Amos Jeffries [Mon, 2 May 2011 13:04:21 +0000 (01:04 +1200)]
Drop testAuth unit-tests
Preparing to move the tests into src/auth.
These old tests construction style also require quite a lot of dependencies
which include several loops causing problems in modern strict linkers.
Opted to remove now and stabilize trunk without it before re-adding simpler
auth unit tests.
Amos Jeffries [Mon, 2 May 2011 01:14:30 +0000 (19:14 -0600)]
Cleanup: base64 coder de-duplication and upgrade
Markus Moeller has re-implemented several of the coder functions for use
by Kerberos helpers.
This patch seeks to de-duplicate them and combine the resulting code
back into the libmiscencoding.la "base64.h" implementation.
Changes include:
* old function API renamed to old_*() and existing code update to use
the names. Some code has been updated to use the new API.
* new estimator base64_encode_len()/base64_decode_len() functions added
to provide details of much much buffer space the output will require.
* new API encoder and decoder functions added which accept caller
provided buffers and encode/decode an arbitrary string into them.
* also fixes a bug where if the input text or output buffer was too
short the coder functions would crop a few bytes off the end of the result.
Noticable in Kerberos where token lengths are not fixed length.
Some optimizations have been added by myself over and above Markus changes:
* optimized to short-circuit on several more variations of empty input
and nil result buffer.
* sub-loop optimizations added to reduce the number of if() calls made
by the new code.
* split encoder into terminated (C-str) and non-terminated variants.
James Bowe [Sun, 1 May 2011 12:10:37 +0000 (00:10 +1200)]
Add external_acl_type %EXT_LOG and %EXT_TAG format options.
%EXT_LOG and %EXT_TAG are filled with the log= and tag= fields
returned by previous external ACLs.
-for a string that never changes after it is set, tag= is suitable.
-for a string that may need updating or overwriting by a later
external_acl, log= is suitable.
Under both circumstances it is conceivable that later external_acls
may need access to the tag= or log= values after they have been set
(e.g. for external_acl debugging, merging log messages, etc).
Alex Rousskov [Thu, 28 Apr 2011 22:45:55 +0000 (16:45 -0600)]
Extraced the write-to-store step from StoreEntry::replaceHttpReply().
This allows the caller to set the reply for the entry and then update the
entry and the reply before writing them to store. For example, the server-side
haveParsedReplyHeaders() code needs to set the entry timestamps and make the
entry key public before the entry starts swapping out, but the same code also
needs access to entry->getReply() and such for timestampsSet() and similar
code to work correctly.
TODO: Calls to StoreEntry::replaceHttpReply() do not have to be modified
because replaceHttpReply() does write by default. However, it is likely that
callers other than ServerStateData::setFinalReply() should take advantage of
the new split interface because they call timestampsSet() and such after
replaceHttpReply().
The bug appeared after commit with revno:11364 which fixes the Bug #3192.
In the case of SSL-bumped connections the ConnStateData::flags.readMore flag
must be reset (set to true) when we are switching to HTTPs,
because we have to read the new unencrypted HTTP request.
This patch reset this flag in ConnStateData::switchToHttps method.
In the common default case there are no reply body limits configured.
There is no need to construct ACL checklists for testing. This saves
one allocation and several locking/unlocking cycles per request.
Rework shared queue for IpcIoFile, further optimize IpcIo notifications.
The patch implements a FewToFewBiQueue class that allows
communication between two group of processes. The queue is used
in IpcIoFile and allows to have a single shared queue reader
state for each process (both diskers and workers). This
continues the optimization started in r11279, see commit log for
more details.
The patch also decreases the number of shared memory segment used
by queues. Before the change, FewToOneBiQueue used
(2*workerCount + 1) number of segments. Now FewToFewBiQueue uses
just three: for shared metadata, for array of one-to-one queues
and for array of queue readers.
Before the patch, each shared object was responsible for allocating
and deallocating shared memory it uses. As a result each object had a
shared and non shared portion. Shared classes provided a pair of
static methods for creating and attaching to existing shared segments.
This is against how normal objects behave: normal objects are not
responsible for managing memory they use, they use the memory they are
given. Besides the old approach mixes shared memory management and
object initialization logic. The patch tries to improve this.
On the user side, the patch provides two functions for managing shared
objects:
* shm_new - allocates/deallocates shared memory, initializes the object
* shm_old - gives refcounted access to the object created by shm_new
Shm_new function returns so called Owner object. It is not used for
working with the shared object, but to do shared memory
allocation/deallocation and object initialization. This function will
be typically used in Squid master process to allocate shared memory on
startup. On exit, the Owner object is deleted and shared object is
deallocated.
