cache = 1;
2774 else if (!strcmp(token, "ignore-no-store"))
2775 ignore_no_store = 1;
4ca08219
AJ		 2776 else if (!strcmp(token, "ignore-must-revalidate"))
2777 ignore_must_revalidate = 1;
38f9c547 2778 else if (!strcmp(token, "ignore-private"))
2779 ignore_private = 1;
2780 else if (!strcmp(token, "ignore-auth"))
2781 ignore_auth = 1;
62e76326 2782 else if (!strcmp(token, "reload-into-ims")) {
2783 reload_into_ims = 1;
2784 refresh_nocache_hack = 1;
2785 /* tell client_side.c that this is used */
2786 } else if (!strcmp(token, "ignore-reload")) {
2787 ignore_reload = 1;
2788 refresh_nocache_hack = 1;
2789 /* tell client_side.c that this is used */
9f60cfdf 2790#endif
62e76326 2791
4c3ef9b2 2792 } else
570d3f75 2793 debugs(22, 0, "refreshAddToList: Unknown option '" << pattern << "': " << token);
1dfa1d81 2794 }
62e76326 2795
f1dc9b30 2796 if ((errcode = regcomp(&comp, pattern, flags)) != 0) {
62e76326 2797 char errbuf[256];
2798 regerror(errcode, &comp, errbuf, sizeof errbuf);
bf8fe701 2799 debugs(22, 0, "" << cfg_filename << " line " << config_lineno << ": " << config_input_line);
2800 debugs(22, 0, "refreshAddToList: Invalid regular expression '" << pattern << "': " << errbuf);
62e76326 2801 return;
f1dc9b30 2802 }
62e76326 2803
c3f6d204 2804 pct = pct < 0.0 ? 0.0 : pct;
f1dc9b30 2805 max = max < 0 ? 0 : max;
e6ccf245 2806 t = static_cast<refresh_t *>(xcalloc(1, sizeof(refresh_t)));
f1dc9b30 2807 t->pattern = (char *) xstrdup(pattern);
2808 t->compiled_pattern = comp;
2809 t->min = min;
c3f6d204 2810 t->pct = pct;
f1dc9b30 2811 t->max = max;
62e76326 2812
c3f6d204 2813 if (flags & REG_ICASE)
62e76326 2814 t->flags.icase = 1;
2815
4c3ef9b2 2816 if (refresh_ims)
2817 t->flags.refresh_ims = 1;
2818
3d8b6ba4
AJ		 2819 if (store_stale)
2820 t->flags.store_stale = 1;
2821
570d3f75
AJ		 2822 t->max_stale = max_stale;
2823
626096be 2824#if USE_HTTP_VIOLATIONS
62e76326 2825
1dfa1d81 2826 if (override_expire)
62e76326 2827 t->flags.override_expire = 1;
2828
1dfa1d81 2829 if (override_lastmod)
62e76326 2830 t->flags.override_lastmod = 1;
2831
cbe3a719 2832 if (reload_into_ims)
62e76326 2833 t->flags.reload_into_ims = 1;
2834
cbe3a719 2835 if (ignore_reload)
62e76326 2836 t->flags.ignore_reload = 1;
2837
38f9c547 2838 if (ignore_no_cache)
2839 t->flags.ignore_no_cache = 1;
2840
2841 if (ignore_no_store)
2842 t->flags.ignore_no_store = 1;
2843
4ca08219
AJ		 2844 if (ignore_must_revalidate)
2845 t->flags.ignore_must_revalidate = 1;
2846
38f9c547 2847 if (ignore_private)
2848 t->flags.ignore_private = 1;
2849
2850 if (ignore_auth)
2851 t->flags.ignore_auth = 1;
2852
9f60cfdf 2853#endif
62e76326 2854
f1dc9b30 2855 t->next = NULL;
62e76326 2856
f1dc9b30 2857 while (*head)
62e76326 2858 head = &(*head)->next;
2859
f1dc9b30 2860 *head = t;
62e76326 2861
f1dc9b30 2862 safe_free(pattern);
270b86af 2863}
090089c4 2864
270b86af 2865static void
a47b9029 2866free_refreshpattern(refresh_t ** head)
270b86af 2867{
f1dc9b30 2868 refresh_t *t;
62e76326 2869
79d39a72 2870 while ((t = *head) != NULL) {
62e76326 2871 *head = t->next;
2872 safe_free(t->pattern);
2873 regfree(&t->compiled_pattern);
2874 safe_free(t);
f1dc9b30 2875 }
c2066637 2876
626096be 2877#if USE_HTTP_VIOLATIONS
c2066637 2878 refresh_nocache_hack = 0;
8970d351 2879
2880#endif
270b86af 2881}
12b9e9b1 2882
270b86af 2883static void
a7d59104 2884dump_string(StoreEntry * entry, const char *name, char *var)
270b86af 2885{
f53b06f9 2886 if (var != NULL)
62e76326 2887 storeAppendPrintf(entry, "%s %s\n", name, var);
270b86af 2888}
98ffb7e4 2889
270b86af 2890static void
0153d498 2891parse_string(char **var)
270b86af 2892{
2893 char *token = strtok(NULL, w_space);
270b86af 2894 safe_free(*var);
62e76326 2895
270b86af 2896 if (token == NULL)
62e76326 2897 self_destruct();
2898
270b86af 2899 *var = xstrdup(token);
2900}
b15e6857 2901
3a69ddf3 2902void
2903ConfigParser::ParseString(char **var)
2904{
2905 parse_string(var);
2906}
2907
2908void
30abd221 2909ConfigParser::ParseString(String *var)
3a69ddf3 2910{
2911 char *token = strtok(NULL, w_space);
2912
2913 if (token == NULL)
2914 self_destruct();
2915
30abd221 2916 var->reset(token);
3a69ddf3 2917}
2918
0153d498 2919static void
2920free_string(char **var)
2921{
027acbaf 2922 safe_free(*var);
0153d498 2923}
caebbe00 2924
94439e4e 2925void
f1dc9b30 2926parse_eol(char *volatile *var)
270b86af 2927{
65657c1a
AJ		 2928 if (!var) {
2929 self_destruct();
2930 return;
2931 }
2932
852751f7 2933 unsigned char *token = (unsigned char *) strtok(NULL, null_string);
270b86af 2934 safe_free(*var);
62e76326 2935
9eeb8e4b 2936 if (!token) {
62e76326 2937 self_destruct();
9eeb8e4b 2938 return;
2939 }
62e76326 2940
e4755e29 2941 while (*token && xisspace(*token))
62e76326 2942 token++;
2943
9eeb8e4b 2944 if (!*token) {
62e76326 2945 self_destruct();
9eeb8e4b 2946 return;
2947 }
62e76326 2948
852751f7 2949 *var = xstrdup((char *) token);
270b86af 2950}
090089c4 2951
52d3f198 2952#define dump_eol dump_string
2953#define free_eol free_string
2954
270b86af 2955static void
a7d59104 2956dump_time_t(StoreEntry * entry, const char *name, time_t var)
090089c4 2957{
f53b06f9 2958 storeAppendPrintf(entry, "%s %d seconds\n", name, (int) var);
090089c4 2959}
2960
94439e4e 2961void
a47b9029 2962parse_time_t(time_t * var)
0ffd22bc 2963{
fd0f51c4 2964 time_msec_t tval;
9b741834 2965 parseTimeLine(&tval, T_SECOND_STR, false);
fd0f51c4 2966 *var = static_cast<time_t>(tval/1000);
0ffd22bc 2967}
2968
270b86af 2969static void
a47b9029 2970free_time_t(time_t * var)
270b86af 2971{
a47b9029 2972 *var = 0;
270b86af 2973}
9906e724 2974
f64091a7 2975#if !USE_DNSHELPER
fd0f51c4
CT		 2976static void
2977dump_time_msec(StoreEntry * entry, const char *name, time_msec_t var)
2978{
2979 if (var % 1000)
c91ca3ce 2980 storeAppendPrintf(entry, "%s %" PRId64 " milliseconds\n", name, var);
fd0f51c4
CT		 2981 else
2982 storeAppendPrintf(entry, "%s %d seconds\n", name, (int)(var/1000) );
2983}
2984
2985void
2986parse_time_msec(time_msec_t * var)
2987{
9b741834 2988 parseTimeLine(var, T_SECOND_STR, true);
fd0f51c4
CT		 2989}
2990
2991static void
2992free_time_msec(time_msec_t * var)
2993{
2994 *var = 0;
2995}
9fc16f39 2996#endif
fd0f51c4 2997
0477a072 2998#if UNUSED_CODE
9906e724 2999static void
a7d59104 3000dump_size_t(StoreEntry * entry, const char *name, size_t var)
1b635117 3001{
f53b06f9 3002 storeAppendPrintf(entry, "%s %d\n", name, (int) var);
1b635117 3003}
0477a072 3004#endif
1b635117 3005
3006static void
a7d59104 3007dump_b_size_t(StoreEntry * entry, const char *name, size_t var)
9906e724 3008{
f53b06f9 3009 storeAppendPrintf(entry, "%s %d %s\n", name, (int) var, B_BYTES_STR);
9906e724 3010}
3011
f64091a7 3012#if !USE_DNSHELPER
e210930b
AJ		 3013static void
3014dump_b_ssize_t(StoreEntry * entry, const char *name, ssize_t var)
3015{
3016 storeAppendPrintf(entry, "%s %d %s\n", name, (int) var, B_BYTES_STR);
3017}
3018#endif
3019
3e62bd58 3020#if UNUSED_CODE
9906e724 3021static void
a7d59104 3022dump_kb_size_t(StoreEntry * entry, const char *name, size_t var)
9906e724 3023{
f53b06f9 3024 storeAppendPrintf(entry, "%s %d %s\n", name, (int) var, B_KBYTES_STR);
9906e724 3025}
3e62bd58 3026#endif
9906e724 3027
47f6e231 3028static void
