diff -u -r -N squid-3.2.0.6/ChangeLog squid-3.2.0.7/ChangeLog
--- squid-3.2.0.6/ChangeLog 2011-04-04 14:42:49.000000000 +1200
+++ squid-3.2.0.7/ChangeLog 2011-04-19 12:47:07.000000000 +1200
@@ -1,3 +1,15 @@
+Changes to squid-3.2.0.7 (19 Apr 2011):
+
+ - Regression fix: NTLM and Negotiate auth assertion "RefCountCount() == 2"
+ - Regression fix: icons/ FHS compliance
+ - Regression fix: Startup aborts with URL error when --disable-htcp
+ - Bug 3192: comm.cc:216: "fd_table[fd].halfClosedReader != NULL"
+ - Add negotiate_wrapper_auth version 1.0.1
+ - Fixed %dt logging in the presence of REQMOD
+ - Fixed chunked request forwarding in ICAP REQMOD presence
+ - ... all bug fixes and updates from 3.1.12.1
+ - ... many code polishings and display cleanups
+
Changes to squid-3.2.0.6 (04 Apr 2011):
- Regression fix: upgrade existing icons
@@ -152,6 +164,16 @@
- ... and a great many testing improvements
- ... and many documentation updates
+Changes to squid-3.1.12.1 (19 Apr 2011):
+
+ - Port from 3.2: Dynamic SSL Certificate generation
+ - Bug 3194: selinux may prevent ntlm_smb_lm_auth from using /tmp
+ - Bug 3185: 3.1.11 fails to compile on OpenBSD 4.8 and 4.9
+ - Bug 3183: Invalid URL accepted with url host part of only '@'
+ - Display ERROR in cache.log for invalid configured paths
+ - Cache Manager: send User-Agent header from cachemgr.cgi
+ - ... and many portability compile fixes for non-GCC systems.
+
Changes to squid-3.1.12 (04 Apr 2011):
- Regression fix: Use bigger buffer for server reads.
diff -u -r -N squid-3.2.0.6/compat/assert.cc squid-3.2.0.7/compat/assert.cc
--- squid-3.2.0.6/compat/assert.cc 2011-04-04 14:42:49.000000000 +1200
+++ squid-3.2.0.7/compat/assert.cc 2011-04-19 12:47:07.000000000 +1200
@@ -33,14 +33,6 @@
#include "config.h"
-#if HAVE_STDIO_H
-#include
-#endif
-
-#if 0
-#include "compat/assert.h"
-#endif
-
void xassert(const char *expr, const char *file, int line)
{
fprintf(stderr, "assertion failed: %s:%d: \"%s\"\n", file, line, expr);
diff -u -r -N squid-3.2.0.6/compat/compat.h squid-3.2.0.7/compat/compat.h
--- squid-3.2.0.6/compat/compat.h 2011-04-04 14:42:49.000000000 +1200
+++ squid-3.2.0.7/compat/compat.h 2011-04-19 12:47:07.000000000 +1200
@@ -86,6 +86,9 @@
#include "compat/stdvarargs.h"
#include "compat/assert.h"
+/* cstdio has a bunch of problems with 64-bit definitions */
+#include "compat/stdio.h"
+
/*****************************************************/
/* component-specific portabilities */
diff -u -r -N squid-3.2.0.6/compat/compat_shared.h squid-3.2.0.7/compat/compat_shared.h
--- squid-3.2.0.6/compat/compat_shared.h 2011-04-04 14:42:49.000000000 +1200
+++ squid-3.2.0.7/compat/compat_shared.h 2011-04-19 12:47:07.000000000 +1200
@@ -34,8 +34,7 @@
/*
* DIRENT functionality can apparently come from many places.
- * I believe these should really be done by OS-specific compat
- * files, but for now its left here.
+ * With various complaints by different compilers
*/
#if HAVE_DIRENT_H
#include
@@ -54,6 +53,15 @@
#endif /* HAVE_NDIR_H */
#endif /* HAVE_DIRENT_H */
+/* The structure dirent also varies between 64-bit and 32-bit environments.
+ * Define our own dirent_t type for consistent simple internal use.
+ * NP: GCC seems not to care about the type naming differences.
+ */
+#if defined(__USE_FILE_OFFSET64) && !defined(__GNUC__)
+#define dirent_t struct dirent64
+#else
+#define dirent_t struct dirent
+#endif
/*
* Filedescriptor limits in the different select loops
diff -u -r -N squid-3.2.0.6/compat/debug.h squid-3.2.0.7/compat/debug.h
--- squid-3.2.0.6/compat/debug.h 2011-04-04 14:42:49.000000000 +1200
+++ squid-3.2.0.7/compat/debug.h 2011-04-19 12:47:07.000000000 +1200
@@ -6,10 +6,6 @@
* It shunts the debug messages down stderr for logging by Squid
* or display to the user instead of corrupting the stdout data stream.
*/
-
-#if HAVE_STDIO_H
-#include
-#endif
#if HAVE_UNISTD_H
#include
#endif
diff -u -r -N squid-3.2.0.6/compat/eui64_aton.c squid-3.2.0.7/compat/eui64_aton.c
--- squid-3.2.0.6/compat/eui64_aton.c 2011-04-04 14:42:49.000000000 +1200
+++ squid-3.2.0.7/compat/eui64_aton.c 2011-04-19 12:47:07.000000000 +1200
@@ -77,10 +77,6 @@
#include "config.h"
#include "compat/eui64_aton.h"
-#if HAVE_STDIO_H
-#include
-#endif
-
/*
* Convert an ASCII representation of an EUI-64 to binary form.
*/
diff -u -r -N squid-3.2.0.6/compat/getnameinfo.c squid-3.2.0.7/compat/getnameinfo.c
--- squid-3.2.0.6/compat/getnameinfo.c 2011-04-04 14:42:49.000000000 +1200
+++ squid-3.2.0.7/compat/getnameinfo.c 2011-04-19 12:47:07.000000000 +1200
@@ -80,9 +80,6 @@
#include "compat/inet_ntop.h"
#include "compat/getaddrinfo.h"
-#if HAVE_STDIO_H
-#include
-#endif
#if HAVE_SYS_SOCKET_H
#include
#endif
diff -u -r -N squid-3.2.0.6/compat/GnuRegex.c squid-3.2.0.7/compat/GnuRegex.c
--- squid-3.2.0.6/compat/GnuRegex.c 2011-04-04 14:42:49.000000000 +1200
+++ squid-3.2.0.7/compat/GnuRegex.c 2011-04-19 12:47:07.000000000 +1200
@@ -235,9 +235,6 @@
#define STREQ(s1, s2) ((strcmp (s1, s2) == 0))
-#define MAX(a, b) ((a) > (b) ? (a) : (b))
-#define MIN(a, b) ((a) < (b) ? (a) : (b))
-
#if !defined(__MINGW32__) /* MinGW defines boolean */
typedef char boolean;
#endif
@@ -452,12 +449,6 @@
#ifdef DEBUG
-/* We use standard I/O for debugging. */
-#include
-
-/* It is useful to test things that ``must'' be true when debugging. */
-#include
-
static int debug = 0;
#define DEBUG_STATEMENT(e) e
@@ -3147,7 +3138,7 @@
if (bufp->regs_allocated == REGS_UNALLOCATED) { /* No. So allocate them with malloc. We need one
* extra element beyond `num_regs' for the `-1' marker
* GNU code uses. */
- regs->num_regs = MAX(RE_NREGS, num_regs + 1);
+ regs->num_regs = max(RE_NREGS, num_regs + 1);
regs->start = TALLOC(regs->num_regs, regoff_t);
regs->end = TALLOC(regs->num_regs, regoff_t);
if (regs->start == NULL || regs->end == NULL)
@@ -3176,7 +3167,7 @@
}
/* Go through the first `min (num_regs, regs->num_regs)'
* registers, since that is all we initialized. */
- for (mcnt = 1; mcnt < MIN(num_regs, regs->num_regs); mcnt++) {
+ for (mcnt = 1; mcnt < min(num_regs, regs->num_regs); mcnt++) {
if (REG_UNSET(regstart[mcnt]) || REG_UNSET(regend[mcnt]))
regs->start[mcnt] = regs->end[mcnt] = -1;
else {
diff -u -r -N squid-3.2.0.6/compat/inet_ntop.c squid-3.2.0.7/compat/inet_ntop.c
--- squid-3.2.0.6/compat/inet_ntop.c 2011-04-04 14:42:49.000000000 +1200
+++ squid-3.2.0.7/compat/inet_ntop.c 2011-04-19 12:47:07.000000000 +1200
@@ -68,9 +68,6 @@
#if HAVE_ERRNO_H
#include
#endif
-#if HAVE_STDIO_H
-#include
-#endif
#if HAVE_STRING_H
#include
#endif
diff -u -r -N squid-3.2.0.6/compat/Makefile.am squid-3.2.0.7/compat/Makefile.am
--- squid-3.2.0.6/compat/Makefile.am 2011-04-04 14:42:49.000000000 +1200
+++ squid-3.2.0.7/compat/Makefile.am 2011-04-19 12:47:07.000000000 +1200
@@ -31,6 +31,7 @@
initgroups.h \
osdetect.h \
psignal.h \
+ stdio.h \
stdvarargs.h \
strnstr.cc \
strsep.h \
diff -u -r -N squid-3.2.0.6/compat/Makefile.in squid-3.2.0.7/compat/Makefile.in
--- squid-3.2.0.6/compat/Makefile.in 2011-04-04 14:43:26.000000000 +1200
+++ squid-3.2.0.7/compat/Makefile.in 2011-04-19 12:47:50.000000000 +1200
@@ -350,6 +350,7 @@
initgroups.h \
osdetect.h \
psignal.h \
+ stdio.h \
stdvarargs.h \
strnstr.cc \
strsep.h \
diff -u -r -N squid-3.2.0.6/compat/os/linux.h squid-3.2.0.7/compat/os/linux.h
--- squid-3.2.0.6/compat/os/linux.h 2011-04-04 14:42:49.000000000 +1200
+++ squid-3.2.0.7/compat/os/linux.h 2011-04-19 12:47:07.000000000 +1200
@@ -40,6 +40,29 @@
#include
#endif /* HAVE_SYS_CAPABILITY_H */
+/*
+ * glob.h is provided by GNU on Linux and contains some unavoidable preprocessor
+ * logic errors in its 64-bit definitions which are hit by non-GCC compilers.
+ *
+ * #if __USE_FILE_OFFSET64 && __GNUC__ < 2
+ * # define glob glob64
+ * #endif
+ * #if !defined __USE_FILE_OFFSET64 || __GNUC__ < 2
+ * extern "C" glob(...);
+ * #endif
+ * extern "C" glob64(...);
+ *
+ * ... and multiple "C" definitions of glob64 refuse to compile.
+ * Because __GNUC__ being undefined equates to 0 and (0 < 2)
+ */
+#if __USE_FILE_OFFSET64 && __GNUC__ < 2
+#if HAVE_GLOB_H
+#undef HAVE_GLOB_H
+#endif
+#if HAVE_GLOB
+#undef HAVE_GLOB
+#endif
+#endif
#endif /* _SQUID_LINUX_ */
#endif /* SQUID_OS_LINUX_H */
diff -u -r -N squid-3.2.0.6/compat/os/openbsd.h squid-3.2.0.7/compat/os/openbsd.h
--- squid-3.2.0.6/compat/os/openbsd.h 2011-04-04 14:42:49.000000000 +1200
+++ squid-3.2.0.7/compat/os/openbsd.h 2011-04-19 12:47:07.000000000 +1200
@@ -30,5 +30,13 @@
#define IPV6_V6ONLY 27 // from OpenBSD 4.3 headers. (NP: does not match non-BSD OS values)
#endif
+/* OpenBSD 4.8 and 4.9 require netinet/in.h before arpa/inet.h */
+#if HAVE_NETINET_IN_H
+#include
+#endif
+#if HAVE_ARPA_INET_H
+#include
+#endif
+
#endif /* _SQUID_OPENBSD_ */
#endif /* SQUID_OS_OPENBSD_H */
diff -u -r -N squid-3.2.0.6/compat/stdio.h squid-3.2.0.7/compat/stdio.h
--- squid-3.2.0.6/compat/stdio.h 1970-01-01 12:00:00.000000000 +1200
+++ squid-3.2.0.7/compat/stdio.h 2011-04-19 12:47:07.000000000 +1200
@@ -0,0 +1,53 @@
+#ifndef _SQUID_COMPAT_STDIO_H
+#define _SQUID_COMPAT_STDIO_H
+
+/** 64-bit broken
+ *
+ * provides fgetpos64, fopen64 if __USE_FILE_OFFSET64 is defined.
+ * It then checks whether a gcc-specific __REDIRECT macro is available
+ * (defined in , depending on __GNUC__ begin available).
+ * If it is not available, it does a preprocessor #define.
+ * Which undefines, with this comment:
+ * "// Get rid of those macros defined in in lieu of real functions.".
+ * When it does a namespace redirection ("namespace std { using ::fgetpos; }") it goes blam, as
+ * fgetpos64 is available, while fgetpos is not.
+ */
+
+// Import the stdio.h definitions first to do the state setup
+#if HAVE_STDIO_H
+#include
+#endif
+
+// Check for the buggy case
+#if defined(__USE_FILE_OFFSET64) && !defined(__REDIRECT)
+
+// Define the problem functions as needed
+#if defined(fgetpos)
+#undef fgetpos
+inline int fgetpos(FILE *f, fpos64_t *p) { return fgetpos64(f,p); }
+#endif
+#if defined(fopen)
+#undef fopen
+inline FILE * fopen(const char *f, const char *m) { return fopen64(f,m); }
+#endif
+#if defined(freopen)
+#undef freopen
+inline FILE * freopen(const char *f, const char *m, FILE *s) { return freopen64(f,m,s); }
+#endif
+#if defined(fsetpos)
+#undef fsetpos
+inline int fsetpos(FILE *f, fpos64_t *p) { return fsetpos64(f,p); }
+#endif
+#if defined(tmpfile)
+#undef tmpfile
+inline FILE * tmpfile(void) { return tmpfile64(); }
+#endif
+
+#endif /* __USE_FILE_OFFSET64 && !__REDIRECT */
+
+// Finally import the stuff we actually use
+#if HAVE_CSTDIO
+#include
+#endif
+
+#endif /* _SQUID_COMPAT_STDIO_H */
diff -u -r -N squid-3.2.0.6/compat/tempnam.c squid-3.2.0.7/compat/tempnam.c
--- squid-3.2.0.6/compat/tempnam.c 2011-04-04 14:42:49.000000000 +1200
+++ squid-3.2.0.7/compat/tempnam.c 2011-04-19 12:47:07.000000000 +1200
@@ -14,9 +14,6 @@
#if HAVE_LIBC_H
#include
#endif
-#if HAVE_STDIO_H
-#include
-#endif
#if HAVE_LIMITS_H
#include
#endif
diff -u -r -N squid-3.2.0.6/configure squid-3.2.0.7/configure
--- squid-3.2.0.6/configure 2011-04-04 14:44:13.000000000 +1200
+++ squid-3.2.0.7/configure 2011-04-19 12:48:41.000000000 +1200
@@ -1,7 +1,7 @@
#! /bin/sh
# From configure.ac Revision.
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.68 for Squid Web Proxy 3.2.0.6.
+# Generated by GNU Autoconf 2.68 for Squid Web Proxy 3.2.0.7.
#
# Report bugs to .
#
@@ -575,8 +575,8 @@
# Identity of this package.
PACKAGE_NAME='Squid Web Proxy'
PACKAGE_TARNAME='squid'
-PACKAGE_VERSION='3.2.0.6'
-PACKAGE_STRING='Squid Web Proxy 3.2.0.6'
+PACKAGE_VERSION='3.2.0.7'
+PACKAGE_STRING='Squid Web Proxy 3.2.0.7'
PACKAGE_BUGREPORT='http://www.squid-cache.org/bugs/'
PACKAGE_URL=''
@@ -1567,7 +1567,7 @@
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures Squid Web Proxy 3.2.0.6 to adapt to many kinds of systems.
+\`configure' configures Squid Web Proxy 3.2.0.7 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1637,7 +1637,7 @@
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of Squid Web Proxy 3.2.0.6:";;
+ short | recursive ) echo "Configuration of Squid Web Proxy 3.2.0.7:";;
esac
cat <<\_ACEOF
@@ -2012,7 +2012,7 @@
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-Squid Web Proxy configure 3.2.0.6
+Squid Web Proxy configure 3.2.0.7
generated by GNU Autoconf 2.68
Copyright (C) 2010 Free Software Foundation, Inc.
@@ -3108,7 +3108,7 @@
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by Squid Web Proxy $as_me 3.2.0.6, which was
+It was created by Squid Web Proxy $as_me 3.2.0.7, which was
generated by GNU Autoconf 2.68. Invocation command line was
$ $0 $@
@@ -3927,7 +3927,7 @@
# Define the identity of the package.
PACKAGE='squid'
- VERSION='3.2.0.6'
+ VERSION='3.2.0.7'
cat >>confdefs.h <<_ACEOF
@@ -29509,7 +29509,7 @@
rm -f core
-ac_config_files="$ac_config_files Makefile compat/Makefile lib/Makefile lib/ntlmauth/Makefile lib/profiler/Makefile lib/rfcnb/Makefile lib/smblib/Makefile scripts/Makefile src/Makefile src/anyp/Makefile src/base/Makefile src/acl/Makefile src/fs/Makefile src/repl/Makefile src/auth/Makefile src/auth/basic/Makefile src/auth/digest/Makefile src/auth/negotiate/Makefile src/auth/ntlm/Makefile src/adaptation/Makefile src/adaptation/icap/Makefile src/adaptation/ecap/Makefile src/comm/Makefile src/esi/Makefile src/eui/Makefile src/icmp/Makefile src/ident/Makefile src/ip/Makefile src/log/Makefile src/ipc/Makefile src/ssl/Makefile src/mgr/Makefile src/snmp/Makefile contrib/Makefile snmplib/Makefile icons/Makefile errors/Makefile test-suite/Makefile doc/Makefile doc/manuals/Makefile helpers/Makefile helpers/basic_auth/Makefile helpers/basic_auth/DB/Makefile helpers/basic_auth/fake/Makefile helpers/basic_auth/getpwnam/Makefile helpers/basic_auth/LDAP/Makefile helpers/basic_auth/MSNT/Makefile helpers/basic_auth/MSNT-multi-domain/Makefile helpers/basic_auth/NCSA/Makefile helpers/basic_auth/NIS/Makefile helpers/basic_auth/PAM/Makefile helpers/basic_auth/POP3/Makefile helpers/basic_auth/RADIUS/Makefile helpers/basic_auth/SASL/Makefile helpers/basic_auth/SMB/Makefile helpers/basic_auth/SSPI/Makefile helpers/digest_auth/Makefile helpers/digest_auth/eDirectory/Makefile helpers/digest_auth/file/Makefile helpers/digest_auth/LDAP/Makefile helpers/ntlm_auth/Makefile helpers/ntlm_auth/fake/Makefile helpers/ntlm_auth/smb_lm/Makefile helpers/ntlm_auth/SSPI/Makefile helpers/negotiate_auth/Makefile helpers/negotiate_auth/kerberos/Makefile helpers/negotiate_auth/SSPI/Makefile helpers/external_acl/Makefile helpers/external_acl/AD_group/Makefile helpers/external_acl/eDirectory_userip/Makefile helpers/external_acl/file_userip/Makefile helpers/external_acl/kerberos_ldap_group/Makefile helpers/external_acl/LDAP_group/Makefile helpers/external_acl/LM_group/Makefile helpers/external_acl/session/Makefile helpers/external_acl/unix_group/Makefile helpers/external_acl/wbinfo_group/Makefile helpers/log_daemon/Makefile helpers/log_daemon/file/Makefile helpers/url_rewrite/Makefile helpers/url_rewrite/fake/Makefile tools/Makefile tools/purge/Makefile"
+ac_config_files="$ac_config_files Makefile compat/Makefile lib/Makefile lib/ntlmauth/Makefile lib/profiler/Makefile lib/rfcnb/Makefile lib/smblib/Makefile scripts/Makefile src/Makefile src/anyp/Makefile src/base/Makefile src/acl/Makefile src/fs/Makefile src/repl/Makefile src/auth/Makefile src/auth/basic/Makefile src/auth/digest/Makefile src/auth/negotiate/Makefile src/auth/ntlm/Makefile src/adaptation/Makefile src/adaptation/icap/Makefile src/adaptation/ecap/Makefile src/comm/Makefile src/esi/Makefile src/eui/Makefile src/icmp/Makefile src/ident/Makefile src/ip/Makefile src/log/Makefile src/ipc/Makefile src/ssl/Makefile src/mgr/Makefile src/snmp/Makefile contrib/Makefile snmplib/Makefile icons/Makefile errors/Makefile test-suite/Makefile doc/Makefile doc/manuals/Makefile helpers/Makefile helpers/basic_auth/Makefile helpers/basic_auth/DB/Makefile helpers/basic_auth/fake/Makefile helpers/basic_auth/getpwnam/Makefile helpers/basic_auth/LDAP/Makefile helpers/basic_auth/MSNT/Makefile helpers/basic_auth/MSNT-multi-domain/Makefile helpers/basic_auth/NCSA/Makefile helpers/basic_auth/NIS/Makefile helpers/basic_auth/PAM/Makefile helpers/basic_auth/POP3/Makefile helpers/basic_auth/RADIUS/Makefile helpers/basic_auth/SASL/Makefile helpers/basic_auth/SMB/Makefile helpers/basic_auth/SSPI/Makefile helpers/digest_auth/Makefile helpers/digest_auth/eDirectory/Makefile helpers/digest_auth/file/Makefile helpers/digest_auth/LDAP/Makefile helpers/ntlm_auth/Makefile helpers/ntlm_auth/fake/Makefile helpers/ntlm_auth/smb_lm/Makefile helpers/ntlm_auth/SSPI/Makefile helpers/negotiate_auth/Makefile helpers/negotiate_auth/kerberos/Makefile helpers/negotiate_auth/SSPI/Makefile helpers/negotiate_auth/wrapper/Makefile helpers/external_acl/Makefile helpers/external_acl/AD_group/Makefile helpers/external_acl/eDirectory_userip/Makefile helpers/external_acl/file_userip/Makefile helpers/external_acl/kerberos_ldap_group/Makefile helpers/external_acl/LDAP_group/Makefile helpers/external_acl/LM_group/Makefile helpers/external_acl/session/Makefile helpers/external_acl/unix_group/Makefile helpers/external_acl/wbinfo_group/Makefile helpers/log_daemon/Makefile helpers/log_daemon/file/Makefile helpers/url_rewrite/Makefile helpers/url_rewrite/fake/Makefile tools/Makefile tools/purge/Makefile"
subdirs="$subdirs lib/libTrie"
@@ -30234,7 +30234,7 @@
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by Squid Web Proxy $as_me 3.2.0.6, which was
+This file was extended by Squid Web Proxy $as_me 3.2.0.7, which was
generated by GNU Autoconf 2.68. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -30300,7 +30300,7 @@
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-Squid Web Proxy config.status 3.2.0.6
+Squid Web Proxy config.status 3.2.0.7
configured by $0, generated by GNU Autoconf 2.68,
with options \\"\$ac_cs_config\\"
@@ -30859,6 +30859,7 @@
"helpers/negotiate_auth/Makefile") CONFIG_FILES="$CONFIG_FILES helpers/negotiate_auth/Makefile" ;;
"helpers/negotiate_auth/kerberos/Makefile") CONFIG_FILES="$CONFIG_FILES helpers/negotiate_auth/kerberos/Makefile" ;;
"helpers/negotiate_auth/SSPI/Makefile") CONFIG_FILES="$CONFIG_FILES helpers/negotiate_auth/SSPI/Makefile" ;;
+ "helpers/negotiate_auth/wrapper/Makefile") CONFIG_FILES="$CONFIG_FILES helpers/negotiate_auth/wrapper/Makefile" ;;
"helpers/external_acl/Makefile") CONFIG_FILES="$CONFIG_FILES helpers/external_acl/Makefile" ;;
"helpers/external_acl/AD_group/Makefile") CONFIG_FILES="$CONFIG_FILES helpers/external_acl/AD_group/Makefile" ;;
"helpers/external_acl/eDirectory_userip/Makefile") CONFIG_FILES="$CONFIG_FILES helpers/external_acl/eDirectory_userip/Makefile" ;;
diff -u -r -N squid-3.2.0.6/configure.ac squid-3.2.0.7/configure.ac
--- squid-3.2.0.6/configure.ac 2011-04-04 14:44:13.000000000 +1200
+++ squid-3.2.0.7/configure.ac 2011-04-19 12:48:41.000000000 +1200
@@ -3,7 +3,7 @@
dnl
dnl
dnl
-AC_INIT([Squid Web Proxy],[3.2.0.6],[http://www.squid-cache.org/bugs/],[squid])
+AC_INIT([Squid Web Proxy],[3.2.0.7],[http://www.squid-cache.org/bugs/],[squid])
AC_PREREQ(2.61)
AC_CONFIG_HEADERS([include/autoconf.h])
AC_CONFIG_AUX_DIR(cfgaux)
@@ -3424,6 +3424,7 @@
helpers/negotiate_auth/Makefile \
helpers/negotiate_auth/kerberos/Makefile \
helpers/negotiate_auth/SSPI/Makefile \
+ helpers/negotiate_auth/wrapper/Makefile \
helpers/external_acl/Makefile \
helpers/external_acl/AD_group/Makefile \
helpers/external_acl/eDirectory_userip/Makefile \
diff -u -r -N squid-3.2.0.6/helpers/basic_auth/DB/basic_db_auth.8 squid-3.2.0.7/helpers/basic_auth/DB/basic_db_auth.8
--- squid-3.2.0.6/helpers/basic_auth/DB/basic_db_auth.8 2011-04-04 15:10:19.000000000 +1200
+++ squid-3.2.0.7/helpers/basic_auth/DB/basic_db_auth.8 2011-04-19 13:14:23.000000000 +1200
@@ -124,7 +124,7 @@
.\" ========================================================================
.\"
.IX Title "BASIC_DB_AUTH 1"
-.TH BASIC_DB_AUTH 1 "2011-04-03" "perl v5.10.1" "User Contributed Perl Documentation"
+.TH BASIC_DB_AUTH 1 "2011-04-18" "perl v5.10.1" "User Contributed Perl Documentation"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff -u -r -N squid-3.2.0.6/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8 squid-3.2.0.7/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8
--- squid-3.2.0.6/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8 2011-04-04 15:10:28.000000000 +1200
+++ squid-3.2.0.7/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8 2011-04-19 13:14:26.000000000 +1200
@@ -124,7 +124,7 @@
.\" ========================================================================
.\"
.IX Title "EXT_WBINFO_GROUP_ACL.PL.IN 1"
-.TH EXT_WBINFO_GROUP_ACL.PL.IN 1 "2011-04-03" "perl v5.10.1" "User Contributed Perl Documentation"
+.TH EXT_WBINFO_GROUP_ACL.PL.IN 1 "2011-04-18" "perl v5.10.1" "User Contributed Perl Documentation"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff -u -r -N squid-3.2.0.6/helpers/negotiate_auth/Makefile.am squid-3.2.0.7/helpers/negotiate_auth/Makefile.am
--- squid-3.2.0.6/helpers/negotiate_auth/Makefile.am 2011-04-04 14:42:49.000000000 +1200
+++ squid-3.2.0.7/helpers/negotiate_auth/Makefile.am 2011-04-19 12:47:07.000000000 +1200
@@ -1,3 +1,3 @@
-DIST_SUBDIRS = kerberos SSPI
+DIST_SUBDIRS = kerberos SSPI wrapper
SUBDIRS = $(NEGOTIATE_AUTH_HELPERS)
diff -u -r -N squid-3.2.0.6/helpers/negotiate_auth/Makefile.in squid-3.2.0.7/helpers/negotiate_auth/Makefile.in
--- squid-3.2.0.6/helpers/negotiate_auth/Makefile.in 2011-04-04 14:43:34.000000000 +1200
+++ squid-3.2.0.7/helpers/negotiate_auth/Makefile.in 2011-04-19 12:47:59.000000000 +1200
@@ -298,7 +298,7 @@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
-DIST_SUBDIRS = kerberos SSPI
+DIST_SUBDIRS = kerberos SSPI wrapper
SUBDIRS = $(NEGOTIATE_AUTH_HELPERS)
all: all-recursive
diff -u -r -N squid-3.2.0.6/helpers/negotiate_auth/wrapper/config.test squid-3.2.0.7/helpers/negotiate_auth/wrapper/config.test
--- squid-3.2.0.6/helpers/negotiate_auth/wrapper/config.test 1970-01-01 12:00:00.000000000 +1200
+++ squid-3.2.0.7/helpers/negotiate_auth/wrapper/config.test 2011-04-19 12:47:07.000000000 +1200
@@ -0,0 +1,2 @@
+#!/bin/sh
+exit 0
diff -u -r -N squid-3.2.0.6/helpers/negotiate_auth/wrapper/Makefile.am squid-3.2.0.7/helpers/negotiate_auth/wrapper/Makefile.am
--- squid-3.2.0.6/helpers/negotiate_auth/wrapper/Makefile.am 1970-01-01 12:00:00.000000000 +1200
+++ squid-3.2.0.7/helpers/negotiate_auth/wrapper/Makefile.am 2011-04-19 12:47:07.000000000 +1200
@@ -0,0 +1,8 @@
+include $(top_srcdir)/src/Common.am
+
+EXTRA_DIST = config.test
+
+libexec_PROGRAMS = negotiate_wrapper_auth
+
+negotiate_wrapper_auth_SOURCES = negotiate_wrapper.cc nw_base64.cc nw_base64.h
+negotiate_wrapper_auth_LDADD = $(COMPAT_LIB) $(XTRA_LIBS)
diff -u -r -N squid-3.2.0.6/helpers/negotiate_auth/wrapper/Makefile.in squid-3.2.0.7/helpers/negotiate_auth/wrapper/Makefile.in
--- squid-3.2.0.6/helpers/negotiate_auth/wrapper/Makefile.in 1970-01-01 12:00:00.000000000 +1200
+++ squid-3.2.0.7/helpers/negotiate_auth/wrapper/Makefile.in 2011-04-19 12:48:01.000000000 +1200
@@ -0,0 +1,745 @@
+# Makefile.in generated by automake 1.11.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
+ $(top_srcdir)/src/Common.am
+check_PROGRAMS =
+TESTS =
+@USE_LOADABLE_MODULES_TRUE@am__append_1 = $(INCLTDL)
+libexec_PROGRAMS = negotiate_wrapper_auth$(EXEEXT)
+subdir = helpers/negotiate_auth/wrapper
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/acinclude/init.m4 \
+ $(top_srcdir)/acinclude/squid-util.m4 \
+ $(top_srcdir)/acinclude/compiler-flags.m4 \
+ $(top_srcdir)/acinclude/os-deps.m4 \
+ $(top_srcdir)/acinclude/krb5.m4 $(top_srcdir)/acinclude/pam.m4 \
+ $(top_srcdir)/acinclude/lib-checks.m4 \
+ $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/include/autoconf.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+am__installdirs = "$(DESTDIR)$(libexecdir)"
+PROGRAMS = $(libexec_PROGRAMS)
+am_negotiate_wrapper_auth_OBJECTS = negotiate_wrapper.$(OBJEXT) \
+ nw_base64.$(OBJEXT)
+negotiate_wrapper_auth_OBJECTS = $(am_negotiate_wrapper_auth_OBJECTS)
+@ENABLE_XPROF_STATS_TRUE@am__DEPENDENCIES_1 = $(top_builddir)/lib/profiler/libprofiler.la
+am__DEPENDENCIES_2 = $(am__DEPENDENCIES_1)
+am__DEPENDENCIES_3 =
+negotiate_wrapper_auth_DEPENDENCIES = $(am__DEPENDENCIES_2) \
+ $(am__DEPENDENCIES_3)
+DEFAULT_INCLUDES =
+depcomp = $(SHELL) $(top_srcdir)/cfgaux/depcomp
+am__depfiles_maybe = depfiles
+am__mv = mv -f
+CXXCOMPILE = $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS)
+LTCXXCOMPILE = $(LIBTOOL) --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS)
+CXXLD = $(CXX)
+CXXLINK = $(LIBTOOL) --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=link $(CXXLD) $(AM_CXXFLAGS) $(CXXFLAGS) $(AM_LDFLAGS) \
+ $(LDFLAGS) -o $@
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+ $(LDFLAGS) -o $@
+SOURCES = $(negotiate_wrapper_auth_SOURCES)
+DIST_SOURCES = $(negotiate_wrapper_auth_SOURCES)
+ETAGS = etags
+CTAGS = ctags
