--------------------- PatchSet 9693 Date: 2007/06/30 09:31:24 Author: amosjeffries Branch: ipv6 Tag: (none) Log: Removing Legacy code from 2.5 attempt at IPv6 Patch kept and stored in branch website. Members: acconfig.h:1.3.6.6->1.3.6.7(DEAD) doc/squid.8:1.1.42.1->1.1.42.2(DEAD) doc/release-notes/release-2.5.html:1.7.6.1->1.7.6.2(DEAD) doc/release-notes/release-2.5.sgml:1.7.6.1->1.7.6.2(DEAD) helpers/basic_auth/winbind/Makefile.am:1.3.32.1->1.3.32.2(DEAD) helpers/basic_auth/winbind/wb_basic_auth.c:1.6.32.1->1.6.32.2(DEAD) helpers/basic_auth/winbind/wb_common.c:1.2.54.1->1.2.54.2(DEAD) helpers/basic_auth/winbind/wbntlm.h:1.3.36.1->1.3.36.2(DEAD) helpers/external_acl/winbind_group/Makefile.am:1.3.18.1->1.3.18.2(DEAD) helpers/external_acl/winbind_group/readme.txt:1.2.20.1->1.2.20.2(DEAD) helpers/external_acl/winbind_group/wb_check_group.c:1.7.6.1->1.7.6.2(DEAD) helpers/external_acl/winbind_group/wb_common.c:1.2.52.1->1.2.52.2(DEAD) helpers/external_acl/winbind_group/wb_common.h:1.1.14.1->1.1.14.2(DEAD) helpers/external_acl/winbind_group/wbntlm.h:1.2.52.1->1.2.52.2(DEAD) helpers/ntlm_auth/winbind/Makefile.am:1.2.54.1->1.2.54.2(DEAD) helpers/ntlm_auth/winbind/wb_common.c:1.2.54.1->1.2.54.2(DEAD) helpers/ntlm_auth/winbind/wb_ntlm_auth.c:1.7.14.1->1.7.14.2(DEAD) helpers/ntlm_auth/winbind/wbntlm.h:1.2.54.1->1.2.54.2(DEAD) helpers/ntlm_auth/winbind/patches/wb_common.patch:1.2.54.1->1.2.54.2(DEAD) helpers/ntlm_auth/winbind/patches/winbind_nss_config.patch:1.2.54.1->1.2.54.2(DEAD) include/samba/README.txt:1.1.12.1->1.1.12.2(DEAD) include/samba/nsswitch/sys_nss.h:1.1.12.1->1.1.12.2(DEAD) include/samba/nsswitch/winbind_nss_config.h:1.1.12.1->1.1.12.2(DEAD) include/samba/nsswitch/winbindd_nss.h:1.1.12.1->1.1.12.2(DEAD) scripts/RunAccel.in:1.2.6.1->1.2.6.2(DEAD) src/ETag.c:1.3.6.1->1.3.6.2(DEAD) src/cachemgr.c:1.3.6.4->1.3.6.5(DEAD) src/client.c:1.3.6.4->1.3.6.5(DEAD) src/wais.c:1.3.6.4->1.3.6.5(DEAD) src/auth/basic/Makefile.am:1.2.26.2->1.2.26.3(DEAD) src/auth/digest/Makefile.am:1.2.26.2->1.2.26.3(DEAD) src/auth/ntlm/Makefile.am:1.2.26.2->1.2.26.3(DEAD) src/fs/aufs/Makefile.am:1.2.26.1->1.2.26.2(DEAD) src/fs/coss/Makefile.am:1.2.26.1->1.2.26.2(DEAD) src/fs/diskd/Makefile.am:1.2.26.1->1.2.26.2(DEAD) src/fs/null/Makefile.am:1.2.26.1->1.2.26.2(DEAD) src/fs/ufs/Makefile.am:1.2.26.1->1.2.26.2(DEAD) --- squid/acconfig.h Sun Jul 1 00:19:58 2007 +++ /dev/null Sun Jul 1 00:19:58 2007 @@ -1,409 +0,0 @@ -/* - * All configurable options are enabled by using --enable-.... - * when running configure. See configure --help for a list - * of all available options. - * - * You are free to edit this file, but it will be overwritten - * each time you run configure. You may need to edit this file - * if configure falsely picks up a library function or structure - * that doesn't really work on your system. - * - * Another way to block a function that should not be detected - * is to - * setenv ac_cv_func_ no - * before running configure, as in - * setenv ac_cv_func_setresuid no - * - * It is possible to enable some of the configurable options - * by editing this file alone, but some of them requires changes - * in the Makefiles, wich is done automatically by configure. - * - */ - -#ifndef __CONFIGURE_H__ -#define __CONFIGURE_H__ -@TOP@ -/* $Id: acconfig.h,v 1.3.6.6 2005/02/10 02:40:02 hno Exp $ */ - -/* - * configure command line used to configure Squid - */ -#undef SQUID_CONFIGURE_OPTIONS - -/********************************* - * START OF CONFIGURABLE OPTIONS * - *********************************/ -/* - * If you are upset that the cachemgr.cgi form comes up with the hostname - * field blank, then define this to getfullhostname() - */ -#undef CACHEMGR_HOSTNAME - -/* - * What default TCP port to use for HTTP listening? - */ -#ifndef CACHE_HTTP_PORT -#undef CACHE_HTTP_PORT -#endif - -/* - * What default UDP port to use for ICP listening? - */ -#ifndef CACHE_ICP_PORT -#undef CACHE_ICP_PORT -#endif - -/* Define to do simple malloc debugging */ -#undef XMALLOC_DEBUG - -/* Define for log file trace of mem alloc/free */ -#undef MEM_GEN_TRACE - -/* Define to have malloc statistics */ -#undef XMALLOC_STATISTICS - -/* Define to have a detailed trace of memory allocations */ -#undef XMALLOC_TRACE - -#undef FORW_VIA_DB - -/* Defines how many threads aufs uses for I/O */ -#undef AUFS_IO_THREADS - -/* - * If you want to use Squid's ICMP features (highly recommended!) then - * define this. When USE_ICMP is defined, Squid will send ICMP pings - * to origin server sites. This information is used in numerous ways: - * - Sent in ICP replies so neighbor caches know how close - * you are to the source. - * - For finding the closest instance of a URN. - * - With the 'test_reachability' option. Squid will return - * ICP_OP_MISS_NOFETCH for sites which it cannot ping. - */ -#undef USE_ICMP - -/* - * Traffic management via "delay pools". - */ -#undef DELAY_POOLS - -/* - * If you want to log User-Agent request header values, define this. - * By default, they are written to useragent.log in the Squid log - * directory. - */ -#undef USE_USERAGENT_LOG - -/* - * If you want to log Referer request header values, define this. - * By default, they are written to referer.log in the Squid log - * directory. - */ -#undef USE_REFERER_LOG - -/* - * A dangerous feature which causes Squid to kill its parent process - * (presumably the RunCache script) upon receipt of SIGTERM or SIGINT. - * Use with caution. - */ -#undef KILL_PARENT_OPT - -/* Define to enable SNMP monitoring of Squid */ -#undef SQUID_SNMP - -/* - * Define to enable WCCP - */ -#define USE_WCCP 1 - -/* - * Squid frequently calls gettimeofday() for accurate timestamping. - * If you are concerned that gettimeofday() is called too often, and - * could be causing performance degradation, then you can define - * ALARM_UPDATES_TIME and cause Squid's clock to be updated at regular - * intervals (one second) with ALARM signals. - */ -#undef ALARM_UPDATES_TIME - -/* - * Define this to include code which lets you specify access control - * elements based on ethernet hardware addresses. This code uses - * functions found in 4.4 BSD derviations (e.g. FreeBSD, ?). - */ -#undef USE_ARP_ACL - -/* - * Define this to include code for the Hypertext Cache Protocol (HTCP) - */ -#undef USE_HTCP - -/* - * Use Cache Digests for locating objects in neighbor caches. This - * code is still semi-experimental. - */ -#undef USE_CACHE_DIGESTS - -/* - * Cache Array Routing Protocol - */ -#undef USE_CARP - -/* Define if NTLM is allowed to fail gracefully when a helper has problems */ -#undef NTLM_FAIL_OPEN - -/******************************** - * END OF CONFIGURABLE OPTIONS * - ********************************/ - -/* Define if struct tm has tm_gmtoff member */ -#undef HAVE_TM_GMTOFF - -/* Define if struct mallinfo has mxfast member */ -#undef HAVE_EXT_MALLINFO - -/* Default FD_SETSIZE value */ -#undef DEFAULT_FD_SETSIZE - -/* Maximum number of open filedescriptors */ -#undef SQUID_MAXFD - -/* UDP send buffer size */ -#undef SQUID_UDP_SO_SNDBUF - -/* UDP receive buffer size */ -#undef SQUID_UDP_SO_RCVBUF - -/* TCP send buffer size */ -#undef SQUID_TCP_SO_SNDBUF - -/* TCP receive buffer size */ -#undef SQUID_TCP_SO_RCVBUF - -/* Host type from configure */ -#undef CONFIG_HOST_TYPE - -/* If we need to declare sys_errlist[] as external */ -#undef NEED_SYS_ERRLIST - -/* If gettimeofday is known to take only one argument */ -#undef GETTIMEOFDAY_NO_TZP - -/* If libresolv.a has been hacked to export _dns_ttl_ */ -#undef LIBRESOLV_DNS_TTL_HACK - -/* Define if struct ip has ip_hl member */ -#undef HAVE_IP_HL - -/* Define if your compiler supports prototyping */ -#undef HAVE_ANSI_PROTOTYPES - -/* Define if we should use GNU regex */ -#undef USE_GNUREGEX - -/* signed size_t, grr */ -#undef ssize_t - -/* - * Yay! Another Linux brokenness. Its not good enough to know that - * setresuid() exists, because RedHat 5.0 declare setresuid() but - * doesn't implement it. - */ -#undef HAVE_SETRESUID - -/* Define if you have struct rusage */ -#undef HAVE_STRUCT_RUSAGE - -/* - * This makes warnings go away. If you have socklen_t defined in your - * /usr/include files, then this should remain undef'd. Otherwise it - * should be defined to int. - */ -#undef socklen_t - -/* - * By default (for now anyway) Squid includes options which allows - * the cache administrator to violate the HTTP protocol specification - * in terms of cache behaviour. Setting this to '0' will disable - * such code. - */ -#define HTTP_VIOLATIONS 1 - -/* - * Enable support for Transparent Proxy on systems using IP-Filter - * address redirection. This provides "masquerading" support for non - * Linux system. - */ -#undef IPF_TRANSPARENT - -/* - * Enable support for Transparent Proxy on systems using PF address - * redirection. This provides "masquerading" support for OpenBSD. - */ -#undef PF_TRANSPARENT - -/* - * Enable code for assiting in finding memory leaks. Hacker stuff only. - */ -#undef USE_LEAKFINDER - -/* - * type of fd_set array - */ -#undef fd_mask - -/* - * If _res structure has nsaddr_list member - */ -#undef HAVE_RES_NSADDR_LIST - -/* - * If _res structure has ns_list member - */ -#undef HAVE_RES_NS_LIST - -/* - * Compile in support for Ident (RFC 931) lookups? Enabled by default. - */ -#define USE_IDENT 1 - -/* - * If your system has statvfs(), and if it actually works! - */ -#undef HAVE_STATVFS - -/* - * If --disable-internal-dns was given to configure, then we'll use - * the dnsserver processes instead. - */ -#undef USE_DNSSERVERS - -/* - * we check for the existance of struct mallinfo - */ -#undef HAVE_STRUCT_MALLINFO - -/* - * Some systems dont have va_copy */ -#undef HAVE_VA_COPY - -/* - * Some systems support __va_copy */ -#undef HAVE___VA_COPY - - -/* - * Do we want to use truncate(2) or unlink(2)? - */ -#undef USE_TRUNCATE - -/* - * Allow underscores in host names - */ -#undef ALLOW_HOSTNAME_UNDERSCORES - -/* - * Use the heap-based replacement techniques - */ -#undef HEAP_REPLACEMENT - -/* - * message type for message queues - */ -#undef mtyp_t - -/* - * Define this to include code for SSL encryption. - */ -#undef USE_SSL - -/* - * Define this to make use of the OpenSSL libraries for - * MD5 calculation rather than Squid's own MD5 implementation - * or if building with SSL encryption (USE_SSL) - */ -#undef USE_OPENSSL - -/* Define if you want to set the COSS membuf size */ -#undef COSS_MEMBUF_SZ - -/* Print stacktraces on fatal errors */ -#undef PRINT_STACK_TRACE - -/* - * Define this if unlinkd is required - * (strongly recommended for ufs storage type) - */ -#undef USE_UNLINKD - -/* - * Enable support for Transparent Proxy on Linux 2.4 systems - */ -#undef LINUX_NETFILTER - -/* - * Do we have unix sockets? (required for the winbind ntlm helper - */ -#undef HAVE_UNIXSOCKET - -/* - * Known-size integers - */ - -#undef int16_t - -#undef u_int16_t - -#undef int32_t - -#undef u_int32_t - -#undef int64_t - -#undef u_int64_t - -/* The number of bytes in a __int64. */ -#undef SIZEOF___INT64 - -/* The number of bytes in a int16_t. */ -#undef SIZEOF_INT16_T - -/* The number of bytes in a int32_t. */ -#undef SIZEOF_INT32_T - -/* The number of bytes in a int64_t. */ -#undef SIZEOF_INT64_T - -/* The number of bytes in a off_t. */ -#undef SIZEOF_OFF_T - -/* The number of bytes in a size_t. */ -#undef SIZEOF_SIZE_T - -/* The number of bytes in a u_int16_t. */ -#undef SIZEOF_U_INT16_T - -/* The number of bytes in a u_int32_t. */ -#undef SIZEOF_U_INT32_T - -/* The number of bytes in a u_int64_t. */ -#undef SIZEOF_U_INT64_T - -/* The number of bytes in a uint16_t. */ -#undef SIZEOF_UINT16_T - -/* The number of bytes in a uint32_t. */ -#undef SIZEOF_UINT32_T - -/* The number of bytes in a uint64_t. */ -#undef SIZEOF_UINT64_T - -/* - * Enable support for the X-Accelerator-Vary HTTP header - */ -#undef X_ACCELERATOR_VARY - -#undef INET6 - -@BOTTOM@ - -#endif /* __CONFIGURE_H__ */ --- squid/doc/squid.8 Sun Jul 1 00:19:58 2007 +++ /dev/null Sun Jul 1 00:19:58 2007 @@ -1,115 +0,0 @@ -.TH squid 8 "squid version 2.0" -.\" Copyright and licensing information -.\" goes here. -.SH NAME -squid \- proxy caching server -.SH SYNOPSIS -.B squid -[ -.B \-dhsvzCDFNRVYX -] [ -.BI \-f " config-file" -] [ -\-[ -.B au -] -.I port -] [ -.B \-k " signal" -] -.SH DESCRIPTION -.B squid -is a high-performance proxy caching server for web clients, -supporting FTP, gopher, and HTTP data objects. Unlike traditional -caching software, -.B squid -handles all requests in a single, non-blocking, I/O-driven process. -.PP -.B squid -keeps meta data and especially hot objects cached in RAM, -caches DNS lookups, supports non-blocking DNS lookups, and implements -negative caching of failed requests. -.PP -.B squid -supports SSL, extensive access controls, and full request -logging. By using the lightweight Internet Cache Protocol, -.B squid -caches can be arranged in a hierarchy or mesh for additional -bandwidth savings. -.PP -.B squid -consists of a main server program squid, a Domain Name System -lookup program dnsserver, some optional programs for rewriting -requests and performing authentication, and some management and client -tools. When squid starts up, it spawns a configurable number of -dnsserver processes, each of which can perform a single, blocking -Domain Name System (DNS) lookup. This reduces the amount of time the -cache waits for DNS lookups. -.PP -.B squid -is derived from the ARPA-funded Harvest Project -http://harvest.cs.colorado.edu/ -.PP -This manual page only lists the command line arguments. For details -on how to configure -.B squid -see the file -.BI /etc/squid/squid.conf, -the FAQ included with the distribution -and the documentation at the -.B squid -home page http://www.squid-cache.org -.PP -.SH OPTIONS -.IP "-a port" -Specify HTTP port number (default: 3128). -.IP "-d level" -Write debugging to stderr also. -.IP "-f file" -Use the given config-file instead of -.I /etc/squid/squid.conf -.IP -h -Print help message. -.IP "-k reconfigure | rotate | shutdown | interrupt | kill | debug | check | parse" -Parse configuration file, then send signal to running copy -(except -k parse) and exit. -.IP -s -Enable logging to syslog. -.IP "-u port" -Specify ICP port number (default: 3130), disable with 0. -.IP -v -Print version. -.IP -z -Create swap directories -.IP -C -Do not catch fatal signals. -.IP -D -Disable initial DNS tests. -.IP -F -Don't serve any requests until store is rebuilt. -.IP -N -No daemon mode. -.IP -R -Do not set REUSEADDR on port. -.IP -V -Virtual host httpd-accelerator. -.IP -X -Force full debugging. -.IP -Y -Only return UDP_HIT or UDP_MISS_NOFETCH during fast reload. -.SH FILES -.I /etc/squid/squid.conf -.RS -The main configuration file. You must initially make -changes to this file for -.B squid -to work. For example, the default configuration does not -allow access from any browser. - -.\" Could add the following sections: -.\" .SH ENVIRONMENT -.\" .SH DIAGNOSTICS -.\" .SH BUGS -.\" .SH AUTHOR -.\" .SH SEE ALSO - --- squid/doc/release-notes/release-2.5.html Sun Jul 1 00:19:58 2007 +++ /dev/null Sun Jul 1 00:19:58 2007 @@ -1,376 +0,0 @@ - - - - - Squid 2.5 release notes - - -