3029dump_b_int64_t(StoreEntry * entry, const char *name, int64_t var)
3030{
c91ca3ce 3031 storeAppendPrintf(entry, "%s %" PRId64 " %s\n", name, var, B_BYTES_STR);
47f6e231 3032}
3033
3034static void
3035dump_kb_int64_t(StoreEntry * entry, const char *name, int64_t var)
3036{
c91ca3ce 3037 storeAppendPrintf(entry, "%s %" PRId64 " %s\n", name, var, B_KBYTES_STR);
47f6e231 3038}
3039
0477a072 3040#if UNUSED_CODE
9906e724 3041static void
a47b9029 3042parse_size_t(size_t * var)
1b635117 3043{
1b635117 3044 int i;
0e4e0e7d 3045 i = GetInteger();
1b635117 3046 *var = (size_t) i;
3047}
0477a072 3048#endif
1b635117 3049
3050static void
3051parse_b_size_t(size_t * var)
9906e724 3052{
3053 parseBytesLine(var, B_BYTES_STR);
3054}
3055
f64091a7 3056#if !USE_DNSHELPER
e210930b
AJ		 3057static void
3058parse_b_ssize_t(ssize_t * var)
3059{
3060 parseBytesLineSigned(var, B_BYTES_STR);
3061}
3062#endif
3063
3e62bd58 3064#if UNUSED_CODE
9906e724 3065static void
a47b9029 3066parse_kb_size_t(size_t * var)
9906e724 3067{
3068 parseBytesLine(var, B_KBYTES_STR);
3069}
3e62bd58 3070#endif
9906e724 3071
47f6e231 3072static void
3073parse_b_int64_t(int64_t * var)
3074{
3075 parseBytesLine64(var, B_BYTES_STR);
3076}
3077
3078static void
3079parse_kb_int64_t(int64_t * var)
3080{
3081 parseBytesLine64(var, B_KBYTES_STR);
3082}
3083
9906e724 3084static void
a47b9029 3085free_size_t(size_t * var)
9906e724 3086{
a47b9029 3087 *var = 0;
9906e724 3088}
3089
f64091a7 3090#if !USE_DNSHELPER
e210930b
AJ		 3091static void
3092free_ssize_t(ssize_t * var)
3093{
3094 *var = 0;
3095}
3096#endif
3097
47f6e231 3098static void
3099free_b_int64_t(int64_t * var)
3100{
3101 *var = 0;
3102}
3103
1b635117 3104#define free_b_size_t free_size_t
e210930b 3105#define free_b_ssize_t free_ssize_t
9906e724 3106#define free_kb_size_t free_size_t
3107#define free_mb_size_t free_size_t
3108#define free_gb_size_t free_size_t
47f6e231 3109#define free_kb_int64_t free_b_int64_t
090089c4 3110
8203a132 3111static void
f45dd259 3112dump_u_short(StoreEntry * entry, const char *name, unsigned short var)
090089c4 3113{
f53b06f9 3114 storeAppendPrintf(entry, "%s %d\n", name, var);
270b86af 3115}
090089c4 3116
0153d498 3117static void
f45dd259 3118free_u_short(unsigned short * u)
0153d498 3119{
3120 *u = 0;
3121}
3122
270b86af 3123static void
f45dd259 3124parse_u_short(unsigned short * var)
b67e2c8c 3125{
3126 ConfigParser::ParseUShort(var);
3127}
3128
3129void
f45dd259 3130ConfigParser::ParseUShort(unsigned short *var)
270b86af 3131{
0e656b69 3132 *var = GetShort();
090089c4 3133}
3134
3a69ddf3 3135void
3136ConfigParser::ParseBool(bool *var)
3137{
3138 int i = GetInteger();
3139
3140 if (0 == i)
3141 *var = false;
3142 else if (1 == i)
3143 *var = true;
3144 else
3145 self_destruct();
3146}
3147
270b86af 3148static void
a7d59104 3149dump_wordlist(StoreEntry * entry, const char *name, wordlist * list)
270b86af 3150{
270b86af 3151 while (list != NULL) {
62e76326 3152 storeAppendPrintf(entry, "%s %s\n", name, list->key);
3153 list = list->next;
429fdbec 3154 }
429fdbec 3155}
3156
3a69ddf3 3157void
3158ConfigParser::ParseWordList(wordlist ** list)
3159{
3160 parse_wordlist(list);
3161}
3162
94439e4e 3163void
270b86af 3164parse_wordlist(wordlist ** list)
429fdbec 3165{
270b86af 3166 char *token;
a3c6890f 3167 char *t = strtok(NULL, "");
62e76326 3168
a3c6890f 3169 while ((token = strwordtok(NULL, &t)))
62e76326 3170 wordlistAdd(list, token);
429fdbec 3171}
270b86af 3172
b3d8a9e8 3173#if 0 /* now unused */
f8d9f54a 3174static int
5da06f20 3175check_null_wordlist(wordlist * w)
f8d9f54a 3176{
3177 return w == NULL;
3178}
b3d8a9e8 3179#endif
f8d9f54a 3180
63e9d884 3181static int
c6d5b87b 3182check_null_acl_access(acl_access * a)
63e9d884 3183{
3184 return a == NULL;
3185}
3186
0153d498 3187#define free_wordlist wordlistDestroy
270b86af 3188
d548ee64 3189#define free_uri_whitespace free_int
3190
3191static void
3192parse_uri_whitespace(int *var)
3193{
3194 char *token = strtok(NULL, w_space);
62e76326 3195
d548ee64 3196 if (token == NULL)
62e76326 3197 self_destruct();
3198
7e3ce7b9 3199 if (!strcasecmp(token, "strip"))
62e76326 3200 *var = URI_WHITESPACE_STRIP;
7e3ce7b9 3201 else if (!strcasecmp(token, "deny"))
62e76326 3202 *var = URI_WHITESPACE_DENY;
d548ee64 3203 else if (!strcasecmp(token, "allow"))
62e76326 3204 *var = URI_WHITESPACE_ALLOW;
d548ee64 3205 else if (!strcasecmp(token, "encode"))
62e76326 3206 *var = URI_WHITESPACE_ENCODE;
d548ee64 3207 else if (!strcasecmp(token, "chop"))
62e76326 3208 *var = URI_WHITESPACE_CHOP;
d548ee64 3209 else
62e76326 3210 self_destruct();
d548ee64 3211}
3212
d548ee64 3213static void
3214dump_uri_whitespace(StoreEntry * entry, const char *name, int var)
3215{
c193c972 3216 const char *s;
62e76326 3217
d548ee64 3218 if (var == URI_WHITESPACE_ALLOW)
62e76326 3219 s = "allow";
d548ee64 3220 else if (var == URI_WHITESPACE_ENCODE)
62e76326 3221 s = "encode";
d548ee64 3222 else if (var == URI_WHITESPACE_CHOP)
62e76326 3223 s = "chop";
7e3ce7b9 3224 else if (var == URI_WHITESPACE_DENY)
62e76326 3225 s = "deny";
7e3ce7b9 3226 else
62e76326 3227 s = "strip";
3228
d548ee64 3229 storeAppendPrintf(entry, "%s %s\n", name, s);
3230}
3231
6a566b9c 3232static void
c1dd71ae 3233free_removalpolicy(RemovalPolicySettings ** settings)
6a566b9c 3234{
3235 if (!*settings)
62e76326 3236 return;
3237
6a566b9c 3238 free_string(&(*settings)->type);
62e76326 3239
6a566b9c 3240 free_wordlist(&(*settings)->args);
62e76326 3241
c8f4eac4 3242 delete *settings;
62e76326 3243
6a566b9c 3244 *settings = NULL;
3245}
3246
3247static void
c1dd71ae 3248parse_removalpolicy(RemovalPolicySettings ** settings)
6a566b9c 3249{
3250 if (*settings)
62e76326 3251 free_removalpolicy(settings);
3252
c8f4eac4 3253 *settings = new RemovalPolicySettings;
62e76326 3254
6a566b9c 3255 parse_string(&(*settings)->type);
62e76326 3256
6a566b9c 3257 parse_wordlist(&(*settings)->args);
3258}
3259
3260static void
c1dd71ae 3261dump_removalpolicy(StoreEntry * entry, const char *name, RemovalPolicySettings * settings)
6a566b9c 3262{
3263 wordlist *args;
3264 storeAppendPrintf(entry, "%s %s", name, settings->type);
3265 args = settings->args;
62e76326 3266
6a566b9c 3267 while (args) {
62e76326 3268 storeAppendPrintf(entry, " %s", args->key);
3269 args = args->next;
6a566b9c 3270 }
62e76326 3271
be58afb5 3272 storeAppendPrintf(entry, "\n");
6a566b9c 3273}
c1dd71ae 3274
57af1e3f
AR		 3275void
3276YesNoNone::configure(bool beSet)
3277{
3278 option = beSet ? +1 : -1;
3279}
3280
3281YesNoNone::operator void*() const
3282{
3283 assert(option != 0); // must call configure() first
3284 return option > 0 ? (void*)this : NULL;
3285}
3286
3287
de0cb3d8
AR		 3288inline void
3289free_YesNoNone(YesNoNone *)
57af1e3f 3290{
de0cb3d8 3291 // do nothing: no explicit cleanup is required
57af1e3f
AR		 3292}
3293
3294static void
3295parse_YesNoNone(YesNoNone *option)
3296{
3297 int value = 0;
3298 parse_onoff(&value);
3299 option->configure(value > 0);
3300}
3301
3302static void
3303dump_YesNoNone(StoreEntry * entry, const char *name, YesNoNone &option)
3304{
3305 if (option.configured())
3306 dump_onoff(entry, name, option ? 1 : 0);
3307}
3308
ea21d497
HN		 3309static void
3310free_memcachemode(SquidConfig * config)
3311{
3312 return;
3313}
