Amos Jeffries [Wed, 18 Nov 2015 03:23:59 +0000 (19:23 -0800)]
Combine the https_port list internal state with http_port state.
These two lists have been near identical for some time now and we can
easily reduce code by simply merging the two and using either the
secure.encryptTransport flag or the transport.protocol type to select
the remaining non-identical code paths.
Alex Rousskov [Sun, 15 Nov 2015 17:54:58 +0000 (10:54 -0700)]
Stop using dangling pointers for eCAP-set custom HTTP reason phrases.
Squid still does not support [external] custom reason phrases and,
hence, cannot reliably support eCAP API that sets the reason phrase to
the one supplied by the adapter. This and r14398 changes fix [known]
regression bugs introduced by r12728 ("SourceLayout").
Alex Rousskov [Sun, 15 Nov 2015 16:59:12 +0000 (09:59 -0700)]
Fixed status code-based HTTP reason phrase for eCAP-generated messages.
Calling .reason() on a not-yet-set theMessage.sline object resulted in
"Init" status reason phrase for all from-scratch (i.e., not cloned)
eCAP-made HTTP responses. This fix lets Squid compute the reason phrase
based on the status code, just like Squid does for forwarded responses
(IIRC).
The ERR_SECURE_ACCEPT_FAIL and ERR_REQUEST_START_TIMEOUT errors apears that
have missing templates on squid startup.
Actually these errors does not produce any error page. Move them under the
TCP_RESET error in err_type.h to mark them as optional.
- Squid receives TLS Hello from the client (TCP connection A).
- Squid successfully negotiates an TLS connection with the origin server
(TCP connection B).
- Squid successfully negotiates an TLS connection with the client
(TCP connection A).
- Squid marks connection B as "idle" and waits an HTTP request from
connection A.
- The origin server continues talking to Squid (TCP connection B).
Squid detects a network read on an idle connection and closes TCP
connection B (and then the associated TCP connection A as well).
This patch:
- When squid detects a network read on server idle connection do an
SSL_read to:
a) see if application data received from server and abort in this case
b) detect possible TLS error, or TLS shutdown message from server
c) or ignore if only TLS protocol related packets received.
Amos Jeffries [Sun, 8 Nov 2015 15:09:16 +0000 (07:09 -0800)]
Fix compile erorr on clang undefined reference to '__atomic_load_8'
Later versions of GCC on some architectures push atomic functions
out into a separate atomic library. Older versions of clang do not
handle that automatically and require the library to be linked
explicitly.
Add a check for when this is required and set ATOMICLIB if needed.
Amos Jeffries [Sat, 7 Nov 2015 12:08:33 +0000 (04:08 -0800)]
Split core Server operations from ConnStateData
This improves the servers/libserver.la class hierarchy in
preparation for HTTP/2 and other non-HTTP/1.1 protocol support.
The basic I/O functionality of ConnStateData is moved to Server
class and a set of virtual methods designed to allow for child
class implementation of data processing operations.
No logic is changed in this patch, just symbol renaming and
moving of method logics as-is into libservers.la
The autoconf check for SQUID_SSLGETCERTIFICATE_BUGGY fails on ssl library
builds which don't include SSLv3; as a result of the autoconf decision
this can end up triggering the assert(0) in Ssl::verifySslCertificate()
in ssl/support.cc (line 1712 in 3.5.11).
Allow unlimited LDAP search filter for ext_ldap_group_acl helper.
The LDAP search filter in ext_ldap_group_acl is limited to 256 characters.
In some environments the user DN or group filter can be larger than this
limitation.
This patch uses dynamic allocated buffers for LDAP search filters.
Amos Jeffries [Sun, 1 Nov 2015 10:07:41 +0000 (02:07 -0800)]
Fix shutdown aborts after rev.14374
Changes to signal processing introduced by rev.14374 causse Squid to
ignore repeated signals.
However, repeated shutdown signals actually has meaning and need to abort
the shutdown delay timeout. So we need to allow those through to the
shutdown signal handler.
Alex Rousskov [Fri, 30 Oct 2015 20:38:57 +0000 (14:38 -0600)]
Bug 3574: To avoid crashes, prohibit reconfiguration during shutdown.
Also consolidated and polished signal action handling code:
1. For any executed action X, clear do_X at the beginning of action X
code because once we start X, we should accept/queue more X
requests (or inform the admin if we reject them).
2. Delay any action X requested during startup or reconfiguration
because the latter two actions modify global state that X depends
on. Inform the admin that the requested action is being delayed.
3. Cancel any action X requested during shutdown. We cannot run X
during shutdown because shutdown modifies global state that X
depends on, and we never come back from shutdown so there is no
point in delaying X. Inform the admin that the requested action is
canceled.
The child signal handling action is exempt from rules #2 and #3
because its code does not depend on Squid state.
