Currently note values printed with "%note" formating code, which contain non
alphanumeric characters, were quoted and quotes were then escaped, resulting
in bizarre logged rendition of empty or simple values (often received from
various helpers):
%22-%22
%22Default_Google%22
%22pg13,US%22
This patch:
- does not use quotes to print annotations
- allow system admin to define a separator to use for logged
annotations. The %note logformat accepts the following argument:
[name][:separator]
The separator can be one of the ',' ';' or ':'.
By default, multiple note values are separated with "," and multiple
notes are separated with "\r\n". When logging named notes with
%{name}note, the explicitly configured separator is used between note
values. When logging all notes with %note, the explicitly configured
separator is used between individual notes. There is currently no way to
specify both value and notes separators when logging all notes with %note.
- makes the Format::Token::data a struct (now is a union) and initialize
Format::Token::data data members in Format::Token::Token constructor.
Amos Jeffries [Fri, 2 May 2014 07:49:18 +0000 (00:49 -0700)]
Resolve 'dying from an unhandled exception: c'
CbcPointer<> is used from code outside of Job protection where it is
safe to use Must(). In order to get a useful backtrace we need to assert
immediately at the point of failure. Particularly necessary since these
are in generic operators used "everywhere" in the code.
Anatoli [Fri, 2 May 2014 07:47:32 +0000 (00:47 -0700)]
Fix order dependency between cache_dir and maximum_object_size
parse_cachedir() has a call to update_maxobjsize() which limits the
store_maxobjsize variable used as the internal maximum_object_size
variable of the store data structure) to the value of maximum_object_size
defined at the moment of execution of this function, for all stores (all
store directories). So if parse for cache_dir is called before
maximum_object_size, we get the effect of the default 4 MB.
BUT, when we get to parse maximum_object_size line(s) after the last
cache_dir, the maximum_object_size option is processed and only shown on
the cachemgr config page without having updated store_maxobjsize.
This is may cause problems in some cases where the code assume that the MemBuf
is always NULL terminated. For example when an ErrorState object try to use
an empty errorpage template.
This patch terminates the (empty) MemBuf on MemBuf::init method.
C++11: Upgrade auto-detection to use the formal -std=c++11
When the latest compilers added support for -std=c++11 they also dropped
the temporary -std=c++0x option without backward-compatible support. So
for the newest compilers we have not been testing the C++11 code.
As a result of this change Squid will no longer attempt to enable the
partial support in older compilers with -std=c++0x.
Also, update the compiler option test macro from autoconf project.
This patch fixes the following bug:
1) A user sends a CONNECT request with valid credentials
2) Squid checks the credentials and adds the user to the user cache
3) The same user sends a CONNECT request with invalid credentials
4) Squid overwrites the entry in the user cache and denies the second
CONNECT request
5) The user sends a GET request on the first SSL connection which is
established by now
6) Squid knows that it does not need to check the credentials on the
bumped connection but still somehow checks again whether the user is
successfully authenticated
7) Due to the second CONNECT request the user is regarded as not
successfully authenticated
8) Squid denies the GET request of the first SSL connection with 403
ERR_CACHE_ACCESS_DENIED
On proxies with Basic authentication and SSL bumping, this can be used
to prevent a legitimate user from making any HTTPS requests
Alex Rousskov [Sun, 9 Mar 2014 01:48:00 +0000 (18:48 -0700)]
Avoid assertions on Range requests that trigger Squid-generated errors.
Added HttpRequest::ignoreRange() to encapsulate range ignoring logic.
Currently the new method only contains the code common among all callers. More
work is needed to check whether further caller homogenization is possible.
Documented that ClientSocketContext::getNextRangeOffset() may sometimes be
called before it is ready to do its job.
Amos Jeffries [Sun, 9 Mar 2014 01:47:23 +0000 (18:47 -0700)]
Protect MemBlob::append() against raw-space writes
There is no guarantee that the 'unused' area of MemBlob is actually
unused. For example if a read buffer was being filled into the
rawSpace() of a SBuf or MemBlob it will overlap with this empty area
until a read call updates the related size state in MemBlob/SBuf.
For these cases we must use memmove() which guarantees no buffer
corruption will take place on memory overlaps.
Amos Jeffries [Sun, 9 Mar 2014 01:45:37 +0000 (18:45 -0700)]
Copyright: Relicense helpers by Treehouse Networks Ltd.
Update the license on helper code designed and authored by myself using
the BSD 2-clause license. This makes the example helper code and license
more legally acceptible for use as a basis of proprietary helpers while
remaining compatible with GPL for distribution with Squid.
Amos Jeffries [Sun, 9 Mar 2014 01:44:07 +0000 (18:44 -0700)]
Portability: define CMSG related structures individually
Some OS provide the CMSG related definitions and others only partially
define them. Sometimes (Windows particularly) this varies between build
environments.
Checking for each symbol separately and providing only those needed
avoids problems we have been having with missing or redefined symbols
on Windows and elsewhere.
