diff -r -u ./squid-3.0.STABLE1/ChangeLog ./squid-3.0.STABLE2/ChangeLog --- ./squid-3.0.STABLE1/ChangeLog 2007-12-14 13:15:58.000000000 +1300 +++ ./squid-3.0.STABLE2/ChangeLog 2008-02-28 13:49:19.000000000 +1300 @@ -1,3 +1,18 @@ +Changes to squid-3.0.STABLE1 (1 Mar 2008): + + - Add myportname ACL for matching the accepting port name (see release notes) + - Add include directive for squid.conf (see release notes) + - Add ability to strip kerberos realm from usernames during Auth + - License cleanup to comply with GPLv2 or later + - Updated Error Pages and Translations + - Updated configuration examples + - Updated valgrind support for valgrind-3.3.0 + - Improved support for Windows and MacOS X Leopard + - Improved support for files larger than 2GB + - Improved support for CARP arrays and WCCPv2 + - Improved cachmgr, SNMP, and log reporting + - ... and as usual Many bug fixes since STABLE 1 + Changes to squid-3.0.STABLE1 (13 Dec 2007): - Major rewrite translating the code to C++, originally based on diff -r -u ./squid-3.0.STABLE1/configure ./squid-3.0.STABLE2/configure --- ./squid-3.0.STABLE1/configure 2007-12-14 13:25:27.000000000 +1300 +++ ./squid-3.0.STABLE2/configure 2008-03-05 01:35:36.000000000 +1300 @@ -1,7 +1,7 @@ #! /bin/sh -# From configure.in Revision. +# From configure.in Revision: 1.488.2.3 . # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.61 for Squid Web Proxy 3.0.STABLE1. +# Generated by GNU Autoconf 2.61 for Squid Web Proxy 3.0.STABLE2. # # Report bugs to . # @@ -729,8 +729,8 @@ # Identity of this package. PACKAGE_NAME='Squid Web Proxy' PACKAGE_TARNAME='squid' -PACKAGE_VERSION='3.0.STABLE1' -PACKAGE_STRING='Squid Web Proxy 3.0.STABLE1' +PACKAGE_VERSION='3.0.STABLE2' +PACKAGE_STRING='Squid Web Proxy 3.0.STABLE2' PACKAGE_BUGREPORT='http://www.squid-cache.org/bugs/' ac_unique_file="src/main.cc" @@ -1507,7 +1507,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures Squid Web Proxy 3.0.STABLE1 to adapt to many kinds of systems. +\`configure' configures Squid Web Proxy 3.0.STABLE2 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1577,7 +1577,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of Squid Web Proxy 3.0.STABLE1:";; + short | recursive ) echo "Configuration of Squid Web Proxy 3.0.STABLE2:";; esac cat <<\_ACEOF @@ -1886,7 +1886,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -Squid Web Proxy configure 3.0.STABLE1 +Squid Web Proxy configure 3.0.STABLE2 generated by GNU Autoconf 2.61 Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, @@ -1900,7 +1900,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by Squid Web Proxy $as_me 3.0.STABLE1, which was +It was created by Squid Web Proxy $as_me 3.0.STABLE2, which was generated by GNU Autoconf 2.61. Invocation command line was $ $0 $@ @@ -2574,7 +2574,7 @@ # Define the identity of the package. PACKAGE='squid' - VERSION='3.0.STABLE1' + VERSION='3.0.STABLE2' cat >>confdefs.h <<_ACEOF @@ -24237,6 +24237,7 @@ + for ac_header in \ arpa/inet.h \ arpa/nameser.h \ @@ -24249,6 +24250,7 @@ fcntl.h \ fnmatch.h \ getopt.h \ + glob.h \ gnumalloc.h \ grp.h \ ip_compat.h \ @@ -42506,6 +42508,7 @@ + for ac_func in \ backtrace_symbols_fd \ bcopy \ @@ -42521,6 +42524,7 @@ getrusage \ getspnam \ gettimeofday \ + glob \ htobe16 \ htole16 \ kqueue\ @@ -45402,7 +45406,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by Squid Web Proxy $as_me 3.0.STABLE1, which was +This file was extended by Squid Web Proxy $as_me 3.0.STABLE2, which was generated by GNU Autoconf 2.61. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -45455,7 +45459,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF ac_cs_version="\\ -Squid Web Proxy config.status 3.0.STABLE1 +Squid Web Proxy config.status 3.0.STABLE2 configured by $0, generated by GNU Autoconf 2.61, with options \\"`echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`\\" diff -r -u ./squid-3.0.STABLE1/configure.in ./squid-3.0.STABLE2/configure.in --- ./squid-3.0.STABLE1/configure.in 2007-12-14 13:25:27.000000000 +1300 +++ ./squid-3.0.STABLE2/configure.in 2008-03-05 01:35:36.000000000 +1300 @@ -1,17 +1,17 @@ dnl Configuration input file for Squid dnl -dnl $Id: configure.in,v 1.488.2.1 2007/12/13 22:01:30 wessels Exp $ +dnl $Id: configure.in,v 1.488.2.3 2008/03/04 12:17:04 amosjeffries Exp $ dnl dnl dnl -AC_INIT(Squid Web Proxy, 3.0.STABLE1, http://www.squid-cache.org/bugs/, squid) +AC_INIT(Squid Web Proxy, 3.0.STABLE2, http://www.squid-cache.org/bugs/, squid) AC_PREREQ(2.52) AM_CONFIG_HEADER(include/autoconf.h) AC_CONFIG_AUX_DIR(cfgaux) AC_CONFIG_SRCDIR([src/main.cc]) AM_INIT_AUTOMAKE([tar-ustar]) -AC_REVISION($Revision: 1.488.2.1 $)dnl +AC_REVISION($Revision: 1.488.2.3 $)dnl AC_PREFIX_DEFAULT(/usr/local/squid) AM_MAINTAINER_MODE @@ -1848,6 +1848,7 @@ fcntl.h \ fnmatch.h \ getopt.h \ + glob.h \ gnumalloc.h \ grp.h \ ip_compat.h \ @@ -2493,6 +2494,7 @@ getrusage \ getspnam \ gettimeofday \ + glob \ htobe16 \ htole16 \ kqueue\ diff -r -u ./squid-3.0.STABLE1/doc/Makefile.in ./squid-3.0.STABLE2/doc/Makefile.in --- ./squid-3.0.STABLE1/doc/Makefile.in 2007-12-05 14:10:46.000000000 +1300 +++ ./squid-3.0.STABLE2/doc/Makefile.in 2008-03-05 01:31:18.000000000 +1300 @@ -17,7 +17,7 @@ # # Makefile for the Squid Object Cache server # -# $Id: Makefile.in,v 1.88 2007/12/05 01:10:46 hno Exp $ +# $Id: Makefile.in,v 1.88.2.1 2008/03/04 12:31:18 amosjeffries Exp $ # # Uncomment and customize the following to suit your needs: # diff -r -u ./squid-3.0.STABLE1/errors/Makefile.am ./squid-3.0.STABLE2/errors/Makefile.am --- ./squid-3.0.STABLE1/errors/Makefile.am 2007-08-22 12:20:10.000000000 +1200 +++ ./squid-3.0.STABLE2/errors/Makefile.am 2008-02-27 23:55:13.000000000 +1300 @@ -1,6 +1,6 @@ ## Process this file with automake to produce Makefile.in # -# $Id: Makefile.am,v 1.14 2007/08/22 00:20:10 hno Exp $ +# $Id: Makefile.am,v 1.14.2.1 2008/02/27 10:55:13 amosjeffries Exp $ # errordir = $(datadir)/errors @@ -42,7 +42,10 @@ Spanish \ Swedish \ Traditional_Chinese \ - Turkish + Turkish \ + Ukrainian-1251 \ + Ukrainian-koi8-u \ + Ukrainian-utf8 install-data-local: @for l in $(INSTALL_LANGUAGES); do \ diff -r -u ./squid-3.0.STABLE1/errors/Makefile.in ./squid-3.0.STABLE2/errors/Makefile.in --- ./squid-3.0.STABLE1/errors/Makefile.in 2007-12-05 14:10:48.000000000 +1300 +++ ./squid-3.0.STABLE2/errors/Makefile.in 2008-03-05 01:31:19.000000000 +1300 @@ -15,7 +15,7 @@ @SET_MAKE@ # -# $Id: Makefile.in,v 1.105 2007/12/05 01:10:48 hno Exp $ +# $Id: Makefile.in,v 1.105.2.2 2008/03/04 12:31:19 amosjeffries Exp $ # srcdir = @srcdir@ top_srcdir = @top_srcdir@ @@ -303,7 +303,10 @@ Spanish \ Swedish \ Traditional_Chinese \ - Turkish + Turkish \ + Ukrainian-1251 \ + Ukrainian-koi8-u \ + Ukrainian-utf8 all: all-am diff -r -u ./squid-3.0.STABLE1/errors/Swedish/ERR_ESI ./squid-3.0.STABLE2/errors/Swedish/ERR_ESI --- ./squid-3.0.STABLE1/errors/Swedish/ERR_ESI 2003-03-10 17:56:13.000000000 +1300 +++ ./squid-3.0.STABLE2/errors/Swedish/ERR_ESI 2008-02-25 16:40:24.000000000 +1300 @@ -1,29 +1,33 @@ - -ERROR: The requested URL could not be retrieved - + +FEL: Begärd URL kunde inte hämtas + -

The requested URL could not be retrieved

+

Begärd URL kunde inte hämtas

-While trying to retrieve the URL: +Vid försöket att hämta URL: %U

-The following error was encountered: +Mottogs följande fel:

-ESI Processing failed. +ESI bearbetning misslyckades. +%H
+

-The ESI processor returned: +ESI motorn returnerade:

-%Z +%z

-This means that: +Detta betyder att: 

- The surrogate was not able to process the ESI template. Please report this error to the webmaster. 
+ Surrogat servern kunde inte bearbeta ESI mallen. 
+ Vänligen kontakta den ansvariga för webbservern ifråga.
-

Your webmaster is %w.

-

This page is in english because a translation has not been made. If you are able to, please create a translation and contact the squid project to get it included.

