Bug 3969: user credentials cache lookup for Digest authentication broken
Changes to the username credentials cache were made in Basic auth but
the matching changes were not duplicated to Digest auth. Since the
lookup is identical move it to generic Auth::Config.
Amos Jeffries [Sat, 8 Feb 2014 12:33:31 +0000 (05:33 -0700)]
Move compat/unsafe.h protections from libcompat to source maintenance
It is sufficient to run a code scan from source-maintenance.sh for the
unsafe functions being used in Squid-specific code instead of
hard-coding compiler breakage on users.
This also "fixes" reporting of errors when cstdio pulls in use of the
unsafe functions by stdlib.
Alex Rousskov [Wed, 5 Feb 2014 18:04:47 +0000 (19:04 +0100)]
Fix keepalive handling for non-ranged requests.
Internal keepalive flag was ignored by a mismatched interface between ClientSocketContext::socketState
and writeComplete in the case of non-ranged requests.
Amos Jeffries [Sun, 2 Feb 2014 01:24:53 +0000 (18:24 -0700)]
Fix peerSelectDnsResults() IP address cycling
The local ip variable is the index of the IP address to be used.
Loop counter n is only used to prevent cycling indefinitely and should
not be used to access the array indexes.
Patch written by 'dim [1]' contributor to FreeBSD and imported to Squid
under FreeBSD license. see
http://svnweb.freebsd.org/ports/head/www/squid33/files/patch-include__Array.h
Amos Jeffries [Fri, 24 Jan 2014 01:57:15 +0000 (18:57 -0700)]
Enable -n command line option for non-Windows Squid builds
This command line option is used on Windows to name the service instance
of Squid being run and/or managed. At this point it still only has
useful effect on Windows, but can now be used by components on other
systems as well.
Show the running instance service name in cacehmgr and -v output.
Also remove _WIN_SQUID_DEFAULT_SERVICE_NAME macro which duplicated the
APP_SHORTNAME macro. This changes the Windows service name from Squid to
squid (lower case) on future Squid-3 for Windows.
When running Squid in SMP mode, the 'client_list' command cannot be used as the
coordinator doesn't call clientdbInit(), and thus doesn't have the client_list
action registered.
This patch uses RegisteredRunner to initialize clientdb and register the
'client_list' command
Doug Dixon [Mon, 20 Jan 2014 10:43:03 +0000 (23:43 +1300)]
Bug 1202 part 1: documentation and debugs for refresh_pattern algorithms
This contains only the code documentation and debugs changes as relevant
to the current code. Some which are only relevant to the new code from
that bug patch have been omitted.
It omits all logic changes and function renaming changes.
Amos Jeffries [Mon, 20 Jan 2014 01:20:40 +0000 (14:20 +1300)]
Set error page Content-Type character set to UTF-8
This fixes issues with some user agents displaying non-English / ASCII
error page translations. Our translation system uses and produces UTF-8
templates for the langpack content.
It also encourages UTF-8 usage in third-party error pages.
Amos Jeffries [Mon, 20 Jan 2014 01:11:58 +0000 (14:11 +1300)]
cachemgr: Enable per-report Content-Type header
The default for all reports is plain text in UTF-8.
NOTE: UTF-8 selected because although current reports limit themselves
to ASCII character ranges, some reports may contain text pulled from the
protocol transferred and UTF-8 display covers most unexpected cases.
Amos Jeffries [Fri, 17 Jan 2014 11:44:26 +0000 (03:44 -0800)]
Fix external_acl_type async loop failures
When externa_acl_type uses %LOGIN and is required to trigger async
authentication lookups it returns and hits the async loop prevention
check when starting to trigger its own external helper lookup. This
results in a DUNNO output from the helper as final status instead of
the real helepr lookup result.
Avoid these by allowing async helpers to loop several times before
aborting the lookups.
Also, extend debug message to indicate loop count.
Thanks to Peter Benko for trackign down the issue and testing solutions.
Amos Jeffries [Wed, 15 Jan 2014 02:11:05 +0000 (15:11 +1300)]
Cleanup: Fix StoreIOBuffer initialization cases
When StoreIOBuffer isconstructed with an invalid (negative) size for the
content data mark it as an error immedately and set a valid length of
zero bytes.
Also, remove some unnecessary code in store_client.cc resulting.
This patch investigates the Ipc::MemMap class which is a shared cache with
timeouts for use with squid SMP.
TODO: Ipc::MemMap class has similar interfaces and functionality with the
Ipc::StoreMap class. These two classes should implemented as kid classes of
an Ipc::SharedCache class which encompass features from Ipc::MemMap and
Ipc::StoreMap classes.
Amos Jeffries [Sun, 5 Jan 2014 20:19:06 +0000 (12:19 -0800)]
Disable error page translation by default in builds
There is no need for every build from VCS to have fresh translations.