Repeated failed attempts to fix crashes related to various overlapping
actions confirm that this code is a lot trickier than it looks. This
change introduces a more systematic/comprehensive approach to
resolving associated conflicts compared to previous ad hoc attempts.
These changes were not inspired by bug 3574 but they provide a
more comprehensive version of the earlier bug 3574 fix (r14354).
Amos Jeffries [Fri, 30 Oct 2015 12:59:17 +0000 (05:59 -0700)]
Add Locker friend class to SBuf for protection against memory issues
When appending or otherwise modifying an SBuf based on a SBuf& or char*
the parameter used may be pointing at the MemBlob memory buffer
indirectly without holding a separate ref-count lock to it.
If 'this' SBuf then requires reallocation for any reason the char* or
buffer pointer taken from the SBuf&, which is being manipulated may in
fact be left pointing at invalid memory.
Utilize a private Locker class to create relatively cheap ref-count locks
on the store_ MemBlob when this problem MAY occur. This Locker needs to
be used on all non-const SBuf methods accepting char* or SBuf& argument.
Amos Jeffries [Thu, 29 Oct 2015 18:53:48 +0000 (11:53 -0700)]
Add Locker friend class to SBuf for protection against memory issues
When appending or otherwise modifying an SBuf based on a SBuf& or char*
the parameter used may be pointing at the MemBlob memory buffer
indirectly without holding a separate ref-count lock to it.
If 'this' SBuf then requires reallocation for any reason the char* or
buffer pointer taken from the SBuf&, which is being manipulated may in
fact be left pointing at invalid memory.
Utilize a private Locker class to create relatively cheap ref-count locks
on the store_ MemBlob when this problem MAY occur. This Locker needs to
be used on all non-const SBuf methods accepting char* or SBuf& argument.
Alex Rousskov [Tue, 27 Oct 2015 03:45:40 +0000 (21:45 -0600)]
Connection stats, including %<lp, missing for persistent connections.
The code reusing a pconn was missing a hier.note() call, resulting in 0
values logged for %<lp (local port number of the last server or peer
connection) and probably other missing stats.
Also refactored poorly copied statistics collection code to remove
duplication and always update to-server connection stats when the actual
connection becomes available.
Positive side effect: Upon setsockopt(2) failures, the tos and nfmark
fields of a pinned connection were set to the desired (but not actually
applied) values, while persistent connection fields were left intact
(and, hence, stale). Both fields are now reset to zero on failures, for
both types of connections.
Aymeric Vincent [Mon, 26 Oct 2015 02:53:30 +0000 (19:53 -0700)]
Fix incorrect authentication headers on cache digest requests
login=NEGOTIATE can have an additional parameter specified,
like login=NEGOTIATE:xxx
One test added in rev.12714 does not take this case into account and it
will send a garbage "login:password" (== "NEGOTIATE:xxx") to its peer
when requesting a digest.
This is a workaround patch to remove the broken Authentication headers
entirely. Support for Negotiate to the peer on these digest requests is
still needed.
Amos Jeffries [Fri, 23 Oct 2015 05:36:51 +0000 (22:36 -0700)]
Avoid errors when parsing manager ACL in old squid.conf
ACL manager is now a built-in definition and has a different type. That
has been causing FATAL errors when parsing old squid.conf. We can be
nicer and just ignore the obsolete config lines.
Alex Rousskov [Wed, 21 Oct 2015 11:59:13 +0000 (04:59 -0700)]
Fixed chunked parsing by mimicking psChunkEnd state removed in trunk r14108.
... or, more precisely, in r13994.1.4 (parser-ng-chunked: re-write parse
sequence using ParseState stages instead of Step method pointers). Before
parser-ng-chunked, reaching zero theLeftBodySize would switch the chunk
parser to the psChunkEnd state. It was possible to pause parsing in that
state and resume it when more data becomes available, including the CRLF that
follows the chunk data. After parser-ng-chunked, the state remains
HTTP_PARSE_CHUNK which implies positive theLeftBodySize.
Amos Jeffries [Fri, 16 Oct 2015 14:28:52 +0000 (07:28 -0700)]
Bug 4351: compile errors when authentication modules disabled
Authentication modules can be selectively disabled. This means the module
header files need to be wrapped with disable macros, and also code that
depends on module internal definitions.
Alex Rousskov [Thu, 15 Oct 2015 02:52:58 +0000 (19:52 -0700)]
1xx response terminates Squid-to-server connection, breaking many PUTs.
Since trunk revision 13688.1.6 (Use Http1::ResponseParser to process
HTTP server responses), HttpStateData::processReplyHeader() sets
flags.headers_parsed after successfully parsing a 1xx control message.
