From c8ff01039f5969e6f79fd7d56fb34d47b5610129 Mon Sep 17 00:00:00 2001 From: serassio <> Date: Sun, 24 Feb 2008 19:41:27 +0000 Subject: [PATCH] Merged changes from SQUID_3_0 --- doc/release-notes/release-3.0.sgml | 4 +- helpers/digest_auth/eDirectory/edir_ldapext.c | 869 ++++++++++++------ helpers/digest_auth/eDirectory/edir_ldapext.h | 15 +- helpers/digest_auth/eDirectory/ldap_backend.c | 6 +- .../ldap_group/squid_ldap_group.8 | 4 + .../ldap_group/squid_ldap_group.c | 157 ++-- src/StoreMeta.cc | 13 +- src/StoreMetaUnpacker.cc | 8 +- src/client_side_reply.cc | 30 +- src/enums.h | 4 +- src/pconn.cc | 6 +- src/pconn.h | 4 +- src/wccp2.cc | 4 +- 13 files changed, 709 insertions(+), 415 deletions(-) diff --git a/doc/release-notes/release-3.0.sgml b/doc/release-notes/release-3.0.sgml index 3e510429c3..623ff63c6d 100644 --- a/doc/release-notes/release-3.0.sgml +++ b/doc/release-notes/release-3.0.sgml @@ -2,7 +2,7 @@
Squid 3.0.RC1 release notes Squid Developers -$Id: release-3.0.sgml,v 1.30 2007/11/18 17:23:01 serassio Exp $ +$Id: release-3.0.sgml,v 1.30.4.1 2008/02/24 12:41:27 serassio Exp $ This document contains the release notes for version 3.0 of Squid. @@ -714,7 +714,7 @@ This section gives an account of those changes in three categories: --enable-carp

CARP support is now built by default. - --disable-carp can be used to buidl without it.

+ --disable-carp can be used to build without it.

--enable-htcp

HTCP protocol support is now built by default. diff --git a/helpers/digest_auth/eDirectory/edir_ldapext.c b/helpers/digest_auth/eDirectory/edir_ldapext.c index 5f8fda94b3..3aafb08f65 100644 --- a/helpers/digest_auth/eDirectory/edir_ldapext.c +++ b/helpers/digest_auth/eDirectory/edir_ldapext.c @@ -1,27 +1,31 @@ /* - * Copyright (C) 2002-2004 Novell, Inc. + * NDS LDAP helper functions + * Copied From Samba-3.0.24 pdb_nds.c and trimmed down to the + * limited functionality needed to access the plain text password only * - * edir_ldapext.c LDAP extension for reading eDirectory universal password - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of version 2 of the GNU General Public License as published - * by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for - * more details. - * - * You should have received a copy of the GNU General Public License along with - * this program; if not, contact Novell, Inc. + * Original copyright & license follows: * - * To contact Novell about this file by physical or electronic mail, you may - * find current contact information at www.novell.com. - */ + * Copyright (C) Vince Brimhall 2004-2005 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + * +*/ #include "digest_common.h" -#ifdef _SQUID_MSWIN_ /* Native Windows port and MinGW */ +#ifdef _SQUID_MSWIN_ /* Native Windows port and MinGW */ #define snprintf _snprintf #include @@ -43,282 +47,591 @@ #include #endif +#include #include "edir_ldapext.h" -/* NMAS error codes */ -#define NMAS_E_BASE (-1600) +#define NMASLDAP_GET_LOGIN_CONFIG_REQUEST "2.16.840.1.113719.1.39.42.100.3" +#define NMASLDAP_GET_LOGIN_CONFIG_RESPONSE "2.16.840.1.113719.1.39.42.100.4" +#define NMASLDAP_SET_PASSWORD_REQUEST "2.16.840.1.113719.1.39.42.100.11" +#define NMASLDAP_SET_PASSWORD_RESPONSE "2.16.840.1.113719.1.39.42.100.12" +#define NMASLDAP_GET_PASSWORD_REQUEST "2.16.840.1.113719.1.39.42.100.13" +#define NMASLDAP_GET_PASSWORD_RESPONSE "2.16.840.1.113719.1.39.42.100.14" -#define NMAS_SUCCESS 0 -#define NMAS_E_SUCCESS NMAS_SUCCESS /* Alias */ -#define NMAS_OK NMAS_SUCCESS /* Alias */ +#define NMAS_LDAP_EXT_VERSION 1 -#define NMAS_E_FRAG_FAILURE (NMAS_E_BASE-31) /* -1631 0xFFFFF9A1 */ -#define NMAS_E_BUFFER_OVERFLOW (NMAS_E_BASE-33) /* -1633 0xFFFFF99F */ -#define NMAS_E_SYSTEM_RESOURCES (NMAS_E_BASE-34) /* -1634 0xFFFFF99E */ -#define NMAS_E_INSUFFICIENT_MEMORY (NMAS_E_BASE-35) /* -1635 0xFFFFF99D */ -#define NMAS_E_NOT_SUPPORTED (NMAS_E_BASE-36) /* -1636 0xFFFFF99C */ -#define NMAS_E_INVALID_PARAMETER (NMAS_E_BASE-43) /* -1643 0xFFFFF995 */ -#define NMAS_E_INVALID_VERSION (NMAS_E_BASE-52) /* -1652 0xFFFFF98C */ +#define SMB_MALLOC_ARRAY(type, nelem) calloc(sizeof(type), nelem) +#define DEBUG(level, args) -/* OID of LDAP extenstion calls to read Universal Password */ -#define NMASLDAP_GET_PASSWORD_REQUEST "2.16.840.1.113719.1.39.42.100.13" -#define NMASLDAP_GET_PASSWORD_RESPONSE "2.16.840.1.113719.1.39.42.100.14" +/********************************************************************** + Take the request BER value and input data items and BER encodes the + data into the BER value +**********************************************************************/ -#define NMAS_LDAP_EXT_VERSION 1 +static int berEncodePasswordData( + struct berval **requestBV, + const char *objectDN, + const char *password, + const char *password2) +{ + int err = 0, rc=0; + BerElement *requestBer = NULL; + const char * utf8ObjPtr = NULL; + int utf8ObjSize = 0; + const char * utf8PwdPtr = NULL; + int utf8PwdSize = 0; + const char * utf8Pwd2Ptr = NULL; + int utf8Pwd2Size = 0; -/* ------------------------------------------------------------------------ - * berEncodePasswordData - * ============================== - * RequestBer contents: - * clientVersion INTEGER - * targetObjectDN OCTET STRING - * password1 OCTET STRING - * password2 OCTET STRING - * - * Description: - * This function takes the request BER value and input data items - * and BER encodes the data into the BER value - * - * ------------------------------------------------------------------------ */ -int -berEncodePasswordData( - struct berval **requestBV, - char *objectDN, - char *password, - char *password2) + /* Convert objectDN and tag strings from Unicode to UTF-8 */ + utf8ObjSize = strlen(objectDN)+1; + utf8ObjPtr = objectDN; + + if (password != NULL) + { + utf8PwdSize = strlen(password)+1; + utf8PwdPtr = password; + } + + if (password2 != NULL) + { + utf8Pwd2Size = strlen(password2)+1; + utf8Pwd2Ptr = password2; + } + + /* Allocate a BerElement for the request parameters. */ + if((requestBer = ber_alloc()) == NULL) + { + err = LDAP_ENCODING_ERROR; + goto Cleanup; + } + + if (password != NULL && password2 != NULL) + { + /* BER encode the NMAS Version, the objectDN, and the password */ + rc = ber_printf(requestBer, "{iooo}", NMAS_LDAP_EXT_VERSION, utf8ObjPtr, utf8ObjSize, utf8PwdPtr, utf8PwdSize, utf8Pwd2Ptr, utf8Pwd2Size); + } + else if (password != NULL) + { + /* BER encode the NMAS Version, the objectDN, and the password */ + rc = ber_printf(requestBer, "{ioo}", NMAS_LDAP_EXT_VERSION, utf8ObjPtr, utf8ObjSize, utf8PwdPtr, utf8PwdSize); + } + else + { + /* BER encode the NMAS Version and the objectDN */ + rc = ber_printf(requestBer, "{io}", NMAS_LDAP_EXT_VERSION, utf8ObjPtr, utf8ObjSize); + } + + if (rc < 0) + { + err = LDAP_ENCODING_ERROR; + goto Cleanup; + } + else + { + err = 0; + } + + /* Convert the BER we just built to a berval that we'll send with the extended request. */ + if(ber_flatten(requestBer, requestBV) == LBER_ERROR) + { + err = LDAP_ENCODING_ERROR; + goto Cleanup; + } + +Cleanup: + + if(requestBer) + { + ber_free(requestBer, 1); + } + + return err; +} + +/********************************************************************** + Take the request BER value and input data items and BER encodes the + data into the BER value +**********************************************************************/ + +static int berEncodeLoginData( + struct berval **requestBV, + char *objectDN, + unsigned int methodIDLen, + unsigned int *methodID, + char *tag, + size_t putDataLen, + void *putData) { - int err = 0, rc = 0; - BerElement *requestBer = NULL; - - char *utf8ObjPtr = NULL; - int utf8ObjSize = 0; - char *utf8PwdPtr = NULL; - int utf8PwdSize = 0; - char *utf8Pwd2Ptr = NULL; - int utf8Pwd2Size = 0; - - - utf8ObjSize = strlen(objectDN) + 1; - utf8ObjPtr = objectDN; - - if (password != NULL) { - utf8PwdSize = strlen(password) + 1; - utf8PwdPtr = password; - } - if (password2 != NULL) { - utf8Pwd2Size = strlen(password2) + 1; - utf8Pwd2Ptr = password2; - } - /* Allocate a BerElement for the request parameters. */ - if ((requestBer = ber_alloc()) == NULL) { - err = NMAS_E_FRAG_FAILURE; - goto Cleanup; - } - if (password != NULL && password2 != NULL) { - /* BER encode the NMAS Version, the objectDN, and the password */ - rc = ber_printf(requestBer, "{iooo}", NMAS_LDAP_EXT_VERSION, utf8ObjPtr, utf8ObjSize, utf8PwdPtr, utf8PwdSize, utf8Pwd2Ptr, utf8Pwd2Size); - } else if (password != NULL) { - /* BER encode the NMAS Version, the objectDN, and the password */ - rc = ber_printf(requestBer, "{ioo}", NMAS_LDAP_EXT_VERSION, utf8ObjPtr, utf8ObjSize, utf8PwdPtr, utf8PwdSize); - } else { + int err = 0; + BerElement *requestBer = NULL; + + unsigned int i; + unsigned int elemCnt = methodIDLen / sizeof(unsigned int); + + char *utf8ObjPtr=NULL; + int utf8ObjSize = 0; + + char *utf8TagPtr = NULL; + int utf8TagSize = 0; + + utf8ObjPtr = objectDN; + utf8ObjSize = strlen(utf8ObjPtr)+1; + + utf8TagPtr = tag; + utf8TagSize = strlen(utf8TagPtr)+1; + + /* Allocate a BerElement for the request parameters. */ + if((requestBer = ber_alloc()) == NULL) + { + err = LDAP_ENCODING_ERROR; + goto Cleanup; + } + /* BER encode the NMAS Version and the objectDN */ - rc = ber_printf(requestBer, "{io}", NMAS_LDAP_EXT_VERSION, utf8ObjPtr, utf8ObjSize); - } - - if (rc < 0) { - err = NMAS_E_FRAG_FAILURE; - goto Cleanup; - } else { - err = 0; - } - - /* - * Convert the BER we just built to a berval that we'll send with the extended request. - */ - if (ber_flatten(requestBer, requestBV) == LBER_ERROR) { - err = NMAS_E_FRAG_FAILURE; - goto Cleanup; - } - Cleanup: - - if (requestBer) { - ber_free(requestBer, 1); - } - return err; -} /* End of berEncodePasswordData */ - -/* ------------------------------------------------------------------------ - * berDecodeLoginData() - * ============================== - * ResponseBer contents: - * serverVersion INTEGER - * error INTEGER - * data OCTET STRING - * - * Description: - * This function takes the reply BER Value and decodes the - * NMAS server version and return code and if a non null retData - * buffer was supplied, tries to decode the the return data and length - * - * ------------------------------------------------------------------------ */ -int -berDecodeLoginData( - struct berval *replyBV, - int *serverVersion, - size_t * retDataLen, - void *retData) + err = (ber_printf(requestBer, "{io", NMAS_LDAP_EXT_VERSION, utf8ObjPtr, utf8ObjSize) < 0) ? LDAP_ENCODING_ERROR : 0; + + /* BER encode the MethodID Length and value */ + if (!err) + { + err = (ber_printf(requestBer, "{i{", methodIDLen) < 0) ? LDAP_ENCODING_ERROR : 0; + } + + for (i = 0; !err && i < elemCnt; i++) + { + err = (ber_printf(requestBer, "i", methodID[i]) < 0) ? LDAP_ENCODING_ERROR : 0; + } + + if (!err) + { + err = (ber_printf(requestBer, "}}", 0) < 0) ? LDAP_ENCODING_ERROR : 0; + } + + if(putData) + { + /* BER Encode the the