+am__tty_colors = \
+red=; grn=; lgn=; blu=; std=
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+ADAPTATION_LIBS = @ADAPTATION_LIBS@
+ALLOCA = @ALLOCA@
+AMTAR = @AMTAR@
+AR = @AR@
+ARGZ_H = @ARGZ_H@
+AR_R = @AR_R@
+AUTH_LIBS_TO_BUILD = @AUTH_LIBS_TO_BUILD@
+AUTH_MODULES = @AUTH_MODULES@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BASIC_AUTH_HELPERS = @BASIC_AUTH_HELPERS@
+BZR = @BZR@
+CACHE_EFFECTIVE_USER = @CACHE_EFFECTIVE_USER@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CGIEXT = @CGIEXT@
+CHMOD = @CHMOD@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CPPUNITCONFIG = @CPPUNITCONFIG@
+CRYPTLIB = @CRYPTLIB@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXDEPMODE = @CXXDEPMODE@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFAULT_HOSTS = @DEFAULT_HOSTS@
+DEFAULT_LOG_DIR = @DEFAULT_LOG_DIR@
+DEFAULT_PID_FILE = @DEFAULT_PID_FILE@
+DEFAULT_SWAP_DIR = @DEFAULT_SWAP_DIR@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@
+DISK_LIBS = @DISK_LIBS@
+DISK_LINKOBJS = @DISK_LINKOBJS@
+DISK_MODULES = @DISK_MODULES@
+DISK_OS_LIBS = @DISK_OS_LIBS@
+DISK_PROGRAMS = @DISK_PROGRAMS@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECAP_LIBS = @ECAP_LIBS@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EPOLL_LIBS = @EPOLL_LIBS@
+EXEEXT = @EXEEXT@
+EXPATLIB = @EXPATLIB@
+EXTERNAL_ACL_HELPERS = @EXTERNAL_ACL_HELPERS@
+EXT_LIBECAP_CFLAGS = @EXT_LIBECAP_CFLAGS@
+EXT_LIBECAP_LIBS = @EXT_LIBECAP_LIBS@
+FALSE = @FALSE@
+FGREP = @FGREP@
+GREP = @GREP@
+ICAP_LIBS = @ICAP_LIBS@
+INCLTDL = @INCLTDL@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+KRB5INCS = @KRB5INCS@
+KRB5LIBS = @KRB5LIBS@
+LBERLIB = @LBERLIB@
+LD = @LD@
+LDAPLIB = @LDAPLIB@
+LDFLAGS = @LDFLAGS@
+LIBADD_DL = @LIBADD_DL@
+LIBADD_DLD_LINK = @LIBADD_DLD_LINK@
+LIBADD_DLOPEN = @LIBADD_DLOPEN@
+LIBADD_SHL_LOAD = @LIBADD_SHL_LOAD@
+LIBLTDL = @LIBLTDL@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBSASL = @LIBSASL@
+LIBTOOL = @LIBTOOL@
+LIB_DB = @LIB_DB@
+LIPO = @LIPO@
+LN = @LN@
+LN_S = @LN_S@
+LOG_DAEMON_HELPERS = @LOG_DAEMON_HELPERS@
+LTDLDEPS = @LTDLDEPS@
+LTDLINCL = @LTDLINCL@
+LTDLOPEN = @LTDLOPEN@
+LTLIBOBJS = @LTLIBOBJS@
+LT_CONFIG_H = @LT_CONFIG_H@
+LT_DLLOADERS = @LT_DLLOADERS@
+LT_DLPREOPEN = @LT_DLPREOPEN@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MINGW_LIBS = @MINGW_LIBS@
+MKDIR = @MKDIR@
+MKDIR_P = @MKDIR_P@
+MV = @MV@
+NEGOTIATE_AUTH_HELPERS = @NEGOTIATE_AUTH_HELPERS@
+NM = @NM@
+NMEDIT = @NMEDIT@
+NTLM_AUTH_HELPERS = @NTLM_AUTH_HELPERS@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PERL = @PERL@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
+PO2HTML = @PO2HTML@
+POD2MAN = @POD2MAN@
+RANLIB = @RANLIB@
+REGEXLIB = @REGEXLIB@
+REPL_LIBS = @REPL_LIBS@
+REPL_OBJS = @REPL_OBJS@
+REPL_POLICIES = @REPL_POLICIES@
+RM = @RM@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SH = @SH@
+SHELL = @SHELL@
+SNMPLIB = @SNMPLIB@
+SQUID_CFLAGS = @SQUID_CFLAGS@
+SQUID_CPPUNIT_INC = @SQUID_CPPUNIT_INC@
+SQUID_CPPUNIT_LA = @SQUID_CPPUNIT_LA@
+SQUID_CPPUNIT_LIBS = @SQUID_CPPUNIT_LIBS@
+SQUID_CXXFLAGS = @SQUID_CXXFLAGS@
+SSLLIB = @SSLLIB@
+STORE_LIBS_TO_ADD = @STORE_LIBS_TO_ADD@
+STORE_LIBS_TO_BUILD = @STORE_LIBS_TO_BUILD@
+STORE_TESTS = @STORE_TESTS@
+STRIP = @STRIP@
+TR = @TR@
+TRUE = @TRUE@
+URL_REWRITE_HELPERS = @URL_REWRITE_HELPERS@
+VERSION = @VERSION@
+WIN32_PSAPI = @WIN32_PSAPI@
+XMLLIB = @XMLLIB@
+XTRA_LIBS = @XTRA_LIBS@
+XTRA_OBJS = @XTRA_OBJS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+ac_krb5_config = @ac_krb5_config@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+ltdl_LIBOBJS = @ltdl_LIBOBJS@
+ltdl_LTLIBOBJS = @ltdl_LTLIBOBJS@
+makesnmplib = @makesnmplib@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+subdirs = @subdirs@
+sys_symbol_underscore = @sys_symbol_underscore@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+AM_CFLAGS = $(SQUID_CFLAGS)
+AM_CXXFLAGS = $(SQUID_CXXFLAGS)
+CLEANFILES =
+INCLUDES = -I$(top_srcdir) -I$(top_srcdir)/include -I$(top_srcdir)/lib \
+ -I$(top_srcdir)/src -I$(top_builddir)/include \
+ $(SQUID_CPPUNIT_INC) $(KRB5INCS) $(am__append_1)
+@ENABLE_XPROF_STATS_FALSE@LIBPROFILER =
+@ENABLE_XPROF_STATS_TRUE@LIBPROFILER = $(top_builddir)/lib/profiler/libprofiler.la
+COMPAT_LIB = -L$(top_builddir)/compat -lcompat-squid $(LIBPROFILER)
+subst_perlshell = sed -e 's,[@]PERL[@],$(PERL),g' <$(srcdir)/$@.pl.in >$@ || ($(RM) -f $@ ; exit 1)
+EXTRA_DIST = config.test
+negotiate_wrapper_auth_SOURCES = negotiate_wrapper.cc nw_base64.cc nw_base64.h
+negotiate_wrapper_auth_LDADD = $(COMPAT_LIB) $(XTRA_LIBS)
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .cc .lo .o .obj
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/src/Common.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign helpers/negotiate_auth/wrapper/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --foreign helpers/negotiate_auth/wrapper/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+
+clean-checkPROGRAMS:
+ @list='$(check_PROGRAMS)'; test -n "$$list" || exit 0; \
+ echo " rm -f" $$list; \
+ rm -f $$list || exit $$?; \
+ test -n "$(EXEEXT)" || exit 0; \
+ list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f" $$list; \
+ rm -f $$list
+install-libexecPROGRAMS: $(libexec_PROGRAMS)
+ @$(NORMAL_INSTALL)
+ test -z "$(libexecdir)" || $(MKDIR_P) "$(DESTDIR)$(libexecdir)"
+ @list='$(libexec_PROGRAMS)'; test -n "$(libexecdir)" || list=; \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed 's/$(EXEEXT)$$//' | \
+ while read p p1; do if test -f $$p || test -f $$p1; \
+ then echo "$$p"; echo "$$p"; else :; fi; \
+ done | \
+ sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \
+ -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \
+ sed 'N;N;N;s,\n, ,g' | \
+ $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \
+ { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
+ if ($$2 == $$4) files[d] = files[d] " " $$1; \
+ else { print "f", $$3 "/" $$4, $$1; } } \
+ END { for (d in files) print "f", d, files[d] }' | \
+ while read type dir files; do \
+ if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
+ test -z "$$files" || { \
+ echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(libexecdir)$$dir'"; \
+ $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(libexecdir)$$dir" || exit $$?; \
+ } \
+ ; done
+
+uninstall-libexecPROGRAMS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(libexec_PROGRAMS)'; test -n "$(libexecdir)" || list=; \
+ files=`for p in $$list; do echo "$$p"; done | \
+ sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \
+ -e 's/$$/$(EXEEXT)/' `; \
+ test -n "$$list" || exit 0; \
+ echo " ( cd '$(DESTDIR)$(libexecdir)' && rm -f" $$files ")"; \
+ cd "$(DESTDIR)$(libexecdir)" && rm -f $$files
+
+clean-libexecPROGRAMS:
+ @list='$(libexec_PROGRAMS)'; test -n "$$list" || exit 0; \
+ echo " rm -f" $$list; \
+ rm -f $$list || exit $$?; \
+ test -n "$(EXEEXT)" || exit 0; \
+ list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f" $$list; \
+ rm -f $$list
+negotiate_wrapper_auth$(EXEEXT): $(negotiate_wrapper_auth_OBJECTS) $(negotiate_wrapper_auth_DEPENDENCIES)
+ @rm -f negotiate_wrapper_auth$(EXEEXT)
+ $(CXXLINK) $(negotiate_wrapper_auth_OBJECTS) $(negotiate_wrapper_auth_LDADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/negotiate_wrapper.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/nw_base64.Po@am__quote@
+
+.cc.o:
+@am__fastdepCXX_TRUE@ $(CXXCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCXX_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@ $(CXXCOMPILE) -c -o $@ $<
+
+.cc.obj:
+@am__fastdepCXX_TRUE@ $(CXXCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCXX_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@ $(CXXCOMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
+
+.cc.lo:
+@am__fastdepCXX_TRUE@ $(LTCXXCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCXX_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@ $(LTCXXCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ set x; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ test -z "$(CTAGS_ARGS)$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+check-TESTS: $(TESTS)
+ @failed=0; all=0; xfail=0; xpass=0; skip=0; \
+ srcdir=$(srcdir); export srcdir; \
+ list=' $(TESTS) '; \
+ $(am__tty_colors); \
+ if test -n "$$list"; then \
+ for tst in $$list; do \
+ if test -f ./$$tst; then dir=./; \
+ elif test -f $$tst; then dir=; \
+ else dir="$(srcdir)/"; fi; \
+ if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \
+ all=`expr $$all + 1`; \
+ case " $(XFAIL_TESTS) " in \
+ *[\ \ ]$$tst[\ \ ]*) \
+ xpass=`expr $$xpass + 1`; \
+ failed=`expr $$failed + 1`; \
+ col=$$red; res=XPASS; \
+ ;; \
+ *) \
+ col=$$grn; res=PASS; \
+ ;; \
+ esac; \
+ elif test $$? -ne 77; then \
+ all=`expr $$all + 1`; \
+ case " $(XFAIL_TESTS) " in \
+ *[\ \ ]$$tst[\ \ ]*) \
+ xfail=`expr $$xfail + 1`; \
+ col=$$lgn; res=XFAIL; \
+ ;; \
+ *) \
+ failed=`expr $$failed + 1`; \
+ col=$$red; res=FAIL; \
+ ;; \
+ esac; \
+ else \
+ skip=`expr $$skip + 1`; \
+ col=$$blu; res=SKIP; \
+ fi; \
+ echo "$${col}$$res$${std}: $$tst"; \
+ done; \
+ if test "$$all" -eq 1; then \
+ tests="test"; \
+ All=""; \
+ else \
+ tests="tests"; \
+ All="All "; \
+ fi; \
+ if test "$$failed" -eq 0; then \
+ if test "$$xfail" -eq 0; then \
+ banner="$$All$$all $$tests passed"; \
+ else \
+ if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \
+ banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \
+ fi; \
+ else \
+ if test "$$xpass" -eq 0; then \
+ banner="$$failed of $$all $$tests failed"; \
+ else \
+ if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \
+ banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \
+ fi; \
+ fi; \
+ dashes="$$banner"; \
+ skipped=""; \
+ if test "$$skip" -ne 0; then \
+ if test "$$skip" -eq 1; then \
+ skipped="($$skip test was not run)"; \
+ else \
+ skipped="($$skip tests were not run)"; \
+ fi; \
+ test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \
+ dashes="$$skipped"; \
+ fi; \
+ report=""; \
+ if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \
+ report="Please report to $(PACKAGE_BUGREPORT)"; \
+ test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \
+ dashes="$$report"; \
+ fi; \
+ dashes=`echo "$$dashes" | sed s/./=/g`; \
+ if test "$$failed" -eq 0; then \
+ echo "$$grn$$dashes"; \
+ else \
+ echo "$$red$$dashes"; \
+ fi; \
+ echo "$$banner"; \
+ test -z "$$skipped" || echo "$$skipped"; \
+ test -z "$$report" || echo "$$report"; \
+ echo "$$dashes$$std"; \
+ test "$$failed" -eq 0; \
+ else :; fi
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS)
+ $(MAKE) $(AM_MAKEFLAGS) check-TESTS
+check: check-am
+all-am: Makefile $(PROGRAMS)
+installdirs:
+ for dir in "$(DESTDIR)$(libexecdir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+ -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-checkPROGRAMS clean-generic clean-libexecPROGRAMS \
+ clean-libtool mostlyclean-am
+
+distclean: distclean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am:
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am: install-libexecPROGRAMS
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-libexecPROGRAMS
+
+.MAKE: check-am install-am install-strip
+
+.PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \
+ clean-checkPROGRAMS clean-generic clean-libexecPROGRAMS \
+ clean-libtool ctags distclean distclean-compile \
+ distclean-generic distclean-libtool distclean-tags distdir dvi \
+ dvi-am html html-am info info-am install install-am \
+ install-data install-data-am install-dvi install-dvi-am \
+ install-exec install-exec-am install-html install-html-am \
+ install-info install-info-am install-libexecPROGRAMS \
+ install-man install-pdf install-pdf-am install-ps \
+ install-ps-am install-strip installcheck installcheck-am \
+ installdirs maintainer-clean maintainer-clean-generic \
+ mostlyclean mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool pdf pdf-am ps ps-am tags uninstall \
+ uninstall-am uninstall-libexecPROGRAMS
+
+
+$(OBJS): $(top_srcdir)/include/version.h $(top_builddir)/include/autoconf.h
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff -u -r -N squid-3.2.0.6/helpers/negotiate_auth/wrapper/negotiate_wrapper.cc squid-3.2.0.7/helpers/negotiate_auth/wrapper/negotiate_wrapper.cc
--- squid-3.2.0.6/helpers/negotiate_auth/wrapper/negotiate_wrapper.cc 1970-01-01 12:00:00.000000000 +1200
+++ squid-3.2.0.7/helpers/negotiate_auth/wrapper/negotiate_wrapper.cc 2011-04-19 12:47:07.000000000 +1200
@@ -0,0 +1,407 @@
+/*
+ * -----------------------------------------------------------------------------
+ *
+ * Author: Markus Moeller (markus_moeller at compuserve.com)
+ *
+ * Copyright (C) 2011 Markus Moeller. All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
+ *
+ * -----------------------------------------------------------------------------
+ */
+/*
+ * Hosted at http://sourceforge.net/projects/squidkerbauth
+ */
+
+#include "config.h"
+#include "nw_base64.h"
+
+#if HAVE_STRING_H
+#include
+#endif
+#if HAVE_STDIO_H
+#include
+#endif
+#if HAVE_STDLIB_H
+#include
+#endif
+#if HAVE_NETDB_H
+#include
+#endif
+#if HAVE_UNISTD_H
+#include
+#endif
+#if HAVE_TIME_H
+#include
+#endif
+#if HAVE_SYS_TIME_H
+#include
+#endif
+#if HAVE_ERRNO_H
+#include
+#endif
+
+#if !defined(HAVE_DECL_XMALLOC) || !HAVE_DECL_XMALLOC
+#define xmalloc malloc
+#endif
+#if !defined(HAVE_DECL_XSTRDUP) || !HAVE_DECL_XSTRDUP
+#define xstrdup strdup
+#endif
+#if !defined(HAVE_DECL_XFREE) || !HAVE_DECL_XFREE
+#define xfree free
+#endif
+
+#undef PROGRAM
+#define PROGRAM "negotiate_wrapper"
+#undef VERSION
+#define VERSION "1.0.1"
+
+#ifndef MAX_AUTHTOKEN_LEN
+#define MAX_AUTHTOKEN_LEN 65535
+#endif
+
+static const unsigned char ntlmProtocol[] = {'N', 'T', 'L', 'M', 'S', 'S', 'P', 0};
+
+static const char *
+LogTime()
+{
+ struct tm *tm;
+ struct timeval now;
+ static time_t last_t = 0;
+ static char buf[128];
+
+ gettimeofday(&now, NULL);
+ if (now.tv_sec != last_t) {
+ tm = localtime((time_t *) & now.tv_sec);
+ strftime(buf, 127, "%Y/%m/%d %H:%M:%S", tm);
+ last_t = now.tv_sec;
+ }
+ return buf;
+}
+
+void usage(void)
+{
+ fprintf(stderr, "Usage: \n");
+ fprintf(stderr, "negotiate_wrapper [-h] [-d] --ntlm ntlm helper + arguments --kerberos kerberos helper + arguments\n");
+ fprintf(stderr, "-h help\n");
+ fprintf(stderr, "-d full debug\n");
+ fprintf(stderr, "--ntlm full ntlm helper path with arguments\n");
+ fprintf(stderr, "--kerberos full kerberos helper path with arguments\n");
+}
+
+int
+main(int argc, char *const argv[])
+{
+ char buf[MAX_AUTHTOKEN_LEN];
+ char tbuff[MAX_AUTHTOKEN_LEN];
+ char buff[MAX_AUTHTOKEN_LEN+2];
+ char *c;
+ static int err = 0;
+ int debug = 0;
+ int length;
+ int nstart = 0, kstart = 0;
+ int nend = 0, kend = 0;
+ char *token;
+ char **nargs, **kargs;
+ int i,j;
+ int fpid;
+ FILE *FDKIN,*FDKOUT;
+ FILE *FDNIN,*FDNOUT;
+ int pkin[2];
+ int pkout[2];
+ int pnin[2];
+ int pnout[2];
+
+ setbuf(stdout, NULL);
+ setbuf(stdin, NULL);
+
+ if (argc ==1 || !strncasecmp(argv[1],"-h",2)) {
+ usage();
+ return 0;
+ }
+
+ j = 1;
+ if (!strncasecmp(argv[1],"-d",2)) {
+ debug = 1;
+ j = 2;
+ }
+
+ for (i=j; i kstart) {
+ kend = nstart-1;
+ nend = argc-1;
+ } else {
+ kend = argc-1;
+ nend = kstart-1;
+ }
+ if (nstart == 0 || kstart == 0 || kend-kstart <= 0 || nend-nstart <= 0 ) {
+ usage();
+ return 0;
+ }
+
+ if (debug)
+ fprintf(stderr, "%s| %s: Starting version %s\n", LogTime(), PROGRAM,
+ VERSION);
+
+ if ((nargs = (char **)xmalloc((nend-nstart+1)*sizeof(char *))) == NULL) {
+ fprintf(stderr, "%s| %s: Error allocating memory for ntlm helper\n", LogTime(), PROGRAM);
+ return 1;
+ }
+ memcpy(nargs,argv+nstart+1,(nend-nstart)*sizeof(char *));
+ nargs[nend-nstart]=NULL;
+ if (debug) {
+ fprintf(stderr, "%s| %s: NTLM command: ", LogTime(), PROGRAM);
+ for (i=0; i(memchr(buf, '\n', sizeof(buf) - 1));
+ if (c) {
+ *c = '\0';
+ length = c - buf;
+ } else {
+ err = 1;
+ }
+ if (err) {
+ if (debug)
+ fprintf(stderr, "%s| %s: Oversized message\n", LogTime(),
+ PROGRAM);
+ fprintf(stdout, "BH Oversized message\n");
+ err = 0;
+ continue;
+ }
+ if (debug)
+ fprintf(stderr, "%s| %s: Got '%s' from squid (length: %d).\n",
+ LogTime(), PROGRAM, buf, length);
+
+ if (buf[0] == '\0') {
+ if (debug)
+ fprintf(stderr, "%s| %s: Invalid request\n", LogTime(),
+ PROGRAM);
+ fprintf(stdout, "BH Invalid request\n");
+ continue;
+ }
+ if (strlen(buf) < 2) {
+ if (debug)
+ fprintf(stderr, "%s| %s: Invalid request [%s]\n", LogTime(),
+ PROGRAM, buf);
+ fprintf(stdout, "BH Invalid request\n");
+ continue;
+ }
+ if (!strncmp(buf, "QQ", 2)) {
+ fprintf(stdout, "BH quit command\n");
+ return 0;
+ }
+ if (strncmp(buf, "YR", 2) && strncmp(buf, "KK", 2)) {
+ if (debug)
+ fprintf(stderr, "%s| %s: Invalid request [%s]\n", LogTime(),
+ PROGRAM, buf);
+ fprintf(stdout, "BH Invalid request\n");
+ continue;
+ }
+ if (strlen(buf) <= 3) {
+ if (debug)
+ fprintf(stderr, "%s| %s: Invalid negotiate request [%s]\n",
+ LogTime(), PROGRAM, buf);
+ fprintf(stdout, "BH Invalid negotiate request\n");
+ continue;
+ }
+ length = nw_base64_decode_len(buf + 3);
+ if (debug)
+ fprintf(stderr, "%s| %s: Decode '%s' (decoded length: %d).\n",
+ LogTime(), PROGRAM, buf + 3, (int) length);
+
+ if ((token = (char *)xmalloc(length)) == NULL) {
+ fprintf(stderr, "%s| %s: Error allocating memory for token\n", LogTime(), PROGRAM);
+ return 1;
+ }
+
+ nw_base64_decode(token, buf + 3, length);
+
+ if ((static_cast(length) >= sizeof(ntlmProtocol) + 1) &&
+ (!memcmp(token, ntlmProtocol, sizeof ntlmProtocol))) {
+ free(token);
+ if (debug)
+ fprintf(stderr, "%s| %s: received type %d NTLM token\n",
+ LogTime(), PROGRAM, (int) *((unsigned char *) token +
+ sizeof ntlmProtocol));
+ fprintf(FDNIN, "%s\n",buf);
+ if (fgets(tbuff, sizeof(tbuff) - 1, FDNOUT) == NULL) {
+ if (ferror(FDNOUT)) {
+ fprintf(stderr,
+ "fgets() failed! dying..... errno=%d (%s)\n",
+ ferror(FDNOUT), strerror(ferror(FDNOUT)));
+ return 1;
+ }
+ fprintf(stderr, "%s| %s: Error reading NTLM helper response\n",
+ LogTime(), PROGRAM);
+ return 0;
+ }
+ /*
+ Need to translate NTLM reply to Negotiate reply
+ AF user => AF blob user
+ NA reason => NA blob reason
+ Set blob to '='
+ */
+ if (strlen(tbuff) >= 3 && (!strncmp(tbuff,"AF ",3) || !strncmp(tbuff,"NA ",3))) {
+ strncpy(buff,tbuff,3);
+ buff[3]='=';
+ for (unsigned int i=2; i<=strlen(tbuff); i++)
+ buff[i+2] = tbuff[i];
+ } else {
+ strcpy(buff,tbuff);
+ }
+ } else {
+ free(token);
+ if (debug)
+ fprintf(stderr, "%s| %s: received Kerberos token\n",
+ LogTime(), PROGRAM);
+
+ fprintf(FDKIN, "%s\n",buf);
+ if (fgets(buff, sizeof(buff) - 1, FDKOUT) == NULL) {
+ if (ferror(FDKOUT)) {
+ fprintf(stderr,
+ "fgets() failed! dying..... errno=%d (%s)\n",
+ ferror(FDKOUT), strerror(ferror(FDKOUT)));
+ return 1;
+ }
+ fprintf(stderr, "%s| %s: Error reading Kerberos helper response\n",
+ LogTime(), PROGRAM);
+ return 0;
+ }
+ }
+ fprintf(stdout,"%s",buff);
+ if (debug)
+ fprintf(stderr, "%s| %s: Return '%s'\n",
+ LogTime(), PROGRAM, buff);
+ }
+
+ return 1;
+}
diff -u -r -N squid-3.2.0.6/helpers/negotiate_auth/wrapper/nw_base64.cc squid-3.2.0.7/helpers/negotiate_auth/wrapper/nw_base64.cc
--- squid-3.2.0.6/helpers/negotiate_auth/wrapper/nw_base64.cc 1970-01-01 12:00:00.000000000 +1200
+++ squid-3.2.0.7/helpers/negotiate_auth/wrapper/nw_base64.cc 2011-04-19 12:47:07.000000000 +1200
@@ -0,0 +1,83 @@
+/*
+ * Markus Moeller has modified the following code from Squid
+ */
+#include "config.h"
+#include "nw_base64.h"
+#include
+#include
+#include
+
+
+static void nw_base64_init(void);
+
+static int base64_initialized = 0;
+#define BASE64_VALUE_SZ 256
+int base64_value[BASE64_VALUE_SZ];
+const char base64_code[] =
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
+
+
+static void
+nw_base64_init(void)
+{
+ int i;
+
+ for (i = 0; i < BASE64_VALUE_SZ; i++)
+ base64_value[i] = -1;
+
+ for (i = 0; i < 64; i++)
+ base64_value[(int) base64_code[i]] = i;
+ base64_value[(int)'='] = 0;
+
+ base64_initialized = 1;
+}
+
+void
+nw_base64_decode(char *result, const char *data, int result_size)
+{
+ int j;
+ int c;
+ long val;
+ if (!data)
+ return;
+ if (!base64_initialized)
+ nw_base64_init();
+ val = c = 0;
+
+ for (j = 0; *data; data++) {
+ unsigned int k = ((unsigned char) *data) % BASE64_VALUE_SZ;
+ if (base64_value[k] < 0)
+ continue;
+ val <<= 6;
+ val += base64_value[k];
+ if (++c < 4)
+ continue;
+ /* One quantum of four encoding characters/24 bit */
+ if (j >= result_size)
+ break;
+ result[j++] = val >> 16; /* High 8 bits */
+ if (j >= result_size)
+ break;
+ result[j++] = (val >> 8) & 0xff; /* Mid 8 bits */
+ if (j >= result_size)
+ break;
+ result[j++] = val & 0xff; /* Low 8 bits */
+ val = c = 0;
+ }
+ return;
+}
+
+int
+nw_base64_decode_len(const char *data)
+{
+ int i, j;
+
+ j = 0;
+ for (i = strlen(data) - 1; i >= 0; i--) {
+ if (data[i] == '=')
+ j++;
+ if (data[i] != '=')
+ break;
+ }
+ return strlen(data) / 4 * 3 - j;
+}
diff -u -r -N squid-3.2.0.6/helpers/negotiate_auth/wrapper/nw_base64.h squid-3.2.0.7/helpers/negotiate_auth/wrapper/nw_base64.h
--- squid-3.2.0.6/helpers/negotiate_auth/wrapper/nw_base64.h 1970-01-01 12:00:00.000000000 +1200
+++ squid-3.2.0.7/helpers/negotiate_auth/wrapper/nw_base64.h 2011-04-19 12:47:07.000000000 +1200
@@ -0,0 +1,11 @@
+#ifndef _NW_BASE64_H
+#define _NW_BASE64_H
+
+/*
+ * Markus Moeller has modified the following code from Squid
+ */
+
+void nw_base64_decode(char *result, const char *data, int result_size);
+int nw_base64_decode_len(const char *data);
+
+#endif
diff -u -r -N squid-3.2.0.6/helpers/ntlm_auth/smb_lm/ntlm_smb_lm_auth.cc squid-3.2.0.7/helpers/ntlm_auth/smb_lm/ntlm_smb_lm_auth.cc
--- squid-3.2.0.6/helpers/ntlm_auth/smb_lm/ntlm_smb_lm_auth.cc 2011-04-04 14:42:49.000000000 +1200
+++ squid-3.2.0.7/helpers/ntlm_auth/smb_lm/ntlm_smb_lm_auth.cc 2011-04-19 12:47:07.000000000 +1200
@@ -683,13 +683,6 @@
main(int argc, char *argv[])
{
debug("ntlm_auth build " __DATE__ ", " __TIME__ " starting up...\n");
-#if DEBUG
- debug("changing dir to /tmp\n");
- if (chdir("/tmp") != 0) {
- debug("ERROR: (%d) failed.\n",errno);
- return 2;
- }
-#endif
my_program_name = argv[0];
process_options(argc, argv);
diff -u -r -N squid-3.2.0.6/icons/Makefile.am squid-3.2.0.7/icons/Makefile.am
--- squid-3.2.0.6/icons/Makefile.am 2011-04-04 14:42:49.000000000 +1200
+++ squid-3.2.0.7/icons/Makefile.am 2011-04-19 12:47:07.000000000 +1200
@@ -1,12 +1,12 @@
include $(top_srcdir)/icons/list
-icondir = $(localstatedir)/www/squid/icons/silk
+icondir = $(datadir)/icons/silk
icon_DATA = $(ICONS)
EXTRA_DIST = $(ICONS) list SN.png
DISTCLEANFILES =
install-data-local: SN.png install-iconDATA
- $(INSTALL_DATA) $(srcdir)/SN.png "$(DESTDIR)$(localstatedir)/www/squid/icons/"
+ $(INSTALL_DATA) $(srcdir)/SN.png "$(DESTDIR)$(datadir)/icons/"
uninstall-local:
- $(RM) $(DESTDIR)$(localstatedir)/www/squid/icons/SN.png
+ $(RM) $(DESTDIR)$(datadir)/icons/SN.png
diff -u -r -N squid-3.2.0.6/icons/Makefile.in squid-3.2.0.7/icons/Makefile.in
--- squid-3.2.0.6/icons/Makefile.in 2011-04-04 14:43:37.000000000 +1200
+++ squid-3.2.0.7/icons/Makefile.in 2011-04-19 12:48:03.000000000 +1200
@@ -336,7 +336,7 @@
silk/script_gear.png \
silk/script_palette.png
-icondir = $(localstatedir)/www/squid/icons/silk
+icondir = $(datadir)/icons/silk
icon_DATA = $(ICONS)
EXTRA_DIST = $(ICONS) list SN.png
DISTCLEANFILES =
@@ -552,10 +552,10 @@
install-data-local: SN.png install-iconDATA
- $(INSTALL_DATA) $(srcdir)/SN.png "$(DESTDIR)$(localstatedir)/www/squid/icons/"
+ $(INSTALL_DATA) $(srcdir)/SN.png "$(DESTDIR)$(datadir)/icons/"
uninstall-local:
- $(RM) $(DESTDIR)$(localstatedir)/www/squid/icons/SN.png
+ $(RM) $(DESTDIR)$(datadir)/icons/SN.png
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
Binary files squid-3.2.0.6/icons/SN.png and squid-3.2.0.7/icons/SN.png differ
diff -u -r -N squid-3.2.0.6/include/version.h squid-3.2.0.7/include/version.h
--- squid-3.2.0.6/include/version.h 2011-04-04 14:44:13.000000000 +1200
+++ squid-3.2.0.7/include/version.h 2011-04-19 12:48:41.000000000 +1200
@@ -9,7 +9,7 @@
*/
#ifndef SQUID_RELEASE_TIME
-#define SQUID_RELEASE_TIME 1301884967
+#define SQUID_RELEASE_TIME 1303174025
#endif
#ifndef APP_SHORTNAME
diff -u -r -N squid-3.2.0.6/RELEASENOTES.html squid-3.2.0.7/RELEASENOTES.html
--- squid-3.2.0.6/RELEASENOTES.html 2011-04-04 15:10:55.000000000 +1200
+++ squid-3.2.0.7/RELEASENOTES.html 2011-04-19 13:14:36.000000000 +1200
@@ -2,10 +2,10 @@
- Squid 3.2.0.6 release notes
+ Squid 3.2.0.7 release notes
-Squid 3.2.0.6 release notes
+Squid 3.2.0.7 release notes
Squid Developers
@@ -33,7 +33,6 @@
2.7 Surrogate/1.0 protocol extensions to HTTP
2.8 Logging Infrastructure Updated
2.9 Client Bandwidth Limits
-2.10 Dynamic SSL Certificate Generation
@@ -70,7 +69,7 @@
-The Squid Team are pleased to announce the release of Squid-3.2.0.6 for testing.
+The Squid Team are pleased to announce the release of Squid-3.2.0.7 for testing.