+

+Addressen till ansvarig administratör är %w. +

Only in ./squid-3.0.STABLE2/errors: Ukrainian-1251 Only in ./squid-3.0.STABLE2/errors: Ukrainian-koi8-u Only in ./squid-3.0.STABLE2/errors: Ukrainian-utf8 diff -r -u ./squid-3.0.STABLE1/helpers/basic_auth/DB/Makefile.in ./squid-3.0.STABLE2/helpers/basic_auth/DB/Makefile.in --- ./squid-3.0.STABLE1/helpers/basic_auth/DB/Makefile.in 2007-12-05 14:10:52.000000000 +1300 +++ ./squid-3.0.STABLE2/helpers/basic_auth/DB/Makefile.in 2008-03-05 01:31:19.000000000 +1300 @@ -17,7 +17,7 @@ # # Makefile for the Squid Object Cache server # -# $Id: Makefile.in,v 1.22 2007/12/05 01:10:52 hno Exp $ +# $Id: Makefile.in,v 1.22.2.1 2008/03/04 12:31:19 amosjeffries Exp $ # # Uncomment and customize the following to suit your needs: # diff -r -u ./squid-3.0.STABLE1/helpers/basic_auth/getpwnam/Makefile.in ./squid-3.0.STABLE2/helpers/basic_auth/getpwnam/Makefile.in --- ./squid-3.0.STABLE1/helpers/basic_auth/getpwnam/Makefile.in 2007-12-05 14:10:58.000000000 +1300 +++ ./squid-3.0.STABLE2/helpers/basic_auth/getpwnam/Makefile.in 2008-03-05 01:31:22.000000000 +1300 @@ -17,7 +17,7 @@ # # Makefile for the Squid Object Cache server # -# $Id: Makefile.in,v 1.92 2007/12/05 01:10:58 hno Exp $ +# $Id: Makefile.in,v 1.92.2.1 2008/03/04 12:31:22 amosjeffries Exp $ # # Uncomment and customize the following to suit your needs: # diff -r -u ./squid-3.0.STABLE1/helpers/basic_auth/LDAP/Makefile.in ./squid-3.0.STABLE2/helpers/basic_auth/LDAP/Makefile.in --- ./squid-3.0.STABLE1/helpers/basic_auth/LDAP/Makefile.in 2007-12-05 14:10:53.000000000 +1300 +++ ./squid-3.0.STABLE2/helpers/basic_auth/LDAP/Makefile.in 2008-03-05 01:31:20.000000000 +1300 @@ -17,7 +17,7 @@ # # Makefile for the Squid LDAP authentication helper # -# $Id: Makefile.in,v 1.94 2007/12/05 01:10:53 hno Exp $ +# $Id: Makefile.in,v 1.94.2.1 2008/03/04 12:31:20 amosjeffries Exp $ # # Uncomment and customize the following to suit your needs: # diff -r -u ./squid-3.0.STABLE1/helpers/basic_auth/Makefile.in ./squid-3.0.STABLE2/helpers/basic_auth/Makefile.in --- ./squid-3.0.STABLE1/helpers/basic_auth/Makefile.in 2007-12-05 14:10:51.000000000 +1300 +++ ./squid-3.0.STABLE2/helpers/basic_auth/Makefile.in 2008-03-05 01:31:19.000000000 +1300 @@ -16,7 +16,7 @@ # Makefile for storage modules in the Squid Object Cache server # -# $Id: Makefile.in,v 1.95 2007/12/05 01:10:51 hno Exp $ +# $Id: Makefile.in,v 1.95.2.1 2008/03/04 12:31:19 amosjeffries Exp $ # srcdir = @srcdir@ top_srcdir = @top_srcdir@ diff -r -u ./squid-3.0.STABLE1/helpers/basic_auth/MSNT/Makefile.in ./squid-3.0.STABLE2/helpers/basic_auth/MSNT/Makefile.in --- ./squid-3.0.STABLE1/helpers/basic_auth/MSNT/Makefile.in 2007-12-05 14:10:53.000000000 +1300 +++ ./squid-3.0.STABLE2/helpers/basic_auth/MSNT/Makefile.in 2008-03-05 01:31:20.000000000 +1300 @@ -17,7 +17,7 @@ # # Makefile for the Squid Object Cache server # -# $Id: Makefile.in,v 1.97 2007/12/05 01:10:53 hno Exp $ +# $Id: Makefile.in,v 1.97.2.1 2008/03/04 12:31:20 amosjeffries Exp $ # # Uncomment and customize the following to suit your needs: # diff -r -u ./squid-3.0.STABLE1/helpers/basic_auth/mswin_sspi/Makefile.in ./squid-3.0.STABLE2/helpers/basic_auth/mswin_sspi/Makefile.in --- ./squid-3.0.STABLE1/helpers/basic_auth/mswin_sspi/Makefile.in 2007-12-05 14:10:58.000000000 +1300 +++ ./squid-3.0.STABLE2/helpers/basic_auth/mswin_sspi/Makefile.in 2008-03-05 01:31:23.000000000 +1300 @@ -17,7 +17,7 @@ # # Makefile for the Squid Object Cache server # -# $Id: Makefile.in,v 1.36 2007/12/05 01:10:58 hno Exp $ +# $Id: Makefile.in,v 1.36.2.1 2008/03/04 12:31:23 amosjeffries Exp $ # # Uncomment and customize the following to suit your needs: # diff -r -u ./squid-3.0.STABLE1/helpers/basic_auth/multi-domain-NTLM/Makefile.in ./squid-3.0.STABLE2/helpers/basic_auth/multi-domain-NTLM/Makefile.in --- ./squid-3.0.STABLE1/helpers/basic_auth/multi-domain-NTLM/Makefile.in 2007-12-05 14:10:58.000000000 +1300 +++ ./squid-3.0.STABLE2/helpers/basic_auth/multi-domain-NTLM/Makefile.in 2008-03-05 01:31:23.000000000 +1300 @@ -17,7 +17,7 @@ # # Makefile for the Squid Object Cache server # -# $Id: Makefile.in,v 1.90 2007/12/05 01:10:58 hno Exp $ +# $Id: Makefile.in,v 1.90.2.1 2008/03/04 12:31:23 amosjeffries Exp $ # # Uncomment and customize the following to suit your needs: # diff -r -u ./squid-3.0.STABLE1/helpers/basic_auth/NCSA/Makefile.in ./squid-3.0.STABLE2/helpers/basic_auth/NCSA/Makefile.in --- ./squid-3.0.STABLE1/helpers/basic_auth/NCSA/Makefile.in 2007-12-05 14:10:55.000000000 +1300 +++ ./squid-3.0.STABLE2/helpers/basic_auth/NCSA/Makefile.in 2008-03-05 01:31:20.000000000 +1300 @@ -17,7 +17,7 @@ # # Makefile for the Squid Object Cache server # -# $Id: Makefile.in,v 1.95 2007/12/05 01:10:55 hno Exp $ +# $Id: Makefile.in,v 1.95.2.1 2008/03/04 12:31:20 amosjeffries Exp $ # # Uncomment and customize the following to suit your needs: # diff -r -u ./squid-3.0.STABLE1/helpers/basic_auth/PAM/Makefile.in ./squid-3.0.STABLE2/helpers/basic_auth/PAM/Makefile.in --- ./squid-3.0.STABLE1/helpers/basic_auth/PAM/Makefile.in 2007-12-05 14:10:55.000000000 +1300 +++ ./squid-3.0.STABLE2/helpers/basic_auth/PAM/Makefile.in 2008-03-05 01:31:21.000000000 +1300 @@ -17,7 +17,7 @@ # # Makefile for the Squid PAM authentication helper # -# $Id: Makefile.in,v 1.95 2007/12/05 01:10:55 hno Exp $ +# $Id: Makefile.in,v 1.95.2.1 2008/03/04 12:31:21 amosjeffries Exp $ # # Uncomment and customize the following to suit your needs: # diff -r -u ./squid-3.0.STABLE1/helpers/basic_auth/POP3/Makefile.in ./squid-3.0.STABLE2/helpers/basic_auth/POP3/Makefile.in --- ./squid-3.0.STABLE1/helpers/basic_auth/POP3/Makefile.in 2007-12-05 14:10:55.000000000 +1300 +++ ./squid-3.0.STABLE2/helpers/basic_auth/POP3/Makefile.in 2008-03-05 01:31:21.000000000 +1300 @@ -17,7 +17,7 @@ # # Makefile for the Squid Object Cache server # -# $Id: Makefile.in,v 1.22 2007/12/05 01:10:55 hno Exp $ +# $Id: Makefile.in,v 1.22.2.1 2008/03/04 12:31:21 amosjeffries Exp $ # # Uncomment and customize the following to suit your needs: # diff -r -u ./squid-3.0.STABLE1/helpers/basic_auth/SASL/Makefile.in ./squid-3.0.STABLE2/helpers/basic_auth/SASL/Makefile.in --- ./squid-3.0.STABLE1/helpers/basic_auth/SASL/Makefile.in 2007-12-05 14:10:55.000000000 +1300 +++ ./squid-3.0.STABLE2/helpers/basic_auth/SASL/Makefile.in 2008-03-05 01:31:21.000000000 +1300 @@ -17,7 +17,7 @@ # # Makefile for the Squid SASL authentication helper # -# $Id: Makefile.in,v 1.91 2007/12/05 01:10:55 hno Exp $ +# $Id: Makefile.in,v 1.91.2.1 2008/03/04 12:31:21 amosjeffries Exp $ # # Uncomment and customize the following to suit your needs: # diff -r -u ./squid-3.0.STABLE1/helpers/basic_auth/SMB/Makefile.in ./squid-3.0.STABLE2/helpers/basic_auth/SMB/Makefile.in --- ./squid-3.0.STABLE1/helpers/basic_auth/SMB/Makefile.in 2007-12-05 14:10:56.000000000 +1300 +++ ./squid-3.0.STABLE2/helpers/basic_auth/SMB/Makefile.in 2008-03-05 01:31:22.000000000 +1300 @@ -17,7 +17,7 @@ # # Makefile for the Squid Object Cache server # -# $Id: Makefile.in,v 1.93 2007/12/05 01:10:56 hno Exp $ +# $Id: Makefile.in,v 1.93.2.1 2008/03/04 12:31:22 amosjeffries Exp $ # # Uncomment and customize the following to suit your needs: # diff -r -u ./squid-3.0.STABLE1/helpers/basic_auth/squid_radius_auth/Makefile.in ./squid-3.0.STABLE2/helpers/basic_auth/squid_radius_auth/Makefile.in --- ./squid-3.0.STABLE1/helpers/basic_auth/squid_radius_auth/Makefile.in 2007-12-05 14:10:59.000000000 +1300 +++ ./squid-3.0.STABLE2/helpers/basic_auth/squid_radius_auth/Makefile.in 2008-03-05 01:31:23.000000000 +1300 @@ -17,7 +17,7 @@ # # Makefile for the Squid LDAP authentication helper # -# $Id: Makefile.in,v 1.20 2007/12/05 01:10:59 hno Exp $ +# $Id: Makefile.in,v 1.20.2.1 2008/03/04 12:31:23 amosjeffries Exp $ # # Uncomment and customize the following to suit your needs: # diff -r -u ./squid-3.0.STABLE1/helpers/basic_auth/YP/Makefile.in ./squid-3.0.STABLE2/helpers/basic_auth/YP/Makefile.in --- ./squid-3.0.STABLE1/helpers/basic_auth/YP/Makefile.in 2007-12-05 14:10:57.000000000 +1300 +++ ./squid-3.0.STABLE2/helpers/basic_auth/YP/Makefile.in 2008-03-05 01:31:22.000000000 +1300 @@ -17,7 +17,7 @@ # # Makefile for the Squid Object Cache server # -# $Id: Makefile.in,v 1.94 2007/12/05 01:10:57 hno Exp $ +# $Id: Makefile.in,v 1.94.2.1 2008/03/04 12:31:22 amosjeffries Exp $ # # diff -r -u ./squid-3.0.STABLE1/helpers/digest_auth/eDirectory/edir_ldapext.c ./squid-3.0.STABLE2/helpers/digest_auth/eDirectory/edir_ldapext.c --- ./squid-3.0.STABLE1/helpers/digest_auth/eDirectory/edir_ldapext.c 2007-08-13 20:56:36.000000000 +1200 +++ ./squid-3.0.STABLE2/helpers/digest_auth/eDirectory/edir_ldapext.c 2008-02-25 00:33:27.000000000 +1300 @@ -1,27 +1,31 @@ /* - * Copyright (C) 2002-2004 Novell, Inc. + * NDS LDAP helper functions + * Copied From Samba-3.0.24 pdb_nds.c and trimmed down to the + * limited functionality needed to access the plain text password only * - * edir_ldapext.c LDAP extension for reading eDirectory universal password - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of version 2 of the GNU General Public License as published - * by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for - * more details. - * - * You should have received a copy of the GNU General Public License along with - * this program; if not, contact Novell, Inc. + * Original copyright & license follows: * - * To contact Novell about this file by physical or electronic mail, you may - * find current contact information at www.novell.com. - */ + * Copyright (C) Vince Brimhall 2004-2005 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + * +*/ #include "digest_common.h" -#ifdef _SQUID_MSWIN_ /* Native Windows port and MinGW */ +#ifdef _SQUID_MSWIN_ /* Native Windows port and MinGW */ #define snprintf _snprintf #include @@ -43,282 +47,591 @@ #include #endif +#include #include "edir_ldapext.h" -/* NMAS error codes */ -#define NMAS_E_BASE (-1600) +#define NMASLDAP_GET_LOGIN_CONFIG_REQUEST "2.16.840.1.113719.1.39.42.100.3" +#define NMASLDAP_GET_LOGIN_CONFIG_RESPONSE "2.16.840.1.113719.1.39.42.100.4" +#define NMASLDAP_SET_PASSWORD_REQUEST "2.16.840.1.113719.1.39.42.100.11" +#define NMASLDAP_SET_PASSWORD_RESPONSE "2.16.840.1.113719.1.39.42.100.12" +#define NMASLDAP_GET_PASSWORD_REQUEST "2.16.840.1.113719.1.39.42.100.13" +#define NMASLDAP_GET_PASSWORD_RESPONSE "2.16.840.1.113719.1.39.42.100.14" + +#define NMAS_LDAP_EXT_VERSION 1 + +#define SMB_MALLOC_ARRAY(type, nelem) calloc(sizeof(type), nelem) +#define DEBUG(level, args) + +/********************************************************************** + Take the request BER value and input data items and BER encodes the + data into the BER value +**********************************************************************/ + +static int berEncodePasswordData( + struct berval **requestBV, + const char *objectDN, + const char *password, + const char *password2) +{ + int err = 0, rc=0; + BerElement *requestBer = NULL; -#define NMAS_SUCCESS 0 -#define NMAS_E_SUCCESS NMAS_SUCCESS /* Alias */ -#define NMAS_OK NMAS_SUCCESS /* Alias */ - -#define NMAS_E_FRAG_FAILURE (NMAS_E_BASE-31) /* -1631 0xFFFFF9A1 */ -#define NMAS_E_BUFFER_OVERFLOW (NMAS_E_BASE-33) /* -1633 0xFFFFF99F */ -#define NMAS_E_SYSTEM_RESOURCES (NMAS_E_BASE-34) /* -1634 0xFFFFF99E */ -#define NMAS_E_INSUFFICIENT_MEMORY (NMAS_E_BASE-35) /* -1635 0xFFFFF99D */ -#define NMAS_E_NOT_SUPPORTED (NMAS_E_BASE-36) /* -1636 0xFFFFF99C */ -#define NMAS_E_INVALID_PARAMETER (NMAS_E_BASE-43) /* -1643 0xFFFFF995 */ -#define NMAS_E_INVALID_VERSION (NMAS_E_BASE-52) /* -1652 0xFFFFF98C */ - -/* OID of LDAP extenstion calls to read Universal Password */ -#define NMASLDAP_GET_PASSWORD_REQUEST "2.16.840.1.113719.1.39.42.100.13" -#define NMASLDAP_GET_PASSWORD_RESPONSE "2.16.840.1.113719.1.39.42.100.14" - -#define NMAS_LDAP_EXT_VERSION 1 + const char * utf8ObjPtr = NULL; + int utf8ObjSize = 0; + const char * utf8PwdPtr = NULL; + int utf8PwdSize = 0; + const char * utf8Pwd2Ptr = NULL; + int utf8Pwd2Size = 0; + + + /* Convert objectDN and tag strings from Unicode to UTF-8 */ + utf8ObjSize = strlen(objectDN)+1; + utf8ObjPtr = objectDN; + + if (password != NULL) + { + utf8PwdSize = strlen(password)+1; + utf8PwdPtr = password; + } + if (password2 != NULL) + { + utf8Pwd2Size = strlen(password2)+1; + utf8Pwd2Ptr = password2; + } + /* Allocate a BerElement for the request parameters. */ + if((requestBer = ber_alloc()) == NULL) + { + err = LDAP_ENCODING_ERROR; + goto Cleanup; + } -/* ------------------------------------------------------------------------ - * berEncodePasswordData - * ============================== - * RequestBer contents: - * clientVersion INTEGER - * targetObjectDN OCTET STRING - * password1 OCTET STRING - * password2 OCTET STRING - * - * Description: - * This function takes the request BER value and input data items - * and BER encodes the data into the BER value - * - * ------------------------------------------------------------------------ */ -int -berEncodePasswordData( - struct berval **requestBV, - char *objectDN, - char *password, - char *password2) + if (password != NULL && password2 != NULL) + { + /* BER encode the NMAS Version, the objectDN, and the password */ + rc = ber_printf(requestBer, "{iooo}", NMAS_LDAP_EXT_VERSION, utf8ObjPtr, utf8ObjSize, utf8PwdPtr, utf8PwdSize, utf8Pwd2Ptr, utf8Pwd2Size); + } + else if (password != NULL) + { + /* BER encode the NMAS Version, the objectDN, and the password */ + rc = ber_printf(requestBer, "{ioo}", NMAS_LDAP_EXT_VERSION, utf8ObjPtr, utf8ObjSize, utf8PwdPtr, utf8PwdSize); + } + else + { + /* BER encode the NMAS Version and the objectDN */ + rc = ber_printf(requestBer, "{io}", NMAS_LDAP_EXT_VERSION, utf8ObjPtr, utf8ObjSize); + } + + if (rc < 0) + { + err = LDAP_ENCODING_ERROR; + goto Cleanup; + } + else + { + err = 0; + } + + /* Convert the BER we just built to a berval that we'll send with the extended request. */ + if(ber_flatten(requestBer, requestBV) == LBER_ERROR) + { + err = LDAP_ENCODING_ERROR; + goto Cleanup; + } + +Cleanup: + + if(requestBer) + { + ber_free(requestBer, 1); + } + + return err; +} + +/********************************************************************** + Take the request BER value and input data items and BER encodes the + data into the BER value +**********************************************************************/ + +static int berEncodeLoginData( + struct berval **requestBV, + char *objectDN, + unsigned int methodIDLen, + unsigned int *methodID, + char *tag, + size_t putDataLen, + void *putData) { - int err = 0, rc = 0; - BerElement *requestBer = NULL; + int err = 0; + BerElement *requestBer = NULL; + + unsigned int i; + unsigned int elemCnt = methodIDLen / sizeof(unsigned int); + + char *utf8ObjPtr=NULL; + int utf8ObjSize = 0; + + char *utf8TagPtr = NULL; + int utf8TagSize = 0; + + utf8ObjPtr = objectDN; + utf8ObjSize = strlen(utf8ObjPtr)+1; + + utf8TagPtr = tag; + utf8TagSize = strlen(utf8TagPtr)+1; + + /* Allocate a BerElement for the request parameters. */ + if((requestBer = ber_alloc()) == NULL) + { + err = LDAP_ENCODING_ERROR; + goto Cleanup; + } - char *utf8ObjPtr = NULL; - int utf8ObjSize = 0; - char *utf8PwdPtr = NULL; - int utf8PwdSize = 0; - char *utf8Pwd2Ptr = NULL; - int utf8Pwd2Size = 0; - - - utf8ObjSize = strlen(objectDN) + 1; - utf8ObjPtr = objectDN; - - if (password != NULL) { - utf8PwdSize = strlen(password) + 1; - utf8PwdPtr = password; - } - if (password2 != NULL) { - utf8Pwd2Size = strlen(password2) + 1; - utf8Pwd2Ptr = password2; - } - /* Allocate a BerElement for the request parameters. */ - if ((requestBer = ber_alloc()) == NULL) { - err = NMAS_E_FRAG_FAILURE; - goto Cleanup; - } - if (password != NULL && password2 != NULL) { - /* BER encode the NMAS Version, the objectDN, and the password */ - rc = ber_printf(requestBer, "{iooo}", NMAS_LDAP_EXT_VERSION, utf8ObjPtr, utf8ObjSize, utf8PwdPtr, utf8PwdSize, utf8Pwd2Ptr, utf8Pwd2Size); - } else if (password != NULL) { - /* BER encode the NMAS Version, the objectDN, and the password */ - rc = ber_printf(requestBer, "{ioo}", NMAS_LDAP_EXT_VERSION, utf8ObjPtr, utf8ObjSize, utf8PwdPtr, utf8PwdSize); - } else { /* BER encode the NMAS Version and the objectDN */ - rc = ber_printf(requestBer, "{io}", NMAS_LDAP_EXT_VERSION, utf8ObjPtr, utf8ObjSize); - } + err = (ber_printf(requestBer, "{io", NMAS_LDAP_EXT_VERSION, utf8ObjPtr, utf8ObjSize) < 0) ? LDAP_ENCODING_ERROR : 0; - if (rc < 0) { - err = NMAS_E_FRAG_FAILURE; - goto Cleanup; - } else { - err = 0; - } - - /* - * Convert the BER we just built to a berval that we'll send with the extended request. - */ - if (ber_flatten(requestBer, requestBV) == LBER_ERROR) { - err = NMAS_E_FRAG_FAILURE; - goto Cleanup; - } - Cleanup: - - if (requestBer) { - ber_free(requestBer, 1); - } - return err; -} /* End of berEncodePasswordData */ - -/* ------------------------------------------------------------------------ - * berDecodeLoginData() - * ============================== - * ResponseBer contents: - * serverVersion INTEGER - * error INTEGER - * data OCTET STRING - * - * Description: - * This function takes the reply BER Value and decodes the - * NMAS server version and return code and if a non null retData - * buffer was supplied, tries to decode the the return data and length - * - * ------------------------------------------------------------------------ */ -int -berDecodeLoginData( - struct berval *replyBV, - int *serverVersion, - size_t * retDataLen, - void *retData) + /* BER encode the MethodID Length and value */ + if (!err) + { + err = (ber_printf(requestBer, "{i{", methodIDLen) < 0) ? LDAP_ENCODING_ERROR : 0; + } + + for (i = 0; !err && i < elemCnt; i++) + { + err = (ber_printf(requestBer, "i", methodID[i]) < 0) ? LDAP_ENCODING_ERROR : 0; + } + + if (!err) + { + err = (ber_printf(requestBer, "}}", 0) < 0) ? LDAP_ENCODING_ERROR : 0; + } + + if(putData) + { + /* BER Encode the the tag and data */ + err = (ber_printf(requestBer, "oio}", utf8TagPtr, utf8TagSize, putDataLen, putData, putDataLen) < 0) ? LDAP_ENCODING_ERROR : 0; + } + else + { + /* BER Encode the the tag */ + err = (ber_printf(requestBer, "o}", utf8TagPtr, utf8TagSize) < 0) ? LDAP_ENCODING_ERROR : 0; + } + + if (err) + { + goto Cleanup; + } + + /* Convert the BER we just built to a berval that we'll send with the extended request. */ + if(ber_flatten(requestBer, requestBV) == LBER_ERROR) + { + err = LDAP_ENCODING_ERROR; + goto Cleanup; + } + +Cleanup: + + if(requestBer) + { + ber_free(requestBer, 1); + } + + return err; +} + +/********************************************************************** + Takes the reply BER Value and decodes the NMAS server version and + return code and if a non null retData buffer was supplied, tries to + decode the the return data and length +**********************************************************************/ + +static int berDecodeLoginData( + struct berval *replyBV, + int *serverVersion, + size_t *retDataLen, + void *retData ) { - int rc = 0, err = 0; - BerElement *replyBer = NULL; - char *retOctStr = NULL; - size_t retOctStrLen = 0; - - if ((replyBer = ber_init(replyBV)) == NULL) { - err = NMAS_E_SYSTEM_RESOURCES; - goto Cleanup; - } - if (retData) { - retOctStrLen = *retDataLen + 1; - retOctStr = (char *) malloc(retOctStrLen); - if (!retOctStr) { - err = NMAS_E_SYSTEM_RESOURCES; - goto Cleanup; - } - if ((rc = ber_scanf(replyBer, "{iis}", serverVersion, &err, retOctStr, &retOctStrLen)) != -1) { - if (*retDataLen >= retOctStrLen) { - memcpy(retData, retOctStr, retOctStrLen); - } else if (!err) { - err = NMAS_E_BUFFER_OVERFLOW; - } - *retDataLen = retOctStrLen; - } else if (!err) { - err = NMAS_E_FRAG_FAILURE; - } - } else { - if ((rc = ber_scanf(replyBer, "{ii}", serverVersion, &err)) == -1) { - if (!err) { - err = NMAS_E_FRAG_FAILURE; - } - } - } - - Cleanup: - - if (replyBer) { - ber_free(replyBer, 1); - } - if (retOctStr != NULL) { - memset(retOctStr, 0, retOctStrLen); - free(retOctStr); - } - return err; -} /* End of berDecodeLoginData */ - -/* ----------------------------------------------------------------------- - * nmasldap_get_password() - * ============================== - * - * Description: - * This API attempts to get the universal password - * - * ------------------------------------------------------------------------ */ -int -nmasldap_get_password( - LDAP * ld, - char *objectDN, - size_t * pwdSize, // in bytes - char *pwd) + int err = 0; + BerElement *replyBer = NULL; + char *retOctStr = NULL; + size_t retOctStrLen = 0; + + if((replyBer = ber_init(replyBV)) == NULL) + { + err = LDAP_OPERATIONS_ERROR; + goto Cleanup; + } + + if(retData) + { + retOctStrLen = *retDataLen + 1; + retOctStr = SMB_MALLOC_ARRAY(char, retOctStrLen); + if(!retOctStr) + { + err = LDAP_OPERATIONS_ERROR; + goto Cleanup; + } + + if(ber_scanf(replyBer, "{iis}", serverVersion, &err, retOctStr, &retOctStrLen) != -1) + { + if (*retDataLen >= retOctStrLen) + { + memcpy(retData, retOctStr, retOctStrLen); + } + else if (!err) + { + err = LDAP_NO_MEMORY; + } + + *retDataLen = retOctStrLen; + } + else if (!err) + { + err = LDAP_DECODING_ERROR; + } + } + else + { + if(ber_scanf(replyBer, "{ii}", serverVersion, &err) == -1) + { + if (!err) + { + err = LDAP_DECODING_ERROR; + } + } + } + +Cleanup: + + if(replyBer) + { + ber_free(replyBer, 1); + } + + if (retOctStr != NULL) + { + memset(retOctStr, 0, retOctStrLen); + free(retOctStr); + } + + return err; +} + +/********************************************************************** + Retrieves data in the login configuration of the specified object + that is tagged with the specified methodID and tag. +**********************************************************************/ + +static int getLoginConfig( + LDAP *ld, + char *objectDN, + unsigned int methodIDLen, + unsigned int *methodID, + char *tag, + size_t *dataLen, + void *data ) +{ + int err = 0; + struct berval *requestBV = NULL; + char *replyOID = NULL; + struct berval *replyBV = NULL; + int serverVersion = 0; + + /* Validate unicode parameters. */ + if((strlen(objectDN) == 0) || ld == NULL) + { + return LDAP_NO_SUCH_ATTRIBUTE; + } + + err = berEncodeLoginData(&requestBV, objectDN, methodIDLen, methodID, tag, 0, NULL); + if(err) + { + goto Cleanup; + } + + /* Call the ldap_extended_operation (synchronously) */ + if((err = ldap_extended_operation_s(ld, NMASLDAP_GET_LOGIN_CONFIG_REQUEST, + requestBV, NULL, NULL, &replyOID, &replyBV))) + { + goto Cleanup; + } + + /* Make sure there is a return OID */ + if(!replyOID) + { + err = LDAP_NOT_SUPPORTED; + goto Cleanup; + } + + /* Is this what we were expecting to get back. */ + if(strcmp(replyOID, NMASLDAP_GET_LOGIN_CONFIG_RESPONSE)) + { + err = LDAP_NOT_SUPPORTED; + goto Cleanup; + } + + /* Do we have a good returned berval? */ + if(!replyBV) + { + /* No; returned berval means we experienced a rather drastic error. */ + /* Return operations error. */ + err = LDAP_OPERATIONS_ERROR; + goto Cleanup; + } + + err = berDecodeLoginData(replyBV, &serverVersion, dataLen, data); + + if(serverVersion != NMAS_LDAP_EXT_VERSION) + { + err = LDAP_OPERATIONS_ERROR; + goto Cleanup; + } + +Cleanup: + + if(replyBV) + { + ber_bvfree(replyBV); + } + + /* Free the return OID string if one was returned. */ + if(replyOID) + { + ldap_memfree(replyOID); + } + + /* Free memory allocated while building the request ber and berval. */ + if(requestBV) + { + ber_bvfree(requestBV); + } + + /* Return the appropriate error/success code. */ + return err; +} + +/********************************************************************** + Attempts to get the Simple Password +**********************************************************************/ + +static int nmasldap_get_simple_pwd( + LDAP *ld, + char *objectDN, + size_t pwdLen, + char *pwd ) { - int err = 0; + int err = 0; + unsigned int methodID = 0; + unsigned int methodIDLen = sizeof(methodID); + char tag[] = {'P','A','S','S','W','O','R','D',' ','H','A','S','H',0}; + char *pwdBuf=NULL; + size_t pwdBufLen, bufferLen; + + bufferLen = pwdBufLen = pwdLen+2; + pwdBuf = SMB_MALLOC_ARRAY(char, pwdBufLen); /* digest and null */ + if(pwdBuf == NULL) + { + return LDAP_NO_MEMORY; + } - struct berval *requestBV = NULL; - char *replyOID = NULL; - struct berval *replyBV = NULL; - int serverVersion; - char *pwdBuf; - size_t pwdBufLen, bufferLen; + err = getLoginConfig(ld, objectDN, methodIDLen, &methodID, tag, &pwdBufLen, pwdBuf); + if (err == 0) + { + if (pwdBufLen !=0) + { + pwdBuf[pwdBufLen] = 0; /* null terminate */ + + switch (pwdBuf[0]) + { + case 1: /* cleartext password */ + break; + case 2: /* SHA1 HASH */ + case 3: /* MD5_ID */ + case 4: /* UNIXCrypt_ID */ + case 8: /* SSHA_ID */ + default: /* Unknown digest */ + err = LDAP_INAPPROPRIATE_AUTH; /* only return clear text */ + break; + } + + if (!err) + { + if (pwdLen >= pwdBufLen-1) + { + memcpy(pwd, &pwdBuf[1], pwdBufLen-1); /* skip digest tag and include null */ + } + else + { + err = LDAP_NO_MEMORY; + } + } + } + } -#ifdef NOT_N_PLAT_NLM - int currentThreadGroupID; -#endif + if (pwdBuf != NULL) + { + memset(pwdBuf, 0, bufferLen); + free(pwdBuf); + } - /* Validate char parameters. */ - if (objectDN == NULL || (strlen(objectDN) == 0) || pwdSize == NULL || ld == NULL) { - return NMAS_E_INVALID_PARAMETER; - } - bufferLen = pwdBufLen = *pwdSize; - pwdBuf = (char *) malloc(pwdBufLen + 2); - if (pwdBuf == NULL) { - return NMAS_E_INSUFFICIENT_MEMORY; - } -#ifdef NOT_N_PLAT_NLM - currentThreadGroupID = SetThreadGroupID(nmasLDAPThreadGroupID); -#endif + return err; +} - err = berEncodePasswordData(&requestBV, objectDN, NULL, NULL); - if (err) { - goto Cleanup; - } - /* Call the ldap_extended_operation (synchronously) */ - if ((err = ldap_extended_operation_s(ld, NMASLDAP_GET_PASSWORD_REQUEST, requestBV, NULL, NULL, &replyOID, &replyBV))) { - goto Cleanup; - } - /* Make sure there is a return OID */ - if (!replyOID) { - err = NMAS_E_NOT_SUPPORTED; - goto Cleanup; - } - /* Is this what we were expecting to get back. */ - if (strcmp(replyOID, NMASLDAP_GET_PASSWORD_RESPONSE)) { - err = NMAS_E_NOT_SUPPORTED; - goto Cleanup; - } - /* Do we have a good returned berval? */ - if (!replyBV) { - /* - * No; returned berval means we experienced a rather drastic error. - * Return operations error. - */ - err = NMAS_E_SYSTEM_RESOURCES; - goto Cleanup; - } - err = berDecodeLoginData(replyBV, &serverVersion, &pwdBufLen, pwdBuf); - - if (serverVersion != NMAS_LDAP_EXT_VERSION) { - err = NMAS_E_INVALID_VERSION; - goto Cleanup; - } - if (!err && pwdBufLen != 0) { - if (*pwdSize >= pwdBufLen + 1 && pwd != NULL) { - memcpy(pwd, pwdBuf, pwdBufLen); - pwd[pwdBufLen] = 0; /* add null termination */ - } - *pwdSize = pwdBufLen; /* does not include null termination */ - } - Cleanup: - - if (replyBV) { - ber_bvfree(replyBV); - } - /* Free the return OID string if one was returned. */ - if (replyOID) { - ldap_memfree(replyOID); - } - /* Free memory allocated while building the request ber and berval. */ - if (requestBV) { - ber_bvfree(requestBV); - } - if (pwdBuf != NULL) { - memset(pwdBuf, 0, bufferLen); - free(pwdBuf); - } -#ifdef NOT_N_PLAT_NLM - SetThreadGroupID(currentThreadGroupID); -#endif - /* Return the appropriate error/success code. */ - return err; -} /* end of nmasldap_get_password */ +/********************************************************************** + Attempts to get the Universal Password +**********************************************************************/ + +static int nmasldap_get_password( + LDAP *ld, + char *objectDN, + size_t *pwdSize, /* in bytes */ + unsigned char *pwd ) +{ + int err = 0; + + struct berval *requestBV = NULL; + char *replyOID = NULL; + struct berval *replyBV = NULL; + int serverVersion; + char *pwdBuf; + size_t pwdBufLen, bufferLen; + + /* Validate char parameters. */ + if(objectDN == NULL || (strlen(objectDN) == 0) || pwdSize == NULL || ld == NULL) + { + return LDAP_NO_SUCH_ATTRIBUTE; + } + + bufferLen = pwdBufLen = *pwdSize; + pwdBuf = SMB_MALLOC_ARRAY(char, pwdBufLen+2); + if(pwdBuf == NULL) + { + return LDAP_NO_MEMORY; + } + + err = berEncodePasswordData(&requestBV, objectDN, NULL, NULL); + if(err) + { + goto Cleanup; + } + + /* Call the ldap_extended_operation (synchronously) */ + if((err = ldap_extended_operation_s(ld, NMASLDAP_GET_PASSWORD_REQUEST, requestBV, NULL, NULL, &replyOID, &replyBV))) + { + goto Cleanup; + } + + /* Make sure there is a return OID */ + if(!replyOID) + { + err = LDAP_NOT_SUPPORTED; + goto Cleanup; + } + + /* Is this what we were expecting to get back. */ + if(strcmp(replyOID, NMASLDAP_GET_PASSWORD_RESPONSE)) + { + err = LDAP_NOT_SUPPORTED; + goto Cleanup; + } + + /* Do we have a good returned berval? */ + if(!replyBV) + { + /* No; returned berval means we experienced a rather drastic error. */ + /* Return operations error. */ + err = LDAP_OPERATIONS_ERROR; + goto Cleanup; + } + + err = berDecodeLoginData(replyBV, &serverVersion, &pwdBufLen, pwdBuf); + + if(serverVersion != NMAS_LDAP_EXT_VERSION) + { + err = LDAP_OPERATIONS_ERROR; + goto Cleanup; + } + + if (!err && pwdBufLen != 0) + { + if (*pwdSize >= pwdBufLen+1 && pwd != NULL) + { + memcpy(pwd, pwdBuf, pwdBufLen); + pwd[pwdBufLen] = 0; /* add null termination */ + } + *pwdSize = pwdBufLen; /* does not include null termination */ + } + +Cleanup: + + if(replyBV) + { + ber_bvfree(replyBV); + } + + /* Free the return OID string if one was returned. */ + if(replyOID) + { + ldap_memfree(replyOID); + } + + /* Free memory allocated while building the request ber and berval. */ + if(requestBV) + { + ber_bvfree(requestBV); + } + + if (pwdBuf != NULL) + { + memset(pwdBuf, 0, bufferLen); + free(pwdBuf); + } + + /* Return the appropriate error/success code. */ + return err; +} + +/********************************************************************** + Get the user's password from NDS. + *********************************************************************/ + +int nds_get_password( + LDAP *ld, + char *object_dn, + size_t *pwd_len, + char *pwd ) +{ + int rc = -1; + + rc = nmasldap_get_password(ld, object_dn, pwd_len, (unsigned char *)pwd); + if (rc == LDAP_SUCCESS) { +#ifdef DEBUG_PASSWORD + DEBUG(100,("nmasldap_get_password returned %s for %s\n", pwd, object_dn)); +#endif + DEBUG(5, ("NDS Universal Password retrieved for %s\n", object_dn)); + } else { + DEBUG(3, ("NDS Universal Password NOT retrieved for %s\n", object_dn)); + } + + if (rc != LDAP_SUCCESS) { + rc = nmasldap_get_simple_pwd(ld, object_dn, *pwd_len, pwd); + if (rc == LDAP_SUCCESS) { +#ifdef DEBUG_PASSWORD + DEBUG(100,("nmasldap_get_simple_pwd returned %s for %s\n", pwd, object_dn)); +#endif + DEBUG(5, ("NDS Simple Password retrieved for %s\n", object_dn)); + } else { + /* We couldn't get the password */ + DEBUG(3, ("NDS Simple Password NOT retrieved for %s\n", object_dn)); + return LDAP_INVALID_CREDENTIALS; + } + } + + /* We got the password */ + return LDAP_SUCCESS; +} + diff -r -u ./squid-3.0.STABLE1/helpers/digest_auth/eDirectory/edir_ldapext.h ./squid-3.0.STABLE2/helpers/digest_auth/eDirectory/edir_ldapext.h --- ./squid-3.0.STABLE1/helpers/digest_auth/eDirectory/edir_ldapext.h 2007-08-13 20:56:36.000000000 +1200 +++ ./squid-3.0.STABLE2/helpers/digest_auth/eDirectory/edir_ldapext.h 2008-02-25 00:32:43.000000000 +1300 @@ -1,14 +1 @@ -/* - * edir_ldapext.h - * - * AUTHOR: Guy Antony Halse - * - * stubs for FreeRadius's edir_ldapext.h - * - */ -#define UNIVERSAL_PASS_LEN 256 -#define NMAS_SUCCESS 0 - -extern int berEncodePasswordData(struct berval **requestBV, char *objectDN, char *password, char *password2); -extern int berDecodeLoginData(struct berval *replyBV, int *serverVersion, size_t * retDataLen, void *retData); -extern int nmasldap_get_password(LDAP * ld, char *objectDN, size_t * pwdSize, char *pwd); +int nds_get_password(LDAP *ld, char *object_dn, size_t * pwd_len, char *pwd); diff -r -u ./squid-3.0.STABLE1/helpers/digest_auth/eDirectory/ldap_backend.c ./squid-3.0.STABLE2/helpers/digest_auth/eDirectory/ldap_backend.c --- ./squid-3.0.STABLE1/helpers/digest_auth/eDirectory/ldap_backend.c 2007-08-13 20:56:36.000000000 +1200 +++ ./squid-3.0.STABLE2/helpers/digest_auth/eDirectory/ldap_backend.c 2008-02-25 00:32:43.000000000 +1300 @@ -198,7 +198,7 @@ char filter[8192]; char searchbase[8192]; char *universal_password = NULL; - size_t universal_password_len = UNIVERSAL_PASS_LEN; + size_t universal_password_len = 256; int nmas_res = 0; int rc = -1; if (ld) { @@ -262,8 +262,8 @@ values = malloc(sizeof(char *)); /* actually talk