tag and data */ + err = (ber_printf(requestBer, "oio}", utf8TagPtr, utf8TagSize, putDataLen, putData, putDataLen) < 0) ? LDAP_ENCODING_ERROR : 0; + } + else + { + /* BER Encode the the tag */ + err = (ber_printf(requestBer, "o}", utf8TagPtr, utf8TagSize) < 0) ? LDAP_ENCODING_ERROR : 0; + } + + if (err) + { + goto Cleanup; + } + + /* Convert the BER we just built to a berval that we'll send with the extended request. */ + if(ber_flatten(requestBer, requestBV) == LBER_ERROR) + { + err = LDAP_ENCODING_ERROR; + goto Cleanup; + } + +Cleanup: + + if(requestBer) + { + ber_free(requestBer, 1); + } + + return err; +} + +/********************************************************************** + Takes the reply BER Value and decodes the NMAS server version and + return code and if a non null retData buffer was supplied, tries to + decode the the return data and length +**********************************************************************/ + +static int berDecodeLoginData( + struct berval *replyBV, + int *serverVersion, + size_t *retDataLen, + void *retData ) { - int rc = 0, err = 0; - BerElement *replyBer = NULL; - char *retOctStr = NULL; - size_t retOctStrLen = 0; - - if ((replyBer = ber_init(replyBV)) == NULL) { - err = NMAS_E_SYSTEM_RESOURCES; - goto Cleanup; - } - if (retData) { - retOctStrLen = *retDataLen + 1; - retOctStr = (char *) malloc(retOctStrLen); - if (!retOctStr) { - err = NMAS_E_SYSTEM_RESOURCES; - goto Cleanup; - } - if ((rc = ber_scanf(replyBer, "{iis}", serverVersion, &err, retOctStr, &retOctStrLen)) != -1) { - if (*retDataLen >= retOctStrLen) { - memcpy(retData, retOctStr, retOctStrLen); - } else if (!err) { - err = NMAS_E_BUFFER_OVERFLOW; - } - *retDataLen = retOctStrLen; - } else if (!err) { - err = NMAS_E_FRAG_FAILURE; - } - } else { - if ((rc = ber_scanf(replyBer, "{ii}", serverVersion, &err)) == -1) { - if (!err) { - err = NMAS_E_FRAG_FAILURE; - } - } - } - - Cleanup: - - if (replyBer) { - ber_free(replyBer, 1); - } - if (retOctStr != NULL) { - memset(retOctStr, 0, retOctStrLen); - free(retOctStr); - } - return err; -} /* End of berDecodeLoginData */ - -/* ----------------------------------------------------------------------- - * nmasldap_get_password() - * ============================== - * - * Description: - * This API attempts to get the universal password - * - * ------------------------------------------------------------------------ */ -int -nmasldap_get_password( - LDAP * ld, - char *objectDN, - size_t * pwdSize, // in bytes - char *pwd) + int err = 0; + BerElement *replyBer = NULL; + char *retOctStr = NULL; + size_t retOctStrLen = 0; + + if((replyBer = ber_init(replyBV)) == NULL) + { + err = LDAP_OPERATIONS_ERROR; + goto Cleanup; + } + + if(retData) + { + retOctStrLen = *retDataLen + 1; + retOctStr = SMB_MALLOC_ARRAY(char, retOctStrLen); + if(!retOctStr) + { + err = LDAP_OPERATIONS_ERROR; + goto Cleanup; + } + + if(ber_scanf(replyBer, "{iis}", serverVersion, &err, retOctStr, &retOctStrLen) != -1) + { + if (*retDataLen >= retOctStrLen) + { + memcpy(retData, retOctStr, retOctStrLen); + } + else if (!err) + { + err = LDAP_NO_MEMORY; + } + + *retDataLen = retOctStrLen; + } + else if (!err) + { + err = LDAP_DECODING_ERROR; + } + } + else + { + if(ber_scanf(replyBer, "{ii}", serverVersion, &err) == -1) + { + if (!err) + { + err = LDAP_DECODING_ERROR; + } + } + } + +Cleanup: + + if(replyBer) + { + ber_free(replyBer, 1); + } + + if (retOctStr != NULL) + { + memset(retOctStr, 0, retOctStrLen); + free(retOctStr); + } + + return err; +} + +/********************************************************************** + Retrieves data in the login configuration of the specified object + that is tagged with the specified methodID and tag. +**********************************************************************/ + +static int getLoginConfig( + LDAP *ld, + char *objectDN, + unsigned int methodIDLen, + unsigned int *methodID, + char *tag, + size_t *dataLen, + void *data ) { - int err = 0; + int err = 0; + struct berval *requestBV = NULL; + char *replyOID = NULL; + struct berval *replyBV = NULL; + int serverVersion = 0; + + /* Validate unicode parameters. */ + if((strlen(objectDN) == 0) || ld == NULL) + { + return LDAP_NO_SUCH_ATTRIBUTE; + } - struct berval *requestBV = NULL; - char *replyOID = NULL; - struct berval *replyBV = NULL; - int serverVersion; - char *pwdBuf; - size_t pwdBufLen, bufferLen; + err = berEncodeLoginData(&requestBV, objectDN, methodIDLen, methodID, tag, 0, NULL); + if(err) + { + goto Cleanup; + } -#ifdef NOT_N_PLAT_NLM - int currentThreadGroupID; -#endif + /* Call the ldap_extended_operation (synchronously) */ + if((err = ldap_extended_operation_s(ld, NMASLDAP_GET_LOGIN_CONFIG_REQUEST, + requestBV, NULL, NULL, &replyOID, &replyBV))) + { + goto Cleanup; + } - /* Validate char parameters. */ - if (objectDN == NULL || (strlen(objectDN) == 0) || pwdSize == NULL || ld == NULL) { - return NMAS_E_INVALID_PARAMETER; - } - bufferLen = pwdBufLen = *pwdSize; - pwdBuf = (char *) malloc(pwdBufLen + 2); - if (pwdBuf == NULL) { - return NMAS_E_INSUFFICIENT_MEMORY; - } -#ifdef NOT_N_PLAT_NLM - currentThreadGroupID = SetThreadGroupID(nmasLDAPThreadGroupID); -#endif + /* Make sure there is a return OID */ + if(!replyOID) + { + err = LDAP_NOT_SUPPORTED; + goto Cleanup; + } - err = berEncodePasswordData(&requestBV, objectDN, NULL, NULL); - if (err) { - goto Cleanup; - } - /* Call the ldap_extended_operation (synchronously) */ - if ((err = ldap_extended_operation_s(ld, NMASLDAP_GET_PASSWORD_REQUEST, requestBV, NULL, NULL, &replyOID, &replyBV))) { - goto Cleanup; - } - /* Make sure there is a return OID */ - if (!replyOID) { - err = NMAS_E_NOT_SUPPORTED; - goto Cleanup; - } - /* Is this what we were expecting to get back. */ - if (strcmp(replyOID, NMASLDAP_GET_PASSWORD_RESPONSE)) { - err = NMAS_E_NOT_SUPPORTED; - goto Cleanup; - } - /* Do we have a good returned berval? */ - if (!replyBV) { - /* - * No; returned berval means we experienced a rather drastic error. - * Return operations error. - */ - err = NMAS_E_SYSTEM_RESOURCES; - goto Cleanup; - } - err = berDecodeLoginData(replyBV, &serverVersion, &pwdBufLen, pwdBuf); - - if (serverVersion != NMAS_LDAP_EXT_VERSION) { - err = NMAS_E_INVALID_VERSION; - goto Cleanup; - } - if (!err && pwdBufLen != 0) { - if (*pwdSize >= pwdBufLen + 1 && pwd != NULL) { - memcpy(pwd, pwdBuf, pwdBufLen); - pwd[pwdBufLen] = 0; /* add null termination */ - } - *pwdSize = pwdBufLen; /* does not include null termination */ - } - Cleanup: - - if (replyBV) { - ber_bvfree(replyBV); - } - /* Free the return OID string if one was returned. */ - if (replyOID) { - ldap_memfree(replyOID); - } - /* Free memory allocated while building the request ber and berval. */ - if (requestBV) { - ber_bvfree(requestBV); - } - if (pwdBuf != NULL) { - memset(pwdBuf, 0, bufferLen); - free(pwdBuf); - } -#ifdef NOT_N_PLAT_NLM - SetThreadGroupID(currentThreadGroupID); -#endif + /* Is this what we were expecting to get back. */ + if(strcmp(replyOID, NMASLDAP_GET_LOGIN_CONFIG_RESPONSE)) + { + err = LDAP_NOT_SUPPORTED; + goto Cleanup; + } + + /* Do we have a good returned berval? */ + if(!replyBV) + { + /* No; returned berval means we experienced a rather drastic error. */ + /* Return operations error. */ + err = LDAP_OPERATIONS_ERROR; + goto Cleanup; + } + + err = berDecodeLoginData(replyBV, &serverVersion, dataLen, data); + + if(serverVersion != NMAS_LDAP_EXT_VERSION) + { + err = LDAP_OPERATIONS_ERROR; + goto Cleanup; + } + +Cleanup: + + if(replyBV) + { + ber_bvfree(replyBV); + } + + /* Free the return OID string if one was returned. */ + if(replyOID) + { + ldap_memfree(replyOID); + } + + /* Free memory allocated while building the request ber and berval. */ + if(requestBV) + { + ber_bvfree(requestBV); + } + + /* Return the appropriate error/success code. */ + return err; +} + +/********************************************************************** + Attempts to get the Simple Password +**********************************************************************/ + +static int nmasldap_get_simple_pwd( + LDAP *ld, + char *objectDN, + size_t pwdLen, + char *pwd ) +{ + int err = 0; + unsigned int methodID = 0; + unsigned int methodIDLen = sizeof(methodID); + char tag[] = {'P','A','S','S','W','O','R','D',' ','H','A','S','H',0}; + char *pwdBuf=NULL; + size_t pwdBufLen, bufferLen; + + bufferLen = pwdBufLen = pwdLen+2; + pwdBuf = SMB_MALLOC_ARRAY(char, pwdBufLen); /* digest and null */ + if(pwdBuf == NULL) + { + return LDAP_NO_MEMORY; + } + + err = getLoginConfig(ld, objectDN, methodIDLen, &methodID, tag, &pwdBufLen, pwdBuf); + if (err == 0) + { + if (pwdBufLen !=0) + { + pwdBuf[pwdBufLen] = 0; /* null terminate */ + + switch (pwdBuf[0]) + { + case 1: /* cleartext password */ + break; + case 2: /* SHA1 HASH */ + case 3: /* MD5_ID */ + case 4: /* UNIXCrypt_ID */ + case 8: /* SSHA_ID */ + default: /* Unknown digest */ + err = LDAP_INAPPROPRIATE_AUTH; /* only return clear text */ + break; + } + + if (!err) + { + if (pwdLen >= pwdBufLen-1) + { + memcpy(pwd, &pwdBuf[1], pwdBufLen-1); /* skip digest tag and include null */ + } + else + { + err = LDAP_NO_MEMORY; + } + } + } + } + + if (pwdBuf != NULL) + { + memset(pwdBuf, 0, bufferLen); + free(pwdBuf); + } + + return err; +} + + +/********************************************************************** + Attempts to get the Universal Password +**********************************************************************/ + +static int nmasldap_get_password( + LDAP *ld, + char *objectDN, + size_t *pwdSize, /* in bytes */ + unsigned char *pwd ) +{ + int err = 0; + + struct berval *requestBV = NULL; + char *replyOID = NULL; + struct berval *replyBV = NULL; + int serverVersion; + char *pwdBuf; + size_t pwdBufLen, bufferLen; + + /* Validate char parameters. */ + if(objectDN == NULL || (strlen(objectDN) == 0) || pwdSize == NULL || ld == NULL) + { + return LDAP_NO_SUCH_ATTRIBUTE; + } + + bufferLen = pwdBufLen = *pwdSize; + pwdBuf = SMB_MALLOC_ARRAY(char, pwdBufLen+2); + if(pwdBuf == NULL) + { + return LDAP_NO_MEMORY; + } + + err = berEncodePasswordData(&requestBV, objectDN, NULL, NULL); + if(err) + { + goto Cleanup; + } + + /* Call the ldap_extended_operation (synchronously) */ + if((err = ldap_extended_operation_s(ld, NMASLDAP_GET_PASSWORD_REQUEST, requestBV, NULL, NULL, &replyOID, &replyBV))) + { + goto Cleanup; + } + + /* Make sure there is a return OID */ + if(!replyOID) + { + err = LDAP_NOT_SUPPORTED; + goto Cleanup; + } + + /* Is this what we were expecting to get back. */ + if(strcmp(replyOID, NMASLDAP_GET_PASSWORD_RESPONSE)) + { + err = LDAP_NOT_SUPPORTED; + goto Cleanup; + } + + /* Do we have a good returned berval? */ + if(!replyBV) + { + /* No; returned berval means we experienced a rather drastic error. */ + /* Return operations error. */ + err = LDAP_OPERATIONS_ERROR; + goto Cleanup; + } + + err = berDecodeLoginData(replyBV, &serverVersion, &pwdBufLen, pwdBuf); + + if(serverVersion != NMAS_LDAP_EXT_VERSION) + { + err = LDAP_OPERATIONS_ERROR; + goto Cleanup; + } + + if (!err && pwdBufLen != 0) + { + if (*pwdSize >= pwdBufLen+1 && pwd != NULL) + { + memcpy(pwd, pwdBuf, pwdBufLen); + pwd[pwdBufLen] = 0; /* add null termination */ + } + *pwdSize = pwdBufLen; /* does not include null termination */ + } + +Cleanup: + + if(replyBV) + { + ber_bvfree(replyBV); + } + + /* Free the return OID string if one was returned. */ + if(replyOID) + { + ldap_memfree(replyOID); + } + + /* Free memory allocated while building the request ber and berval. */ + if(requestBV) + { + ber_bvfree(requestBV); + } + + if (pwdBuf != NULL) + { + memset(pwdBuf, 0, bufferLen); + free(pwdBuf); + } + + /* Return the appropriate error/success code. */ + return err; +} + +/********************************************************************** + Get the user's password from NDS. + *********************************************************************/ + +int nds_get_password( + LDAP *ld, + char *object_dn, + size_t *pwd_len, + char *pwd ) +{ + int rc = -1; + + rc = nmasldap_get_password(ld, object_dn, pwd_len, (unsigned char *)pwd); + if (rc == LDAP_SUCCESS) { +#ifdef DEBUG_PASSWORD + DEBUG(100,("nmasldap_get_password returned %s for %s\n", pwd, object_dn)); +#endif + DEBUG(5, ("NDS Universal Password retrieved for %s\n", object_dn)); + } else { + DEBUG(3, ("NDS Universal Password NOT retrieved for %s\n", object_dn)); + } + + if (rc != LDAP_SUCCESS) { + rc = nmasldap_get_simple_pwd(ld, object_dn, *pwd_len, pwd); + if (rc == LDAP_SUCCESS) { +#ifdef DEBUG_PASSWORD + DEBUG(100,("nmasldap_get_simple_pwd returned %s for %s\n", pwd, object_dn)); +#endif + DEBUG(5, ("NDS Simple Password retrieved for %s\n", object_dn)); + } else { + /* We couldn't get the password */ + DEBUG(3, ("NDS Simple Password NOT retrieved for %s\n", object_dn)); + return LDAP_INVALID_CREDENTIALS; + } + } + + /* We got the password */ + return LDAP_SUCCESS; +} - /* Return the appropriate error/success code. */ - return err; -} /* end of nmasldap_get_password */ diff --git a/helpers/digest_auth/eDirectory/edir_ldapext.h b/helpers/digest_auth/eDirectory/edir_ldapext.h index 1e394fbb69..9b861e82e7 100644 --- a/helpers/digest_auth/eDirectory/edir_ldapext.h +++ b/helpers/digest_auth/eDirectory/edir_ldapext.h @@ -1,14 +1 @@ -/* - * edir_ldapext.h - * - * AUTHOR: Guy Antony Halse - * - * stubs for FreeRadius's edir_ldapext.h - * - */ -#define UNIVERSAL_PASS_LEN 256 -#define NMAS_SUCCESS 0 - -extern int berEncodePasswordData(struct berval **requestBV, char *objectDN, char *password, char *password2); -extern int berDecodeLoginData(struct berval *replyBV, int *serverVersion, size_t * retDataLen, void *retData); -extern int nmasldap_get_password(LDAP * ld, char *objectDN, size_t * pwdSize, char *pwd); +int nds_get_password(LDAP *ld, char *object_dn, size_t * pwd_len, char *pwd); diff --git a/helpers/digest_auth/eDirectory/ldap_backend.c b/helpers/digest_auth/eDirectory/ldap_backend.c index f44fcac7df..1db3e28455 100644 --- a/helpers/digest_auth/eDirectory/ldap_backend.c +++ b/helpers/digest_auth/eDirectory/ldap_backend.c @@ -198,7 +198,7 @@ getpassword(char *login, char *realm) char filter[8192]; char searchbase[8192]; char *universal_password = NULL; - size_t universal_password_len = UNIVERSAL_PASS_LEN; + size_t universal_password_len = 256; int nmas_res = 0; int rc = -1; if (ld) { @@ -262,8 +262,8 @@ getpassword(char *login, char *realm) values = malloc(sizeof(char *)); /* actually talk to NMAS to get a password */ - nmas_res = nmasldap_get_password(ld, ldap_get_dn(ld, entry), &universal_password_len, universal_password); - if (nmas_res == NMAS_SUCCESS && universal_password) { + nmas_res = nds_get_password(ld, ldap_get_dn(ld, entry), &universal_password_len, universal_password); + if (nmas_res == LDAP_SUCCESS && universal_password) { if (debug) printf("NMAS returned value %s\n", universal_password); values[0] = universal_password; diff --git a/helpers/external_acl/ldap_group/squid_ldap_group.8 b/helpers/external_acl/ldap_group/squid_ldap_group.8 index 543285ad87..a15fc8cc4d 100644 --- a/helpers/external_acl/ldap_group/squid_ldap_group.8 +++ b/helpers/external_acl/ldap_group/squid_ldap_group.8 @@ -152,6 +152,10 @@ Specify time limit on LDAP search operations Strip NT domain name component from user names (/ or \\ separated) . .TP +.BI -K +Strip Kerberos Realm component from user names (@ separated) +. +.TP .BI -d Debug mode where each step taken will get reported in detail. Useful for understanding what goes wrong if the results is diff --git a/helpers/external_acl/ldap_group/squid_ldap_group.c b/helpers/external_acl/ldap_group/squid_ldap_group.c index f9c20ac623..938053fdfb 100644 --- a/helpers/external_acl/ldap_group/squid_ldap_group.c +++ b/helpers/external_acl/ldap_group/squid_ldap_group.c @@ -42,7 +42,7 @@ #include #include -#ifdef _SQUID_MSWIN_ /* Native Windows port and MinGW */ +#ifdef _SQUID_MSWIN_ /* Native Windows port and MinGW */ #define snprintf _snprintf #include @@ -55,15 +55,15 @@ #define LDAP_OPT_X_TLS 0x6000 #endif /* Some tricks to allow dynamic bind with ldap_start_tls_s entry point at - run time. + * run time. */ #undef ldap_start_tls_s #if LDAP_UNICODE #define LDAP_START_TLS_S "ldap_start_tls_sW" -typedef WINLDAPAPI ULONG (LDAPAPI * PFldap_start_tls_s) (IN PLDAP, OUT PULONG, OUT LDAPMessage **, IN PLDAPControlW *, IN PLDAPControlW *); +typedef WINLDAPAPI ULONG(LDAPAPI * PFldap_start_tls_s) (IN PLDAP, OUT PULONG, OUT LDAPMessage **, IN PLDAPControlW *, IN PLDAPControlW *); #else #define LDAP_START_TLS_S "ldap_start_tls_sA" -typedef WINLDAPAPI ULONG (LDAPAPI * PFldap_start_tls_s) (IN PLDAP, OUT PULONG, OUT LDAPMessage **, IN PLDAPControlA *, IN PLDAPControlA *); +typedef WINLDAPAPI ULONG(LDAPAPI * PFldap_start_tls_s) (IN PLDAP, OUT PULONG, OUT LDAPMessage **, IN PLDAPControlA *, IN PLDAPControlA *); #endif /* LDAP_UNICODE */ PFldap_start_tls_s Win32_ldap_start_tls_s; #define ldap_start_tls_s(l,s,c) Win32_ldap_start_tls_s(l,NULL,NULL,s,c) @@ -121,31 +121,31 @@ static int readSecret(const char *filename); #endif #if defined(LDAP_API_VERSION) && LDAP_API_VERSION > 1823 -static int +static int squid_ldap_errno(LDAP * ld) { int err = 0; ldap_get_option(ld, LDAP_OPT_ERROR_NUMBER, &err); return err; } -static void +static void squid_ldap_set_aliasderef(LDAP * ld, int deref) { ldap_set_option(ld, LDAP_OPT_DEREF, &deref); } -static void +static void squid_ldap_set_referrals(LDAP * ld, int referrals) { int *value = referrals ? LDAP_OPT_ON : LDAP_OPT_OFF; ldap_set_option(ld, LDAP_OPT_REFERRALS, value); } static void -squid_ldap_set_timelimit(LDAP *ld, int timelimit) +squid_ldap_set_timelimit(LDAP * ld, int timelimit) { ldap_set_option(ld, LDAP_OPT_TIMELIMIT, &timelimit); } static void -squid_ldap_set_connect_timeout(LDAP *ld, int timelimit) +squid_ldap_set_connect_timeout(LDAP * ld, int timelimit) { #if defined(LDAP_OPT_NETWORK_TIMEOUT) struct timeval tv; @@ -157,23 +157,24 @@ squid_ldap_set_connect_timeout(LDAP *ld, int timelimit) ldap_set_option(ld, LDAP_X_OPT_CONNECT_TIMEOUT, &timelimit); #endif } -static void +static void squid_ldap_memfree(char *p) { ldap_memfree(p); } + #else -static int +static int squid_ldap_errno(LDAP * ld) { return ld->ld_errno; } -static void +static void squid_ldap_set_aliasderef(LDAP * ld, int deref) { ld->ld_deref = deref; } -static void +static void squid_ldap_set_referrals(LDAP * ld, int referrals) { if (referrals) @@ -182,26 +183,27 @@ squid_ldap_set_referrals(LDAP * ld, int referrals) ld->ld_options &= ~LDAP_OPT_REFERRALS; } static void -squid_ldap_set_timelimit(LDAP *ld, int timelimit) +squid_ldap_set_timelimit(LDAP * ld, int timelimit) { ld->ld_timelimit = timelimit; } static void -squid_ldap_set_connect_timeout(LDAP *ld, int timelimit) +squid_ldap_set_connect_timeout(LDAP * ld, int timelimit) { fprintf(stderr, "Connect timeouts not supported in your LDAP library\n"); } -static void +static void squid_ldap_memfree(char *p) { free(p); } + #endif #ifdef LDAP_API_FEATURE_X_OPENLDAP - #if LDAP_VENDOR_VERSION > 194 - #define HAS_URI_SUPPORT 1 - #endif +#if LDAP_VENDOR_VERSION > 194 +#define HAS_URI_SUPPORT 1 +#endif #endif int @@ -215,6 +217,7 @@ main(int argc, char **argv) int port = LDAP_PORT; int use_extension_dn = 0; int strip_nt_domain = 0; + int strip_kerberos_realm = 0; int err = 0; setbuf(stdout, NULL); @@ -326,7 +329,7 @@ main(int argc, char **argv) bindpasswd = value; break; case 'W': - readSecret (value); + readSecret(value); break; case 'P': persistent = !persistent; @@ -370,6 +373,9 @@ main(int argc, char **argv) case 'S': strip_nt_domain = 1; break; + case 'K': + strip_kerberos_realm = 1; + break; default: fprintf(stderr, PROGRAM_NAME " ERROR: Unknown command line option '%c'\n", option); exit(1); @@ -392,7 +398,7 @@ main(int argc, char **argv) } if (!ldapServer) - ldapServer = (char *)"localhost"; + ldapServer = (char *) "localhost"; if (!basedn || !searchfilter) { fprintf(stderr, "\n" PROGRAM_NAME " version " PROGRAM_VERSION "\n\n"); @@ -424,24 +430,24 @@ main(int argc, char **argv) #endif fprintf(stderr, "\t-g\t\t\tfirst query parameter is base DN extension\n\t\t\t\tfor this query\n"); fprintf(stderr, "\t-S\t\t\tStrip NT domain from usernames\n"); + fprintf(stderr, "\t-K\t\t\tStrip Kerberos realm from usernames\n"); fprintf(stderr, "\n"); fprintf(stderr, "\tIf you need to bind as a user to perform searches then use the\n\t-D binddn -w bindpasswd or -D binddn -W secretfile options\n\n"); exit(1); } - /* On Windows ldap_start_tls_s is available starting from Windows XP, - so we need to bind at run-time with the function entry point + * so we need to bind at run-time with the function entry point */ #ifdef _SQUID_MSWIN_ if (use_tls) { - HMODULE WLDAP32Handle; + HMODULE WLDAP32Handle; WLDAP32Handle = GetModuleHandle("wldap32"); - if ((Win32_ldap_start_tls_s = (PFldap_start_tls_s) GetProcAddress(WLDAP32Handle, LDAP_START_TLS_S)) == NULL) { - fprintf( stderr, PROGRAM_NAME ": ERROR: TLS (-Z) not supported on this platform.\n"); + if ((Win32_ldap_start_tls_s = (PFldap_start_tls_s) GetProcAddress(WLDAP32Handle, LDAP_START_TLS_S)) == NULL) { + fprintf(stderr, PROGRAM_NAME ": ERROR: TLS (-Z) not supported on this platform.