Alex Rousskov [Mon, 21 Jan 2013 23:04:45 +0000 (16:04 -0700)]
Report more detail about disk errors, especially the disker ID and db path.
On partial writes, try to write the leftovers a few times before giving up.
The caller is unlikely to employ a different strategy, and we can do that
faster. Current callers simply give up and declare an error. Partial disk
writes seem to be typical on overflowing disks, but there may be other
conditions we have not observed in the lab yet.
Alex Rousskov [Sun, 20 Jan 2013 17:31:50 +0000 (10:31 -0700)]
Do not allow broken IpcIo-based cache_dir to be selected for swap out.
I/O code refuses to read or write when file error is set, but canRead()
and canWrite() ignored that fact, allowing broken files to be selected for
writing (at least). SwapDir::createStoreIO() would then return nil, leading
to missed swapout opportunities (if other cache_dirs could write) and wasted
CPU cycles.
Alex Rousskov [Sun, 20 Jan 2013 02:07:24 +0000 (19:07 -0700)]
Mem-cache entries exceeding one shared memory page in size, using
Ipc::StoreMap that now supports multi-slice entries. For the memory cache,
each slice corresponds to a shared memory page. Added a shared memory stack of
free slices. Many aspects of the implementation are similar to Rock Store.
Do not mem-cache entries that are already mem-cached at the time of keep()
call. This change is unrelated to multi-slice caching, but may provide a
noticeable performance boost.
Alex Rousskov [Sun, 20 Jan 2013 01:58:16 +0000 (18:58 -0700)]
Initialize freeSlots before the map in case we decide to free something
during initialization (e.g., after reading something from the db file
in sync mode).
Alex Rousskov [Sun, 20 Jan 2013 01:53:24 +0000 (18:53 -0700)]
Polished entry freeing.
Clean Writeable entries in addition to Readables ones. Otherwise, there is no
way for the caller to completely get rid of a [large] entry the caller has
been writing! We hold the lock so this should be safe as long as slice.next
(and slice extras) are valid even in a half-baked Writeable entry.
Reset slice.next [before giving it to the caller]. As a consequence, we must
free individual slices even if cleaner is not set.
Alex Rousskov [Sun, 20 Jan 2013 01:50:52 +0000 (18:50 -0700)]
Use signed type for StoreMapSliceId because we use -1 as an "unset" value.
Initialize slice.next to be "unset". This should not be necessary in most
cases, but reduces the probability that a half-made writeable entry cannot be
freed properly because it contains an invalid slice.next value.
Losing the bit to store ID sign is not a big deal: Since slices always contain
non-trivial number of bytes for metadata, it is unlikely that all 32 (but less
than 33) bits would be required to store slice IDs in the future.
Alex Rousskov [Mon, 7 Jan 2013 17:54:27 +0000 (10:54 -0700)]
Adjusted StoreIOState::write() API to allow callers detect write errors.
The errors are reported without these changes, but only via callbacks, some of
which may be asynchronous. Callers such as doPages() would keep calling
write() after the failure. It is probably best to quit early instead of
ignoring "post-error" state in StoreIOState::write().
Alex Rousskov [Mon, 7 Jan 2013 17:18:10 +0000 (10:18 -0700)]
Split lock() into "just lock" and "update entry reference time" interfaces.
Improved entry lock/unlock debugging.
Several modern store entry users need to lock the entry for storage rather
then to update entry's reference time. There is an old XXX describing the
corresponding API bug that merges the two distinct operations. This change
does not modify existing code, but allows new code to use new/fixed API
instead of changing an essentially private entry lock counter.
Alex Rousskov [Thu, 20 Dec 2012 04:48:13 +0000 (21:48 -0700)]
Prevent Rock Store map entries being locked for reading forever.
The map entries were locked to serve a hit but the client side carelessly
discarded the attached StoreEntry object when the hit had to be ignored.
Discarded StoreEntry object was left idle because it was never [un]locked.
This patch implements the certificate validation helper interface described at:
http://wiki.squid-cache.org/Features/SslServerCertValidator
The helper consulted after the internal OpenSSL validation, regardless of the
validation results. The helper will receive:
1) the origin server certificate [chain],
2) the intended domain name, and
3) a list of OpenSSL validation errors (if any).