Amos Jeffries [Wed, 5 Mar 2014 02:50:43 +0000 (19:50 -0700)]
Fix helper ID number assignment
Since helpers are now dynamically started the old method of allocating
an ID number based on the current start sequence can result in many
helpers being assigned overlapping ID numbers.
Use InstanceID template instead to assure a unique incremental ID is
assigned to each helper no matter when it is started.
1) The dynamic_cert_mem_cache_size does not change on reconfigure
2) When dynamic_cert_mem_cache_size of http_port set to 0 then:
a) The dynamic certs cache is grow unlimited.
This patch just disables certificates caching when this option set to 0.
b) Huge amount of memory appeared as free cache memory in "Cached ssl
certificates statistic" page of cache manager.
This problem caused because of a signed to unsigned int conversion.
Amos Jeffries [Tue, 18 Feb 2014 08:46:49 +0000 (01:46 -0700)]
Bug 4001: remove use of strsep()
The strsep() function is not defined by POSIX. Additionally
auto-tools has been having some obscure issues detecting
or linking the provided implementation into libcompat on
Windows and Solaris respectively. Which are the two known
OS requiring it.
Investigation of its use in Squid revealed that it can be
replaced with strcspan() which is both portable and more
efficient since it also removes the need for several
strdup()/free() operations used to protect Squid from
strsep() memory fiddling.
Amos Jeffries [Tue, 18 Feb 2014 08:43:02 +0000 (01:43 -0700)]
Move compat/unsafe.h protections from libcompat to source maintenance
It is sufficient to run a code scan from source-maintenance.sh for the
unsafe functions being used in Squid-specific code instead of
hard-coding compiler breakage on users.
This also "fixes" reporting of errors when cstdio pulls in use of the
unsafe functions by stdlib.
Bug 3969: user credentials cache lookup for Digest authentication broken
Changes to the username credentials cache were made in Basic auth but
the matching changes were not duplicated to Digest auth. Since the
lookup is identical move it to generic Auth::Config.
Amos Jeffries [Sun, 2 Feb 2014 02:47:38 +0000 (19:47 -0700)]
Fix peerSelectDnsResults() IP address cycling
The local ip variable is the index of the IP address to be used.
Loop counter n is only used to prevent cycling indefinitely and should
not be used to access the array indexes.
Patch written by 'dim [1]' contributor to FreeBSD and imported to Squid
under FreeBSD license. see
http://svnweb.freebsd.org/ports/head/www/squid33/files/patch-include__Array.h
When running Squid in SMP mode, the 'client_list' command cannot be used as the
coordinator doesn't call clientdbInit(), and thus doesn't have the client_list
action registered.
This patch uses RegisteredRunner to initialize clientdb and register the
'client_list' command
Amos Jeffries [Wed, 22 Jan 2014 03:29:15 +0000 (20:29 -0700)]
Fix external_acl_type async loop failures
When external_acl_type uses %LOGIN and is required to trigger async
authentication lookups it returns and hits the async loop prevention
check when starting to trigger its own external helper lookup. This
results in a DUNNO output from the helper as final status instead of
the real helper lookup result.
Avoid these by allowing async helpers to loop several times before
aborting the lookups.
Also, extend debug message to indicate loop count.
Thanks to Peter Benko for tracking down the issue and testing solutions.
Amos Jeffries [Sun, 12 Jan 2014 02:07:51 +0000 (19:07 -0700)]
Disable error page translation by default in builds
There is no need for every build from VCS to have fresh translations.
Enable explicitly for snapshot and release scripts instead so that
translated template files are still available online and pre-translated
in the distributed packages.
Alex Rousskov [Sun, 12 Jan 2014 01:49:08 +0000 (18:49 -0700)]
Centrally destroy all ACLs to avoid destruction segfaults
... during reconfiguration.
Group ACLs created later may use other ACLs created earlier and vice
versa, a group ACL created earlier may use other ACLs created later.
The latter is possible when an ACL (e.g., A2 below) is declared when the
group already exists:
acl A1 src 127.0.0.1
acl Group all-of A1
acl A2 src 127.0.0.2
acl Group all-of A2
Thus, the group (i.e., InnerNode) ACL destructor may access already
deleted children regardless of the global ACL deletion order (FIFO or
LIFO with respect to ACL creation). Instead of relying on the deletion
order to protect InnerNode, we remove the InnerNode ACL destructor
completely and rely on a global set of registered ACLs to destroy all
ACLs.
The old code was destroying all explicit ACLs in the same centralized
fashion. We now add implicit ACLs (commonly used by InnerNodes) to the
centralized destruction sequence. We added a new destruction-dedicated
container to avoid messing with the by-name ACL search that
Config.aclList global is used for.
This new container will become unnecessary once we start refcounting
ACLs.
