Amos Jeffries [Wed, 29 Aug 2012 05:23:15 +0000 (23:23 -0600)]
Regression: login=PASS send no credentials when none available.
login=PASS should act like PASSTHRU, sending no credentials header, when
no client supplied OR external ACL credentials are available.
3.2 has been found wrongly adding the username "PASS" in this case.
Bug 3613: relax standard-compliance strctness on clang to enable build
When clang is invoked with the -std=c++0x option, it won't make available some system functions
defined in c99. For some reason configure fails to detect this, and so the built-in implementation is
not invoked. This change prevents enabling the -std=c++0x option for clang.
Prep work for automatic sorting of include directives.
Automatic sorting of include files reveals some indirect inclusions, which would break the build.
scripts/sort-includes.pl is the tool to do the automatic header include order sorting.
The other changes in this set fix the issues which that be introduced by running the sorting.
Amos Jeffries [Tue, 14 Aug 2012 12:04:16 +0000 (06:04 -0600)]
Remove --enable-ntlm-fail-open
This feature has been half missing for quite some time (10 years).
The SMB helper sends the LD code back to Squid when the directive is
compiled in, but there is no Squid code handling such responses, back as far
as squid-2.
clang++ doesn't support c++ variable arrays for non-pod types.
Change variable arrays to dynamically-allocated arrays, Ipc::QueueReaders, Ipc::StoreMap and Ipc::Mem::PageStack
Amos Jeffries [Wed, 1 Aug 2012 07:01:58 +0000 (19:01 +1200)]
Support -DFAILURE_MODE_TIME=n compiler flag
This value determins at compile-time how long Squid spends in HIT-only
mode after the failure ratio goes over 1.0. see checkFailureRatio() in
src/client_side_request.cc for details on the ratio.
This flag is supported to remove the need for patching when alteration
is required.
This re-enables Squid peer selection algorithms for intercepted
traffic which has failed Host header verification.
When host verification fails Squid will use, in order of preference:
* an already PINNED server connection
* the client ORIGINAL_DST details
* cache_peer as chosen by selection algorithms
NOTE: whenever DIRECT is selected by routing algorithms the
ORIGINAL_DST is used instead.
Peer selection results are updated to display PINNED and
ORIGINAL_DST alongside DIRECT and cache_peer.
SECURITY NOTE:
At this point Squid will pass the request to cache_peer using the
non-trusted Host header in their URLs. Meaning that the peers
may still be poisoned by CVE-2009-0801 attacks. Only the initial
intercepting proxy is protected.
Full protection against CVE-2009-0801 can be enjoyed by building
Squid with the -DSTRICT_HOST_VERIFY compile-time flag. This will
make the peers unreachable for intercepted traffic where the
Host verification has failed.
* list Sponsors who paid for significant developments in the squid code,
donated hardware for devleopment etc.
* exclude cash donations to the project (only cash to a developer for
specific work)
* in an ordered list broken down in reverse-chronological order of the
latest release they sponsored anything.
For simplicity of maintenance I'm adding @Squid-X.Y labels at the
boundaries for the bzr copy. They should be stripped out automatically
by the "make dist" process for release packaging.
Alex Rousskov [Wed, 25 Jul 2012 23:57:51 +0000 (17:57 -0600)]
Allow a ufs cache_dir entry to coexist with a shared memory cache entry
instead of being released when it becomes idle.
The original boolean version of the StoreController::dereference() code
(r11730) was written to make sure that idle unlocked local store_table entries
are released if nobody needs them (to avoid creating inconsistencies with
shared caches that could be modified in a different process).
Then, in r11786, we realized that the original code was destroying non-shared
memory cache entries if there were no cache_dirs to vote for keeping them in
store_table. I fixed that by changing the StoreController::dereference() logic
from "remove if nobody needs it" to "remove if somebody objects to keeping
it". That solved the problem at hand, but prohibited an entry to exist in
a non-shared cache_dir and in a shared memory cache at the same time.
We now go back to the original "remove if nobody needs it" design but also
give non-shared memory cache a vote so that it can protect idle non-shared
memory cached entries from being released if there are no cache_dirs to vote
for them.
Alex Rousskov [Sun, 22 Jul 2012 03:15:02 +0000 (21:15 -0600)]
Stop HttpRequest and AccessLogEntry memory leaks.
The leaks were introduced by recent request_header_add improvements (r12213)
which needed server-side access to client-side information like client
certificate so that it can be stuffed into the outgoing request headers.
Stuffing was done via Format API that uses AccessLogEntry as the source of
information.
This change breaks the HttpRequest->AccessLogEntry->HttpRequest refcounting
loop that prevented both request and ale objects from being destroyed. The ale
object is now delivered to the server side using FwdState::Start() API. Only
HTTP code currently takes advantage of ale availability on the server side.
Also had to modify httpHdrAdd() API because ale is no longer available via
the request pointer.
Alex Rousskov [Fri, 20 Jul 2012 23:11:02 +0000 (17:11 -0600)]
Avoid bogus "Disk space over limit" warnings when rebuidling dirty ufs index.
Subtract sizes of added-then-rejected entries while loading ufs cache index.
Before SMP changes, the ufs code was incorrectly ignoring the size of
loaded-but-not-yet-validated entries, leading to cache disk overflows.
After SMP changes, the ufs code was not subtracting sizes of
loaded-but-then-rejected entries, leading to bogus "Disk space over
limit" warnings. Now we correctly account for both kinds of entries.