to NMAS to get a password */ - nmas_res = nmasldap_get_password(ld, ldap_get_dn(ld, entry), &universal_password_len, universal_password); - if (nmas_res == NMAS_SUCCESS && universal_password) { + nmas_res = nds_get_password(ld, ldap_get_dn(ld, entry), &universal_password_len, universal_password); + if (nmas_res == LDAP_SUCCESS && universal_password) { if (debug) printf("NMAS returned value %s\n", universal_password); values[0] = universal_password; diff -r -u ./squid-3.0.STABLE1/helpers/digest_auth/eDirectory/Makefile.in ./squid-3.0.STABLE2/helpers/digest_auth/eDirectory/Makefile.in --- ./squid-3.0.STABLE1/helpers/digest_auth/eDirectory/Makefile.in 2007-12-05 14:11:01.000000000 +1300 +++ ./squid-3.0.STABLE2/helpers/digest_auth/eDirectory/Makefile.in 2008-03-05 01:31:24.000000000 +1300 @@ -17,7 +17,7 @@ # # Makefile for the Squid Object Cache server # -# $Id: Makefile.in,v 1.17 2007/12/05 01:11:01 hno Exp $ +# $Id: Makefile.in,v 1.17.2.1 2008/03/04 12:31:24 amosjeffries Exp $ # # Uncomment and customize the following to suit your needs: # diff -r -u ./squid-3.0.STABLE1/helpers/digest_auth/ldap/Makefile.in ./squid-3.0.STABLE2/helpers/digest_auth/ldap/Makefile.in --- ./squid-3.0.STABLE1/helpers/digest_auth/ldap/Makefile.in 2007-12-05 14:11:04.000000000 +1300 +++ ./squid-3.0.STABLE2/helpers/digest_auth/ldap/Makefile.in 2008-03-05 01:31:25.000000000 +1300 @@ -17,7 +17,7 @@ # # Makefile for the Squid Object Cache server # -# $Id: Makefile.in,v 1.36 2007/12/05 01:11:04 hno Exp $ +# $Id: Makefile.in,v 1.36.2.1 2008/03/04 12:31:25 amosjeffries Exp $ # # Uncomment and customize the following to suit your needs: # diff -r -u ./squid-3.0.STABLE1/helpers/digest_auth/Makefile.in ./squid-3.0.STABLE2/helpers/digest_auth/Makefile.in --- ./squid-3.0.STABLE1/helpers/digest_auth/Makefile.in 2007-12-05 14:11:00.000000000 +1300 +++ ./squid-3.0.STABLE2/helpers/digest_auth/Makefile.in 2008-03-05 01:31:24.000000000 +1300 @@ -16,7 +16,7 @@ # Makefile for digest auth helpers in the Squid Object Cache server # -# $Id: Makefile.in,v 1.91 2007/12/05 01:11:00 hno Exp $ +# $Id: Makefile.in,v 1.91.2.1 2008/03/04 12:31:24 amosjeffries Exp $ # srcdir = @srcdir@ top_srcdir = @top_srcdir@ diff -r -u ./squid-3.0.STABLE1/helpers/digest_auth/password/Makefile.in ./squid-3.0.STABLE2/helpers/digest_auth/password/Makefile.in --- ./squid-3.0.STABLE1/helpers/digest_auth/password/Makefile.in 2007-12-05 14:11:04.000000000 +1300 +++ ./squid-3.0.STABLE2/helpers/digest_auth/password/Makefile.in 2008-03-05 01:31:25.000000000 +1300 @@ -17,7 +17,7 @@ # # Makefile for the Squid Object Cache server # -# $Id: Makefile.in,v 1.95 2007/12/05 01:11:04 hno Exp $ +# $Id: Makefile.in,v 1.95.2.1 2008/03/04 12:31:25 amosjeffries Exp $ # # Uncomment and customize the following to suit your needs: # diff -r -u ./squid-3.0.STABLE1/helpers/external_acl/ip_user/Makefile.in ./squid-3.0.STABLE2/helpers/external_acl/ip_user/Makefile.in --- ./squid-3.0.STABLE1/helpers/external_acl/ip_user/Makefile.in 2007-12-05 14:11:06.000000000 +1300 +++ ./squid-3.0.STABLE2/helpers/external_acl/ip_user/Makefile.in 2008-03-05 01:31:26.000000000 +1300 @@ -17,7 +17,7 @@ # # Makefile for the ip_user external_acl helper by Rodrigo Campos # -# $Id: Makefile.in,v 1.80 2007/12/05 01:11:06 hno Exp $ +# $Id: Makefile.in,v 1.80.2.1 2008/03/04 12:31:26 amosjeffries Exp $ # # Uncomment and customize the following to suit your needs: # diff -r -u ./squid-3.0.STABLE1/helpers/external_acl/ldap_group/Makefile.in ./squid-3.0.STABLE2/helpers/external_acl/ldap_group/Makefile.in --- ./squid-3.0.STABLE1/helpers/external_acl/ldap_group/Makefile.in 2007-12-05 14:11:08.000000000 +1300 +++ ./squid-3.0.STABLE2/helpers/external_acl/ldap_group/Makefile.in 2008-03-05 01:31:27.000000000 +1300 @@ -17,7 +17,7 @@ # # Makefile for the Squid LDAP authentication helper # -# $Id: Makefile.in,v 1.82 2007/12/05 01:11:08 hno Exp $ +# $Id: Makefile.in,v 1.82.2.1 2008/03/04 12:31:27 amosjeffries Exp $ # # Uncomment and customize the following to suit your needs: # diff -r -u ./squid-3.0.STABLE1/helpers/external_acl/ldap_group/squid_ldap_group.8 ./squid-3.0.STABLE2/helpers/external_acl/ldap_group/squid_ldap_group.8 --- ./squid-3.0.STABLE1/helpers/external_acl/ldap_group/squid_ldap_group.8 2005-03-23 11:12:30.000000000 +1200 +++ ./squid-3.0.STABLE2/helpers/external_acl/ldap_group/squid_ldap_group.8 2008-02-20 09:14:49.000000000 +1300 @@ -152,6 +152,10 @@ Strip NT domain name component from user names (/ or \\ separated) . .TP +.BI -K +Strip Kerberos Realm component from user names (@ separated) +. +.TP .BI -d Debug mode where each step taken will get reported in detail. Useful for understanding what goes wrong if the results is diff -r -u ./squid-3.0.STABLE1/helpers/external_acl/ldap_group/squid_ldap_group.c ./squid-3.0.STABLE2/helpers/external_acl/ldap_group/squid_ldap_group.c --- ./squid-3.0.STABLE1/helpers/external_acl/ldap_group/squid_ldap_group.c 2007-07-19 15:36:12.000000000 +1200 +++ ./squid-3.0.STABLE2/helpers/external_acl/ldap_group/squid_ldap_group.c 2008-02-20 09:14:49.000000000 +1300 @@ -42,7 +42,7 @@ #include #include -#ifdef _SQUID_MSWIN_ /* Native Windows port and MinGW */ +#ifdef _SQUID_MSWIN_ /* Native Windows port and MinGW */ #define snprintf _snprintf #include @@ -55,15 +55,15 @@ #define LDAP_OPT_X_TLS 0x6000 #endif /* Some tricks to allow dynamic bind with ldap_start_tls_s entry point at - run time. + * run time. */ #undef ldap_start_tls_s #if LDAP_UNICODE #define LDAP_START_TLS_S "ldap_start_tls_sW" -typedef WINLDAPAPI ULONG (LDAPAPI * PFldap_start_tls_s) (IN PLDAP, OUT PULONG, OUT LDAPMessage **, IN PLDAPControlW *, IN PLDAPControlW *); +typedef WINLDAPAPI ULONG(LDAPAPI * PFldap_start_tls_s) (IN PLDAP, OUT PULONG, OUT LDAPMessage **, IN PLDAPControlW *, IN PLDAPControlW *); #else #define LDAP_START_TLS_S "ldap_start_tls_sA" -typedef WINLDAPAPI ULONG (LDAPAPI * PFldap_start_tls_s) (IN PLDAP, OUT PULONG, OUT LDAPMessage **, IN PLDAPControlA *, IN PLDAPControlA *); +typedef WINLDAPAPI ULONG(LDAPAPI * PFldap_start_tls_s) (IN PLDAP, OUT PULONG, OUT LDAPMessage **, IN PLDAPControlA *, IN PLDAPControlA *); #endif /* LDAP_UNICODE */ PFldap_start_tls_s Win32_ldap_start_tls_s; #define ldap_start_tls_s(l,s,c) Win32_ldap_start_tls_s(l,NULL,NULL,s,c) @@ -121,31 +121,31 @@ #endif #if defined(LDAP_API_VERSION) && LDAP_API_VERSION > 1823 -static int +static int squid_ldap_errno(LDAP * ld) { int err = 0; ldap_get_option(ld, LDAP_OPT_ERROR_NUMBER, &err); return err; } -static void +static void squid_ldap_set_aliasderef(LDAP * ld, int deref) { ldap_set_option(ld, LDAP_OPT_DEREF, &deref); } -static void +static void squid_ldap_set_referrals(LDAP * ld, int referrals) { int *value = referrals ? LDAP_OPT_ON : LDAP_OPT_OFF; ldap_set_option(ld, LDAP_OPT_REFERRALS, value); } static void -squid_ldap_set_timelimit(LDAP *ld, int timelimit) +squid_ldap_set_timelimit(LDAP * ld, int timelimit) { ldap_set_option(ld, LDAP_OPT_TIMELIMIT, &timelimit); } static void -squid_ldap_set_connect_timeout(LDAP *ld, int timelimit) +squid_ldap_set_connect_timeout(LDAP * ld, int timelimit) { #if defined(LDAP_OPT_NETWORK_TIMEOUT) struct timeval tv; @@ -157,23 +157,24 @@ ldap_set_option(ld, LDAP_X_OPT_CONNECT_TIMEOUT, &timelimit); #endif } -static void +static void squid_ldap_memfree(char *p) { ldap_memfree(p); } + #else -static int +static int squid_ldap_errno(LDAP * ld) { return ld->ld_errno; } -static void +static void squid_ldap_set_aliasderef(LDAP * ld, int deref) { ld->ld_deref = deref; } -static void +static void squid_ldap_set_referrals(LDAP * ld, int referrals) { if (referrals) @@ -182,26 +183,27 @@ ld->ld_options &= ~LDAP_OPT_REFERRALS; } static void -squid_ldap_set_timelimit(LDAP *ld, int timelimit) +squid_ldap_set_timelimit(LDAP * ld, int timelimit) { ld->ld_timelimit = timelimit; } static void -squid_ldap_set_connect_timeout(LDAP *ld, int timelimit) +squid_ldap_set_connect_timeout(LDAP * ld, int timelimit) { fprintf(stderr, "Connect timeouts not supported in your LDAP library\n"); } -static void +static void squid_ldap_memfree(char *p) { free(p); } + #endif #ifdef LDAP_API_FEATURE_X_OPENLDAP - #if LDAP_VENDOR_VERSION > 194 - #define HAS_URI_SUPPORT 1 - #endif +#if LDAP_VENDOR_VERSION > 194 +#define HAS_URI_SUPPORT 1 +#endif #endif int @@ -215,6 +217,7 @@ int port = LDAP_PORT; int use_extension_dn = 0; int strip_nt_domain = 0; + int strip_kerberos_realm = 0; int err = 0; setbuf(stdout, NULL); @@ -326,7 +329,7 @@ bindpasswd = value; break; case 'W': - readSecret (value); + readSecret(value); break; case 'P': persistent = !persistent; @@ -370,6 +373,9 @@ case 'S': strip_nt_domain = 1; break; + case 'K': + strip_kerberos_realm = 1; + break; default: fprintf(stderr, PROGRAM_NAME " ERROR: Unknown command line option '%c'\n", option); exit(1); @@ -392,7 +398,7 @@ } if (!ldapServer) - ldapServer = (char *)"localhost"; + ldapServer = (char *) "localhost"; if (!basedn || !searchfilter) { fprintf(stderr, "\n" PROGRAM_NAME " version " PROGRAM_VERSION "\n\n"); @@ -424,24 +430,24 @@ #endif fprintf(stderr, "\t-g\t\t\tfirst query parameter is base DN extension\n\t\t\t\tfor this query\n"); fprintf(stderr, "\t-S\t\t\tStrip NT domain from usernames\n"); + fprintf(stderr, "\t-K\t\t\tStrip Kerberos realm from usernames\n"); fprintf(stderr, "\n"); fprintf(stderr, "\tIf you need to bind as a user to perform searches then use the\n\t-D binddn -w bindpasswd or -D binddn -W secretfile options\n\n"); exit(1); } - /* On Windows ldap_start_tls_s is available starting from Windows XP, - so we need to bind at run-time with the function entry point + * so we need to bind at run-time with the function entry point */ #ifdef _SQUID_MSWIN_ if (use_tls) { - HMODULE WLDAP32Handle; + HMODULE WLDAP32Handle; WLDAP32Handle = GetModuleHandle("wldap32"); - if ((Win32_ldap_start_tls_s = (PFldap_start_tls_s) GetProcAddress(WLDAP32Handle, LDAP_START_TLS_S)) == NULL) { - fprintf( stderr, PROGRAM_NAME ": ERROR: TLS (-Z) not supported on this platform.\n"); + if ((Win32_ldap_start_tls_s = (PFldap_start_tls_s) GetProcAddress(WLDAP32Handle, LDAP_START_TLS_S)) == NULL) { + fprintf(stderr, PROGRAM_NAME ": ERROR: TLS (-Z) not supported on this platform.\n"); exit(1); - } + } } #endif @@ -470,6 +476,12 @@ if (u && u[1]) user = u + 1; } + if (strip_kerberos_realm) { + char *u = strchr(user, '@'); + if (u != NULL) { + *u = '\0'; + } + } if (use_extension_dn) { extension_dn = strtok(NULL, " \n"); if (!extension_dn) { @@ -478,42 +490,40 @@ } rfc1738_unescape(extension_dn); } - while (!found && user && (group = strtok(NULL, " \n")) != NULL) { rfc1738_unescape(group); recover: if (ld == NULL) { #if HAS_URI_SUPPORT - if (strstr(ldapServer, "://") != NULL) { - rc = ldap_initialize( &ld, ldapServer ); - if( rc != LDAP_SUCCESS ) { + if (strstr(ldapServer, "://") != NULL) { + rc = ldap_initialize(&ld, ldapServer); + if (rc != LDAP_SUCCESS) { fprintf(stderr, "\nUnable to connect to LDAPURI:%s\n", ldapServer); break; } - } else + } else #endif #if NETSCAPE_SSL if (sslpath) { - if ( !sslinit && (ldapssl_client_init(sslpath, NULL) != LDAP_SUCCESS)) { + if (!sslinit && (ldapssl_client_init(sslpath, NULL) != LDAP_SUCCESS)) { fprintf(stderr, "\nUnable to initialise SSL with cert path %s\n", - sslpath); + sslpath); exit(1); } else { sslinit++; } if ((ld = ldapssl_init(ldapServer, port, 1)) == NULL) { fprintf(stderr, "\nUnable to connect to SSL LDAP server: %s port:%d\n", - ldapServer, port); + ldapServer, port); exit(1); } } else #endif if ((ld = ldap_init(ldapServer, port)) == NULL) { - fprintf(stderr, "\nUnable to connect to LDAP server:%s port:%d\n",ldapServer, port); + fprintf(stderr, "\nUnable to connect to LDAP server:%s port:%d\n", ldapServer, port); break; } - if (connect_timeout) squid_ldap_set_connect_timeout(ld, connect_timeout); @@ -575,9 +585,9 @@ if (found) printf("OK\n"); else { -error: + error: printf("ERR\n"); -} + } if (ld != NULL) { if (!persistent || (squid_ldap_errno(ld) != LDAP_SUCCESS && squid_ldap_errno(ld) != LDAP_INVALID_CREDENTIALS)) { @@ -599,7 +609,7 @@ { int n = 0; while (size > 4 && *src) { - switch(*src) { + switch (*src) { case '*': case '(': case ')': @@ -608,8 +618,8 @@ size -= 3; if (size > 0) { *escaped++ = '\\'; - snprintf(escaped, 3, "%02x", (unsigned char)*src++); - escaped+=2; + snprintf(escaped, 3, "%02x", (unsigned char) *src++); + escaped += 2; } break; default: @@ -626,8 +636,8 @@ build_filter(char *filter, int size, const char *template, const char *user, const char *group) { int n; - while(*template && size > 0) { - switch(*template) { + while (*template && size > 0) { + switch (*template) { case '%': template++; switch (*template) { @@ -680,7 +690,8 @@ LDAPMessage *res = NULL; LDAPMessage *entry; int rc; - char *searchattr[] = {(char *)LDAP_NO_ATTRS, NULL}; + char *searchattr[] = + {(char *) LDAP_NO_ATTRS, NULL}; if (extension_dn && *extension_dn) snprintf(searchbase, sizeof(searchbase), "%s,%s", extension_dn, basedn); @@ -691,7 +702,6 @@ fprintf(stderr, PROGRAM_NAME " ERROR, Failed to construct LDAP search filter. filter=\"%s\", user=\"%s\", group=\"%s\"\n", filter, member, group); return 1; } - if (debug) fprintf(stderr, "group filter '%s', searchbase '%s'\n", filter, searchbase); @@ -723,7 +733,7 @@ } static int -searchLDAP(LDAP *ld, char *group, char *login, char *extension_dn) +searchLDAP(LDAP * ld, char *group, char *login, char *extension_dn) { if (usersearchfilter) { @@ -734,7 +744,8 @@ LDAPMessage *entry; int rc; char *userdn; - char *searchattr[] = {(char *)LDAP_NO_ATTRS, NULL}; + char *searchattr[] = + {(char *) LDAP_NO_ATTRS, NULL}; if (extension_dn && *extension_dn) snprintf(searchbase, sizeof(searchbase), "%s,%s", extension_dn, userbasedn ? userbasedn : basedn); else @@ -785,33 +796,33 @@ } -int readSecret(const char *filename) +int +readSecret(const char *filename) { - char buf[BUFSIZ]; - char *e=0; - FILE *f; - - if(!(f=fopen(filename, "r"))) { - fprintf(stderr, PROGRAM_NAME " ERROR: Can not read secret file %s\n", filename); - return 1; - } + char buf[BUFSIZ]; + char *e = 0; + FILE *f; - if( !fgets(buf, sizeof(buf)-1, f)) { - fprintf(stderr, PROGRAM_NAME " ERROR: Secret file %s is empty\n", filename); + if (!