Squid 2.5 release notes

- -

Squid Developers

$Id: release-2.5.html,v 1.7.6.1 2005/02/10 02:40:06 hno Exp $ -
-This document contains the release notes for version 2.5 of Squid. -Squid is a WWW Cache application developed by the National Laboratory -for Applied Network Research and members of the Web Caching community. -
-

1. Key changes from squid 2.4:

- -

-

-

- -

2. Changes to squid.conf

- -

-

-
http_port

Allows ip address specification.

-
https_port

This is an option for use with SSL acceleration - it determines where squid listens for SSL requests.

-
ssl_unclean_shutdown

This is used to handle some bugs in browsers that don't fully support SSL.

-
tcp_incoming_address

This has been removed - use the http_port line to specify ip address's.

-
cache_peer

login= has been extended to allow pass through authentication, fixed password authentication and maximum connection limits.

-
hosts_file

Directs squid to read in a set of name-address associations upon startup and reconfiguration.

-
authenticate_program
-
authenticate_children
-
proxy_auth_realm

Removed. See auth_param.

-
auth_param

This replaces the authenticate_program directive. It allows configuration of multiple authentication helpers, one for each of the supported authentication schemes. Such schemes include "NTLM", "Digest (from RFC 2617)", and "Basic".

-
authenticate_cache_garbage_interval

This directive sets the garbage collection interval for the authentication cache.

-
external_acl_type

This directive configures the new external ACL Helper interface. VERY useful for authenticating by group membership - i.e. from an LDAP server or NT domain.

-
request_body_max_size

The default for this is now 0 - unlimited.

-
reply_body_max_size

Now multiple size limits are allowed based on ACL lists.

-
refresh_pattern

The default is now blank - users must uncomment the suggested default to use it. This allows the use of a blank refresh pattern if desired.

-
request_timeout

Raised the default to 5 minutes.

-
persistent_request_timeout

New directive - how long to wait after a reply is completed before closing the connection.

-
acl

New acl types -

    -
  • referer_regex (match Referer headers),
  • -
  • max_user_ip (limit concurrent IP's a single user may use)
  • -
  • rep_mime_type (filter replies based on their content type).
  • -
  • external (use an external helper)
  • -
-

-
http_reply_access

Limit HTTP replies based on ACL's. This is complementary to http_access.

-
tcp_outgoing_tos
-
tcp_outgoing_ds
-
tcp_outgoing_dscp

These three directives allow marking of outbound connections at the IP level - i.e. for choosing routes based on the usercode.

-
tcp_outgoing_address

Allows mapping of requests onto specific outbound IP address's.

-
anonymize_headers

Removed. See header_access.

-
header_access

Allow granular filtering of HTTP headers.

-
header_replace

Replace specific headers with custom values.

-
pipeline_prefetch

Now defaults to off for bandwidth management and access logging reasons.

-
vary_ignore_expire

Enables a workaround for web servers that immediately expire Varied objects because they think squid is unable to handle Vary:.

-
sleep_after_fork

Give the OS a small amount of time to accomodate the fork+exec used to launch helpers - if squid has a lot of virtual memory allocated the OS may run out of virtual memory during helper spawning otherwise.

-
reference_age

This has been removed - starting with Squid-2.4 this directive have had no effect and has now been fully removed to avoid confusion.

-
siteselect_timeout

This has been removed - it is not referenced anywhere in the source code.

-
minimum_retry_timeout

This has been removed - it is not referenced anywhere in the source code.

-
forward_timeout

New directive in 2.5.STABLE5 complement connect_timeout in -management of timeouts while connecting to origin servers or peers

-
short_icon_urls

New directive in 2.5.STABLE5 to enable an alternative way of referring to icons in FTP directory listings etc.

-
acl urllogin

New acl type in 2.5.STABLE5 to match the login component of Internet style URLs (protocol://user:password@host/path/to/file)

-
balance_on_multiple_ip

New directive in 2.5.STABLE7 to make it possible to disable the automatic round-robin load balancing on multiple IP addresses normally done by Squid.

-
reply_header_max_size

New directive in 2.5.STABLE7 limiting the size of HTTP reply headers, similar to request_header_max_size but in the reply direction (from servers to clients). Default is 20KB.

-
acl req_hdr/resp_hdr

New acl types in 2.5.STABLE7 to match arbitrary HTTP headers, useful to block certain malware/spyware etc.

-
relaxed_http_parser

New directive in 2.5.STABLE8 to control how strict the HTTP parser should be.

-
-

- -

3. Known issues and limitations

- -

There is a few known issues and limitations in this version of Squid which we hope to correct in a later release

-

-

-
Bug -#761

assertion failed: cbdata.c:249: "c->locks > 0" when using diskd

-
Bug -#1193

Interception fails if intercepting multiple ports and Squid is not listening on the same ports

-
Bug -#1094

cachemgr.cgi should have a built-in access control layer to prevent malicious use

-
Bug -#649

Problems refreshing pages stored with 'vary' information

-
Bug -#779

users going above their allowed IP count no longer logged in cache.log

-
Bug -#1204

FTP listings uses "BASE HREF" much more than it needs to

-
-

- - -

In addition there is a set of limitations in this version of Squid which we hope to correct later

-

-

-
Bug -#1059

mime.conf and referenced icons must be within chroot

-
Bug -#1033

CARP ignores cache_peer_access and cache_peer_domain

-
Bug -#692

tcp_outgoing_address using an ident ACL does not work

-
Bug -#581

acl max_user_ip and multiple authentication schemes

-
Bug -#528

miss_access fails on "slow" acl types such as dst.

-
Bug -#513

squid -F is starting server sockets to early

-
Bug -#518

wb_auth fails on TRU64 and probably other 64 bit platforms

-
Bug -#500

delay_pools stops working on -k reconfigure

-
Bug -#457

does not handle swap.state corruption properly

-
Bug -#410

unstable if runs out of disk space

-
Bug -#355

diskd may appear slow on low loads

-
-

- -

4. Key changes squid-2.5.STABLE1 to 2.5.STABLE2:

- -

-

-

- -

5. Key changes squid-2.5.STABLE2 to 2.5.STABLE3:

- -

-

-

- -

6. Key changes squid-2.5.STABLE3 to 2.5.STABLE4:

- -

-

-

- -

7. Key changes squid-2.5.STABLE4 to 2.5.STABLE5:

- -

-

-

- -

8. Key changes squid-2.5.STABLE5 to 2.5.STABLE6:

- -

-

-

- -

9. Key changes squid-2.5.STABLE6 to 2.5.STABLE7:

- -

-

-

- -

10. Key changes squid-2.5.STABLE7 to 2.5.STABLE8:

- -

-

-

- - - --- squid/doc/release-notes/release-2.5.sgml Sun Jul 1 00:19:58 2007 +++ /dev/null Sun Jul 1 00:19:58 2007 @@ -1,343 +0,0 @@ - -
-Squid 2.5 release notes -Squid Developers -$Id: release-2.5.sgml,v 1.7.6.1 2005/02/10 02:40:07 hno Exp $ - - -This document contains the release notes for version 2.5 of Squid. -Squid is a WWW Cache application developed by the National Laboratory -for Applied Network Research and members of the Web Caching community. - - - - -Key changes from squid 2.4: -

- - Major rewrite of proxy authentication to support other schemes - than basic. First in the line is NTLM support but others can - easily be added (minimal digest is present). See the Programmers - Guide for the internals. - Thanks to the SAMBA team for some excellent collaboration on the - NTLM support! - (Robert Collins & Francesco Chemolli) - Optimized searching in proxy_auth and ident ACL types. Squid - should now handle large access lists a lot more efficiently. - (Francesco Chemolli) - Fixed forwarding/peer loop detection code (Brian Degenhardt) - - now a peer is ignored if it turns out to be us, rather than - committing suicide - Changed the internal URL code to obey appendDomain for - internal objects if it needs appending. This fixes weirdnesses - where a machine can think it is "foo.bar.com", and "foo" is - requested. - (Brian Degenhardt) - Added the use of Automake to create the Makefile.in's in the - squid source tree. This will allow libtool in the future, and - immediately allows better dependency tracking - with or - without gcc - as well as the dist-all and distcheck targets - for developers which respectively build a tar.gz and a tar.bz2 - distribution, and check that what will be distributed builds. - (Robert Collins) - Added TOS and source address selection based on ACLs, - written by Roger Venning. This allows administrators to set - the TOS precedence bits and/or the source IP from a set of - available IPs based upon some ACLs, generally to map different - users to different outgoing links and traffic profiles. - Added 'max-conn' option to 'cache_peer' - Added SSL gatewaying support, allowing Squid to act as a SSL - server in accelerator setups. - Many new authentication helpers. - no_cache now applies to cache hits as well as cache misses - the Gopher client in Squid has been significantly improved - Squid now sanity checks FTP data connections to ensure the - connection is from the requested server. Can be disabled if - needed by turning off the ftp_sanitycheck option. - external acl support. A mechanism where flexible ACL checks - can be driven by external helpers. See the external_acl_type - and acl external directives. (MARA Systems AB) - Countless other small things and fixes - HTML pages generated by Squid or CacheMgr as well as the - ERR documents now contain a doctype declaration so that - browsers know which HTML specification the document uses. - In addition to that they have a new look - (background-color, font) and are valid according to the HTML - standards at www.w3.org. - (Clemens Löser) - Login and password send to Basic auth helpers is now URL - escaped to allow for spaces and other "odd" characters in - logins and passwords - Proxy Authentication is no longer blindly forwarded to peer - caches if not used locally. If forwarding of proxy authentication - is desired then it must now be configured with the login=PASS - cache_peer option. - Responses with Vary: in the header are now cached by squid. - (Henrik Nordstrom). - Support for openBSD pf interface in interception mode. - It is now possible to send complex arguments to helpers - by quoting the arguments by " and/or \ - The directory structure has changed slightly. The squid binary - has been moved into sbin, errors and icons into share/, and the libexec - programs are now in libexec/ (was previously libexec/squid/). See - configure --help for instructions on how to move these around to - exacly where you want to have them in your system. - - -Changes to squid.conf -

-http_portAllows ip address specification. -https_portThis is an option for use with SSL acceleration - it determines where squid listens for SSL requests. -ssl_unclean_shutdownThis is used to handle some bugs in browsers that don't fully support SSL. -tcp_incoming_addressThis has been removed - use the http_port line to specify ip address's. -cache_peerlogin= has been extended to allow pass through authentication, fixed password authentication and maximum connection limits. -hosts_fileDirects squid to read in a set of name-address associations upon startup and reconfiguration. -authenticate_program

authenticate_children

proxy_auth_realmRemoved. See auth_param. -auth_paramThis replaces the authenticate_program directive. It allows configuration of multiple authentication helpers, one for each of the supported authentication schemes. Such schemes include "NTLM", "Digest (from RFC 2617)", and "Basic". -authenticate_cache_garbage_intervalThis directive sets the garbage collection interval for the authentication cache. -external_acl_typeThis directive configures the new external ACL Helper interface. VERY useful for authenticating by group membership - i.e. from an LDAP server or NT domain. -request_body_max_sizeThe default for this is now 0 - unlimited. -reply_body_max_sizeNow multiple size limits are allowed based on ACL lists. -refresh_patternThe default is now blank - users must uncomment the suggested default to use it. This allows the use of a blank refresh pattern if desired. -request_timeoutRaised the default to 5 minutes. -persistent_request_timeout New directive - how long to wait after a reply is completed before closing the connection. -aclNew acl typesreferer_regex (match Referer headers), -max_user_ip (limit concurrent IP's a single user may use) -rep_mime_type (filter replies based on their content type). -external (use an external helper) -http_reply_accessLimit HTTP replies based on ACL's. This is complementary to http_access. -tcp_outgoing_tos

tcp_outgoing_ds

tcp_outgoing_dscpThese three directives allow marking of outbound connections at the IP level - i.e. for choosing routes based on the usercode. -tcp_outgoing_addressAllows mapping of requests onto specific outbound IP address's. -anonymize_headersRemoved. See header_access. -header_accessAllow granular filtering of HTTP headers. -header_replaceReplace specific headers with custom values. -pipeline_prefetchNow defaults to off for bandwidth management and access logging reasons. -vary_ignore_expireEnables a workaround for web servers that immediately expire Varied objects because they think squid is unable to handle Vary:. -sleep_after_forkGive the OS a small amount of time to accomodate the fork+exec used to launch helpers - if squid has a lot of virtual memory allocated the OS may run out of virtual memory during helper spawning otherwise. -reference_ageThis has been removed - starting with Squid-2.4 this directive have had no effect and has now been fully removed to avoid confusion. -siteselect_timeoutThis has been removed - it is not referenced anywhere in the source code. -minimum_retry_timeoutThis has been removed - it is not referenced anywhere in the source code. -forward_timeoutNew directive in 2.5.STABLE5 complement connect_timeout in -management of timeouts while connecting to origin servers or peers -short_icon_urlsNew directive in 2.5.STABLE5 to enable an alternative way of referring to icons in FTP directory listings etc. -acl urlloginNew acl type in 2.5.STABLE5 to match the login component of Internet style URLs (protocol://user:password@host/path/to/file) -balance_on_multiple_ipNew directive in 2.5.STABLE7 to make it possible to disable the automatic round-robin load balancing on multiple IP addresses normally done by Squid. -reply_header_max_sizeNew directive in 2.5.STABLE7 limiting the size of HTTP reply headers, similar to request_header_max_size but in the reply direction (from servers to clients). Default is 20KB. -acl req_hdr/resp_hdrNew acl types in 2.5.STABLE7 to match arbitrary HTTP headers, useful to block certain malware/spyware etc. -relaxed_http_parserNew directive in 2.5.STABLE8 to control how strict the HTTP parser should be. - - -Known issues and limitations - -