If the helper decides to honor an OpenSSL error or report another validation
error(s), the helper will return:
1) A list of certificates.
2) A list of items consists the the validation error name (see %err_name
error page macro and %err_details logformat code), error reason
(%ssl_lib_error macro), and the offending certificate.
The returned information mimics what the internal OpenSSL-based validation code
collects now. Returned errors, if any, fed to sslproxy_cert_error, triggering
the existing SSL error processing code.
The helper invocation controlled by the "sslcrtvalidator_program" and
"sslcrtvalidator_children" configurations options which are similar to the
ssl_crtd related options.
A simple testing cert validation helper developed in perl included in this
patch. This helper just echo back the certificate errors.
Amos Jeffries [Fri, 30 Nov 2012 23:02:11 +0000 (12:02 +1300)]
Add kv-pair support to url_rewrite_helper interface
This stage of the helper reply protocol adds kv-pair support to the
url_rewrite_helper interfacefor URL redirect and rewrite operations.
It uses the new Notes objects and kv-pair field added by the stage 2
helper protocol instead of parsing the 'other' field. Although,
the 'other' field is still parsed when *no* result field is received
for backward compatibility with older helpers.
The response syntax for URL helpers becomes:
[channel-ID SP] result [SP kv-pair ...] [SP other] EOL
NP: 'other' field is now deprecated and will be ignored/discarded on any
response containing a result code field.
When result code "OK" is presented by the helper several kv-pairs are
reserved to control Squid actions:
* "rewrite-url=" is added to return a re-written URL.
- When this key is presented the URL is re-written to the new one by
Squid without client interaction.
- The 'url' keys presence will override this key.
* "url=" is added to return the redirected-to URL.
- When this key name is presented an HTTP redirect response is generated
for the client.
- This keys presence overrides the 'rewrite-url' key actions.
* "status=" is added to hold the HTTP status code for use in redirect
operations.
- This field is optional and status is no longer required for marking
redirect actions.
- If no redirect status is provided Squid will assign one (currently the
default is 302, that may change in the future).
- This key is only relevant when 'url' key is also presented. In all
other uses it is currently ignored.
When result codes BH or ERR are presented by the helper no redirect or
rewrite action is performed and no kv-pair key names are reserved for use
at this time.
Any other keys MAY be sent on any response. The URL helper interface
makes no other use of them, but this patch does pass them on to the ALE
object for logging as transaction Notes. All kv-pairs returned by the
helper (including the url, stauts rewrite-url keys) are available for
logging via the %{...}note log format option.
As with changes to other helpers interfaces in earlier updates, only
the first value presented for any of the reserved kv-pairs is used.
Multiple values are accepted as notes, but otherwise ignored by Squid and
do not affect the transaction outcome.
Additionally, when the BH result code is received from the helper a
simple recovery is attempted. The lookup request will be re-scheduled (up
to once) in an attempt to find a better responding helper.
NOTE: Helper notes are *not* passed to adaptation interfaces.
- REQMOD adaptation happens before URL helpers are used.
- REPMOD adaptation may at some point receive them, but that change is
not done by this update.
Amos Jeffries [Fri, 30 Nov 2012 11:57:23 +0000 (04:57 -0700)]
Polish: Improve the messages output by UFS swap log management.
It also includes a small local variable symbol change from "new_path" to
"tmp_path" to prevent future developer mistakes like the one seen in
bug 3663 mistaking "new_path" for the new destination path of xrename().
Amos Jeffries [Fri, 30 Nov 2012 11:08:47 +0000 (00:08 +1300)]
Add kv-pir support to url_rewrite_helper interface
This stage of the helper reply protocol adds kv-pair support to the
url_rewrite_helper interfacefor URL redirect and rewrite operations.
It uses the new Notes objects and kv-pair field added by the stage 2
helper protocol instead of parsing the 'other' field. Although,
the 'other' field is still parsed when *no* result field is received
for backward compatibility with older helpers.
The response syntax for URL helpers becomes:
[channel-ID SP] result [SP kv-pair ...] [SP other] EOL
NP: 'other' field is now deprecated and will be ignored/discarded on any
response containing a result code field.