(f = fopen(filename, "r"))) { + fprintf(stderr, PROGRAM_NAME " ERROR: Can not read secret file %s\n", filename); + return 1; + } + if (!fgets(buf, sizeof(buf) - 1, f)) { + fprintf(stderr, PROGRAM_NAME " ERROR: Secret file %s is empty\n", filename); + fclose(f); + return 1; + } + /* strip whitespaces on end */ + if ((e = strrchr(buf, '\n'))) + *e = 0; + if ((e = strrchr(buf, '\r'))) + *e = 0; + + bindpasswd = strdup(buf); + if (!bindpasswd) { + fprintf(stderr, PROGRAM_NAME " ERROR: can not allocate memory\n"); + } fclose(f); - return 1; - } - /* strip whitespaces on end */ - if((e = strrchr(buf, '\n'))) *e = 0; - if((e = strrchr(buf, '\r'))) *e = 0; - - bindpasswd = strdup(buf); - if (!bindpasswd) { - fprintf(stderr, PROGRAM_NAME " ERROR: can not allocate memory\n"); - } - - fclose(f); - - return 0; + return 0; } diff -r -u ./squid-3.0.STABLE1/helpers/external_acl/Makefile.in ./squid-3.0.STABLE2/helpers/external_acl/Makefile.in --- ./squid-3.0.STABLE1/helpers/external_acl/Makefile.in 2007-12-05 14:11:06.000000000 +1300 +++ ./squid-3.0.STABLE2/helpers/external_acl/Makefile.in 2008-03-05 01:31:25.000000000 +1300 @@ -16,7 +16,7 @@ # Makefile for storage modules in the Squid Object Cache server # -# $Id: Makefile.in,v 1.81 2007/12/05 01:11:06 hno Exp $ +# $Id: Makefile.in,v 1.81.2.1 2008/03/04 12:31:25 amosjeffries Exp $ # srcdir = @srcdir@ top_srcdir = @top_srcdir@ diff -r -u ./squid-3.0.STABLE1/helpers/external_acl/mswin_lm_group/Makefile.in ./squid-3.0.STABLE2/helpers/external_acl/mswin_lm_group/Makefile.in --- ./squid-3.0.STABLE1/helpers/external_acl/mswin_lm_group/Makefile.in 2007-12-05 14:11:08.000000000 +1300 +++ ./squid-3.0.STABLE2/helpers/external_acl/mswin_lm_group/Makefile.in 2008-03-05 01:31:27.000000000 +1300 @@ -17,7 +17,7 @@ # # Makefile for the Squid Object Cache server # -# $Id: Makefile.in,v 1.36 2007/12/05 01:11:08 hno Exp $ +# $Id: Makefile.in,v 1.36.2.1 2008/03/04 12:31:27 amosjeffries Exp $ # # Uncomment and customize the following to suit your needs: # diff -r -u ./squid-3.0.STABLE1/helpers/external_acl/session/Makefile.in ./squid-3.0.STABLE2/helpers/external_acl/session/Makefile.in --- ./squid-3.0.STABLE1/helpers/external_acl/session/Makefile.in 2007-12-05 14:11:09.000000000 +1300 +++ ./squid-3.0.STABLE2/helpers/external_acl/session/Makefile.in 2008-03-05 01:31:27.000000000 +1300 @@ -17,7 +17,7 @@ # # Makefile for the Squid LDAP authentication helper # -# $Id: Makefile.in,v 1.33 2007/12/05 01:11:09 hno Exp $ +# $Id: Makefile.in,v 1.33.2.1 2008/03/04 12:31:27 amosjeffries Exp $ # # Uncomment and customize the following to suit your needs: # diff -r -u ./squid-3.0.STABLE1/helpers/external_acl/unix_group/Makefile.in ./squid-3.0.STABLE2/helpers/external_acl/unix_group/Makefile.in --- ./squid-3.0.STABLE1/helpers/external_acl/unix_group/Makefile.in 2007-12-05 14:11:10.000000000 +1300 +++ ./squid-3.0.STABLE2/helpers/external_acl/unix_group/Makefile.in 2008-03-05 01:31:29.000000000 +1300 @@ -17,7 +17,7 @@ # # Makefile for the Squid LDAP authentication helper # -# $Id: Makefile.in,v 1.80 2007/12/05 01:11:10 hno Exp $ +# $Id: Makefile.in,v 1.80.2.1 2008/03/04 12:31:29 amosjeffries Exp $ # # Uncomment and customize the following to suit your needs: # diff -r -u ./squid-3.0.STABLE1/helpers/external_acl/wbinfo_group/Makefile.in ./squid-3.0.STABLE2/helpers/external_acl/wbinfo_group/Makefile.in --- ./squid-3.0.STABLE1/helpers/external_acl/wbinfo_group/Makefile.in 2007-12-05 14:11:11.000000000 +1300 +++ ./squid-3.0.STABLE2/helpers/external_acl/wbinfo_group/Makefile.in 2008-03-05 01:31:29.000000000 +1300 @@ -17,7 +17,7 @@ # # Makefile for the Squid LDAP authentication helper # -# $Id: Makefile.in,v 1.78 2007/12/05 01:11:11 hno Exp $ +# $Id: Makefile.in,v 1.78.2.1 2008/03/04 12:31:29 amosjeffries Exp $ # # Uncomment and customize the following to suit your needs: # diff -r -u ./squid-3.0.STABLE1/helpers/negotiate_auth/Makefile.in ./squid-3.0.STABLE2/helpers/negotiate_auth/Makefile.in --- ./squid-3.0.STABLE1/helpers/negotiate_auth/Makefile.in 2007-12-05 14:11:11.000000000 +1300 +++ ./squid-3.0.STABLE2/helpers/negotiate_auth/Makefile.in 2008-03-05 01:31:30.000000000 +1300 @@ -16,7 +16,7 @@ # Makefile for negotiate authentication helpers in the Squid Object Cache server # -# $Id: Makefile.in,v 1.36 2007/12/05 01:11:11 hno Exp $ +# $Id: Makefile.in,v 1.36.2.1 2008/03/04 12:31:30 amosjeffries Exp $ # srcdir = @srcdir@ top_srcdir = @top_srcdir@ diff -r -u ./squid-3.0.STABLE1/helpers/negotiate_auth/mswin_sspi/Makefile.in ./squid-3.0.STABLE2/helpers/negotiate_auth/mswin_sspi/Makefile.in --- ./squid-3.0.STABLE1/helpers/negotiate_auth/mswin_sspi/Makefile.in 2007-12-05 14:11:12.000000000 +1300 +++ ./squid-3.0.STABLE2/helpers/negotiate_auth/mswin_sspi/Makefile.in 2008-03-05 01:31:30.000000000 +1300 @@ -17,7 +17,7 @@ # # Makefile for the Squid Object Cache server # -# $Id: Makefile.in,v 1.35 2007/12/05 01:11:12 hno Exp $ +# $Id: Makefile.in,v 1.35.2.1 2008/03/04 12:31:30 amosjeffries Exp $ # srcdir = @srcdir@ diff -r -u ./squid-3.0.STABLE1/helpers/negotiate_auth/squid_kerb_auth/Makefile.in ./squid-3.0.STABLE2/helpers/negotiate_auth/squid_kerb_auth/Makefile.in --- ./squid-3.0.STABLE1/helpers/negotiate_auth/squid_kerb_auth/Makefile.in 2007-12-05 14:11:12.000000000 +1300 +++ ./squid-3.0.STABLE2/helpers/negotiate_auth/squid_kerb_auth/Makefile.in 2008-03-05 01:31:30.000000000 +1300 @@ -17,7 +17,7 @@ # # Makefile for the Squid Object Cache server # -# $Id: Makefile.in,v 1.18 2007/12/05 01:11:12 hno Exp $ +# $Id: Makefile.in,v 1.18.2.1 2008/03/04 12:31:30 amosjeffries Exp $ # srcdir = @srcdir@ diff -r -u ./squid-3.0.STABLE1/helpers/negotiate_auth/squid_kerb_auth/squid_kerb_auth.c ./squid-3.0.STABLE2/helpers/negotiate_auth/squid_kerb_auth/squid_kerb_auth.c --- ./squid-3.0.STABLE1/helpers/negotiate_auth/squid_kerb_auth/squid_kerb_auth.c 2007-06-25 10:34:15.000000000 +1200 +++ ./squid-3.0.STABLE2/helpers/negotiate_auth/squid_kerb_auth/squid_kerb_auth.c 2008-02-25 08:23:09.000000000 +1300 @@ -37,6 +37,9 @@ #include "spnegohelp.h" #endif +#ifndef HOST_NAME_MAX +#define HOST_NAME_MAX 256 +#endif #ifndef MAXHOSTNAMELEN #define MAXHOSTNAMELEN HOST_NAME_MAX #endif diff -r -u ./squid-3.0.STABLE1/helpers/ntlm_auth/fakeauth/fakeauth_auth.c ./squid-3.0.STABLE2/helpers/ntlm_auth/fakeauth/fakeauth_auth.c --- ./squid-3.0.STABLE1/helpers/ntlm_auth/fakeauth/fakeauth_auth.c 2007-07-19 15:36:12.000000000 +1200 +++ ./squid-3.0.STABLE2/helpers/ntlm_auth/fakeauth/fakeauth_auth.c 2008-03-05 01:08:20.000000000 +1300 @@ -369,6 +369,7 @@ main(int argc, char *argv[]) { char buf[BUFFER_SIZE]; + int buflen = 0; char user[256], *p, *decoded = NULL; struct ntlm_challenge chal; struct ntlm_negotiate *nego; @@ -390,9 +391,10 @@ if ((p = strchr(buf, '\n')) != NULL) *p = '\0'; /* strip \n */ - if (strlen(buf) > 3) + buflen = strlen(buf); /* keep this so we only scan the buffer for \0 once per loop */ + if (buflen > 3) decoded = base64_decode(buf + 3); - if ((strlen(buf) > 3) && NTLM_packet_debug_enabled) { + if (buflen > 3 && NTLM_packet_debug_enabled) { strncpy(helper_command, buf, 2); helper_command[2] = '\0'; debug("Got '%s' from Squid with data:\n", helper_command); @@ -401,7 +403,7 @@ debug("Got '%s' from Squid\n", buf); if (strncasecmp(buf, "YR", 2) == 0) { - if (strlen(buf) > 3) { + if(buflen > 3) { nego = (struct ntlm_negotiate *) decoded; ntlmMakeChallenge(&chal, nego->flags); } else diff -r -u ./squid-3.0.STABLE1/helpers/ntlm_auth/fakeauth/Makefile.in ./squid-3.0.STABLE2/helpers/ntlm_auth/fakeauth/Makefile.in --- ./squid-3.0.STABLE1/helpers/ntlm_auth/fakeauth/Makefile.in 2007-12-05 14:11:14.000000000 +1300 +++ ./squid-3.0.STABLE2/helpers/ntlm_auth/fakeauth/Makefile.in 2008-03-05 01:31:31.000000000 +1300 @@ -17,7 +17,7 @@ # # Makefile for the Squid Object Cache server # -# $Id: Makefile.in,v 1.89 2007/12/05 01:11:14 hno Exp $ +# $Id: Makefile.in,v 1.89.2.1 2008/03/04 12:31:31 amosjeffries Exp $ # # Uncomment and customize the following to suit your needs: # diff -r -u ./squid-3.0.STABLE1/helpers/ntlm_auth/Makefile.in ./squid-3.0.STABLE2/helpers/ntlm_auth/Makefile.in --- ./squid-3.0.STABLE1/helpers/ntlm_auth/Makefile.in 2007-12-05 14:11:12.000000000 +1300 +++ ./squid-3.0.STABLE2/helpers/ntlm_auth/Makefile.in 2008-03-05 01:31:31.000000000 +1300 @@ -16,7 +16,7 @@ # Makefile for storage modules in the Squid Object Cache server # -# $Id: Makefile.in,v 1.92 2007/12/05 01:11:12 hno Exp $ +# $Id: Makefile.in,v 1.92.2.1 2008/03/04 12:31:31 amosjeffries Exp $ # srcdir = @srcdir@ top_srcdir = @top_srcdir@ diff -r -u ./squid-3.0.STABLE1/helpers/ntlm_auth/mswin_sspi/Makefile.in ./squid-3.0.STABLE2/helpers/ntlm_auth/mswin_sspi/Makefile.in --- ./squid-3.0.STABLE1/helpers/ntlm_auth/mswin_sspi/Makefile.in 2007-12-05 14:11:14.000000000 +1300 +++ ./squid-3.0.STABLE2/helpers/ntlm_auth/mswin_sspi/Makefile.in 2008-03-05 01:31:31.000000000 +1300 @@ -17,7 +17,7 @@ # # Makefile for the Squid Object Cache server # -# $Id: Makefile.in,v 1.35 2007/12/05 01:11:14 hno Exp $ +# $Id: Makefile.in,v 1.35.2.1 2008/03/04 12:31:31 amosjeffries Exp $ # srcdir = @srcdir@ diff -r -u ./squid-3.0.STABLE1/helpers/ntlm_auth/no_check/Makefile.in ./squid-3.0.STABLE2/helpers/ntlm_auth/no_check/Makefile.in --- ./squid-3.0.STABLE1/helpers/ntlm_auth/no_check/Makefile.in 2007-12-05 14:11:15.000000000 +1300 +++ ./squid-3.0.STABLE2/helpers/ntlm_auth/no_check/Makefile.in 2008-03-05 01:31:32.000000000 +1300 @@ -17,7 +17,7 @@ # # Makefile for the Squid Object Cache server # -# $Id: Makefile.in,v 1.91 2007/12/05 01:11:15 hno Exp $ +# $Id: Makefile.in,v 1.91.2.1 2008/03/04 12:31:32 amosjeffries Exp $ # # Uncomment and customize the following to suit your needs: # diff -r -u ./squid-3.0.STABLE1/helpers/ntlm_auth/SMB/Makefile.in ./squid-3.0.STABLE2/helpers/ntlm_auth/SMB/Makefile.in --- ./squid-3.0.STABLE1/helpers/ntlm_auth/SMB/Makefile.in 2007-12-05 14:11:12.000000000 +1300 +++ ./squid-3.0.STABLE2/helpers/ntlm_auth/SMB/Makefile.in 2008-03-05 01:31:31.000000000 +1300 @@ -17,7 +17,7 @@ # # Makefile for the Squid Object Cache server # -# $Id: Makefile.in,v 1.92 2007/12/05 01:11:12 hno Exp $ +# $Id: Makefile.in,v 1.92.2.1 2008/03/04 12:31:31 amosjeffries Exp $ # srcdir = @srcdir@ diff -r -u ./squid-3.0.STABLE1/icons/Makefile.in ./squid-3.0.STABLE2/icons/Makefile.in --- ./squid-3.0.STABLE1/icons/Makefile.in 2007-12-05 14:11:15.000000000 +1300 +++ ./squid-3.0.STABLE2/icons/Makefile.in 2008-03-05 01:31:32.000000000 +1300 @@ -14,7 +14,7 @@ @SET_MAKE@ -# $Id: Makefile.in,v 1.105 2007/12/05 01:11:15 hno Exp $ +# $Id: Makefile.in,v 1.105.2.1 2008/03/04 12:31:32 amosjeffries Exp $ # srcdir = @srcdir@ diff -r -u ./squid-3.0.STABLE1/include/autoconf.h.in ./squid-3.0.STABLE2/include/autoconf.h.in --- ./squid-3.0.STABLE1/include/autoconf.h.in 2007-11-16 12:34:25.000000000 +1300 +++ ./squid-3.0.STABLE2/include/autoconf.h.in 2008-02-26 12:43:05.000000000 +1300 @@ -170,6 +170,12 @@ /* Define to 1 if you have the header file. */ #undef HAVE_GLIB_H +/* Define to 1 if you have the `glob' function. */ +#undef HAVE_GLOB + +/* Define to 1 if you have the header file. */ +#undef HAVE_GLOB_H + /* Define to 1 if you have the header file. */ #undef HAVE_GNUMALLOC_H diff -r -u ./squid-3.0.STABLE1/include/config.h ./squid-3.0.STABLE2/include/config.h --- ./squid-3.0.STABLE1/include/config.h 2007-09-20 23:07:53.000000000 +1200 +++ ./squid-3.0.STABLE2/include/config.h 2008-02-25 16:41:38.000000000 +1300 @@ -1,5 +1,5 @@ /* - * $Id: config.h,v 1.25 2007/09/20 11:07:53 amosjeffries Exp $ + * $Id: config.h,v 1.25.2.1 2008/02/25 03:41:38 amosjeffries Exp $ * * AUTHOR: Duane Wessels * @@ -440,12 +440,22 @@ */ #if WITH_VALGRIND #include -#else -#define VALGRIND_MAKE_NOACCESS(a,b) (0) -#define VALGRIND_MAKE_WRITABLE(a,b) (0) -#define VALGRIND_MAKE_READABLE(a,b) (0) -#define VALGRIND_CHECK_WRITABLE(a,b) (0) -#define VALGRIND_CHECK_READABLE(a,b) (0) +#undef VALGRIND_MAKE_NOACCESS +#undef VALGRIND_MAKE_WRITABLE +#undef VALGRIND_MAKE_READABLE +/* A little glue for older valgrind version prior to 3.2.0 */ +#ifndef VALGRIND_MAKE_MEM_NOACCESS +#define VALGRIND_MAKE_MEM_NOACCESS VALGRIND_MAKE_NOACCESS +#define VALGRIND_MAKE_MEM_UNDEFINED VALGRIND_MAKE_WRITABLE +#define VALGRIND_MAKE_MEM_DEFINED VALGRIND_MAKE_READABLE +#define VALGRIND_CHECK_MEM_IS_ADDRESSABLE VALGRIND_CHECK_WRITABLE +#endif +#else +#define VALGRIND_MAKE_MEM_NOACCESS(a,b) (0) +#define VALGRIND_MAKE_MEM_UNDEFINED(a,b) (0) +#define VALGRIND_MAKE_MEM_DEFINED(a,b) (0) +#define VALGRIND_CHECK_MEM_IS_ADDRESSABLE(a,b) (0) +#define VALGRIND_CHECK_MEM_IS_DEFINED(a,b) (0) #define VALGRIND_MALLOCLIKE_BLOCK(a,b,c,d) #define VALGRIND_FREELIKE_BLOCK(a,b) #define RUNNING_ON_VALGRIND 0 diff -r -u ./squid-3.0.STABLE1/include/version.h ./squid-3.0.STABLE2/include/version.h --- ./squid-3.0.STABLE1/include/version.h 2007-12-14 13:25:27.000000000 +1300 +++ ./squid-3.0.STABLE2/include/version.h 2008-03-05 01:35:36.000000000 +1300 @@ -9,5 +9,5 @@ */ #ifndef SQUID_RELEASE_TIME -#define SQUID_RELEASE_TIME 1197591924 +#define SQUID_RELEASE_TIME 1204634131 #endif diff -r -u ./squid-3.0.STABLE1/lib/libTrie/Makefile.in ./squid-3.0.STABLE2/lib/libTrie/Makefile.in --- ./squid-3.0.STABLE1/lib/libTrie/Makefile.in 2007-11-12 14:11:32.000000000 +1300 +++ ./squid-3.0.STABLE2/lib/libTrie/Makefile.in 2008-03-05 01:31:32.000000000 +1300 @@ -15,7 +15,7 @@ @SET_MAKE@ # -# $Id: Makefile.in,v 1.30 2007/11/12 01:11:32 hno Exp $ +# $Id: Makefile.in,v 1.30.2.1 2008/03/04 12:31:32 amosjeffries Exp $ # srcdir = @srcdir@ top_srcdir = @top_srcdir@ diff -r -u ./squid-3.0.STABLE1/lib/Makefile.in ./squid-3.0.STABLE2/lib/Makefile.in --- ./squid-3.0.STABLE1/lib/Makefile.in 2007-12-05 14:11:16.000000000 +1300 +++ ./squid-3.0.STABLE2/lib/Makefile.in 2008-03-05 01:31:32.000000000 +1300 @@ -15,7 +15,7 @@ @SET_MAKE@ # -# $Id: Makefile.in,v 1.150 2007/12/05 01:11:16 hno Exp $ +# $Id: Makefile.in,v 1.150.2.1 2008/03/04 12:31:32 amosjeffries Exp $ # srcdir = @srcdir@ diff -r -u ./squid-3.0.STABLE1/lib/MemPool.cc ./squid-3.0.STABLE2/lib/MemPool.cc --- ./squid-3.0.STABLE1/lib/MemPool.cc 2007-11-14 12:25:33.000000000 +1300 +++ ./squid-3.0.STABLE2/lib/MemPool.cc 2008-02-25 16:41:39.000000000 +1300 @@ -1,6 +1,6 @@ /* - * $Id: MemPool.cc,v 1.10 2007/11/13 23:25:33 rousskov Exp $ + * $Id: MemPool.cc,v 1.10.2.1 2008/02/25 03:41:39 amosjeffries Exp $ * * DEBUG: section 63 Low Level Memory Pool Management * AUTHOR: Alex Rousskov, Andres Kroonmaa, Robert Collins @@ -211,7 +211,7 @@ for (int i = 1; i < pool->chunk_capacity; i++) { *Free = (void *) ((char *) Free + pool->obj_size); void **nextFree = (void **)*Free; - (void) VALGRIND_MAKE_NOACCESS(Free, pool->obj_size); + (void) VALGRIND_MAKE_MEM_NOACCESS(Free, pool->obj_size); Free = nextFree; } nextFreeChunk = pool->nextFreeChunk; @@ -277,7 +277,7 @@ Free = (void **)obj; *Free = freeCache; freeCache = obj; - (void) VALGRIND_MAKE_NOACCESS(obj, obj_size); + (void) VALGRIND_MAKE_MEM_NOACCESS(obj, obj_size); } /* @@ -294,7 +294,7 @@ /* first, try cache */ if (freeCache) { Free = (void **)freeCache; - (void) VALGRIND_MAKE_READABLE(Free, obj_size); + (void) VALGRIND_MAKE_MEM_DEFINED(Free, obj_size); freeCache = *Free; *Free = NULL; return Free; @@ -317,7 +317,7 @@ /* last free in this chunk, so remove us from perchunk freelist chain */ nextFreeChunk = chunk->nextFreeChunk; } - (void) VALGRIND_MAKE_READABLE(Free, obj_size); + (void) VALGRIND_MAKE_MEM_DEFINED(Free, obj_size); return Free; } @@ -557,7 +557,7 @@ MemImplementingAllocator::free(void *obj) { assert(obj != NULL); - (void) VALGRIND_CHECK_WRITABLE(obj, obj_size); + (void) VALGRIND_CHECK_MEM_IS_ADDRESSABLE(obj, obj_size); deallocate(obj); ++free_calls; } @@ -602,10 +602,10 @@ assert(splayLastResult == 0); assert(chunk->inuse_count > 0); chunk->inuse_count--; - (void) VALGRIND_MAKE_READABLE(Free, sizeof(void *)); + (void) VALGRIND_MAKE_MEM_DEFINED(Free, sizeof(void *)); freeCache = *(void **)Free; /* remove from global cache */ *(void **)Free = chunk->freeList; /* stuff into chunks freelist */ - (void) VALGRIND_MAKE_NOACCESS(Free, sizeof(void *)); + (void) VALGRIND_MAKE_MEM_NOACCESS(Free, sizeof(void *)); chunk->freeList = Free; chunk->lastref = squid_curtime; } diff -r -u ./squid-3.0.STABLE1/lib/rfc2617.c ./squid-3.0.STABLE2/lib/rfc2617.c --- ./squid-3.0.STABLE1/lib/rfc2617.c 2007-11-16 05:47:34.000000000 +1300 +++ ./squid-3.0.STABLE2/lib/rfc2617.c 2008-02-25 16:38:11.000000000 +1300 @@ -13,7 +13,7 @@ /* - * $Id: rfc2617.c,v 1.12 2007/11/15 16:47:34 wessels Exp $ + * $Id: rfc2617.c,v 1.12.2.1 2008/02/25 03:38:11 amosjeffries Exp $ * * DEBUG: * AUTHOR: RFC 2617 & Robert Collins @@ -94,7 +94,7 @@ else Bin[i / 2] |= n; } - for (; i <= HASHHEXLEN; i++) { + for (i = i / 2; i < HASHLEN; i++) { Bin[i] = '\0'; } } diff -r -u ./squid-3.0.STABLE1/Makefile.in ./squid-3.0.STABLE2/Makefile.in --- ./squid-3.0.STABLE1/Makefile.in 2007-12-05 14:10:44.000000000 +1300 +++ ./squid-3.0.STABLE2/Makefile.in 2008-03-05 01:30:59.000000000 +1300 @@ -15,7 +15,7 @@ @SET_MAKE@ # -# $Id: Makefile.in,v 1.114 2007/12/05 01:10:44 hno Exp $ +# $Id: Makefile.in,v 1.114.2.1 2008/03/04 12:30:59 amosjeffries Exp $ # srcdir = @srcdir@ top_srcdir = @top_srcdir@ diff -r -u ./squid-3.0.STABLE1/QUICKSTART ./squid-3.0.STABLE2/QUICKSTART --- ./squid-3.0.STABLE1/QUICKSTART 2003-07-18 23:10:32.000000000 +1200 +++ ./squid-3.0.STABLE2/QUICKSTART 2008-02-11 00:04:32.000000000 +1300 @@ -1,7 +1,7 @@ Squid QUICKSTART -$Id: QUICKSTART,v 1.8 2003/07/18 11:10:32 hno Exp $ +$Id: QUICKSTART,v 1.8.4.1 2008/02/10 11:04:32 serassio Exp $ This document is intended only for people who want to get Squid running quickly It is not a substitute for the real documentation. Squid has @@ -26,7 +26,7 @@ always ask permission before adding a parent cache. See also the never_direct/always_direct directives. -cache_dir /usr/local/squid/var/cache 100 16 256 +cache_dir ufs /usr/local/squid/var/cache 100 16 256 Add here (first number, here 100) the amount of hard disk space (in megabytes) to devote to caching. diff -r -u ./squid-3.0.STABLE1/RELEASENOTES.html ./squid-3.0.STABLE2/RELEASENOTES.html --- ./squid-3.0.STABLE1/RELEASENOTES.html 2007-12-14 13:26:29.000000000 +1300 +++ ./squid-3.0.STABLE2/RELEASENOTES.html 2008-03-05 01:36:40.000000000 +1300 @@ -2,12 +2,12 @@ - Squid 3.0.RC1 release notes + Squid 3.0.STABLE2 release notes -