There is a few known issues and limitations in this version of Squid which we hope to correct in a later release - - -Bug assertion failed: cbdata.c:249: "c->locks > 0" when using diskd -Bug Interception fails if intercepting multiple ports and Squid is not listening on the same ports -Bug cachemgr.cgi should have a built-in access control layer to prevent malicious use -Bug Problems refreshing pages stored with 'vary' information -Bug users going above their allowed IP count no longer logged in cache.log -Bug FTP listings uses "BASE HREF" much more than it needs to - - - -

In addition there is a set of limitations in this version of Squid which we hope to correct later - - -Bug mime.conf and referenced icons must be within chroot -Bug CARP ignores cache_peer_access and cache_peer_domain -Bug tcp_outgoing_address using an ident ACL does not work -Bug acl max_user_ip and multiple authentication schemes -Bug miss_access fails on "slow" acl types such as dst. -Bug squid -F is starting server sockets to early -Bug wb_auth fails on TRU64 and probably other 64 bit platforms -Bug delay_pools stops working on -k reconfigure -Bug does not handle swap.state corruption properly -Bug unstable if runs out of disk space -Bug diskd may appear slow on low loads - - -Key changes squid-2.5.STABLE1 to 2.5.STABLE2: - -

- - authentication now works in most access directives if - first enforced in http_access - contrib files included in the distribution again - aufs bugfixes to address both stability and data - corruption issues, and some aufs performance improvements. - now possible to specify acl values with spaces in them - via the "include file" technique - winbind helpers updated to match Samba-2.2.7a and should - work with Samba-2.2.6 or later (required). For compability with - older Samba versions A new configure option --with-samba-sources=... - has been added to allow you to specify which Samba version the - helpers should be built for if different than the above versions. - squid_ldap_group updated to correctly handle LDAP groups - new experimental configure option --disable-hostname-checks to make Squid not validate that received hostnames are valid for use within HTTP. Required to participate in testbeds for international domain names etc. - several assertion or segmentation faults corrected - a large number of minor bugfixes. See the list of and the file for details. - - -Key changes squid-2.5.STABLE2 to 2.5.STABLE3: - -

- - a large number of minor bug fixes. See the list of and the file for details. - - -Key changes squid-2.5.STABLE3 to 2.5.STABLE4: - -

- - several memory leaks corrected - segmentation fault if more than one deny_info corrected - Lithuanian error messages added - a crash related to ftpTimeout: timeout in SENT_PASV state corrected - http_reply_access deny now logs the request with - TCP_DENIED to allow them to be accounted for properly in statistics - minimum_retry_timeout configuration directive removed. If - you have this directive in your existing squid.conf you will - need to remove the line. - Improvements to the (experimental) COSS storage scheme. - Updates to allow Squid to be compiled with GCC-3.3 - POST now works well with NTLM and Digest authentication - http_header_access now works in combination with cache_peer - Most Squid generated errors are now logged as TCP_DENIED/XXX - rather than TCP_MISS/XXX or NONE/XXX. This to work around issues - relating to access controls. - external_acl_type concurrency= option renamed to children= - to prepare for Squid-3 upgrade. The old syntax is still accepted - but you may want to upgrade your configuration now to save you - from the trouble when upgrading to Squid-3 later. - a large number of minor bugfixes. See the list of and the file for details. - - -Key changes squid-2.5.STABLE4 to 2.5.STABLE5: - -

- - redirector interface modified to try to deal with login names - containing spaces or other odd characters. This is accomplished - by URL-encoding the login name before sent to redirectors. Note: - Existing redirectors or their configuration may need to be slightly - modified in how they process the ident column to support the new - username format (only applies to redirectors looking into the username) - new forward_timeout option to complement connect_timeout in - management of timeouts while connecting to origin servers or peers - various timeouts adjusted: connect_timeout 1 minute (was 2 minutes - which is now forward_timeout), negative_dns_ttl 1 minute (was 5 minutes) - and is now also used as minimum positive dns ttl, dns_timeout 2 minutes - (was 5 minutes) - "short_icon_urls on" can be used to simplify the URLs used for - icons etc to avoid issues with proxy host naming and authentication - when requesting icons. - A new "urllogin" ACL type has been introducing allowing regex - matches to the "login" component of Internet style URLs - (protocol://user:password@host/path/to/file). - Squid now respects the Telnet protocol on connections to FTP - servers. The ftp_telnet_protocol directice can be used to revert back - to the old incorrect implementation. - Several NTLM related bugfixes and improvements fixing the problem - of random auth popups and account lockouts. Support for the NEGOTIATE - NTLM packet is also added to allow Samba-3.0.2 or later to negotiate the - use of NTLMv2. - Several authentication related bugfixes to allow authentication - to work in additional acl driven directives, correct an number - of assertion or segmentation and some memory leaks. - The default mime.conf has been updated with many new mime types - and a few minor corrections. In addition the download and view links - is used more frequently to allow view/download of different ftp:// - contents regardless of their mime type assignment. - url_regex enhanced to allow matching of %00 - a large number of minor and cosmetic bugfixes. See the list of and the file for details. - - -Key changes squid-2.5.STABLE5 to 2.5.STABLE6: - -

- - Several "Assertion error" bugs fixed - Several "Segmentation fault" bugs fixes - Corrects a security issue in the old ntlm_auth NTLM helper - used in transparent NTLM authentication to a NT domain without - using samba. - Processing of Vary: * and Vary on error messages corrected - a large number of minor and cosmetic bugfixes. See the list of and the file for details. - - -Key changes squid-2.5.STABLE6 to 2.5.STABLE7: - -

- - SNMP related Denial of Service issue corrected (CAN-2004-0918) - NTLM related bugfix noticed by the Samba group - UFS cache_dir bugfix to issue introduced in STABLE6 causing - no objects to get cached in some configurations. - cache_effective_user now sets supplementary group list - if cache_effective_group not set - cache_effective_group now used if specified even if not started - as root. If you do not start Squid as root you may need to remove this - directive from your squid.conf if not set correctly. - request_header_max_size directive corrected. You may need to increase - this value after upgrading if set very low. The default have been increased - from 10 KB to 20 KB which should be sufficient for most uses. - reply_header_max_size directive added - http_header_access & replace now support arbitrary headers, - not only the well known headers known by Squid - new acl types req_hdr and resp_hdr to match arbitrary HTTP headers, - useful to block certain malware/spyware etc. - new balance_on_multiple_ip squid.conf directive - a number of other minor and cosmetic bugfixes. See the list of and the file for details. - - -Key changes squid-2.5.STABLE7 to 2.5.STABLE8: - -

- - Squid no longer closes all open filedescriptors. Previous Squid - versions have for increased security closed any open filedescriptors left - open by the process starting Squid, but this is not really our business - and causes problems for certain libraries opening internal filedescriptors - in some conditions (some SSL libraries, syslog, DNS resolver etc). - Configuration parser made more strict and consistent. Previously empty acl - declarations were ignored in http_access causing some unexpected results. - Now empty acl declarations are allowed (matching nothing) and http_access - requires all listed acls to be defined. - A minor information leak in error messages due to malformed host - names corrected - Several HTTP security fixes to prevent cache pollution attacks or theft - of user confidential information. New relaxed_http_parser directive to control - how strict the HTTP parser should be. - Buffer overflow fix in gopherToHTML. - Corrected a Segmentation fault on malformed WCCP packets. - squid_ldap_auth now sanity checks usernames - Corrected a Segmentation fault and other malfunctions on failed PUT/POST - requests. - Properly handle oversized reply headers - a number of other minor and cosmetic bugfixes. See the list of and the file for details. - - -