3314
3315static void
3316parse_memcachemode(SquidConfig * config)
3317{
3318 char *token = strtok(NULL, w_space);
3319 if (!token)
e1381638 3320 self_destruct();
ea21d497 3321
10aeba1d 3322 if (strcmp(token, "always") == 0) {
e1381638
AJ		 3323 Config.onoff.memory_cache_first = 1;
3324 Config.onoff.memory_cache_disk = 1;
10aeba1d 3325 } else if (strcmp(token, "disk") == 0) {
e1381638
AJ		 3326 Config.onoff.memory_cache_first = 0;
3327 Config.onoff.memory_cache_disk = 1;
ea21d497 3328 } else if (strncmp(token, "net", 3) == 0) {
e1381638
AJ		 3329 Config.onoff.memory_cache_first = 1;
3330 Config.onoff.memory_cache_disk = 0;
10aeba1d 3331 } else if (strcmp(token, "never") == 0) {
e1381638
AJ		 3332 Config.onoff.memory_cache_first = 0;
3333 Config.onoff.memory_cache_disk = 0;
ea21d497 3334 } else
e1381638 3335 self_destruct();
ea21d497
HN		 3336}
3337
3338static void
3339dump_memcachemode(StoreEntry * entry, const char *name, SquidConfig &config)
3340{
3341 storeAppendPrintf(entry, "%s ", name);
3342 if (Config.onoff.memory_cache_first && Config.onoff.memory_cache_disk)
e1381638 3343 storeAppendPrintf(entry, "always");
ea21d497 3344 else if (!Config.onoff.memory_cache_first && Config.onoff.memory_cache_disk)
e1381638 3345 storeAppendPrintf(entry, "disk");
ea21d497 3346 else if (Config.onoff.memory_cache_first && !Config.onoff.memory_cache_disk)
e1381638 3347 storeAppendPrintf(entry, "network");
ea21d497 3348 else if (!Config.onoff.memory_cache_first && !Config.onoff.memory_cache_disk)
e1381638 3349 storeAppendPrintf(entry, "none");
ea21d497
HN		 3350 storeAppendPrintf(entry, "\n");
3351}
3352
cca8ba0d 3353#include "cf_parser.cci"
f1dc9b30 3354
3355peer_t
3356parseNeighborType(const char *s)
3357{
3358 if (!strcasecmp(s, "parent"))
62e76326 3359 return PEER_PARENT;
3360
f1dc9b30 3361 if (!strcasecmp(s, "neighbor"))
62e76326 3362 return PEER_SIBLING;
3363
f1dc9b30 3364 if (!strcasecmp(s, "neighbour"))
62e76326 3365 return PEER_SIBLING;
3366
f1dc9b30 3367 if (!strcasecmp(s, "sibling"))
62e76326 3368 return PEER_SIBLING;
3369
f1dc9b30 3370 if (!strcasecmp(s, "multicast"))
62e76326 3371 return PEER_MULTICAST;
3372
bf8fe701 3373 debugs(15, 0, "WARNING: Unknown neighbor type: " << s);
62e76326 3374
f1dc9b30 3375 return PEER_SIBLING;
3376}
f150dd4b 3377
0b0cfcf2 3378#if USE_WCCPv2
52f772de 3379static void
b7ac5457 3380parse_IpAddress_list(Ip::Address_list ** head)
52f772de 3381{
3382 char *token;
b7ac5457
AJ		 3383 Ip::Address_list *s;
3384 Ip::Address ipa;
62e76326 3385
52f772de 3386 while ((token = strtok(NULL, w_space))) {
82b7abe3
AJ		 3387 if (GetHostWithPort(token, &ipa)) {
3388
3389 while (*head)
3390 head = &(*head)->next;
3391
b7ac5457 3392 s = static_cast<Ip::Address_list *>(xcalloc(1, sizeof(*s)));
82b7abe3
AJ		 3393 s->s = ipa;
3394
3395 *head = s;
9d65168e 3396 } else
82b7abe3 3397 self_destruct();
7e3ce7b9 3398 }
3399}
3400
3401static void
b7ac5457 3402dump_IpAddress_list(StoreEntry * e, const char *n, const Ip::Address_list * s)
7e3ce7b9 3403{
cc192b50 3404 char ntoabuf[MAX_IPSTRLEN];
3405
7e3ce7b9 3406 while (s) {
cc192b50 3407 storeAppendPrintf(e, "%s %s\n",
62e76326 3408 n,
cc192b50 3409 s->s.NtoA(ntoabuf,MAX_IPSTRLEN));
62e76326 3410 s = s->next;
7e3ce7b9 3411 }
3412}
3413
3414static void
b7ac5457 3415free_IpAddress_list(Ip::Address_list ** head)
7e3ce7b9 3416{
26ac0430
AJ		 3417 if (*head) delete *head;
3418 *head = NULL;
7e3ce7b9 3419}
3420
0b0cfcf2 3421#if CURRENTLY_UNUSED
3422/* This code was previously used by http_port. Left as it really should
3423 * be used by icp_port and htcp_port
3424 */
7e3ce7b9 3425static int
b7ac5457 3426check_null_IpAddress_list(const Ip::Address_list * s)
7e3ce7b9 3427{
3428 return NULL == s;
3429}
62e76326 3430
3f38a55e 3431#endif /* CURRENTLY_UNUSED */
0b0cfcf2 3432#endif /* USE_WCCPv2 */
7e3ce7b9 3433
d193a436 3434static void
65d448bc 3435parsePortSpecification(AnyP::PortCfg * s, char *token)
d193a436 3436{
3f38a55e 3437 char *host = NULL;
3f38a55e 3438 unsigned short port = 0;
cc192b50 3439 char *t = NULL;
3440 char *junk = NULL;
62e76326 3441
5529ca8a 3442 s->disable_pmtu_discovery = DISABLE_PMTU_OFF;
13adaf1f 3443 s->name = xstrdup(token);
d67acb4e 3444 s->connection_auth_disabled = false;
5529ca8a 3445
cc192b50 3446 if (*token == '[') {
3447 /* [ipv6]:port */
26ac0430
AJ		 3448 host = token + 1;
3449 t = strchr(host, ']');
3450 if (!t) {
859741ed 3451 debugs(3, DBG_CRITICAL, s->protocol << "_port: missing ']' on IPv6 address: " << token);
26ac0430 3452 self_destruct();
cc192b50 3453 }
26ac0430
AJ		 3454 *t++ = '\0';
3455 if (*t != ':') {
859741ed 3456 debugs(3, DBG_CRITICAL, s->protocol << "_port: missing Port in: " << token);
26ac0430 3457 self_destruct();
cc192b50 3458 }
055421ee 3459 if (!Ip::EnableIpv6) {
859741ed 3460 debugs(3, DBG_CRITICAL, "FATAL: " << s->protocol << "_port: IPv6 is not available.");
26ac0430
AJ		 3461 self_destruct();
3462 }
055421ee
AJ		 3463 port = xatos(t + 1);
3464 } else if ((t = strchr(token, ':'))) {
3465 /* host:port */
3466 /* ipv4:port */
3467 host = token;
3468 *t = '\0';
3469 port = xatos(t + 1);
3470
3471 } else if ((port = strtol(token, &junk, 10)), !*junk) {
3472 /* port */
859741ed 3473 debugs(3, 3, s->protocol << "_port: found Listen on Port: " << port);
055421ee 3474 } else {
859741ed 3475 debugs(3, DBG_CRITICAL, s->protocol << "_port: missing Port: " << token);
055421ee
AJ		 3476 self_destruct();
3477 }
62e76326 3478
859741ed
AJ		 3479 if (port == 0 && host != NULL) {
3480 debugs(3, DBG_CRITICAL, s->protocol << "_port: Port cannot be 0: " << token);
0e656b69 3481 self_destruct();
cc192b50 3482 }
0e656b69 3483
cc192b50 3484 if (NULL == host) {
3485 s->s.SetAnyAddr();
3486 s->s.SetPort(port);
6df7ad56
AJ		 3487 if (!Ip::EnableIpv6)
3488 s->s.SetIPv4();
859741ed 3489 debugs(3, 3, s->protocol << "_port: found Listen on wildcard address: *:" << s->s.GetPort() );
c49d44e1 3490 } else if ( (s->s = host) ) { /* check/parse numeric IPA */
cc192b50 3491 s->s.SetPort(port);
6df7ad56
AJ		 3492 if (!Ip::EnableIpv6)
3493 s->s.SetIPv4();
859741ed 3494 debugs(3, 3, s->protocol << "_port: Listen on Host/IP: " << host << " --> " << s->s);
26ac0430 3495 } else if ( s->s.GetHostByName(host) ) { /* check/parse for FQDN */
62e76326 3496 /* dont use ipcache */
62e76326 3497 s->defaultsite = xstrdup(host);
cc192b50 3498 s->s.SetPort(port);
6df7ad56
AJ		 3499 if (!Ip::EnableIpv6)
3500 s->s.SetIPv4();
859741ed 3501 debugs(3, 3, s->protocol << "_port: found Listen as Host " << s->defaultsite << " on IP: " << s->s);
26ac0430 3502 } else {
859741ed 3503 debugs(3, DBG_CRITICAL, s->protocol << "_port: failed to resolve Host/IP: " << host);
62e76326 3504 self_destruct();
cc192b50 3505 }
3f38a55e 3506}
3507
3508static void
65d448bc 3509parse_port_option(AnyP::PortCfg * s, char *token)
3f38a55e 3510{
c7b1dd5d
AJ		 3511 /* modes first */
3512
3513 if (strcmp(token, "accel") == 0) {
3514 if (s->intercepted || s->spoof_client_ip) {
3515 debugs(3, DBG_CRITICAL, "FATAL: http(s)_port: Accelerator mode requires its own port. It cannot be shared with other modes.");
3516 self_destruct();
3517 }
cf673853 3518 s->accel = s->vhost = 1;
c7b1dd5d
AJ		 3519 } else if (strcmp(token, "transparent") == 0 || strcmp(token, "intercept") == 0) {