This new release is available for download from
http://www.squid-cache.org/Versions/v3/3.2/ or the
mirrors.
@@ -104,7 +103,6 @@
Surrogate/1.0 protocol extensions to HTTP
Logging Infrastructure Updated
Client Bandwidth Limits
-Dynamic SSL Certificate Generation
Better eCAP support
@@ -299,6 +297,7 @@
- squid_kerb_auth - negotiate_kerberos_auth - Authenticate with Kerberos servers.
- mswin_sspi - negotiate_sspi_auth - Authenticate with a Windows Domain Controller using SSPI.
+- negotiate_wrapper - negotiate_wrapper_auth - Split Negotiate traffic between Kerberos and NTLM helpers.
@@ -429,29 +428,6 @@
response data from Squid. This delay may need to be lowered in
high-bandwidth environments.
-
-
- SslBump users know how many certificate warnings a single complex site
-(using dedicated image, style, and/or advertisement servers for embedded content)
-can generate. The warnings are legitimate and are caused by Squid-provided site
-certificate. Two things may be wrong with that certificate:
-
-- Squid certificate is not signed by a trusted authority.
-- Squid certificate name does not match the site domain name.
-
-
-Squid can do nothing about (A), but in most targeted environments, users will
-trust the "man in the middle" authority and install the corresponding root
-certificate.
-
-To avoid mismatch (B), the DynamicSslCert feature concentrates on generating
-site certificates that match the requested site domain name. Please note that
-the browser site name check does not really add much security in an SslBump
-environment where the user already trusts the "man in the middle". The check
-only adds warnings and creates page rendering problems in browsers that try to
-reduce the number of warnings by blocking some embedded content.
-
There have been changes to Squid's configuration file since Squid-3.1.
@@ -567,12 +543,6 @@
write_timeout
New setting to limit time spent waiting for data writes to be confirmed.
-
-sslcrtd_program
-Specify the location and options of the executable for ssl_crtd process.
-
-sslcrtd_children
- Configures the number of sslcrtd processes to spawn
@@ -798,10 +768,6 @@
--without-netfiler-conntrack
Disables the libnetfilter_conntrack library being used for the new qos_flows option mark.
default is to auto-detect the library and use where available.
-
---enable-ssl-crtd
- Prevent Squid from directly generation of SSL private key and
-certificate request and instead enables the ssl_crtd processes.
diff -u -r -N squid-3.2.0.6/src/adaptation/icap/ModXact.cc squid-3.2.0.7/src/adaptation/icap/ModXact.cc
--- squid-3.2.0.6/src/adaptation/icap/ModXact.cc 2011-04-04 14:42:49.000000000 +1200
+++ squid-3.2.0.7/src/adaptation/icap/ModXact.cc 2011-04-19 12:47:07.000000000 +1200
@@ -1496,8 +1496,6 @@
// we decided to do preview, now compute its size
- Must(wantedSize >= 0);
-
// cannot preview more than we can backup
size_t ad = min(wantedSize, TheBackupLimit);
@@ -1766,7 +1764,7 @@
void Adaptation::Icap::VirginBodyAct::progress(size_t size)
{
Must(active());
- Must(size >= 0);
+ Must(static_cast(size) >= 0);
theStart += static_cast(size);
}
@@ -1783,7 +1781,6 @@
void Adaptation::Icap::Preview::enable(size_t anAd)
{
// TODO: check for anAd not exceeding preview size limit
- Must(anAd >= 0);
Must(!enabled());
theAd = anAd;
theState = stWriting;
diff -u -r -N squid-3.2.0.6/src/adaptation/icap/Xaction.cc squid-3.2.0.7/src/adaptation/icap/Xaction.cc
--- squid-3.2.0.6/src/adaptation/icap/Xaction.cc 2011-04-04 14:42:49.000000000 +1200
+++ squid-3.2.0.7/src/adaptation/icap/Xaction.cc 2011-04-19 12:47:07.000000000 +1200
@@ -358,7 +358,6 @@
reader = NULL;
Must(io.flag == COMM_OK);
- Must(io.size >= 0);
if (!io.size) {
commEof = true;
diff -u -r -N squid-3.2.0.6/src/anyp/ProtocolType.cc squid-3.2.0.7/src/anyp/ProtocolType.cc
--- squid-3.2.0.6/src/anyp/ProtocolType.cc 2011-04-04 15:10:45.000000000 +1200
+++ squid-3.2.0.7/src/anyp/ProtocolType.cc 2011-04-19 13:14:31.000000000 +1200
@@ -15,7 +15,9 @@
"WAIS",
"CACHE_OBJECT",
"ICP",
+#if USE_HTCP
"HTCP",
+#endif
"URN",
"WHOIS",
"INTERNAL",
diff -u -r -N squid-3.2.0.6/src/auth/basic/auth_basic.cc squid-3.2.0.7/src/auth/basic/auth_basic.cc
--- squid-3.2.0.6/src/auth/basic/auth_basic.cc 2011-04-04 14:42:49.000000000 +1200
+++ squid-3.2.0.7/src/auth/basic/auth_basic.cc 2011-04-19 12:47:07.000000000 +1200
@@ -40,6 +40,7 @@
#include "squid.h"
#include "auth/basic/auth_basic.h"
#include "auth/basic/Scheme.h"
+#include "auth/basic/User.h"
#include "auth/basic/UserRequest.h"
#include "auth/Gadgets.h"
#include "auth/State.h"
@@ -70,13 +71,13 @@
/* internal functions */
bool
-AuthBasicConfig::active() const
+Auth::Basic::Config::active() const
{
return authbasic_initialised == 1;
}
bool
-AuthBasicConfig::configured() const
+Auth::Basic::Config::configured() const
{
if ((authenticateProgram != NULL) && (authenticateChildren.n_max != 0) &&
(basicAuthRealm != NULL)) {
@@ -89,36 +90,13 @@
}
const char *
-AuthBasicConfig::type() const
+Auth::Basic::Config::type() const
{
return Auth::Basic::Scheme::GetInstance()->type();
}
-int32_t
-BasicUser::ttl() const
-{
- if (credentials() != Ok && credentials() != Pending)
- return -1; // TTL is obsolete NOW.
-
- int32_t basic_ttl = expiretime - squid_curtime + static_cast(config)->credentialsTTL;
- int32_t global_ttl = static_cast(expiretime - squid_curtime + Config.authenticateTTL);
-
- return min(basic_ttl, global_ttl);
-}
-
-bool
-BasicUser::authenticated() const
-{
- if ((credentials() == Ok) && (expiretime + static_cast(config)->credentialsTTL > squid_curtime))
- return true;
-
- debugs(29, 4, "User not authenticated or credentials need rechecking.");
-
- return false;
-}
-
void
-AuthBasicConfig::fixHeader(AuthUserRequest::Pointer auth_user_request, HttpReply *rep, http_hdr_type hdrType, HttpRequest * request)
+Auth::Basic::Config::fixHeader(AuthUserRequest::Pointer auth_user_request, HttpReply *rep, http_hdr_type hdrType, HttpRequest * request)
{
if (authenticateProgram) {
debugs(29, 9, HERE << "Sending type:" << hdrType << " header: 'Basic realm=\"" << basicAuthRealm << "\"'");
@@ -127,7 +105,7 @@
}
void
-AuthBasicConfig::rotateHelpers()
+Auth::Basic::Config::rotateHelpers()
{
/* schedule closure of existing helpers */
if (basicauthenticators) {
@@ -139,7 +117,7 @@
/** shutdown the auth helpers and free any allocated configuration details */
void
-AuthBasicConfig::done()
+Auth::Basic::Config::done()
{
authbasic_initialised = 0;
@@ -157,11 +135,6 @@
safe_free(basicAuthRealm);
}
-BasicUser::~BasicUser()
-{
- safe_free(passwd);
-}
-
static void
authenticateBasicHandleReply(void *data, char *reply)
{
@@ -182,16 +155,16 @@
assert(r->auth_user_request != NULL);
assert(r->auth_user_request->user()->auth_type == Auth::AUTH_BASIC);
- /* this is okay since we only play with the BasicUser child fields below
+ /* this is okay since we only play with the Auth::Basic::User child fields below
* and dont pass the pointer itself anywhere */
- BasicUser *basic_auth = dynamic_cast(r->auth_user_request->user().getRaw());
+ Auth::Basic::User *basic_auth = dynamic_cast(r->auth_user_request->user().getRaw());
assert(basic_auth != NULL);
if (reply && (strncasecmp(reply, "OK", 2) == 0))
- basic_auth->credentials(AuthUser::Ok);
+ basic_auth->credentials(Auth::Ok);
else {
- basic_auth->credentials(AuthUser::Failed);
+ basic_auth->credentials(Auth::Failed);
if (t && *t)
r->auth_user_request->setDenyMessage(t);
@@ -219,7 +192,7 @@
}
void
-AuthBasicConfig::dump(StoreEntry * entry, const char *name, AuthConfig * scheme)
+Auth::Basic::Config::dump(StoreEntry * entry, const char *name, Auth::Config * scheme)
{
wordlist *list = authenticateProgram;
storeAppendPrintf(entry, "%s %s", name, "basic");
@@ -237,7 +210,7 @@
storeAppendPrintf(entry, "%s basic casesensitive %s\n", name, casesensitive ? "on" : "off");
}
-AuthBasicConfig::AuthBasicConfig() :
+Auth::Basic::Config::Config() :
credentialsTTL( 2*60*60 ),
casesensitive(0),
utf8(0)
@@ -245,13 +218,13 @@
basicAuthRealm = xstrdup("Squid proxy-caching web server");
}
-AuthBasicConfig::~AuthBasicConfig()
+Auth::Basic::Config::~Config()
{
safe_free(basicAuthRealm);
}
void
-AuthBasicConfig::parse(AuthConfig * scheme, int n_configured, char *param_str)
+Auth::Basic::Config::parse(Auth::Config * scheme, int n_configured, char *param_str)
{
if (strcasecmp(param_str, "program") == 0) {
if (authenticateProgram)
@@ -281,7 +254,7 @@
helperStats(sentry, basicauthenticators, "Basic Authenticator Statistics");
}
-static AuthUser::Pointer
+static Auth::User::Pointer
authBasicAuthUserFindUsername(const char *username)
{
AuthUserHashPointer *usernamehash;
@@ -300,15 +273,8 @@
return NULL;
}
-BasicUser::BasicUser(AuthConfig *aConfig) :
- AuthUser(aConfig),
- passwd(NULL),
- auth_queue(NULL),
- currentRequest(NULL)
-{}
-
char *
-AuthBasicConfig::decodeCleartext(const char *httpAuthHeader)
+Auth::Basic::Config::decodeCleartext(const char *httpAuthHeader)
{
const char *proxy_auth = httpAuthHeader;
@@ -342,37 +308,6 @@
return cleartext;
}
-bool
-BasicUser::valid() const
-{
- if (username() == NULL)
- return false;
- if (passwd == NULL)
- return false;
- return true;
-}
-
-void
-BasicUser::updateCached(BasicUser *from)
-{
- debugs(29, 9, HERE << "Found user '" << from->username() << "' already in the user cache as '" << this << "'");
-
- assert(strcmp(from->username(), username()) == 0);
-
- if (strcmp(from->passwd, passwd)) {
- debugs(29, 4, HERE << "new password found. Updating in user master record and resetting auth state to unchecked");
- credentials(Unchecked);
- xfree(passwd);
- passwd = from->passwd;
- from->passwd = NULL;
- }
-
- if (credentials() == Failed) {
- debugs(29, 4, HERE << "last attempt to authenticate this user failed, resetting auth state to unchecked");
- credentials(Unchecked);
- }
-}
-
/**
* Decode a Basic [Proxy-]Auth string, linking the passed
* auth_user_request structure to any existing user structure or creating one
@@ -381,7 +316,7 @@
* descriptive message to the user.
*/
AuthUserRequest::Pointer
-AuthBasicConfig::decode(char const *proxy_auth)
+Auth::Basic::Config::decode(char const *proxy_auth)
{
AuthUserRequest::Pointer auth_user_request = dynamic_cast(new AuthBasicUserRequest);
/* decode the username */
@@ -393,13 +328,13 @@
if (!cleartext)
return auth_user_request;
- AuthUser::Pointer lb;
+ Auth::User::Pointer lb;
/* permitted because local_basic is purely local function scope. */
- BasicUser *local_basic = NULL;
+ Auth::Basic::User *local_basic = NULL;
char *seperator = strchr(cleartext, ':');
- lb = local_basic = new BasicUser(this);
+ lb = local_basic = new Auth::Basic::User(this);
if (seperator == NULL) {
local_basic->username(cleartext);
} else {
@@ -432,7 +367,7 @@
}
/* now lookup and see if we have a matching auth_user structure in memory. */
- AuthUser::Pointer auth_user;
+ Auth::User::Pointer auth_user;
if ((auth_user = authBasicAuthUserFindUsername(lb->username())) == NULL) {
/* the user doesn't exist in the username cache yet */
@@ -452,7 +387,7 @@
assert(auth_user != NULL);
} else {
/* replace the current cached password with the new one */
- BasicUser *basic_auth = dynamic_cast(auth_user.getRaw());
+ Auth::Basic::User *basic_auth = dynamic_cast(auth_user.getRaw());
assert(basic_auth);
basic_auth->updateCached(local_basic);
auth_user = basic_auth;
@@ -466,7 +401,7 @@
/** Initialize helpers and the like for this auth scheme. Called AFTER parsing the
* config file */
void
-AuthBasicConfig::init(AuthConfig * schemeCfg)
+Auth::Basic::Config::init(Auth::Config * schemeCfg)
{
if (authenticateProgram) {
authbasic_initialised = 1;
@@ -487,15 +422,16 @@
}
void
-AuthBasicConfig::registerWithCacheManager(void)
+Auth::Basic::Config::registerWithCacheManager(void)
{
Mgr::RegisterAction("basicauthenticator",
"Basic User Authenticator Stats",
authenticateBasicStats, 0, 1);
}
+// XXX: this is a auth management function. Surely not in scope for the credentials storage object
void
-BasicUser::queueRequest(AuthUserRequest::Pointer auth_user_request, RH * handler, void *data)
+Auth::Basic::User::queueRequest(AuthUserRequest::Pointer auth_user_request, RH * handler, void *data)
{
BasicAuthQueueNode *node;
node = static_cast(xcalloc(1, sizeof(BasicAuthQueueNode)));
@@ -508,11 +444,12 @@
node->data = cbdataReference(data);
}
+// XXX: this is a auth management function. Surely not in scope for the credentials storage object
void
-BasicUser::submitRequest(AuthUserRequest::Pointer auth_user_request, RH * handler, void *data)
+Auth::Basic::User::submitRequest(AuthUserRequest::Pointer auth_user_request, RH * handler, void *data)
{
/* mark the user as having verification in progress */
- credentials(Pending);
+ credentials(Auth::Pending);
authenticateStateData *r = NULL;
char buf[8192];
char user[1024], pass[1024];
@@ -520,7 +457,7 @@
r->handler = handler;
r->data = cbdataReference(data);
r->auth_user_request = auth_user_request;
- if (static_cast(config)->utf8) {
+ if (static_cast(config)->utf8) {
latin1_to_utf8(user, sizeof(user), username());
latin1_to_utf8(pass, sizeof(pass), passwd);
xstrncpy(user, rfc1738_escape(user), sizeof(user));
diff -u -r -N squid-3.2.0.6/src/auth/basic/auth_basic.h squid-3.2.0.7/src/auth/basic/auth_basic.h
--- squid-3.2.0.6/src/auth/basic/auth_basic.h 2011-04-04 14:42:49.000000000 +1200
+++ squid-3.2.0.7/src/auth/basic/auth_basic.h 2011-04-19 12:47:07.000000000 +1200
@@ -7,7 +7,6 @@
#define __AUTH_BASIC_H__
#include "auth/Gadgets.h"
-#include "auth/User.h"
#include "auth/UserRequest.h"
#include "auth/Config.h"
#include "helper.h"
@@ -25,54 +24,31 @@
void *data;
};
-class BasicUser : public AuthUser
+namespace Auth
{
-
-public:
- MEMPROXY_CLASS(BasicUser);
-
- BasicUser(AuthConfig *);
- ~BasicUser();
- bool authenticated() const;
- void queueRequest(AuthUserRequest::Pointer auth_user_request, RH * handler, void *data);
- void submitRequest(AuthUserRequest::Pointer auth_user_request, RH * handler, void *data);
-
- bool valid() const;
-
- /** Update the cached password for a username. */
- void updateCached(BasicUser *from);
- virtual int32_t ttl() const;
-
- char *passwd;
-
- BasicAuthQueueNode *auth_queue;
-
-private:
- AuthUserRequest::Pointer currentRequest;
-};
-
-MEMPROXY_CLASS_INLINE(BasicUser);
-
-/* configuration runtime data */
-
-class AuthBasicConfig : public AuthConfig
+namespace Basic
{
+/** Basic authentication configuration data */
+class Config : public Auth::Config
+{
public:
- AuthBasicConfig();
- ~AuthBasicConfig();
+ Config();
+ ~Config();
virtual bool active() const;
virtual bool configured() const;
virtual AuthUserRequest::Pointer decode(char const *proxy_auth);
virtual void done();
virtual void rotateHelpers();
- virtual void dump(StoreEntry *, const char *, AuthConfig *);
+ virtual void dump(StoreEntry *, const char *, Auth::Config *);
virtual void fixHeader(AuthUserRequest::Pointer, HttpReply *, http_hdr_type, HttpRequest *);
- virtual void init(AuthConfig *);
- virtual void parse(AuthConfig *, int, char *);
+ virtual void init(Auth::Config *);
+ virtual void parse(Auth::Config *, int, char *);
void decode(char const *httpAuthHeader, AuthUserRequest::Pointer);
virtual void registerWithCacheManager(void);
virtual const char * type() const;
+
+public:
char *basicAuthRealm;
time_t credentialsTTL;
int casesensitive;
@@ -82,4 +58,7 @@
char * decodeCleartext(const char *httpAuthHeader);
};
+} // namespace Basic
+} // namespace Auth
+
#endif /* __AUTH_BASIC_H__ */
diff -u -r -N squid-3.2.0.6/src/auth/basic/Makefile.am squid-3.2.0.7/src/auth/basic/Makefile.am
--- squid-3.2.0.6/src/auth/basic/Makefile.am 2011-04-04 14:42:49.000000000 +1200
+++ squid-3.2.0.7/src/auth/basic/Makefile.am 2011-04-19 12:47:07.000000000 +1200
@@ -8,5 +8,7 @@
Scheme.h \
auth_basic.cc \
auth_basic.h \
+ User.cc \
+ User.h \
UserRequest.cc \
UserRequest.h
diff -u -r -N squid-3.2.0.6/src/auth/basic/Makefile.in squid-3.2.0.7/src/auth/basic/Makefile.in
--- squid-3.2.0.6/src/auth/basic/Makefile.in 2011-04-04 14:43:43.000000000 +1200
+++ squid-3.2.0.7/src/auth/basic/Makefile.in 2011-04-19 12:48:09.000000000 +1200
@@ -55,7 +55,8 @@
CONFIG_CLEAN_VPATH_FILES =
LTLIBRARIES = $(noinst_LTLIBRARIES)
libbasic_la_LIBADD =
-am_libbasic_la_OBJECTS = Scheme.lo auth_basic.lo UserRequest.lo
+am_libbasic_la_OBJECTS = Scheme.lo auth_basic.lo User.lo \
+ UserRequest.lo
libbasic_la_OBJECTS = $(am_libbasic_la_OBJECTS)
DEFAULT_INCLUDES =
depcomp = $(SHELL) $(top_srcdir)/cfgaux/depcomp
@@ -310,6 +311,8 @@
Scheme.h \
auth_basic.cc \
auth_basic.h \
+ User.cc \
+ User.h \
UserRequest.cc \
UserRequest.h
@@ -375,6 +378,7 @@
-rm -f *.tab.c
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/Scheme.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/User.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/UserRequest.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/auth_basic.Plo@am__quote@
diff -u -r -N squid-3.2.0.6/src/auth/basic/Scheme.cc squid-3.2.0.7/src/auth/basic/Scheme.cc
--- squid-3.2.0.6/src/auth/basic/Scheme.cc 2011-04-04 14:42:49.000000000 +1200
+++ squid-3.2.0.7/src/auth/basic/Scheme.cc 2011-04-19 12:47:07.000000000 +1200
@@ -34,7 +34,7 @@
#include "auth/basic/Scheme.h"
#include "helper.h"
-/* for AuthConfig */
+/* for Auth::Config */
#include "auth/basic/auth_basic.h"
Auth::Scheme::Pointer Auth::Basic::Scheme::_instance = NULL;
@@ -65,9 +65,9 @@
debugs(29, DBG_CRITICAL, "Shutdown: Basic authentication.");
}
-AuthConfig *
+Auth::Config *
Auth::Basic::Scheme::createConfig()
{
- AuthBasicConfig *newCfg = new AuthBasicConfig;
- return dynamic_cast(newCfg);
+ Auth::Basic::Config *newCfg = new Auth::Basic::Config;
+ return dynamic_cast(newCfg);
}
diff -u -r -N squid-3.2.0.6/src/auth/basic/Scheme.h squid-3.2.0.7/src/auth/basic/Scheme.h
--- squid-3.2.0.6/src/auth/basic/Scheme.h 2011-04-04 14:42:49.000000000 +1200
+++ squid-3.2.0.7/src/auth/basic/Scheme.h 2011-04-19 12:47:07.000000000 +1200
@@ -54,7 +54,7 @@
/* per scheme */
virtual char const *type() const;
virtual void shutdownCleanup();
- virtual AuthConfig *createConfig();
+ virtual Auth::Config *createConfig();
/* Not implemented */
Scheme(Scheme const &);
Scheme &operator=(Scheme const &);
diff -u -r -N squid-3.2.0.6/src/auth/basic/User.cc squid-3.2.0.7/src/auth/basic/User.cc
--- squid-3.2.0.6/src/auth/basic/User.cc 1970-01-01 12:00:00.000000000 +1200
+++ squid-3.2.0.7/src/auth/basic/User.cc 2011-04-19 12:47:07.000000000 +1200
@@ -0,0 +1,72 @@
+#include "config.h"
+#include "auth/basic/auth_basic.h"
+#include "auth/basic/User.h"
+#include "Debug.h"
+#include "SquidTime.h"
+
+Auth::Basic::User::User(Auth::Config *aConfig) :
+ Auth::User(aConfig),
+ passwd(NULL),
+ auth_queue(NULL),
+ currentRequest(NULL)
+{}
+
+Auth::Basic::User::~User()
+{
+ safe_free(passwd);
+}
+
+int32_t
+Auth::Basic::User::ttl() const
+{
+ if (credentials() != Auth::Ok && credentials() != Auth::Pending)
+ return -1; // TTL is obsolete NOW.
+
+ int32_t basic_ttl = expiretime - squid_curtime + static_cast(config)->credentialsTTL;
+ int32_t global_ttl = static_cast(expiretime - squid_curtime + ::Config.authenticateTTL);
+
+ return min(basic_ttl, global_ttl);
+}
+
+bool
+Auth::Basic::User::authenticated() const
+{
+ if ((credentials() == Auth::Ok) && (expiretime + static_cast(config)->credentialsTTL > squid_curtime))
+ return true;
+
+ debugs(29, 4, "User not authenticated or credentials need rechecking.");
+
+ return false;
+}
+
+bool
+Auth::Basic::User::valid() const
+{
+ if (username() == NULL)
+ return false;
+ if (passwd == NULL)
+ return false;
+ return true;
+}
+
+void
+Auth::Basic::User::updateCached(Auth::Basic::User *from)
+{
+ debugs(29, 9, HERE << "Found user '" << from->username() << "' already in the user cache as '" << this << "'");
+
+ assert(strcmp(from->username(), username()) == 0);
+
+ if (strcmp(from->passwd, passwd)) {
+ debugs(29, 4, HERE << "new password found. Updating in user master record and resetting auth state to unchecked");
+ credentials(Auth::Unchecked);
+ xfree(passwd);
+ passwd = from->passwd;
+ from->passwd = NULL;
+ }
+
+ if (credentials() == Auth::Failed) {
+ debugs(29, 4, HERE << "last attempt to authenticate this user failed, resetting auth state to unchecked");
+ credentials(Auth::Unchecked);
+ }
+}
+
diff -u -r -N squid-3.2.0.6/src/auth/basic/User.h squid-3.2.0.7/src/auth/basic/User.h
--- squid-3.2.0.6/src/auth/basic/User.h 1970-01-01 12:00:00.000000000 +1200
+++ squid-3.2.0.7/src/auth/basic/User.h 2011-04-19 12:47:07.000000000 +1200
@@ -0,0 +1,48 @@
+#ifndef _SQUID_AUTH_BASIC_USER_H
+#define _SQUID_AUTH_BASIC_USER_H
+
+#include "auth/User.h"
+#include "auth/UserRequest.h"
+
+class BasicAuthQueueNode;
+
+namespace Auth
+{
+
+class Config;
+
+namespace Basic
+{
+
+/** User credentials for the Basic authentication protocol */
+class User : public Auth::User
+{
+public:
+ MEMPROXY_CLASS(Auth::Basic::User);
+
+ User(Auth::Config *);
+ ~User();
+ bool authenticated() const;
+ void queueRequest(AuthUserRequest::Pointer auth_user_request, RH * handler, void *data);
+ void submitRequest(AuthUserRequest::Pointer auth_user_request, RH * handler, void *data);
+
+ bool valid() const;
+
+ /** Update the cached password for a username. */
+ void updateCached(User *from);
+ virtual int32_t ttl() const;
+
+ char *passwd;
+
+ BasicAuthQueueNode *auth_queue;
+
+private:
+ AuthUserRequest::Pointer currentRequest;
+};
+
+MEMPROXY_CLASS_INLINE(Auth::Basic::User);
+
+} // namespace Basic
+} // namespace Auth
+
+#endif /* _SQUID_AUTH_BASIC_USER_H */
diff -u -r -N squid-3.2.0.6/src/auth/basic/UserRequest.cc squid-3.2.0.7/src/auth/basic/UserRequest.cc
--- squid-3.2.0.6/src/auth/basic/UserRequest.cc 2011-04-04 14:42:49.000000000 +1200
+++ squid-3.2.0.7/src/auth/basic/UserRequest.cc 2011-04-19 12:47:07.000000000 +1200
@@ -1,12 +1,13 @@
#include "config.h"
#include "auth/basic/auth_basic.h"
+#include "auth/basic/User.h"
#include "auth/basic/UserRequest.h"
#include "SquidTime.h"
int
AuthBasicUserRequest::authenticated() const
{
- BasicUser const *basic_auth = dynamic_cast(user().getRaw());
+ Auth::Basic::User const *basic_auth = dynamic_cast(user().getRaw());
if (basic_auth && basic_auth->authenticated())
return 1;
@@ -22,11 +23,11 @@
assert(user() != NULL);
/* if the password is not ok, do an identity */
- if (!user() || user()->credentials() != AuthUser::Ok)
+ if (!user() || user()->credentials() != Auth::Ok)
return;
/* are we about to recheck the credentials externally? */
- if ((user()->expiretime + static_cast(AuthConfig::Find("basic"))->credentialsTTL) <= squid_curtime) {
+ if ((user()->expiretime + static_cast(Auth::Config::Find("basic"))->credentialsTTL) <= squid_curtime) {
debugs(29, 4, HERE << "credentials expired - rechecking");
return;
}
@@ -50,16 +51,16 @@
switch (user()->credentials()) {
- case AuthUser::Unchecked:
- case AuthUser::Pending:
+ case Auth::Unchecked:
+ case Auth::Pending:
return -1;
- case AuthUser::Ok:
- if (user()->expiretime + static_cast(AuthConfig::Find("basic"))->credentialsTTL <= squid_curtime)
+ case Auth::Ok:
+ if (user()->expiretime + static_cast(Auth::Config::Find("basic"))->credentialsTTL <= squid_curtime)
return -1;
return 0;
- case AuthUser::Failed:
+ case Auth::Failed:
return 0;
default:
@@ -72,18 +73,18 @@
AuthBasicUserRequest::module_start(RH * handler, void *data)
{
assert(user()->auth_type == Auth::AUTH_BASIC);
- BasicUser *basic_auth = dynamic_cast(user().getRaw());
+ Auth::Basic::User *basic_auth = dynamic_cast(user().getRaw());
assert(basic_auth != NULL);
debugs(29, 9, HERE << "'" << basic_auth->username() << ":" << basic_auth->passwd << "'");
- if (static_cast(AuthConfig::Find("basic"))->authenticateProgram == NULL) {
+ if (static_cast(Auth::Config::Find("basic"))->authenticateProgram == NULL) {
debugs(29, DBG_CRITICAL, "ERROR: No Basic authentication program configured.");
handler(data, NULL);
return;
}
/* check to see if the auth_user already has a request outstanding */
- if (user()->credentials() == AuthUser::Pending) {
+ if (user()->credentials() == Auth::Pending) {
/* there is a request with the same credentials already being verified */
basic_auth->queueRequest(this, handler, data);
return;
diff -u -r -N squid-3.2.0.6/src/auth/Config.cc squid-3.2.0.7/src/auth/Config.cc
--- squid-3.2.0.6/src/auth/Config.cc 2011-04-04 14:42:49.000000000 +1200
+++ squid-3.2.0.7/src/auth/Config.cc 2011-04-19 12:47:07.000000000 +1200
@@ -36,21 +36,22 @@
#include "auth/Config.h"
#include "auth/UserRequest.h"
-Auth::authConfig Auth::TheConfig;
+Auth::ConfigVector Auth::TheConfig;
/**
- * Get Auth User: Return a filled out auth_user structure for the given
- * Proxy Auth (or Auth) header. It may be a cached Auth User or a new
- * Unauthenticated structure. The structure is given an initial lock here.
+ * Get an User credentials object filled out for the given Proxy- or WWW-Authenticate header.
+ * Any decoding which needs to be done will be done.
+ *
+ * It may be a cached AuthUser or a new Unauthenticated object.
* It may also be NULL reflecting that no user could be created.
*/
AuthUserRequest::Pointer
-AuthConfig::CreateAuthUser(const char *proxy_auth)
+Auth::Config::CreateAuthUser(const char *proxy_auth)
{
assert(proxy_auth != NULL);
- debugs(29, 9, "AuthConfig::CreateAuthUser: header = '" << proxy_auth << "'");
+ debugs(29, 9, HERE << "header = '" << proxy_auth << "'");
- AuthConfig *config = Find(proxy_auth);
+ Auth::Config *config = Find(proxy_auth);
if (config == NULL || !config->active()) {
debugs(29, (shutting_down?3:DBG_IMPORTANT), (shutting_down?"":"WARNING: ") <<
@@ -61,17 +62,17 @@
return config->decode(proxy_auth);
}
-AuthConfig *
-AuthConfig::Find(const char *proxy_auth)
+Auth::Config *
+Auth::Config::Find(const char *proxy_auth)
{
- for (Auth::authConfig::iterator i = Auth::TheConfig.begin(); i != Auth::TheConfig.end(); ++i)
+ for (Auth::ConfigVector::iterator i = Auth::TheConfig.begin(); i != Auth::TheConfig.end(); ++i)
if (strncasecmp(proxy_auth, (*i)->type(), strlen((*i)->type())) == 0)
return *i;
return NULL;
}
-/* Default behaviour is to expose nothing */
+/** Default behaviour is to expose nothing */
void
-AuthConfig::registerWithCacheManager(void)
+Auth::Config::registerWithCacheManager(void)
{}
diff -u -r -N squid-3.2.0.6/src/auth/Config.h squid-3.2.0.7/src/auth/Config.h
--- squid-3.2.0.6/src/auth/Config.h 2011-04-04 14:42:49.000000000 +1200
+++ squid-3.2.0.7/src/auth/Config.h 2011-04-19 12:47:07.000000000 +1200
@@ -29,8 +29,8 @@
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
*
*/
-#ifndef SQUID_AUTHCONFIG_H
-#define SQUID_AUTHCONFIG_H
+#ifndef SQUID_AUTH_CONFIG_H
+#define SQUID_AUTH_CONFIG_H
#if USE_AUTH
@@ -45,28 +45,30 @@
/* for http_hdr_type parameters-by-value */
#include "HttpHeader.h"
+namespace Auth
+{
/**
- \ingroup AuthAPI
- \par
+ * \ingroup AuthAPI
+ * \par
* I am the configuration for an auth scheme.
* Currently each scheme has only one instance of me,
* but this may change.
- \par
+ * \par
* This class is treated like a ref counted class.
* If the children ever stop being singletons, implement the
* ref counting...
