Amos Jeffries [Sat, 15 Aug 2009 02:14:54 +0000 (14:14 +1200)]
Author: Mark Nottingham <mnot@pobox.com>
Bug 2390: New hier_code ACL type
I needed to log only forward requests; forward_log looked interesting, but
isn't flexible like access_log. The easiest thing to do seemed to be to add a
hier_code ACL type.
Amos Jeffries [Wed, 12 Aug 2009 10:18:34 +0000 (22:18 +1200)]
Author: Amos Jeffries + Alan Nastac <mrness@gentoo.org>
Better const-correctness on FTP login parse
Also reduces amount of copying done by the parse. The old version
was copying the entire URL into user/password then cropping it down.
This one only copies the required bytes and terminates the copy.
Gentoo requires this to pull in libcap dependencies via --enable-caps
which is a non-operation.
Using it to disable libcap usage will explicitly prevent TPROXY which
depends on it from operating while netfilter NAT support remains.
NP: The TPROXY v2 configure tests will not even run with caps disabled.
Amos Jeffries [Tue, 11 Aug 2009 03:14:59 +0000 (15:14 +1200)]
Haxk: fix autoconf 2.64 builds
2.64 requires that the first use of AC_RUN_IFELSE is not wrapped inside
any other macros. Otherwise it will define the setup macros at the wrong
scope level and configure will break during the default type checks.
Amos Jeffries [Sat, 8 Aug 2009 22:56:07 +0000 (10:56 +1200)]
Author: Alin Nastac <mrness@gentoo.org>
Cleanup: deprecate ugly hack for sys/capability.h
Needed once to prevent build clashes between libc and sys/capabilility.h
headers. As of libcap2.16 that is no longer the case and in fact prevents
a clean build.
Left in libcompat but removed from active build until its clear whether
full erasure is possible or if some systems still need it.
Reduce stateful helpers flags.reserved to a boolean
this is further cleanup of stateful helper state. With the deferred state
now gone reserved is a boolean with only two possible states (free or reserved)
Remove support for deferred state in stateful helpers
the deferred state were previously used for the challenge reuse mode
in NTLM, but is since long unused as it was both incompatible with
NTLMv2 and also not very stable for authentication.
Bug #2648: Reserved helpers not shut down after reconfigure/rotate
The race happens if the helpers are restarted(rotate/reconfigure) while
reserved. Those reserved are then not shut down when the reservation is
released.
This patch cleans this up and a couple of other related races.
Alex Rousskov [Mon, 27 Jul 2009 01:51:24 +0000 (19:51 -0600)]
Polished r9854 "crash on shutdown" changes by removing explicit String
creation. It should be sufficient to just declare TheNullServices as
a constant C string.
When a C string constant is in use, the code becomes less efficient, but
this will be solved when we can go back to using a String class.
Alex Rousskov [Mon, 27 Jul 2009 01:41:02 +0000 (19:41 -0600)]
Bug 2723 fix: enable PURGE requests if PURGE method ACL is present.
PURGE requests were always denied, probably since 2009-06-28 (r9772) changes.
PURGE was denied because Config2.onoff.enable_purge changes done in
ACLMethodData::parse() are lost when Squid memsets Config2 to zero before
interpreting the changes. Config2 is meant for storing values _derived_ from
the primary configuration phase so it is reset after that phase is over.
This patch solves the above problem by storing ACLMethodData::parse() changes
in an ACLMethodData static member. The member is reset before
[re]configuration.
There is probably another problem with r9772 (or earlier) changes. Special
PURGE method processing is enabled whenever a PURGE ACL is detected in the
Squid configuration file, even if the ACL is unused or used in an http_access
option that does not match. This is specifically what r4363 tried to avoid in
year 2000:
users complain that defining an ACL that is never used in
an access list shouldn't trip this flag.
The patch does not solve this other problem. The right solution may be adding
a dedicated "purge" option that will have an ACL that controls what PURGE
requests, if any, are allowed to purge. That option would be in addition to
any http_access controls.
Just the basics for some needed right now. This needs to be expanded.
Also, required to break some of the mime header parsing calls out into
mime_header.cc in preparation for splitting the icon handling from the
header handling and reduce dependencies on the new tests.
Harden the sanity checks to detect negative status and other syntax issues
before they have a chance to become problems. This applies to replies and
responses both in varying ways.
Also document the sanity check logics. sanityCheck* is supposed to fill
out the error status for what it detects with each fail result.
Henrik Nordstrom [Fri, 24 Jul 2009 15:12:47 +0000 (17:12 +0200)]
Kick any pending *ufs write/close operations alive when the previous write completes
When using uufs only part of the object got written out to the disk,
forgetting to write out the last butes and closing the file.
This should have been seen at least in in diskd as well even if it
for some reason did not seem to show up in simple tests.
projects / thirdparty / squid.git / log