3520 if (s->accel || s->spoof_client_ip) {
3521 debugs(3, DBG_CRITICAL, "FATAL: http(s)_port: Intercept mode requires its own interception port. It cannot be shared with other modes.");
3522 self_destruct();
3523 }
3524 s->intercepted = 1;
3525 Ip::Interceptor.StartInterception();
3526 /* Log information regarding the port modes under interception. */
3527 debugs(3, DBG_IMPORTANT, "Starting Authentication on port " << s->s);
3528 debugs(3, DBG_IMPORTANT, "Disabling Authentication on port " << s->s << " (interception enabled)");
3529
c7b1dd5d 3530 /* INET6: until transparent REDIRECT works on IPv6 SOCKET, force wildcard to IPv4 */
055421ee
AJ		 3531 if (Ip::EnableIpv6)
3532 debugs(3, DBG_IMPORTANT, "Disabling IPv6 on port " << s->s << " (interception enabled)");
c7b1dd5d 3533 if ( !s->s.SetIPv4() ) {
40d34a62 3534 debugs(3, DBG_CRITICAL, "FATAL: http(s)_port: IPv6 addresses cannot NAT intercept (protocol does not provide NAT)" << s->s );
c7b1dd5d
AJ		 3535 self_destruct();
3536 }
c7b1dd5d
AJ		 3537 } else if (strcmp(token, "tproxy") == 0) {
3538 if (s->intercepted || s->accel) {
3539 debugs(3,DBG_CRITICAL, "FATAL: http(s)_port: TPROXY option requires its own interception port. It cannot be shared with other modes.");
3540 self_destruct();
3541 }
3542 s->spoof_client_ip = 1;
3543 Ip::Interceptor.StartTransparency();
3544 /* Log information regarding the port modes under transparency. */
3545 debugs(3, DBG_IMPORTANT, "Starting IP Spoofing on port " << s->s);
3546 debugs(3, DBG_IMPORTANT, "Disabling Authentication on port " << s->s << " (IP spoofing enabled)");
3547
3548 if (!Ip::Interceptor.ProbeForTproxy(s->s)) {
3549 debugs(3, DBG_CRITICAL, "FATAL: http(s)_port: TPROXY support in the system does not work.");
3550 self_destruct();
3551 }
3552
3553 } else if (strncmp(token, "defaultsite=", 12) == 0) {
3554 if (!s->accel) {
3555 debugs(3, DBG_CRITICAL, "FATAL: http(s)_port: defaultsite option requires Acceleration mode flag.");
3556 self_destruct();
3557 }
62e76326 3558 safe_free(s->defaultsite);
3559 s->defaultsite = xstrdup(token + 12);
3f38a55e 3560 } else if (strcmp(token, "vhost") == 0) {
c7b1dd5d 3561 if (!s->accel) {
cf673853
AJ		 3562 debugs(3, DBG_CRITICAL, "WARNING: http(s)_port: vhost option is deprecated. Use 'accel' mode flag instead.");
3563 }
3564 s->accel = s->vhost = 1;
3565 } else if (strcmp(token, "no-vhost") == 0) {
3566 if (!s->accel) {
3567 debugs(3, DBG_IMPORTANT, "ERROR: http(s)_port: no-vhost option requires Acceleration mode flag.");
c7b1dd5d 3568 }
cf673853 3569 s->vhost = 0;
3f38a55e 3570 } else if (strcmp(token, "vport") == 0) {
c7b1dd5d
AJ		 3571 if (!s->accel) {
3572 debugs(3, DBG_CRITICAL, "FATAL: http(s)_port: vport option requires Acceleration mode flag.");
3573 self_destruct();
3574 }
62e76326 3575 s->vport = -1;
3f38a55e 3576 } else if (strncmp(token, "vport=", 6) == 0) {
c7b1dd5d
AJ		 3577 if (!s->accel) {
3578 debugs(3, DBG_CRITICAL, "FATAL: http(s)_port: vport option requires Acceleration mode flag.");
3579 self_destruct();
3580 }
0e656b69 3581 s->vport = xatos(token + 6);
3f38a55e 3582 } else if (strncmp(token, "protocol=", 9) == 0) {
c7b1dd5d
AJ		 3583 if (!s->accel) {
3584 debugs(3, DBG_CRITICAL, "FATAL: http(s)_port: protocol option requires Acceleration mode flag.");
3585 self_destruct();
3586 }
62e76326 3587 s->protocol = xstrdup(token + 9);
7f7bdd96 3588 } else if (strcmp(token, "allow-direct") == 0) {
c7b1dd5d 3589 if (!s->accel) {
90fa5816 3590 debugs(3, DBG_CRITICAL, "FATAL: http(s)_port: allow-direct option requires Acceleration mode flag.");
c7b1dd5d
AJ		 3591 self_destruct();
3592 }
7f7bdd96 3593 s->allow_direct = 1;
90fa5816
AJ		 3594 } else if (strcmp(token, "act-as-origin") == 0) {
3595 if (!s->accel) {
3596 debugs(3, DBG_IMPORTANT, "ERROR: http(s)_port: act-as-origin option requires Acceleration mode flag.");
3597 } else
3598 s->actAsOrigin = 1;
432bc83c 3599 } else if (strcmp(token, "ignore-cc") == 0) {
626096be 3600#if !USE_HTTP_VIOLATIONS
838daf3f 3601 if (!s->accel) {
c7b1dd5d 3602 debugs(3, DBG_CRITICAL, "FATAL: http(s)_port: ignore-cc option requires Scceleration mode flag.");
838daf3f
A		 3603 self_destruct();
3604 }
432bc83c 3605#endif
c7b1dd5d
AJ		 3606 s->ignore_cc = 1;
3607 } else if (strncmp(token, "name=", 5) == 0) {
3608 safe_free(s->name);
3609 s->name = xstrdup(token + 5);
d67acb4e
AJ		 3610 } else if (strcmp(token, "no-connection-auth") == 0) {
3611 s->connection_auth_disabled = true;
3612 } else if (strcmp(token, "connection-auth=off") == 0) {
26ac0430 3613 s->connection_auth_disabled = true;
d67acb4e 3614 } else if (strcmp(token, "connection-auth") == 0) {
26ac0430 3615 s->connection_auth_disabled = false;
d67acb4e 3616 } else if (strcmp(token, "connection-auth=on") == 0) {
26ac0430 3617 s->connection_auth_disabled = false;
5529ca8a 3618 } else if (strncmp(token, "disable-pmtu-discovery=", 23) == 0) {
3619 if (!strcasecmp(token + 23, "off"))
3620 s->disable_pmtu_discovery = DISABLE_PMTU_OFF;
3621 else if (!strcasecmp(token + 23, "transparent"))
3622 s->disable_pmtu_discovery = DISABLE_PMTU_TRANSPARENT;
3623 else if (!strcasecmp(token + 23, "always"))
3624 s->disable_pmtu_discovery = DISABLE_PMTU_ALWAYS;
3625 else
3626 self_destruct();
cc192b50 3627 } else if (strcmp(token, "ipv4") == 0) {
26ac0430 3628 if ( !s->s.SetIPv4() ) {
055421ee 3629 debugs(3, DBG_CRITICAL, "FATAL: http(s)_port: IPv6 addresses cannot be used as IPv4-Only. " << s->s );
cc192b50 3630 self_destruct();
3631 }
26ac0430
AJ		 3632 } else if (strcmp(token, "tcpkeepalive") == 0) {
3633 s->tcp_keepalive.enabled = 1;
b2130d58 3634 } else if (strncmp(token, "tcpkeepalive=", 13) == 0) {
26ac0430
AJ		 3635 char *t = token + 13;
3636 s->tcp_keepalive.enabled = 1;
3637 s->tcp_keepalive.idle = atoi(t);
3638 t = strchr(t, ',');
3639 if (t) {
3640 t++;
3641 s->tcp_keepalive.interval = atoi(t);
3642 t = strchr(t, ',');
3643 }
3644 if (t) {
3645 t++;
3646 s->tcp_keepalive.timeout = atoi(t);
3647 t = strchr(t, ',');
3648 }
154dc884 3649#if USE_SSL
3a0c8eb5
AR		 3650 } else if (strcasecmp(token, "sslBump") == 0) {
3651 debugs(3, DBG_CRITICAL, "WARNING: '" << token << "' is deprecated " <<
9945bf3f 3652 "in http_port. Use 'ssl-bump' instead.");
3a0c8eb5
AR		 3653 s->sslBump = 1; // accelerated when bumped, otherwise not
3654 } else if (strcmp(token, "ssl-bump") == 0) {
c7b1dd5d 3655 s->sslBump = 1; // accelerated when bumped, otherwise not
154dc884 3656 } else if (strncmp(token, "cert=", 5) == 0) {
3657 safe_free(s->cert);
3658 s->cert = xstrdup(token + 5);
3659 } else if (strncmp(token, "key=", 4) == 0) {
3660 safe_free(s->key);
3661 s->key = xstrdup(token + 4);
3662 } else if (strncmp(token, "version=", 8) == 0) {
3663 s->version = xatoi(token + 8);
154dc884 3664 if (s->version < 1 || s->version > 4)
3665 self_destruct();
3666 } else if (strncmp(token, "options=", 8) == 0) {
3667 safe_free(s->options);
3668 s->options = xstrdup(token + 8);
3669 } else if (strncmp(token, "cipher=", 7) == 0) {
3670 safe_free(s->cipher);
3671 s->cipher = xstrdup(token + 7);
3672 } else if (strncmp(token, "clientca=", 9) == 0) {
3673 safe_free(s->clientca);
3674 s->clientca = xstrdup(token + 9);
3675 } else if (strncmp(token, "cafile=", 7) == 0) {
3676 safe_free(s->cafile);