- --- squid/helpers/basic_auth/winbind/Makefile.am Sun Jul 1 00:19:58 2007 +++ /dev/null Sun Jul 1 00:19:58 2007 @@ -1,10 +0,0 @@ -# -# Makefile for the Squid Object Cache server -# -# $Id: Makefile.am,v 1.3.32.1 2005/02/10 02:40:48 hno Exp $ -# - -libexec_PROGRAMS = wb_auth -wb_auth_SOURCES = wb_basic_auth.c wb_common.c wbntlm.h -INCLUDES = -I$(top_srcdir)/include -I@SAMBASOURCES@ -LDADD = -L$(top_builddir)/lib -lmiscutil -lntlmauth $(XTRA_LIBS) --- squid/helpers/basic_auth/winbind/wb_basic_auth.c Sun Jul 1 00:19:58 2007 +++ /dev/null Sun Jul 1 00:19:58 2007 @@ -1,194 +0,0 @@ -/* - * (C) 2000 Francesco Chemolli - * - * Distributed freely under the terms of the GNU General Public License, - * version 2. See the file COPYING for licensing details - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA. - * - */ - - -#include "wbntlm.h" -#include "util.h" -/* stdio.h is included in wbntlm.h */ -#include -#include -#include -#include /* for gettimeofday */ -#include /* BUG: is this portable? */ - -#include "nsswitch/winbind_nss_config.h" -#include "nsswitch/winbindd_nss.h" - -char debug_enabled=0; -char *myname; -pid_t mypid; - -NSS_STATUS winbindd_request(int req_type, - struct winbindd_request *request, - struct winbindd_response *response); - - -void do_authenticate(char *user, char *pass) -{ - struct winbindd_request request; - struct winbindd_response response; - NSS_STATUS winbindd_result; - - memset(&request,0,sizeof(struct winbindd_request)); - memset(&response,0,sizeof(struct winbindd_response)); - - strncpy(request.data.auth.user,user,sizeof(fstring)-1); - strncpy(request.data.auth.pass,pass,sizeof(fstring)-1); - - winbindd_result = winbindd_request(WINBINDD_PAM_AUTH, - &request, &response); - debug("winbindd result: %d\n",winbindd_result); - - if (winbindd_result==NSS_STATUS_SUCCESS) { - SEND("OK"); - } else { - SEND("ERR"); - } - - return; /* useless */ -} - -static void -usage(char *program) -{ - fprintf(stderr,"Usage: %s [-d] [-h]\n" - " -d enable debugging\n" - " -h this message\n", - program); -} - -void -process_options(int argc, char *argv[]) -{ - int opt; - - opterr = 0; - while (-1 != (opt = getopt(argc, argv, "dh"))) { - switch (opt) { - case 'd': - debug_enabled = 1; - break; - case 'h': - usage(argv[0]); - exit(0); - case '?': - opt = optopt; - /* fall thru to default */ - default: - warn("Unknown option: -%c\n\n", opt); - usage(argv[0]); - exit(1); - break; /* not reached */ - } - } - return; -} - -int manage_request(void) -{ - char buf[BUFFER_SIZE+1]; - int length; - char *c, *user, *pass; - - if (fgets(buf, BUFFER_SIZE, stdin) == NULL) - return 0; - - c=memchr(buf,'\n',BUFFER_SIZE); - if (c) { - *c = '\0'; - length = c-buf; - } else { - warn("Oversized message\n"); - fgets(buf, BUFFER_SIZE, stdin); - SEND("ERR"); - return 1; - } - - debug("Got '%s' from squid (length: %d).\n",buf,length); - - if (buf[0] == '\0') { - warn("Invalid Request\n"); - SEND("ERR"); - return 1; - } - - user=buf; - - pass=memchr(buf,' ',length); - if (!pass) { - warn("Password not found. Denying access\n"); - SEND("ERR"); - return 1; - } - *pass='\0'; - pass++; - - rfc1738_unescape(user); - rfc1738_unescape(pass); - - do_authenticate(user,pass); - return 1; -} - -void -check_winbindd() -{ - NSS_STATUS r; - int retry=10; - struct winbindd_request request; - struct winbindd_response response; - do { - r = winbindd_request(WINBINDD_INTERFACE_VERSION, &request, &response); - if (r != NSS_STATUS_SUCCESS) - retry--; - } while (r != NSS_STATUS_SUCCESS && retry); - if (r != NSS_STATUS_SUCCESS) { - warn("Can't contact winbindd. Dying\n"); - exit(1); - } - if (response.data.interface_version != WINBIND_INTERFACE_VERSION) { - warn("Winbind protocol mismatch. Align squid and samba. Dying\n"); - exit(1); - } -} - - -int main (int argc, char ** argv) -{ - if (argc > 0) { /* should always be true */ - myname=strrchr(argv[0],'/'); - if (myname==NULL) - myname=argv[0]; - } else { - myname="(unknown)"; - } - mypid=getpid(); - process_options(argc, argv); - - debug("basic winbindd auth helper build " __DATE__ ", " __TIME__ - " starting up...\n"); - /* initialize FDescs */ - setbuf(stdout, NULL); - setbuf(stderr, NULL); - - check_winbindd(); - - while(manage_request()) { - /* everything is done within manage_request */ - } - return 0; -} --- squid/helpers/basic_auth/winbind/wb_common.c Sun Jul 1 00:19:58 2007 +++ /dev/null Sun Jul 1 00:19:58 2007 @@ -1,398 +0,0 @@ -/* - Unix SMB/Netbios implementation. - Version 2.0 - - winbind client common code - - Copyright (C) Tim Potter 2000 - Copyright (C) Andrew Tridgell 2000 - - This library is free software; you can redistribute it and/or - modify it under the terms of the GNU Library General Public - License as published by the Free Software Foundation; either - version 2 of the License, or (at your option) any later version. - - This library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Library General Public License for more details. - - You should have received a copy of the GNU Library General Public - License along with this library; if not, write to the - Free Software Foundation, Inc., 59 Temple Place - Suite 330, - Boston, MA 02111-1307, USA. -*/ - -#include "nsswitch/winbind_nss_config.h" -#include "nsswitch/winbindd_nss.h" -#include "config.h" - - -/* Global variables. These are effectively the client state information */ - -int winbindd_fd = -1; /* fd for winbindd socket */ -static char *excluded_domain; - -/* Free a response structure */ - -void free_response(struct winbindd_response *response) -{ - /* Free any allocated extra_data */ - - if (response) - SAFE_FREE(response->extra_data); -} - -/* - smbd needs to be able to exclude lookups for its own domain -*/ -void winbind_exclude_domain(const char *domain) -{ - SAFE_FREE(excluded_domain); - excluded_domain = strdup(domain); -} - - -/* Initialise a request structure */ - -void init_request(struct winbindd_request *request, int request_type) -{ - static char *domain_env; - static BOOL initialised; - - request->length = sizeof(struct winbindd_request); - - request->cmd = (enum winbindd_cmd)request_type; - request->pid = getpid(); - request->domain[0] = '\0'; - - if (!initialised) { - initialised = True; - domain_env = getenv(WINBINDD_DOMAIN_ENV); - } - - if (domain_env) { - strncpy(request->domain, domain_env, - sizeof(request->domain) - 1); - request->domain[sizeof(request->domain) - 1] = '\0'; - } -} - -/* Initialise a response structure */ - -void init_response(struct winbindd_response *response) -{ - /* Initialise return value */ - - response->result = WINBINDD_ERROR; -} - -/* Close established socket */ - -void close_sock(void) -{ - if (winbindd_fd != -1) { - close(winbindd_fd); - winbindd_fd = -1; - } -} - -/* Connect to winbindd socket */ - -int winbind_open_pipe_sock(void) -{ - struct sockaddr_un sunaddr; - static pid_t our_pid; - struct stat st; - pstring path; - - if (our_pid != getpid()) { - close_sock(); - our_pid = getpid(); - } - - if (winbindd_fd != -1) { - return winbindd_fd; - } - - /* Check permissions on unix socket directory */ - - if (lstat(WINBINDD_SOCKET_DIR, &st) == -1) { - return -1; - } - - if (!S_ISDIR(st.st_mode) || - (st.st_uid != 0 && st.st_uid != geteuid())) { - return -1; - } - - /* Connect to socket */ - - strncpy(path, WINBINDD_SOCKET_DIR, sizeof(path) - 1); - path[sizeof(path) - 1] = '\0'; - - strncat(path, "/", sizeof(path) - 1); - path[sizeof(path) - 1] = '\0'; - - strncat(path, WINBINDD_SOCKET_NAME, sizeof(path) - 1); - path[sizeof(path) - 1] = '\0'; - - ZERO_STRUCT(sunaddr); - sunaddr.sun_family = AF_UNIX; - strncpy(sunaddr.sun_path, path, sizeof(sunaddr.sun_path) - 1); - - /* If socket file doesn't exist, don't bother trying to connect - with retry. This is an attempt to make the system usable when - the winbindd daemon is not running. */ - - if (lstat(path, &st) == -1) { - return -1; - } - - /* Check permissions on unix socket file */ - - if (!S_ISSOCK(st.st_mode) || - (st.st_uid != 0 && st.st_uid != geteuid())) { - return -1; - } - - /* Connect to socket */ - - if ((winbindd_fd = socket(AF_UNIX, SOCK_STREAM, 0)) == -1) { - return -1; - } - - if (connect(winbindd_fd, (struct sockaddr *)&sunaddr, - sizeof(sunaddr)) == -1) { - close_sock(); - return -1; - } - - return winbindd_fd; -} - -/* Write data to winbindd socket with timeout */ - -int write_sock(void *buffer, int count) -{ - int result, nwritten; - - /* Open connection to winbind daemon */ - - restart: - - if (winbind_open_pipe_sock() == -1) { - return -1; - } - - /* Write data to socket */ - - nwritten = 0; - - while(nwritten < count) { - struct timeval tv; - fd_set r_fds; - - /* Catch pipe close on other end by checking if a read() - call would not block by calling select(). */ - - FD_ZERO(&r_fds); - FD_SET(winbindd_fd, &r_fds); - ZERO_STRUCT(tv); - - if (select(winbindd_fd + 1, &r_fds, NULL, NULL, &tv) == -1) { - close_sock(); - return -1; /* Select error */ - } - - /* Write should be OK if fd not available for reading */ - - if (!FD_ISSET(winbindd_fd, &r_fds)) { - - /* Do the write */ - - result = write(winbindd_fd, - (char *)buffer + nwritten, - count - nwritten); - - if ((result == -1) || (result == 0)) { - - /* Write failed */ - - close_sock(); - return -1; - } - - nwritten += result; - - } else { - - /* Pipe has closed on remote end */ - - close_sock(); - goto restart; - } - } - - return nwritten; -} - -/* Read data from winbindd socket with timeout */ - -static int read_sock(void *buffer, int count) -{ - int result = 0, nread = 0; - - /* Read data from socket */ - - while(nread < count) { - - result = read(winbindd_fd, (char *)buffer + nread, - count - nread); - - if ((result == -1) || (result == 0)) { - - /* Read failed. I think the only useful thing we - can do here is just return -1 and fail since the - transaction has failed half way through. */ - - close_sock(); - return -1; - } - - nread += result; - } - - return result; -} - -/* Read reply */ - -int read_reply(struct winbindd_response *response) -{ - int result1, result2 = 0; - - if (!response) { - return -1; - } - - /* Read fixed length response */ - - if ((result1 = read_sock(response, sizeof(struct winbindd_response))) - == -1) { - - return -1; - } - - /* We actually send the pointer value of the extra_data field from - the server. This has no meaning in the client's address space - so we clear it out. */ - - response->extra_data = NULL; - - /* Read variable length response */ - - if (response->length > sizeof(struct winbindd_response)) { - int extra_data_len = response->length - - sizeof(struct winbindd_response); - - /* Mallocate memory for extra data */ - - if (!(response->extra_data = malloc(extra_data_len))) { - return -1; - } - - if ((result2 = read_sock(response->extra_data, extra_data_len)) - == -1) { - free_response(response); - return -1; - } - } - - /* Return total amount of data read */ - - return result1 + result2; -} - -/* - * send simple types of requests - */ - -NSS_STATUS winbindd_send_request(int req_type, struct winbindd_request *request) -{ - struct winbindd_request lrequest; - - /* Check for our tricky environment variable */ - - if (getenv(WINBINDD_DONT_ENV)) { - return NSS_STATUS_NOTFOUND; - } - - /* smbd may have excluded this domain */ - if (excluded_domain && - strcasecmp(excluded_domain, request->domain) == 0) { - return NSS_STATUS_NOTFOUND; - } - - if (!request) { - ZERO_STRUCT(lrequest); - request = &lrequest; - } - - /* Fill in request and send down pipe */ - - init_request(request, req_type); - - if (write_sock(request, sizeof(*request)) == -1) { - return NSS_STATUS_UNAVAIL; - } - - return NSS_STATUS_SUCCESS; -} - -/* - * Get results from winbindd request - */ - -NSS_STATUS winbindd_get_response(struct winbindd_response *response) -{ - struct winbindd_response lresponse; - - if (!response) { - ZERO_STRUCT(lresponse); - response = &lresponse; - } - - init_response(response); - - /* Wait for reply */ - if (read_reply(response) == -1) { - return NSS_STATUS_UNAVAIL; - } - - /* Throw away extra data if client didn't request it */ - if (response == &lresponse) { - free_response(response); - } - - /* Copy reply data from socket */ - if (response->result != WINBINDD_OK) { - return NSS_STATUS_NOTFOUND; - } - - return NSS_STATUS_SUCCESS; -} - -/* Handle simple types of requests */ - -NSS_STATUS winbindd_request(int req_type, - struct winbindd_request *request, - struct winbindd_response *response) -{ - NSS_STATUS status; - - status = winbindd_send_request(req_type, request); - if (status != NSS_STATUS_SUCCESS) - return(status); - return winbindd_get_response(response); -} --- squid/helpers/basic_auth/winbind/wbntlm.h Sun Jul 1 00:19:58 2007 +++ /dev/null Sun Jul 1 00:19:58 2007 @@ -1,88 +0,0 @@ -/* - * (C) 2000 Francesco Chemolli , - * - * Distributed freely under the terms of the GNU General Public License, - * version 2. See the file COPYING for licensing details - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA. - */ - -#ifndef _WBNTLM_H_ -#define _WBNTLM_H_ - -#include "config.h" -#include "ntlmauth.h" -#include -#include -#include -#include - - -/*************** CONFIGURATION ***************/ -#ifndef DEBUG -#define DEBUG -#endif - -/* the attempted entropy source. If it doesn't exist, random() is uesed */ -#define ENTROPY_SOURCE "/dev/urandom" - -/************* END CONFIGURATION *************/ - -/* Debugging stuff */ -extern char *myname; -static char *__foo; -extern pid_t mypid; -extern char debug_enabled; - -#ifdef DEBUG -#define __DO_DEBUG 1 -#else -#define __DO_DEBUG 0 -#endif - -#ifdef __GNUC__ /* this is really a gcc-ism */ -#define warn(X...) fprintf(stderr,"%s[%d](%s:%d): ", myname, mypid, \ - ((__foo=strrchr(__FILE__,'/'))==NULL?