\n"); exit(1); - } + } } #endif @@ -470,6 +476,12 @@ main(int argc, char **argv) if (u && u[1]) user = u + 1; } + if (strip_kerberos_realm) { + char *u = strchr(user, '@'); + if (u != NULL) { + *u = '\0'; + } + } if (use_extension_dn) { extension_dn = strtok(NULL, " \n"); if (!extension_dn) { @@ -478,42 +490,40 @@ main(int argc, char **argv) } rfc1738_unescape(extension_dn); } - while (!found && user && (group = strtok(NULL, " \n")) != NULL) { rfc1738_unescape(group); recover: if (ld == NULL) { #if HAS_URI_SUPPORT - if (strstr(ldapServer, "://") != NULL) { - rc = ldap_initialize( &ld, ldapServer ); - if( rc != LDAP_SUCCESS ) { + if (strstr(ldapServer, "://") != NULL) { + rc = ldap_initialize(&ld, ldapServer); + if (rc != LDAP_SUCCESS) { fprintf(stderr, "\nUnable to connect to LDAPURI:%s\n", ldapServer); break; } - } else + } else #endif #if NETSCAPE_SSL if (sslpath) { - if ( !sslinit && (ldapssl_client_init(sslpath, NULL) != LDAP_SUCCESS)) { + if (!sslinit && (ldapssl_client_init(sslpath, NULL) != LDAP_SUCCESS)) { fprintf(stderr, "\nUnable to initialise SSL with cert path %s\n", - sslpath); + sslpath); exit(1); } else { sslinit++; } if ((ld = ldapssl_init(ldapServer, port, 1)) == NULL) { fprintf(stderr, "\nUnable to connect to SSL LDAP server: %s port:%d\n", - ldapServer, port); + ldapServer, port); exit(1); } } else #endif if ((ld = ldap_init(ldapServer, port)) == NULL) { - fprintf(stderr, "\nUnable to connect to LDAP server:%s port:%d\n",ldapServer, port); + fprintf(stderr, "\nUnable to connect to LDAP server:%s port:%d\n", ldapServer, port); break; } - if (connect_timeout) squid_ldap_set_connect_timeout(ld, connect_timeout); @@ -575,9 +585,9 @@ main(int argc, char **argv) if (found) printf("OK\n"); else { -error: + error: printf("ERR\n"); -} + } if (ld != NULL) { if (!persistent || (squid_ldap_errno(ld) != LDAP_SUCCESS && squid_ldap_errno(ld) != LDAP_INVALID_CREDENTIALS)) { @@ -599,7 +609,7 @@ ldap_escape_value(char *escaped, int size, const char *src) { int n = 0; while (size > 4 && *src) { - switch(*src) { + switch (*src) { case '*': case '(': case ')': @@ -608,8 +618,8 @@ ldap_escape_value(char *escaped, int size, const char *src) size -= 3; if (size > 0) { *escaped++ = '\\'; - snprintf(escaped, 3, "%02x", (unsigned char)*src++); - escaped+=2; + snprintf(escaped, 3, "%02x", (unsigned char) *src++); + escaped += 2; } break; default: @@ -626,8 +636,8 @@ static int build_filter(char *filter, int size, const char *template, const char *user, const char *group) { int n; - while(*template && size > 0) { - switch(*template) { + while (*template && size > 0) { + switch (*template) { case '%': template++; switch (*template) { @@ -680,7 +690,8 @@ searchLDAPGroup(LDAP * ld, char *group, char *member, char *extension_dn) LDAPMessage *res = NULL; LDAPMessage *entry; int rc; - char *searchattr[] = {(char *)LDAP_NO_ATTRS, NULL}; + char *searchattr[] = + {(char *) LDAP_NO_ATTRS, NULL}; if (extension_dn && *extension_dn) snprintf(searchbase, sizeof(searchbase), "%s,%s", extension_dn, basedn); @@ -691,7 +702,6 @@ searchLDAPGroup(LDAP * ld, char *group, char *member, char *extension_dn) fprintf(stderr, PROGRAM_NAME " ERROR, Failed to construct LDAP search filter. filter=\"%s\", user=\"%s\", group=\"%s\"\n", filter, member, group); return 1; } - if (debug) fprintf(stderr, "group filter '%s', searchbase '%s'\n", filter, searchbase); @@ -723,7 +733,7 @@ searchLDAPGroup(LDAP * ld, char *group, char *member, char *extension_dn) } static int -searchLDAP(LDAP *ld, char *group, char *login, char *extension_dn) +searchLDAP(LDAP * ld, char *group, char *login, char *extension_dn) { if (usersearchfilter) { @@ -734,7 +744,8 @@ searchLDAP(LDAP *ld, char *group, char *login, char *extension_dn) LDAPMessage *entry; int rc; char *userdn; - char *searchattr[] = {(char *)LDAP_NO_ATTRS, NULL}; + char *searchattr[] = + {(char *) LDAP_NO_ATTRS, NULL}; if (extension_dn && *extension_dn) snprintf(searchbase, sizeof(searchbase), "%s,%s", extension_dn, userbasedn ? userbasedn : basedn); else @@ -785,33 +796,33 @@ searchLDAP(LDAP *ld, char *group, char *login, char *extension_dn) } -int readSecret(const char *filename) +int +readSecret(const char *filename) { - char buf[BUFSIZ]; - char *e=0; - FILE *f; + char buf[BUFSIZ]; + char *e = 0; + FILE *f; - if(!(f=fopen(filename, "r"))) { - fprintf(stderr, PROGRAM_NAME " ERROR: Can not read secret file %s\n", filename); - return 1; - } - - if( !fgets(buf, sizeof(buf)-1, f)) { - fprintf(stderr, PROGRAM_NAME " ERROR: Secret file %s is empty\n", filename); + if (!(f = fopen(filename, "r"))) { + fprintf(stderr, PROGRAM_NAME " ERROR: Can not read secret file %s\n", filename); + return 1; + } + if (!fgets(buf, sizeof(buf) - 1, f)) { + fprintf(stderr, PROGRAM_NAME " ERROR: Secret file %s is empty\n", filename); + fclose(f); + return 1; + } + /* strip whitespaces on end */ + if ((e = strrchr(buf, '\n'))) + *e = 0; + if ((e = strrchr(buf, '\r'))) + *e = 0; + + bindpasswd = strdup(buf); + if (!bindpasswd) { + fprintf(stderr, PROGRAM_NAME " ERROR: can not allocate memory\n"); + } fclose(f); - return 1; - } - /* strip whitespaces on end */ - if((e = strrchr(buf, '\n'))) *e = 0; - if((e = strrchr(buf, '\r'))) *e = 0; - - bindpasswd = strdup(buf); - if (!bindpasswd) { - fprintf(stderr, PROGRAM_NAME " ERROR: can not allocate memory\n"); - } - - fclose(f); - - return 0; + return 0; } diff --git a/src/StoreMeta.cc b/src/StoreMeta.cc index df5b9fa4ee..6c68cddbfb 100644 --- a/src/StoreMeta.cc +++ b/src/StoreMeta.cc @@ -1,6 +1,6 @@ /* - * $Id: StoreMeta.cc,v 1.6 2007/09/19 08:54:51 hno Exp $ + * $Id: StoreMeta.cc,v 1.6.4.1 2008/02/24 12:41:29 serassio Exp $ * * DEBUG: section 20 Storage Manager Swapfile Metadata * AUTHOR: Kostas Anagnostakis @@ -48,12 +48,19 @@ bool StoreMeta::validType(char type) { /* VOID is reserved, and new types have to be added as classes */ - - if (type <= STORE_META_VOID || type >= STORE_META_END) { + if (type <= STORE_META_VOID || type >= STORE_META_END + 10) { debugs(20, 0, "storeSwapMetaUnpack: bad type (" << type << ")!"); return false; } + /* Not yet implemented */ + if (type >= STORE_META_END || + type == STORE_META_STOREURL || + type == STORE_META_VARY_ID) { + debugs(20, 3, "storeSwapMetaUnpack: Not yet implemented (" << type << ") in disk metadata"); + return false; + } + /* Unused in any current squid code */ if (type == STORE_META_KEY_URL || type == STORE_META_KEY_SHA || diff --git a/src/StoreMetaUnpacker.cc b/src/StoreMetaUnpacker.cc index 91e267c564..d0d77cf5ec 100644 --- a/src/StoreMetaUnpacker.cc +++ b/src/StoreMetaUnpacker.cc @@ -1,6 +1,6 @@ /* - * $Id: StoreMetaUnpacker.cc,v 1.5 2007/04/30 16:56:09 wessels Exp $ + * $Id: StoreMetaUnpacker.cc,v 1.5.6.1 2008/02/24 12:41:29 serassio Exp $ * * DEBUG: section 20 Storage Manager Swapfile Unpacker * AUTHOR: Robert Collins @@ -98,10 +98,8 @@ StoreMetaUnpacker::doOneEntry() StoreMeta *newNode = StoreMeta::Factory(type, length, &buf[position]); - if (!newNode) - return false; - - tail = StoreMeta::Add (tail, newNode); + if (newNode) + tail = StoreMeta::Add (tail, newNode); position += length; diff --git a/src/client_side_reply.cc b/src/client_side_reply.cc index 05ba37748e..9d238973e7 100644 --- a/src/client_side_reply.cc +++ b/src/client_side_reply.cc @@ -1,6 +1,6 @@ /* - * $Id: client_side_reply.cc,v 1.144 2007/11/27 09:36:07 amosjeffries Exp $ + * $Id: client_side_reply.cc,v 1.144.4.1 2008/02/24 12:41:29 serassio Exp $ * * DEBUG: section 88 Client-side Reply Routines * AUTHOR: Robert Collins (Originally Duane Wessels in client_side.c) @@ -1967,7 +1967,6 @@ clientReplyContext::sendMoreData (StoreIOBuffer result) } buildReply(buf, reqofs); - ssize_t body_size = reqofs; if (reply) { @@ -1990,33 +1989,6 @@ clientReplyContext::sendMoreData (StoreIOBuffer result) } else if (reqofs < HTTP_REQBUF_SZ && entry->store_status == STORE_PENDING) { waitForMoreData(); return; - } else if (http->request->method == METHOD_HEAD) { - /* - * If we are here, then store_status == STORE_OK and it - * seems we have a HEAD repsponse which is missing the - * empty end-of-headers line (home.mira.net, phttpd/0.99.72 - * does this). Because buildReply() fails we just - * call this reply a body, set the done_copying flag and - * continue... - */ - /* RBC: Note that this is seriously broken, as we *need* the - * metadata to allow further client modules to work. As such - * webservers are seriously broken, this is probably not - * going to get fixed.. perhapos we should remove it? - */ - debugs(88, 0, "Broken head response - probably phttpd/0.99.72"); - http->flags.done_copying = 1; - flags.complete = 1; - /* - * And as this is a malformed HTTP reply we cannot keep - * the connection persistent - */ - http->request->flags.proxy_keepalive = 0; - - assert(body_buf && body_size); - StoreIOBuffer tempBuffer (body_size, 0 ,body_buf); - clientStreamCallback((clientStreamNode *)http->client_stream.head->data, - http, NULL, tempBuffer); } else { debugs(88, 0, "clientReplyContext::sendMoreData: Unable to parse reply headers within a single HTTP_REQBUF_SZ length buffer"); StoreIOBuffer tempBuffer; diff --git a/src/enums.h b/src/enums.h index cfa5078e73..4b3db01564 100644 --- a/src/enums.h +++ b/src/enums.h @@ -1,6 +1,6 @@ /* - * $Id: enums.h,v 1.258 2007/08/13 17:20:51 hno Exp $ + * $Id: enums.h,v 1.258.4.1 2008/02/24 12:41:29 serassio Exp $ * * * SQUID Web Proxy Cache http://www.squid-cache.org/ @@ -442,6 +442,8 @@ enum { STORE_META_VARY_HEADERS, /* Stores Vary request headers */ STORE_META_STD_LFS, /* standard metadata in lfs format */ STORE_META_OBJSIZE, /* object size, not impleemented, squid26 compatibility */ + STORE_META_STOREURL, /* the store url, if different to the normal URL */ + STORE_META_VARY_ID, /* Unique ID linking variants */ STORE_META_END }; diff --git a/src/pconn.cc b/src/pconn.cc index d6d3f5f25f..37cd87f5e9 100644 --- a/src/pconn.cc +++ b/src/pconn.cc @@ -1,6 +1,6 @@ /* - * $Id: pconn.cc,v 1.53 2007/05/29 13:31:40 amosjeffries Exp $ + * $Id: pconn.cc,v 1.53.6.1 2008/02/24 12:41:29 serassio Exp $ * * DEBUG: section 48 Persistent Connections * AUTHOR: Duane Wessels @@ -139,7 +139,7 @@ IdleConnList::findUseableFD() { assert(nfds); - for (int i = 0; i< nfds; i++) { + for (int i=nfds-1; i>=0; i--) { if (!comm_has_pending_read_callback(fds[i])) { return fds[i]; } @@ -284,7 +284,7 @@ PconnPool::pop(const char *host, u_short port, const char *domain, struct IN_ADD if (list == NULL) return -1; - int fd = list->findUseableFD(); + int fd = list->findUseableFD(); // search from the end. skip pending reads. if (fd >= 0) { diff --git a/src/pconn.h b/src/pconn.h index a2d4df6ec5..8b08f07e82 100644 --- a/src/pconn.h +++ b/src/pconn.h @@ -19,10 +19,10 @@ public: ~IdleConnList(); int numIdle() { return nfds; } - int findFDIndex(int fd); + int findFDIndex(int fd); ///< search from the end of array void removeFD(int fd); void push(int fd); - int findUseableFD(); + int findUseableFD(); ///< find first from the end not pending read fd. void clearHandlers(int fd); private: diff --git a/src/wccp2.cc b/src/wccp2.cc index 98e214195b..82033fbae2 100644 --- a/src/wccp2.cc +++ b/src/wccp2.cc @@ -1,6 +1,6 @@ /* - * $Id: wccp2.cc,v 1.19 2007/11/15 16:47:35 wessels Exp $ + * $Id: wccp2.cc,v 1.19.4.1 2008/02/24 12:41:29 serassio Exp $ * * DEBUG: section 80 WCCP Support * AUTHOR: Steven Wilton @@ -1876,7 +1876,7 @@ wccp2AssignBuckets(void *voidnotused) /* Update the value according the the "correct" formula */ - for (value++; (value & 0x1741) != value; value++) { + for (; (value & 0x1741) != value; value++) { assert(value <= 0x1741); } -- 2.47.2