When result code "OK" is presented by the helper several kv-pairs are
reserved to control Squid actions:
* "rewrite-url=" is added to return a re-written URL.
- When this key is presented the URL is re-written to the new one by
Squid without client interaction.
- The 'url' keys presence will override this key.
* "url=" is added to return the redirected-to URL.
- When this key name is presented an HTTP redirect response is generated
for the client.
- This keys presence overrides the 'rewrite-url' key actions.
* "status=" is added to hold the HTTP status code for use in redirect
operations.
- This field is optional and status is no longer required for marking
redirect actions.
- If no redirect status is provided Squid will assign one (currently the
default is 302, that may change in the future).
- This key is only relevant when 'url' key is also presented. In all
other uses it is currently ignored.
When result codes BH or ERR are presented by the helper no redirect or
rewrite action is performed and no kv-pair key names are reserved for use
at this time.
Any other keys MAY be sent on any response. The URL helper interface
makes no other use of them, but this patch does pass them on to the ALE
object for logging as transaction Notes. All kv-pairs returned by the
helper (including the url, stauts rewrite-url keys) are available for
logging via the %{...}note log format option.
As with changes to other helpers interfaces in earlier updates, only
the first value presented for any of the reserved kv-pairs is used.
Multiple values are accepted as notes, but otherwise ignored by Squid and
do not affect the transaction outcome.
Additionally, when the BH result code is received from the helper a
simple recovery is attempted. The lookup request will be re-scheduled (up
to once) in an attempt to find a better responding helper.
NOTE: Helper notes are *not* passe to adaptation interfaces.
- REQMOD adaptation happens before URL helpers are used.
- REPMOD adaptation may at some point receive them, but that change is
not done by this update.
Amos Jeffries [Tue, 27 Nov 2012 22:02:02 +0000 (11:02 +1300)]
Helper protocol upgrade: add optional kv-pair field to responses
This adds an optional kv-pair field immediately following the result field
on all helper interface responses. This field contains a list of key=value
pairs where the value is a RFC1738 (URL) encoded token or a quoted string.
Quoted-string MAY contain whitespace and shell escaping.
The response syntax for all helpers becomes:
[channel-ID SP] result [SP key-pair ...] [SP other] EOL
The parser for HelperReply is also updated to map the old AF and NA
NTLM/Negotiate response fields into the HelperReply notes:
* "token=" is added to supply the NTLM and Negotiate server blob/token.
* "user=" is added to supply the user label field.
The relevant callback handlers are updated for these helpers to make use
of these new keys.
The bundled Digest authentication helpers are all upgraded to send the new
format responses. They now use ERR for failed lookup, BH for internal
errors, and OK with "ha1=" key added to supply a HA1 response. The handler
for Digest authentication is updated to process the new HelperReply fields
with failover the old format on Unknown result codes.
The external ACL handler is updated to pull its key=value pairs out of the
Notes list. The old parser loop becomes useless with this and is removed.
Taking with it support for several long deprecated keys "login=", "passwd=",
and "error=" which are now ignored.
Any other keys MAY be sent on any response. However at this stage 2 patch
they are ignored. As are repeated / secondary values for the expected key
names, only the first instance sent in the response is used.
Amos Jeffries [Tue, 27 Nov 2012 21:19:46 +0000 (10:19 +1300)]
Audit Review updates
* guarantee that note values output by the HelperReply parser are ""
nil-terminated string and not undefined String.
* rename HelperReply::responseKeys to 'notes'
* rename Notes::findByName() to find()
* add Note::firstValue() to locate first value provided for a given key
and present it as a char* terminated string
* various documentation updates
Amos Jeffries [Tue, 27 Nov 2012 10:57:12 +0000 (23:57 +1300)]
Treat no-cache and must-revalidate in Authentication
Wrapped as a violation because this operation is off-spec.
CC:no-cache was omitted from the HTTP spec apparently on grounds that
changing its caching effects on authentication would come as a surprise.
The actual operation is safe enough to use when parameterless no-cache
is treated strictly as an alias for must-revalidate (as done by Squid now).
Alex Rousskov [Mon, 26 Nov 2012 18:54:43 +0000 (11:54 -0700)]
Make it possible to match empty header field values using req_header and rep_header.