__FILE__:__foo+1),\ - __LINE__);\ - fprintf(stderr,X) -#define debug(X...) if(__DO_DEBUG && debug_enabled) { warn(X); } -#else /* __GNUC__ */ -static void -debug(char *format,...) -{ -} -static void -warn(char *format,...) -{ -} -#endif /* __GNUC__ */ - - - -/* A couple of harmless helper macros */ -#define SEND(X) debug("sending '%s' to squid\n",X); printf(X "\n"); -#ifdef __GNUC__ -#define SEND2(X,Y...) debug("sending '" X "' to squid\n",Y); \ - printf(X "\n",Y) -#else -/* no gcc, no debugging. varargs macros are a gcc extension */ -#define SEND2 printf -#endif - -typedef enum { - YES, - NO, - DONTKNOW -} tristate; - -#define CHALLENGE_LEN 8 -#define BUFFER_SIZE 2010 - -#endif /* _WBNTLM_H_ */ --- squid/helpers/external_acl/winbind_group/Makefile.am Sun Jul 1 00:19:58 2007 +++ /dev/null Sun Jul 1 00:19:58 2007 @@ -1,12 +0,0 @@ -# -# Makefile for the wb_group external_acl helper -# -# $Id: Makefile.am,v 1.3.18.1 2005/02/10 02:40:50 hno Exp $ -# - -libexec_PROGRAMS = wb_group -wb_group_SOURCES = wb_check_group.c wb_common.c wbntlm.h wb_common.h -EXTRA_DIST = readme.txt -INCLUDES = -I. -I$(top_builddir)/include -I$(top_srcdir)/include \ - -I$(top_srcdir)/src -I@SAMBASOURCES@ -LDADD = -L$(top_builddir)/lib $(XTRA_LIBS) --- squid/helpers/external_acl/winbind_group/readme.txt Sun Jul 1 00:19:58 2007 +++ /dev/null Sun Jul 1 00:19:58 2007 @@ -1,87 +0,0 @@ -This is the README file for wb_group, an external -helper fo the External ACL Scheme for Squid based on -Samba Winbindd from Samba 2.2.4 or greater. - - -This helper must be used in with an authentication scheme, tipically -basic or NTLM, based on Windows NT/2000 domain users. -It reads from the standard input the domain username and a list of groups -and tries to match it against the groups membership of the specified -username. - -Before compile or configure it, look at the Squid winbind authenticators -instructions: http://www.squid-cache.org/Doc/FAQ/FAQ-23.html#ss23.5 - -When used in Windows 2000 domains, permissions compatible with pre-Windows -2000 servers are required. See the Q257988 Microsoft KB article for more -details. - - -============== -Program Syntax -============== - -wb_group [-c][-d][-h] - --c use case insensitive compare --d enable debugging --h this message - - -================ -squid.conf usage -================ - -external_acl_type NT_global_group %LOGIN /usr/local/squid/libexec/wb_group - -acl ProxyUsers external NT_global_group ProxyUsers -acl password proxy_auth REQUIRED - -http_access allow password ProxyUsers -http_access deny all - -In the previous example all validated NT users member of ProxyUsers Global -domain group are allowed to use the cache. - -Groups name can be specified in both domain-qualified group notation -(DOMAIN\Groupname) or simple group name notation. - -Groups with spaces in name, for example "Domain Users", must be quoted and -the acl data ("Domain Users") must be placed into a separate file included -by specifying "/path/to/file". The previous example will be: - -acl ProxyUsers external NT_global_group "/usr/local/squid/etc/DomainUsers" - -and the DomainUsers files will contain only the following line: - -"Domain Users" - -NOTE: the standard group name comparation is case sensitive, so group name -must be specified with same case as in the NT/2000 Domain. -It's possible to enable not case sensitive group name comparation (-c), -but on on some non - English locales, the results can be unexpected. -For details see toupper man page, BUGS section. - - -======= -Testing -======= - -I strongly urge that wb_group is tested prior to being used in a -production environment. It may behave differently on different platforms. -To test it, run it from the command line. Enter username and group -pairs separated by a space (username must entered with domain\\username -syntax). Press ENTER to get an OK or ERR message. -Make sure pressing behaves the same as a carriage return. -Make sure pressing aborts the program. - -Test that entering no details does not result in an OK or ERR message. -Test that entering an invalid username and group results in an ERR message. -Test that entering an valid username and group results in an OK message. - -To check winbind functionality use wbinfo provided with Samba, -try -t, -g and -r options. - --- -Serassio Guido -guido.serassio@acmeconsulting.it --- squid/helpers/external_acl/winbind_group/wb_check_group.c Sun Jul 1 00:19:58 2007 +++ /dev/null Sun Jul 1 00:19:58 2007 @@ -1,393 +0,0 @@ -/* - * winbind_group: lookup group membership in a Windows NT/2000 domain - * - * (C)2002,2003 Guido Serassio - Acme Consulting S.r.l. - * - * Authors: - * Guido Serassio - * Acme Consulting S.r.l., Italy - * - * With contributions from others mentioned in the change history section - * below. - * - * In part based on check_group by Rodrigo Albani de Campos and wbinfo - * from Samba Project. - * - * Dependencies: Samba 2.2.4 or later with Winbindd. - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA. - * - * History: - * - * Version 1.20 - * 10-05-2003 Roberto Moreda - * Added support for domain-qualified group Microsoft notation - * (DOMAIN\Groupname). - * Guido Serassio - * More debug info. - * Updated documentation. - * Version 1.10 - * 26-04-2003 Guido Serassio - * Added option for case insensitive group name comparation. - * More debug info. - * Updated documentation. - * 21-03-2003 Nicolas Chaillot - * Segfault bug fix (Bugzilla #574) - * Version 1.0 - * 02-07-2002 Guido Serassio - * Using the main function from check_group and sections - * from wbinfo wrote winbind_group - * - * This is a helper for the external ACL interface for Squid Cache - * - * It reads from the standard input the domain username and a list of - * groups and tries to match it against the groups membership of the - * specified username. - * - * Returns `OK' if the user belongs to a group or `ERR' otherwise, as - * described on http://devel.squid-cache.org/external_acl/config.html - * - */ -#include "wbntlm.h" -#include "util.h" - -#include -#include -#include -#include -#include - -#include "nsswitch/winbind_nss_config.h" -#include "nsswitch/winbindd_nss.h" -#include "wb_common.h" - -#define BUFSIZE 8192 /* the stdin buffer size */ -char debug_enabled=0; -const char *myname; -pid_t mypid; -static int use_case_insensitive_compare=0; - -static char * -strwordtok(char *buf, char **t) -{ - unsigned char *word = NULL; - unsigned char *p = (unsigned char *) buf; - unsigned char *d; - unsigned char ch; - int quoted = 0; - if (!p) - p = (unsigned char *) *t; - if (!p) - goto error; - while (*p && isspace(*p)) - p++; - if (!*p) - goto error; - word = d = p; - while ((ch = *p)) { - switch (ch) { - case '\\': - p++; - *d++ = ch = *p; - if (ch) - p++; - break; - case '"': - quoted = !quoted; - p++; - break; - default: - if (!quoted && isspace(*p)) { - p++; - goto done; - } - *d++ = *p++; - break; - } - } - done: - *d++ = '\0'; - error: - *t = (char *) p; - return (char *) word; -} - - -static int strCaseCmp (const char *s1, const char *s2) -{ - while (*s1 && toupper (*s1) == toupper (*s2)) s1++, s2++; - return *s1 - *s2; -} - -/* Convert sid to string */ - -static char * wbinfo_lookupsid(char * group, char *sid) -{ - struct winbindd_request request; - struct winbindd_response response; - - memset(&request,0,sizeof(struct winbindd_request)); - memset(&response,0,sizeof(struct winbindd_response)); - - /* Send off request */ - - strncpy(request.data.sid, sid,sizeof(fstring)-1); - - if (winbindd_request(WINBINDD_LOOKUPSID, &request, &response) != - NSS_STATUS_SUCCESS) - return NULL; - - /* Display response */ - - strcpy(group,response.data.name.dom_name); - strcat(group,"\\"); - strcat(group,response.data.name.name); - return group; -} - -/* Convert gid to sid */ - -static char * wbinfo_gid_to_sid(char * sid, gid_t gid) -{ - struct winbindd_request request; - struct winbindd_response response; - - memset(&request,0,sizeof(struct winbindd_request)); - memset(&response,0,sizeof(struct winbindd_response)); - - /* Send request */ - - request.data.gid = gid; - - if (winbindd_request(WINBINDD_GID_TO_SID, &request, &response) != - NSS_STATUS_SUCCESS) - return NULL; - - /* Display response */ - - strcpy(sid, response.data.sid.sid); - - return sid; -} - -/* returns 0 on match, -1 if no match */ -static inline int strcmparray(const char *str, const char **array) -{ - const char *wgroup; - - while (*array) { - /* If the groups we want to match are specified as 'group', and - * not as 'DOMAIN\group' we strip the domain from the group to - * match against */ - if (strstr(*array,"\\") == NULL) { - wgroup = strstr(str,"\\") + 1; - debug("Stripping domain from group name %s\n", str); - } else { - wgroup = str; - } - - debug("Windows group: %s, Squid group: %s\n", wgroup, *array); - if ((use_case_insensitive_compare ? strCaseCmp(wgroup, *array) : strcmp(wgroup, *array)) == 0) - return 0; - array++; - } - return -1; -} - -/* returns 1 on success, 0 on failure */ -static int -Valid_Groups(char *UserName, const char **UserGroups) -{ - struct winbindd_request request; - struct winbindd_response response; - NSS_STATUS result; - int i; - char sid[FSTRING_LEN]; - char group[FSTRING_LEN]; - int match = 0; - - memset(&request,0,sizeof(struct winbindd_request)); - memset(&response,0,sizeof(struct winbindd_response)); - - /* Send request */ - - strncpy(request.data.username,UserName,sizeof(fstring)-1); - - result = winbindd_request(WINBINDD_GETGROUPS, &request, &response); - - if (result != NSS_STATUS_SUCCESS) { - warn("Warning: Can't enum user groups.\n"); - return match; - } - - for (i = 0; i < response.data.num_entries; i++) { - if ((wbinfo_gid_to_sid(sid, (int)((gid_t *)response.extra_data)[i])) != NULL) { - debug("SID: %s\n", sid); - if (wbinfo_lookupsid(group,sid) == NULL) { - warn("Can't lookup group SID.\n"); - break; - } - if (strcmparray(group, UserGroups) == 0) { - match = 1; - break; - } - } else { - return match; - } - } - SAFE_FREE(response.extra_data); - - return match; -} - -static void -usage(char *program) -{ - fprintf(stderr,"Usage: %s [-c] [-d] [-h]\n" - " -c use case insensitive compare\n" - " -d enable debugging\n" - " -h this message\n", - program); -} - -static void -process_options(int argc, char *argv[]) -{ - int opt; - - opterr = 0; - while (-1 != (opt = getopt(argc, argv, "cdh"))) { - switch (opt) { - case 'c': - use_case_insensitive_compare = 1; - break; - case 'd': - debug_enabled = 1; - break; - case 'h': - usage(argv[0]); - exit(0); - case '?': - opt = optopt; - /* fall thru to default */ - default: - warn("Unknown option: -%c\n\n", opt); - usage(argv[0]); - exit(1); - break; /* not reached */ - } - } - return; -} - -void -check_winbindd() -{ - NSS_STATUS r; - int retry=10; - struct winbindd_request request; - struct winbindd_response response; - do { - r = winbindd_request(WINBINDD_INTERFACE_VERSION, &request, &response); - if (r != NSS_STATUS_SUCCESS) - retry--; - } while (r != NSS_STATUS_SUCCESS && retry); - if (r != NSS_STATUS_SUCCESS) { - warn("Can't contact winbindd. Dying\n"); - exit(1); - } - if (response.data.interface_version != WINBIND_INTERFACE_VERSION) { - warn("Winbind protocol mismatch. Align squid and samba. Dying\n"); - exit(1); - } -} - -int -main (int argc, char *argv[]) -{ - char *p, *t; - char buf[BUFSIZE]; - char *username; - char *group; - int err = 0; - const char *groups[512]; - int n; - - if (argc > 0) { /* should always be true */ - myname=strrchr(argv[0],'/'); - if (myname==NULL) - myname=argv[0]; - } else { - myname="(unknown)"; - } - mypid=getpid(); - - /* make standard output line buffered */ - setvbuf (stdout, NULL, _IOLBF, 0); - - /* Check Command Line */ - process_options(argc, argv); - - debug("External ACL winbindd group helper build " __DATE__ ", " __TIME__ - " starting up...\n"); - if (use_case_insensitive_compare) - debug("Warning: running in case insensitive mode !!!\n"); - - check_winbindd(); - - /* Main Loop */ - while (fgets (buf, BUFSIZE, stdin)) - { - if (NULL == strchr(buf, '\n')) { - err = 1; - continue; - } - if (err) { - warn("Oversized message\n"); - goto error; - } - - if ((p = strchr(buf, '\n')) != NULL) - *p = '\0'; /* strip \n */ - if ((p = strchr(buf, '\r')) != NULL) - *p = '\0'; /* strip \r */ - - debug("Got '%s' from Squid (length: %d).\n",buf,strlen(buf)); - - if (buf[0] == '\0') { - warn("Invalid Request\n"); - goto error; - } - - username = strwordtok(buf, &t); - for (n = 0; (group = strwordtok(NULL, &t)) != NULL; n++) - groups[n] = group; - groups[n] = NULL; - - if (NULL == username) { - warn("Invalid Request\n"); - goto error; - } - - if (Valid_Groups(username, groups)) { - printf ("OK\n"); - } else { -error: - printf ("ERR\n"); - } - err = 0; - } - return 0; -} --- squid/helpers/external_acl/winbind_group/wb_common.c Sun Jul 1 00:19:58 2007 +++ /dev/null Sun Jul 1 00:19:58 2007 @@ -1,399 +0,0 @@ -/* - Unix SMB/Netbios implementation. - Version 2.0 - - winbind client common code - - Copyright (C) Tim Potter 2000 - Copyright (C) Andrew Tridgell 2000 - - This library is free software; you can redistribute it and/or - modify it under the terms of the GNU Library General Public - License as published by the Free Software Foundation; either - version 2 of the License, or (at your option) any later version. - - This library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Library General Public License for more details. - - You should have received a copy of the GNU Library General Public - License along with this library; if not, write to the - Free Software Foundation, Inc., 59 Temple Place - Suite 330, - Boston, MA 02111-1307, USA. -*/ - -#include "nsswitch/winbind_nss_config.h" -#include "nsswitch/winbindd_nss.h" -#include "config.h" -#include "wb_common.h" - - -/* Global variables. These are effectively the client state information */ - -int winbindd_fd = -1; /* fd for winbindd socket */ -static char *excluded_domain; - -/* Free a response structure */ - -void free_response(struct winbindd_response *response) -{ - /* Free any allocated extra_data */ - - if (response) - SAFE_FREE(response->extra_data); -} - -/* - smbd needs to be able to exclude lookups for its own domain -*/ -void winbind_exclude_domain(const char *domain) -{ - SAFE_FREE(excluded_domain); - excluded_domain = strdup(domain); -} - - -/* Initialise a request structure */ - -void init_request(struct winbindd_request *request, int request_type) -{ - static char *domain_env; - static BOOL initialised; - - request->length = sizeof(struct winbindd_request); - - request->cmd = (enum winbindd_cmd)request_type; - request->pid = getpid(); - request->domain[0] = '\0'; - - if (!initialised) { - initialised = True; - domain_env = getenv(WINBINDD_DOMAIN_ENV); - } - - if (domain_env) { - strncpy(request->domain, domain_env, - sizeof(request->domain) - 1); - request->domain[sizeof(request->domain) - 1] = '\0'; - } -} - -/* Initialise a response structure */ - -void init_response(struct winbindd_response *response) -{ - /* Initialise return value */ - - response->result = WINBINDD_ERROR; -} - -/* Close established socket */ - -void close_sock(void) -{ - if (winbindd_fd != -1) { - close(winbindd_fd); - winbindd_fd = -1; - } -} - -/* Connect to winbindd socket */ - -int winbind_open_pipe_sock(void) -{ - struct sockaddr_un sunaddr; - static pid_t our_pid; - struct stat st; - pstring path; - - if (our_pid != getpid()) { - close_sock(); - our_pid = getpid(); - } - - if (winbindd_fd != -1) { - return winbindd_fd; - } - - /* Check permissions on unix socket directory */ - - if (lstat(WINBINDD_SOCKET_DIR, &st) == -1) { - return -1; - } - - if (!S_ISDIR(st.st_mode) || - (st.st_uid != 0 && st.st_uid != geteuid())) { - return -1; - } - - /* Connect to socket */ - - strncpy(path, WINBINDD_SOCKET_DIR, sizeof(path) - 1); - path[sizeof(path) - 1] = '\0'; - - strncat(path, "/", sizeof(path) - 1); - path[sizeof(path) - 1] = '\0'; - - strncat(path, WINBINDD_SOCKET_NAME, sizeof(path) - 1); - path[sizeof(path) - 1] = '\0'; - - ZERO_STRUCT(sunaddr); - sunaddr.sun_family = AF_UNIX; - strncpy(sunaddr.sun_path, path, sizeof(sunaddr.sun_path) - 1); - - /* If socket file doesn't exist, don't bother trying to connect - with retry. This is an attempt to make the system usable when - the winbindd daemon is not running. */ - - if (lstat(path, &st) == -1) { - return -1; - } - - /* Check permissions on unix socket file */ - - if (!S_ISSOCK(st.st_mode) || - (st.st_uid != 0 && st.st_uid != geteuid())) { - return -1; - } - - /* Connect to socket */ - - if ((winbindd_fd = socket(AF_UNIX, SOCK_STREAM, 0)) == -1) { - return -1; - } - - if (connect(winbindd_fd, (struct sockaddr *)&sunaddr, - sizeof(sunaddr)) == -1) { - close_sock(); - return -1; - } - - return winbindd_fd; -} - -/* Write data to winbindd socket with timeout */ - -int