Squid 3.0.RC1 release notes

+

Squid 3.0.STABLE2 release notes

-

Squid Developers

$Id: release-3.0.html,v 1.12 2007/11/18 17:23:01 serassio Exp $ +

Squid Developers

$Id: release-3.0.html,v 1.12.2.2 2008/02/28 00:26:31 amosjeffries Exp $
This document contains the release notes for version 3.0 of Squid. Squid is a WWW Cache application developed by the National Laboratory @@ -15,21 +15,20 @@

1. Notice

-

The Squid Team are pleased to announce the release of Squid-3.0.RC1 for pre-release testing.

+

The Squid Team are pleased to announce the release of Squid-3.0.STABLE2.

This new release is available for download from http://www.squid-cache.org/Versions/v3/3.0/ or the mirrors.

-

A large number of the show-stopper bugs have been fixed along with general improvements to the ICAP support. -While this release is not deemed ready for production use, we believe it is ready for wider testing by the community.

+

A large number of the show-stopper bugs have been fixed along with general improvements to the ICAP support and additional Languages.

We welcome feedback and bug reports. If you find a bug, please see http://wiki.squid-cache.org/SquidFaq/TroubleShooting#head-7067fc0034ce967e67911becaabb8c95a34d576d for how to submit a report with a stack trace.

2. Known issues

-

Although this release is deemed good enough for testing in many setups, please note the existence of +

Although this release is deemed good enough for use in many setups, please note the existence of open bugs against Squid-3.0.

-

3. Changes since earlier PRE releases of Squid-3.0

+

3. Changes since earlier STABLE releases of Squid-3.0

The 3.0 change history can be viewed here.

@@ -92,7 +91,7 @@

Some of the features found in Squid-2.6 is not available in Squid-3. -Some has been dropped as they are not needed. Some has not yet been forward-ported to Squid-3 and may appear in a later release.

+Some have been dropped as they are not needed. Some have not yet been forward-ported to Squid-3 and may appear in a later release.

  • refresh_stale_hit option. Not yet ported.
    • @@ -117,8 +116,10 @@

    The TCP_REFRESH_HIT and TCP_REFRESH_MISS log types have been replaced because they were misleading (all refreshes need to query the origin server, so they could never be hits). The following log types have been introduced to replace them:

    -
    TCP_REFRESH_UNMODIFIED

    The requested object was cached but STALE. The IMS query for the object resulted in "304 not modified".

    -
    TCP_REFRESH_MODIFIED

    The requested object was cached but STALE. The IMS query returned the new content.

    +
    TCP_REFRESH_UNMODIFIED
    +

    The requested object was cached but STALE. The IMS query for the object resulted in "304 not modified".

    +
    TCP_REFRESH_MODIFIED
    +

    The requested object was cached but STALE. The IMS query returned the new content.

    See @@ -151,7 +152,8 @@

    -
    minimum_icp_query_timeout (msec)

    +

    minimum_icp_query_timeout (msec)
    +

     Default: 5
 
@@ -165,7 +167,8 @@

    -
    background_ping_rate

    +

    background_ping_rate
    +

     Default: 10 seconds
 
@@ -175,7 +178,8 @@

    -
    httpd_accel_surrogate_id

    +

    httpd_accel_surrogate_id
    +

     Default: unset
 
@@ -187,7 +191,8 @@

    -
    http_accel_surrogate_remote on|off

    +

    http_accel_surrogate_remote on|off
    +

     Default: off
 
@@ -197,7 +202,8 @@

    -
    esi_parser libxml2|expat|custom

    +

    esi_parser libxml2|expat|custom
    +

     Default: custom
 
@@ -208,7 +214,8 @@

    -
    email_err_data on|off

    +

    email_err_data on|off
    +

     Default: on
 
@@ -220,7 +227,8 @@

    -
    refresh_all_ims on|off

    +

    refresh_all_ims on|off
    +

     Default: off
 
@@ -235,10 +243,13 @@

    -
    request_header_access

    Replaces the header_access directive of Squid-2.6 and earlier, but applies to requests only.

    -
    reply_header_access

    Replaces the header_access directive of Squid-2.6 and earlier, but applies to replies only.

    +
    request_header_access
    +

    Replaces the header_access directive of Squid-2.6 and earlier, but applies to requests only.

    +
    reply_header_access
    +

    Replaces the header_access directive of Squid-2.6 and earlier, but applies to replies only.

    -
    icap_enable on|off

    +

    icap_enable on|off
    +

     Default: off
 
@@ -246,7 +257,8 @@

    -
    icap_preview_enable on|off

    +

    icap_preview_enable on|off
    +

     Default: off
 
@@ -255,7 +267,8 @@

    -
    icap_preview_size

    +

    icap_preview_size
    +

     Default: -1
 
@@ -265,7 +278,8 @@

    -
    icap_default_options_ttl (seconds)

    +

    icap_default_options_ttl (seconds)
    +

     Default: 60
 
@@ -274,7 +288,8 @@

    -
    icap_persistent_connections on|off

    +

    icap_persistent_connections on|off
    +

     Default: on
 
@@ -283,7 +298,8 @@

    -
    icap_send_client_ip on|off

    +

    icap_send_client_ip on|off
    +

     Default: off
 
@@ -291,7 +307,8 @@

    -
    icap_send_client_username on|off

    +

    icap_send_client_username on|off
    +

     Default: off
 
@@ -300,7 +317,8 @@

    -
    icap_service

    +

    icap_service
    +

     Default: none
 
@@ -324,7 +342,8 @@

    -
    icap_class

    +

    icap_class
    +

     Default: none
 
@@ -339,7 +358,8 @@

    -
    icap_access

    +

    icap_access
    +

     Default: none
 
@@ -363,7 +383,8 @@

    -
    accept_filter

    +

    accept_filter
    +

     The name of an accept(2) filter to install on Squid's
 listen socket(s).  This feature is perhaps specific to
@@ -375,6 +396,31 @@

    + +
    include
    +

    New option to import entire secondary configuration files into squid.conf. +

    +        Squid will follow the files immediately and insert all their content
+        as if it was at that position in squid.conf. As per squid.conf some
+        options are order-specific within the config as a whole.
+
+        A few layers of include are allowed, but too many are confusing and
+        squid will enforce an include depth of 16 files.
+
+        Syntax:
+                include /path/to/file1 /path/to/file2
+        
+
    +

    + +
    acl myportname
    +

    New acl type myportname, matching the name of the http(s)_port where the request was accepted +

    +        acl aclname myportname 3128 ...         # http(s)_port name
+        
+
    +

    +

    @@ -383,7 +429,8 @@

    -
    http_port

    New options: +

    http_port
    +

    New options: 

         disable-pmtu-discovery=
       Control Path-MTU discovery usage:
@@ -409,13 +456,15 @@

    -
    https_port

    Removed options: +

    https_port
    +

    Removed options: 

         urlgroup=, not yet ported to Squid-3.

    -
    cache_peer

    New options: +

    cache_peer
    +

    New options: 

          basetime=n
 
@@ -455,7 +504,8 @@

    -
    cache_dir

    Common options +

    cache_dir
    +

    Common options 

         no-store, replaces the older read-only option
 
@@ -478,7 +528,8 @@

    -
    auth_param

    Removed Basic auth option +

    auth_param
    +

    Removed Basic auth option 

         blankpasswor, not yet ported to squid-3.
     auth_param basic concurrency 0
@@ -492,7 +543,8 @@

    -
    external_acl_type

    New format specifications: +

    external_acl_type
    +

    New format specifications: 

         %URI          Requested URI
 
@@ -516,7 +568,8 @@

    -
    refresh_pattern

    New options: +

    refresh_pattern
    +

    New options: 

         ignore-no-store
     refresh-ims
@@ -533,7 +586,8 @@

    -
    acl

    New types: +

    acl
    +

    New types: 

         acl aclname http_status 200 301 500- 400-403 ...     # status code in reply
 
@@ -550,14 +604,16 @@

    -
    short_icon_urls

    New default: +

    short_icon_urls
    +

    New default: 

         Default: on
     (Old default: off)

    -
    delay_class

    New delay classes: +

    delay_class
    +

    New delay classes: 

         class 4 Everything in a class 3 delay pool, with an
     additional limit on a per user basis. This
@@ -571,7 +627,8 @@

    -
    htcp_port

    New default to require the feature to be enabled in squid.conf: +

    htcp_port
    +

    New default to require the feature to be enabled in squid.conf: 

         Default: 0 (disabled)
     (Old default: 4827)
@@ -579,7 +636,8 @@

    -
    icp_port

    New default to require the feature to be enabled in squid.conf: +

    icp_port
    +

    New default to require the feature to be enabled in squid.conf: 

         Default: 0 (disabled)
     (Old default: 3130)
@@ -587,7 +645,8 @@

    -
    snmp_port

    New default to require the feature to be enabled in squid.conf: +

    snmp_port
    +

    New default to require the feature to be enabled in squid.conf: 

         Default: 0 (disabled)
     (Old default: 3401)
@@ -595,7 +654,8 @@

    -
    logformat

    New format tags: +

    logformat
    +

    New format tags: 

         rp      Request URL-Path excluding hostname
 
@@ -617,7 +677,8 @@

    -
    reply_body_max_size

    Syntax changed: +

    reply_body_max_size
    +

    Syntax changed: 

         reply_body_max_size size [acl acl...]
         
@@ -625,7 +686,8 @@
 
    
 
    allow/deny no longer used.
    
 
-
    url_rewrite_program
    No urlgroup support in either requests or responese
    
+
    url_rewrite_program
    
+
    No urlgroup support in either requests or responese

    @@ -636,19 +698,32 @@

    -
    broken_vary_encoding

    Not yet ported to Squid-3.

    -
    cache_vary

    Not yet ported to Squid-3.

    -
    collapsed_forwarding

    Not yet ported to Squid-3.

    -
    follow_x_forwarded_for

    Not yet ported to Squid-3.

    -
    *_uses_indirect_client

    Not yet ported to Squid-3.

    -
    error_map

    Not yet ported to Squid-3.

    -
    header_access

    This has been replaced by request_header_access and reply_header_access

    -
    http_access2

    Not yet ported to Squid-3.

    -
    httpd_accel_no_pmtu_disc

    Replaced by disable-pmtu-discovery http_port option

    -
    location_rewrite_*

    Not yet ported to Squid-3.

    -
    refresh_stale_hit

    Not yet ported to Squid-3.

    -
    umask

    Not yet ported to Squid-3.

    -
    wais_relay_*

    equivalent to cache_peer + cache_peer_access.

    +
    broken_vary_encoding
    +

    Not yet ported to Squid-3.

    +
    cache_vary
    +

    Not yet ported to Squid-3.

    +
    collapsed_forwarding
    +

    Not yet ported to Squid-3.

    +
    follow_x_forwarded_for
    +

    Not yet ported to Squid-3.

    +
    *_uses_indirect_client
    +

    Not yet ported to Squid-3.

    +
    error_map
    +

    Not yet ported to Squid-3.

    +
    header_access
    +

    This has been replaced by request_header_access and reply_header_access

    +
    http_access2
    +

    Not yet ported to Squid-3.

    +
    httpd_accel_no_pmtu_disc
    +

    Replaced by disable-pmtu-discovery http_port option

    +
    location_rewrite_*
    +

    Not yet ported to Squid-3.

    +
    refresh_stale_hit
    +

    Not yet ported to Squid-3.

    +
    umask
    +

    Not yet ported to Squid-3.

    +
    wais_relay_*
    +

    equivalent to cache_peer + cache_peer_access.

    @@ -677,27 +752,33 @@

    -
    --enable-shared[=PKGS]

    Build shared libraries. The default is to build without.

    +
    --enable-shared[=PKGS]
    +

    Build shared libraries. The default is to build without.

    -
    --enable-static[=PKGS]

    Build static libraries. The default is on.

    +
    --enable-static[=PKGS]
    +

    Build static libraries. The default is on.

    -
    --enable-fast-install[=PKGS]

    +

    --enable-fast-install[=PKGS]
    +

     Optimize for fast installation
         default: yes

    -
    --disable-libtool-lock

    Avoid locking (might break parallel builds)

    +
    --disable-libtool-lock
    +

    Avoid locking (might break parallel builds)

    -
    --disable-optimizations

    Don't compile Squid with compiler optimizations enabled. +

    --disable-optimizations
    +

    Don't compile Squid with compiler optimizations enabled. Optimization is good for production builds, but not good for debugging. During development, use --disable-optimizations to reduce compilation times and allow easier debugging. This option implicitly also enables --disable-inline

    -
    --disable-inline

    Don't compile trivial methods as inline. Squid +

    --disable-inline
    +

    Don't compile trivial methods as inline. Squid is coded with much of the code able to be inlined. Inlining is good for production builds, but not good for development. During development, use @@ -707,15 +788,18 @@ --enable-inline to have squid make all trivial methods inlinable by the compiler.

    -
    --enable-debug-cbdata

    Provide some debug information in cbdata

    +
    --enable-debug-cbdata
    +

    Provide some debug information in cbdata

    -
    --enable-disk-io=\"list of modules\"

    Build support for the list of disk I/O modules. +

    --enable-disk-io=\"list of modules\"
    +

    Build support for the list of disk I/O modules. The default is only to build the "Blocking" module. See src/DiskIO for a list of available modules, or Programmers Guide for details on how to build your custom disk module.

    -
    --enable-esi

    Enable ESI for accelerators. Requires libexpat. +

    --enable-esi
    +

    Enable ESI for accelerators. Requires libexpat. Enabling ESI will cause squid to follow the Edge Acceleration Specification (www.esi.org). This causes squid to IGNORE client Cache-Control headers.

    @@ -723,23 +807,30 @@ proxy, ONLY use it in a squid configured for webserver acceleration.

    -
    --enable-icap-client

    Enable the ICAP client.

    +
    --enable-icap-client
    +

    Enable the ICAP client.

    -
    --disable-snmp

    Disable SNMP monitoring support which is now built by default.

    +
    --disable-snmp
    +

    Disable SNMP monitoring support which is now built by default.

    -
    --disable-htcp

    Disable HTCP protocol support which is now built by default.

    +
    --disable-htcp
    +

    Disable HTCP protocol support which is now built by default.

    -
    --enable-kqueue

    Enable kqueue() support. Marked as experimental in 3.0.

    +
    --enable-kqueue
    +

    Enable kqueue() support. Marked as experimental in 3.0.

    -
    --enable-ipfw-transparent

    Enable Transparent Proxy support for systems +

    --enable-ipfw-transparent
    +

    Enable Transparent Proxy support for systems using FreeBSD IPFW style redirection.