Warning: Some req_header and rep_header ACLs that were [accidentally] not
matching empty headers (e.g., "^$" or ".*") will now start matching them.
A new HttpHeader::getByNameIfPresent() method is added to be able to detect
presence of empty header fields while ACLHTTPHeaderData::match() is adjusted
to convert undefined String values into empty c-strings ("") for
ACLRegexData::match() to work.
Prior to these changes, when trying to match an empty header value with a
regex like "^$", ACLHTTPHeaderData::match() would return false because:
* HttpHeader::getStrOrList() and getByName() return an undefined String.
* String::termedBuf() returns NULL for undefined Strings; and
* ACLRegexData::match() always fails on NULL c-strings.
Amos Jeffries [Sat, 24 Nov 2012 14:30:02 +0000 (03:30 +1300)]
Fix helper reply length detection
Stateless helper reply handler was incrementing 't' position before
passing the details of response length to HelperReply parser.
Stateful helper reply handler was pointing at position of \n insteaf of
position of \r when \r\n received.
Both of these cause the response length parameter sent to the reply
parser to be longer than the actual response characters length. Breaking
parse on responses with just result code followed by \n since the string
comparison EOL is now tested against input length 2/3/4.
Amos Jeffries [Sun, 18 Nov 2012 10:37:19 +0000 (03:37 -0700)]
Fix several buffer termination bugs
* strcpy() replaced in several places with strncpy() to ensure destination
buffers are not overflowed.
* strncpy() does not nul-terminate the destination when the string being
copied in exactly fills the buffer. Ensure we have terminated strings
where it may matter.
Detected by Coverity Scan. Issues 740309, 740310, 740311, 740481, 740483
Amos Jeffries [Sun, 18 Nov 2012 10:02:38 +0000 (03:02 -0700)]
Remove MemPoolChunked::memPID
This member variable appears to have been missed when MemPool was split
into generic framework and specific Chunked implementation.
(rev:10513.1.1 aka trunnk rev:10517)
The memPID and its maintenance code was moved into MemImplementingAllocator
but this definitio left here un-initialized and shadowing the framework
member.
Amos Jeffries [Sun, 18 Nov 2012 07:06:26 +0000 (00:06 -0700)]
negotiate_kerberos_auth: better bounds checking
* sysconf() may return -N values on some platforms or values larger than
the hard-coded 1024 buffer size for hostname. Use sizeof() instead
since the buffer is hardcoded anyway.
* also, use return instead of exit() on the test binary to reduce
warnings from static analysis compilers.
Amos Jeffries [Sat, 17 Nov 2012 12:58:59 +0000 (05:58 -0700)]
Various memory leaks in configuration parsing
This lot are all small issues derived from allocating new memory and
assigning to a pointer already pointing at previous allocation, or
passing xstrdup() output to a caller which does not directly hold the
passed memory.
Both cases will disappear once we clean up teh string handlign in Squid
but for now these still need fixing to avoid leaking memory.
Detected by Coverity Scan. Issues 740430, 740432, 740439.
Amos Jeffries [Fri, 16 Nov 2012 06:45:56 +0000 (23:45 -0700)]
Fix various assertion with side effects
When compiled with high optimization and assert disabled these operations
would have disappeared. The side effects being:
* Disk I/O failure protection disabled. Allowing loops in diskd write.
* squidpurge error handling on command line parse gone. Causing segfault.
* squidpurge 'I am Alive' ticker feature cease working.
Detected by Coverity Scan. Issues 740299, 740300, 740301, 740302, 740303
Amos Jeffries [Thu, 15 Nov 2012 09:00:29 +0000 (02:00 -0700)]
ntlm_fake_auth: Fix nesting error
Broken macro wrapping leads to the fake authenticator sending bad
responses to Squid. This can ead to users being rejected by the fake
helper whose purpose is to accept everything.
Amos Jeffries [Wed, 14 Nov 2012 01:33:49 +0000 (18:33 -0700)]
digest_edirectory_auth: improved error handling
Malicious response from LDAP server can cause squid helper to crash.
Missing realm value returned from LDAP without error/missing value being
indicated in the response can lead to strcmp() using a NULL pointer.
Extremely unlikely to happen in practice, but worth fixing.
projects / thirdparty / squid.git / log