Enable explicitly for snapshot and release scripts instead so that
translated template files are still available online and pre-translated
in the distributed packages.
Amos Jeffries [Sun, 5 Jan 2014 19:49:23 +0000 (11:49 -0800)]
Cleanup: remove ClientSocketContextNew() wrapper function
This wrapper function for the ClientSocketContext default constructor
is better performed as an explicit parametered constructor which
prevents accidental use of the default constructor leading to invalid
state after creation (a context always requires connectino and parent
pointers).
Amos Jeffries [Wed, 8 Jan 2014 04:29:04 +0000 (21:29 -0700)]
Cleanup: remove useless makesnmplib variable from build
Squid coding guidelines require automake variables to use naming pattern
ENABLE_* and there is already ENABLE_SNMP defined with intended overlap
of usage. We can drop this unusual variable completely.
Alex Rousskov [Mon, 6 Jan 2014 20:55:13 +0000 (13:55 -0700)]
Centrally destroy all explicit and implicit ACLs to avoid destruction segfaults
during reconfiguration.
Group ACLs created later may use other ACLs created earlier and vice versa, a
group ACL created earlier may use other ACLs created later. The latter is
possible when an ACL (e.g., A2 below) is declared when the group already
exists:
acl A1 src 127.0.0.1
acl Group all-of A1
acl A2 src 127.0.0.2
acl Group all-of A2
Thus, the group (i.e., InnerNode) ACL destructor may access already deleted
children regardless of the global ACL deletion order (FIFO or LIFO with
respect to ACL creation). Instead of relying on the deletion order to protect
InnerNode, we remove the InnerNode ACL destructor completely and rely on a
global set of registered ACLs to destroy all ACLs.
The old code was destroying all explicit ACLs in the same centralized fashion.
We now add implicit ACLs (commonly used by InnerNodes) to the centralized
destruction sequence. We added a new destruction-dedicated container to avoid
messing with the by-name ACL search that Config.aclList global is used for.
This new container will become unnecessary once we start refcounting ACLs.
Amos Jeffries [Sun, 5 Jan 2014 02:56:31 +0000 (18:56 -0800)]
Add logformat code %>rd to log client URL domain name
Logging the Host header or the full URL have been the only ways to log
the domain name requested by the client. However full URL may contain
far too many unwanted bytes and Host header many contain a host:port
very different to the URL.
Alex Rousskov [Wed, 1 Jan 2014 20:13:23 +0000 (13:13 -0700)]
Initial Large Rock and Collapsed Forwarding support.
Large Rock: Support disk (and shared memory) caching of responses exceeding
one db slot (or one shared memory page) in size. A single db slot/page size is
still limited to 32KB (smaller values can be configured for disk caches using
the newly added cache_dir slot-size option). Removal of old rock cache dir
(followed by squid-z) is required -- the on-disk db structure has changed.
Collapsed Forwarding: Optionally merge concurrent cachable requests for the
same URI earlier: After the request headers have been parsed (as before), but
now _before_ the response headers have been received. Merging of requests
received by different SMP workers is supported. Controlled by the new
collapsed_forwarding directive in squid.conf. Disabled by default because all
but one of the merged requests have to be delayed (until the response headers
are received) for the merging to work, which may be worse than forwarding all
concurrent requests immediately. The overall feature idea and request
eligibility conditions are based on Collapsed Forwarding in Squid2.
Summary of other important changes (merged branch log contains the details):
* Tightened StoreEntry locking. Split StoreEntry::lock() into "just lock" and
"update entry reference time" interfaces, addressing an old XXX. Improved
entry lock/unlock debugging. Needs more work.
* Adjusted StoreIOState::write() API to allow callers detect write errors.
* Simplified MemObject::write() API to remove an essentially unused callback.
* Mark client streams that sent everything as STREAM_COMPLETE. The old code
used STREAM_UNPLANNED_COMPLETE if the completed stream was associated with a
non-persistent connection, which did not make sense to me and, IIRC, led to
store entry aborts even though the entries were not damaged in any way.
* mem_hdr::hasContigousContentRange() now returns true for empty ranges.
* Support "appending" ReadWriteLock state that can be shared by readers and
the writer. The writer promises not to update key metadata (except growing
object size and next pointers) and readers promise to be careful when
reading growing slices.
* Fixed StoreEntry::mayStartSwapOut() logic to handle terminated swapouts.
* Improved STORE_MEM_CLIENT detection and documented known (and mostly old)
StoreEntry::storeClientType() problems.
* Removed StoreEntry::hidden_mem_obj hack.
* Polished StoreEntry debugging to report more info, less noise. Use e: prefix.
* Added a script to extract store entry(ies) debugging from cache.log.
projects / thirdparty / squid.git / log