Jakob Bohm [Wed, 25 Dec 2013 21:36:07 +0000 (14:36 -0700)]
Bug 3985: 60s limit introduced by balance_on_multiple_ip breaks bad IP recovery
Alternative fix if necessary would be to calculate a dynamic timeout
value based on number and timeouts for connections and forwarding.
However, as noted in the bug report the address markings are reset every
TTL when the stored RR are replaced. This meets the criteria for
periodic
retries of marked-BAD IPs. Also if all IPs are marked BAD they all get
un-marked and retried. So for now just remove the TTL hack.
Amos Jeffries [Wed, 25 Dec 2013 21:35:15 +0000 (14:35 -0700)]
Fix \-unescaping in quoted strings from helpers
strwordtok() was unescaping '\' values in unquoted tokens. This causes
problems with NTLM helper response user\DOMAIN values which are sent as
a un-quoted un-escaped value.
Restrict un-escaping of '\' to only occur when inside "quoted" words.
Amos Jeffries [Wed, 25 Dec 2013 21:34:33 +0000 (14:34 -0700)]
WCCPv2: fix assertion 'Cannot convert non-IPv4 to IPv4' on FreeBSD
FreeBSD does not set the from-address on recv() if there was an error
reading the packet. This can result in Ip::Address assertion if the
error is not checked for before the IP address is mapped into Squid
internal format.
Bug 3980: FATAL ERROR due to max_user_ip -s option
NP: unit test for -s option temporarily removed and replaced with manual
testing due to 3.4 series parser flags handlign being done at the ACL
module level instead of ACl test.
Amos Jeffries [Thu, 19 Dec 2013 07:55:03 +0000 (00:55 -0700)]
Fix linker errors "relocation R_X86_64_32 against .rodata"
... "can not be used when making a shared object; recompile with -fPIC"
Caused by some libraries built without libtool in certain environments.
NP: there are other libraries in Squid built without libtool but they
appear not to be having these linker issues at this time.
Also, fixes "undefined symbol eui64_aton" uncovered by these changes.
Amos Jeffries [Sun, 15 Dec 2013 05:33:33 +0000 (22:33 -0700)]
Regression in URL helper API
The backward compatibility logics in redirect.cc are not working as
intended on redirection URLs due to the presence of '=' in the URL and
how the key=value name parsing is performed.
A typical redirection URL looks like:
http://example.com/?url=http://www.example.net/
and 3.4 has a parser that splits tokens at '=' unconditionally and then
passes the bits as a key and value to the redirector logics which
complains that it does not understand the answer of the URL redirector.
Or treats is an an unknown key=value with no redirection URL.
Either case is handled as a no-redirection result from the helper.
This limits the key names to alphanumeric, hyphen and underscore
characters. Valid URL responses contain characters outside this set and
should no longer be interpreted as keys regardless of the '=' character.
Alex Rousskov [Fri, 6 Dec 2013 12:18:19 +0000 (05:18 -0700)]
Destroy ACLs in the reverse order of creation to avoid destruction segfaults
during reconfiguration.
Group ACLs created later may use other ACLs created earlier. A group ACL must
be deleted first so that its AclDeleter can safely access registration status
(and avoid double deletion) of the ACLs it uses. Since ACLs are remembered (in
Config.aclList) using a singly-linked list, it is difficult to change their
deletion order. Instead, we change their listing order from FIFO to LIFO.
Amos Jeffries [Fri, 6 Dec 2013 12:15:11 +0000 (05:15 -0700)]
Portability: std::string:npos is not always appropriate for String::npos
On some systems such as Windows MinGW the signed/unsigned property of
std::string::npos does not match up with the Squdi String class size_type
signed/unsigned property. Resulting in compiler signed vs unsigned
mismatch errors when compiling.
Nathan Hoad [Sat, 30 Nov 2013 09:16:25 +0000 (02:16 -0700)]
Bug 3972: Segfault when getting the deny info page ID after a reconfigure
Older ACL code was using a stale AclMatchedName value. More recent code resets
the AclMatchedName global to NULL to avoid leaking the stale value, but that
may crash strcmp() in aclGetDenyInfoPage(). Long-term, the global should be
removed, of course.
Amos Jeffries [Fri, 29 Nov 2013 10:55:53 +0000 (03:55 -0700)]
Receive annotations from authentication and external ACL helpers
This saves the kv-pair from authentication and ACL helper responses as
annotations on the HttpRequest and pass on from there to logging.
Added a method appendNewOnly() to ensure duplicate-free addition
to a NotePairs list.
Also, fixes a bug in hasPair() accessor which was returning true
if either the key OR the value matched.
ie. hasPair("a","1") would match true for notes "a=2 b=1"
Alex Rousskov [Tue, 19 Nov 2013 22:51:46 +0000 (15:51 -0700)]
Re-compute Range response content offset after an FTP response was adapted.
Moved HTTP-only offset calculation code to the general ServerStateData code so
that [converted-to-HTTP] FTP responses can use it. FTP code computes the range
offset on its own earlier, but we must REcalculate in case the response is
adapted into a response with a different (or no) content range.