    -
    --disable-mempools

    Disable memPools. Note that this option now simply sets the +

    --disable-mempools
    +

    Disable memPools. Note that this option now simply sets the default behaviour. Specific classes can override this at runtime, and only lib/MemPool.c needs to be altered to change the squid-wide default for all classes.

    -
    --enable-cpu-profiling

    This option allows you to see which internal functions +

    --enable-cpu-profiling
    +

    This option allows you to see which internal functions in Squid are consuming how much CPU. Compiles in probes that measure time spent in probed functions. Needs source modifications to add new probes. This is meant @@ -749,16 +840,21 @@ you shouldn't enable this, as overhead added, although small, is still overhead. See lib/Profiler.c for more.

    -
    --with-gnu-ld

    Assume the C compiler uses GNU ld. The default is to auto-detect.

    +
    --with-gnu-ld
    +

    Assume the C compiler uses GNU ld. The default is to auto-detect.

    -
    --with-pic

    Try to use only PIC/non-PIC objects. The default is to use both.

    +
    --with-pic
    +

    Try to use only PIC/non-PIC objects. The default is to use both.

    -
    --with-tags[=TAGS]

    Include additional configurations. The default is automatic.

    +
    --with-tags[=TAGS]
    +

    Include additional configurations. The default is automatic.

    -
    --with-default-user=USER

    Sets the default System User account for squid permissions. +

    --with-default-user=USER
    +

    Sets the default System User account for squid permissions. The default is 'nobody' as in other releases of squid.

    -
    --with-cppunit-basedir=[PATH]

    Path where the cppunit headers and libraries are found +

    --with-cppunit-basedir=[PATH]
    +

    Path where the cppunit headers and libraries are found for unit testing. The default is automatic detection.

    NOTE: Since 3.0-PRE6 and 2.6STABLE14 squid no longer comes bundled with CPPUnit. Compile-time validation will be disabled @@ -770,33 +866,42 @@

    -
    --enable-carp

    CARP support is now built by default. ---disable-carp can be used to buidl without it.

    +
    --enable-carp
    +

    CARP support is now built by default. +--disable-carp can be used to build without it.

    -
    --enable-htcp

    HTCP protocol support is now built by default. +

    --enable-htcp
    +

    HTCP protocol support is now built by default. Use --disable-htcp to build without it.

    -
    --enable-snmp

    SNMP monitoring is now build by default. +

    --enable-snmp
    +

    SNMP monitoring is now build by default. Use --disable-snmp to build without it.

    -
    --enable-heap-replacement

    Please use --enable-removal-policies directive instead.

    +
    --enable-heap-replacement
    +

    Please use --enable-removal-policies directive instead.

    -
    --with-maxfd=N

    Replaced by --with-filedescriptors=N

    +
    --with-maxfd=N
    +

    Replaced by --with-filedescriptors=N

    Override maximum number of filedescriptors. Useful if you build as another user who is not privileged to use the number of filedescriptors you want the resulting binary to support

    -
    --enable-select

    Deprecated. +

    --enable-select
    +

    Deprecated. Automatic checks will enable best I/O loop method available.

    -
    --enable-epoll

    Deprecated. +

    --enable-epoll
    +

    Deprecated. Automatic checks will enable best I/O loop method available.

    -
    --enable-poll

    Deprecated. +

    --enable-poll
    +

    Deprecated. Automatic checks will enable best I/O loop method available.

    -
    --enable-kqueue

    kqueue support is marked Experimental in Squid 3.0. Known to have some issues under load.

    +
    --enable-kqueue
    +

    kqueue support is marked Experimental in Squid 3.0. Known to have some issues under load.

    @@ -806,11 +911,14 @@ porting one of these from Squid-2 to Squid-3 is most welcome.

    -
    --enable-devpoll

    Support for Solaris /dev/poll

    +
    --enable-devpoll
    +

    Support for Solaris /dev/poll

    -
    --enable-select-simple

    Basic POSIX select() loop without any binary fd_set optimizations.

    +
    --enable-select-simple
    +

    Basic POSIX select() loop without any binary fd_set optimizations.

    -
    --enable-follow-x-forwarded-for

    Support following the X-Forwarded-For HTTP header for determining the +

    --enable-follow-x-forwarded-for
    +

    Support following the X-Forwarded-For HTTP header for determining the client IP address

    @@ -820,13 +928,20 @@

    The following configure options have been removed.

    -
    --enable-dlmalloc

    Most OS:es have good malloc implementations these days, and the version we used to ship with Squid was very very old..

    -
    --enable-mempool-debug

    Debug option, not needed and therefore removed.

    -
    --enable-forward-log

    Rarely used extra log file. Removed.

    -
    --enable-multicast-miss

    Rarely used feature, and multicast ICP acheives almost the same result. Removed.

    -
    --enable-coss-aio-ops

    Specific to the COSS implementation in Squid-2

    -
    --enable-large-cache-files

    Now enabled by default. Configure option was redundant and therefore removed.

    -
    --enable-truncate

    Known to cause race conditions where cache objects may get corrupted, and this for at most a marginal performance improvement. Removed.

    +
    --enable-dlmalloc
    +

    Most OS:es have good malloc implementations these days, and the version we used to ship with Squid was very very old..

    +
    --enable-mempool-debug
    +

    Debug option, not needed and therefore removed.

    +
    --enable-forward-log
    +

    Rarely used extra log file. Removed.

    +
    --enable-multicast-miss
    +

    Rarely used feature, and multicast ICP acheives almost the same result. Removed.

    +
    --enable-coss-aio-ops
    +

    Specific to the COSS implementation in Squid-2

    +
    --enable-large-cache-files
    +

    Now enabled by default. Configure option was redundant and therefore removed.

    +
    --enable-truncate
    +

    Known to cause race conditions where cache objects may get corrupted, and this for at most a marginal performance improvement. Removed.

