serassio [Wed, 15 Aug 2007 01:17:43 +0000 (01:17 +0000)]
Fix build errors on HP Tru64 Unix and may be others
- xusleep.c: on Tru64 timeval is defined in sys/time.h
- move the definition of ISO C99 Standard printf() macros for 64 bit
integers from squid.h to squid_types.h
rousskov [Mon, 13 Aug 2007 22:48:20 +0000 (22:48 +0000)]
Bug #2016 fix: Prevent BodyPipe async calls from getting seemingly
out of order and causing truncated responses, especially with ICAP.
When BodyPipe consumer is gone, all async calls for that consumer must not
reach the next consumer (if any). Similarly, we should not schedule async calls
when no consumer has been registered yet.
Otherwise, the calls may go out of order if _some_ calls are dropped due to
the ultimate destination being temporary NULL. The new code does not schedule
async calls until consumer is registered. The new code also keeps track of the
number of outstanding events and skips that number if the consumer leaves.
TODO: when AscyncCall support is improved, should we just schedule calls
directly to consumer? It could be a much cleaner solution than counting
pending calls and skipping them when needed.
amosjeffries [Mon, 13 Aug 2007 05:57:28 +0000 (05:57 +0000)]
Fix bug 1560 : Bad filedescriptor in ftpSend actions.
This was caused by some FTP operations failing and calling the ftpFail
properly, but then going on to call an ftpSend.
It may also occur when a ftpSend event is scheduled prior to the server
control channel dying or being closed.
This patch adds a function haveControlChannel(const char *caller_name)
which displays a debug notice at level 3 and returns false if the server
control channels are not available. This is now called by each Sending
operation before it begins.
serassio [Sat, 11 Aug 2007 19:27:27 +0000 (19:27 +0000)]
Windows port: workaround for fatal build error using latest MinGW
Using the latest MinGW (gcc 3.4.5 + mingw-runtime 3.13) we cannot build with
-Wmissing-prototypes -Wmissing-declarations gcc options due to some heavy
tricks contained in own MinGW include files.
rousskov [Fri, 10 Aug 2007 05:30:52 +0000 (05:30 +0000)]
Bug 2034 fix, v4: Separate handling of virgin server responses and ICAP-adapted
responses. Both can be active at the same time. Only one can become final and
get into the store entry.
Also, do not abort ICAP transactions when the virgin response ends prematurely.
Keep going because the ICAP initiator may still want to know the ICAP reaction
to the now-truncated virgin message.
This version passes a few basic tests, but may need more work and does need
polishing. For example, the common code should be factored out from
ICAPModXact::noteBodyProductionEnded and ICAPModXact::noteBodyProducerAborted.
rousskov [Wed, 8 Aug 2007 02:02:51 +0000 (02:02 +0000)]
Bug #2000 fix: Use StoreEntryStreamBuf::overflow() profile that matches
std::streambuf::overflow() profile for virtual method overriding to work.
Some GCC (or libstdc++) versions distinguished "char" used by our old
StoreEntryStreamBuf::overflow() from "int_type" used by their std::streambuf.
In such cases, overflow() overriding would not work and overflowed data would
not be appended to the store entry because the default overflow() does
nothing. This happened on Debian 4.1.2 lenny/sid (unstable) with
gcc version 4.1.3 20070629 (prerelease).
The fix works for a few recent GCC libstdc++ libraries I have tested with but
may cause Squid compilation, check, or runtime failures with libraries using
different std::streambuf::overflow() profiles. If that happens, ./configure
may need to detect the correct profile. Alternatively, we can supply an
overflow() wrapper for multiple profiles in hope that one will match
std::streambuf::overflow (ick!).
Amos Jeffries <squid3@treenet.co.nz> reported and helped fix this bug.
rousskov [Wed, 8 Aug 2007 01:45:51 +0000 (01:45 +0000)]
Do not assume that store stream cannot flush its contents into the store entry
unless we call the flush method. Depending on stream implementation, it is
possible that the stream will flush while we add data to it and before we
call flush().
Added more store stream output cases, including floating point numbers and
their formatting.
rousskov [Wed, 8 Aug 2007 01:41:56 +0000 (01:41 +0000)]
Bug #2000 pre-fix: Polish StoreEntryStream style.
This change should not have significant runtime effects. It makes
StoreEntryStream code a little easier to understand and brings it a little
closer to Squid3 coding style guidelines.
amosjeffries [Fri, 3 Aug 2007 08:22:52 +0000 (08:22 +0000)]
Add pointer validation in helperStatefulHandleRead check for callback data.