*/
-class AuthConfig
+class Config
{
public:
static AuthUserRequest::Pointer CreateAuthUser(const char *proxy_auth);
- static AuthConfig *Find(const char *proxy_auth);
- AuthConfig() : authenticateChildren(20), authenticateProgram(NULL) {}
+ static Config *Find(const char *proxy_auth);
+ Config() : authenticateChildren(20), authenticateProgram(NULL) {}
- virtual ~AuthConfig() {}
+ virtual ~Config() {}
/**
* Used by squid to determine whether the auth module has successfully initialised itself with the current configuration.
@@ -117,16 +119,20 @@
* Responsible for writing to the StoreEntry the configuration parameters that a user
* would put in a config file to recreate the running configuration.
*/
- virtual void dump(StoreEntry *, const char *, AuthConfig *) = 0;
+ virtual void dump(StoreEntry *, const char *, Config *) = 0;
/** add headers as needed when challenging for auth */
virtual void fixHeader(AuthUserRequest::Pointer, HttpReply *, http_hdr_type, HttpRequest *) = 0;
+
/** prepare to handle requests */
- virtual void init(AuthConfig *) = 0;
+ virtual void init(Config *) = 0;
+
/** expose any/all statistics to a CacheManager */
virtual void registerWithCacheManager(void);
+
/** parse config options */
- virtual void parse(AuthConfig *, int, char *) = 0;
+ virtual void parse(Config *, int, char *) = 0;
+
/** the http string id */
virtual const char * type() const = 0;
@@ -135,12 +141,9 @@
wordlist *authenticateProgram; ///< Helper program to run, includes all parameters
};
-namespace Auth
-{
-
-typedef Vector authConfig;
+typedef Vector ConfigVector;
-extern authConfig TheConfig;
+extern ConfigVector TheConfig;
} // namespace Auth
diff -u -r -N squid-3.2.0.6/src/auth/CredentialState.cc squid-3.2.0.7/src/auth/CredentialState.cc
--- squid-3.2.0.6/src/auth/CredentialState.cc 1970-01-01 12:00:00.000000000 +1200
+++ squid-3.2.0.7/src/auth/CredentialState.cc 2011-04-19 13:14:32.000000000 +1200
@@ -0,0 +1,16 @@
+/*
+ * Auto-Generated File. Changes will be destroyed.
+ */
+#include "config.h"
+#include "auth/CredentialState.h"
+namespace Auth
+{
+
+const char *CredentialState_str[] = {
+ "Unchecked",
+ "Ok",
+ "Pending",
+ "Handshake",
+ "Failed"
+};
+}; // namespace Auth
diff -u -r -N squid-3.2.0.6/src/auth/CredentialState.h squid-3.2.0.7/src/auth/CredentialState.h
--- squid-3.2.0.6/src/auth/CredentialState.h 1970-01-01 12:00:00.000000000 +1200
+++ squid-3.2.0.7/src/auth/CredentialState.h 2011-04-19 12:47:07.000000000 +1200
@@ -0,0 +1,19 @@
+#ifndef _SQUID_AUTH_CREDENTIALSTATE_H
+#define _SQUID_AUTH_CREDENTIALSTATE_H
+
+namespace Auth
+{
+
+typedef enum {
+ Unchecked,
+ Ok,
+ Pending,
+ Handshake,
+ Failed
+} CredentialState;
+
+extern const char *CredentialState_str[];
+
+} // namespace Auth
+
+#endif /* _SQUID_AUTH_CREDENTIALSTATE_H */
diff -u -r -N squid-3.2.0.6/src/auth/digest/auth_digest.cc squid-3.2.0.7/src/auth/digest/auth_digest.cc
--- squid-3.2.0.6/src/auth/digest/auth_digest.cc 2011-04-04 14:42:49.000000000 +1200
+++ squid-3.2.0.7/src/auth/digest/auth_digest.cc 2011-04-19 12:47:07.000000000 +1200
@@ -41,8 +41,10 @@
#include "rfc2617.h"
#include "auth/digest/auth_digest.h"
#include "auth/digest/Scheme.h"
+#include "auth/digest/User.h"
#include "auth/digest/UserRequest.h"
#include "auth/Gadgets.h"
+#include "auth/State.h"
#include "base64.h"
#include "event.h"
#include "mgr/Registration.h"
@@ -110,7 +112,6 @@
static int authDigestNonceLinks(digest_nonce_h * nonce);
#endif
static void authDigestNonceUserUnlink(digest_nonce_h * nonce);
-static void authDigestNoncePurge(digest_nonce_h * nonce);
static void
authDigestNonceEncode(digest_nonce_h * nonce)
@@ -225,7 +226,7 @@
if (!digest_nonce_cache) {
digest_nonce_cache = hash_create((HASHCMP *) strcmp, 7921, hash_string);
assert(digest_nonce_cache);
- eventAdd("Digest none cache maintenance", authenticateDigestNonceCacheCleanup, NULL, static_cast(AuthConfig::Find("digest"))->nonceGCInterval, 1);
+ eventAdd("Digest none cache maintenance", authenticateDigestNonceCacheCleanup, NULL, static_cast(Auth::Config::Find("digest"))->nonceGCInterval, 1);
}
}
@@ -288,8 +289,8 @@
debugs(29, 3, "authenticateDigestNonceCacheCleanup: Finished cleaning the nonce cache.");
- if (static_cast(AuthConfig::Find("digest"))->active())
- eventAdd("Digest none cache maintenance", authenticateDigestNonceCacheCleanup, NULL, static_cast(AuthConfig::Find("digest"))->nonceGCInterval, 1);
+ if (static_cast(Auth::Config::Find("digest"))->active())
+ eventAdd("Digest none cache maintenance", authenticateDigestNonceCacheCleanup, NULL, static_cast(Auth::Config::Find("digest"))->nonceGCInterval, 1);
}
static void
@@ -376,12 +377,12 @@
}
/* is the nonce-count ok ? */
- if (!static_cast(AuthConfig::Find("digest"))->CheckNonceCount) {
+ if (!static_cast(Auth::Config::Find("digest"))->CheckNonceCount) {
nonce->nc++;
return -1; /* forced OK by configuration */
}
- if ((static_cast(AuthConfig::Find("digest"))->NonceStrictness && intnc != nonce->nc + 1) ||
+ if ((static_cast(Auth::Config::Find("digest"))->NonceStrictness && intnc != nonce->nc + 1) ||
intnc < nonce->nc + 1) {
debugs(29, 4, "authDigestNonceIsValid: Nonce count doesn't match");
nonce->flags.valid = 0;
@@ -406,10 +407,10 @@
return -1;
/* has it's max duration expired? */
- if (nonce->noncedata.creationtime + static_cast(AuthConfig::Find("digest"))->noncemaxduration < current_time.tv_sec) {
+ if (nonce->noncedata.creationtime + static_cast(Auth::Config::Find("digest"))->noncemaxduration < current_time.tv_sec) {
debugs(29, 4, "authDigestNonceIsStale: Nonce is too old. " <<
nonce->noncedata.creationtime << " " <<
- static_cast(AuthConfig::Find("digest"))->noncemaxduration << " " <<
+ static_cast(Auth::Config::Find("digest"))->noncemaxduration << " " <<
current_time.tv_sec);
nonce->flags.valid = 0;
@@ -422,7 +423,7 @@
return -1;
}
- if (nonce->nc > static_cast(AuthConfig::Find("digest"))->noncemaxuses) {
+ if (nonce->nc > static_cast(Auth::Config::Find("digest"))->noncemaxuses) {
debugs(29, 4, "authDigestNoncelastRequest: Nonce count over user limit");
nonce->flags.valid = 0;
return -1;
@@ -447,7 +448,7 @@
return -1;
}
- if (nonce->nc >= static_cast(AuthConfig::Find("digest"))->noncemaxuses - 1) {
+ if (nonce->nc >= static_cast(Auth::Config::Find("digest"))->noncemaxuses - 1) {
debugs(29, 4, "authDigestNoncelastRequest: Nonce count about to hit user limit");
return -1;
}
@@ -456,7 +457,7 @@
return 0;
}
-static void
+void
authDigestNoncePurge(digest_nonce_h * nonce)
{
if (!nonce)
@@ -474,7 +475,7 @@
}
/* USER related functions */
-static AuthUser::Pointer
+static Auth::User::Pointer
authDigestUserFindUsername(const char *username)
{
AuthUserHashPointer *usernamehash;
@@ -493,7 +494,7 @@
}
void
-AuthDigestConfig::rotateHelpers()
+Auth::Digest::Config::rotateHelpers()
{
/* schedule closure of existing helpers */
if (digestauthenticators) {
@@ -504,7 +505,7 @@
}
void
-AuthDigestConfig::dump(StoreEntry * entry, const char *name, AuthConfig * scheme)
+Auth::Digest::Config::dump(StoreEntry * entry, const char *name, Auth::Config * scheme)
{
wordlist *list = authenticateProgram;
debugs(29, 9, "authDigestCfgDump: Dumping configuration");
@@ -524,13 +525,13 @@
}
bool
-AuthDigestConfig::active() const
+Auth::Digest::Config::active() const
{
return authdigest_initialised == 1;
}
bool
-AuthDigestConfig::configured() const
+Auth::Digest::Config::configured() const
{
if ((authenticateProgram != NULL) &&
(authenticateChildren.n_max != 0) &&
@@ -542,7 +543,7 @@
/* add the [www-|Proxy-]authenticate header on a 407 or 401 reply */
void
-AuthDigestConfig::fixHeader(AuthUserRequest::Pointer auth_user_request, HttpReply *rep, http_hdr_type hdrType, HttpRequest * request)
+Auth::Digest::Config::fixHeader(AuthUserRequest::Pointer auth_user_request, HttpReply *rep, http_hdr_type hdrType, HttpRequest * request)
{
if (!authenticateProgram)
return;
@@ -569,48 +570,10 @@
httpHeaderPutStrf(&rep->header, hdrType, "Digest realm=\"%s\", nonce=\"%s\", qop=\"%s\", stale=%s", digestAuthRealm, authenticateDigestNonceNonceb64(nonce), QOP_AUTH, stale ? "true" : "false");
}
-DigestUser::~DigestUser()
-{
- dlink_node *link, *tmplink;
- link = nonces.head;
-
- while (link) {
- tmplink = link;
- link = link->next;
- dlinkDelete(tmplink, &nonces);
- authDigestNoncePurge(static_cast < digest_nonce_h * >(tmplink->data));
- authDigestNonceUnlink(static_cast < digest_nonce_h * >(tmplink->data));
- dlinkNodeDelete(tmplink);
- }
-}
-
-int32_t
-DigestUser::ttl() const
-{
- int32_t global_ttl = static_cast(expiretime - squid_curtime + Config.authenticateTTL);
-
- /* find the longest lasting nonce. */
- int32_t latest_nonce = -1;
- dlink_node *link = nonces.head;
- while (link) {
- digest_nonce_h *nonce = static_cast(link->data);
- if (nonce->flags.valid && nonce->noncedata.creationtime > latest_nonce)
- latest_nonce = nonce->noncedata.creationtime;
-
- link = link->next;
- }
- if (latest_nonce == -1)
- return min(-1, global_ttl);
-
- int32_t nonce_ttl = latest_nonce - current_time.tv_sec + static_cast(AuthConfig::Find("digest"))->noncemaxduration;
-
- return min(nonce_ttl, global_ttl);
-}
-
/* Initialize helpers and the like for this auth scheme. Called AFTER parsing the
* config file */
void
-AuthDigestConfig::init(AuthConfig * scheme)
+Auth::Digest::Config::init(Auth::Config * scheme)
{
if (authenticateProgram) {
DigestFieldsInfo = httpHeaderBuildFieldsInfo(DigestAttrs, DIGEST_ENUM_END);
@@ -633,7 +596,7 @@
}
void
-AuthDigestConfig::registerWithCacheManager(void)
+Auth::Digest::Config::registerWithCacheManager(void)
{
Mgr::RegisterAction("digestauthenticator",
"Digest User Authenticator Stats",
@@ -642,7 +605,7 @@
/* free any allocated configuration details */
void
-AuthDigestConfig::done()
+Auth::Digest::Config::done()
{
authdigest_initialised = 0;
@@ -666,7 +629,7 @@
safe_free(digestAuthRealm);
}
-AuthDigestConfig::AuthDigestConfig()
+Auth::Digest::Config::Config()
{
/* TODO: move into initialisation list */
/* 5 minutes */
@@ -682,7 +645,7 @@
}
void
-AuthDigestConfig::parse(AuthConfig * scheme, int n_configured, char *param_str)
+Auth::Digest::Config::parse(Auth::Config * scheme, int n_configured, char *param_str)
{
if (strcasecmp(param_str, "program") == 0) {
if (authenticateProgram)
@@ -715,7 +678,7 @@
}
const char *
-AuthDigestConfig::type() const
+Auth::Digest::Config::type() const
{
return Auth::Digest::Scheme::GetInstance()->type();
}
@@ -732,7 +695,7 @@
static void
authDigestNonceUserUnlink(digest_nonce_h * nonce)
{
- DigestUser *digest_user;
+ Auth::Digest::User *digest_user;
dlink_node *link, *tmplink;
if (!nonce)
@@ -767,17 +730,15 @@
}
/* authDigestUserLinkNonce: add a nonce to a given user's struct */
-
static void
-authDigestUserLinkNonce(DigestUser * user, digest_nonce_h * nonce)
+authDigestUserLinkNonce(Auth::Digest::User * user, digest_nonce_h * nonce)
{
dlink_node *node;
- DigestUser *digest_user;
if (!user || !nonce)
return;
- digest_user = user;
+ Auth::Digest::User *digest_user = user;
node = digest_user->nonces.head;
@@ -810,7 +771,7 @@
/* log the username */
debugs(29, 9, "authDigestLogUsername: Creating new user for logging '" << username << "'");
- AuthUser::Pointer digest_user = new DigestUser(static_cast(AuthConfig::Find("digest")));
+ Auth::User::Pointer digest_user = new Auth::Digest::User(static_cast(Auth::Config::Find("digest")));
/* save the credentials */
digest_user->username(username);
/* set the auth_user type */
@@ -825,7 +786,7 @@
* Auth_user structure.
*/
AuthUserRequest::Pointer
-AuthDigestConfig::decode(char const *proxy_auth)
+Auth::Digest::Config::decode(char const *proxy_auth)
{
const char *item;
const char *p;
@@ -1045,7 +1006,7 @@
/* we couldn't find a matching nonce! */
debugs(29, 2, "authenticateDigestDecode: Unexpected or invalid nonce received");
if (digest_request->user() != NULL)
- digest_request->user()->credentials(AuthUser::Failed);
+ digest_request->user()->credentials(Auth::Failed);
return authDigestLogUsername(username, digest_request);
}
@@ -1064,14 +1025,14 @@
/* we don't send or parse opaques. Ok so we're flexable ... */
/* find the user */
- DigestUser *digest_user;
+ Auth::Digest::User *digest_user;
- AuthUser::Pointer auth_user;
+ Auth::User::Pointer auth_user;
if ((auth_user = authDigestUserFindUsername(username)) == NULL) {
/* the user doesn't exist in the username cache yet */
debugs(29, 9, "authDigestDecodeAuth: Creating new digest user '" << username << "'");
- digest_user = new DigestUser(this);
+ digest_user = new Auth::Digest::User(this);
/* auth_user is a parent */
auth_user = digest_user;
/* save the username */
@@ -1091,7 +1052,7 @@
authDigestUserLinkNonce(digest_user, nonce);
} else {
debugs(29, 9, "authDigestDecodeAuth: Found user '" << username << "' in the user cache as '" << auth_user << "'");
- digest_user = static_cast(auth_user.getRaw());
+ digest_user = static_cast(auth_user.getRaw());
xfree(username);
}
@@ -1109,6 +1070,3 @@
return digest_request;
}
-
-DigestUser::DigestUser(AuthConfig *aConfig) : AuthUser(aConfig), HA1created (0)
-{}
diff -u -r -N squid-3.2.0.6/src/auth/digest/auth_digest.h squid-3.2.0.7/src/auth/digest/auth_digest.h
--- squid-3.2.0.6/src/auth/digest/auth_digest.h 2011-04-04 14:42:49.000000000 +1200
+++ squid-3.2.0.7/src/auth/digest/auth_digest.h 2011-04-19 12:47:07.000000000 +1200
@@ -8,43 +8,23 @@
#include "auth/Config.h"
#include "auth/Gadgets.h"
-#include "auth/State.h"
-#include "auth/User.h"
#include "auth/UserRequest.h"
#include "helper.h"
#include "rfc2617.h"
-/* Generic */
+namespace Auth
+{
+namespace Digest
+{
+class User;
+}
+}
+/* Generic */
typedef struct _digest_nonce_data digest_nonce_data;
-
typedef struct _digest_nonce_h digest_nonce_h;
-class DigestUser : public AuthUser
-{
-
-public:
- MEMPROXY_CLASS(DigestUser);
-
- DigestUser(AuthConfig *);
- ~DigestUser();
- int authenticated() const;
-
- virtual int32_t ttl() const;
-
- HASH HA1;
- int HA1created;
-
- /* what nonces have been allocated to this user */
- dlink_list nonces;
-
-};
-
-MEMPROXY_CLASS_INLINE(DigestUser);
-
-
/* data to be encoded into the nonce's b64 representation */
-
struct _digest_nonce_data {
time_t creationtime;
/* in memory address of the nonce struct (similar purpose to an ETag) */
@@ -61,7 +41,7 @@
/* reference count */
short references;
/* the auth_user this nonce has been tied to */
- DigestUser *user;
+ Auth::Digest::User *user;
/* has this nonce been invalidated ? */
struct {
@@ -75,25 +55,31 @@
extern const char *authenticateDigestNonceNonceb64(const digest_nonce_h * nonce);
extern int authDigestNonceLastRequest(digest_nonce_h * nonce);
extern void authenticateDigestNonceShutdown(void);
+extern void authDigestNoncePurge(digest_nonce_h * nonce);
-/* configuration runtime data */
-
-class AuthDigestConfig : public AuthConfig
+namespace Auth
+{
+namespace Digest
{
+/** Digest Authentication configuration data */
+class Config : public Auth::Config
+{
public:
- AuthDigestConfig();
+ Config();
virtual bool active() const;
virtual bool configured() const;
virtual AuthUserRequest::Pointer decode(char const *proxy_auth);
virtual void done();
virtual void rotateHelpers();
- virtual void dump(StoreEntry *, const char *, AuthConfig *);
+ virtual void dump(StoreEntry *, const char *, Auth::Config *);
virtual void fixHeader(AuthUserRequest::Pointer, HttpReply *, http_hdr_type, HttpRequest *);
- virtual void init(AuthConfig *);
- virtual void parse(AuthConfig *, int, char *);
+ virtual void init(Auth::Config *);
+ virtual void parse(Auth::Config *, int, char *);
virtual void registerWithCacheManager(void);
virtual const char * type() const;
+
+public:
char *digestAuthRealm;
time_t nonceGCInterval;
time_t noncemaxduration;
@@ -104,7 +90,8 @@
int utf8;
};
-typedef class AuthDigestConfig auth_digest_config;
+} // namespace Digest
+} // namespace Auth
/* strings */
#define QOP_AUTH "auth"
diff -u -r -N squid-3.2.0.6/src/auth/digest/Makefile.am squid-3.2.0.7/src/auth/digest/Makefile.am
--- squid-3.2.0.6/src/auth/digest/Makefile.am 2011-04-04 14:42:49.000000000 +1200
+++ squid-3.2.0.7/src/auth/digest/Makefile.am 2011-04-19 12:47:07.000000000 +1200
@@ -8,5 +8,7 @@
Scheme.h \
auth_digest.cc \
auth_digest.h \
+ User.cc \
+ User.h \
UserRequest.cc \
UserRequest.h
diff -u -r -N squid-3.2.0.6/src/auth/digest/Makefile.in squid-3.2.0.7/src/auth/digest/Makefile.in
--- squid-3.2.0.6/src/auth/digest/Makefile.in 2011-04-04 14:43:43.000000000 +1200
+++ squid-3.2.0.7/src/auth/digest/Makefile.in 2011-04-19 12:48:10.000000000 +1200
@@ -55,7 +55,8 @@
CONFIG_CLEAN_VPATH_FILES =
LTLIBRARIES = $(noinst_LTLIBRARIES)
libdigest_la_LIBADD =
-am_libdigest_la_OBJECTS = Scheme.lo auth_digest.lo UserRequest.lo
+am_libdigest_la_OBJECTS = Scheme.lo auth_digest.lo User.lo \
+ UserRequest.lo
libdigest_la_OBJECTS = $(am_libdigest_la_OBJECTS)
DEFAULT_INCLUDES =
depcomp = $(SHELL) $(top_srcdir)/cfgaux/depcomp
@@ -310,6 +311,8 @@
Scheme.h \
auth_digest.cc \
auth_digest.h \
+ User.cc \
+ User.h \
UserRequest.cc \
UserRequest.h
@@ -375,6 +378,7 @@
-rm -f *.tab.c
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/Scheme.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/User.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/UserRequest.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/auth_digest.Plo@am__quote@
diff -u -r -N squid-3.2.0.6/src/auth/digest/Scheme.cc squid-3.2.0.7/src/auth/digest/Scheme.cc
--- squid-3.2.0.6/src/auth/digest/Scheme.cc 2011-04-04 14:42:49.000000000 +1200
+++ squid-3.2.0.7/src/auth/digest/Scheme.cc 2011-04-19 12:47:07.000000000 +1200
@@ -65,11 +65,11 @@
debugs(29, DBG_CRITICAL, "Shutdown: Digest authentication.");
}
-AuthConfig *
+Auth::Config *
Auth::Digest::Scheme::createConfig()
{
- AuthDigestConfig *digestCfg = new AuthDigestConfig;
- return dynamic_cast(digestCfg);
+ Auth::Digest::Config *digestCfg = new Auth::Digest::Config;
+ return dynamic_cast(digestCfg);
}
void
@@ -81,7 +81,7 @@
hash_first(proxy_auth_username_cache);
while ((usernamehash = static_cast(hash_next(proxy_auth_username_cache)) )) {
- AuthUser::Pointer auth_user = usernamehash->user();
+ Auth::User::Pointer auth_user = usernamehash->user();
if (strcmp(auth_user->config->type(), "digest") == 0) {
hash_remove_link(proxy_auth_username_cache, static_cast(usernamehash));
diff -u -r -N squid-3.2.0.6/src/auth/digest/Scheme.h squid-3.2.0.7/src/auth/digest/Scheme.h
--- squid-3.2.0.6/src/auth/digest/Scheme.h 2011-04-04 14:42:49.000000000 +1200
+++ squid-3.2.0.7/src/auth/digest/Scheme.h 2011-04-19 12:47:07.000000000 +1200
@@ -54,7 +54,7 @@
/* per scheme */
virtual char const *type () const;
virtual void shutdownCleanup();
- virtual AuthConfig *createConfig();
+ virtual Auth::Config *createConfig();
/* Not implemented */
Scheme(Scheme const &);
diff -u -r -N squid-3.2.0.6/src/auth/digest/User.cc squid-3.2.0.7/src/auth/digest/User.cc
--- squid-3.2.0.6/src/auth/digest/User.cc 1970-01-01 12:00:00.000000000 +1200
+++ squid-3.2.0.7/src/auth/digest/User.cc 2011-04-19 12:47:07.000000000 +1200
@@ -0,0 +1,49 @@
+#include "config.h"
+#include "auth/digest/auth_digest.h"
+#include "auth/digest/User.h"
+#include "Debug.h"
+#include "dlink.h"
+#include "SquidTime.h"
+
+Auth::Digest::User::User(Auth::Config *aConfig) :
+ Auth::User(aConfig),
+ HA1created(0)
+{}
+
+Auth::Digest::User::~User()
+{
+ dlink_node *link, *tmplink;
+ link = nonces.head;
+
+ while (link) {
+ tmplink = link;
+ link = link->next;
+ dlinkDelete(tmplink, &nonces);
+ authDigestNoncePurge(static_cast < digest_nonce_h * >(tmplink->data));
+ authDigestNonceUnlink(static_cast < digest_nonce_h * >(tmplink->data));
+ dlinkNodeDelete(tmplink);
+ }
+}
+
+int32_t
+Auth::Digest::User::ttl() const
+{
+ int32_t global_ttl = static_cast(expiretime - squid_curtime + ::Config.authenticateTTL);
+
+ /* find the longest lasting nonce. */
+ int32_t latest_nonce = -1;
+ dlink_node *link = nonces.head;
+ while (link) {
+ digest_nonce_h *nonce = static_cast(link->data);
+ if (nonce->flags.valid && nonce->noncedata.creationtime > latest_nonce)
+ latest_nonce = nonce->noncedata.creationtime;
+
+ link = link->next;
+ }
+ if (latest_nonce == -1)
+ return min(-1, global_ttl);
+
+ int32_t nonce_ttl = latest_nonce - current_time.tv_sec + static_cast(Auth::Config::Find("digest"))->noncemaxduration;
+
+ return min(nonce_ttl, global_ttl);
+}
diff -u -r -N squid-3.2.0.6/src/auth/digest/User.h squid-3.2.0.7/src/auth/digest/User.h
--- squid-3.2.0.6/src/auth/digest/User.h 1970-01-01 12:00:00.000000000 +1200
+++ squid-3.2.0.7/src/auth/digest/User.h 2011-04-19 12:47:07.000000000 +1200
@@ -0,0 +1,35 @@
+#ifndef _SQUID_AUTH_DIGEST_USER_H
+#define _SQUID_AUTH_DIGEST_USER_H
+
+#include "auth/User.h"
+
+namespace Auth
+{
+namespace Digest
+{
+
+/** User credentials for the Digest authentication protocol */
+class User : public Auth::User
+{
+public:
+ MEMPROXY_CLASS(Auth::Digest::User);
+
+ User(Auth::Config *);
+ ~User();
+ int authenticated() const;
+
+ virtual int32_t ttl() const;
+
+ HASH HA1;
+ int HA1created;
+
+ /* what nonces have been allocated to this user */
+ dlink_list nonces;
+};
+
+MEMPROXY_CLASS_INLINE(Auth::Digest::User);
+
+} // namespace Digest
+} // namespace Auth
+
+#endif /* _SQUID_AUTH_DIGEST_USER_H */
diff -u -r -N squid-3.2.0.6/src/auth/digest/UserRequest.cc squid-3.2.0.7/src/auth/digest/UserRequest.cc
--- squid-3.2.0.6/src/auth/digest/UserRequest.cc 2011-04-04 14:42:49.000000000 +1200
+++ squid-3.2.0.7/src/auth/digest/UserRequest.cc 2011-04-19 12:47:07.000000000 +1200
@@ -1,5 +1,6 @@
#include "config.h"
#include "auth/digest/auth_digest.h"
+#include "auth/digest/User.h"
#include "auth/digest/UserRequest.h"
#include "auth/State.h"
#include "charset.h"
@@ -45,7 +46,7 @@
int
AuthDigestUserRequest::authenticated() const
{
- if (user() != NULL && user()->credentials() == AuthUser::Ok)
+ if (user() != NULL && user()->credentials() == Auth::Ok)
return 1;
return 0;
@@ -61,26 +62,26 @@
HASHHEX Response;
/* if the check has corrupted the user, just return */
- if (user() == NULL || user()->credentials() == AuthUser::Failed) {
+ if (user() == NULL || user()->credentials() == Auth::Failed) {
return;
}
- AuthUser::Pointer auth_user = user();
+ Auth::User::Pointer auth_user = user();
- DigestUser *digest_user = dynamic_cast(auth_user.getRaw());
+ Auth::Digest::User *digest_user = dynamic_cast(auth_user.getRaw());
assert(digest_user != NULL);
AuthDigestUserRequest *digest_request = this;
/* do we have the HA1 */
if (!digest_user->HA1created) {
- auth_user->credentials(AuthUser::Pending);
+ auth_user->credentials(Auth::Pending);
return;
}
if (digest_request->nonce == NULL) {
/* this isn't a nonce we issued */
- auth_user->credentials(AuthUser::Failed);
+ auth_user->credentials(Auth::Failed);
return;
}
@@ -98,11 +99,11 @@
if (!digest_request->flags.helper_queried) {
/* Query the helper in case the password has changed */
digest_request->flags.helper_queried = 1;
- auth_user->credentials(AuthUser::Pending);
+ auth_user->credentials(Auth::Pending);
return;
}
- if (static_cast(AuthConfig::Find("digest"))->PostWorkaround && request->method != METHOD_GET) {
+ if (static_cast(Auth::Config::Find("digest"))->PostWorkaround && request->method != METHOD_GET) {
/* Ugly workaround for certain very broken browsers using the
* wrong method to calculate the request-digest on POST request.
