amosjeffries [Sun, 26 Aug 2007 08:32:52 +0000 (08:32 +0000)]
Add --with-default-user=USER option to squid.
This option allows configure-time control of the default user which squid
uses to run as low-privileges. The default remains 'nobody' as in other
squid releases. Similarly the cache_effective_user squid.conf setting will
override any default set here.
hno [Fri, 24 Aug 2007 23:56:45 +0000 (23:56 +0000)]
Make tcp_recv_bufsize apply to send buffers as well, in an attempt to control window scaling
the main reason to set tcp_recv_bufsize is to avoid problems related to large
windows. For example many firewalls still have problems with window scaling.
this change makes the option apply to send buffers as well, and also hints
Linux that Squid will never increase the buffer so the window scaling should
be clamped to the indicated buffer size.
serassio [Wed, 15 Aug 2007 01:17:43 +0000 (01:17 +0000)]
Fix build errors on HP Tru64 Unix and may be others
- xusleep.c: on Tru64 timeval is defined in sys/time.h
- move the definition of ISO C99 Standard printf() macros for 64 bit
integers from squid.h to squid_types.h
rousskov [Mon, 13 Aug 2007 22:48:20 +0000 (22:48 +0000)]
Bug #2016 fix: Prevent BodyPipe async calls from getting seemingly
out of order and causing truncated responses, especially with ICAP.
When BodyPipe consumer is gone, all async calls for that consumer must not
reach the next consumer (if any). Similarly, we should not schedule async calls
when no consumer has been registered yet.
Otherwise, the calls may go out of order if _some_ calls are dropped due to
the ultimate destination being temporary NULL. The new code does not schedule
async calls until consumer is registered. The new code also keeps track of the
number of outstanding events and skips that number if the consumer leaves.
TODO: when AscyncCall support is improved, should we just schedule calls
directly to consumer? It could be a much cleaner solution than counting
pending calls and skipping them when needed.
amosjeffries [Mon, 13 Aug 2007 05:57:28 +0000 (05:57 +0000)]
Fix bug 1560 : Bad filedescriptor in ftpSend actions.
This was caused by some FTP operations failing and calling the ftpFail
properly, but then going on to call an ftpSend.
It may also occur when a ftpSend event is scheduled prior to the server
control channel dying or being closed.
This patch adds a function haveControlChannel(const char *caller_name)
which displays a debug notice at level 3 and returns false if the server
control channels are not available. This is now called by each Sending
operation before it begins.
serassio [Sat, 11 Aug 2007 19:27:27 +0000 (19:27 +0000)]
Windows port: workaround for fatal build error using latest MinGW
Using the latest MinGW (gcc 3.4.5 + mingw-runtime 3.13) we cannot build with
-Wmissing-prototypes -Wmissing-declarations gcc options due to some heavy
tricks contained in own MinGW include files.
rousskov [Fri, 10 Aug 2007 05:30:52 +0000 (05:30 +0000)]
Bug 2034 fix, v4: Separate handling of virgin server responses and ICAP-adapted
responses. Both can be active at the same time. Only one can become final and
get into the store entry.
Also, do not abort ICAP transactions when the virgin response ends prematurely.
Keep going because the ICAP initiator may still want to know the ICAP reaction
to the now-truncated virgin message.
This version passes a few basic tests, but may need more work and does need
polishing. For example, the common code should be factored out from
ICAPModXact::noteBodyProductionEnded and ICAPModXact::noteBodyProducerAborted.
rousskov [Wed, 8 Aug 2007 02:02:51 +0000 (02:02 +0000)]
Bug #2000 fix: Use StoreEntryStreamBuf::overflow() profile that matches
std::streambuf::overflow() profile for virtual method overriding to work.
Some GCC (or libstdc++) versions distinguished "char" used by our old
StoreEntryStreamBuf::overflow() from "int_type" used by their std::streambuf.
In such cases, overflow() overriding would not work and overflowed data would
not be appended to the store entry because the default overflow() does
nothing. This happened on Debian 4.1.2 lenny/sid (unstable) with
gcc version 4.1.3 20070629 (prerelease).