Coverity checker detected a NULL pointer dereference.
Existing logics to handle missing callback data were present, but the if()
tests were incomplete and unable to catch this case.
amosjeffries [Fri, 3 Aug 2007 08:16:59 +0000 (08:16 +0000)]
Add assert()s to validate state in Auth Digest
Coverity checker picked up a number of cases where casting might (rarely)
cause a NULL pointer and a dereference occured afterwards.
This patch adds several assert statements to cause squid to abort at the
source of these errors rather than segfault later.
No code logic has been changed in any way.
amosjeffries [Fri, 3 Aug 2007 08:11:17 +0000 (08:11 +0000)]
Add assert()s to validate state in Basic Auth
Coverity checker picked up a number of cases where casting might (rarely)
cause a NULL pointer and a dereference occured afterwards.
This patch adds several assert statements to cause squid to abort at the
source of these errors rather than segfault later.
No code logic has been changed in any way.
amosjeffries [Fri, 3 Aug 2007 08:07:34 +0000 (08:07 +0000)]
Add assert()s to validate state in Auth Negotiate
Coverity checker picked up a number of cases where casting might (rarely)
cause a NULL pointer and a dereference occured afterwards.
This patch adds several assert statements to cause squid to abort at the
source of these errors rather than segfault later.
No code logic has been changed in any way.
amosjeffries [Fri, 3 Aug 2007 07:57:30 +0000 (07:57 +0000)]
Add assert()'s to check for NULL pointers in NTLM auth.
Coverity checker picked up a number of cases where casting might (rarely)
cause a NULL pointer and a dereference occured afterwards.
This patch adds several assert statements to cause squid to abort at the
source of these errors rather than segfault later.
No code logic has been changed in any way.
amosjeffries [Fri, 3 Aug 2007 07:21:17 +0000 (07:21 +0000)]
Fix memory leaks in NTLM session helper RFCNB_Call(...)
Coverity checker identified that the connect structures were not being
free'd on any of the error cases.
This patch adds several calls to free(con) to prevent the leaks.
It also adds a call to close any partial connections properly when
RFCNB_Session_Req fails. Previously it would leave the open TCP
connection hanging and return a NULL pointer.
amosjeffries [Fri, 3 Aug 2007 04:58:15 +0000 (04:58 +0000)]
Add new section to squid.conf: ERROR PAGE CUSTOMISATION
Moves existing error page rerlated options from MISC section to their own.
Options moved are:
deny_info, error_directory, email_err_data, err_html_text
rousskov [Fri, 3 Aug 2007 01:32:22 +0000 (01:32 +0000)]
Partial bug #2034 fix: Inform BodyPipe of the body size when known.
This fix helps the ICAP client to detect aborts and to announce the end of the
HTTP message to the ICAP server.
A bigger problem is that the HTTP side is using the adapted response to make
decisions about the origin server connection. That bug still needs to be
fixed.
amosjeffries [Thu, 2 Aug 2007 08:52:01 +0000 (08:52 +0000)]
Coverity detected a code-path in helpers/ntlm_auth/SMB/ntlm_auth.c
that dereferences NULL credentials.
Added an assert to check for the condition in real-use.
Possibly need to add a default case to the switch on line 360.
amosjeffries [Thu, 2 Aug 2007 08:08:25 +0000 (08:08 +0000)]
Prevent manipulation of a pointer if it is NULL in NTLM auth.
Coverity checker detected.
AuthNTLMUserRequest::authenticate attempted to locate the auth header.
If there is no header resulting it would still attempt to scan its ptr
down the header text. This prevents the scanning occuring on NULL.
amosjeffries [Thu, 2 Aug 2007 07:52:01 +0000 (07:52 +0000)]
Fix memory leaks in MSNT session helper RFCNB_Call(...)
Coverity checker identified that the connect structures were not being
free'd on any of the error cases.
This patch adds several calls to free(con) to prevent the leaks.
It also adds a call to close any partial connections properly when
RFCNB_Session_Req fails. Previously it would leave the open TCP
connection hanging and return a NULL pointer.
rousskov [Thu, 2 Aug 2007 02:51:06 +0000 (02:51 +0000)]
Polished ICAP debugging so that users can see fatal ICAP service failures
(and not much more) at debug level 2. This may help identify why a service
is suspended.
rousskov [Wed, 1 Aug 2007 10:36:47 +0000 (10:36 +0000)]
Author: Henrik Nordstrom <henrik@henriknordstrom.net>
Bug #1872: Date parsing error causing HTTP objects to get unexpectedly cached
and fresh ICAP OPTIONS rejected.