* This should be deleted once Digest authentication becomes more
@@ -114,7 +115,7 @@
RequestMethodStr(METHOD_GET), digest_request->uri, HA2, Response);
if (strcasecmp(digest_request->response, Response)) {
- auth_user->credentials(AuthUser::Failed);
+ auth_user->credentials(Auth::Failed);
digest_request->flags.invalid_password = 1;
digest_request->setDenyMessage("Incorrect password");
return;
@@ -139,7 +140,7 @@
}
}
} else {
- auth_user->credentials(AuthUser::Failed);
+ auth_user->credentials(Auth::Failed);
digest_request->flags.invalid_password = 1;
digest_request->setDenyMessage("Incorrect password");
return;
@@ -148,13 +149,13 @@
/* check for stale nonce */
if (!authDigestNonceIsValid(digest_request->nonce, digest_request->nc)) {
debugs(29, 3, "authenticateDigestAuthenticateuser: user '" << auth_user->username() << "' validated OK but nonce stale");
- auth_user->credentials(AuthUser::Failed);
+ auth_user->credentials(Auth::Failed);
digest_request->setDenyMessage("Stale nonce");
return;
}
}
- auth_user->credentials(AuthUser::Ok);
+ auth_user->credentials(Auth::Ok);
/* password was checked and did match */
debugs(29, 4, "authenticateDigestAuthenticateuser: user '" << auth_user->username() << "' validated OK");
@@ -173,15 +174,15 @@
switch (user()->credentials()) {
- case AuthUser::Ok:
+ case Auth::Ok:
return 0;
- case AuthUser::Failed:
+ case Auth::Failed:
/* send new challenge */
return 1;
- case AuthUser::Unchecked:
- case AuthUser::Pending:
+ case Auth::Unchecked:
+ case Auth::Pending:
return -1;
default:
@@ -209,7 +210,7 @@
return;
#endif
- if ((static_cast(AuthConfig::Find("digest"))->authenticateProgram) && authDigestNonceLastRequest(nonce)) {
+ if ((static_cast(Auth::Config::Find("digest"))->authenticateProgram) && authDigestNonceLastRequest(nonce)) {
flags.authinfo_sent = 1;
debugs(29, 9, "authDigestAddHead: Sending type:" << type << " header: 'nextnonce=\"" << authenticateDigestNonceNonceb64(nonce) << "\"");
httpHeaderPutStrf(&rep->header, type, "nextnonce=\"%s\"", authenticateDigestNonceNonceb64(nonce));
@@ -237,7 +238,7 @@
type = accel ? HDR_AUTHENTICATION_INFO : HDR_PROXY_AUTHENTICATION_INFO;
- if ((static_cast(digestScheme::GetInstance()->getConfig())->authenticate) && authDigestNonceLastRequest(nonce)) {
+ if ((static_cast(digestScheme::GetInstance()->getConfig())->authenticate) && authDigestNonceLastRequest(nonce)) {
debugs(29, 9, "authDigestAddTrailer: Sending type:" << type << " header: 'nextnonce=\"" << authenticateDigestNonceNonceb64(nonce) << "\"");
httpTrailerPutStrf(&rep->header, type, "nextnonce=\"%s\"", authenticateDigestNonceNonceb64(nonce));
}
@@ -254,7 +255,7 @@
assert(user() != NULL && user()->auth_type == Auth::AUTH_DIGEST);
debugs(29, 9, "authenticateStart: '\"" << user()->username() << "\":\"" << realm << "\"'");
- if (static_cast(AuthConfig::Find("digest"))->authenticateProgram == NULL) {
+ if (static_cast(Auth::Config::Find("digest"))->authenticateProgram == NULL) {
debugs(29, DBG_CRITICAL, "ERROR: No Digest authentication program configured.");
handler(data, NULL);
return;
@@ -264,7 +265,7 @@
r->handler = handler;
r->data = cbdataReference(data);
r->auth_user_request = static_cast(this);
- if (static_cast(AuthConfig::Find("digest"))->utf8) {
+ if (static_cast(Auth::Config::Find("digest"))->utf8) {
char userstr[1024];
latin1_to_utf8(userstr, sizeof(userstr), user()->username());
snprintf(buf, 8192, "\"%s\":\"%s\"\n", userstr, realm);
@@ -299,14 +300,14 @@
AuthDigestUserRequest *digest_request = dynamic_cast(auth_user_request.getRaw());
assert(digest_request);
- digest_request->user()->credentials(AuthUser::Failed);
+ digest_request->user()->credentials(Auth::Failed);
digest_request->flags.invalid_password = 1;
if (t && *t)
digest_request->setDenyMessage(t);
} else if (reply) {
/* allow this because the digest_request pointer is purely local */
- DigestUser *digest_user = dynamic_cast(auth_user_request->user().getRaw());
+ Auth::Digest::User *digest_user = dynamic_cast(auth_user_request->user().getRaw());
assert(digest_user != NULL);
CvtBin(reply, digest_user->HA1);
diff -u -r -N squid-3.2.0.6/src/auth/Gadgets.cc squid-3.2.0.7/src/auth/Gadgets.cc
--- squid-3.2.0.6/src/auth/Gadgets.cc 2011-04-04 14:42:49.000000000 +1200
+++ squid-3.2.0.7/src/auth/Gadgets.cc 2011-04-19 12:47:07.000000000 +1200
@@ -56,7 +56,7 @@
{
int rv = 0;
- for (Auth::authConfig::iterator i = Auth::TheConfig.begin(); i != Auth::TheConfig.end(); ++i)
+ for (Auth::ConfigVector::iterator i = Auth::TheConfig.begin(); i != Auth::TheConfig.end(); ++i)
if ((*i)->configured())
++rv;
@@ -76,34 +76,34 @@
}
static void
-authenticateRegisterWithCacheManager(Auth::authConfig * config)
+authenticateRegisterWithCacheManager(Auth::ConfigVector * config)
{
- for (Auth::authConfig::iterator i = config->begin(); i != config->end(); ++i) {
- AuthConfig *scheme = *i;
+ for (Auth::ConfigVector::iterator i = config->begin(); i != config->end(); ++i) {
+ Auth::Config *scheme = *i;
scheme->registerWithCacheManager();
}
}
void
-authenticateInit(Auth::authConfig * config)
+authenticateInit(Auth::ConfigVector * config)
{
/* Do this first to clear memory and remove dead state on a reconfigure */
if (proxy_auth_username_cache)
- AuthUser::CachedACLsReset();
+ Auth::User::CachedACLsReset();
/* If we do not have any auth config state to create stop now. */
if (!config)
return;
- for (Auth::authConfig::iterator i = config->begin(); i != config->end(); ++i) {
- AuthConfig *schemeCfg = *i;
+ for (Auth::ConfigVector::iterator i = config->begin(); i != config->end(); ++i) {
+ Auth::Config *schemeCfg = *i;
if (schemeCfg->configured())
schemeCfg->init(schemeCfg);
}
if (!proxy_auth_username_cache)
- AuthUser::cacheInit();
+ Auth::User::cacheInit();
authenticateRegisterWithCacheManager(config);
}
@@ -111,7 +111,7 @@
void
authenticateRotate(void)
{
- for (Auth::authConfig::iterator i = Auth::TheConfig.begin(); i != Auth::TheConfig.end(); ++i)
+ for (Auth::ConfigVector::iterator i = Auth::TheConfig.begin(); i != Auth::TheConfig.end(); ++i)
if ((*i)->configured())
(*i)->rotateHelpers();
}
@@ -137,7 +137,7 @@
Auth::TheConfig.clean();
}
-AuthUserHashPointer::AuthUserHashPointer(AuthUser::Pointer anAuth_user):
+AuthUserHashPointer::AuthUserHashPointer(Auth::User::Pointer anAuth_user):
auth_user(anAuth_user)
{
key = (void *)anAuth_user->username();
@@ -145,7 +145,7 @@
hash_join(proxy_auth_username_cache, (hash_link *) this);
}
-AuthUser::Pointer
+Auth::User::Pointer
AuthUserHashPointer::user() const
{
return auth_user;
diff -u -r -N squid-3.2.0.6/src/auth/Gadgets.h squid-3.2.0.7/src/auth/Gadgets.h
--- squid-3.2.0.6/src/auth/Gadgets.h 2011-04-04 14:42:49.000000000 +1200
+++ squid-3.2.0.7/src/auth/Gadgets.h 2011-04-19 12:47:07.000000000 +1200
@@ -40,8 +40,6 @@
#include "auth/Config.h"
#include "auth/User.h"
-class AuthUser;
-
/**
\ingroup AuthAPI
*
@@ -61,13 +59,13 @@
public:
MEMPROXY_CLASS(AuthUserHashPointer);
- AuthUserHashPointer(AuthUser::Pointer);
+ AuthUserHashPointer(Auth::User::Pointer);
~AuthUserHashPointer() { auth_user = NULL; };
- AuthUser::Pointer user() const;
+ Auth::User::Pointer user() const;
private:
- AuthUser::Pointer auth_user;
+ Auth::User::Pointer auth_user;
};
MEMPROXY_CLASS_INLINE(AuthUserHashPointer);
@@ -86,7 +84,7 @@
typedef void AUTHSSTATS(StoreEntry *);
/// \ingroup AuthAPI
-extern void authenticateInit(Auth::authConfig *);
+extern void authenticateInit(Auth::ConfigVector *);
/** \ingroup AuthAPI
* Remove all idle authentication state. Intended for use by reconfigure.
diff -u -r -N squid-3.2.0.6/src/auth/Makefile.am squid-3.2.0.7/src/auth/Makefile.am
--- squid-3.2.0.6/src/auth/Makefile.am 2011-04-04 14:42:49.000000000 +1200
+++ squid-3.2.0.7/src/auth/Makefile.am 2011-04-19 12:47:07.000000000 +1200
@@ -14,6 +14,8 @@
Type.cc \
Config.cc \
Config.h \
+ CredentialState.cc \
+ CredentialState.h \
Gadgets.cc \
Gadgets.h \
Scheme.cc \
@@ -40,7 +42,10 @@
AclProxyAuth.h \
AuthAclState.h
+CredentialState.cc: CredentialState.h $(top_srcdir)/src/mk-string-arrays.awk
+ $(AWK) -f $(top_srcdir)/src/mk-string-arrays.awk < $(srcdir)/CredentialState.h > $@ || (rm -f $@ ; exit 1)
+
Type.cc: Type.h $(top_srcdir)/src/mk-string-arrays.awk
$(AWK) -f $(top_srcdir)/src/mk-string-arrays.awk < $(srcdir)/Type.h > $@ || (rm -f $@ ; exit 1)
-CLEANFILES += Type.cc
+CLEANFILES += CredentialState.cc Type.cc
diff -u -r -N squid-3.2.0.6/src/auth/Makefile.in squid-3.2.0.7/src/auth/Makefile.in
--- squid-3.2.0.6/src/auth/Makefile.in 2011-04-04 14:43:42.000000000 +1200
+++ squid-3.2.0.7/src/auth/Makefile.in 2011-04-19 12:48:09.000000000 +1200
@@ -58,8 +58,8 @@
am_libacls_la_OBJECTS = Acl.lo AclMaxUserIp.lo AclProxyAuth.lo
libacls_la_OBJECTS = $(am_libacls_la_OBJECTS)
am__DEPENDENCIES_1 =
-am_libauth_la_OBJECTS = Type.lo Config.lo Gadgets.lo Scheme.lo \
- State.lo User.lo UserRequest.lo
+am_libauth_la_OBJECTS = Type.lo Config.lo CredentialState.lo \
+ Gadgets.lo Scheme.lo State.lo User.lo UserRequest.lo
libauth_la_OBJECTS = $(am_libauth_la_OBJECTS)
DEFAULT_INCLUDES =
depcomp = $(SHELL) $(top_srcdir)/cfgaux/depcomp
@@ -336,7 +336,7 @@
top_srcdir = @top_srcdir@
AM_CFLAGS = $(SQUID_CFLAGS)
AM_CXXFLAGS = $(SQUID_CXXFLAGS)
-CLEANFILES = testHeaders Type.cc
+CLEANFILES = testHeaders CredentialState.cc Type.cc
TESTS = testHeaders
INCLUDES = -I$(top_srcdir) -I$(top_srcdir)/include -I$(top_srcdir)/lib \
-I$(top_srcdir)/src -I$(top_builddir)/include \
@@ -353,6 +353,8 @@
Type.cc \
Config.cc \
Config.h \
+ CredentialState.cc \
+ CredentialState.h \
Gadgets.cc \
Gadgets.h \
Scheme.cc \
@@ -444,6 +446,7 @@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/AclMaxUserIp.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/AclProxyAuth.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/Config.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/CredentialState.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/Gadgets.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/Scheme.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/State.Plo@am__quote@
@@ -894,6 +897,9 @@
.PHONY: testHeaders
+CredentialState.cc: CredentialState.h $(top_srcdir)/src/mk-string-arrays.awk
+ $(AWK) -f $(top_srcdir)/src/mk-string-arrays.awk < $(srcdir)/CredentialState.h > $@ || (rm -f $@ ; exit 1)
+
Type.cc: Type.h $(top_srcdir)/src/mk-string-arrays.awk
$(AWK) -f $(top_srcdir)/src/mk-string-arrays.awk < $(srcdir)/Type.h > $@ || (rm -f $@ ; exit 1)
diff -u -r -N squid-3.2.0.6/src/auth/negotiate/auth_negotiate.cc squid-3.2.0.7/src/auth/negotiate/auth_negotiate.cc
--- squid-3.2.0.6/src/auth/negotiate/auth_negotiate.cc 2011-04-04 14:42:49.000000000 +1200
+++ squid-3.2.0.7/src/auth/negotiate/auth_negotiate.cc 2011-04-19 12:47:07.000000000 +1200
@@ -48,6 +48,7 @@
#include "HttpRequest.h"
#include "SquidTime.h"
#include "auth/negotiate/Scheme.h"
+#include "auth/negotiate/User.h"
#include "auth/negotiate/UserRequest.h"
#include "wordlist.h"
@@ -66,7 +67,7 @@
static int authnegotiate_initialised = 0;
/// \ingroup AuthNegotiateInternal
-AuthNegotiateConfig negotiateConfig;
+Auth::Negotiate::Config negotiateConfig;
/// \ingroup AuthNegotiateInternal
static hash_table *proxy_auth_cache = NULL;
@@ -78,7 +79,7 @@
*/
void
-AuthNegotiateConfig::rotateHelpers()
+Auth::Negotiate::Config::rotateHelpers()
{
/* schedule closure of existing helpers */
if (negotiateauthenticators) {
@@ -89,7 +90,7 @@
}
void
-AuthNegotiateConfig::done()
+Auth::Negotiate::Config::done()
{
authnegotiate_initialised = 0;
@@ -106,11 +107,11 @@
if (authenticateProgram)
wordlistDestroy(&authenticateProgram);
- debugs(29, 2, "negotiateScheme::done: Negotiate authentication Shutdown.");
+ debugs(29, DBG_IMPORTANT, "Reconfigure: Negotiate authentication configuration cleared.");
}
void
-AuthNegotiateConfig::dump(StoreEntry * entry, const char *name, AuthConfig * scheme)
+Auth::Negotiate::Config::dump(StoreEntry * entry, const char *name, Auth::Config * scheme)
{
wordlist *list = authenticateProgram;
storeAppendPrintf(entry, "%s %s", name, "negotiate");
@@ -126,11 +127,11 @@
}
-AuthNegotiateConfig::AuthNegotiateConfig() : keep_alive(1)
+Auth::Negotiate::Config::Config() : keep_alive(1)
{ }
void
-AuthNegotiateConfig::parse(AuthConfig * scheme, int n_configured, char *param_str)
+Auth::Negotiate::Config::parse(Auth::Config * scheme, int n_configured, char *param_str)
{
if (strcasecmp(param_str, "program") == 0) {
if (authenticateProgram)
@@ -144,12 +145,12 @@
} else if (strcasecmp(param_str, "keep_alive") == 0) {
parse_onoff(&keep_alive);
} else {
- debugs(29, 0, "AuthNegotiateConfig::parse: unrecognised negotiate auth scheme parameter '" << param_str << "'");
+ debugs(29, DBG_CRITICAL, "ERROR: unrecognised Negotiate auth scheme parameter '" << param_str << "'");
}
}
const char *
-AuthNegotiateConfig::type() const
+Auth::Negotiate::Config::type() const
{
return Auth::Negotiate::Scheme::GetInstance()->type();
}
@@ -159,7 +160,7 @@
* Called AFTER parsing the config file
*/
void
-AuthNegotiateConfig::init(AuthConfig * scheme)
+Auth::Negotiate::Config::init(Auth::Config * scheme)
{
if (authenticateProgram) {
@@ -186,7 +187,7 @@
}
void
-AuthNegotiateConfig::registerWithCacheManager(void)
+Auth::Negotiate::Config::registerWithCacheManager(void)
{
Mgr::RegisterAction("negotiateauthenticator",
"Negotiate User Authenticator Stats",
@@ -194,27 +195,27 @@
}
bool
-AuthNegotiateConfig::active() const
+Auth::Negotiate::Config::active() const
{
return authnegotiate_initialised == 1;
}
bool
-AuthNegotiateConfig::configured() const
+Auth::Negotiate::Config::configured() const
{
if (authenticateProgram && (authenticateChildren.n_max != 0)) {
- debugs(29, 9, "AuthNegotiateConfig::configured: returning configured");
+ debugs(29, 9, HERE << "returning configured");
return true;
}
- debugs(29, 9, "AuthNegotiateConfig::configured: returning unconfigured");
+ debugs(29, 9, HERE << "returning unconfigured");
return false;
}
/* Negotiate Scheme */
void
-AuthNegotiateConfig::fixHeader(AuthUserRequest::Pointer auth_user_request, HttpReply *rep, http_hdr_type reqType, HttpRequest * request)
+Auth::Negotiate::Config::fixHeader(AuthUserRequest::Pointer auth_user_request, HttpReply *rep, http_hdr_type reqType, HttpRequest * request)
{
AuthNegotiateUserRequest *negotiate_request;
@@ -227,7 +228,7 @@
/* New request, no user details */
if (auth_user_request == NULL) {
- debugs(29, 9, "AuthNegotiateConfig::fixHeader: Sending type:" << reqType << " header: 'Negotiate'");
+ debugs(29, 9, HERE << "Sending type:" << reqType << " header: 'Negotiate'");
httpHeaderPutStrf(&rep->header, reqType, "Negotiate");
if (!keep_alive) {
@@ -241,59 +242,48 @@
switch (negotiate_request->user()->credentials()) {
- case AuthUser::Failed:
+ case Auth::Failed:
/* here it makes sense to drop the connection, as auth is
* tied to it, even if MAYBE the client could handle it - Kinkie */
rep->header.delByName("keep-alive");
request->flags.proxy_keepalive = 0;
/* fall through */
- case AuthUser::Ok:
+ case Auth::Ok:
/* Special case: authentication finished OK but disallowed by ACL.
* Need to start over to give the client another chance.
*/
if (negotiate_request->server_blob) {
- debugs(29, 9, "authenticateNegotiateFixErrorHeader: Sending type:" << reqType << " header: 'Negotiate " << negotiate_request->server_blob << "'");
+ debugs(29, 9, HERE << "Sending type:" << reqType << " header: 'Negotiate " << negotiate_request->server_blob << "'");
httpHeaderPutStrf(&rep->header, reqType, "Negotiate %s", negotiate_request->server_blob);
safe_free(negotiate_request->server_blob);
} else {
- debugs(29, 9, "authenticateNegotiateFixErrorHeader: Connection authenticated");
+ debugs(29, 9, HERE << "Connection authenticated");
httpHeaderPutStrf(&rep->header, reqType, "Negotiate");
}
break;
- case AuthUser::Unchecked:
+ case Auth::Unchecked:
/* semantic change: do not drop the connection.
* 2.5 implementation used to keep it open - Kinkie */
- debugs(29, 9, "AuthNegotiateConfig::fixHeader: Sending type:" << reqType << " header: 'Negotiate'");
+ debugs(29, 9, HERE << "Sending type:" << reqType << " header: 'Negotiate'");
httpHeaderPutStrf(&rep->header, reqType, "Negotiate");
break;
- case AuthUser::Handshake:
+ case Auth::Handshake:
/* we're waiting for a response from the client. Pass it the blob */
- debugs(29, 9, "AuthNegotiateConfig::fixHeader: Sending type:" << reqType << " header: 'Negotiate " << negotiate_request->server_blob << "'");
+ debugs(29, 9, HERE << "Sending type:" << reqType << " header: 'Negotiate " << negotiate_request->server_blob << "'");
httpHeaderPutStrf(&rep->header, reqType, "Negotiate %s", negotiate_request->server_blob);
safe_free(negotiate_request->server_blob);
break;
default:
- debugs(29, DBG_CRITICAL, "AuthNegotiateConfig::fixHeader: state " << negotiate_request->user()->credentials() << ".");
+ debugs(29, DBG_CRITICAL, "ERROR: Negotiate auth fixHeader: state " << negotiate_request->user()->credentials() << ".");
fatal("unexpected state in AuthenticateNegotiateFixErrorHeader.\n");
}
}
}
-NegotiateUser::~NegotiateUser()
-{
- debugs(29, 5, "NegotiateUser::~NegotiateUser: doing nothing to clearNegotiate scheme data for '" << this << "'");
-}
-
-int32_t
-NegotiateUser::ttl() const
-{
- return -1; // Negotiate cannot be cached.
-}
-
static void
authenticateNegotiateStats(StoreEntry * sentry)
{
@@ -305,9 +295,9 @@
* Auth_user structure.
*/
AuthUserRequest::Pointer
-AuthNegotiateConfig::decode(char const *proxy_auth)
+Auth::Negotiate::Config::decode(char const *proxy_auth)
{
- NegotiateUser *newUser = new NegotiateUser(&negotiateConfig);
+ Auth::Negotiate::User *newUser = new Auth::Negotiate::User(&negotiateConfig);
AuthUserRequest *auth_user_request = new AuthNegotiateUserRequest();
assert(auth_user_request->user() == NULL);
@@ -315,11 +305,6 @@
auth_user_request->user()->auth_type = Auth::AUTH_NEGOTIATE;
/* all we have to do is identify that it's Negotiate - the helper does the rest */
- debugs(29, 9, "AuthNegotiateConfig::decode: Negotiate authentication");
+ debugs(29, 9, HERE << "decode Negotiate authentication");
return auth_user_request;
}
-
-NegotiateUser::NegotiateUser(AuthConfig *aConfig) : AuthUser (aConfig)
-{
- proxy_auth_list.head = proxy_auth_list.tail = NULL;
-}
diff -u -r -N squid-3.2.0.6/src/auth/negotiate/auth_negotiate.h squid-3.2.0.7/src/auth/negotiate/auth_negotiate.h
--- squid-3.2.0.6/src/auth/negotiate/auth_negotiate.h 2011-04-04 14:42:49.000000000 +1200
+++ squid-3.2.0.7/src/auth/negotiate/auth_negotiate.h 2011-04-19 12:47:07.000000000 +1200
@@ -8,8 +8,6 @@
#include "auth/Config.h"
#include "auth/Gadgets.h"
-#include "auth/State.h"
-#include "auth/User.h"
#include "auth/UserRequest.h"
#include "helper.h"
@@ -21,45 +19,35 @@
/// \ingroup AuthNegotiateAPI
#define DefaultAuthenticateChildrenMax 32 /* 32 processes */
-/// \ingroup AuthNegotiateAPI
-class NegotiateUser : public AuthUser
+namespace Auth
{
-
-public:
- MEMPROXY_CLASS(NegotiateUser);
- NegotiateUser(AuthConfig *);
- ~NegotiateUser();
- virtual int32_t ttl() const;
-
- dlink_list proxy_auth_list;
-};
-
-MEMPROXY_CLASS_INLINE(NegotiateUser);
-
-extern statefulhelper *negotiateauthenticators;
-
-/* configuration runtime data */
-
-/// \ingroup AuthNegotiateAPI
-class AuthNegotiateConfig : public AuthConfig
+namespace Negotiate
{
+/** Negotiate Authentication configuration data */
+class Config : public Auth::Config
+{
public:
- AuthNegotiateConfig();
+ Config();
virtual bool active() const;
virtual bool configured() const;
virtual AuthUserRequest::Pointer decode(char const *proxy_auth);
virtual void done();
virtual void rotateHelpers();
- virtual void dump(StoreEntry *, const char *, AuthConfig *);
+ virtual void dump(StoreEntry *, const char *, Auth::Config *);
virtual void fixHeader(AuthUserRequest::Pointer, HttpReply *, http_hdr_type, HttpRequest *);
- virtual void init(AuthConfig *);
- virtual void parse(AuthConfig *, int, char *);
+ virtual void init(Auth::Config *);
+ virtual void parse(Auth::Config *, int, char *);
virtual void registerWithCacheManager(void);
virtual const char * type() const;
+
+public:
int keep_alive;
};
-extern AuthNegotiateConfig negotiateConfig;
+} // namespace Negotiate
+} // namespace Auth
+
+extern statefulhelper *negotiateauthenticators;
#endif
diff -u -r -N squid-3.2.0.6/src/auth/negotiate/Makefile.am squid-3.2.0.7/src/auth/negotiate/Makefile.am
--- squid-3.2.0.6/src/auth/negotiate/Makefile.am 2011-04-04 14:42:49.000000000 +1200
+++ squid-3.2.0.7/src/auth/negotiate/Makefile.am 2011-04-19 12:47:07.000000000 +1200
@@ -8,5 +8,7 @@
Scheme.h \
auth_negotiate.cc \
auth_negotiate.h \
+ User.cc \
+ User.h \
UserRequest.cc \
UserRequest.h
diff -u -r -N squid-3.2.0.6/src/auth/negotiate/Makefile.in squid-3.2.0.7/src/auth/negotiate/Makefile.in
--- squid-3.2.0.6/src/auth/negotiate/Makefile.in 2011-04-04 14:43:43.000000000 +1200
+++ squid-3.2.0.7/src/auth/negotiate/Makefile.in 2011-04-19 12:48:10.000000000 +1200
@@ -55,7 +55,7 @@
CONFIG_CLEAN_VPATH_FILES =
LTLIBRARIES = $(noinst_LTLIBRARIES)
libnegotiate_la_LIBADD =
-am_libnegotiate_la_OBJECTS = Scheme.lo auth_negotiate.lo \
+am_libnegotiate_la_OBJECTS = Scheme.lo auth_negotiate.lo User.lo \
UserRequest.lo
libnegotiate_la_OBJECTS = $(am_libnegotiate_la_OBJECTS)
DEFAULT_INCLUDES =
@@ -311,6 +311,8 @@
Scheme.h \
auth_negotiate.cc \
auth_negotiate.h \
+ User.cc \
+ User.h \
UserRequest.cc \
UserRequest.h
@@ -376,6 +378,7 @@
-rm -f *.tab.c
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/Scheme.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/User.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/UserRequest.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/auth_negotiate.Plo@am__quote@
diff -u -r -N squid-3.2.0.6/src/auth/negotiate/Scheme.cc squid-3.2.0.7/src/auth/negotiate/Scheme.cc
--- squid-3.2.0.6/src/auth/negotiate/Scheme.cc 2011-04-04 14:42:49.000000000 +1200
+++ squid-3.2.0.7/src/auth/negotiate/Scheme.cc 2011-04-19 12:47:07.000000000 +1200
@@ -62,9 +62,9 @@
debugs(29, DBG_CRITICAL, "Shutdown: Negotiate authentication.");
}
-AuthConfig *
+Auth::Config *
Auth::Negotiate::Scheme::createConfig()
{
- AuthNegotiateConfig *negotiateCfg = new AuthNegotiateConfig;
- return dynamic_cast(negotiateCfg);
+ Auth::Negotiate::Config *negotiateCfg = new Auth::Negotiate::Config;
+ return dynamic_cast(negotiateCfg);
}
diff -u -r -N squid-3.2.0.6/src/auth/negotiate/Scheme.h squid-3.2.0.7/src/auth/negotiate/Scheme.h
--- squid-3.2.0.6/src/auth/negotiate/Scheme.h 2011-04-04 14:42:49.000000000 +1200
+++ squid-3.2.0.7/src/auth/negotiate/Scheme.h 2011-04-19 12:47:07.000000000 +1200
@@ -54,7 +54,7 @@
/* per scheme */
virtual char const *type() const;
virtual void shutdownCleanup();
- virtual AuthConfig *createConfig();
+ virtual Auth::Config *createConfig();
/* Not implemented */
Scheme (Scheme const &);
diff -u -r -N squid-3.2.0.6/src/auth/negotiate/User.cc squid-3.2.0.7/src/auth/negotiate/User.cc
--- squid-3.2.0.6/src/auth/negotiate/User.cc 1970-01-01 12:00:00.000000000 +1200
+++ squid-3.2.0.7/src/auth/negotiate/User.cc 2011-04-19 12:47:07.000000000 +1200
@@ -0,0 +1,21 @@
+#include "config.h"
+#include "auth/Config.h"
+#include "auth/negotiate/User.h"
+#include "Debug.h"
+
+Auth::Negotiate::User::User(Auth::Config *aConfig) :
+ Auth::User(aConfig)
+{
+ proxy_auth_list.head = proxy_auth_list.tail = NULL;
+}
+
+Auth::Negotiate::User::~User()
+{
+ debugs(29, 5, HERE << "doing nothing to clear Negotiate scheme data for '" << this << "'");
+}
+
+int32_t
+Auth::Negotiate::User::ttl() const
+{
+ return -1; // Negotiate cannot be cached.
+}
diff -u -r -N squid-3.2.0.6/src/auth/negotiate/User.h squid-3.2.0.7/src/auth/negotiate/User.h
--- squid-3.2.0.6/src/auth/negotiate/User.h 1970-01-01 12:00:00.000000000 +1200
+++ squid-3.2.0.7/src/auth/negotiate/User.h 2011-04-19 12:47:07.000000000 +1200
@@ -0,0 +1,31 @@
+#ifndef _SQUID_AUTH_NEGOTIATE_USER_H
+#define _SQUID_AUTH_NEGOTIATE_USER_H
+
+#include "auth/User.h"
+
+namespace Auth
+{
+
+class Config;
+
+namespace Negotiate
+{
+
+/** User credentials for the Negotiate authentication protocol */
+class User : public Auth::User
+{
+public:
+ MEMPROXY_CLASS(Auth::Negotiate::User);
+ User(Auth::Config *);
+ ~User();
+ virtual int32_t ttl() const;
+
+ dlink_list proxy_auth_list;
+};
+
+MEMPROXY_CLASS_INLINE(Auth::Negotiate::User);
+
+} // namespace Negotiate
+} // namespace Auth
+
+#endif /* _SQUID_AUTH_NEGOTIATE_USER_H */
diff -u -r -N squid-3.2.0.6/src/auth/negotiate/UserRequest.cc squid-3.2.0.7/src/auth/negotiate/UserRequest.cc
--- squid-3.2.0.6/src/auth/negotiate/UserRequest.cc 2011-04-04 14:42:49.000000000 +1200
+++ squid-3.2.0.7/src/auth/negotiate/UserRequest.cc 2011-04-19 12:47:07.000000000 +1200
@@ -1,6 +1,7 @@
#include "config.h"
#include "auth/negotiate/auth_negotiate.h"
#include "auth/negotiate/UserRequest.h"
+#include "auth/State.h"
#include "auth/User.h"
#include "helper.h"
#include "HttpReply.h"
@@ -48,7 +49,7 @@
int
AuthNegotiateUserRequest::authenticated() const
{
- if (user() != NULL && user()->credentials() == AuthUser::Ok) {
+ if (user() != NULL && user()->credentials() == Auth::Ok) {
debugs(29, 9, HERE << "user authenticated.");
return 1;
}
@@ -71,14 +72,14 @@
switch (user()->credentials()) {
- case AuthUser::Handshake:
+ case Auth::Handshake:
assert(server_blob);
return 1; /* send to client */
- case AuthUser::Ok:
+ case Auth::Ok:
return 0; /* do nothing */
- case AuthUser::Failed:
+ case Auth::Failed:
return -2;
default:
@@ -121,7 +122,7 @@
debugs(29, 8, HERE << "auth state is '" << user()->credentials() << "'");
- if (static_cast(AuthConfig::Find("negotiate"))->authenticateProgram == NULL) {
+ if (static_cast(Auth::Config::Find("negotiate"))->authenticateProgram == NULL) {
debugs(29, DBG_CRITICAL, "ERROR: No Negotiate authentication program configured.");
handler(data, NULL);
return;
@@ -132,7 +133,7 @@
r->data = cbdataReference(data);
r->auth_user_request = this;
- if (user()->credentials() == AuthUser::Pending) {
+ if (user()->credentials() == Auth::Pending) {
snprintf(buf, MAX_AUTHTOKEN_LEN, "YR %s\n", client_blob); //CHECKME: can ever client_blob be 0 here?