The rest of the code interprets that flag as "parsed the final response"
and throws a !flags.headers_parsed exception because we have not parsed
the final (non-1xx) response yet. The exception kills virtually any PUT
or similar transaction that triggers an HTTP 100 (Continue) response
from the origin server.
This fix restores the original position of the flags.headers_parsed
update.
Amos Jeffries [Mon, 12 Oct 2015 01:38:02 +0000 (18:38 -0700)]
Bug 3574: crashes on reconfigure and startup
When Squid receives a reconfigure signal before its signal handler
has been registered on startup it will crash with unhandled signal
exceptions. This can be triggered on system boot when a resolv.conf
alteration signal wins a race with the daemon service initialization.
Register the reconfigure signal handler early and ignoring signals
until initial squid.conf load has completed.
When Squid receives a reconfigure signal while it is already in the
process of reconfiguring, the two async sequences can interfere and
result in confusing fatal error or crashes.
Only allowing one reconfigure sequence to be initiated at a time.
Also, if shutdown signal has been received while waiting for a
reconfigure to finish, let shutdown take precedence over any pending
reconfigure repeats.
Based on work by Clint Byrum and D J Gardner, Ubuntu
Amos Jeffries [Sun, 11 Oct 2015 14:08:47 +0000 (07:08 -0700)]
Support logformat %macros in external_acl_type format
Update the external_acl_type helper interface to use libformat and thus
make any logformat token valid in its format parameter field.
As a result much of the logic surrounding format code parsing, display
and helper query generation has been completely dropped. What remains is
a basic parse loop handling backward compatibility for the unusual
%CERT_* token syntax, space delimiter and field default encodings.
Extensions to logformat resulting from the merger:
* adds \-escape encoding of output fields
* allows {arg} field to be placed before or after the format code.
* extended to accept the old external_acl_type %macros. But not
documented, these are deprecated and only for backward compatibility.
* extended to support outputting formats without a format-name prefix
as was required by the original logformat config lines.
The major side effect of this change is that these ACLs now require
AccessLogEntry to be filled out with state data, rather than just the
ACLChecklist object members.
The requires*() mechanism of ACLChecklist has been extended to catch
some cases resulting from missing the ALE entirely. But it cannot catch
the more subtle problem of data members inside the ALE being unset.
To try and catch those a syncAle() mechanism has been added that fills
out missing ALE members and prints out debug warnings about the action.
Amos Jeffries [Sun, 11 Oct 2015 13:56:33 +0000 (06:56 -0700)]
TLS: shuffle EECDH configuration to libsecurity
* add class ServerOptions to libsecurity to manage server specific
configuration options. Based on class PeerOptions.
* shuffle the DH config parse and dump logics to ServerOptions
* shuffle the DH params pre-loading logic to ServerOptions
* add configuration warning when tls-dh= is used and overrides
dhparams= logacy configuration. Also, auto-upgrade the config
settings when dhparams= is dumped in mgr:config report.
The new %ssl::<cert_errors logformat code lists server certificate
validation errors detected by Squid (including OpenSSL and the
certificate validation helper components). The errors are listed in
the discovery order. By default, the error codes are separated by ':'.
Custom separators are also supported. For example:
Amos Jeffries [Thu, 8 Oct 2015 12:44:41 +0000 (05:44 -0700)]
Set default pid_filename based on service name
This makes pid_filename directive no longer need to be set explicitly to
the service name in multi-tenant installations. Unless the default value
has been replaced with --with-pidfile=Foo it will use the service name
as the .pid filename.
Amos Jeffries [Thu, 1 Oct 2015 12:58:19 +0000 (05:58 -0700)]
URL-encode the implicit %DATA appended to helper format
There is nothing we can easily do about %DATA explicitly used inside the
format. It will by non-encoded unless specific encoding is written in the
format config, according to logformat design.
Amos Jeffries [Thu, 1 Oct 2015 12:35:09 +0000 (05:35 -0700)]
Fix potential memory leak on GopherStateData constructor errors
In the unusual event that the GopherStateData object constructor fails
it is possible that the destructor gets called without having gone
through the deleteThis() and swangSong() dance. Since the constructor
allocates memory buffer we need to clean that up.
Bug 4190: assertion 'hash_remove_link' from Auth::User::cacheCleanup
The hash_link based cache depends on raw-ptr key comparisons to store
hash entries. This does not work at all well with SBuf as the key,
since the backing MemBlob behind SBuf can change its memory location.
* replace the implementation of User credentials caching with an STL
based container class that can handle SBuf.
* revert the global Auth::User cache design to per-scheme caches
which get combined only when reporting statistics.
* add a RunnersRegistry helper class to control Squid startup,
reconfigure, and shutdown events activity in regards to the caches.
* suppress useless cache garbage collection events when auth has no
credentials to cleanup.
* make the cache key dynamic at the caller codes discretion.