3677 s->cafile = xstrdup(token + 7);
3678 } else if (strncmp(token, "capath=", 7) == 0) {
3679 safe_free(s->capath);
3680 s->capath = xstrdup(token + 7);
3681 } else if (strncmp(token, "crlfile=", 8) == 0) {
3682 safe_free(s->crlfile);
3683 s->crlfile = xstrdup(token + 8);
3684 } else if (strncmp(token, "dhparams=", 9) == 0) {
3685 safe_free(s->dhfile);
3686 s->dhfile = xstrdup(token + 9);
3687 } else if (strncmp(token, "sslflags=", 9) == 0) {
3688 safe_free(s->sslflags);
3689 s->sslflags = xstrdup(token + 9);
3690 } else if (strncmp(token, "sslcontext=", 11) == 0) {
95d2589c
CT		 3691 safe_free(s->sslContextSessionId);
3692 s->sslContextSessionId = xstrdup(token + 11);
3693 } else if (strcmp(token, "generate-host-certificates") == 0) {
3694 s->generateHostCertificates = true;
3695 } else if (strcmp(token, "generate-host-certificates=on") == 0) {
3696 s->generateHostCertificates = true;
3697 } else if (strcmp(token, "generate-host-certificates=off") == 0) {
3698 s->generateHostCertificates = false;
3699 } else if (strncmp(token, "dynamic_cert_mem_cache_size=", 28) == 0) {
3700 parseBytesOptionValue(&s->dynamicCertMemCacheSize, B_BYTES_STR, token + 28);
154dc884 3701#endif
3f38a55e 3702 } else {
62e76326 3703 self_destruct();
3f38a55e 3704 }
3705}
3706
3f38a55e 3707void
3708add_http_port(char *portspec)
3709{
65d448bc 3710 AnyP::PortCfg *s = new AnyP::PortCfg("http_port");
859741ed 3711 parsePortSpecification(s, portspec);
65d448bc 3712 // we may need to merge better if the above returns a list with clones
7e07ced1 3713 assert(s->next == NULL);
60b2e919
CT		 3714 s->next = cbdataReference(Config.Sockaddr.http);
3715 cbdataReferenceDone(Config.Sockaddr.http);
3716 Config.Sockaddr.http = cbdataReference(s);
3f38a55e 3717}
3718
3719static void
11907477
AR		 3720parsePortCfg(AnyP::PortCfg ** head, const char *optionName)
3721{
3722 const char *protocol = NULL;
3723 if (strcmp(optionName, "http_port") == 0 ||
b5944cff 3724 strcmp(optionName, "ascii_port") == 0)
11907477
AR		 3725 protocol = "http";
3726 else if (strcmp(optionName, "https_port") == 0)
3727 protocol = "https";
3728 if (!protocol) {
3729 self_destruct();
3730 return;
3731 }
3732
3f38a55e 3733 char *token = strtok(NULL, w_space);
62e76326 3734
9eeb8e4b 3735 if (!token) {
62e76326 3736 self_destruct();
9eeb8e4b 3737 return;
3738 }
62e76326 3739
65d448bc 3740 AnyP::PortCfg *s = new AnyP::PortCfg(protocol);
859741ed 3741 parsePortSpecification(s, token);
62e76326 3742
3f38a55e 3743 /* parse options ... */
3744 while ((token = strtok(NULL, w_space))) {
65d448bc 3745 parse_port_option(s, token);
3f38a55e 3746 }
62e76326 3747
03f00a11
CT		 3748#if USE_SSL
3749 if (strcasecmp(protocol, "https") == 0) {
38450a50 3750 /* ssl-bump on https_port configuration requires either tproxy or intercept, and vice versa */
03f00a11
CT		 3751 const bool hijacked = s->spoof_client_ip || s->intercepted;
3752 if (s->sslBump && !hijacked) {
38450a50 3753 debugs(3, DBG_CRITICAL, "FATAL: ssl-bump on https_port requires tproxy/intercept which is missing.");
03f00a11
CT		 3754 self_destruct();
3755 }
3756 if (hijacked && !s->sslBump) {
38450a50 3757 debugs(3, DBG_CRITICAL, "FATAL: tproxy/intercept on https_port requires ssl-bump which is missing.");
03f00a11
CT		 3758 self_destruct();
3759 }
3760 }
3761#endif
3762
055421ee 3763 if (Ip::EnableIpv6&IPV6_SPECIAL_SPLITSTACK && s->s.IsAnyAddr()) {
7e07ced1 3764 // clone the port options from *s to *(s->next)
60b2e919 3765 s->next = cbdataReference(s->clone());
7e07ced1 3766 s->next->s.SetIPv4();
859741ed 3767 debugs(3, 3, protocol << "_port: clone wildcard address for split-stack: " << s->s << " and " << s->next->s);
7e07ced1 3768 }
7e07ced1 3769
3f38a55e 3770 while (*head)
62e76326 3771 head = &(*head)->next;
3772
60b2e919 3773 *head = cbdataReference(s);
3f38a55e 3774}
3775
3776static void
65d448bc 3777dump_generic_port(StoreEntry * e, const char *n, const AnyP::PortCfg * s)
3f38a55e 3778{
cc192b50 3779 char buf[MAX_IPSTRLEN];
3780
3781 storeAppendPrintf(e, "%s %s",
62e76326 3782 n,
cc192b50 3783 s->s.ToURL(buf,MAX_IPSTRLEN));
62e76326 3784
df1b20e4 3785 // MODES and specific sub-options.
2ad20b4f
AJ		 3786 if (s->intercepted)
3787 storeAppendPrintf(e, " intercept");
62e76326 3788
df1b20e4 3789 else if (s->spoof_client_ip)
c7b1dd5d
AJ		 3790 storeAppendPrintf(e, " tproxy");
3791
df1b20e4 3792 else if (s->accel) {
c7b1dd5d
AJ		 3793 storeAppendPrintf(e, " accel");
3794
df1b20e4
AJ		 3795 if (s->vhost)
3796 storeAppendPrintf(e, " vhost");
62e76326 3797
df1b20e4
AJ		 3798 if (s->vport < 0)
3799 storeAppendPrintf(e, " vport");
3800 else if (s->vport > 0)
3801 storeAppendPrintf(e, " vport=%d", s->vport);
5529ca8a 3802
df1b20e4
AJ		 3803 if (s->defaultsite)
3804 storeAppendPrintf(e, " defaultsite=%s", s->defaultsite);
3805
3806 if (s->protocol && strcmp(s->protocol,"http") != 0)
3807 storeAppendPrintf(e, " protocol=%s", s->protocol);
3808
3809 if (s->allow_direct)
3810 storeAppendPrintf(e, " allow-direct");
3811
3812 if (s->ignore_cc)
3813 storeAppendPrintf(e, " ignore-cc");
3814
3815 }
3816
3817 // Generic independent options
3818
3819 if (s->name)
3820 storeAppendPrintf(e, " name=%s", s->name);
3821
33e701f3 3822#if USE_HTTP_VIOLATIONS
df1b20e4
AJ		 3823 if (!s->accel && s->ignore_cc)
3824 storeAppendPrintf(e, " ignore-cc");
3825#endif
c7b1dd5d 3826
d67acb4e
AJ		 3827 if (s->connection_auth_disabled)
3828 storeAppendPrintf(e, " connection-auth=off");
3829 else
3830 storeAppendPrintf(e, " connection-auth=on");
3831
5529ca8a 3832 if (s->disable_pmtu_discovery != DISABLE_PMTU_OFF) {
3833 const char *pmtu;
3834
3835 if (s->disable_pmtu_discovery == DISABLE_PMTU_ALWAYS)
3836 pmtu = "always";
3837 else
3838 pmtu = "transparent";
3839
3840 storeAppendPrintf(e, " disable-pmtu-discovery=%s", pmtu);
3841 }
b2130d58 3842
df1b20e4
AJ		 3843 if (s->s.IsAnyAddr() && !s->s.IsIPv6())
3844 storeAppendPrintf(e, " ipv4");
3845
b2130d58 3846 if (s->tcp_keepalive.enabled) {
26ac0430 3847 if (s->tcp_keepalive.idle || s->tcp_keepalive.interval || s->tcp_keepalive.timeout) {
68924b6d 3848 storeAppendPrintf(e, " tcpkeepalive=%d,%d,%d", s->tcp_keepalive.idle, s->tcp_keepalive.interval, s->tcp_keepalive.timeout);
26ac0430 3849 } else {
68924b6d 3850 storeAppendPrintf(e, " tcpkeepalive");
26ac0430 3851 }
b2130d58 3852 }
154dc884 3853
3854#if USE_SSL
c7b1dd5d 3855 if (s->sslBump)
df1b20e4 3856 storeAppendPrintf(e, " ssl-bump");
c7b1dd5d 3857
26ac0430
AJ		 3858 if (s->cert)
3859 storeAppendPrintf(e, " cert=%s", s->cert);
154dc884 3860
26ac0430
AJ		 3861 if (s->key)
3862 storeAppendPrintf(e, " key=%s", s->key);
154dc884 3863
26ac0430
AJ		 3864 if (s->version)
3865 storeAppendPrintf(e, " version=%d", s->version);
154dc884 3866
26ac0430
AJ		 3867 if (s->options)
3868 storeAppendPrintf(e, " options=%s", s->options);
154dc884 3869
26ac0430
AJ		 3870 if (s->cipher)
3871 storeAppendPrintf(e, " cipher=%s", s->cipher);
154dc884 3872
26ac0430
AJ		 3873 if (s->cafile)
3874 storeAppendPrintf(e, " cafile=%s", s->cafile);
154dc884 3875
26ac0430
AJ		 3876 if (s->capath)
3877 storeAppendPrintf(e, " capath=%s", s->capath);
154dc884 3878
26ac0430
AJ		 3879 if (s->crlfile)
3880 storeAppendPrintf(e, " crlfile=%s", s->crlfile);
154dc884 3881
26ac0430
AJ		 3882 if (s->dhfile)