} else {
snprintf(buf, MAX_AUTHTOKEN_LEN, "KK %s\n", client_blob);
@@ -187,7 +188,7 @@
/** Check that we are in the client side, where we can generate auth challenges */
if (conn == NULL) {
- user()->credentials(AuthUser::Failed);
+ user()->credentials(Auth::Failed);
debugs(29, DBG_IMPORTANT, "WARNING: Negotiate Authentication attempt to perform authentication without a connection!");
return;
}
@@ -221,10 +222,10 @@
switch (user()->credentials()) {
- case AuthUser::Unchecked:
+ case Auth::Unchecked:
/* we've received a negotiate request. pass to a helper */
debugs(29, 9, HERE << "auth state negotiate none. Received blob: '" << proxy_auth << "'");
- user()->credentials(AuthUser::Pending);
+ user()->credentials(Auth::Pending);
safe_free(client_blob);
client_blob=xstrdup(blob);
assert(conn->auth_user_request == NULL);
@@ -233,11 +234,11 @@
HTTPMSGLOCK(request);
break;
- case AuthUser::Pending:
+ case Auth::Pending:
debugs(29, 1, HERE << "need to ask helper");
break;
- case AuthUser::Handshake:
+ case Auth::Handshake:
/* we should have received a blob from the client. Hand it off to
* some helper */
safe_free(client_blob);
@@ -248,11 +249,11 @@
HTTPMSGLOCK(request);
break;
- case AuthUser::Ok:
+ case Auth::Ok:
fatal("AuthNegotiateUserRequest::authenticate: unexpected auth state DONE! Report a bug to the squid developers.\n");
break;
- case AuthUser::Failed:
+ case Auth::Failed:
/* we've failed somewhere in authentication */
debugs(29, 9, HERE << "auth state negotiate failed. " << proxy_auth);
break;
@@ -320,11 +321,11 @@
negotiate_request->request->flags.must_keepalive = 1;
if (negotiate_request->request->flags.proxy_keepalive) {
negotiate_request->server_blob = xstrdup(blob);
- auth_user_request->user()->credentials(AuthUser::Handshake);
+ auth_user_request->user()->credentials(Auth::Handshake);
auth_user_request->denyMessage("Authentication in progress");
debugs(29, 4, HERE << "Need to challenge the client with a server blob '" << blob << "'");
} else {
- auth_user_request->user()->credentials(AuthUser::Failed);
+ auth_user_request->user()->credentials(Auth::Failed);
auth_user_request->denyMessage("NTLM authentication requires a persistent connection");
}
} else if (strncasecmp(reply, "AF ", 3) == 0 && arg != NULL) {
@@ -338,15 +339,13 @@
safe_free(negotiate_request->server_blob);
negotiate_request->server_blob = xstrdup(blob);
negotiate_request->releaseAuthServer();
- auth_user_request->user()->credentials(AuthUser::Ok);
- debugs(29, 4, HERE << "Successfully validated user via Negotiate. Username '" << blob << "'");
/* connection is authenticated */
debugs(29, 4, HERE << "authenticated user " << auth_user_request->user()->username());
/* see if this is an existing user with a different proxy_auth
* string */
AuthUserHashPointer *usernamehash = static_cast(hash_lookup(proxy_auth_username_cache, auth_user_request->user()->username()));
- AuthUser::Pointer local_auth_user = negotiate_request->user();
+ Auth::User::Pointer local_auth_user = negotiate_request->user();
while (usernamehash && (usernamehash->user()->auth_type != Auth::AUTH_NEGOTIATE ||
strcmp(usernamehash->user()->username(), auth_user_request->user()->username()) != 0))
usernamehash = static_cast(usernamehash->next);
@@ -356,9 +355,9 @@
* Just free the temporary auth_user after merging as
* much of it new state into the existing one as possible */
usernamehash->user()->absorb(local_auth_user);
- local_auth_user = usernamehash->user();
/* from here on we are working with the original cached credentials. */
- negotiate_request->_auth_user = local_auth_user;
+ local_auth_user = usernamehash->user();
+ auth_user_request->user(local_auth_user);
} else {
/* store user in hash's */
local_auth_user->addToNameCache();
@@ -366,8 +365,8 @@
/* set these to now because this is either a new login from an
* existing user or a new user */
local_auth_user->expiretime = current_time.tv_sec;
- negotiate_request->releaseAuthServer();
- negotiate_request->user()->credentials(AuthUser::Ok);
+ auth_user_request->user()->credentials(Auth::Ok);
+ debugs(29, 4, HERE << "Successfully validated user via Negotiate. Username '" << blob << "'");
} else if (strncasecmp(reply, "NA ", 3) == 0 && arg != NULL) {
/* authentication failure (wrong password, etc.) */
@@ -376,7 +375,7 @@
*arg++ = '\0';
auth_user_request->denyMessage(arg);
- negotiate_request->user()->credentials(AuthUser::Failed);
+ negotiate_request->user()->credentials(Auth::Failed);
safe_free(negotiate_request->server_blob);
negotiate_request->server_blob = xstrdup(blob);
negotiate_request->releaseAuthServer();
@@ -388,7 +387,7 @@
* If after a KK deny the user's request w/ 407 and mark the helper as
* Needing YR. */
auth_user_request->denyMessage(blob);
- auth_user_request->user()->credentials(AuthUser::Failed);
+ auth_user_request->user()->credentials(Auth::Failed);
safe_free(negotiate_request->server_blob);
negotiate_request->releaseAuthServer();
debugs(29, DBG_IMPORTANT, "ERROR: Negotiate Authentication validating user. Error returned '" << reply << "'");
diff -u -r -N squid-3.2.0.6/src/auth/ntlm/auth_ntlm.cc squid-3.2.0.7/src/auth/ntlm/auth_ntlm.cc
--- squid-3.2.0.6/src/auth/ntlm/auth_ntlm.cc 2011-04-04 14:42:49.000000000 +1200
+++ squid-3.2.0.7/src/auth/ntlm/auth_ntlm.cc 2011-04-19 12:47:07.000000000 +1200
@@ -41,6 +41,7 @@
#include "auth/Gadgets.h"
#include "auth/ntlm/auth_ntlm.h"
#include "auth/ntlm/Scheme.h"
+#include "auth/ntlm/User.h"
#include "auth/ntlm/UserRequest.h"
#include "auth/State.h"
#include "mgr/Registration.h"
@@ -66,7 +67,7 @@
*/
void
-AuthNTLMConfig::rotateHelpers()
+Auth::Ntlm::Config::rotateHelpers()
{
/* schedule closure of existing helpers */
if (ntlmauthenticators) {
@@ -78,7 +79,7 @@
/* free any allocated configuration details */
void
-AuthNTLMConfig::done()
+Auth::Ntlm::Config::done()
{
authntlm_initialised = 0;
@@ -95,11 +96,11 @@
if (authenticateProgram)
wordlistDestroy(&authenticateProgram);
- debugs(29, 2, "ntlmScheme::done: NTLM authentication Shutdown.");
+ debugs(29, DBG_IMPORTANT, "Reconfigure: NTLM authentication configuration cleared.");
}
void
-AuthNTLMConfig::dump(StoreEntry * entry, const char *name, AuthConfig * scheme)
+Auth::Ntlm::Config::dump(StoreEntry * entry, const char *name, Auth::Config * scheme)
{
wordlist *list = authenticateProgram;
storeAppendPrintf(entry, "%s %s", name, "ntlm");
@@ -115,11 +116,11 @@
}
-AuthNTLMConfig::AuthNTLMConfig() : keep_alive(1)
+Auth::Ntlm::Config::Config() : keep_alive(1)
{ }
void
-AuthNTLMConfig::parse(AuthConfig * scheme, int n_configured, char *param_str)
+Auth::Ntlm::Config::parse(Auth::Config * scheme, int n_configured, char *param_str)
{
if (strcasecmp(param_str, "program") == 0) {
if (authenticateProgram)
@@ -133,12 +134,12 @@
} else if (strcasecmp(param_str, "keep_alive") == 0) {
parse_onoff(&keep_alive);
} else {
- debugs(29, 0, "AuthNTLMConfig::parse: unrecognised ntlm auth scheme parameter '" << param_str << "'");
+ debugs(29, DBG_CRITICAL, "ERROR unrecognised NTLM auth scheme parameter '" << param_str << "'");
}
}
const char *
-AuthNTLMConfig::type() const
+Auth::Ntlm::Config::type() const
{
return Auth::Ntlm::Scheme::GetInstance()->type();
}
@@ -146,7 +147,7 @@
/* Initialize helpers and the like for this auth scheme. Called AFTER parsing the
* config file */
void
-AuthNTLMConfig::init(AuthConfig * scheme)
+Auth::Ntlm::Config::init(Auth::Config * scheme)
{
if (authenticateProgram) {
@@ -173,7 +174,7 @@
}
void
-AuthNTLMConfig::registerWithCacheManager(void)
+Auth::Ntlm::Config::registerWithCacheManager(void)
{
Mgr::RegisterAction("ntlmauthenticator",
"NTLM User Authenticator Stats",
@@ -181,27 +182,27 @@
}
bool
-AuthNTLMConfig::active() const
+Auth::Ntlm::Config::active() const
{
return authntlm_initialised == 1;
}
bool
-AuthNTLMConfig::configured() const
+Auth::Ntlm::Config::configured() const
{
if ((authenticateProgram != NULL) && (authenticateChildren.n_max != 0)) {
- debugs(29, 9, "AuthNTLMConfig::configured: returning configured");
+ debugs(29, 9, HERE << "returning configured");
return true;
}
- debugs(29, 9, "AuthNTLMConfig::configured: returning unconfigured");
+ debugs(29, 9, HERE << "returning unconfigured");
return false;
}
/* NTLM Scheme */
void
-AuthNTLMConfig::fixHeader(AuthUserRequest::Pointer auth_user_request, HttpReply *rep, http_hdr_type hdrType, HttpRequest * request)
+Auth::Ntlm::Config::fixHeader(AuthUserRequest::Pointer auth_user_request, HttpReply *rep, http_hdr_type hdrType, HttpRequest * request)
{
if (!authenticateProgram)
return;
@@ -212,7 +213,7 @@
/* New request, no user details */
if (auth_user_request == NULL) {
- debugs(29, 9, "AuthNTLMConfig::fixHeader: Sending type:" << hdrType << " header: 'NTLM'");
+ debugs(29, 9, HERE << "Sending type:" << hdrType << " header: 'NTLM'");
httpHeaderPutStrf(&rep->header, hdrType, "NTLM");
if (!keep_alive) {
@@ -225,50 +226,39 @@
switch (ntlm_request->user()->credentials()) {
- case AuthUser::Failed:
+ case Auth::Failed:
/* here it makes sense to drop the connection, as auth is
* tied to it, even if MAYBE the client could handle it - Kinkie */
request->flags.proxy_keepalive = 0;
/* fall through */
- case AuthUser::Ok:
+ case Auth::Ok:
/* Special case: authentication finished OK but disallowed by ACL.
* Need to start over to give the client another chance.
*/
/* fall through */
- case AuthUser::Unchecked:
+ case Auth::Unchecked:
/* semantic change: do not drop the connection.
* 2.5 implementation used to keep it open - Kinkie */
- debugs(29, 9, "AuthNTLMConfig::fixHeader: Sending type:" << hdrType << " header: 'NTLM'");
+ debugs(29, 9, HERE << "Sending type:" << hdrType << " header: 'NTLM'");
httpHeaderPutStrf(&rep->header, hdrType, "NTLM");
break;
- case AuthUser::Handshake:
+ case Auth::Handshake:
/* we're waiting for a response from the client. Pass it the blob */
- debugs(29, 9, "AuthNTLMConfig::fixHeader: Sending type:" << hdrType << " header: 'NTLM " << ntlm_request->server_blob << "'");
+ debugs(29, 9, HERE << "Sending type:" << hdrType << " header: 'NTLM " << ntlm_request->server_blob << "'");
httpHeaderPutStrf(&rep->header, hdrType, "NTLM %s", ntlm_request->server_blob);
safe_free(ntlm_request->server_blob);
break;
default:
- debugs(29, DBG_CRITICAL, "AuthNTLMConfig::fixHeader: state " << ntlm_request->user()->credentials() << ".");
+ debugs(29, DBG_CRITICAL, "NTLM Auth fixHeader: state " << ntlm_request->user()->credentials() << ".");
fatal("unexpected state in AuthenticateNTLMFixErrorHeader.\n");
}
}
}
-NTLMUser::~NTLMUser()
-{
- debugs(29, 5, "NTLMUser::~NTLMUser: doing nothing to clearNTLM scheme data for '" << this << "'");
-}
-
-int32_t
-NTLMUser::ttl() const
-{
- return -1; // NTLM credentials cannot be cached.
-}
-
static void
authenticateNTLMStats(StoreEntry * sentry)
{
@@ -280,9 +270,9 @@
* Auth_user structure.
*/
AuthUserRequest::Pointer
-AuthNTLMConfig::decode(char const *proxy_auth)
+Auth::Ntlm::Config::decode(char const *proxy_auth)
{
- NTLMUser *newUser = new NTLMUser(AuthConfig::Find("ntlm"));
+ Auth::Ntlm::User *newUser = new Auth::Ntlm::User(Auth::Config::Find("ntlm"));
AuthUserRequest::Pointer auth_user_request = new AuthNTLMUserRequest();
assert(auth_user_request->user() == NULL);
@@ -290,11 +280,6 @@
auth_user_request->user()->auth_type = Auth::AUTH_NTLM;
/* all we have to do is identify that it's NTLM - the helper does the rest */
- debugs(29, 9, "AuthNTLMConfig::decode: NTLM authentication");
+ debugs(29, 9, HERE << "decode: NTLM authentication");
return auth_user_request;
}
-
-NTLMUser::NTLMUser (AuthConfig *aConfig) : AuthUser (aConfig)
-{
- proxy_auth_list.head = proxy_auth_list.tail = NULL;
-}
diff -u -r -N squid-3.2.0.6/src/auth/ntlm/auth_ntlm.h squid-3.2.0.7/src/auth/ntlm/auth_ntlm.h
--- squid-3.2.0.6/src/auth/ntlm/auth_ntlm.h 2011-04-04 14:42:49.000000000 +1200
+++ squid-3.2.0.7/src/auth/ntlm/auth_ntlm.h 2011-04-19 12:47:07.000000000 +1200
@@ -6,52 +6,43 @@
#ifndef __AUTH_NTLM_H__
#define __AUTH_NTLM_H__
#include "auth/Gadgets.h"
-#include "auth/User.h"
#include "auth/UserRequest.h"
#include "auth/Config.h"
#include "helper.h"
#define DefaultAuthenticateChildrenMax 32 /* 32 processes */
-class NTLMUser : public AuthUser
-{
-
-public:
- MEMPROXY_CLASS(NTLMUser);
- NTLMUser(AuthConfig *);
- ~NTLMUser();
-
- virtual int32_t ttl() const;
-
- dlink_list proxy_auth_list;
-};
-
-MEMPROXY_CLASS_INLINE(NTLMUser);
+class HttpRequest;
+class StoreEntry;
-typedef class NTLMUser ntlm_user_t;
-
-/* configuration runtime data */
-
-class AuthNTLMConfig : public AuthConfig
+namespace Auth
+{
+namespace Ntlm
{
+/** NTLM Authentication configuration data */
+class Config : public Auth::Config
+{
public:
- AuthNTLMConfig();
+ Config();
virtual bool active() const;
virtual bool configured() const;
virtual AuthUserRequest::Pointer decode(char const *proxy_auth);
virtual void done();
virtual void rotateHelpers();
- virtual void dump(StoreEntry *, const char *, AuthConfig *);
+ virtual void dump(StoreEntry *, const char *, Auth::Config *);
virtual void fixHeader(AuthUserRequest::Pointer, HttpReply *, http_hdr_type, HttpRequest *);
- virtual void init(AuthConfig *);
- virtual void parse(AuthConfig *, int, char *);
+ virtual void init(Auth::Config *);
+ virtual void parse(Auth::Config *, int, char *);
virtual void registerWithCacheManager(void);
virtual const char * type() const;
+
+public:
int keep_alive;
};
-typedef class AuthNTLMConfig auth_ntlm_config;
+} // namespace Ntlm
+} // namespace Auth
extern statefulhelper *ntlmauthenticators;
diff -u -r -N squid-3.2.0.6/src/auth/ntlm/Makefile.am squid-3.2.0.7/src/auth/ntlm/Makefile.am
--- squid-3.2.0.6/src/auth/ntlm/Makefile.am 2011-04-04 14:42:49.000000000 +1200
+++ squid-3.2.0.7/src/auth/ntlm/Makefile.am 2011-04-19 12:47:07.000000000 +1200
@@ -8,5 +8,7 @@
Scheme.h \
auth_ntlm.cc \
auth_ntlm.h \
+ User.cc \
+ User.h \
UserRequest.cc \
UserRequest.h
diff -u -r -N squid-3.2.0.6/src/auth/ntlm/Makefile.in squid-3.2.0.7/src/auth/ntlm/Makefile.in
--- squid-3.2.0.6/src/auth/ntlm/Makefile.in 2011-04-04 14:43:44.000000000 +1200
+++ squid-3.2.0.7/src/auth/ntlm/Makefile.in 2011-04-19 12:48:11.000000000 +1200
@@ -55,7 +55,7 @@
CONFIG_CLEAN_VPATH_FILES =
LTLIBRARIES = $(noinst_LTLIBRARIES)
libntlm_la_LIBADD =
-am_libntlm_la_OBJECTS = Scheme.lo auth_ntlm.lo UserRequest.lo
+am_libntlm_la_OBJECTS = Scheme.lo auth_ntlm.lo User.lo UserRequest.lo
libntlm_la_OBJECTS = $(am_libntlm_la_OBJECTS)
DEFAULT_INCLUDES =
depcomp = $(SHELL) $(top_srcdir)/cfgaux/depcomp
@@ -310,6 +310,8 @@
Scheme.h \
auth_ntlm.cc \
auth_ntlm.h \
+ User.cc \
+ User.h \
UserRequest.cc \
UserRequest.h
@@ -375,6 +377,7 @@
-rm -f *.tab.c
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/Scheme.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/User.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/UserRequest.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/auth_ntlm.Plo@am__quote@
diff -u -r -N squid-3.2.0.6/src/auth/ntlm/Scheme.cc squid-3.2.0.7/src/auth/ntlm/Scheme.cc
--- squid-3.2.0.6/src/auth/ntlm/Scheme.cc 2011-04-04 14:42:49.000000000 +1200
+++ squid-3.2.0.7/src/auth/ntlm/Scheme.cc 2011-04-19 12:47:07.000000000 +1200
@@ -63,9 +63,9 @@
debugs(29, DBG_CRITICAL, "Shutdown: NTLM authentication.");
}
-AuthConfig *
+Auth::Config *
Auth::Ntlm::Scheme::createConfig()
{
- auth_ntlm_config *ntlmCfg = new auth_ntlm_config;
- return dynamic_cast(ntlmCfg);
+ Auth::Ntlm::Config *ntlmCfg = new Auth::Ntlm::Config;
+ return dynamic_cast(ntlmCfg);
}
diff -u -r -N squid-3.2.0.6/src/auth/ntlm/Scheme.h squid-3.2.0.7/src/auth/ntlm/Scheme.h
--- squid-3.2.0.6/src/auth/ntlm/Scheme.h 2011-04-04 14:42:49.000000000 +1200
+++ squid-3.2.0.7/src/auth/ntlm/Scheme.h 2011-04-19 12:47:07.000000000 +1200
@@ -54,7 +54,7 @@
/* per scheme */
virtual char const *type() const;
virtual void shutdownCleanup();
- virtual AuthConfig *createConfig();
+ virtual Auth::Config *createConfig();
/* Not implemented */
Scheme (Scheme const &);
diff -u -r -N squid-3.2.0.6/src/auth/ntlm/User.cc squid-3.2.0.7/src/auth/ntlm/User.cc
--- squid-3.2.0.6/src/auth/ntlm/User.cc 1970-01-01 12:00:00.000000000 +1200
+++ squid-3.2.0.7/src/auth/ntlm/User.cc 2011-04-19 12:47:07.000000000 +1200
@@ -0,0 +1,21 @@
+#include "config.h"
+#include "auth/Config.h"
+#include "auth/ntlm/User.h"
+#include "Debug.h"
+
+Auth::Ntlm::User::User(Auth::Config *aConfig) :
+ Auth::User(aConfig)
+{
+ proxy_auth_list.head = proxy_auth_list.tail = NULL;
+}
+
+Auth::Ntlm::User::~User()
+{
+ debugs(29, 5, HERE << "doing nothing to clear NTLM scheme data for '" << this << "'");
+}
+
+int32_t
+Auth::Ntlm::User::ttl() const
+{
+ return -1; // NTLM credentials cannot be cached.
+}
diff -u -r -N squid-3.2.0.6/src/auth/ntlm/User.h squid-3.2.0.7/src/auth/ntlm/User.h
--- squid-3.2.0.6/src/auth/ntlm/User.h 1970-01-01 12:00:00.000000000 +1200
+++ squid-3.2.0.7/src/auth/ntlm/User.h 2011-04-19 12:47:07.000000000 +1200
@@ -0,0 +1,32 @@
+#ifndef _SQUID_AUTH_NTLM_USER_H
+#define _SQUID_AUTH_NTLM_USER_H
+
+#include "auth/User.h"
+
+namespace Auth
+{
+
+class Config;
+
+namespace Ntlm
+{
+
+/** User credentials for the NTLM authentication protocol */
+class User : public Auth::User
+{
+public:
+ MEMPROXY_CLASS(Auth::Ntlm::User);
+ User(Auth::Config *);
+ ~User();
+
+ virtual int32_t ttl() const;
+
+ dlink_list proxy_auth_list;
+};
+
+MEMPROXY_CLASS_INLINE(Auth::Ntlm::User);
+
+} // namespace Ntlm
+} // namespace Auth
+
+#endif /* _SQUID_AUTH_NTLM_USER_H */
diff -u -r -N squid-3.2.0.6/src/auth/ntlm/UserRequest.cc squid-3.2.0.7/src/auth/ntlm/UserRequest.cc
--- squid-3.2.0.6/src/auth/ntlm/UserRequest.cc 2011-04-04 14:42:49.000000000 +1200
+++ squid-3.2.0.7/src/auth/ntlm/UserRequest.cc 2011-04-19 12:47:07.000000000 +1200
@@ -51,14 +51,14 @@
switch (user()->credentials()) {
- case AuthUser::Handshake:
+ case Auth::Handshake:
assert(server_blob);
return 1; /* send to client */
- case AuthUser::Ok:
+ case Auth::Ok:
return 0; /* do nothing */
- case AuthUser::Failed:
+ case Auth::Failed:
return -2;
default:
@@ -79,7 +79,7 @@
debugs(29, 8, HERE << "credentials state is '" << user()->credentials() << "'");
- if (static_cast(AuthConfig::Find("ntlm"))->authenticateProgram == NULL) {
+ if (static_cast(Auth::Config::Find("ntlm"))->authenticateProgram == NULL) {
debugs(29, DBG_CRITICAL, "ERROR: NTLM Start: no NTLM program configured.");
handler(data, NULL);
return;
@@ -90,7 +90,7 @@
r->data = cbdataReference(data);
r->auth_user_request = this;
- if (user()->credentials() == AuthUser::Pending) {
+ if (user()->credentials() == Auth::Pending) {
snprintf(buf, 8192, "YR %s\n", client_blob); //CHECKME: can ever client_blob be 0 here?
} else {
snprintf(buf, 8192, "KK %s\n", client_blob);
@@ -141,7 +141,7 @@
int
AuthNTLMUserRequest::authenticated() const
{
- if (user()->credentials() == AuthUser::Ok) {
+ if (user()->credentials() == Auth::Ok) {
debugs(29, 9, "AuthNTLMUserRequest::authenticated: user authenticated.");
return 1;
}
@@ -162,7 +162,7 @@
* auth challenges */
if (conn == NULL || !cbdataReferenceValid(conn)) {
- user()->credentials(AuthUser::Failed);
+ user()->credentials(Auth::Failed);
debugs(29, 1, "AuthNTLMUserRequest::authenticate: attempt to perform authentication without a connection!");
return;
}
@@ -197,10 +197,10 @@
switch (user()->credentials()) {
- case AuthUser::Unchecked:
+ case Auth::Unchecked:
/* we've received a ntlm request. pass to a helper */
debugs(29, 9, "AuthNTLMUserRequest::authenticate: auth state ntlm none. Received blob: '" << proxy_auth << "'");
- user()->credentials(AuthUser::Pending);
+ user()->credentials(Auth::Pending);
safe_free(client_blob);
client_blob=xstrdup(blob);
assert(conn->auth_user_request == NULL);
@@ -209,11 +209,11 @@
HTTPMSGLOCK(request);
break;
- case AuthUser::Pending:
+ case Auth::Pending:
debugs(29, 1, "AuthNTLMUserRequest::authenticate: need to ask helper");
break;
- case AuthUser::Handshake:
+ case Auth::Handshake:
/* we should have received a blob from the client. Hand it off to
* some helper */
safe_free(client_blob);
@@ -225,11 +225,11 @@
HTTPMSGLOCK(request);
break;
- case AuthUser::Ok:
+ case Auth::Ok:
fatal("AuthNTLMUserRequest::authenticate: unexpect auth state DONE! Report a bug to the squid developers.\n");
break;
- case AuthUser::Failed:
+ case Auth::Failed:
/* we've failed somewhere in authentication */
debugs(29, 9, "AuthNTLMUserRequest::authenticate: auth state ntlm failed. " << proxy_auth);
break;
@@ -287,11 +287,11 @@
ntlm_request->request->flags.must_keepalive = 1;
if (ntlm_request->request->flags.proxy_keepalive) {
ntlm_request->server_blob = xstrdup(blob);
- ntlm_request->user()->credentials(AuthUser::Handshake);
+ ntlm_request->user()->credentials(Auth::Handshake);
auth_user_request->denyMessage("Authentication in progress");
debugs(29, 4, "authenticateNTLMHandleReply: Need to challenge the client with a server blob '" << blob << "'");
} else {
- ntlm_request->user()->credentials(AuthUser::Failed);
+ ntlm_request->user()->credentials(Auth::Failed);
auth_user_request->denyMessage("NTLM authentication requires a persistent connection");
}
} else if (strncasecmp(reply, "AF ", 3) == 0) {
@@ -306,17 +306,18 @@
/* see if this is an existing user with a different proxy_auth
* string */
auth_user_hash_pointer *usernamehash = static_cast(hash_lookup(proxy_auth_username_cache, auth_user_request->user()->username()));
- AuthUser::Pointer local_auth_user = ntlm_request->user();
+ Auth::User::Pointer local_auth_user = ntlm_request->user();
while (usernamehash && (usernamehash->user()->auth_type != Auth::AUTH_NTLM ||
strcmp(usernamehash->user()->username(), auth_user_request->user()->username()) != 0))
usernamehash = static_cast(usernamehash->next);
if (usernamehash) {
/* we can't seamlessly recheck the username due to the
* challenge-response nature of the protocol.
- * Just free the temporary auth_user */
+ * Just free the temporary auth_user after merging as
+ * much of it new state into the existing one as possible */
usernamehash->user()->absorb(local_auth_user);
local_auth_user = usernamehash->user();
- ntlm_request->_auth_user = local_auth_user;
+ auth_user_request->user(local_auth_user);
} else {
/* store user in hash's */
local_auth_user->addToNameCache();
@@ -325,11 +326,11 @@
* existing user or a new user */
local_auth_user->expiretime = current_time.tv_sec;
ntlm_request->releaseAuthServer();
- local_auth_user->credentials(AuthUser::Ok);
+ local_auth_user->credentials(Auth::Ok);
} else if (strncasecmp(reply, "NA ", 3) == 0) {
/* authentication failure (wrong password, etc.) */
auth_user_request->denyMessage(blob);
- ntlm_request->user()->credentials(AuthUser::Failed);
+ ntlm_request->user()->credentials(Auth::Failed);
safe_free(ntlm_request->server_blob);
ntlm_request->releaseAuthServer();
debugs(29, 4, "authenticateNTLMHandleReply: Failed validating user via NTLM. Error returned '" << blob << "'");
@@ -340,7 +341,7 @@
* If after a KK deny the user's request w/ 407 and mark the helper as
* Needing YR. */
auth_user_request->denyMessage(blob);
- auth_user_request->user()->credentials(AuthUser::Failed);
+ auth_user_request->user()->credentials(Auth::Failed);
safe_free(ntlm_request->server_blob);
ntlm_request->releaseAuthServer();
debugs(29, 1, "authenticateNTLMHandleReply: Error validating user via NTLM. Error returned '" << reply << "'");
diff -u -r -N squid-3.2.0.6/src/auth/Scheme.h squid-3.2.0.7/src/auth/Scheme.h
--- squid-3.2.0.6/src/auth/Scheme.h 2011-04-04 14:42:49.000000000 +1200
+++ squid-3.2.0.7/src/auth/Scheme.h 2011-04-19 12:47:07.000000000 +1200
@@ -38,8 +38,6 @@
#include "Array.h"
#include "RefCount.h"
-class AuthConfig;
-
/**
\defgroup AuthSchemeAPI Authentication Scheme API
\ingroup AuthAPI
@@ -48,6 +46,8 @@
namespace Auth
{
+class Config;
+
/**
* \ingroup AuthAPI
* \ingroup AuthSchemeAPI
@@ -56,8 +56,7 @@
* store the scheme metadata.
* \par
* Should we need multiple configs of a single scheme,
- * a new class AuthConfiguration should be made, and the
- * config specific calls on Auth::Scheme moved to it.
+ * a new class should be made, and the config specific calls on Auth::Scheme moved to it.
*/
class Scheme : public RefCountable
{
@@ -90,7 +89,7 @@
/* per scheme methods */
virtual char const *type() const = 0;
virtual void shutdownCleanup() = 0;
- virtual AuthConfig *createConfig() = 0;
+ virtual Auth::Config *createConfig() = 0;
// Not implemented
Scheme(Scheme const &);
diff -u -r -N squid-3.2.0.6/src/auth/User.cc squid-3.2.0.7/src/auth/User.cc
--- squid-3.2.0.6/src/auth/User.cc 2011-04-04 14:42:49.000000000 +1200
+++ squid-3.2.0.7/src/auth/User.cc 2011-04-19 12:47:07.000000000 +1200
@@ -51,33 +51,30 @@
// This should be converted into a pooled type. Does not need to be cbdata
CBDATA_TYPE(AuthUserIP);
-time_t AuthUser::last_discard = 0;
+time_t Auth::User::last_discard = 0;
-const char *CredentialsState_str[] = { "Unchecked", "Ok", "Pending", "Handshake", "Failed" };
-
-
-AuthUser::AuthUser(AuthConfig *aConfig) :
+Auth::User::User(Auth::Config *aConfig) :
auth_type(Auth::AUTH_UNKNOWN),
config(aConfig),
ipcount(0),
expiretime(0),
- credentials_state(Unchecked),
+ credentials_state(Auth::Unchecked),
username_(NULL)
{
proxy_auth_list.head = proxy_auth_list.tail = NULL;
proxy_match_cache.head = proxy_match_cache.tail = NULL;
ip_list.head = ip_list.tail = NULL;
- debugs(29, 5, "AuthUser::AuthUser: Initialised auth_user '" << this << "'.");
+ debugs(29, 5, HERE << "Initialised auth_user '" << this << "'.");
}
-AuthUser::CredentialsState
-AuthUser::credentials() const
+Auth::CredentialState
+Auth::User::credentials() const
{
return credentials_state;
}
void
-AuthUser::credentials(CredentialsState newCreds)
+Auth::User::credentials(CredentialState newCreds)
{
credentials_state = newCreds;
}
@@ -89,26 +86,19 @@
* two users _can_ be merged without invalidating all the request
* scheme data. The scheme is also responsible for merging any user
* related scheme data itself.
+ * The caller is responsible for altering all refcount pointers to
+ * the 'from' object. They are invalid once this method is complete.
*/
void
-AuthUser::absorb(AuthUser::Pointer from)
+Auth::User::absorb(Auth::User::Pointer from)
{
-
- /* RefCount children CANNOT be merged like this. The external AuthUser::Pointer's cannot be changed. */
-
- /* check that we only have the two references:
- * 1) our function scope
- * 2) the parsing function scope)
- */
- assert(from->RefCountCount() == 2);
-
/*
* XXX Incomplete: it should merge in hash references too and ask the module to merge in scheme data
* dlink_list proxy_auth_list;
* dlink_list proxy_match_cache;
*/
- debugs(29, 5, "authenticateAuthUserMerge auth_user '" << from << "' into auth_user '" << this << "'.");
+ debugs(29, 5, HERE << "auth_user '" << from << "' into auth_user '" << this << "'.");
/* absorb the list of IP address sources (for max_user_ip controls) */
AuthUserIP *new_ipdata;
@@ -116,7 +106,7 @@
new_ipdata = static_cast(from->ip_list.head->data);
/* If this IP has expired - ignore the expensive merge actions. */
- if (new_ipdata->ip_expiretime + Config.authenticateIpTTL < squid_curtime) {
+ if (new_ipdata->ip_expiretime + ::Config.authenticateIpTTL < squid_curtime) {
/* This IP has expired - remove from the source list */
dlinkDelete(&new_ipdata->node, &(from->ip_list));
cbdataFree(new_ipdata);
@@ -135,7 +125,7 @@
/* update IP ttl and stop searching. */
ipdata->ip_expiretime = max(ipdata->ip_expiretime, new_ipdata->ip_expiretime);
break;
- } else if (ipdata->ip_expiretime + Config.authenticateIpTTL < squid_curtime) {
+ } else if (ipdata->ip_expiretime + ::Config.authenticateIpTTL < squid_curtime) {
/* This IP has expired - cleanup the destination list */
dlinkDelete(&ipdata->node, &ip_list);
cbdataFree(ipdata);
@@ -159,9 +149,9 @@
}
}
-AuthUser::~AuthUser()
+Auth::User::~User()
{
- debugs(29, 5, "AuthUser::~AuthUser: Freeing auth_user '" << this << "'.");
+ debugs(29, 5, HERE << "Freeing auth_user '" << this << "'.");
assert(RefCountCount() == 0);
/* free cached acl results */
@@ -178,26 +168,26 @@
}
void
-AuthUser::cacheInit(void)
+Auth::User::cacheInit(void)
{
if (!proxy_auth_username_cache) {
/* First time around, 7921 should be big enough */
proxy_auth_username_cache = hash_create((HASHCMP *) strcmp, 7921, hash_string);
assert(proxy_auth_username_cache);
- eventAdd("User Cache Maintenance", cacheCleanup, NULL, Config.authenticateGCInterval, 1);
+ eventAdd("User Cache Maintenance", cacheCleanup, NULL, ::Config.authenticateGCInterval, 1);
last_discard = squid_curtime;
}
}
void
-AuthUser::CachedACLsReset()
+Auth::User::CachedACLsReset()
{
/*
* This must complete all at once, because we are ensuring correctness.
*/
AuthUserHashPointer *usernamehash;
- AuthUser::Pointer auth_user;
- debugs(29, 3, "AuthUser::CachedACLsReset: Flushing the ACL caches for all users.");
+ Auth::User::Pointer auth_user;
+ debugs(29, 3, HERE << "Flushing the ACL caches for all users.");
hash_first(proxy_auth_username_cache);
while ((usernamehash = ((AuthUserHashPointer *) hash_next(proxy_auth_username_cache)))) {
@@ -206,11 +196,11 @@
aclCacheMatchFlush(&auth_user->proxy_match_cache);
}
- debugs(29, 3, "AuthUser::CachedACLsReset: Finished.");
+ debugs(29, 3, HERE << "Finished.");
}
void
-AuthUser::cacheCleanup(void *datanotused)
+Auth::User::cacheCleanup(void *datanotused)
{
/*
* We walk the hash by username as that is the unique key we use.
@@ -218,10 +208,10 @@
* entries at a time. Lets see how it flys first.
*/
AuthUserHashPointer *usernamehash;
- AuthUser::Pointer auth_user;
+ Auth::User::Pointer auth_user;
char const *username = NULL;
- debugs(29, 3, "AuthUser::cacheCleanup: Cleaning the user cache now");
- debugs(29, 3, "AuthUser::cacheCleanup: Current time: " << current_time.tv_sec);
+ debugs(29, 3, HERE << "Cleaning the user cache now");
+ debugs(29, 3, HERE << "Current time: " << current_time.tv_sec);
hash_first(proxy_auth_username_cache);
while ((usernamehash = ((AuthUserHashPointer *) hash_next(proxy_auth_username_cache)))) {
@@ -230,17 +220,17 @@
/* if we need to have indedendent expiry clauses, insert a module call
* here */
- debugs(29, 4, "AuthUser::cacheCleanup: Cache entry:\n\tType: " <<
+ debugs(29, 4, HERE << "Cache entry:\n\tType: " <<
auth_user->auth_type << "\n\tUsername: " << username <<
"\n\texpires: " <<
- (long int) (auth_user->expiretime + Config.authenticateTTL) <<
+ (long int) (auth_user->expiretime + ::Config.authenticateTTL) <<
"\n\treferences: " << (long int) auth_user->RefCountCount());
- if (auth_user->expiretime + Config.authenticateTTL <= current_time.tv_sec) {
- debugs(29, 5, "AuthUser::cacheCleanup: Removing user " << username << " from cache due to timeout.");
+ if (auth_user->expiretime + ::Config.authenticateTTL <= current_time.tv_sec) {
+ debugs(29, 5, HERE << "Removing user " << username << " from cache due to timeout.");
/* Old credentials are always removed. Existing users must hold their own
- * AuthUser::Pointer to the credentials. Cache exists only for finding
+ * Auth::User::Pointer to the credentials. Cache exists only for finding
* and re-using current valid credentials.
