wessels [Thu, 20 Jun 2002 04:54:14 +0000 (04:54 +0000)]
Some rewriting inspired by suggestions of overflow bugs and other problems
with this code.
denyusers.c and allowusers.c have a fair amount of nearly identical code.
I moved these functions to a new file, called usersfile.[ch]. I didn't
really want to add another source file, but....
wessels [Thu, 20 Jun 2002 04:53:56 +0000 (04:53 +0000)]
Some rewriting inspired by suggestions of overflow bugs and other problems
with this code.
denyusers.c and allowusers.c have a fair amount of nearly identical code.
I moved these functions to a new file, called usersfile.[ch]. I didn't
really want to add another source file, but....
The list of allowed/denied users were formerly stored as whitespace
separated tokens in a single char buffer. The code used strstr() to
search for matches. This was awkward because the search key had to
be surrounded by space characters. The new code uses and array
of char buffers -- one for each name. The new code uses qsort() and
bsearch().
The old code was more robust with the input file. You could put multiple
names on a single line. Due to the way the names were stored, it didn't
matter. The new code is less robust. It requires one name per line,
and no leading whitespace.
Names longer than NAMELEN are now truncated.
Added an openlog() call and Removed LOG_USER from syslog() calls.
No longer use scanf() in some places.
There is some weird logic about what to do if an allow/deny file
does not exist, or exists but cannot be read, or was read once but
cannot be read later. I hope it still works the same.
replaced some strcpy() calls with memset() and strncpy().
Fixed a strange usage of ServerArray[] that started at index 1?
#ifdefd-out some debugging code that included fprintfs to stderr, but
was apparently never called.
Rewrote some signal handling stuff to use sigaction() (and fall back
to signal()) and removed calls to sigvec().
hno [Sun, 16 Jun 2002 17:24:00 +0000 (17:24 +0000)]
Prevent logging of "blank" user names. If the username is "" then log
as a dash, assuming the "" usename is a false value from ident or partial
authentication.
hno [Fri, 7 Jun 2002 00:44:35 +0000 (00:44 +0000)]
Get rid of the cbdataInternalLock/Unlock requirement. Still a bit confused
in how the peer digests and fetch pulls together however, and there is more
work in cleaning this up to make more proper use of cbdata.
hno [Sun, 19 May 2002 21:07:55 +0000 (21:07 +0000)]
NTLMSSP renamed to SMB.
Note: The CVS files have been moved. If going back to a older version than
this then one will have to manually move them back to get a checkout that
reflects the older layout.
wessels [Thu, 16 May 2002 01:08:34 +0000 (01:08 +0000)]
Two fixes from Steve Bennett s.bennett at lancaster.ac.uk
1) The running averager intAverage() approaches zero due to
roundoff errors when the input values are less than the
averaging interval, which is happening for redirector
service times. For helper processes, we'll store
the average service time in microseconds now.
2) the cachemgr output shows 'Time' as large numbers for idle
helpers. This patch makes use of the 'answer_time' field
and uses that for calculating service time in cachemgr stats
output.
Converted htcp to use locally created MemoryPool:s rather than using
the MEM_* approach. This to solve reconfigure and not having htcp configured
in a nice manner.
Don't overuse bitfields when storing enums.. care must be taken for
signed/unsigned etc. For fields where memoryusage isn't a significant
impact it is better to not care and let the compiler assign field size.
Cleanup of our Gopher client to protect from buffer overflows and
to correct the functionality, plus some new pieces that was missing
like the ability to deal with Gopher Info entries and WWW links
ftp_sanitycheck option (default on) to make Squid sanity check the FTP
data connection.
* Ignore "BAD" PASV replies, asking Squid to connect to another
server than requested.
* Ignore PORT and default connections coming from another address
than expected.
These comments before aclIpNetworkCompare() turned out to be true:
* NOTE: this is very similar to aclIpNetworkCompare and it's not yet
* clear whether this OK. The problem could be with when a network
* is a subset of the other networks:
*
* 128.1.2.0/255.255.255.128 == 128.1.2.0/255.255.255.0 ?
*
* Currently only the first address of the first network is used.
The aclIpNetworkCompare() function did not detect collisions and/or
overlapping addresses that can confuse the splay sorting algorithm.
This was proven with an ACL like:
acl a src 1.2.3.4/32
acl a src 1.2.3.0/24
...and then testing the access controls with this sequence of
source IP addresses:
This patch creates two functions for use by the splay library. One
is used for inserting new ACL entries. It complains when it detects
a collision/overlap. The other is used for checking the access
control lists.
I also discovered that we were technically passing the wrong data
type to aclIpNetworkCompare() from aclMatchIp() (via the splay
routines). The first argument was a 'struct in_addr' but should
really be a 'struct acl_ip_data'. There was no harm, apparently,
because the first element of acl_ip_data is an in_addr, and the
only member that aclIpNetworkCompare() accesses. Perhaps this was
intentional, but I doubt it.
projects / thirdparty / squid.git / log