3883 storeAppendPrintf(e, " dhparams=%s", s->dhfile);
154dc884 3884
26ac0430
AJ		 3885 if (s->sslflags)
3886 storeAppendPrintf(e, " sslflags=%s", s->sslflags);
154dc884 3887
95d2589c
CT		 3888 if (s->sslContextSessionId)
3889 storeAppendPrintf(e, " sslcontext=%s", s->sslContextSessionId);
3890
3891 if (s->generateHostCertificates)
3892 storeAppendPrintf(e, " generate-host-certificates");
3893
3894 if (s->dynamicCertMemCacheSize != std::numeric_limits<size_t>::max())
3895 storeAppendPrintf(e, "dynamic_cert_mem_cache_size=%lu%s\n", (unsigned long)s->dynamicCertMemCacheSize, B_BYTES_STR);
154dc884 3896#endif
3f38a55e 3897}
62e76326 3898
3f38a55e 3899static void
65d448bc 3900dump_PortCfg(StoreEntry * e, const char *n, const AnyP::PortCfg * s)
3f38a55e 3901{
3902 while (s) {
65d448bc 3903 dump_generic_port(e, n, s);
62e76326 3904 storeAppendPrintf(e, "\n");
3905 s = s->next;
3f38a55e 3906 }
3907}
3908
3909static void
65d448bc 3910free_PortCfg(AnyP::PortCfg ** head)
3f38a55e 3911{
65d448bc 3912 AnyP::PortCfg *s;
62e76326 3913
3f38a55e 3914 while ((s = *head) != NULL) {
62e76326 3915 *head = s->next;
60b2e919 3916 cbdataReferenceDone(s);
3f38a55e 3917 }
3918}
3919
f150dd4b 3920void
3921configFreeMemory(void)
3922{
23ff6968 3923 free_all();
29bf4910
CT		 3924#if USE_SSL
3925 SSL_CTX_free(Config.ssl_client.sslContext);
3926#endif
f150dd4b 3927}
f0b19334 3928
94439e4e 3929void
f0b19334 3930requirePathnameExists(const char *name, const char *path)
3931{
62e76326 3932
f0b19334 3933 struct stat sb;
08577e16 3934 char pathbuf[BUFSIZ];
f0b19334 3935 assert(path != NULL);
62e76326 3936
0b796acd 3937 if (Config.chroot_dir && (geteuid() == 0)) {
62e76326 3938 snprintf(pathbuf, BUFSIZ, "%s/%s", Config.chroot_dir, path);
3939 path = pathbuf;
08577e16 3940 }
62e76326 3941
a572d8be 3942 if (stat(path, &sb) < 0) {
a32a190b
AJ		 3943 debugs(0, DBG_CRITICAL, (opt_parse_cfg_only?"FATAL ":"") << "ERROR: " << name << " " << path << ": " << xstrerror());
3944 // keep going to find more issues if we are only checking the config file with "-k parse"
3945 if (opt_parse_cfg_only)
3946 return;
3947 // this is fatal if it is found during startup or reconfigure
a572d8be 3948 if (opt_send_signal == -1 || opt_send_signal == SIGHUP)
3949 fatalf("%s %s: %s", name, path, xstrerror());
a572d8be 3950 }
f0b19334 3951}
d860a1aa 3952
3953char *
3954strtokFile(void)
3955{
d295d770 3956 return ConfigParser::strtokFile();
d860a1aa 3957}
7684c4b1 3958
450e0c10 3959#include "AccessLogEntry.h"
7684c4b1 3960
3961static void
3962parse_access_log(customlog ** logs)
3963{
3964 const char *filename, *logdef_name;
7684c4b1 3965
38e16f92 3966 customlog *cl = (customlog *)xcalloc(1, sizeof(*cl));
7684c4b1 3967
9eeb8e4b 3968 if ((filename = strtok(NULL, w_space)) == NULL) {
7684c4b1 3969 self_destruct();
9eeb8e4b 3970 return;
3971 }
7684c4b1 3972
3973 if (strcmp(filename, "none") == 0) {
20efa1c2 3974 cl->type = Log::Format::CLF_NONE;
6375a714
AJ		 3975 aclParseAclList(LegacyParser, &cl->aclList);
3976 while (*logs)
3977 logs = &(*logs)->next;
3978 *logs = cl;
3979 return;
7684c4b1 3980 }
3981
3982 if ((logdef_name = strtok(NULL, w_space)) == NULL)
20efa1c2 3983 logdef_name = "squid";
7684c4b1 3984
bf8fe701 3985 debugs(3, 9, "Log definition name '" << logdef_name << "' file '" << filename << "'");
7684c4b1 3986
3987 cl->filename = xstrdup(filename);
3988
3989 /* look for the definition pointer corresponding to this name */
38e16f92 3990 Format::Format *lf = Log::TheConfig.logformats;
7684c4b1 3991
3992 while (lf != NULL) {
bf8fe701 3993 debugs(3, 9, "Comparing against '" << lf->name << "'");
7684c4b1 3994
3995 if (strcmp(lf->name, logdef_name) == 0)
3996 break;
3997
3998 lf = lf->next;
3999 }
4000
4001 if (lf != NULL) {
20efa1c2 4002 cl->type = Log::Format::CLF_CUSTOM;
7684c4b1 4003 cl->logFormat = lf;
4004 } else if (strcmp(logdef_name, "auto") == 0) {
20efa1c2
AJ		 4005 debugs(0,0, "WARNING: Log format 'auto' no longer exists. Using 'squid' instead.");
4006 cl->type = Log::Format::CLF_SQUID;
7684c4b1 4007 } else if (strcmp(logdef_name, "squid") == 0) {
20efa1c2 4008 cl->type = Log::Format::CLF_SQUID;
7684c4b1 4009 } else if (strcmp(logdef_name, "common") == 0) {
20efa1c2
AJ		 4010 cl->type = Log::Format::CLF_COMMON;
4011 } else if (strcmp(logdef_name, "combined") == 0) {
4012 cl->type = Log::Format::CLF_COMBINED;
3ff65596
AR		 4013#if ICAP_CLIENT
4014 } else if (strcmp(logdef_name, "icap_squid") == 0) {
20efa1c2 4015 cl->type = Log::Format::CLF_ICAP_SQUID;
3ff65596 4016#endif
20efa1c2
AJ		 4017 } else if (strcmp(logdef_name, "useragent") == 0) {
4018 cl->type = Log::Format::CLF_USERAGENT;
4019 } else if (strcmp(logdef_name, "referrer") == 0) {
4020 cl->type = Log::Format::CLF_REFERER;
7684c4b1 4021 } else {
bf8fe701 4022 debugs(3, 0, "Log format '" << logdef_name << "' is not defined");
7684c4b1 4023 self_destruct();
9eeb8e4b 4024 return;
7684c4b1 4025 }
4026
a9f20260 4027 aclParseAclList(LegacyParser, &cl->aclList);
7684c4b1 4028
4029 while (*logs)
4030 logs = &(*logs)->next;
4031
4032 *logs = cl;
4033}
4034
d64bef4c 4035static int
4036check_null_access_log(customlog *customlog_definitions)
4037{
4038 return customlog_definitions == NULL;
4039}
4040
7684c4b1 4041static void
4042dump_access_log(StoreEntry * entry, const char *name, customlog * logs)
4043{
4044 customlog *log;
4045
4046 for (log = logs; log; log = log->next) {
4047 storeAppendPrintf(entry, "%s ", name);
4048
4049 switch (log->type) {
4050
20efa1c2 4051 case Log::Format::CLF_CUSTOM:
7684c4b1 4052 storeAppendPrintf(entry, "%s %s", log->filename, log->logFormat->name);
4053 break;
4054
20efa1c2 4055 case Log::Format::CLF_NONE:
7684c4b1 4056 storeAppendPrintf(entry, "none");
4057 break;
4058
20efa1c2 4059 case Log::Format::CLF_SQUID:
7684c4b1 4060 storeAppendPrintf(entry, "%s squid", log->filename);
4061 break;
4062
20efa1c2
AJ		 4063 case Log::Format::CLF_COMBINED:
4064 storeAppendPrintf(entry, "%s combined", log->filename);
4065 break;
4066
4067 case Log::Format::CLF_COMMON:
4068 storeAppendPrintf(entry, "%s common", log->filename);
7684c4b1 4069 break;
20efa1c2 4070
3ff65596 4071#if ICAP_CLIENT
20efa1c2 4072 case Log::Format::CLF_ICAP_SQUID:
3ff65596
AR		 4073 storeAppendPrintf(entry, "%s icap_squid", log->filename);
4074 break;
4075#endif
20efa1c2
AJ		 4076 case Log::Format::CLF_USERAGENT:
4077 storeAppendPrintf(entry, "%s useragent", log->filename);
4078 break;
7684c4b1 4079
20efa1c2
AJ		 4080 case Log::Format::CLF_REFERER:
4081 storeAppendPrintf(entry, "%s referrer", log->filename);
7684c4b1 4082 break;
4083
20efa1c2 4084 case Log::Format::CLF_UNKNOWN:
7684c4b1 4085 break;
4086 }
4087
4088 if (log->aclList)
4089 dump_acl_list(entry, log->aclList);
4090
4091 storeAppendPrintf(entry, "\n");
4092 }
4093}
4094
7684c4b1 4095static void
4096free_access_log(customlog ** definitions)
4097{
4098 while (*definitions) {
4099 customlog *log = *definitions;
4100 *definitions = log->next;
4101
4102 log->logFormat = NULL;
20efa1c2 4103 log->type = Log::Format::CLF_UNKNOWN;
7684c4b1 4104
4105 if (log->aclList)
4106 aclDestroyAclList(&log->aclList);
4107
4108 safe_free(log->filename);
4109
4110 xfree(log);
4111 }
4112}
3a69ddf3 4113
96c2bb61
AR		 4114/// parses list of integers form name=N1,N2,N3,...