*/
hash_remove_link(proxy_auth_username_cache, usernamehash);
@@ -248,13 +238,13 @@
}
}
- debugs(29, 3, "AuthUser::cacheCleanup: Finished cleaning the user cache.");
- eventAdd("User Cache Maintenance", cacheCleanup, NULL, Config.authenticateGCInterval, 1);
+ debugs(29, 3, HERE << "Finished cleaning the user cache.");
+ eventAdd("User Cache Maintenance", cacheCleanup, NULL, ::Config.authenticateGCInterval, 1);
last_discard = squid_curtime;
}
void
-AuthUser::clearIp()
+Auth::User::clearIp()
{
AuthUserIP *ipdata, *tempnode;
@@ -276,7 +266,7 @@
}
void
-AuthUser::removeIp(Ip::Address ipaddr)
+Auth::User::removeIp(Ip::Address ipaddr)
{
AuthUserIP *ipdata = (AuthUserIP *) ip_list.head;
@@ -299,7 +289,7 @@
}
void
-AuthUser::addIp(Ip::Address ipaddr)
+Auth::User::addIp(Ip::Address ipaddr)
{
AuthUserIP *ipdata = (AuthUserIP *) ip_list.head;
int found = 0;
@@ -320,7 +310,7 @@
found = 1;
/* update IP ttl */
ipdata->ip_expiretime = squid_curtime;
- } else if (ipdata->ip_expiretime + Config.authenticateIpTTL < squid_curtime) {
+ } else if (ipdata->ip_expiretime + ::Config.authenticateIpTTL < squid_curtime) {
/* This IP has expired - remove from the seen list */
dlinkDelete(&ipdata->node, &ip_list);
cbdataFree(ipdata);
@@ -346,14 +336,14 @@
ipcount++;
- debugs(29, 2, "authenticateAuthUserAddIp: user '" << username() << "' has been seen at a new IP address (" << ipaddr << ")");
+ debugs(29, 2, HERE << "user '" << username() << "' has been seen at a new IP address (" << ipaddr << ")");
}
/**
- * Add the AuthUser structure to the username cache.
+ * Add the Auth::User structure to the username cache.
*/
void
-AuthUser::addToNameCache()
+Auth::User::addToNameCache()
{
/* AuthUserHashPointer will self-register with the username cache */
new AuthUserHashPointer(this);
@@ -363,13 +353,14 @@
* Dump the username cache statictics for viewing...
*/
void
-AuthUser::UsernameCacheStats(StoreEntry *output)
+Auth::User::UsernameCacheStats(StoreEntry *output)
{
AuthUserHashPointer *usernamehash;
/* overview of username cache */
storeAppendPrintf(output, "Cached Usernames: %d of %d\n", proxy_auth_username_cache->count, proxy_auth_username_cache->size);
- storeAppendPrintf(output, "Next Garbage Collection in %d seconds.\n", static_cast(last_discard + Config.authenticateGCInterval - squid_curtime));
+ storeAppendPrintf(output, "Next Garbage Collection in %d seconds.\n",
+ static_cast(last_discard + ::Config.authenticateGCInterval - squid_curtime));
/* cache dump column titles */
storeAppendPrintf(output, "\n%-15s %-9s %-9s %-9s %s\n",
@@ -382,13 +373,13 @@
hash_first(proxy_auth_username_cache);
while ((usernamehash = ((AuthUserHashPointer *) hash_next(proxy_auth_username_cache)))) {
- AuthUser::Pointer auth_user = usernamehash->user();
+ Auth::User::Pointer auth_user = usernamehash->user();
storeAppendPrintf(output, "%-15s %-9s %-9d %-9d %s\n",
Auth::Type_str[auth_user->auth_type],
- CredentialsState_str[auth_user->credentials()],
+ CredentialState_str[auth_user->credentials()],
auth_user->ttl(),
- static_cast(auth_user->expiretime - squid_curtime + Config.authenticateTTL),
+ static_cast(auth_user->expiretime - squid_curtime + ::Config.authenticateTTL),
auth_user->username()
);
}
diff -u -r -N squid-3.2.0.6/src/auth/User.cci squid-3.2.0.7/src/auth/User.cci
--- squid-3.2.0.6/src/auth/User.cci 2011-04-04 14:42:49.000000000 +1200
+++ squid-3.2.0.7/src/auth/User.cci 2011-04-19 12:47:07.000000000 +1200
@@ -34,13 +34,13 @@
*/
char const *
-AuthUser::username () const
+Auth::User::username () const
{
return username_;
}
void
-AuthUser::username(char const *aString)
+Auth::User::username(char const *aString)
{
if (aString) {
assert(!username_);
diff -u -r -N squid-3.2.0.6/src/auth/User.h squid-3.2.0.7/src/auth/User.h
--- squid-3.2.0.6/src/auth/User.h 2011-04-04 14:42:49.000000000 +1200
+++ squid-3.2.0.7/src/auth/User.h 2011-04-19 12:47:07.000000000 +1200
@@ -31,20 +31,25 @@
* Copyright (c) 2003, Robert Collins
*/
-#ifndef SQUID_AUTHUSER_H
-#define SQUID_AUTHUSER_H
+#ifndef SQUID_AUTH_USER_H
+#define SQUID_AUTH_USER_H
#if USE_AUTH
+#include "auth/CredentialState.h"
#include "auth/Type.h"
#include "dlink.h"
#include "ip/Address.h"
#include "RefCount.h"
-class AuthConfig;
class AuthUserHashPointer;
class StoreEntry;
+namespace Auth
+{
+
+class Config;
+
/**
* \ingroup AuthAPI
* This is the main user related structure. It stores user-related data,
@@ -53,10 +58,10 @@
* structure is the cached ACL match results. This structure, is private to
* the authentication framework.
*/
-class AuthUser : public RefCountable
+class User : public RefCountable
{
public:
- typedef RefCount Pointer;
+ typedef RefCount Pointer;
/* extra fields for proxy_auth */
/* auth_type and auth_module are deprecated. Do Not add new users of these fields.
@@ -65,18 +70,19 @@
/** \deprecated this determines what scheme owns the user data. */
Auth::Type auth_type;
/** the config for this user */
- AuthConfig *config;
+ Auth::Config *config;
/** we may have many proxy-authenticate strings that decode to the same user */
dlink_list proxy_auth_list;
dlink_list proxy_match_cache;
size_t ipcount;
long expiretime;
+public:
static void cacheInit();
static void CachedACLsReset();
- void absorb(AuthUser::Pointer from);
- virtual ~AuthUser();
+ void absorb(Auth::User::Pointer from);
+ virtual ~User();
_SQUID_INLINE_ char const *username() const;
_SQUID_INLINE_ void username(char const *);
@@ -94,9 +100,8 @@
void addToNameCache();
static void UsernameCacheStats(StoreEntry * output);
- enum CredentialsState { Unchecked, Ok, Pending, Handshake, Failed };
- CredentialsState credentials() const;
- void credentials(CredentialsState);
+ CredentialState credentials() const;
+ void credentials(CredentialState);
private:
/**
@@ -107,10 +112,10 @@
* Handshake happening in stateful auth.
* Failed auth
*/
- CredentialsState credentials_state;
+ CredentialState credentials_state;
protected:
- AuthUser(AuthConfig *);
+ User(Auth::Config *);
private:
/**
@@ -130,11 +135,11 @@
dlink_list ip_list;
};
-extern const char *CredentialsState_str[];
+} // namespace Auth
#if _USE_INLINE_
#include "auth/User.cci"
#endif
#endif /* USE_AUTH */
-#endif /* SQUID_AUTHUSER_H */
+#endif /* SQUID_AUTH_USER_H */
diff -u -r -N squid-3.2.0.6/src/auth/UserRequest.cc squid-3.2.0.7/src/auth/UserRequest.cc
--- squid-3.2.0.6/src/auth/UserRequest.cc 2011-04-04 14:42:49.000000000 +1200
+++ squid-3.2.0.7/src/auth/UserRequest.cc 2011-04-19 12:47:07.000000000 +1200
@@ -80,17 +80,17 @@
debugs(29, 9, HERE << "Validating AuthUserRequest '" << this << "'.");
if (user() == NULL) {
- debugs(29, 4, HERE << "No associated AuthUser data");
+ debugs(29, 4, HERE << "No associated Auth::User data");
return false;
}
if (user()->auth_type == Auth::AUTH_UNKNOWN) {
- debugs(29, 4, HERE << "AuthUser '" << user() << "' uses unknown scheme.");
+ debugs(29, 4, HERE << "Auth::User '" << user() << "' uses unknown scheme.");
return false;
}
if (user()->auth_type == Auth::AUTH_BROKEN) {
- debugs(29, 4, HERE << "AuthUser '" << user() << "' is broken for it's scheme.");
+ debugs(29, 4, HERE << "Auth::User '" << user() << "' is broken for it's scheme.");
return false;
}
@@ -161,7 +161,7 @@
static void
authenticateAuthUserRequestSetIp(AuthUserRequest::Pointer auth_user_request, Ip::Address &ipaddr)
{
- AuthUser::Pointer auth_user = auth_user_request->user();
+ Auth::User::Pointer auth_user = auth_user_request->user();
if (!auth_user)
return;
@@ -172,7 +172,7 @@
void
authenticateAuthUserRequestRemoveIp(AuthUserRequest::Pointer auth_user_request, Ip::Address const &ipaddr)
{
- AuthUser::Pointer auth_user = auth_user_request->user();
+ Auth::User::Pointer auth_user = auth_user_request->user();
if (!auth_user)
return;
@@ -346,7 +346,7 @@
debugs(29, 9, HERE << "This is a new checklist test on FD:" << (conn != NULL ? conn->fd : -1) );
if (proxy_auth && request->auth_user_request == NULL && conn != NULL && conn->auth_user_request != NULL) {
- AuthConfig * scheme = AuthConfig::Find(proxy_auth);
+ Auth::Config * scheme = Auth::Config::Find(proxy_auth);
if (conn->auth_user_request->user() == NULL || conn->auth_user_request->user()->config != scheme) {
debugs(29, 1, "WARNING: Unexpected change of authentication scheme from '" <<
@@ -362,7 +362,7 @@
/* beginning of a new request check */
debugs(29, 4, HERE << "No connection authentication type");
- *auth_user_request = AuthConfig::CreateAuthUser(proxy_auth);
+ *auth_user_request = Auth::Config::CreateAuthUser(proxy_auth);
if (*auth_user_request == NULL)
return AUTH_ACL_CHALLENGE;
else if (!(*auth_user_request)->valid()) {
@@ -526,8 +526,8 @@
else {
/* call each configured & running authscheme */
- for (Auth::authConfig::iterator i = Auth::TheConfig.begin(); i != Auth::TheConfig.end(); ++i) {
- AuthConfig *scheme = *i;
+ for (Auth::ConfigVector::iterator i = Auth::TheConfig.begin(); i != Auth::TheConfig.end(); ++i) {
+ Auth::Config *scheme = *i;
if (scheme->active())
scheme->fixHeader(NULL, rep, type, request);
diff -u -r -N squid-3.2.0.6/src/auth/UserRequest.h squid-3.2.0.7/src/auth/UserRequest.h
--- squid-3.2.0.6/src/auth/UserRequest.h 2011-04-04 14:42:49.000000000 +1200
+++ squid-3.2.0.7/src/auth/UserRequest.h 2011-04-19 12:47:07.000000000 +1200
@@ -78,7 +78,7 @@
* it has request specific data, and links to user specific data
* the user
*/
- AuthUser::Pointer _auth_user;
+ Auth::User::Pointer _auth_user;
/**
* Used by squid to determine what the next step in performing authentication for a given scheme is.
@@ -128,11 +128,11 @@
*/
virtual void module_start(RH *handler, void *data) = 0;
- virtual AuthUser::Pointer user() {return _auth_user;}
+ virtual Auth::User::Pointer user() {return _auth_user;}
- virtual const AuthUser::Pointer user() const {return _auth_user;}
+ virtual const Auth::User::Pointer user() const {return _auth_user;}
- virtual void user(AuthUser::Pointer aUser) {_auth_user=aUser;}
+ virtual void user(Auth::User::Pointer aUser) {_auth_user=aUser;}
static AuthAclState tryToAuthenticateAndSetAuthUser(AuthUserRequest::Pointer *, http_hdr_type, HttpRequest *, ConnStateData *, Ip::Address &);
static void addReplyAuthHeader(HttpReply * rep, AuthUserRequest::Pointer auth_user_request, HttpRequest * request, int accelerated, int internal);
diff -u -r -N squid-3.2.0.6/src/AuthReg.cc squid-3.2.0.7/src/AuthReg.cc
--- squid-3.2.0.6/src/AuthReg.cc 2011-04-04 14:42:49.000000000 +1200
+++ squid-3.2.0.7/src/AuthReg.cc 2011-04-19 12:47:07.000000000 +1200
@@ -2,9 +2,6 @@
#if USE_AUTH
-#include "Debug.h"
-#include "protos.h"
-
#if HAVE_AUTH_MODULE_BASIC
#include "auth/basic/Scheme.h"
#endif
@@ -18,31 +15,34 @@
#include "auth/ntlm/Scheme.h"
#endif
+#include "Debug.h"
+#include "protos.h"
+
/**
* Initialize the authentication modules (if any)
* This is required once, before any configuration actions are taken.
*/
void
-InitAuthSchemes()
+Auth::Init()
{
- debugs(29,1,"Initializing Authentication Schemes ...");
+ debugs(29,DBG_IMPORTANT,"Startup: Initializing Authentication Schemes ...");
#if HAVE_AUTH_MODULE_BASIC
static const char *basic_type = Auth::Basic::Scheme::GetInstance()->type();
- debugs(29,1,"Initialized Authentication Scheme '" << basic_type << "'");
+ debugs(29,DBG_IMPORTANT,"Startup: Initialized Authentication Scheme '" << basic_type << "'");
#endif
#if HAVE_AUTH_MODULE_DIGEST
static const char *digest_type = Auth::Digest::Scheme::GetInstance()->type();
- debugs(29,1,"Initialized Authentication Scheme '" << digest_type << "'");
+ debugs(29,DBG_IMPORTANT,"Startup: Initialized Authentication Scheme '" << digest_type << "'");
#endif
#if HAVE_AUTH_MODULE_NEGOTIATE
static const char *negotiate_type = Auth::Negotiate::Scheme::GetInstance()->type();
- debugs(29,1,"Initialized Authentication Scheme '" << negotiate_type << "'");
+ debugs(29,DBG_IMPORTANT,"Startup: Initialized Authentication Scheme '" << negotiate_type << "'");
#endif
#if HAVE_AUTH_MODULE_NTLM
static const char *ntlm_type = Auth::Ntlm::Scheme::GetInstance()->type();
- debugs(29,1,"Initialized Authentication Scheme '" << ntlm_type << "'");
+ debugs(29,DBG_IMPORTANT,"Startup: Initialized Authentication Scheme '" << ntlm_type << "'");
#endif
- debugs(29,1,"Initializing Authentication Schemes Complete.");
+ debugs(29,DBG_IMPORTANT,"Startup: Initialized Authentication.");
}
#endif /* USE_AUTH */
diff -u -r -N squid-3.2.0.6/src/cache_cf.cc squid-3.2.0.7/src/cache_cf.cc
--- squid-3.2.0.6/src/cache_cf.cc 2011-04-04 14:42:49.000000000 +1200
+++ squid-3.2.0.7/src/cache_cf.cc 2011-04-19 12:47:07.000000000 +1200
@@ -927,8 +927,8 @@
* state will be preserved.
*/
if (Config.onoff.pipeline_prefetch) {
- AuthConfig *nego = AuthConfig::Find("Negotiate");
- AuthConfig *ntlm = AuthConfig::Find("NTLM");
+ Auth::Config *nego = Auth::Config::Find("Negotiate");
+ Auth::Config *ntlm = Auth::Config::Find("NTLM");
if ((nego && nego->active()) || (ntlm && ntlm->active())) {
debugs(3, DBG_IMPORTANT, "WARNING: pipeline_prefetch breaks NTLM and Negotiate authentication. Forced OFF.");
Config.onoff.pipeline_prefetch = 0;
@@ -1835,7 +1835,7 @@
#if USE_AUTH
static void
-parse_authparam(Auth::authConfig * config)
+parse_authparam(Auth::ConfigVector * config)
{
char *type_str;
char *param_str;
@@ -1847,7 +1847,7 @@
self_destruct();
/* find a configuration for the scheme in the currently parsed configs... */
- AuthConfig *schemeCfg = AuthConfig::Find(type_str);
+ Auth::Config *schemeCfg = Auth::Config::Find(type_str);
if (schemeCfg == NULL) {
/* Create a configuration based on the scheme info */
@@ -1859,7 +1859,7 @@
}
config->push_back(theScheme->createConfig());
- schemeCfg = AuthConfig::Find(type_str);
+ schemeCfg = Auth::Config::Find(type_str);
if (schemeCfg == NULL) {
debugs(3, DBG_CRITICAL, "Parsing Config File: Corruption configuring authentication scheme '" << type_str << "'.");
self_destruct();
@@ -1870,7 +1870,7 @@
}
static void
-free_authparam(Auth::authConfig * cfg)
+free_authparam(Auth::ConfigVector * cfg)
{
/* Wipe the Auth globals and Detach/Destruct component config + state. */
cfg->clean();
@@ -1882,14 +1882,14 @@
/* on reconfigure initialize new auth schemes for the new config. */
if (reconfiguring) {
- InitAuthSchemes();
+ Auth::Init();
}
}
static void
-dump_authparam(StoreEntry * entry, const char *name, authConfig cfg)
+dump_authparam(StoreEntry * entry, const char *name, Auth::ConfigVector cfg)
{
- for (authConfig::iterator i = cfg.begin(); i != cfg.end(); ++i)
+ for (Auth::ConfigVector::iterator i = cfg.begin(); i != cfg.end(); ++i)
(*i)->dump(entry, name, (*i));
}
#endif /* USE_AUTH */
@@ -4027,10 +4027,13 @@
}
if (stat(path, &sb) < 0) {
+ debugs(0, DBG_CRITICAL, (opt_parse_cfg_only?"FATAL ":"") << "ERROR: " << name << " " << path << ": " << xstrerror());
+ // keep going to find more issues if we are only checking the config file with "-k parse"
+ if (opt_parse_cfg_only)
+ return;
+ // this is fatal if it is found during startup or reconfigure
if (opt_send_signal == -1 || opt_send_signal == SIGHUP)
fatalf("%s %s: %s", name, path, xstrerror());
- else
- fprintf(stderr, "WARNING: %s %s: %s\n", name, path, xstrerror());
}
}
diff -u -r -N squid-3.2.0.6/src/cf.data.pre squid-3.2.0.7/src/cf.data.pre
--- squid-3.2.0.6/src/cf.data.pre 2011-04-04 14:42:49.000000000 +1200
+++ squid-3.2.0.7/src/cf.data.pre 2011-04-19 12:47:07.000000000 +1200
@@ -4155,10 +4155,10 @@
DEFAULT: on
LOC: Adaptation::Config::use_indirect_client
DOC_START
- Controls whether the indirect client address
- (see follow_x_forwarded_for) instead of the
- direct client address is passed to an ICAP
- server as "X-Client-IP".
+ Controls whether the indirect client IP address (instead of the direct
+ client IP address) is passed to adaptation services.
+
+ See also: follow_x_forwarded_for adaptation_send_client_ip
DOC_END
NAME: via
@@ -4935,7 +4935,7 @@
For a class 5 delay pool:
-delay_parameters pool tag
+delay_parameters pool tagrate
The variables here are:
@@ -4943,19 +4943,19 @@
number specified in delay_pools as used in
delay_class lines.
- aggregate the "delay parameters" for the aggregate bucket
+ aggregate the speed limit parameters for the aggregate bucket
(class 1, 2, 3).
- individual the "delay parameters" for the individual
+ individual the speed limit parameters for the individual
buckets (class 2, 3).
- network the "delay parameters" for the network buckets
+ network the speed limit parameters for the network buckets
(class 3).
- user the delay parameters for the user buckets
+ user the speed limit parameters for the user buckets
(class 4).
- tag the delay parameters for the tag buckets
+ tagrate the speed limit parameters for the tag buckets
(class 5).
A pair of delay parameters is written restore/maximum, where restore is
@@ -6427,7 +6427,11 @@
LOC: Adaptation::Config::send_client_ip
DEFAULT: off
DOC_START
- This adds the header "X-Client-IP" to ICAP requests.
+ If enabled, Squid shares HTTP client IP information with adaptation
+ services. For ICAP, Squid adds the X-Client-IP header to ICAP requests.
+ For eCAP, Squid sets the libecap::metaClientIp transaction option.
+
+ See also: adaptation_uses_indirect_client
DOC_END
NAME: adaptation_send_username icap_send_client_username
diff -u -r -N squid-3.2.0.6/src/client_side.cc squid-3.2.0.7/src/client_side.cc
--- squid-3.2.0.6/src/client_side.cc 2011-04-04 14:42:49.000000000 +1200
+++ squid-3.2.0.7/src/client_side.cc 2011-04-19 12:47:07.000000000 +1200
@@ -606,7 +606,11 @@
}
#endif
+ // Adapted request, if any, inherits and then collects all the stats, but
+ // the virgin request gets logged instead; copy the stats to log them.
+ // TODO: avoid losses by keeping these stats in a shared history object?
if (aLogEntry->request) {
+ aLogEntry->request->dnsWait = request->dnsWait;
aLogEntry->request->errType = request->errType;
aLogEntry->request->errDetail = request->errDetail;
}
@@ -759,7 +763,7 @@
{
debugs(33, 2, "ConnStateData::swanSong: FD " << fd);
fd = -1;
- flags.readMoreRequests = false;
+ flags.readMore = false;
clientdbEstablished(peer, -1); /* decrement */
assert(areAllContextsForThisConnection());
freeAllContexts();
@@ -1511,7 +1515,6 @@
ClientSocketContext::keepaliveNextRequest()
{
ConnStateData * conn = http->getConn();
- bool do_next_read = false;
debugs(33, 3, "ClientSocketContext::keepaliveNextRequest: FD " << conn->fd);
connIsFinished();
@@ -1532,7 +1535,7 @@
* from our read buffer we may never re-register for another client read.
*/
- if (conn->clientParseRequest(do_next_read)) {
+ if (conn->clientParseRequests()) {
debugs(33, 3, "clientSocketContext::keepaliveNextRequest: FD " << conn->fd << ": parsed next request from buffer");
}
@@ -1562,9 +1565,12 @@
if ((deferredRequest = conn->getCurrentContext()).getRaw()) {
debugs(33, 3, "ClientSocketContext:: FD " << conn->fd << ": calling PushDeferredIfNeeded");
ClientSocketContextPushDeferredIfNeeded(deferredRequest, conn);
- } else {
+ } else if (conn->flags.readMore) {
debugs(33, 3, "ClientSocketContext:: FD " << conn->fd << ": calling conn->readNextRequest()");
conn->readNextRequest();
+ } else {
+ // XXX: Can this happen? CONNECT tunnels have deferredRequest set.
+ debugs(33, DBG_IMPORTANT, HERE << "abandoning FD " << conn->fd);
}
}
@@ -2393,16 +2399,7 @@
}
void
-ConnStateData::clientMaybeReadData(int do_next_read)
-{
- if (do_next_read) {
- flags.readMoreRequests = true;
- readSomeData();
- }
-}
-
-void
-ConnStateData::clientAfterReadingRequests(int do_next_read)
+ConnStateData::clientAfterReadingRequests()
{
// Were we expecting to read more request body from half-closed connection?
if (mayNeedToReadMoreBody() && commIsHalfClosed(fd)) {
@@ -2411,7 +2408,8 @@
return;
}
- clientMaybeReadData (do_next_read);
+ if (flags.readMore)
+ readSomeData();
}
static void
@@ -2448,7 +2446,7 @@
}
assert(context->http->out.offset == 0);
context->pullData();
- conn->flags.readMoreRequests = false;
+ conn->flags.readMore = false;
goto finish;
}
@@ -2462,7 +2460,7 @@
repContext->setReplyToError(ERR_INVALID_URL, HTTP_BAD_REQUEST, method, http->uri, conn->peer, NULL, NULL, NULL);
assert(context->http->out.offset == 0);
context->pullData();
- conn->flags.readMoreRequests = false;
+ conn->flags.readMore = false;
goto finish;
}
@@ -2481,7 +2479,7 @@
repContext->setReplyToError(ERR_UNSUP_HTTPVERSION, HTTP_HTTP_VERSION_NOT_SUPPORTED, method, http->uri, conn->peer, NULL, HttpParserHdrBuf(hp), NULL);
assert(context->http->out.offset == 0);
context->pullData();
- conn->flags.readMoreRequests = false;
+ conn->flags.readMore = false;
goto finish;
}
@@ -2498,7 +2496,7 @@
repContext->setReplyToError(ERR_INVALID_REQ, HTTP_BAD_REQUEST, method, http->uri, conn->peer, NULL, NULL, NULL);
assert(context->http->out.offset == 0);
context->pullData();
- conn->flags.readMoreRequests = false;
+ conn->flags.readMore = false;
goto finish;
}
@@ -2566,7 +2564,7 @@
conn->peer, request, NULL, NULL);
assert(context->http->out.offset == 0);
context->pullData();
- conn->flags.readMoreRequests = false;
+ conn->flags.readMore = false;
goto finish;
}
@@ -2580,7 +2578,7 @@
conn->peer, request, NULL, NULL);
assert(context->http->out.offset == 0);
context->pullData();
- conn->flags.readMoreRequests = false;
+ conn->flags.readMore = false;
goto finish;
}
@@ -2595,6 +2593,7 @@
http->uri, conn->peer, request, NULL, NULL);
assert(context->http->out.offset == 0);
context->pullData();
+ conn->flags.readMore = false;
goto finish;
}
}
@@ -2602,9 +2601,11 @@
http->request = HTTPMSGLOCK(request);
clientSetKeepaliveFlag(http);
- /* If this is a CONNECT, don't schedule a read - ssl.c will handle it */
- if (http->request->method == METHOD_CONNECT)
+ // Let tunneling code be fully responsible for CONNECT requests
+ if (http->request->method == METHOD_CONNECT) {
context->mayUseConnection(true);
+ conn->flags.readMore = false;
+ }
/* Do we expect a request-body? */
expectBody = chunked || request->content_length > 0;
@@ -2627,6 +2628,7 @@
conn->peer, http->request, NULL, NULL);
assert(context->http->out.offset == 0);
context->pullData();
+ conn->flags.readMore = false;
goto finish;
}
@@ -2635,10 +2637,11 @@
if (!conn->handleRequestBodyData())
goto finish;
- if (!request->body_pipe->productionEnded())
- conn->readSomeData();
-
- context->mayUseConnection(!request->body_pipe->productionEnded());
+ if (!request->body_pipe->productionEnded()) {
+ debugs(33, 5, HERE << "need more request body");
+ context->mayUseConnection(true);
+ assert(conn->flags.readMore);
+ }
}
http->calloutContext = new ClientRequestContext(http);
@@ -2658,7 +2661,7 @@
*/
if (http->request->flags.resetTCP() && conn->fd > -1) {
debugs(33, 3, HERE << "Sending TCP RST on FD " << conn->fd);
- conn->flags.readMoreRequests = false;
+ conn->flags.readMore = false;
comm_reset_close(conn->fd);
return;
}
@@ -2692,11 +2695,9 @@
* Attempt to parse one or more requests from the input buffer.
* If a request is successfully parsed, even if the next request
* is only partially parsed, it will return TRUE.
- * do_next_read is updated to indicate whether a read should be
- * scheduled.
*/
bool
-ConnStateData::clientParseRequest(bool &do_next_read)
+ConnStateData::clientParseRequests()
{
HttpRequestMethod method;
bool parsed_req = false;
@@ -2705,8 +2706,8 @@
debugs(33, 5, HERE << "FD " << fd << ": attempting to parse");
// Loop while we have read bytes that are not needed for producing the body
- // On errors, bodyPipe may become nil, but readMoreRequests will be cleared
- while (in.notYetUsed > 0 && !bodyPipe && flags.readMoreRequests) {
+ // On errors, bodyPipe may become nil, but readMore will be cleared
+ while (in.notYetUsed > 0 && !bodyPipe && flags.readMore) {
connStripBufferWhitespace(this);
/* Don't try to parse if the buffer is empty */
@@ -2749,8 +2750,8 @@
parsed_req = true; // XXX: do we really need to parse everything right NOW ?
if (context->mayUseConnection()) {
- debugs(33, 3, HERE << "Not reading, as this request may need the connection");
- return false;
+ debugs(33, 3, HERE << "Not parsing new requests, as this request may need the connection");
+ break;
}
}
}
@@ -2765,7 +2766,6 @@
debugs(33,5,HERE << "clientReadRequest FD " << io.fd << " size " << io.size);
Must(reading());
reader = NULL;
- bool do_next_read = 1; /* the default _is_ to read data! - adrian */
assert (io.fd == fd);
@@ -2810,8 +2810,6 @@
commMarkHalfClosed(fd);
- do_next_read = 0;
-
fd_note(fd, "half-closed");
/* There is one more close check at the end, to detect aborted
@@ -2826,7 +2824,7 @@
if (getConcurrentRequestCount() == 0)
fd_note(fd, "Reading next request");
- if (!clientParseRequest(do_next_read)) {
+ if (!clientParseRequests()) {
if (!isOpen())
return;
/*
@@ -2847,7 +2845,7 @@
if (!isOpen())
return;
- clientAfterReadingRequests(do_next_read);
+ clientAfterReadingRequests();
}
/**
@@ -2998,7 +2996,7 @@
debugs(33, 3, HERE << "aborting chunked request without error " << error);
comm_reset_close(fd);
#endif
- flags.readMoreRequests = false;
+ flags.readMore = false;
}
void
@@ -3142,7 +3140,7 @@
}
- result->flags.readMoreRequests = true;
+ result->flags.readMore = true;
return result;
}
diff -u -r -N squid-3.2.0.6/src/client_side.h squid-3.2.0.7/src/client_side.h
--- squid-3.2.0.6/src/client_side.h 2011-04-04 14:42:49.000000000 +1200
+++ squid-3.2.0.7/src/client_side.h 2011-04-19 12:47:07.000000000 +1200
@@ -152,7 +152,7 @@
void freeAllContexts();
void notifyAllContexts(const int xerrno); ///< tell everybody about the err
/// Traffic parsing
- bool clientParseRequest(bool &do_next_read);
+ bool clientParseRequests();
void readNextRequest();
bool maybeMakeSpaceAvailable();
ClientSocketContext::Pointer getCurrentContext() const;
@@ -213,7 +213,7 @@
#endif
struct {
- bool readMoreRequests;
+ bool readMore; ///< needs comm_read (for this request or new requests)
bool swanSang; // XXX: temporary flag to check proper cleanup
} flags;
struct {
@@ -306,8 +306,7 @@
private:
int connReadWasError(comm_err_t flag, int size, int xerrno);
int connFinishedWithConn(int size);
- void clientMaybeReadData(int do_next_read);
- void clientAfterReadingRequests(int do_next_read);
+ void clientAfterReadingRequests();
private:
HttpParser parser_;
diff -u -r -N squid-3.2.0.6/src/comm/ModPoll.cc squid-3.2.0.7/src/comm/ModPoll.cc
--- squid-3.2.0.6/src/comm/ModPoll.cc 2011-04-04 14:42:49.000000000 +1200
+++ squid-3.2.0.7/src/comm/ModPoll.cc 2011-04-19 12:47:07.000000000 +1200
@@ -414,7 +414,7 @@
* Note that this will only ever trigger when there are no log files
* and stdout/err/in are all closed too.