Shm_old function returns a refcounted smart pointer to the shared
object. It does not allocate shared memory or initialize the object,
but just points to the object owned by the Owner. Smart pointer
provides a simple way for working with the shared object.
On the internal side, the patch removes shared memory
allocation/deallocation from shared object class. There is no more
local/shared parts. Shared object class implementation is now similar
to an ordinary class. The additional requirements for "shared"
classes are: the object must be a POD with no pointers to or
references; provides a static SharedMemorySize method for shared
memory size calculation; may need to use atomic primitives for safe
updates of data members.
All existing "shared" classes and code were converted to the new API.
Alex Rousskov [Thu, 21 Apr 2011 15:19:31 +0000 (09:19 -0600)]
Temporary fix for coredumps during shutdown cleanup.
For a permanent fix, we need to avoid deleting fd_table while it is still
in use by others, such as DeferredReads, possibly by allowing event loop
to run during shutdown.
Use getMyPort() to insert the forward-proxy listening port into error
pages and deny_info redirect URLs. This fixes the current port
hard-coding assumption in ERR_AGENT_CONFIGURE.
The %b option is added for this purpose as a temporary measure until the
codes are merged with the more flexible log formatting set.
This currently depends on squid.conf having a particular http_port
ordering with the forward-proxy port listed first.
SourceLayout: Add enum Direction for AuthUserRequests state logics
The state of credentials lookup and handling is recorded by
authenticateDirection / AuthUserRequest::direction() and its per-scheme
helper methods AuthUserRequest::module_direction().
This formalizes and coordinates the state being returned by using a
shared enum.
The states can generally be considerd as:
- LOOKUP with a helper still needs to validate the credentials
- CHALLENGE if the helepr needs more info from the client
- VALID if everything is fine and the credentials are known Good/Bad
- ERROR if there is any problem with the state or credentials
TODO:
This combination has highlighted a few strange things in the NTLM and
Negotiate states. Where known but Failed credentials are marked as ERROR.
This needs closer investigation why it is not a CHALLENGE in all auth
schemes.
Also there is a little obfuscation of the cases around the generalized
fixHeader() calls. This will be handled in a followup patch.
Alex Rousskov [Tue, 19 Apr 2011 04:31:53 +0000 (22:31 -0600)]
Optimized the number of "queue is no longer empty" IpcIo notifications.
The original code relied on the writer (pusher) knowledge to decide when a
notification is needed. That code was simpler but it resulted in many
pointless notifications because the reader could have been busy processing the
last popped item and would have checked the queue after that processing
anyway. This would become especially wasteful when the reader pops multiple
requests before processing them (e.g. to do "elevator" seek optimization).
The intermediate implementation (not comitted) placed the reader state in
each queue. That was still fairly simple and worked OK, but it was not
addressing the needs of the disker readers. Diskers have many incoming
queues. If at least one incoming queue has requests, the disker is not
blocked and does not need a notification.
The last implementation allows all incoming queues of a single disker to share
the reader/disker state. The reader state is disassociated from the single
queue. There is still some wasteful state updates when multiple queues are
iterated in FewToOneBiQueue::pop(), but their overheads should be very minor.
We need to figure out whether a single shared reader state can also be used
for workers though (each worker also has many incoming queues...).
Also added debugging and a few XXXs/TODOs to mark future work items.
Improve statistic reporting for shared Rock caches.
Rock cache is shared between multiple processes. We need to make sure
cache related stats are not counted twice by different processes. The
patch makes Rock store statistics to be reported by the disker process
only.
Some global variables for cache related stats are replaced with Store
class methods. This is needed because it may be difficult or
impossible to correctly update these variables for shared caches.
The patch also fixes cache manager output for some requests like
mgr:storedir: Before the change stats from disker processes were not
surrounded with "by kidN".
These macros are required for ./configure to run on an OS such as MingW.
The macro to detect pkg-config being present is usualy only bundled with
pkg-config. When there is no pkg-config installed ./configure will fail.
This allows our configure to detect the absence and mark some components
as unavailable or unusable.
Fixes NTLM and Negotiate auth assertion "RefCountCount() == 2"
It turns out the replay cache and invalid RefCount cases this was added to
protect againt are not present anyway. After some minor cleanup to remove
double-calls in Negotiate things appear to run nicely.
NOTE:
There is still a risk that these problem cases may in future occur, but
meanwhile we need NTLM and Negotiate to be usable and efficient.
The bugs resulting from those can be dealt with if/when they do occur.