write_sock(void *buffer, int count) -{ - int result, nwritten; - - /* Open connection to winbind daemon */ - - restart: - - if (winbind_open_pipe_sock() == -1) { - return -1; - } - - /* Write data to socket */ - - nwritten = 0; - - while(nwritten < count) { - struct timeval tv; - fd_set r_fds; - - /* Catch pipe close on other end by checking if a read() - call would not block by calling select(). */ - - FD_ZERO(&r_fds); - FD_SET(winbindd_fd, &r_fds); - ZERO_STRUCT(tv); - - if (select(winbindd_fd + 1, &r_fds, NULL, NULL, &tv) == -1) { - close_sock(); - return -1; /* Select error */ - } - - /* Write should be OK if fd not available for reading */ - - if (!FD_ISSET(winbindd_fd, &r_fds)) { - - /* Do the write */ - - result = write(winbindd_fd, - (char *)buffer + nwritten, - count - nwritten); - - if ((result == -1) || (result == 0)) { - - /* Write failed */ - - close_sock(); - return -1; - } - - nwritten += result; - - } else { - - /* Pipe has closed on remote end */ - - close_sock(); - goto restart; - } - } - - return nwritten; -} - -/* Read data from winbindd socket with timeout */ - -static int read_sock(void *buffer, int count) -{ - int result = 0, nread = 0; - - /* Read data from socket */ - - while(nread < count) { - - result = read(winbindd_fd, (char *)buffer + nread, - count - nread); - - if ((result == -1) || (result == 0)) { - - /* Read failed. I think the only useful thing we - can do here is just return -1 and fail since the - transaction has failed half way through. */ - - close_sock(); - return -1; - } - - nread += result; - } - - return result; -} - -/* Read reply */ - -int read_reply(struct winbindd_response *response) -{ - int result1, result2 = 0; - - if (!response) { - return -1; - } - - /* Read fixed length response */ - - if ((result1 = read_sock(response, sizeof(struct winbindd_response))) - == -1) { - - return -1; - } - - /* We actually send the pointer value of the extra_data field from - the server. This has no meaning in the client's address space - so we clear it out. */ - - response->extra_data = NULL; - - /* Read variable length response */ - - if (response->length > sizeof(struct winbindd_response)) { - int extra_data_len = response->length - - sizeof(struct winbindd_response); - - /* Mallocate memory for extra data */ - - if (!(response->extra_data = malloc(extra_data_len))) { - return -1; - } - - if ((result2 = read_sock(response->extra_data, extra_data_len)) - == -1) { - free_response(response); - return -1; - } - } - - /* Return total amount of data read */ - - return result1 + result2; -} - -/* - * send simple types of requests - */ - -NSS_STATUS winbindd_send_request(int req_type, struct winbindd_request *request) -{ - struct winbindd_request lrequest; - - /* Check for our tricky environment variable */ - - if (getenv(WINBINDD_DONT_ENV)) { - return NSS_STATUS_NOTFOUND; - } - - /* smbd may have excluded this domain */ - if (excluded_domain && - strcasecmp(excluded_domain, request->domain) == 0) { - return NSS_STATUS_NOTFOUND; - } - - if (!request) { - ZERO_STRUCT(lrequest); - request = &lrequest; - } - - /* Fill in request and send down pipe */ - - init_request(request, req_type); - - if (write_sock(request, sizeof(*request)) == -1) { - return NSS_STATUS_UNAVAIL; - } - - return NSS_STATUS_SUCCESS; -} - -/* - * Get results from winbindd request - */ - -NSS_STATUS winbindd_get_response(struct winbindd_response *response) -{ - struct winbindd_response lresponse; - - if (!response) { - ZERO_STRUCT(lresponse); - response = &lresponse; - } - - init_response(response); - - /* Wait for reply */ - if (read_reply(response) == -1) { - return NSS_STATUS_UNAVAIL; - } - - /* Throw away extra data if client didn't request it */ - if (response == &lresponse) { - free_response(response); - } - - /* Copy reply data from socket */ - if (response->result != WINBINDD_OK) { - return NSS_STATUS_NOTFOUND; - } - - return NSS_STATUS_SUCCESS; -} - -/* Handle simple types of requests */ - -NSS_STATUS winbindd_request(int req_type, - struct winbindd_request *request, - struct winbindd_response *response) -{ - NSS_STATUS status; - - status = winbindd_send_request(req_type, request); - if (status != NSS_STATUS_SUCCESS) - return(status); - return winbindd_get_response(response); -} --- squid/helpers/external_acl/winbind_group/wb_common.h Sun Jul 1 00:19:58 2007 +++ /dev/null Sun Jul 1 00:19:58 2007 @@ -1,12 +0,0 @@ -/* wb_common.c */ -void free_response(struct winbindd_response *response); -void winbind_exclude_domain(const char *domain); -void init_request(struct winbindd_request *request, int request_type); -void init_response(struct winbindd_response *response); -void close_sock(void); -int winbind_open_pipe_sock(void); -int write_sock(void *buffer, int count); -int read_reply(struct winbindd_response *response); -NSS_STATUS winbindd_send_request(int req_type, struct winbindd_request *request); -NSS_STATUS winbindd_get_response(struct winbindd_response *response); -NSS_STATUS winbindd_request(int req_type, struct winbindd_request *request, struct winbindd_response *response); --- squid/helpers/external_acl/winbind_group/wbntlm.h Sun Jul 1 00:19:58 2007 +++ /dev/null Sun Jul 1 00:19:58 2007 @@ -1,90 +0,0 @@ -/* - * (C) 2000 Francesco Chemolli , - * - * Distributed freely under the terms of the GNU General Public License, - * version 2. See the file COPYING for licensing details - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA. - */ - -#ifndef _WBNTLM_H_ -#define _WBNTLM_H_ - -#include "config.h" -#include "ntlmauth.h" -#include -#include -#include -#include - - -/*************** CONFIGURATION ***************/ -#ifndef DEBUG -#define DEBUG -#endif - -/* the attempted entropy source. If it doesn't exist, random() is uesed */ -#define ENTROPY_SOURCE "/dev/urandom" - -#define DOMAIN "GCSINT" /* TODO: fix ntlm_make_challenge */ - -/************* END CONFIGURATION *************/ - -/* Debugging stuff */ -extern const char *myname; -static const char *__foo; -extern pid_t mypid; -extern char debug_enabled; - -#ifdef DEBUG -#define __DO_DEBUG 1 -#else -#define __DO_DEBUG 0 -#endif - -#ifdef __GNUC__ /* this is really a gcc-ism */ -#define warn(X...) fprintf(stderr,"%s[%d](%s:%d): ", myname, mypid, \ - ((__foo=strrchr(__FILE__,'/'))==NULL?__FILE__:__foo+1),\ - __LINE__);\ - fprintf(stderr,X) -#define debug(X...) if(__DO_DEBUG && debug_enabled) { warn(X); } -#else /* __GNUC__ */ -static void -debug(char *format,...) -{ -} -static void -warn(char *format,...) -{ -} -#endif /* __GNUC__ */ - - - -/* A couple of harmless helper macros */ -#define SEND(X) debug("sending '%s' to squid\n",X); printf(X "\n"); -#ifdef __GNUC__ -#define SEND2(X,Y...) debug("sending '" X "' to squid\n",Y); \ - printf(X "\n",Y) -#else -/* no gcc, no debugging. varargs macros are a gcc extension */ -#define SEND2 printf -#endif - -typedef enum { - YES, - NO, - DONTKNOW -} tristate; - -#define CHALLENGE_LEN 8 -#define BUFFER_SIZE 2010 - -#endif /* _WBNTLM_H_ */ --- squid/helpers/ntlm_auth/winbind/Makefile.am Sun Jul 1 00:19:58 2007 +++ /dev/null Sun Jul 1 00:19:58 2007 @@ -1,14 +0,0 @@ -# -# Makefile for the Squid Object Cache server -# -# $Id: Makefile.am,v 1.2.54.1 2005/02/10 02:40:52 hno Exp $ -# - -libexec_PROGRAMS = wb_ntlmauth -wb_ntlmauth_SOURCES = wb_ntlm_auth.c wb_common.c wbntlm.h -EXTRA_DIST = \ - patches/wb_common.patch \ - patches/winbind_nss_config.patch -INCLUDES = -I. -I$(top_builddir)/include -I$(top_srcdir)/include \ - -I$(top_srcdir)/src -I@SAMBASOURCES@ -LDADD = -L$(top_builddir)/lib -lmiscutil -lntlmauth $(XTRA_LIBS) --- squid/helpers/ntlm_auth/winbind/wb_common.c Sun Jul 1 00:19:58 2007 +++ /dev/null Sun Jul 1 00:19:58 2007 @@ -1,403 +0,0 @@ -/* - Unix SMB/Netbios implementation. - Version 2.0 - - winbind client common code - - Copyright (C) Tim Potter 2000 - Copyright (C) Andrew Tridgell 2000 - - This library is free software; you can redistribute it and/or - modify it under the terms of the GNU Library General Public - License as published by the Free Software Foundation; either - version 2 of the License, or (at your option) any later version. - - This library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Library General Public License for more details. - - You should have received a copy of the GNU Library General Public - License along with this library; if not, write to the - Free Software Foundation, Inc., 59 Temple Place - Suite 330, - Boston, MA 02111-1307, USA. -*/ - -#include "nsswitch/winbind_nss_config.h" -#include "nsswitch/winbindd_nss.h" -#include "config.h" - - -/* Global variables. These are effectively the client state information */ - -int winbindd_fd = -1; /* fd for winbindd socket */ -static char *excluded_domain; - -/* Free a response structure */ - -void -free_response(struct winbindd_response *response) -{ - /* Free any allocated extra_data */ - - if (response) - SAFE_FREE(response->extra_data); -} - -/* - smbd needs to be able to exclude lookups for its own domain -*/ -void -winbind_exclude_domain(const char *domain) -{ - SAFE_FREE(excluded_domain); - excluded_domain = strdup(domain); -} - - -/* Initialise a request structure */ - -void -init_request(struct winbindd_request *request, int request_type) -{ - static char *domain_env; - static BOOL initialised; - - request->length = sizeof(struct winbindd_request); - - request->cmd = (enum winbindd_cmd) request_type; - request->pid = getpid(); - request->domain[0] = '\0'; - - if (!initialised) { - initialised = True; - domain_env = getenv(WINBINDD_DOMAIN_ENV); - } - - if (domain_env) { - strncpy(request->domain, domain_env, sizeof(request->domain) - 1); - request->domain[sizeof(request->domain) - 1] = '\0'; - } -} - -/* Initialise a response structure */ - -void -init_response(struct winbindd_response *response) -{ - /* Initialise return value */ - - response->result = WINBINDD_ERROR; -} - -/* Close established socket */ - -void -close_sock(void) -{ - if (winbindd_fd != -1) { - close(winbindd_fd); - winbindd_fd = -1; - } -} - -/* Connect to winbindd socket */ - -int -winbind_open_pipe_sock(void) -{ - struct sockaddr_un sunaddr; - static pid_t our_pid; - struct stat st; - pstring path; - - if (our_pid != getpid()) { - close_sock(); - our_pid = getpid(); - } - - if (winbindd_fd != -1) { - return winbindd_fd; - } - - /* Check permissions on unix socket directory */ - - if (lstat(WINBINDD_SOCKET_DIR, &st) == -1) { - return -1; - } - - if (!S_ISDIR(st.st_mode) || (st.st_uid != 0 && st.st_uid != geteuid())) { - return -1; - } - - /* Connect to socket */ - - strncpy(path, WINBINDD_SOCKET_DIR, sizeof(path) - 1); - path[sizeof(path) - 1] = '\0'; - - strncat(path, "/", sizeof(path) - 1); - path[sizeof(path) - 1] = '\0'; - - strncat(path, WINBINDD_SOCKET_NAME, sizeof(path) - 1); - path[sizeof(path) - 1] = '\0'; - - ZERO_STRUCT(sunaddr); - sunaddr.sun_family = AF_UNIX; - strncpy(sunaddr.sun_path, path, sizeof(sunaddr.sun_path) - 1); - - /* If socket file doesn't exist, don't bother trying to connect - * with retry. This is an attempt to make the system usable when - * the winbindd daemon is not running. */ - - if (lstat(path, &st) == -1) { - return -1; - } - - /* Check permissions on unix socket file */ - - if (!S_ISSOCK(st.st_mode) || (st.st_uid != 0 && st.st_uid != geteuid())) { - return -1; - } - - /* Connect to socket */ - - if ((winbindd_fd = socket(AF_UNIX, SOCK_STREAM, 0)) == -1) { - return -1; - } - - if (connect(winbindd_fd, (struct sockaddr *) &sunaddr, - sizeof(sunaddr)) == -1) { - close_sock(); - return -1; - } - - return winbindd_fd; -} - -/* Write data to winbindd socket with timeout */ - -int -write_sock(void *buffer, int count) -{ - int result, nwritten; - - /* Open connection to winbind daemon */ - - restart: - - if (winbind_open_pipe_sock() == -1) { - return -1; - } - - /* Write data to socket */ - - nwritten = 0; - - while (nwritten < count) { - struct timeval tv; - fd_set r_fds; - - /* Catch pipe close on other end by checking if a read() - * call would not block by calling select(). */ - - FD_ZERO(&r_fds); - FD_SET(winbindd_fd, &r_fds); - ZERO_STRUCT(tv); - - if (select(winbindd_fd + 1, &r_fds, NULL, NULL, &tv) == -1) { - close_sock(); - return -1; /* Select error */ - } - - /* Write should be OK if fd not available for reading */ - - if (!FD_ISSET(winbindd_fd, &r_fds)) { - - /* Do the write */ - - result = write(winbindd_fd, - (char *) buffer + nwritten, count - nwritten); - - if ((result == -1) || (result == 0)) { - - /* Write failed */ - - close_sock(); - return -1; - } - - nwritten += result; - - } else { - - /* Pipe has closed on remote end */ - - close_sock(); - goto restart; - } - } - - return nwritten; -} - -/* Read data from winbindd socket with timeout */ - -static int -read_sock(void *buffer, int count) -{ - int result = 0, nread = 0; - - /* Read data from socket */ - - while (nread < count) { - - result = read(winbindd_fd, (char *) buffer + nread, count - nread); - - if ((result == -1) || (result == 0)) { - - /* Read failed. I think the only useful thing we - * can do here is just return -1 and fail since the - * transaction has failed half way through. */ - - close_sock(); - return -1; - } - - nread += result; - } - - return result; -} - -/* Read reply */ - -int -read_reply(struct winbindd_response *response) -{ - int result1, result2 = 0; - - if (!response) { - return -1; - } - - /* Read fixed length response */ - - if ((result1 = read_sock(response, sizeof(struct winbindd_response))) - == -1) { - - return -1; - } - - /* We actually send the pointer value of the extra_data field from - * the server. This has no meaning in the client's address space - * so we clear it out. */ - - response->extra_data = NULL; - - /* Read variable length response */ - - if (response->length > sizeof(struct winbindd_response)) { - int extra_data_len = response->length - - sizeof(struct winbindd_response); - - /* Mallocate memory for extra data */ - - if (!