4115static bool
4116parseNamedIntList(const char *data, const String &name, Vector<int> &list)
4117{
4118 if (data && (strncmp(data, name.rawBuf(), name.size()) == 0)) {
4119 data += name.size();
4120 if (*data == '=') {
4121 while (true) {
4122 ++data;
4123 int value = 0;
4124 if (!StringToInt(data, value, &data, 10))
4125 break;
4126 list.push_back(value);
4127 if (*data == '\0' || *data != ',')
4128 break;
4129 }
4130 }
4131 }
cff99cec 4132 return data && *data == '\0';
96c2bb61
AR		 4133}
4134
4135static void
212af65c
A		 4136parse_CpuAffinityMap(CpuAffinityMap **const cpuAffinityMap)
4137{
96c2bb61
AR		 4138#if !HAVE_CPU_AFFINITY
4139 debugs(3, DBG_CRITICAL, "FATAL: Squid built with no CPU affinity " <<
4140 "support, do not set 'cpu_affinity_map'");
4141 self_destruct();
4142#endif /* HAVE_CPU_AFFINITY */
4143
4144 if (!*cpuAffinityMap)
4145 *cpuAffinityMap = new CpuAffinityMap;
4146
4147 const char *const pToken = strtok(NULL, w_space);
4148 const char *const cToken = strtok(NULL, w_space);
4149 Vector<int> processes, cores;
4150 if (!parseNamedIntList(pToken, "process_numbers", processes)) {
4151 debugs(3, DBG_CRITICAL, "FATAL: bad 'process_numbers' parameter " <<
4152 "in 'cpu_affinity_map'");
4153 self_destruct();
4154 } else if (!parseNamedIntList(cToken, "cores", cores)) {
4155 debugs(3, DBG_CRITICAL, "FATAL: bad 'cores' parameter in " <<
4156 "'cpu_affinity_map'");
4157 self_destruct();
4158 } else if (!(*cpuAffinityMap)->add(processes, cores)) {
4159 debugs(3, DBG_CRITICAL, "FATAL: bad 'cpu_affinity_map'; " <<
4160 "process_numbers and cores lists differ in length or " <<
4161 "contain numbers <= 0");
4162 self_destruct();
4163 }
4164}
4165
4166static void
212af65c
A		 4167dump_CpuAffinityMap(StoreEntry *const entry, const char *const name, const CpuAffinityMap *const cpuAffinityMap)
4168{
96c2bb61
AR		 4169 if (cpuAffinityMap) {
4170 storeAppendPrintf(entry, "%s process_numbers=", name);
4171 for (size_t i = 0; i < cpuAffinityMap->processes().size(); ++i) {
4172 storeAppendPrintf(entry, "%s%i", (i ? "," : ""),
4173 cpuAffinityMap->processes()[i]);
4174 }
4175 storeAppendPrintf(entry, " cores=");
4176 for (size_t i = 0; i < cpuAffinityMap->processes().size(); ++i) {
4177 storeAppendPrintf(entry, "%s%i", (i ? "," : ""),
4178 cpuAffinityMap->cores()[i]);
4179 }
4180 storeAppendPrintf(entry, "\n");
4181 }
4182}
4183
4184static void
212af65c
A		 4185free_CpuAffinityMap(CpuAffinityMap **const cpuAffinityMap)
4186{
96c2bb61
AR		 4187 delete *cpuAffinityMap;
4188 *cpuAffinityMap = NULL;
4189}
4190
62c7f90e
AR		 4191#if USE_ADAPTATION
4192
4193static void
4194parse_adaptation_service_set_type()
4195{
4196 Adaptation::Config::ParseServiceSet();
4197}
4198
a22e6cd3
AR		 4199static void
4200parse_adaptation_service_chain_type()
4201{
4202 Adaptation::Config::ParseServiceChain();
4203}
4204
62c7f90e
AR		 4205static void
4206parse_adaptation_access_type()
4207{
4208 Adaptation::Config::ParseAccess(LegacyParser);
4209}
4210
71be37e0
CT		 4211static void
4212parse_adaptation_meta_type(Adaptation::Config::MetaHeaders *)
4213{
4214 Adaptation::Config::ParseMetaHeader(LegacyParser);
4215}
4216
4217static void
4218dump_adaptation_meta_type(StoreEntry *entry, const char *name, Adaptation::Config::MetaHeaders &)
4219{
4220 Adaptation::Config::DumpMetaHeader(entry, name);
4221}
4222
4223static void
4224free_adaptation_meta_type(Adaptation::Config::MetaHeaders *)
4225{
4226 // Nothing to do, it is released inside Adaptation::Config::freeService()
4227}
62c7f90e
AR		 4228#endif /* USE_ADAPTATION */
4229
4230
3a69ddf3 4231#if ICAP_CLIENT
4232
4233static void
26cc52cb 4234parse_icap_service_type(Adaptation::Icap::Config * cfg)
3a69ddf3 4235{
462e63d3 4236 cfg->parseService();
3a69ddf3 4237}
4238
4239static void
26cc52cb 4240free_icap_service_type(Adaptation::Icap::Config * cfg)
3a69ddf3 4241{
462e63d3 4242 cfg->freeService();
3a69ddf3 4243}
4244
4245static void
26cc52cb 4246dump_icap_service_type(StoreEntry * entry, const char *name, const Adaptation::Icap::Config &cfg)
3a69ddf3 4247{
462e63d3 4248 cfg.dumpService(entry, name);
3a69ddf3 4249}
4250
4251static void
c939dc70 4252parse_icap_class_type()
3a69ddf3 4253{
62c7f90e 4254 debugs(93, 0, "WARNING: 'icap_class' is depricated. " <<
26ac0430 4255 "Use 'adaptation_service_set' instead");
62c7f90e 4256 Adaptation::Config::ParseServiceSet();
3a69ddf3 4257}
4258
3a69ddf3 4259static void
c939dc70 4260parse_icap_access_type()
3a69ddf3 4261{
62c7f90e 4262 debugs(93, 0, "WARNING: 'icap_access' is depricated. " <<
26ac0430 4263 "Use 'adaptation_access' instead");
21a26d31 4264 Adaptation::Config::ParseAccess(LegacyParser);
3a69ddf3 4265}
4266
3a69ddf3 4267#endif
21a26d31
AR		 4268
4269
4270#if USE_ECAP
4271
4272static void
574b508c 4273parse_ecap_service_type(Adaptation::Ecap::Config * cfg)
21a26d31
AR		 4274{
4275 cfg->parseService();
4276}
4277
4278static void
574b508c 4279free_ecap_service_type(Adaptation::Ecap::Config * cfg)
21a26d31
AR		 4280{
4281 cfg->freeService();
4282}
4283
4284static void
574b508c 4285dump_ecap_service_type(StoreEntry * entry, const char *name, const Adaptation::Ecap::Config &cfg)
21a26d31
AR		 4286{
4287 cfg.dumpService(entry, name);
4288}
4289
4290#endif /* USE_ECAP */
8277060a
CT		 4291
4292#if ICAP_CLIENT
4293static void parse_icap_service_failure_limit(Adaptation::Icap::Config *cfg)
4294{
4295 char *token;
4296 time_t d;
4297 time_t m;
4298 cfg->service_failure_limit = GetInteger();
4299
4300 if ((token = strtok(NULL, w_space)) == NULL)
4301 return;
4302
4303 if (strcmp(token,"in") != 0) {
4304 debugs(3, 0, "expecting 'in' on'" << config_input_line << "'");
4305 self_destruct();
4306 }
4307
4308 if ((token = strtok(NULL, w_space)) == NULL) {
4309 self_destruct();
4310 }
4311
4312 d = static_cast<time_t> (xatoi(token));
a459e80a 4313
8277060a
CT		 4314 m = static_cast<time_t> (1);
4315
4316 if (0 == d)
4317 (void) 0;
4318 else if ((token = strtok(NULL, w_space)) == NULL) {
4319 debugs(3, 0, "No time-units on '" << config_input_line << "'");
4320 self_destruct();
9b741834 4321 } else if ((m = parseTimeUnits(token, false)) == 0)
8277060a
CT		 4322 self_destruct();
4323
4324 cfg->oldest_service_failure = (m * d);
4325}
4326
4327static void dump_icap_service_failure_limit(StoreEntry *entry, const char *name, const Adaptation::Icap::Config &cfg)
4328{
4329 storeAppendPrintf(entry, "%s %d", name, cfg.service_failure_limit);
4330 if (cfg.oldest_service_failure > 0) {
4331 storeAppendPrintf(entry, " in %d seconds", (int)cfg.oldest_service_failure);
4332 }
4333 storeAppendPrintf(entry, "\n");
4334}
4335
4336static void free_icap_service_failure_limit(Adaptation::Icap::Config *cfg)
4337{
4338 cfg->oldest_service_failure = 0;
4339 cfg->service_failure_limit = 0;
4340}
aebe6888 4341#endif
8277060a 4342
fb2178bb
CT		 4343#if USE_SSL
4344static void parse_sslproxy_cert_adapt(sslproxy_cert_adapt **cert_adapt)
4345{
4346 char *al;
4347 sslproxy_cert_adapt *ca = (sslproxy_cert_adapt *) xcalloc(1, sizeof(sslproxy_cert_adapt));
4348 if ((al = strtok(NULL, w_space)) == NULL) {
4349 self_destruct();
4350 return;
4351 }
4352
4353 const char *param;
4354 if ( char *s = strchr(al, '{')) {
4355 *s = '\0'; // terminate the al string
4356 s++;
4357 param = s;
4358 s = strchr(s, '}');
4359 if (!s) {
4360 self_destruct();
4361 return;
4362 }
4363 *s = '\0';
4364 }
4365 else
4366 param = NULL;
4367
4368 if (strcmp(al, Ssl::CertAdaptAlgorithmStr[Ssl::algSetValidAfter]) == 0) {
4369 ca->alg = Ssl::algSetValidAfter;
4370 ca->param = strdup("on");
4371 }
4372 else if (strcmp(al, Ssl::CertAdaptAlgorithmStr[Ssl::algSetValidBefore]) == 0) {
4373 ca->alg = Ssl::algSetValidBefore;
4374 ca->param = strdup("on");
4375 }
4376 else if (strcmp(al, Ssl::CertAdaptAlgorithmStr[Ssl::algSetCommonName]) == 0) {
4377 ca->alg = Ssl::algSetCommonName;
4378 if (param) {
5367d845
CT		 4379 if (strlen(param) > 64) {
4380 debugs(3, DBG_CRITICAL, "FATAL: sslproxy_cert_adapt: setCommonName{" <<param << "} : using common name longer than 64 bytes is not supported");
4381 self_destruct();
4382 return;
4383 }
fb2178bb
CT		 4384 ca->param = strdup(param);
4385 }
4386 } else {
4387 debugs(3, DBG_CRITICAL, "FATAL: sslproxy_cert_adapt: unknown cert adaptation algorithm: " << al);
4388 self_destruct();
4389 return;
4390 }
4391
4392 aclParseAclList(LegacyParser, &ca->aclList);
4393
4394 while(*cert_adapt)
4395 cert_adapt = &(*cert_adapt)->next;
4396
4397 *cert_adapt = ca;
4398}
4399
4400static void dump_sslproxy_cert_adapt(StoreEntry *entry, const char *name, sslproxy_cert_adapt *cert_adapt)
4401{
4402 for (sslproxy_cert_adapt *ca = cert_adapt; ca != NULL; ca = ca->next) {
4403 storeAppendPrintf(entry, "%s ", name);