Markus Moeller [Fri, 15 Apr 2011 11:51:15 +0000 (05:51 -0600)]
negotiate_wrapper_auth: version 1.0.1
A helper to perform Negotaite authentication in both its Negotiate/NTLM
and Negotiate/Kerberos forms.
Makes use of additional Squid helpers after unwrapping the header token.
Alex Rousskov [Thu, 14 Apr 2011 22:20:55 +0000 (16:20 -0600)]
Call haveParsedReplyHeaders() before entry->replaceHttpReply().
HaveParsedReplyHeaders() sets the entry public key and various flags (at
least). ReplaceHttpReply() packs reply headers, starting swapout process.
It feels natural to adjust the entry _before_ we pack/swap it, but I may be
missing some side-effects here.
The change was necessary because we started calling checkCachable() from
swapoutPossible(). If haveParsedReplyHeaders() is not called before we swap
out checks, the entry will still have the private key and will be declared
impossible to cache.
Alex Rousskov [Thu, 14 Apr 2011 04:25:35 +0000 (22:25 -0600)]
Polished shared memory initialization sequence, using RunnersRegistry API.
The master process is now responsible for initializing all shared memory
segments before starting kids. The kids do not create new segments and attach
to the already initialized segments instead. This approach may not scale for
ever, but it avoids more complex initialization synchronization via
Coordinator.
Do not use Strings for globals because current string memory pools do not
support early initialization.
Alex Rousskov [Thu, 14 Apr 2011 04:22:25 +0000 (22:22 -0600)]
Added RunnersRegistry, an API to register and, later, run a group of actions.
Useful for keeping general initialization management code (e.g., main.cc)
independent from specific initialization code (e.g., Ipc::Mem::Init) during
staged initialization and cleaning.
Also, shuffle the resulting classes into their own compilation units.
No Logic changes.
Have omitted shuffling or altering two Auth::Basic::User methods handling
the validation short-circuit since these shodul not be part of that class.
Followup patch will move them appropriately.
Alex Rousskov [Wed, 13 Apr 2011 17:03:08 +0000 (11:03 -0600)]
Fixed shared memory cleanup code -- we were not returning freed pages to Pages.
Added Ipc::StoreMapCleaner API so that map users are notified when the slot is
about to be overwritten or freed. Users need a chance to update their state
(e.g., return the no longer used shared page) before the extra information in
the slot disappears.
Alex Rousskov [Wed, 13 Apr 2011 05:19:00 +0000 (23:19 -0600)]
Fixed how storeSwapOutStart() prevents repeated calls on failures.
We used to release the entry to signal that swapout is not possible. That hack
worked for disk caching, but it prevents nearly all memory caching because
released entries cannot be cached in memory.
A polished solution is to explicitly remember whether we made the decision to
allow or reject a swapout. The decision is now stored in MemObject::SwapOut.
Call StoreEntry::checkCachable() from StoreEntry::swapoutPossible(). This
allows us to make the decision sooner in some cases. Needs more work because
some checks in the two functions overlap and "too many files" checks in
checkCachable() should not be there at all.
Added an XXX for the checkCachable() call at the end of swapout. Out of this
project scope.
Uses hard-coded string "cachemgr.cgi/" instead of progname to avoid
complications from alternative names and when running under a browser.
May be elided in transit however teh VERSION sent here will help the
queried proxy respond appropriate to the CGI capabilities as we extend
the types and content of reports coming back from the future releases.
Alex Rousskov [Tue, 12 Apr 2011 00:33:41 +0000 (18:33 -0600)]
Added initial shared memory cache implementation (MemStore) and integrated it.
Like Rock Store, shared memory cache keeps its own compact index of cached
entries using extended Ipc::StoreMap class (MemStoreMap). Like Rock Store, the
cache also struggles to keep its Root.get() results out of the store_table
except during transit.
There are several XXXs and TODOs that still need to be addressed for a more
polished implementation.
Eventually, the non-shared/local memory cache should also be implemented
using a MemStore-like class, I think. This will allow to clearly isolate
local from shared memory cache code.
Alex Rousskov [Mon, 11 Apr 2011 23:50:50 +0000 (17:50 -0600)]
Avoid creating unlocked store_table entries when handling rebuild conflicts.
Such StoreEntry objects persist until a hit locks and unlocks them (or the
replacement policy removes them?), creating SMP synchronization problems
because they are treated as in-transit objects even though their store slot
may be gone already.
Also, no code shuffling which should normally have been done with namespace.
Config children are currently too intwined with UserRequest children and
helper management. Logic changes are required before that can be done.
projects / thirdparty / squid.git / log