(response->extra_data = malloc(extra_data_len))) { - return -1; - } - - if ((result2 = read_sock(response->extra_data, extra_data_len)) - == -1) { - free_response(response); - return -1; - } - } - - /* Return total amount of data read */ - - return result1 + result2; -} - -/* - * send simple types of requests - */ - -NSS_STATUS -winbindd_send_request(int req_type, struct winbindd_request * request) -{ - struct winbindd_request lrequest; - - /* Check for our tricky environment variable */ - - if (getenv(WINBINDD_DONT_ENV)) { - return NSS_STATUS_NOTFOUND; - } - - /* smbd may have excluded this domain */ - if (excluded_domain && strcasecmp(excluded_domain, request->domain) == 0) { - return NSS_STATUS_NOTFOUND; - } - - if (!request) { - ZERO_STRUCT(lrequest); - request = &lrequest; - } - - /* Fill in request and send down pipe */ - - init_request(request, req_type); - - if (write_sock(request, sizeof(*request)) == -1) { - return NSS_STATUS_UNAVAIL; - } - - return NSS_STATUS_SUCCESS; -} - -/* - * Get results from winbindd request - */ - -NSS_STATUS -winbindd_get_response(struct winbindd_response * response) -{ - struct winbindd_response lresponse; - - if (!response) { - ZERO_STRUCT(lresponse); - response = &lresponse; - } - - init_response(response); - - /* Wait for reply */ - if (read_reply(response) == -1) { - return NSS_STATUS_UNAVAIL; - } - - /* Throw away extra data if client didn't request it */ - if (response == &lresponse) { - free_response(response); - } - - /* Copy reply data from socket */ - if (response->result != WINBINDD_OK) { - return NSS_STATUS_NOTFOUND; - } - - return NSS_STATUS_SUCCESS; -} - -/* Handle simple types of requests */ - -NSS_STATUS -winbindd_request(int req_type, - struct winbindd_request * request, struct winbindd_response * response) -{ - NSS_STATUS status; - - status = winbindd_send_request(req_type, request); - if (status != NSS_STATUS_SUCCESS) - return (status); - return winbindd_get_response(response); -} --- squid/helpers/ntlm_auth/winbind/wb_ntlm_auth.c Sun Jul 1 00:19:58 2007 +++ /dev/null Sun Jul 1 00:19:58 2007 @@ -1,457 +0,0 @@ -/* - * (C) 2000 Francesco Chemolli - * (C) 2002 Andrew Bartlett - * - * Distributed freely under the terms of the GNU General Public License, - * version 2. See the file COPYING for licensing details - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA. - * - */ -/* - * TODO: - * -move all squid-helper-protocol-related operations to helper functions - * - * - MAYBE move squid-helper-protocol-related opetations to an external - * library? - */ - - -#include "wbntlm.h" -#include "util.h" -/* stdio.h is included in wbntlm.h */ -#include -#include -#include -#include /* for gettimeofday */ -#include /* BUG: is this portable? */ - -#ifdef HAVE_CTYPE_H -#include -#endif - -#ifdef HAVE_UNISTD_H -#include -#endif -#if HAVE_GETOPT_H -#include -#endif - -#include "nsswitch/winbind_nss_config.h" -#include "nsswitch/winbindd_nss.h" - -#ifndef min -#define min(x,y) ((x)<(y)?(x):(y)) -#endif - -void -authfail(char *domain, char *user, char *reason) -{ - /* TODO: -move away from SEND-type gcc-isms - * -prepare for protocol extension as soon as rbcollins is ready - */ - SEND2("NA %s\\%s auth failure because: %s", domain, user, reason); -} - -void -authok(const char *domain, const char *user) -{ - SEND2("AF %s\\%s", domain, user); -} - -void -sendchallenge(const char *challenge) -{ - SEND2("TT %s", challenge); -} - -void -helperfail(const char *reason) -{ - SEND2("BH %s", reason); -} - -char debug_enabled = 0; -char *myname; -pid_t mypid; - -static void -lc(char *string) -{ - char *p = string, c; - while ((c = *p)) { - *p = tolower(c); - p++; - } -} - -static void -uc(char *string) -{ - char *p = string, c; - while ((c = *p)) { - *p = toupper(c); - p++; - } -} - - - -NSS_STATUS winbindd_request(int req_type, - struct winbindd_request *request, struct winbindd_response *response); - - -static tristate have_urandom = DONTKNOW; -FILE *urandom_file = NULL; - -void -init_random() -{ - if (have_urandom == DONTKNOW) { - int result = 0; - struct stat st; - result = stat(ENTROPY_SOURCE, &st); - if (result != 0 || !(S_ISCHR(st.st_mode) || S_ISBLK(st.st_mode))) { - debug("Entropy source " ENTROPY_SOURCE " is unavailable\n"); - have_urandom = NO; - } - if ((urandom_file = fopen(ENTROPY_SOURCE, "r")) == NULL) { - unsigned int seed; - struct timeval t; - warn("Can't open entropy source " ENTROPY_SOURCE "\n"); - have_urandom = NO; - gettimeofday(&t, NULL); - seed = squid_random() * getpid() * t.tv_sec * t.tv_usec; - squid_srandom(seed); - } else { - have_urandom = YES; - } - } -} - -static unsigned char challenge[CHALLENGE_LEN + 1]; -static char * -build_challenge(void) -{ - size_t gotchars; - unsigned char j; - switch (have_urandom) { - case YES: - if ((gotchars = fread(&challenge, CHALLENGE_LEN, 1, urandom_file)) == 0) { - /* couldn't get a challenge. Fall back to random() and friends. - * notice that even a single changed byte is good enough for us */ - have_urandom = NO; - return build_challenge(); - } - return challenge; - case NO: - if (!(squid_random() % 100)) { /* sometimes */ - init_random(); - } - for (j = 0; j < CHALLENGE_LEN; j++) - challenge[j] = (unsigned char) (squid_random() % 256); - return challenge; - default: - warn("Critical internal error. Somebody forgot to initialize " - "the random system. Exiting.\n"); - exit(1); - } -} - -lstring lmhash, nthash; -static char have_nthash = 0; /* simple flag. A tad dirty.. */ - -void -do_authenticate(ntlm_authenticate * auth, int auth_length) -{ - lstring tmp; - int tocopy; - NSS_STATUS winbindd_result; - struct winbindd_request request; - struct winbindd_response response; - char *domain, *user; - - memset(&request, 0, sizeof(struct winbindd_request)); - - memset(&response, 0, sizeof(struct winbindd_response)); - - /* domain */ - tmp = ntlm_fetch_string((char *) auth, auth_length, &auth->domain); - if (tmp.str == NULL || tmp.l == 0) { /* no domain supplied */ - request.data.auth_crap.domain[0] = 0; - } else { - tocopy = min(tmp.l + 1, sizeof(fstring)); - xstrncpy(request.data.auth_crap.domain, tmp.str, tocopy); - } - - domain = request.data.auth_crap.domain; /* just a shortcut */ - - /* username */ - tmp = ntlm_fetch_string((char *) auth, auth_length, &auth->user); - if (tmp.str == NULL || tmp.l == 0) { - authfail(domain, "-", "No username in request"); - return; - } - - tocopy = min(sizeof(fstring), tmp.l + 1); - xstrncpy(request.data.auth_crap.user, tmp.str, tocopy); - user = request.data.auth_crap.user; - - /* now the LM hash */ - lmhash = ntlm_fetch_string((char *) auth, auth_length, &auth->lmresponse); - switch (lmhash.l) { - case 0: - warn("No lm hash provided by user %s\\%s\n", domain, user); - request.data.auth_crap.lm_resp_len = 0; - break; - case 24: - memcpy(request.data.auth_crap.lm_resp, lmhash.str, 24); - request.data.auth_crap.lm_resp_len = 24; - break; - default: - authfail(domain, user, "Broken LM hash response"); - return; - } - - nthash = ntlm_fetch_string((char *) auth, auth_length, &auth->ntresponse); - switch (nthash.l) { - case 0: - debug("no nthash\n"); - request.data.auth_crap.nt_resp_len = 0; - break; - case 24: - memcpy(request.data.auth_crap.nt_resp, nthash.str, 24); - request.data.auth_crap.nt_resp_len = 24; - break; - default: - debug("nthash len = %d\n", nthash.l); - authfail(domain, user, "Broken NT hash response"); - return; - } - - debug("Checking user '%s\\%s' lmhash len =%d, have_nthash=%d, " - "nthash len=%d\n", domain, user, lmhash.l, have_nthash, nthash.l); - - memcpy(request.data.auth_crap.chal, challenge, CHALLENGE_LEN); - - winbindd_result = winbindd_request(WINBINDD_PAM_AUTH_CRAP, - &request, &response); - debug("winbindd result: %d\n", winbindd_result); - - if (winbindd_result == NSS_STATUS_SUCCESS) { - lc(domain); - lc(user); - authok(domain, user); - } else { - char error_buf[200]; - snprintf(error_buf, sizeof(error_buf), "Authentication Failure (%s)", - response.data.auth.error_string); - authfail(domain, user, error_buf); - } - return; /* useless */ -} - -int -manage_request(char *target_domain) -{ - char buf[BUFFER_SIZE + 1]; - char *c, *decoded; - ntlmhdr *fast_header; - int oversized = 0; - - -try_again: - if (fgets(buf, BUFFER_SIZE, stdin) == NULL) - return 0; - - c = memchr(buf, '\n', BUFFER_SIZE); - if (c) { - if (oversized) { - helperfail("illegal request received"); - warn("Illegal request received: '%s'\n", buf); - return 1; - } - *c = '\0'; - } - else { - warn("No newline in '%s'\n", buf); - oversized = 1; - goto try_again; - } - - debug("Got '%s' from squid.\n", buf); - if (memcmp(buf, "YR", 2) == 0) { /* refresh-request */ - sendchallenge(ntlm_make_challenge(target_domain, NULL, - build_challenge(), CHALLENGE_LEN)); - return 1; - } - if (strncmp(buf, "KK ", 3) != 0) { /* not an auth-request */ - helperfail("illegal request received"); - warn("Illegal request received: '%s'\n", buf); - return 1; - } - /* At this point I'm sure it's a KK */ - decoded = base64_decode(buf + 3); - if (!decoded) { /* decoding failure, return error */ - authfail("-", "-", "Auth-format error, base64-decoding error"); - return 1; - } - fast_header = (struct _ntlmhdr *) decoded; - - /* sanity-check: it IS a NTLMSSP packet, isn't it? */ - if (memcmp(fast_header->signature, "NTLMSSP", 8) != 0) { - authfail("-", "-", "Broken NTLM packet, missing NTLMSSP signature"); - return 1; - } - /* Understand what we got */ - switch WSWAP(fast_header->type) { - case NTLM_NEGOTIATE: - authfail("-", "-", "Received neg-request while expecting auth packet"); - return 1; - case NTLM_CHALLENGE: - authfail("-", "-", "Received challenge. Refusing to abide"); - return 1; - case NTLM_AUTHENTICATE: - do_authenticate((ntlm_authenticate *) decoded, - (strlen(buf) - 3) * 3 / 4); - return 1; - default: - helperfail("Unknown authentication packet type"); - return 1; - } - /* notreached */ - return 1; -} - -static char * -get_winbind_domain(void) -{ - struct winbindd_response response; - char *domain; - - ZERO_STRUCT(response); - - /* Send off request */ - - if (winbindd_request(WINBINDD_DOMAIN_NAME, NULL, &response) != - NSS_STATUS_SUCCESS) { - warn("could not obtain winbind domain name!\n"); - exit(1); - } - - domain = strdup(response.data.domain_name); - uc(domain); - - warn("target domain is %s\n", domain); - return domain; -} - -static void -usage(char *program) -{ - fprintf(stderr,"Usage: %s [-d] [-h] [domain]\n" - " -d enable debugging\n" - " -h this message\n" - " domain target domain, if different from the winbind configuration\n", - program); -} - -char * -process_options(int argc, char *argv[]) -{ - int opt; - char *target_domain = NULL; - - opterr = 0; - while (-1 != (opt = getopt(argc, argv, "dh"))) { - switch (opt) { - case 'd': - debug_enabled = 1; - break; - case 'h': - usage(argv[0]); - exit(0); - case '?': - opt = optopt; - /* fall thru to default */ - default: - warn("Unknown option: -%c\n\n", opt); - usage(argv[0]); - exit(1); - break; /* not reached */ - } - } - if (optind < argc) { - target_domain = argv[optind++]; - warn("target domain is %s\n", target_domain); - if (optind < argc) { - warn("Unknown argument: %s\n\n", argv[optind]); - usage(argv[0]); - exit(1); - } - } - return target_domain; -} - -void -check_winbindd() -{ - NSS_STATUS r; - int retry=10; - struct winbindd_request request; - struct winbindd_response response; - do { - r = winbindd_request(WINBINDD_INTERFACE_VERSION, &request, &response); - if (r != NSS_STATUS_SUCCESS) - retry--; - } while (r != NSS_STATUS_SUCCESS && retry); - if (r != NSS_STATUS_SUCCESS) { - warn("Can't contact winbindd. Dying\n"); - exit(1); - } - if (response.data.interface_version != WINBIND_INTERFACE_VERSION) { - warn("Winbind protocol mismatch. Align squid and samba. Dying\n"); - exit(1); - } -} - -int -main(int argc, char **argv) -{ - char *target_domain; - if (argc > 0) { /* should always be true */ - myname = strrchr(argv[0], '/'); - if (myname == NULL) - myname = argv[0]; - else - myname++; - } else { - myname = "(unknown)"; - } - mypid = getpid(); - target_domain = process_options(argc, argv); - debug("ntlm winbindd auth helper build " __DATE__ ", " __TIME__ - " starting up...\n"); - - check_winbindd(); - - if (target_domain == NULL) { - target_domain = get_winbind_domain(); - } - - /* initialize FDescs */ - setbuf(stdout, NULL); - setbuf(stderr, NULL); - init_random(); - while (manage_request(target_domain)) { - /* everything is done within manage_request */ - } - return 0; -} --- squid/helpers/ntlm_auth/winbind/wbntlm.h Sun Jul 1 00:19:58 2007 +++ /dev/null Sun Jul 1 00:19:58 2007 @@ -1,88 +0,0 @@ -/* - * (C) 2000 Francesco Chemolli , - * - * Distributed freely under the terms of the GNU General Public License, - * version 2. See the file COPYING for licensing details - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA. - */ - -#ifndef _WBNTLM_H_ -#define _WBNTLM_H_ - -#include "config.h" -#include "ntlmauth.h" -#include -#include -#include -#include - - -/*************** CONFIGURATION ***************/ -#ifndef DEBUG -#define DEBUG -#endif - -/* the attempted entropy source. If it doesn't exist, random() is uesed */ -#define ENTROPY_SOURCE "/dev/urandom" - -/************* END CONFIGURATION *************/ - -/* Debugging stuff */ -extern char *myname; -static char *__foo; -extern pid_t mypid; -extern char debug_enabled; - -#ifdef DEBUG -#define __DO_DEBUG 1 -#else -#define __DO_DEBUG 0 -#endif - -#if defined(__GNUC__) || defined(__ICC) /* this is really a gcc-ism */ -#define warn(X...) fprintf(stderr,"%s[%d](%s:%d): ", myname, mypid, \ - ((__foo=strrchr(__FILE__,'/'))==NULL?__FILE__:__foo+1),\ - __LINE__);\ - fprintf(stderr,X) -#define debug(X...) if(__DO_DEBUG && debug_enabled) { warn(X); } -#else /* __GNUC__ */ -static void -debug(char *format,...) -{ -} -static void -warn(char *format,...) -{ -} -#endif /* __GNUC__ */ - - - -/* A couple of harmless helper macros */ -#define SEND(X) debug("sending '%s' to squid\n",X); printf(X "\n"); -#if defined(__GNUC__) || defined (__ICC) -#define SEND2(X,Y...) debug("sending '" X "' to squid\n",Y); \ - printf(X "\n",Y) -#else -/* no gcc, no debugging. varargs macros are a gcc extension */ -#define SEND2 printf -#endif - -typedef enum { - YES, - NO, - DONTKNOW -} tristate; - -#define CHALLENGE_LEN 8 -#define BUFFER_SIZE 2010 - -#endif /* _WBNTLM_H_ */ --- squid/helpers/ntlm_auth/winbind/patches/wb_common.patch Sun Jul 1 00:19:58 2007 +++ /dev/null Sun Jul 1 00:19:58 2007 @@ -1,11 +0,0 @@ ---- samba-HEAD/source/nsswitch/wb_common.c Sat Jan 12 23:12:11 2002 -+++ squid-ntlm/src/auth/ntlm/helpers/winbind/wb_common.c Sat Jan 12 23:45:03 2002 -@@ -25,6 +25,8 @@ - - #include "winbind_nss_config.h" - #include "winbindd_nss.h" -+#include "config.h" -+ - - /* Global variables. These are effectively the client state information */ - --- squid/helpers/ntlm_auth/winbind/patches/winbind_nss_config.patch Sun Jul 1 00:19:58 2007 +++ /dev/null Sun Jul 1 00:19:58 2007 @@ -1,20 +0,0 @@ ---- samba-HEAD/source/nsswitch/winbind_nss_config.h Wed Sep 5 10:11:16 2001 -+++ squid-ntlm/src/auth/ntlm/helpers/winbind/winbind_nss_config.h Sat Nov 24 00:32:05 2001 -@@ -27,7 +27,7 @@ - - /* Include header files from data in config.h file */ - --#include -+#include "config.h" - - #include - -@@ -63,7 +63,7 @@ - #include - #include - #include --#include "nsswitch/nss.h" -+#include "samba_nss.h" - - /* Declarations for functions in winbind_nss.c - needed in winbind_nss_solaris.c (solaris wrapper to nss) */ --- squid/include/samba/README.txt Sun Jul 1 00:19:58 2007 +++ /dev/null Sun Jul 1 00:19:58 2007 @@ -1,7 +0,0 @@ -These files are copies of Samba internal headers from Samba-2.2.7a -required by the winbind helpers to Squid. - -If you compile the winbind helpers with other versions of Samba you may -need to copy the relevant headers from the Samba version you are using -here, or use the --with-samba-source=... configure option to tell Squid -where the Samba sources can be found. --- squid/include/samba/nsswitch/sys_nss.h Sun Jul 1 00:19:58 2007 +++ /dev/null Sun Jul 1 00:19:58 2007 @@ -1,104 +0,0 @@ -#ifndef _NSSWITCH_SYS_NSS_H -#define _NSSWITCH_SYS_NSS_H -/* - Unix SMB/CIFS implementation. - - a common place to work out how to define NSS_STATUS on various - platforms - - Copyright (C) Tim Potter 2000 - - This library is free software; you can redistribute it and/or - modify it under the terms of the GNU Library General Public - License as published by the Free Software Foundation; either - version 2 of the License, or (at your option) any later version. - - This library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Library