4404 storeAppendPrintf(entry, "%s{%s} ", Ssl::sslCertAdaptAlgoritm(ca->alg), ca->param);
4405 if (ca->aclList)
4406 dump_acl_list(entry, ca->aclList);
4407 storeAppendPrintf(entry, "\n");
4408 }
4409}
4410
4411static void free_sslproxy_cert_adapt(sslproxy_cert_adapt **cert_adapt)
4412{
4413 while(*cert_adapt) {
4414 sslproxy_cert_adapt *ca = *cert_adapt;
4415 *cert_adapt = ca->next;
4416 safe_free(ca->param);
4417
4418 if (ca->aclList)
4419 aclDestroyAclList(&ca->aclList);
4420
4421 safe_free(ca);
4422 }
4423}
aebe6888
CT		 4424
4425static void parse_sslproxy_cert_sign(sslproxy_cert_sign **cert_sign)
4426{
4427 char *al;
4428 sslproxy_cert_sign *cs = (sslproxy_cert_sign *) xcalloc(1, sizeof(sslproxy_cert_sign));
4429 if ((al = strtok(NULL, w_space)) == NULL) {
4430 self_destruct();
4431 return;
4432 }
4433
4434 if (strcmp(al, Ssl::CertSignAlgorithmStr[Ssl::algSignTrusted]) == 0)
4435 cs->alg = Ssl::algSignTrusted;
4436 else if (strcmp(al, Ssl::CertSignAlgorithmStr[Ssl::algSignUntrusted]) == 0)
4437 cs->alg = Ssl::algSignUntrusted;
4438 else if (strcmp(al, Ssl::CertSignAlgorithmStr[Ssl::algSignSelf]) == 0)
4439 cs->alg = Ssl::algSignSelf;
4440 else {
4441 debugs(3, DBG_CRITICAL, "FATAL: sslproxy_cert_sign: unknown cert signing algorithm: " << al);
4442 self_destruct();
4443 return;
4444 }
4445
4446 aclParseAclList(LegacyParser, &cs->aclList);
4447
4448 while(*cert_sign)
4449 cert_sign = &(*cert_sign)->next;
4450
4451 *cert_sign = cs;
4452}
4453
4454static void dump_sslproxy_cert_sign(StoreEntry *entry, const char *name, sslproxy_cert_sign *cert_sign)
4455{
4456 sslproxy_cert_sign *cs;
4457 for (cs = cert_sign; cs != NULL; cs = cs->next) {
4458 storeAppendPrintf(entry, "%s ", name);
4459 storeAppendPrintf(entry, "%s ", Ssl::certSignAlgorithm(cs->alg));
4460 if (cs->aclList)
4461 dump_acl_list(entry, cs->aclList);
4462 storeAppendPrintf(entry, "\n");
4463 }
4464}
4465
4466static void free_sslproxy_cert_sign(sslproxy_cert_sign **cert_sign)
4467{
4468 while(*cert_sign) {
4469 sslproxy_cert_sign *cs = *cert_sign;
4470 *cert_sign = cs->next;
4471
4472 if (cs->aclList)
4473 aclDestroyAclList(&cs->aclList);
4474
4475 safe_free(cs);
4476 }
4477}
fb2178bb 4478
38450a50
CT		 4479class sslBumpCfgRr: public ::RegisteredRunner
4480{
4481public:
4482 static Ssl::BumpMode lastDeprecatedRule;
4483 /* RegisteredRunner API */
4484 virtual void run(const RunnerRegistry &);
4485};
4486
4487Ssl::BumpMode sslBumpCfgRr::lastDeprecatedRule = Ssl::bumpEnd;
4488
4489RunnerRegistrationEntry(rrFinalizeConfig, sslBumpCfgRr);
4490
4491void sslBumpCfgRr::run(const RunnerRegistry &r)
4492{
4493 if (lastDeprecatedRule != Ssl::bumpEnd) {
4494 assert( lastDeprecatedRule == Ssl::bumpClientFirst || lastDeprecatedRule == Ssl::bumpNone);
4495 static char buf[1024];
4496 if (lastDeprecatedRule == Ssl::bumpClientFirst) {
4497 strcpy(buf, "ssl_bump deny all");
4498 debugs(3, DBG_CRITICAL, "WARNING: auto-converting deprecated implicit "
4499 "\"ssl_bump deny all\" to \"ssl_bump none all\". New ssl_bump configurations "
4500 "must not use implicit rules. Update your ssl_bump rules.");
4501 } else {
4502 strcpy(buf, "ssl_bump allow all");
4503 debugs(3, DBG_CRITICAL, "SECURITY NOTICE: auto-converting deprecated implicit "
4504 "\"ssl_bump allow all\" to \"ssl_bump client-first all\" which is usually "
4505 "inferior to the newer server-first bumping mode. New ssl_bump"
4506 " configurations must not use implicit rules. Update your ssl_bump rules.");
4507 }
4508 parse_line(buf);
4509 }
4510}
4511
caf3666d
AR		 4512static void parse_sslproxy_ssl_bump(acl_access **ssl_bump)
4513{
38450a50
CT		 4514 typedef const char *BumpCfgStyle;
4515 BumpCfgStyle bcsNone = NULL;
4516 BumpCfgStyle bcsNew = "new client/server-first/none";
4517 BumpCfgStyle bcsOld = "deprecated allow/deny";
4518 static BumpCfgStyle bumpCfgStyleLast = bcsNone;
4519 BumpCfgStyle bumpCfgStyleNow = bcsNone;
caf3666d
AR		 4520 char *bm;
4521 if ((bm = strtok(NULL, w_space)) == NULL) {
4522 self_destruct();
4523 return;
4524 }
4525
38450a50
CT		 4526 // if this is the first rule proccessed
4527 if (*ssl_bump == NULL) {
4528 bumpCfgStyleLast = bcsNone;
4529 sslBumpCfgRr::lastDeprecatedRule = Ssl::bumpEnd;
4530 }
4531
caf3666d
AR		 4532 acl_access *A = new acl_access;
4533 A->allow = allow_t(ACCESS_ALLOWED);
4534
38450a50 4535 if (strcmp(bm, Ssl::BumpModeStr[Ssl::bumpClientFirst]) == 0) {
caf3666d 4536 A->allow.kind = Ssl::bumpClientFirst;
38450a50
CT		 4537 bumpCfgStyleNow = bcsNew;
4538 } else if (strcmp(bm, Ssl::BumpModeStr[Ssl::bumpServerFirst]) == 0) {
caf3666d 4539 A->allow.kind = Ssl::bumpServerFirst;
38450a50
CT		 4540 bumpCfgStyleNow = bcsNew;
4541 } else if (strcmp(bm, Ssl::BumpModeStr[Ssl::bumpNone]) == 0) {
caf3666d 4542 A->allow.kind = Ssl::bumpNone;
38450a50
CT		 4543 bumpCfgStyleNow = bcsNew;
4544 } else if (strcmp(bm, "allow") == 0) {
4545 debugs(3, DBG_CRITICAL, "SECURITY NOTICE: auto-converting deprecated "
4546 "\"ssl_bump allow <acl>\" to \"ssl_bump client-first <acl>\" which "
4547 "is usually inferior to the newer server-first "
4548 "bumping mode. Update your ssl_bump rules.");
4549 A->allow.kind = Ssl::bumpClientFirst;
4550 bumpCfgStyleNow = bcsOld;
4551 sslBumpCfgRr::lastDeprecatedRule = Ssl::bumpClientFirst;
4552 } else if (strcmp(bm, "deny") == 0) {
4553 debugs(3, DBG_CRITICAL, "WARNING: auto-converting deprecated "
4554 "\"ssl_bump deny <acl>\" to \"ssl_bump none <acl>\". Update "
4555 "your ssl_bump rules.");
4556 A->allow.kind = Ssl::bumpNone;
4557 bumpCfgStyleNow = bcsOld;
4558 sslBumpCfgRr::lastDeprecatedRule = Ssl::bumpNone;
caf3666d
AR		 4559 } else {
4560 debugs(3, DBG_CRITICAL, "FATAL: unknown ssl_bump mode: " << bm);
4561 self_destruct();
4562 return;
4563 }
4564
38450a50
CT		 4565 if (bumpCfgStyleLast != bcsNone && bumpCfgStyleNow != bumpCfgStyleLast) {
4566 debugs(3, DBG_CRITICAL, "FATAL: do not mix " << bumpCfgStyleNow << " actions with " <<
4567 bumpCfgStyleLast << " actions. Update your ssl_bump rules.");
4568 self_destruct();
4569 return;
4570 }
4571
4572 bumpCfgStyleLast = bumpCfgStyleNow;
4573
caf3666d
AR		 4574 aclParseAclList(LegacyParser, &A->aclList);
4575
4576 acl_access *B, **T;
4577 for (B = *ssl_bump, T = ssl_bump; B; T = &B->next, B = B->next);
4578 *T = A;
4579}
4580
4581static void dump_sslproxy_ssl_bump(StoreEntry *entry, const char *name, acl_access *ssl_bump)
4582{
4583 acl_access *sb;
4584 for (sb = ssl_bump; sb != NULL; sb = sb->next) {
4585 storeAppendPrintf(entry, "%s ", name);
4586 storeAppendPrintf(entry, "%s ", Ssl::bumpMode(sb->allow.kind));
4587 if (sb->aclList)
4588 dump_acl_list(entry, sb->aclList);
4589 storeAppendPrintf(entry, "\n");
4590 }
4591}
4592
4593static void free_sslproxy_ssl_bump(acl_access **ssl_bump)
4594{
4595 free_acl_access(ssl_bump);
4596}
4597
8277060a 4598#endif
f4698e0b
CT		 4599
4600static void dump_HeaderWithAclList(StoreEntry * entry, const char *name, HeaderWithAclList *headers)
4601{
4602 if (!headers)
4603 return;
4604
4605 for (HeaderWithAclList::iterator hwa = headers->begin(); hwa != headers->end(); ++hwa) {
4606 storeAppendPrintf(entry, "%s ", hwa->fieldName.c_str());
4607 storeAppendPrintf(entry, "%s ", hwa->fieldValue.c_str());
4608 if (hwa->aclList)
4609 dump_acl_list(entry, hwa->aclList);
4610 storeAppendPrintf(entry, "\n");
4611 }
4612}
4613
4614static void parse_HeaderWithAclList(HeaderWithAclList **headers)
4615{
4616 char *fn;
4617 if (!*headers) {
4618 *headers = new HeaderWithAclList;
4619 }
4620 if ((fn = strtok(NULL, w_space)) == NULL) {
4621 self_destruct();
4622 return;
4623 }
4624 HeaderWithAcl hwa;
4625 hwa.fieldName = fn;
4626 hwa.fieldId = httpHeaderIdByNameDef(fn, strlen(fn));
4627 if (hwa.fieldId == HDR_BAD_HDR)
4628 hwa.fieldId = HDR_OTHER;
4629
4630 String buf;
4631 bool wasQuoted;
4632 ConfigParser::ParseQuotedString(&buf, &wasQuoted);
4633 hwa.fieldValue = buf.termedBuf();
4634 hwa.quoted = wasQuoted;
4635 if (hwa.quoted) {
4636 Format::Format *nlf = new ::Format::Format("hdrWithAcl");
4637 if (!nlf->parse(hwa.fieldValue.c_str())) {
4638 self_destruct();
4639 return;
4640 }
4641 hwa.valueFormat = nlf;
4642 }
4643 aclParseAclList(LegacyParser, &hwa.aclList);
4644 (*headers)->push_back(hwa);
4645}
4646
4647static void free_HeaderWithAclList(HeaderWithAclList **header)
4648{
4649 if (!(*header))
4650 return;
4651
4652 for (HeaderWithAclList::iterator hwa = (*header)->begin(); hwa != (*header)->end(); ++hwa) {
4653 if (hwa->aclList)
4654 aclDestroyAclList(&hwa->aclList);
4655
4656 if (hwa->valueFormat) {
4657 delete hwa->valueFormat;
4658 hwa->valueFormat = NULL;
4659 }
4660 }
4661 delete *header;
4662 *header = NULL;
4663}
Mirror of https://github.com/squid-cache/squid.git