The fix works for a few recent GCC libstdc++ libraries I have tested with but
may cause Squid compilation, check, or runtime failures with libraries using
different std::streambuf::overflow() profiles. If that happens, ./configure
may need to detect the correct profile. Alternatively, we can supply an
overflow() wrapper for multiple profiles in hope that one will match
std::streambuf::overflow (ick!).
Amos Jeffries <squid3@treenet.co.nz> reported and helped fix this bug.
rousskov [Wed, 8 Aug 2007 01:45:51 +0000 (01:45 +0000)]
Do not assume that store stream cannot flush its contents into the store entry
unless we call the flush method. Depending on stream implementation, it is
possible that the stream will flush while we add data to it and before we
call flush().
Added more store stream output cases, including floating point numbers and
their formatting.
rousskov [Wed, 8 Aug 2007 01:41:56 +0000 (01:41 +0000)]
Bug #2000 pre-fix: Polish StoreEntryStream style.
This change should not have significant runtime effects. It makes
StoreEntryStream code a little easier to understand and brings it a little
closer to Squid3 coding style guidelines.
amosjeffries [Fri, 3 Aug 2007 08:22:52 +0000 (08:22 +0000)]
Add pointer validation in helperStatefulHandleRead check for callback data.
Coverity checker detected a NULL pointer dereference.
Existing logics to handle missing callback data were present, but the if()
tests were incomplete and unable to catch this case.
amosjeffries [Fri, 3 Aug 2007 08:16:59 +0000 (08:16 +0000)]
Add assert()s to validate state in Auth Digest
Coverity checker picked up a number of cases where casting might (rarely)
cause a NULL pointer and a dereference occured afterwards.
This patch adds several assert statements to cause squid to abort at the
source of these errors rather than segfault later.
No code logic has been changed in any way.
amosjeffries [Fri, 3 Aug 2007 08:11:17 +0000 (08:11 +0000)]
Add assert()s to validate state in Basic Auth
Coverity checker picked up a number of cases where casting might (rarely)
cause a NULL pointer and a dereference occured afterwards.
This patch adds several assert statements to cause squid to abort at the
source of these errors rather than segfault later.
No code logic has been changed in any way.
amosjeffries [Fri, 3 Aug 2007 08:07:34 +0000 (08:07 +0000)]
Add assert()s to validate state in Auth Negotiate
Coverity checker picked up a number of cases where casting might (rarely)
cause a NULL pointer and a dereference occured afterwards.
This patch adds several assert statements to cause squid to abort at the
source of these errors rather than segfault later.
No code logic has been changed in any way.
amosjeffries [Fri, 3 Aug 2007 07:57:30 +0000 (07:57 +0000)]
Add assert()'s to check for NULL pointers in NTLM auth.
Coverity checker picked up a number of cases where casting might (rarely)
cause a NULL pointer and a dereference occured afterwards.
This patch adds several assert statements to cause squid to abort at the
source of these errors rather than segfault later.
No code logic has been changed in any way.
amosjeffries [Fri, 3 Aug 2007 07:21:17 +0000 (07:21 +0000)]
Fix memory leaks in NTLM session helper RFCNB_Call(...)
Coverity checker identified that the connect structures were not being
free'd on any of the error cases.
This patch adds several calls to free(con) to prevent the leaks.
It also adds a call to close any partial connections properly when
RFCNB_Session_Req fails. Previously it would leave the open TCP
connection hanging and return a NULL pointer.
amosjeffries [Fri, 3 Aug 2007 04:58:15 +0000 (04:58 +0000)]
Add new section to squid.conf: ERROR PAGE CUSTOMISATION
Moves existing error page rerlated options from MISC section to their own.
Options moved are:
deny_info, error_directory, email_err_data, err_html_text
rousskov [Fri, 3 Aug 2007 01:32:22 +0000 (01:32 +0000)]
Partial bug #2034 fix: Inform BodyPipe of the body size when known.
This fix helps the ICAP client to detect aborts and to announce the end of the
HTTP message to the ICAP server.
A bigger problem is that the HTTP side is using the adapted response to make
decisions about the origin server connection. That bug still needs to be
fixed.