Applied Henrik's patch from Squid2 patchset #11161. The bug was affecting ICAP
Options TTLs, marking some ICAP services with soon-to-expire options as being
down. Original patch text is below.
An unexpected and undesired sideeffect of the earlier change to accept dates
far in the future was that the date calculations suddenly got daylight savings
sensitive due to mktime() automatically adjusting the supplied date. This has the
unfortunate effect that if Squid is running in a timezone with daylight savings
things may get cached longer than they should.
rousskov [Wed, 1 Aug 2007 10:18:08 +0000 (10:18 +0000)]
Bug 2024 fix: Do not optimize StoreEntry::write call away for zero-size
data because StoreEntry::write invokes client-side handlers for response
headers, even if there is no body data to write.
rousskov [Wed, 1 Aug 2007 10:16:00 +0000 (10:16 +0000)]
Bug #2029 fix: When ICAP produces a response before the entire
virgin response is read, do not abort the transaction.
The code needed to be re-arranged to make sure that virgin response body
is not appended to the store when adapted body is written there. The
changes resulted in a cleaner code, where virgin data never enters the
store if ICAP adaptation was started, and adapted data is always
written to the store. More polishing work is needed here.
Some debugging logs seem to indicate that asynchronous calls are fired
out of order. The code cannot (and probably should not) handle that.
This out-of-order calls may be happening because async calls are implemented
using time-based events, and events are using wall clock (current_dtime)
when looking for the right place in the event queue. The wall clock may
go backwards, placing a later call earlier in the event queue.
This change forces async call-looking events to use absolute timestamp of
zero, so nothing (including a later async call) can get in front of them.
Remember the ICAP OPTIONS fetching transaction so that we can clear/destroy
it when it is done, to avoid ICAPOptXactLauncher leak. Use the transaction
pointer instead of the boolean 'waiting' flag.
Author: Christos Tsantilas <chtsanti@users.sourceforge.net>
Bug #1971 fix, part 2, take B, v4: Polish HttpStateData::readReply() layout
to weed out bugs.
Moved processReplyHeader post-processing from readReply into newly added
continueAfterParsingHeader() method. Either deleted unreachable code in
readReply or re-arranged it to become reachable in continueAfterParsingHeader.
Start ICAP ACL checks only after the response header has been successfully
processed. The old code would start ICAP ACL checks for transactions that
would be aborted immediately after the check is scheduled.
Set eof when we read zero bytes. Doing so as a stand-alone step and referring
to 'eof' member from there on makes readReply code a little more clear.
Set reply member when HTTP header parser fails in processReplyHeader() so that
the caller has more information about the parsing error.
persistentConnStatus() now returns COMPLETE_NONPERSISTENT_MSG if we reach eof.
The old code would just call serverComplete() in readReply() instead, making
it a yet another special case there.
We are not done with ICAP if an ICAP ACL check is pending. This change
affects FTP as well and allows us to process more errors with ICAP.
Commented that persistentConnStatus() may be called for ICAP-adapted responses
that do not have a notion of a persistent connection. Why does this work?
These changes were inspired by Christos Tsantilas comments and patches but
the new bugs are mine.
Reversed bug #2011 fix because it may slow down ICAP, BodyPipe, and other code
using zero-delay events to implement "asynchronous" calls.
The code should probably be rewritten (a) to avoid any waiting/blocking when
there are ready events and (b) to allow waiting longer when there are no ready
events.
Removed the "reply" parameter and "this->reply = reply" assignment from
Server::setReply() because the actual parameter was always "reply". The
code setReply() replaced did not have the assignment either.
Eventually, the setReply() method needs to be renamed because the reply is
already set when we call it.
Bug #1921: ftp.cc(3309) ICAP cannot keep up with FTP; lost 1448/1448 bytes.
This patch adds a little buffering before the BodyPipe, allowing more
data to be temporarily stuffed than what fits in the pipe. Needed for
FTP directory listings and other sources with no byte-exact flow control.
The patch also moves most ICAP dependencies from the protocol implementations
to the shared ServerStateData parent, allowing them all to share logics.