    diff -r -u ./squid-3.0.STABLE1/src/ACLCertificate.cc ./squid-3.0.STABLE2/src/ACLCertificate.cc --- ./squid-3.0.STABLE1/src/ACLCertificate.cc 2003-03-04 14:40:25.000000000 +1300 +++ ./squid-3.0.STABLE2/src/ACLCertificate.cc 2008-02-10 23:43:09.000000000 +1300 @@ -1,5 +1,5 @@ /* - * $Id: ACLCertificate.cc,v 1.2 2003/03/04 01:40:25 robertc Exp $ + * $Id: ACLCertificate.cc,v 1.2.4.1 2008/02/10 10:43:09 serassio Exp $ * * DEBUG: section 28 Access Control * AUTHOR: Duane Wessels @@ -35,6 +35,12 @@ */ #include "squid.h" + +/* MS Visual Studio Projects are monolithic, so we need the following + * #if to exclude the SSL code from compile process when not needed. + */ +#if USE_SSL + #include "ACLCertificate.h" #include "ACLChecklist.h" #include "ACLCertificateData.h" @@ -60,3 +66,5 @@ } ACLCertificateStrategy ACLCertificateStrategy::Instance_; + +#endif /* USE_SSL */ diff -r -u ./squid-3.0.STABLE1/src/ACLChecklist.cc ./squid-3.0.STABLE2/src/ACLChecklist.cc --- ./squid-3.0.STABLE1/src/ACLChecklist.cc 2007-09-01 17:56:37.000000000 +1200 +++ ./squid-3.0.STABLE2/src/ACLChecklist.cc 2008-02-27 23:41:16.000000000 +1300 @@ -1,5 +1,5 @@ /* - * $Id: ACLChecklist.cc,v 1.42 2007/09/01 05:56:37 amosjeffries Exp $ + * $Id: ACLChecklist.cc,v 1.42.2.1 2008/02/27 10:41:16 amosjeffries Exp $ * * DEBUG: section 28 Access Control * AUTHOR: Duane Wessels @@ -394,12 +394,9 @@ HTTPMSGUNLOCK(reply); - /* - * DPW 2007-05-08 - * If this fails, then we'll need a backup UNLOCK call in the - * destructor. - */ - assert(auth_user_request == NULL); + // no auth_user_request in builds without any Authentication configured + if (auth_user_request) + AUTHUSERREQUESTUNLOCK(auth_user_request, "ACLChecklist destructor"); conn_ = NULL; diff -r -u ./squid-3.0.STABLE1/src/ACLDestinationDomain.cc ./squid-3.0.STABLE2/src/ACLDestinationDomain.cc --- ./squid-3.0.STABLE1/src/ACLDestinationDomain.cc 2007-11-03 17:49:53.000000000 +1300 +++ ./squid-3.0.STABLE2/src/ACLDestinationDomain.cc 2008-02-27 23:04:51.000000000 +1300 @@ -1,5 +1,5 @@ /* - * $Id: ACLDestinationDomain.cc,v 1.15 2007/11/03 04:49:53 wessels Exp $ + * $Id: ACLDestinationDomain.cc,v 1.15.2.1 2008/02/27 10:04:51 amosjeffries Exp $ * * DEBUG: section 28 Access Control * AUTHOR: Duane Wessels @@ -76,6 +76,8 @@ int ACLDestinationDomainStrategy::match (ACLData * &data, ACLChecklist *checklist) { + assert(checklist != NULL && checklist->request != NULL); + const ipcache_addrs *ia = NULL; const char *fqdn = NULL; diff -r -u ./squid-3.0.STABLE1/src/ACLHTTPRepHeader.cc ./squid-3.0.STABLE2/src/ACLHTTPRepHeader.cc --- ./squid-3.0.STABLE1/src/ACLHTTPRepHeader.cc 2006-06-15 07:18:24.000000000 +1200 +++ ./squid-3.0.STABLE2/src/ACLHTTPRepHeader.cc 2008-02-06 17:06:46.000000000 +1300 @@ -1,6 +1,6 @@ /* - * $Id: ACLHTTPRepHeader.cc,v 1.1 2006/06/14 19:18:24 serassio Exp $ + * $Id: ACLHTTPRepHeader.cc,v 1.1.4.1 2008/02/06 04:06:46 amosjeffries Exp $ * * * SQUID Web Proxy Cache http://www.squid-cache.org/ @@ -39,12 +39,6 @@ #include "ACLChecklist.h" #include "HttpReply.h" -/* explicit template instantiation required for some systems */ - -template class ACLStrategised - -; - ACL::Prototype ACLHTTPRepHeader::RegistryProtoype(&ACLHTTPRepHeader::RegistryEntry_, "rep_header"); ACLStrategised ACLHTTPRepHeader::RegistryEntry_(new ACLHTTPHeaderData, ACLHTTPRepHeaderStrategy::Instance(), "rep_header"); diff -r -u ./squid-3.0.STABLE1/src/ACLHTTPReqHeader.cc ./squid-3.0.STABLE2/src/ACLHTTPReqHeader.cc --- ./squid-3.0.STABLE1/src/ACLHTTPReqHeader.cc 2006-06-15 07:18:24.000000000 +1200 +++ ./squid-3.0.STABLE2/src/ACLHTTPReqHeader.cc 2008-02-06 17:06:46.000000000 +1300 @@ -1,6 +1,6 @@ /* - * $Id: ACLHTTPReqHeader.cc,v 1.1 2006/06/14 19:18:24 serassio Exp $ + * $Id: ACLHTTPReqHeader.cc,v 1.1.4.1 2008/02/06 04:06:46 amosjeffries Exp $ * * * SQUID Web Proxy Cache http://www.squid-cache.org/ @@ -39,12 +39,6 @@ #include "ACLChecklist.h" #include "HttpRequest.h" -/* explicit template instantiation required for some systems */ - -template class ACLStrategised - -; - ACL::Prototype ACLHTTPReqHeader::RegistryProtoype(&ACLHTTPReqHeader::RegistryEntry_, "req_header"); ACLStrategised ACLHTTPReqHeader::RegistryEntry_(new ACLHTTPHeaderData, ACLHTTPReqHeaderStrategy::Instance(), "req_header"); Only in ./squid-3.0.STABLE2/src: ACLMyPortName.cc Only in ./squid-3.0.STABLE2/src: ACLMyPortName.h diff -r -u ./squid-3.0.STABLE1/src/ACLStrategised.cc ./squid-3.0.STABLE2/src/ACLStrategised.cc --- ./squid-3.0.STABLE1/src/ACLStrategised.cc 2003-02-17 20:01:34.000000000 +1300 +++ ./squid-3.0.STABLE2/src/ACLStrategised.cc 2008-02-06 17:06:46.000000000 +1300 @@ -1,5 +1,5 @@ /* - * $Id: ACLStrategised.cc,v 1.1 2003/02/17 07:01:34 robertc Exp $ + * $Id: ACLStrategised.cc,v 1.1.4.1 2008/02/06 04:06:46 amosjeffries Exp $ * * DEBUG: section 28 Access Control * AUTHOR: Duane Wessels @@ -41,3 +41,14 @@ #include "ACLRegexData.h" #include "ACLDomainData.h" +/* + * moved template instantiation into ACLStrategized.cc from + * ACLHTTPRepHeader.cc and ACLHTTPReqHeader.cc to compile on + * Mac OSX 10.5 Leopard, this corrects a duplicate symbol error + */ + +/* explicit template instantiation required for some systems */ + +template class ACLStrategised + +; diff -r -u ./squid-3.0.STABLE1/src/asn.cc ./squid-3.0.STABLE2/src/asn.cc --- ./squid-3.0.STABLE1/src/asn.cc 2007-09-21 23:41:52.000000000 +1200 +++ ./squid-3.0.STABLE2/src/asn.cc 2008-02-26 12:08:50.000000000 +1300 @@ -1,6 +1,6 @@ /* - * $Id: asn.cc,v 1.115 2007/09/21 11:41:52 amosjeffries Exp $ + * $Id: asn.cc,v 1.115.2.1 2008/02/25 23:08:50 amosjeffries Exp $ * * DEBUG: section 53 AS Number handling * AUTHOR: Duane Wessels, Kostas Anagnostakis @@ -89,7 +89,7 @@ store_client *sc; HttpRequest *request; int as_number; - off_t offset; + int64_t offset; int reqofs; char reqbuf[AS_REQBUF_SZ]; bool dataRead; @@ -299,7 +299,7 @@ */ s = buf; - while (s - buf < (off_t)(result.length + asState->reqofs) && *s != '\0') { + while ((size_t)(s - buf) < result.length + asState->reqofs && *s != '\0') { while (*s && xisspace(*s)) s++; diff -r -u ./squid-3.0.STABLE1/src/auth/digest/auth_digest.cc ./squid-3.0.STABLE2/src/auth/digest/auth_digest.cc --- ./squid-3.0.STABLE1/src/auth/digest/auth_digest.cc 2007-08-28 00:50:45.000000000 +1200 +++ ./squid-3.0.STABLE2/src/auth/digest/auth_digest.cc 2008-02-25 16:39:02.000000000 +1300 @@ -1,6 +1,6 @@ /* - * $Id: auth_digest.cc,v 1.59 2007/08/27 12:50:45 hno Exp $ + * $Id: auth_digest.cc,v 1.59.2.1 2008/02/25 03:39:02 amosjeffries Exp $ * * DEBUG: section 29 Authenticator * AUTHOR: Robert Collins @@ -666,6 +666,7 @@ } } else { credentials(Failed); + digest_request->flags.invalid_password = 1; digest_request->setDenyMessage("Incorrect password"); return; } @@ -673,7 +674,6 @@ /* check for stale nonce */ if (!authDigestNonceIsValid(digest_request->nonce, digest_request->nc)) { debugs(29, 3, "authenticateDigestAuthenticateuser: user '" << digest_user->username() << "' validated OK but nonce stale"); - digest_request->flags.nonce_stale = 1; credentials(Failed); digest_request->setDenyMessage("Stale nonce"); return; @@ -708,11 +708,8 @@ case Failed: - if (flags.nonce_stale) - /* nonce is stale, send new challenge */ - return 1; - - return -2; + /* send new challenge */ + return 1; } return -2; @@ -783,14 +780,14 @@ if (!authenticate) return; - int stale = 0; + int stale = 1; if (auth_user_request) { AuthDigestUserRequest *digest_request; digest_request = dynamic_cast < AuthDigestUserRequest * >(auth_user_request); assert (digest_request != NULL); - stale = digest_request->flags.nonce_stale; + stale = !digest_request->flags.invalid_password; } /* on a 407 or 401 we always use a new nonce */ @@ -850,6 +847,7 @@ if (reply && (strncasecmp(reply, "ERR", 3) == 0)) { digest_request->credentials(AuthDigestUserRequest::Failed); + digest_request->flags.invalid_password = 1; if (t && *t) digest_request->setDenyMessage(t); @@ -1047,9 +1045,8 @@ /* setup the necessary info to log the username */ static AuthUserRequest * -authDigestLogUsername(char *username) +authDigestLogUsername(char *username, AuthDigestUserRequest *auth_user_request) { - AuthDigestUserRequest *auth_user_request = new AuthDigestUserRequest(); assert(auth_user_request != NULL); /* log the username */ @@ -1228,7 +1225,7 @@ if (digest_request->cnonce && strlen(digest_request->nc) != 8) { debugs(29, 4, "authenticateDigestDecode: nonce count length invalid"); delete digest_request; - return authDigestLogUsername(username); + return authDigestLogUsername(username, digest_request); } /* now the nonce */ @@ -1237,8 +1234,7 @@ if (!nonce) { /* we couldn't find a matching nonce! */ debugs(29, 4, "authenticateDigestDecode: Unexpected or invalid nonce received"); - delete digest_request; - return authDigestLogUsername(username); + return authDigestLogUsername(username, digest_request); } digest_request->nonce = nonce; @@ -1247,11 +1243,11 @@ /* check the qop is what we expected. Note that for compatability with * RFC 2069 we should support a missing qop. Tough. */ - if (!digest_request->qop || strcmp(digest_request->qop, QOP_AUTH)) { + if (digest_request->qop && strcmp(digest_request->qop, QOP_AUTH) != 0) { /* we received a qop option we didn't send */ debugs(29, 4, "authenticateDigestDecode: Invalid qop option received"); delete digest_request; - return authDigestLogUsername(username); + return authDigestLogUsername(username, digest_request); } /* we can't check the URI just yet. We'll check it in the @@ -1262,21 +1258,21 @@ if (!digest_request->response || strlen(digest_request->response) != 32) { debugs(29, 4, "authenticateDigestDecode: Response length invalid"); delete digest_request; - return authDigestLogUsername(username); + return authDigestLogUsername(username, digest_request); } /* do we have a username ? */ if (!username || username[0] == '\0') { debugs(29, 4, "authenticateDigestDecode: Empty or not present username"); delete digest_request; - return authDigestLogUsername(username); + return authDigestLogUsername(username, digest_request); } /* check that we're not being hacked / the username hasn't changed */ if (nonce->user && strcmp(username, nonce->user->username())) { debugs(29, 4, "authenticateDigestDecode: Username for the nonce does not equal the username for the request"); delete digest_request; - return authDigestLogUsername(username); + return authDigestLogUsername(username, digest_request); } /* if we got a qop, did we get a cnonce or did we get a cnonce wihtout a qop? */ @@ -1284,7 +1280,7 @@ || (!digest_request->qop && digest_request->cnonce)) { debugs(29, 4, "authenticateDigestDecode: qop without cnonce, or vice versa!"); delete digest_request; - return authDigestLogUsername(username); + return authDigestLogUsername(username, digest_request); } /* check the algorithm is present and supported */ @@ -1294,7 +1290,7 @@ && strcmp(digest_request->algorithm, "MD5-sess")) { debugs(29, 4, "authenticateDigestDecode: invalid algorithm specified!"); delete digest_request; - return authDigestLogUsername(username); + return authDigestLogUsername(username, digest_request); } /* the method we'll check at the authenticate step as well */ diff -r -u ./squid-3.0.STABLE1/src/auth/digest/auth_digest.h ./squid-3.0.STABLE2/src/auth/digest/auth_digest.h --- ./squid-3.0.STABLE1/src/auth/digest/auth_digest.h 2007-05-09 19:36:29.000000000 +1200 +++ ./squid-3.0.STABLE2/src/auth/digest/auth_digest.h 2008-02-25 16:39:02.000000000 +1300 @@ -99,8 +99,7 @@ unsigned int authinfo_sent: 1; -unsigned int nonce_stale: - 1; + unsigned int invalid_password:1; unsigned int helper_queried: 1; diff -r -u ./squid-3.0.STABLE1/src/auth/Makefile.in ./squid-3.0.STABLE2/src/auth/Makefile.in --- ./squid-3.0.STABLE1/src/auth/Makefile.in 2007-12-05 14:11:22.000000000 +1300 +++ ./squid-3.0.STABLE2/src/auth/Makefile.in 2008-03-05 01:31:33.000000000 +1300 @@ -312,7 +312,7 @@ # Makefile for authentication modules in the Squid Object Cache server # -# $Id: Makefile.in,v 1.93 2007/12/05 01:11:22 hno Exp $ +# $Id: Makefile.in,v 1.93.2.1 2008/03/04 12:31:33 amosjeffries Exp $ # AUTOMAKE_OPTIONS = subdir-objects AM_CFLAGS = @SQUID_CFLAGS@ diff -r -u ./squid-3.0.STABLE1/src/cache_cf.cc ./squid-3.0.STABLE2/src/cache_cf.cc --- ./squid-3.0.STABLE1/src/cache_cf.cc 2007-11-16 12:33:05.000000000 +1300 +++ ./squid-3.0.STABLE2/src/cache_cf.cc 2008-03-05 01:10:00.000000000 +1300 @@ -1,6 +1,6 @@ /* - * $Id: cache_cf.cc,v 1.528 2007/11/15 23:33:05 wessels Exp $ + * $Id: cache_cf.cc,v 1.528.2.8 2008/03/04 12:10:00 amosjeffries Exp $ * * DEBUG: section 3 Configuration File Parsing * AUTHOR: Harvest Derived @@ -46,6 +46,9 @@ #include "Parsing.h" #include "MemBuf.h" #include "wordlist.h" +#if HAVE_GLOB_H +#include +#endif #if SQUID_SNMP #include "snmp.h" @@ -151,6 +154,8 @@ static void parse_b_size_t(size_t * var); static void parse_b_int64_t(int64_t * var); +static int parseOneConfigFile(const char *file_name, unsigned int depth); + /* * LegacyParser is a parser for legacy code that uses the global * approach. This is static so that it is only exposed to cache_cf. @@ -203,17 +208,53 @@ return s; } -int -parseConfigFile(const char *file_name, CacheManager & manager) +static int +parseManyConfigFiles(char* files, int depth) +{ + int error_count = 0; + char* saveptr = NULL; +#if HAVE_GLOB + char *path; + glob_t globbuf; + int i; + memset(&globbuf, 0, sizeof(globbuf)); + for (path = strwordtok(files, &saveptr); path; path = strwordtok(NULL, &saveptr)) { + if (glob(path, globbuf.gl_pathc ? GLOB_APPEND : 0, NULL, &globbuf) != 0) { + fatalf("Unable to find configuration file: %s: %s", + path, xstrerror()); + } + } + for (i = 0; i < (int)globbuf.gl_pathc; i++) { + error_count += parseOneConfigFile(globbuf.gl_pathv[i], depth); + } + globfree(&globbuf); +#else + char* file = strwordtok(files, &saveptr); + while (file != NULL) { + error_count += parseOneConfigFile(file, depth); + file = strwordtok(NULL, &saveptr); + } +#endif /* HAVE_GLOB */ + return error_count; +} + +static int +parseOneConfigFile(const char *file_name, unsigned int depth) { FILE *fp = NULL; + const char *orig_cfg_filename = cfg_filename; + const int orig_config_lineno = config_lineno; char *token = NULL; char *tmp_line = NULL; int tmp_line_len = 0; int err_count = 0; int is_pipe = 0; - configFreeMemory(); - default_all(); + + debugs(3, 1, "Processing Configuration File: " << file_name << " (depth " << depth << ")"); + if (depth > 16) { + fatalf("WARNING: can't include %s: includes are nested too deeply (>16)!\n", file_name); + return 1; + } if (file_name[0] == '!' || file_name[0] == '|') { fp = popen(file_name + 1, "r"); @@ -223,8 +264,7 @@ } if (fp == NULL) - fatalf("Unable to open configuration file: %s: %s", - file_name, xstrerror()); + fatalf("Unable to open configuration file: %s: %s", file_name, xstrerror()); #ifdef _SQUID_WIN32_ @@ -270,13 +310,6 @@ *token = '\0'; cfg_filename = new_file_name; - -#if PROBABLY_NOT_WANTED_HERE - - SetConfigFilename(cfg_filename, false); - -#endif - } config_lineno = new_lineno; @@ -306,11 +339,13 @@ debugs(3, 5, "Processing: '" << tmp_line << "'"); - if (!parse_line(tmp_line)) { - debugs(3, 0, "parseConfigFile: '" << cfg_filename << "' line " << - config_lineno << " unrecognized: '" << config_input_line << "'"); - err_count++; - } + /* Handle includes here */ + if (tmp_line_len >= 9 && strncmp(tmp_line, "include", 7) == 0 && xisspace(tmp_line[7])) { + err_count += parseManyConfigFiles(tmp_line + 8, depth + 1); + } else if (!parse_line(tmp_line)) { + debugs(3, 0, HERE << cfg_filename << ":" << config_lineno << " unrecognized: '" << tmp_line << "'"); + err_count++; + } safe_free(tmp_line); tmp_line_len = 0; @@ -326,6 +361,23 @@ fclose(fp); } + cfg_filename = orig_cfg_filename; + config_lineno = orig_config_lineno; + + return err_count; +} + +int +parseConfigFile(const char *file_name, CacheManager & manager) +{ + int err_count = 0; + + configFreeMemory(); + + default_all(); + + err_count = parseOneConfigFile(file_name, 0); + defaults_if_none(); /* @@ -351,6 +403,7 @@ return err_count; } + static void configDoConfigure(void) { @@ -2364,18 +2417,6 @@ #define dump_eol dump_string #define free_eol free_string -void -parse_debug(char *volatile *var) -{ - parse_eol(var); - safe_free(debug_options) - debug_options = xstrdup(Config.debugOptions); - Debug::parseOptions(Config.debugOptions); -} - -#define dump_debug dump_string -#define free_debug free_string - static void dump_time_t(StoreEntry * entry, const char *name, time_t var) { @@ -2769,6 +2810,7 @@ char *t; s->disable_pmtu_discovery = DISABLE_PMTU_OFF; + s->name = xstrdup(token); if ((t = strchr(token, ':'))) { /* host:port */ diff -r -u ./squid-3.0.STABLE1/src/carp.cc ./squid-3.0.STABLE2/src/carp.cc --- ./squid-3.0.STABLE1/src/carp.cc 2007-04-29 10:26:37.000000000 +1200 +++ ./squid-3.0.STABLE2/src/carp.cc 2008-02-26 13:04:15.000000000 +1300 @@ -1,6 +1,6 @@ /* - * $Id: carp.cc,v 1.26 2007/04/28 22:26:37 hno Exp $ + * $Id: carp.cc,v 1.26.4.1 2008/02/26 00:04:15 amosjeffries Exp $ * * DEBUG: section 39 Cache Array Routing Protocol * AUTHOR: Henrik Nordstrom @@ -104,7 +104,7 @@ /* calculate this peers hash */ p->carp.hash = 0; - for (t = p->host; *t != 0; t++) + for (t = p->name; *t != 0; t++) p->carp.hash += ROTATE_LEFT(p->carp.hash, 19) + (unsigned int) *t; p->carp.hash += p->carp.hash * 0x62531965; @@ -189,7 +189,7 @@ combined_hash += combined_hash * 0x62531965; combined_hash = ROTATE_LEFT(combined_hash, 21); score = combined_hash * tp->carp.load_multiplier; - debugs(39, 3, "carpSelectParent: " << tp->host << " combined_hash " << combined_hash << + debugs(39, 3, "carpSelectParent: " << tp->name << " combined_hash " << combined_hash << " score " << std::setprecision(0) << score); if ((score > high_score) && peerHTTPOkay(tp, request)) { @@ -199,7 +199,7 @@ } if (p) - debugs(39, 2, "carpSelectParent: selected " << p->host); + debugs(39, 2, "carpSelectParent: selected " << p->name); return p; } @@ -221,7 +221,7 @@ for (p = Config.peers; p; p = p->next) { storeAppendPrintf(sentry, "%24s %10x %10f %10f %10f\n", - p->host, p->carp.hash, + p->name, p->carp.hash, p->carp.load_multiplier, p->carp.load_factor, sumfetches ? (double) p->stats.fetches / sumfetches : -1.0); diff -r -u ./squid-3.0.STABLE1/src/cf.data.pre ./squid-3.0.STABLE2/src/cf.data.pre --- ./squid-3.0.STABLE1/src/cf.data.pre 2007-11-16 12:33:05.000000000 +1300 +++ ./squid-3.0.STABLE2/src/cf.data.pre 2008-02-27 18:51:06.000000000 +1300 @@ -1,6 +1,6 @@ # -# $Id: cf.data.pre,v 1.488 2007/11/15 23:33:05 wessels Exp $ +# $Id: cf.data.pre,v 1.488.2.5 2008/02/27 05:51:06 amosjeffries Exp $ # # SQUID Web Proxy Cache http://www.squid-cache.org/ # ---------------------------------------------------------- @@ -48,6 +48,21 @@ COMMENT_END COMMENT_START + Configuration options can be included using the "include" directive. + Include takes a list of files to include. Quoting and wildcards is + supported. + + For example, + + include /path/to/included/file/squid.acl.config + + Includes can be nested up to a hard-coded depth of 16 levels. + This arbitrary restriction is to prevent recursive include references + from causing Squid entering an infinite loop whilst trying to load + configuration files. +COMMENT_END + +COMMENT_START OPTIONS FOR AUTHENTICATION ----------------------------------------------------------------------------- COMMENT_END @@ -488,6 +503,7 @@ acl aclname port 80 70 21 ... acl aclname port 0-1024 ... # ranges allowed acl aclname myport 3128 ... # (local socket TCP port) + acl aclname myportname 3128 ... # http(s)_port name acl aclname proto HTTP FTP ... acl aclname method GET POST ... acl aclname browser [-i] regexp ... @@ -920,6 +936,9 @@ sporadically hang or never complete requests set disable-pmtu-discovery option to 'transparent'. + name= Specifies a internal name for the port. Defaults to + the port specification (port or addr:port) + If you run Squid on a dual-homed machine with an internal and an external interface we recommend you to specify the internal address:port in http_port. This way Squid will only be @@ -1032,6 +1051,9 @@ vport=NN As above, but uses specified port number rather than the https_port number. Implies accel. + name= Specifies a internal name for the port. Defaults to + the port specification (port or addr:port) + DOC_END NAME: tcp_outgoing_tos tcp_outgoing_ds tcp_outgoing_dscp @@ -1097,11 +1119,11 @@ source address 10.1.0.2 and the rest will be forwarded with source address 10.1.0.3. - acl normal_service_net src 10.0.0.0/255.255.255.0 - acl good_service_net src 10.0.1.0/255.255.255.0 - tcp_outgoing_address 10.0.0.1 normal_service_net - tcp_outgoing_address 10.0.0.2 good_service_net - tcp_outgoing_address 10.0.0.3 + acl normal_service_net src 10.0.0.0/24 + acl good_service_net src 10.0.2.0/24 + tcp_outgoing_address 10.1.0.1 normal_service_net + tcp_outgoing_address 10.1.0.2 good_service_net + tcp_outgoing_address 10.1.0.3 Processing proceeds in the order specified, and stops at first fully matching line. @@ -2178,7 +2200,7 @@ DOC_END NAME: debug_options -TYPE: debug +TYPE: eol DEFAULT: ALL,1 LOC: Config.debugOptions DOC_START @@ -2451,19 +2473,14 @@ DEFAULT: none LOC: Config.accessList.noCache DOC_START - A list of ACL elements which, if matched, cause the request to + A list of ACL elements which, if matched and denied, cause the request to not be satisfied from the cache and the reply to not be cached. In other words, use this to force certain objects to never be cached. - You must use the word 'DENY' to indicate the ACL names which should - NOT be cached. + You must use the words 'allow' or 'deny' to indicate whether items + matching the ACL should be allowed or denied into the cache. Default is to allow all to be cached -NOCOMMENT_START -#We recommend you to use the following two lines. -acl QUERY urlpath_regex cgi-bin \? -cache deny QUERY -NOCOMMENT_END DOC_END NAME: refresh_pattern @@ -2564,6 +2581,7 @@ NOCOMMENT_START refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 +refresh_pattern (cgi-bin|\?) 0 0% 0 refresh_pattern . 0 20% 4320 NOCOMMENT_END DOC_END diff -r -u ./squid-3.0.STABLE1/src/client_side.h ./squid-3.0.STABLE2/src/client_side.h --- ./squid-3.0.STABLE1/src/client_side.h 2007-10-31 17:52:16.000000000 +1300 +++ ./squid-3.0.STABLE2/src/client_side.h 2008-02-26 12:08:50.000000000 +1300 @@ -1,5 +1,5 @@ /* - * $Id: client_side.h,v 1.26 2007/10/31 04:52:16 amosjeffries Exp $ + * $Id: client_side.h,v 1.26.2.1 2008/02/25 23:08:50 amosjeffries Exp $ * * * SQUID Web Proxy Cache http://www.squid-cache.org/ @@ -95,7 +95,7 @@ }; DeferredParams deferredparams; - off_t writtenToSocket; + int64_t writtenToSocket; void pullData(); int64_t getNextRangeOffset() const; bool canPackMoreRanges() const; diff -r -u ./squid-3.0.STABLE1/src/client_side_reply.cc ./squid-3.0.STABLE2/src/client_side_reply.cc --- ./squid-3.0.STABLE1/src/client_side_reply.cc 2007-11-27 22:36:07.000000000 +1300 +++ ./squid-3.0.STABLE2/src/client_side_reply.cc 2008-02-27 18:59:29.000000000 +1300 @@ -1,6 +1,6 @@ /* - * $Id: client_side_reply.cc,v 1.144 2007/11/27 09:36:07 amosjeffries Exp $ + * $Id: client_side_reply.cc,v 1.144.2.4 2008/02/27 05:59:29 amosjeffries Exp $ * * DEBUG: section 88 Client-side Reply Routines * AUTHOR: Robert Collins (Originally Duane Wessels in client_side.c) @@ -1214,10 +1214,7 @@ if (is_hit) hdr->delById(HDR_SET_COOKIE); - /* - * Be sure to obey the Connection header - */ - reply->header.removeConnectionHeaderEntries(); + reply->header.removeHopByHopEntries(); // if (request->range) // clientBuildRangeHeader(http, reply); @@ -1314,6 +1311,9 @@ #endif + /* Check whether we should send keep-alive */ + // TODO: disable proxy_keepalive only once + if (reply->bodySize(request->method) < 0) { debugs(88, 3, "clientBuildReplyHeader: can't keep-alive, unknown body size" ); request->flags.proxy_keepalive = 0; @@ -1332,6 +1332,11 @@ if (!Config.onoff.client_pconns && !request->flags.must_keepalive) request->flags.proxy_keepalive = 0; + if (request->flags.proxy_keepalive && shutting_down) { + debugs(88, 3, "clientBuildReplyHeader: Shutting down, don't keep-alive."); + request->flags.proxy_keepalive = 0; + } + /* Append VIA */ if (Config.onoff.via) { LOCAL_ARRAY(char, bbuf, MAX_URL + 32); @@ -1967,7 +1972,6 @@ } buildReply(buf, reqofs); - ssize_t body_size = reqofs; if (reply) { @@ -1990,33 +1994,6 @@ } else if (reqofs < HTTP_REQBUF_SZ && entry->store_status == STORE_PENDING) { waitForMoreData(); return; - } else if (http->request->method == METHOD_HEAD) { - /* - * If we are here, then store_status == STORE_OK and it - * seems we have a HEAD repsponse which is missing the - * empty end-of-headers line (home.mira.net, phttpd/0.99.72 - * does this). Because buildReply() fails we just - * call this reply a body, set the done_copying flag and - * continue... - */ - /* RBC: Note that this is seriously broken, as we *need* the - * metadata to allow further client modules to work. As such - * webservers are seriously broken, this is probably not - * going to get fixed.. perhapos we should remove it? - */ - debugs(88, 0, "Broken head response - probably phttpd/0.99.72"); - http->flags.done_copying = 1; - flags.complete = 1; - /* - * And as this is a malformed HTTP reply we cannot keep - * the connection persistent - */ - http->request->flags.proxy_keepalive = 0; - - assert(body_buf && body_size); - StoreIOBuffer tempBuffer (body_size, 0 ,body_buf); - clientStreamCallback((clientStreamNode *)http->client_stream.head->data, - http, NULL, tempBuffer);