*/
- if (nfds == 0 && !npending) {
+ if (nfds == 0 && npending == 0) {
if (shutting_down)
return COMM_SHUTDOWN;
else
@@ -428,7 +428,7 @@
++statCounter.select_loops;
PROF_stop(comm_poll_normal);
- if (num >= 0 || npending >= 0)
+ if (num >= 0 || npending > 0)
break;
if (ignoreErrno(errno))
diff -u -r -N squid-3.2.0.6/src/DelayUser.cc squid-3.2.0.7/src/DelayUser.cc
--- squid-3.2.0.6/src/DelayUser.cc 2011-04-04 14:42:49.000000000 +1200
+++ squid-3.2.0.7/src/DelayUser.cc 2011-04-19 12:47:07.000000000 +1200
@@ -186,7 +186,7 @@
::operator delete(address);
}
-DelayUserBucket::DelayUserBucket(AuthUser::Pointer aUser) : authUser(aUser)
+DelayUserBucket::DelayUserBucket(Auth::User::Pointer aUser) : authUser(aUser)
{
debugs(77, 3, "DelayUserBucket::DelayUserBucket");
}
@@ -204,7 +204,7 @@
theBucket.stats(entry);
}
-DelayUser::Id::Id(DelayUser::Pointer aDelayUser, AuthUser::Pointer aUser) : theUser(aDelayUser)
+DelayUser::Id::Id(DelayUser::Pointer aDelayUser, Auth::User::Pointer aUser) : theUser(aDelayUser)
{
theBucket = new DelayUserBucket(aUser);
DelayUserBucket::Pointer const *existing = theUser->buckets.find(theBucket, DelayUserCmp);
diff -u -r -N squid-3.2.0.6/src/DelayUser.h squid-3.2.0.7/src/DelayUser.h
--- squid-3.2.0.6/src/DelayUser.h 2011-04-04 14:42:49.000000000 +1200
+++ squid-3.2.0.7/src/DelayUser.h 2011-04-19 12:47:07.000000000 +1200
@@ -58,10 +58,10 @@
void operator delete (void *);
void stats(StoreEntry *)const;
- DelayUserBucket(AuthUser::Pointer);
+ DelayUserBucket(Auth::User::Pointer);
~DelayUserBucket();
DelayBucket theBucket;
- AuthUser::Pointer authUser;
+ Auth::User::Pointer authUser;
};
/// \ingroup DelayPoolsAPI
@@ -90,7 +90,7 @@
public:
void *operator new(size_t);
void operator delete (void *);
- Id(RefCount, AuthUser::Pointer);
+ Id(RefCount, Auth::User::Pointer);
~Id();
virtual int bytesWanted (int min, int max) const;
virtual void bytesIn(int qty);
diff -u -r -N squid-3.2.0.6/src/DiskIO/AIO/async_io.h squid-3.2.0.7/src/DiskIO/AIO/async_io.h
--- squid-3.2.0.6/src/DiskIO/AIO/async_io.h 2011-04-04 14:42:49.000000000 +1200
+++ squid-3.2.0.7/src/DiskIO/AIO/async_io.h 2011-04-19 12:47:07.000000000 +1200
@@ -32,7 +32,6 @@
AQ_ENTRY_WRITE
} async_queue_entry_type_t;
-
typedef struct _async_queue_entry async_queue_entry_t;
typedef struct _async_queue async_queue_t;
@@ -45,7 +44,12 @@
async_queue_entry_state_t aq_e_state;
async_queue_entry_type_t aq_e_type;
+ /* 64-bit environments with non-GCC complain about the type mismatch on Linux */
+#if defined(__USE_FILE_OFFSET64) && !defined(__GNUC__)
+ struct aiocb64 aq_e_aiocb;
+#else
struct aiocb aq_e_aiocb;
+#endif
AIODiskFile *theFile;
void *aq_e_callback_data;
FREE *aq_e_free;
diff -u -r -N squid-3.2.0.6/src/fs/ufs/store_dir_ufs.cc squid-3.2.0.7/src/fs/ufs/store_dir_ufs.cc
--- squid-3.2.0.6/src/fs/ufs/store_dir_ufs.cc 2011-04-04 14:42:49.000000000 +1200
+++ squid-3.2.0.7/src/fs/ufs/store_dir_ufs.cc 2011-04-19 12:47:07.000000000 +1200
@@ -1063,7 +1063,6 @@
{
DIR *dir_pointer = NULL;
- struct dirent *de = NULL;
LOCAL_ARRAY(char, p1, MAXPATHLEN + 1);
LOCAL_ARRAY(char, p2, MAXPATHLEN + 1);
@@ -1107,6 +1106,7 @@
return 0;
}
+ dirent_t *de;
while ((de = readdir(dir_pointer)) != NULL && k < 20) {
if (sscanf(de->d_name, "%X", &swapfileno) != 1)
continue;
diff -u -r -N squid-3.2.0.6/src/fs/ufs/ufscommon.h squid-3.2.0.7/src/fs/ufs/ufscommon.h
--- squid-3.2.0.6/src/fs/ufs/ufscommon.h 2011-04-04 14:42:49.000000000 +1200
+++ squid-3.2.0.7/src/fs/ufs/ufscommon.h 2011-04-19 12:47:07.000000000 +1200
@@ -399,7 +399,7 @@
int done;
int fn;
- struct dirent *entry;
+ dirent_t *entry;
DIR *td;
char fullpath[MAXPATHLEN];
char fullfilename[MAXPATHLEN];
diff -u -r -N squid-3.2.0.6/src/http.cc squid-3.2.0.7/src/http.cc
--- squid-3.2.0.6/src/http.cc 2011-04-04 14:42:49.000000000 +1200
+++ squid-3.2.0.7/src/http.cc 2011-04-19 12:47:07.000000000 +1200
@@ -1966,6 +1966,13 @@
case HDR_PROXY_CONNECTION: // SHOULD ignore. But doing so breaks things.
break;
+ case HDR_CONTENT_LENGTH:
+ // pass through unless we chunk; also, keeping this away from default
+ // prevents request smuggling via Connection: Content-Length tricks
+ if (!flags.chunked_request)
+ hdr_out->addEntry(e->clone());
+ break;
+
case HDR_X_FORWARDED_FOR:
case HDR_CACHE_CONTROL:
@@ -2088,8 +2095,8 @@
Dialer, this, HttpStateData::sentRequestBody);
Must(!flags.chunked_request);
- // Preserve original chunked encoding unless we learned the length.
- if (orig_request->header.chunked() && orig_request->content_length < 0)
+ // use chunked encoding if we do not know the length
+ if (orig_request->content_length < 0)
flags.chunked_request = 1;
} else {
assert(!requestBodySource);
diff -u -r -N squid-3.2.0.6/src/main.cc squid-3.2.0.7/src/main.cc
--- squid-3.2.0.6/src/main.cc 2011-04-04 14:42:49.000000000 +1200
+++ squid-3.2.0.7/src/main.cc 2011-04-19 12:47:07.000000000 +1200
@@ -1368,7 +1368,7 @@
/* we may want the parsing process to set this up in the future */
Store::Root(new StoreController);
#if USE_AUTH
- InitAuthSchemes(); /* required for config parsing */
+ Auth::Init(); /* required for config parsing */
#endif
Ip::ProbeTransport(); // determine IPv4 or IPv6 capabilities before parsing.
diff -u -r -N squid-3.2.0.6/src/Makefile.am squid-3.2.0.7/src/Makefile.am
--- squid-3.2.0.6/src/Makefile.am 2011-04-04 14:42:49.000000000 +1200
+++ squid-3.2.0.7/src/Makefile.am 2011-04-19 12:47:07.000000000 +1200
@@ -820,7 +820,7 @@
DEFAULT_UNLINKD = $(libexecdir)/`echo unlinkd | sed '$(transform);s/$$/$(EXEEXT)/'`
DEFAULT_LOGFILED = $(libexecdir)/`echo log_file_daemon | sed '$(transform);s/$$/$(EXEEXT)/'`
DEFAULT_DISKD = $(libexecdir)/`echo diskd | sed '$(transform);s/$$/$(EXEEXT)/'`
-DEFAULT_ICON_DIR = $(localstatedir)/www/squid/icons
+DEFAULT_ICON_DIR = $(datadir)/icons
DEFAULT_ERROR_DIR = $(datadir)/errors
# Make location configure settings available to the code
@@ -913,19 +913,7 @@
EXTRA_DIST += squid.8.in
CLEANFILES += squid.8
-## check for existing Squid icons (used to be $datadir/icons).
-## move them into the new icons location so we dont break anyones existing mime.conf
-mimeconf-Upgrade-Shuffle:
- @if test -d $(DESTDIR)$(datadir)/icons; then \
- mv $(DESTDIR)$(datadir)/icons/* $(DESTDIR)$(DEFAULT_ICON_DIR)/; \
- $(RM) -r $(DESTDIR)$(datadir)/icons; \
- echo "NOTICE: "; \
- echo "NOTICE: The Squid icons have been upgraded. Please update your $(DESTDIR)$(DEFAULT_MIME_TABLE)." ; \
- echo "NOTICE: $(DESTDIR)$(DEFAULT_MIME_TABLE).default contains the new icon configuration." ; \
- echo "NOTICE: "; \
- fi
-
-install-data-local: install-sysconfDATA install-dataDATA mimeconf-Upgrade-Shuffle
+install-data-local: install-sysconfDATA install-dataDATA
@if test -f $(DESTDIR)$(DEFAULT_MIME_TABLE) ; then \
echo "$@ will not overwrite existing $(DESTDIR)$(DEFAULT_MIME_TABLE)" ; \
else \
diff -u -r -N squid-3.2.0.6/src/Makefile.in squid-3.2.0.7/src/Makefile.in
--- squid-3.2.0.6/src/Makefile.in 2011-04-04 14:43:41.000000000 +1200
+++ squid-3.2.0.7/src/Makefile.in 2011-04-19 12:48:07.000000000 +1200
@@ -2289,7 +2289,7 @@
DEFAULT_UNLINKD = $(libexecdir)/`echo unlinkd | sed '$(transform);s/$$/$(EXEEXT)/'`
DEFAULT_LOGFILED = $(libexecdir)/`echo log_file_daemon | sed '$(transform);s/$$/$(EXEEXT)/'`
DEFAULT_DISKD = $(libexecdir)/`echo diskd | sed '$(transform);s/$$/$(EXEEXT)/'`
-DEFAULT_ICON_DIR = $(localstatedir)/www/squid/icons
+DEFAULT_ICON_DIR = $(datadir)/icons
DEFAULT_ERROR_DIR = $(datadir)/errors
SUBSTITUTE = sed "\
s%@DEFAULT_ERROR_DIR@%$(DEFAULT_ERROR_DIR)%g;\
@@ -5719,17 +5719,7 @@
squid.8: $(srcdir)/squid.8.in Makefile
$(SUBSTITUTE) < $(srcdir)/squid.8.in > $@
-mimeconf-Upgrade-Shuffle:
- @if test -d $(DESTDIR)$(datadir)/icons; then \
- mv $(DESTDIR)$(datadir)/icons/* $(DESTDIR)$(DEFAULT_ICON_DIR)/; \
- $(RM) -r $(DESTDIR)$(datadir)/icons; \
- echo "NOTICE: "; \
- echo "NOTICE: The Squid icons have been upgraded. Please update your $(DESTDIR)$(DEFAULT_MIME_TABLE)." ; \
- echo "NOTICE: $(DESTDIR)$(DEFAULT_MIME_TABLE).default contains the new icon configuration." ; \
- echo "NOTICE: "; \
- fi
-
-install-data-local: install-sysconfDATA install-dataDATA mimeconf-Upgrade-Shuffle
+install-data-local: install-sysconfDATA install-dataDATA
@if test -f $(DESTDIR)$(DEFAULT_MIME_TABLE) ; then \
echo "$@ will not overwrite existing $(DESTDIR)$(DEFAULT_MIME_TABLE)" ; \
else \
diff -u -r -N squid-3.2.0.6/src/MemBlob.cc squid-3.2.0.7/src/MemBlob.cc
--- squid-3.2.0.6/src/MemBlob.cc 2011-04-04 14:42:49.000000000 +1200
+++ squid-3.2.0.7/src/MemBlob.cc 2011-04-19 12:47:07.000000000 +1200
@@ -32,16 +32,14 @@
#include "config.h"
#include "base/TextException.h"
#include "Debug.h"
+#include "Mem.h"
#include "MemBlob.h"
+#include "protos.h"
+
#if HAVE_IOSTREAM
#include
#endif
-#define MEMBLOB_USES_MEM_POOLS 0
-
-#if MEMBLOB_USES_MEM_POOLS
-#include "protos.h"
-#endif
MemBlobStats MemBlob::Stats;
InstanceIdDefinitions(MemBlob, "blob");
@@ -90,13 +88,8 @@
MemBlob::~MemBlob()
{
-#if MEMBLOB_USES_MEM_POOLS
- //no mempools for now
- // \todo reinstate mempools use
- memFreeString(capacity,mem);
-#else
- xfree(mem);
-#endif
+ if (mem || capacity)
+ memFreeString(capacity,mem);
Stats.liveBytes -= capacity;
--Stats.live;
@@ -106,45 +99,16 @@
<< " size=" << size);
}
-/**
- * Given the requested minimum size, return a rounded allocation size
- * for the backing store.
- * This is a stopgap call, this job is eventually expected to be handled
- * by MemPools via memAllocString.
- */
-MemBlob::size_type
-MemBlob::calcAllocSize(const size_type sz) const
-{
- if (sz <= 36) return 36;
- if (sz <= 128) return 128;
- if (sz <= 512) return 512;
- if (sz <= 4096) return RoundTo(sz, 512);
- // XXX: recover squidSystemPageSize functionality. It's easy for
- // the main squid, harder for tests
-#if 0
- return RoundTo(sz, squidSystemPageSize);
-#else
- return RoundTo(sz, 4096);
-#endif
-}
-
/** Allocate an available space area of at least minSize bytes in size.
* Must be called by constructors and only by constructors.
*/
void
MemBlob::memAlloc(const size_type minSize)
{
- size_t actualAlloc = calcAllocSize(minSize);
+ size_t actualAlloc = minSize;
Must(!mem);
-#if MEMBLOB_USES_MEM_POOLS
- // XXX: for now, do without mempools. In order to do it, MemPools
- // need to be singletons so that initialization order can be enforced
- mem = static_cast(memAllocString(minSize, &actualAlloc));
-#else
- // \todo reinstate mempools use
- mem = static_cast(xmalloc(actualAlloc));
-#endif
+ mem = static_cast(memAllocString(actualAlloc, &actualAlloc));
Must(mem);
capacity = actualAlloc;
diff -u -r -N squid-3.2.0.6/src/MemBlob.h squid-3.2.0.7/src/MemBlob.h
--- squid-3.2.0.6/src/MemBlob.h 2011-04-04 14:42:49.000000000 +1200
+++ squid-3.2.0.7/src/MemBlob.h 2011-04-19 12:47:07.000000000 +1200
@@ -122,7 +122,6 @@
static MemBlobStats Stats; ///< class-wide statistics
void memAlloc(const size_type memSize);
- size_type calcAllocSize(const size_type minSize) const;
/// whether the offset points to the end of the used area
bool isAppendOffset(const size_type off) const { return off == size; }
diff -u -r -N squid-3.2.0.6/src/mem.cc squid-3.2.0.7/src/mem.cc
--- squid-3.2.0.6/src/mem.cc 2011-04-04 14:42:49.000000000 +1200
+++ squid-3.2.0.7/src/mem.cc 2011-04-19 12:47:07.000000000 +1200
@@ -61,8 +61,15 @@
static double xm_time = 0;
static double xm_deltat = 0;
+/* all pools are ready to be used */
+static bool MemIsInitialized = false;
+
/* string pools */
-#define mem_str_pool_count 3
+#define mem_str_pool_count 6
+
+// 4 bytes bigger than the biggest string pool size
+// which is in turn calculated from SmallestStringBeforeMemIsInitialized
+static const size_t SmallestStringBeforeMemIsInitialized = 1024*16+4;
static const struct {
const char *name;
@@ -78,8 +85,18 @@
"Medium Strings", MemAllocator::RoundedSize(128),
}, /* to fit most urls */
{
- "Long Strings", MemAllocator::RoundedSize(512)
- } /* other */
+ "Long Strings", MemAllocator::RoundedSize(512),
+ },
+ {
+ "1KB Strings", MemAllocator::RoundedSize(1024),
+ },
+ {
+ "4KB Strings", MemAllocator::RoundedSize(4*1024),
+ },
+ {
+ "16KB Strings",
+ MemAllocator::RoundedSize(SmallestStringBeforeMemIsInitialized-4)
+ }
};
static struct {
@@ -190,14 +207,20 @@
MemPools[type]->freeOne(p);
}
-/* allocate a variable size buffer using best-fit pool */
+/* allocate a variable size buffer using best-fit string pool */
void *
memAllocString(size_t net_size, size_t * gross_size)
{
- int i;
MemAllocator *pool = NULL;
assert(gross_size);
+ // if pools are not yet ready, make sure that
+ // the requested size is not poolable so that the right deallocator
+ // will be used
+ if (!MemIsInitialized && net_size < SmallestStringBeforeMemIsInitialized)
+ net_size = SmallestStringBeforeMemIsInitialized;
+
+ unsigned int i;
for (i = 0; i < mem_str_pool_count; ++i) {
if (net_size <= StrPoolsAttrs[i].obj_size) {
pool = StrPools[i].pool;
@@ -207,6 +230,7 @@
*gross_size = pool ? StrPoolsAttrs[i].obj_size : net_size;
assert(*gross_size >= net_size);
+ // may forget [de]allocations until MemIsInitialized
memMeterInc(StrCountMeter);
memMeterAdd(StrVolumeMeter, *gross_size);
return pool ? pool->alloc() : xcalloc(1, net_size);
@@ -228,18 +252,20 @@
void
memFreeString(size_t size, void *buf)
{
- int i;
MemAllocator *pool = NULL;
- assert(size && buf);
+ assert(buf);
- for (i = 0; i < mem_str_pool_count; ++i) {
- if (size <= StrPoolsAttrs[i].obj_size) {
- assert(size == StrPoolsAttrs[i].obj_size);
- pool = StrPools[i].pool;
- break;
+ if (MemIsInitialized) {
+ for (unsigned int i = 0; i < mem_str_pool_count; ++i) {
+ if (size <= StrPoolsAttrs[i].obj_size) {
+ assert(size == StrPoolsAttrs[i].obj_size);
+ pool = StrPools[i].pool;
+ break;
+ }
}
}
+ // may forget [de]allocations until MemIsInitialized
memMeterDec(StrCountMeter);
memMeterDel(StrVolumeMeter, size);
pool ? pool->freeOne(buf) : xfree(buf);
@@ -438,6 +464,7 @@
debugs(13, 1, "Notice: " << StrPoolsAttrs[i].name << " is " << StrPools[i].pool->objectSize() << " bytes instead of requested " << StrPoolsAttrs[i].obj_size << " bytes");
}
+ MemIsInitialized = true;
/** \par
* finally register with the cache manager */
RegisterWithCacheManager();
diff -u -r -N squid-3.2.0.6/src/mk-string-arrays.awk squid-3.2.0.7/src/mk-string-arrays.awk
--- squid-3.2.0.6/src/mk-string-arrays.awk 2011-04-04 14:42:49.000000000 +1200
+++ squid-3.2.0.7/src/mk-string-arrays.awk 2011-04-19 12:47:07.000000000 +1200
@@ -37,6 +37,13 @@
next
}
+/^#/ {
+ if (codeSkip) next
+
+ Wrapper[++e] = $0
+ next
+}
+
/^} / {
split($2, t, ";") # remove ;
type = t[1]
@@ -50,7 +57,9 @@
print "\nconst char *" type "_str[] = {"
for ( i = 1; i < e; ++i)
- print "\t\"" Element[i] "\","
+ if (Wrapper[i]) print Wrapper[i]
+ else print "\t\"" Element[i] "\","
+
print "\t\"" Element[i] "\""
print "};"
if (namespace) print "}; // namespace " namespace
diff -u -r -N squid-3.2.0.6/src/protos.h squid-3.2.0.7/src/protos.h
--- squid-3.2.0.6/src/protos.h 2011-04-04 14:42:49.000000000 +1200
+++ squid-3.2.0.7/src/protos.h 2011-04-19 12:47:07.000000000 +1200
@@ -804,8 +804,11 @@
SQUIDCEXTERN char *peer_proxy_negotiate_auth(char *principal_name, char *proxy);
#endif
- /* call to ensure the auth component schemes exist. */
- SQUIDCEXTERN void InitAuthSchemes(void);
+ namespace Auth {
+ /* call to ensure the auth component schemes exist. */
+ extern void Init(void);
+ } // namespace Auth
+
#endif /* USE_AUTH */
#endif /* SQUID_PROTOS_H */
diff -u -r -N squid-3.2.0.6/src/stat.cc squid-3.2.0.7/src/stat.cc
--- squid-3.2.0.6/src/stat.cc 2011-04-04 14:42:49.000000000 +1200
+++ squid-3.2.0.7/src/stat.cc 2011-04-19 12:47:07.000000000 +1200
@@ -1376,7 +1376,7 @@
#if USE_AUTH
Mgr::RegisterAction("username_cache",
"Active Cached Usernames",
- AuthUser::UsernameCacheStats, 0, 1);
+ Auth::User::UsernameCacheStats, 0, 1);
#endif
#if DEBUG_OPENFD
Mgr::RegisterAction("openfd_objects", "Objects with Swapout files open",
diff -u -r -N squid-3.2.0.6/src/tests/testAuth.cc squid-3.2.0.7/src/tests/testAuth.cc
--- squid-3.2.0.6/src/tests/testAuth.cc 2011-04-04 14:42:49.000000000 +1200
+++ squid-3.2.0.7/src/tests/testAuth.cc 2011-04-19 12:47:07.000000000 +1200
@@ -59,12 +59,12 @@
}
static
-AuthConfig *
+Auth::Config *
getConfig(char const *type_str)
{
- Auth::authConfig &config = Auth::TheConfig;
+ Auth::ConfigVector &config = Auth::TheConfig;
/* find a configuration for the scheme */
- AuthConfig *scheme = AuthConfig::Find(type_str);
+ Auth::Config *scheme = Auth::Config::Find(type_str);
if (scheme == NULL) {
/* Create a configuration */
@@ -85,9 +85,9 @@
static
void
-setup_scheme(AuthConfig *scheme, char const **params, unsigned param_count)
+setup_scheme(Auth::Config *scheme, char const **params, unsigned param_count)
{
- Auth::authConfig &config = Auth::TheConfig;
+ Auth::ConfigVector &config = Auth::TheConfig;
for (unsigned position=0; position < param_count; position++) {
char *param_str=xstrdup(params[position]);
@@ -107,7 +107,7 @@
Mem::Init();
- Auth::authConfig &config = Auth::TheConfig;
+ Auth::ConfigVector &config = Auth::TheConfig;
char const *digest_parms[]= {"program /home/robertc/install/squid/libexec/digest_pw_auth /home/robertc/install/squid/etc/digest.pwd",
"realm foo"
@@ -134,7 +134,7 @@
};
for (unsigned scheme=0; scheme < 4; scheme++) {
- AuthConfig *schemeConfig;
+ Auth::Config *schemeConfig;
schemeConfig = getConfig(params[scheme].name);
if (schemeConfig != NULL)
setup_scheme(schemeConfig, params[scheme].params,
@@ -149,7 +149,7 @@
setup=true;
}
-/* AuthConfig::CreateAuthUser works for all
+/* Auth::Config::CreateAuthUser works for all
* authentication types
*/
void
@@ -159,7 +159,7 @@
fake_auth_setup();
for (Auth::Scheme::iterator i = Auth::Scheme::GetSchemes().begin(); i != Auth::Scheme::GetSchemes().end(); ++i) {
- AuthUserRequest::Pointer authRequest = AuthConfig::CreateAuthUser(find_proxy_auth((*i)->type()));
+ AuthUserRequest::Pointer authRequest = Auth::Config::CreateAuthUser(find_proxy_auth((*i)->type()));
CPPUNIT_ASSERT(authRequest != NULL);
}
}
@@ -180,14 +180,14 @@
for (Auth::Scheme::iterator i = Auth::Scheme::GetSchemes().begin(); i != Auth::Scheme::GetSchemes().end(); ++i) {
// create a user request
// check its scheme matches *i
- AuthUserRequest::Pointer authRequest = AuthConfig::CreateAuthUser(find_proxy_auth((*i)->type()));
+ AuthUserRequest::Pointer authRequest = Auth::Config::CreateAuthUser(find_proxy_auth((*i)->type()));
CPPUNIT_ASSERT_EQUAL(authRequest->scheme(), *i);
}
}
#if HAVE_AUTH_MODULE_BASIC
+#include "auth/basic/User.h"
#include "auth/basic/UserRequest.h"
-#include "auth/basic/auth_basic.h"
/* AuthBasicUserRequest::AuthBasicUserRequest works
*/
void
@@ -202,7 +202,7 @@
testAuthBasicUserRequest::username()
{
AuthUserRequest::Pointer temp = new AuthBasicUserRequest();
- BasicUser *basic_auth=new BasicUser(AuthConfig::Find("basic"));
+ Auth::Basic::User *basic_auth=new Auth::Basic::User(Auth::Config::Find("basic"));
basic_auth->username("John");
temp->user(basic_auth);
CPPUNIT_ASSERT_EQUAL(0, strcmp("John", temp->username()));
@@ -210,7 +210,8 @@
#endif /* HAVE_AUTH_MODULE_BASIC */
#if HAVE_AUTH_MODULE_DIGEST
-#include "auth/digest/auth_digest.h"
+#include "auth/digest/User.h"
+#include "auth/digest/UserRequest.h"
/* AuthDigestUserRequest::AuthDigestUserRequest works
*/
void
@@ -225,7 +226,7 @@
testAuthDigestUserRequest::username()
{
AuthUserRequest::Pointer temp = new AuthDigestUserRequest();
- DigestUser *duser=new DigestUser(AuthConfig::Find("digest"));
+ Auth::Digest::User *duser=new Auth::Digest::User(Auth::Config::Find("digest"));
duser->username("John");
temp->user(duser);
CPPUNIT_ASSERT_EQUAL(0, strcmp("John", temp->username()));
@@ -233,7 +234,8 @@
#endif /* HAVE_AUTH_MODULE_DIGEST */
#if HAVE_AUTH_MODULE_NTLM
-#include "auth/ntlm/auth_ntlm.h"
+#include "auth/ntlm/User.h"
+#include "auth/ntlm/UserRequest.h"
/* AuthNTLMUserRequest::AuthNTLMUserRequest works
*/
void
@@ -248,7 +250,7 @@
testAuthNTLMUserRequest::username()
{
AuthUserRequest::Pointer temp = new AuthNTLMUserRequest();
- NTLMUser *nuser=new NTLMUser(AuthConfig::Find("ntlm"));
+ Auth::Ntlm::User *nuser=new Auth::Ntlm::User(Auth::Config::Find("ntlm"));
nuser->username("John");
temp->user(nuser);
CPPUNIT_ASSERT_EQUAL(0, strcmp("John", temp->username()));
@@ -256,7 +258,8 @@
#endif /* HAVE_AUTH_MODULE_NTLM */
#if HAVE_AUTH_MODULE_NEGOTIATE
-#include "auth/negotiate/auth_negotiate.h"
+#include "auth/negotiate/User.h"
+#include "auth/negotiate/UserRequest.h"
/* AuthNegotiateUserRequest::AuthNegotiateUserRequest works
*/
void
@@ -271,7 +274,7 @@
testAuthNegotiateUserRequest::username()
{
AuthUserRequest::Pointer temp = new AuthNegotiateUserRequest();
- NegotiateUser *nuser=new NegotiateUser(AuthConfig::Find("negotiate"));
+ Auth::Negotiate::User *nuser=new Auth::Negotiate::User(Auth::Config::Find("negotiate"));
nuser->username("John");
temp->user(nuser);
CPPUNIT_ASSERT_EQUAL(0, strcmp("John", temp->username()));
diff -u -r -N squid-3.2.0.6/src/tools.cc squid-3.2.0.7/src/tools.cc
--- squid-3.2.0.6/src/tools.cc 2011-04-04 14:42:49.000000000 +1200
+++ squid-3.2.0.7/src/tools.cc 2011-04-19 12:47:07.000000000 +1200
@@ -966,7 +966,16 @@
setMaxFD(void)
{
#if HAVE_SETRLIMIT && defined(RLIMIT_NOFILE)
+
+ /* On Linux with 64-bit file support the sys/resource.h header
+ * uses #define to change the function definition to require rlimit64
+ */
+#if defined(getrlimit)
+ struct rlimit64 rl; // Assume its a 64-bit redefine anyways.
+#else
struct rlimit rl;
+#endif
+
if (getrlimit(RLIMIT_NOFILE, &rl) < 0) {
debugs(50, DBG_CRITICAL, "setrlimit: RLIMIT_NOFILE: " << xstrerror());
} else if (Config.max_filedescriptors > 0) {
@@ -1002,7 +1011,16 @@
{
#if HAVE_SETRLIMIT && defined(RLIMIT_NOFILE) && !_SQUID_CYGWIN_
/* limit system filedescriptors to our own limit */
+
+ /* On Linux with 64-bit file support the sys/resource.h header
+ * uses #define to change the function definition to require rlimit64
+ */
+#if defined(getrlimit)
+ struct rlimit64 rl; // Assume its a 64-bit redefine anyways.
+#else
struct rlimit rl;
+#endif
+
if (getrlimit(RLIMIT_NOFILE, &rl) < 0) {
debugs(50, DBG_CRITICAL, "setrlimit: RLIMIT_NOFILE: " << xstrerror());
} else {
diff -u -r -N squid-3.2.0.6/src/typedefs.h squid-3.2.0.7/src/typedefs.h
--- squid-3.2.0.6/src/typedefs.h 2011-04-04 14:42:49.000000000 +1200
+++ squid-3.2.0.7/src/typedefs.h 2011-04-19 12:47:07.000000000 +1200
@@ -51,12 +51,6 @@
/// \deprecated Use AuthUserHashPointer instead.
typedef struct AuthUserHashPointer auth_user_hash_pointer;
-/* temporary: once Config is fully hidden, this shouldn't be needed */
-#include "Array.h"
-
-class AuthConfig;
-typedef Vector authConfig;
-
struct http_port_list;
struct https_port_list;
diff -u -r -N squid-3.2.0.6/src/url.cc squid-3.2.0.7/src/url.cc
--- squid-3.2.0.6/src/url.cc 2011-04-04 14:42:49.000000000 +1200
+++ squid-3.2.0.7/src/url.cc 2011-04-19 12:47:07.000000000 +1200
@@ -326,6 +326,12 @@
}
}
+ // Bug 3183 sanity check: If scheme is present, host must be too.
+ if (protocol != AnyP::PROTO_NONE && (host == NULL || *host == '\0')) {
+ debugs(23, DBG_IMPORTANT, "SECURITY WARNING: Missing hostname in URL '" << url << "'. see access.log for details.");
+ return NULL;
+ }
+
if (t && *t == ':') {
*t = '\0';
t++;
diff -u -r -N squid-3.2.0.6/tools/cachemgr.cc squid-3.2.0.7/tools/cachemgr.cc
--- squid-3.2.0.6/tools/cachemgr.cc 2011-04-04 14:42:49.000000000 +1200
+++ squid-3.2.0.7/tools/cachemgr.cc 2011-04-19 12:47:07.000000000 +1200
@@ -842,6 +842,7 @@
l = snprintf(buf, sizeof(buf),
"GET cache_object://%s/%s%s%s HTTP/1.0\r\n"
+ "User-Agent: cachemgr.cgi/%s\r\n"
"Accept: */*\r\n"
"%s" /* Authentication info or nothing */
"\r\n",
@@ -849,6 +850,7 @@
req->action,
req->workers? "?workers=" : (req->processes ? "?processes=" : ""),
req->workers? req->workers : (req->processes ? req->processes: ""),
+ VERSION,
make_auth_header(req));
if (write(s, buf, l) < 0) {
fprintf(stderr,"ERROR: (%d) writing request: '%s'\n", errno, buf);
diff -u -r -N squid-3.2.0.6/tools/purge/purge.cc squid-3.2.0.7/tools/purge/purge.cc
--- squid-3.2.0.6/tools/purge/purge.cc 2011-04-04 14:42:49.000000000 +1200
+++ squid-3.2.0.7/tools/purge/purge.cc 2011-04-19 12:47:07.000000000 +1200
@@ -480,7 +480,7 @@
// list (IN): list of rexps to match URLs against
// returns: true, if every subdir && action was successful.
{
- struct dirent* entry;
+ dirent_t * entry;
if ( debugFlag & 0x01 )
fprintf( stderr, "# [2] %s\n", directory );
@@ -522,7 +522,7 @@
// returns: true, if every subdir && action was successful.
// warning: this function is once-recursive, no deeper.
{
- struct dirent* entry;
+ dirent_t* entry;
if ( debugFlag & 0x01 )
fprintf( stderr, "# [%d] %s\n", (level ? 1 : 0), dirname );