General Public License for more details. - - You should have received a copy of the GNU Library General Public - License along with this library; if not, write to the - Free Software Foundation, Inc., 59 Temple Place - Suite 330, - Boston, MA 02111-1307, USA. -*/ - -#ifdef HAVE_NSS_COMMON_H - -/* Sun Solaris */ - -#include -#include -#include - -typedef nss_status_t NSS_STATUS; - -#define NSS_STATUS_SUCCESS NSS_SUCCESS -#define NSS_STATUS_NOTFOUND NSS_NOTFOUND -#define NSS_STATUS_UNAVAIL NSS_UNAVAIL -#define NSS_STATUS_TRYAGAIN NSS_TRYAGAIN - -#elif HAVE_NSS_H - -/* GNU */ - -#include - -typedef enum nss_status NSS_STATUS; - -#elif HAVE_NS_API_H - -/* SGI IRIX */ - -/* following required to prevent warnings of double definition - * of datum from ns_api.h -*/ -#ifdef DATUM -#define _DATUM_DEFINED -#endif - -#include - -typedef enum -{ - NSS_STATUS_SUCCESS=NS_SUCCESS, - NSS_STATUS_NOTFOUND=NS_NOTFOUND, - NSS_STATUS_UNAVAIL=NS_UNAVAIL, - NSS_STATUS_TRYAGAIN=NS_TRYAGAIN -} NSS_STATUS; - -#define NSD_MEM_STATIC 0 -#define NSD_MEM_VOLATILE 1 -#define NSD_MEM_DYNAMIC 2 - -#elif defined(HPUX) && defined(HAVE_NSSWITCH_H) -/* HP-UX 11 */ - -#include "nsswitch/hp_nss_common.h" -#include "nsswitch/hp_nss_dbdefs.h" -#include - -#ifndef _HAVE_TYPEDEF_NSS_STATUS -#define _HAVE_TYPEDEF_NSS_STATUS -typedef nss_status_t NSS_STATUS; - -#define NSS_STATUS_SUCCESS NSS_SUCCESS -#define NSS_STATUS_NOTFOUND NSS_NOTFOUND -#define NSS_STATUS_UNAVAIL NSS_UNAVAIL -#define NSS_STATUS_TRYAGAIN NSS_TRYAGAIN -#endif /* HPUX */ - -#else /* Nothing's defined. Neither gnu nor sun nor hp */ - -typedef enum -{ - NSS_STATUS_SUCCESS=0, - NSS_STATUS_NOTFOUND=1, - NSS_STATUS_UNAVAIL=2, - NSS_STATUS_TRYAGAIN=3 -} NSS_STATUS; - -#endif - -#endif /* _NSSWITCH_SYS_NSS_H */ --- squid/include/samba/nsswitch/winbind_nss_config.h Sun Jul 1 00:19:58 2007 +++ /dev/null Sun Jul 1 00:19:58 2007 @@ -1,155 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - Winbind daemon for ntdom nss module - - Copyright (C) Tim Potter 2000 - - This library is free software; you can redistribute it and/or - modify it under the terms of the GNU Library General Public - License as published by the Free Software Foundation; either - version 2 of the License, or (at your option) any later version. - - This library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Library General Public License for more details. - - You should have received a copy of the GNU Library General Public - License along with this library; if not, write to the - Free Software Foundation, Inc., 59 Temple Place - Suite 330, - Boston, MA 02111-1307, USA. -*/ - -#ifndef _WINBIND_NSS_CONFIG_H -#define _WINBIND_NSS_CONFIG_H - -/* Include header files from data in config.h file */ - -#include - -#include - -#ifdef HAVE_STDLIB_H -#include -#endif - -#ifdef HAVE_UNISTD_H -#include -#endif - -#ifdef HAVE_SYS_SELECT_H -#include -#endif - -#ifdef HAVE_SYS_SOCKET_H -#include -#endif - -#ifdef HAVE_UNIXSOCKET -#include -#endif - -#ifdef HAVE_SYS_TIME_H -#include -#endif - -#ifdef HAVE_GRP_H -#include -#endif - -#ifdef HAVE_STRING_H -#include -#endif - -#include -#include -#include -#include -#include "nsswitch/sys_nss.h" - -/* Declarations for functions in winbind_nss.c - needed in winbind_nss_solaris.c (solaris wrapper to nss) */ - -NSS_STATUS _nss_winbind_setpwent(void); -NSS_STATUS _nss_winbind_endpwent(void); -NSS_STATUS _nss_winbind_getpwent_r(struct passwd* result, char* buffer, - size_t buflen, int* errnop); -NSS_STATUS _nss_winbind_getpwuid_r(uid_t, struct passwd*, char* buffer, - size_t buflen, int* errnop); -NSS_STATUS _nss_winbind_getpwnam_r(const char* name, struct passwd* result, - char* buffer, size_t buflen, int* errnop); - -NSS_STATUS _nss_winbind_setgrent(void); -NSS_STATUS _nss_winbind_endgrent(void); -NSS_STATUS _nss_winbind_getgrent_r(struct group* result, char* buffer, - size_t buflen, int* errnop); -NSS_STATUS _nss_winbind_getgrnam_r(const char *name, - struct group *result, char *buffer, - size_t buflen, int *errnop); -NSS_STATUS _nss_winbind_getgrgid_r(gid_t gid, - struct group *result, char *buffer, - size_t buflen, int *errnop); - -/* I'm trying really hard not to include anything from smb.h with the - result of some silly looking redeclaration of structures. */ - -#ifndef _PSTRING -#define _PSTRING -#define PSTRING_LEN 1024 -#define FSTRING_LEN 256 -typedef char pstring[PSTRING_LEN]; -typedef char fstring[FSTRING_LEN]; -#endif - -#ifndef _BOOL -#define _BOOL /* So we don't typedef BOOL again in vfs.h */ -#define False (0) -#define True (1) -#define Auto (2) -typedef int BOOL; -#endif - -#if !defined(uint32) -#if (SIZEOF_INT == 4) -#define uint32 unsigned int -#elif (SIZEOF_LONG == 4) -#define uint32 unsigned long -#elif (SIZEOF_SHORT == 4) -#define uint32 unsigned short -#endif -#endif - -#if !defined(uint16) -#if (SIZEOF_SHORT == 4) -#define uint16 __ERROR___CANNOT_DETERMINE_TYPE_FOR_INT16; -#else /* SIZEOF_SHORT != 4 */ -#define uint16 unsigned short -#endif /* SIZEOF_SHORT != 4 */ -#endif - -#ifndef uint8 -#define uint8 unsigned char -#endif - -/* zero a structure */ -#ifndef ZERO_STRUCT -#define ZERO_STRUCT(x) memset((char *)&(x), 0, sizeof(x)) -#endif - -/* zero a structure given a pointer to the structure */ -#ifndef ZERO_STRUCTP -#define ZERO_STRUCTP(x) { if ((x) != NULL) memset((char *)(x), 0, sizeof(*(x))); } -#endif - -/* Some systems (SCO) treat UNIX domain sockets as FIFOs */ - -#ifndef S_IFSOCK -#define S_IFSOCK S_IFIFO -#endif - -#ifndef S_ISSOCK -#define S_ISSOCK(mode) ((mode & S_IFSOCK) == S_IFSOCK) -#endif - -#endif --- squid/include/samba/nsswitch/winbindd_nss.h Sun Jul 1 00:19:58 2007 +++ /dev/null Sun Jul 1 00:19:58 2007 @@ -1,229 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - Winbind daemon for ntdom nss module - - Copyright (C) Tim Potter 2000 - - This library is free software; you can redistribute it and/or - modify it under the terms of the GNU Library General Public - License as published by the Free Software Foundation; either - version 2 of the License, or (at your option) any later version. - - This library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Library General Public License for more details. - - You should have received a copy of the GNU Library General Public - License along with this library; if not, write to the - Free Software Foundation, Inc., 59 Temple Place - Suite 330, - Boston, MA 02111-1307, USA. -*/ - -#ifndef SAFE_FREE -#define SAFE_FREE(x) do { if(x) {free(x); x=NULL;} } while(0) -#endif - -#ifndef _WINBINDD_NTDOM_H -#define _WINBINDD_NTDOM_H - -#define WINBINDD_SOCKET_NAME "pipe" /* Name of PF_UNIX socket */ -#define WINBINDD_SOCKET_DIR "/tmp/.winbindd" /* Name of PF_UNIX dir */ - -#define WINBINDD_DOMAIN_ENV "WINBINDD_DOMAIN" /* Environment variables */ -#define WINBINDD_DONT_ENV "_NO_WINBINDD" - -/* Update this when you change the interface. */ - -#define WINBIND_INTERFACE_VERSION 4 - -/* Socket commands */ - -enum winbindd_cmd { - - WINBINDD_INTERFACE_VERSION, /* Always a well known value */ - - /* Get users and groups */ - - WINBINDD_GETPWNAM, - WINBINDD_GETPWUID, - WINBINDD_GETGRNAM, - WINBINDD_GETGRGID, - WINBINDD_GETGROUPS, - - /* Enumerate users and groups */ - - WINBINDD_SETPWENT, - WINBINDD_ENDPWENT, - WINBINDD_GETPWENT, - WINBINDD_SETGRENT, - WINBINDD_ENDGRENT, - WINBINDD_GETGRENT, - - /* PAM authenticate and password change */ - - WINBINDD_PAM_AUTH, - WINBINDD_PAM_AUTH_CRAP, - WINBINDD_PAM_CHAUTHTOK, - - /* List various things */ - - WINBINDD_LIST_USERS, /* List w/o rid->id mapping */ - WINBINDD_LIST_GROUPS, /* Ditto */ - WINBINDD_LIST_TRUSTDOM, - - /* SID conversion */ - - WINBINDD_LOOKUPSID, - WINBINDD_LOOKUPNAME, - - /* Lookup functions */ - - WINBINDD_SID_TO_UID, - WINBINDD_SID_TO_GID, - WINBINDD_UID_TO_SID, - WINBINDD_GID_TO_SID, - - /* Miscellaneous other stuff */ - - WINBINDD_CHECK_MACHACC, /* Check machine account pw works */ - WINBINDD_PING, /* Just tell me winbind is running */ - WINBINDD_INFO, /* Various bit of info. Currently just tidbits */ - WINBINDD_DOMAIN_NAME, /* The domain this winbind server is a member of (lp_workgroup()) */ - - WINBINDD_SHOW_SEQUENCE, /* display sequence numbers of domains */ - - /* WINS commands */ - - WINBINDD_WINS_BYIP, - WINBINDD_WINS_BYNAME, - - /* Placeholder for end of cmd list */ - - WINBINDD_NUM_CMDS -}; - -/* Winbind request structure */ - -struct winbindd_request { - uint32 length; - enum winbindd_cmd cmd; /* Winbindd command to execute */ - pid_t pid; /* pid of calling process */ - - union { - fstring winsreq; /* WINS request */ - fstring username; /* getpwnam */ - fstring groupname; /* getgrnam */ - uid_t uid; /* getpwuid, uid_to_sid */ - gid_t gid; /* getgrgid, gid_to_sid */ - struct { - /* We deliberatedly don't split into domain/user to - avoid having the client know what the separator - character is. */ - fstring user; - fstring pass; - } auth; /* pam_winbind auth module */ - struct { - unsigned char chal[8]; - fstring user; - fstring domain; - fstring lm_resp; - uint16 lm_resp_len; - fstring nt_resp; - uint16 nt_resp_len; - } auth_crap; - struct { - fstring user; - fstring oldpass; - fstring newpass; - } chauthtok; /* pam_winbind passwd module */ - fstring sid; /* lookupsid, sid_to_[ug]id */ - struct { - fstring dom_name; /* lookupname */ - fstring name; - } name; - uint32 num_entries; /* getpwent, getgrent */ - } data; - fstring domain; /* {set,get,end}{pw,gr}ent() */ -}; - -/* Response values */ - -enum winbindd_result { - WINBINDD_ERROR, - WINBINDD_OK -}; - -/* Winbind response structure */ - -struct winbindd_response { - - /* Header information */ - - uint32 length; /* Length of response */ - enum winbindd_result result; /* Result code */ - - /* Fixed length return data */ - - union { - int interface_version; /* Try to ensure this is always in the same spot... */ - - fstring winsresp; /* WINS response */ - - /* getpwnam, getpwuid */ - - struct winbindd_pw { - fstring pw_name; - fstring pw_passwd; - uid_t pw_uid; - gid_t pw_gid; - fstring pw_gecos; - fstring pw_dir; - fstring pw_shell; - } pw; - - /* getgrnam, getgrgid */ - - struct winbindd_gr { - fstring gr_name; - fstring gr_passwd; - gid_t gr_gid; - int num_gr_mem; - int gr_mem_ofs; /* offset to group membership */ - } gr; - - uint32 num_entries; /* getpwent, getgrent */ - struct winbindd_sid { - fstring sid; /* lookupname, [ug]id_to_sid */ - int type; - } sid; - struct winbindd_name { - fstring dom_name; /* lookupsid */ - fstring name; - int type; - } name; - uid_t uid; /* sid_to_uid */ - gid_t gid; /* sid_to_gid */ - struct winbindd_info { - char winbind_separator; - fstring samba_version; - } info; - fstring domain_name; - - struct auth_reply { - uint32 nt_status; - fstring nt_status_string; - fstring error_string; - int pam_error; - } auth; - } data; - - uint32 nt_status; /* Extended error information */ - - /* Variable length return data */ - - void *extra_data; /* getgrnam, getgrgid, getgrent */ -}; - -#endif --- squid/scripts/RunAccel.in Sun Jul 1 00:19:58 2007 +++ /dev/null Sun Jul 1 00:19:58 2007 @@ -1,36 +0,0 @@ -#!/bin/sh -# -# $Id: RunAccel.in,v 1.2.6.1 2005/02/10 02:40:56 hno Exp $ - -# enable HTTP requests on port 80 -port="-a 80" - -prefix=@prefix@ -exec_prefix=@exec_prefix@ -logdir=@localstatedir@ -PATH=@sbindir@:/bin:/usr/bin -export PATH - -if test $# = 1 ; then - conf="-f $1" - shift -fi - -failcount=0 -while : ; do - echo "Running: squid $port -s $conf >> $logdir/squid.out 2>&1" - start=`date '+%d%H%M%S'` - squid -N $port -s $conf >> $logdir/squid.out 2>&1 - stop=`date '+%d%H%M%S'` - t=`expr $stop - $start` - if test 0 -le $t -a $t -lt 5 ; then - failcount=`expr $failcount + 1` - else - failcount=0 - fi - if test $failcount -gt 5 ; then - echo "RunCache: EXITING DUE TO REPEATED, FREQUENT FAILURES" >&2 - exit 1 - fi - sleep 10 -done --- squid/src/ETag.c Sun Jul 1 00:19:58 2007 +++ /dev/null Sun Jul 1 00:19:58 2007 @@ -1,68 +0,0 @@ - -/* - * $Id: ETag.c,v 1.3.6.1 2001/02/27 14:18:50 rvenning Exp $ - * - * DEBUG: none ETag parsing support - * AUTHOR: Alex Rousskov - * - * SQUID Web Proxy Cache http://www.squid-cache.org/ - * ---------------------------------------------------------- - * - * Squid is the result of efforts by numerous individuals from - * the Internet community; see the CONTRIBUTORS file for full - * details. Many organizations have provided support for Squid's - * development; see the SPONSORS file for full details. Squid is - * Copyrighted (C) 2001 by the Regents of the University of - * California; see the COPYRIGHT file for full details. Squid - * incorporates software developed and/or copyrighted by other - * sources; see the CREDITS file for full details. - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA. - * - */ - -#include "squid.h" - -/* - * Note: ETag is not an http "field" like, for example HttpHdrRange. ETag is a - * field-value that maybe used in many http fields. - */ - -/* parses a string as weak or strong entity-tag; returns true on success */ -/* note: we do not duplicate "str"! */ -int -etagParseInit(ETag * etag, const char *str) -{ - int len; - assert(etag && str); - etag->str = NULL; - etag->weak = !strncmp(str, "W/", 2); - if (etag->weak) - str += 2; - /* check format (quoted-string) */ - len = strlen(str); - if (len >= 2 && str[0] == '"' && str[len - 1] == '"') - etag->str = str; - return etag->str != NULL; -} - -/* returns true if etags are equal */ -int -etagIsEqual(const ETag * tag1, const ETag * tag2) -{ - assert(tag1 && tag2); - assert(!tag1->weak && !tag2->weak); /* weak comparison not implemented yet */ - return !strcmp(tag1->str, tag2->str); -} --- squid/src/cachemgr.c Sun Jul 1 00:19:58 2007 +++ /dev/null Sun Jul 1 00:19:58 2007 @@ -1,756 +0,0 @@ - -/* - * $Id: cachemgr.c,v 1.3.6.4 2005/02/10 02:41:02 hno Exp $ - * - * DEBUG: section 0 CGI Cache Manager - * AUTHOR: Duane Wessels - * - * SQUID Web Proxy Cache http://www.squid-cache.org/ - * ---------------------------------------------------------- - * - * Squid is the result of efforts by numerous individuals from - * the Internet community; see the CONTRIBUTORS file for full - * details. Many organizations have provided support for Squid's - * development; see the SPONSORS file for full details. Squid is - * Copyrighted (C) 2001 by the Regents of the University of - * California; see the COPYRIGHT file for full details. Squid - * incorporates software developed and/or copyrighted by other - * sources; see the CREDITS file for full details. - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA. - * - */ - -#include "config.h" - -#if HAVE_UNISTD_H -#include -#endif -#if HAVE_STDLIB_H -#include -#endif -#if HAVE_STDIO_H -#include -#endif -#if HAVE_SYS_TYPES_H -#include -#endif -#if HAVE_CTYPE_H -#include -#endif -#if HAVE_ERRNO_H -#include -#endif -#if HAVE_FCNTL_H -#include -#endif -#if HAVE_GRP_H -#include -#endif -#if HAVE_GNUMALLOC_H -#include -#elif HAVE_MALLOC_H && !defined(_SQUID_FREEBSD_) && !defined(_SQUID_NEXT_) -#include -#endif -#if HAVE_MEMORY_H -#include -#endif -#if HAVE_NETDB_H && !defined(_SQUID_NETDB_H_) /* protect NEXTSTEP */ -#define _SQUID_NETDB_H_ -#include -#endif -#if HAVE_PWD_H -#include -#endif -#if HAVE_SIGNAL_H -#include -#endif -#if HAVE_TIME_H -#include -#endif -#if HAVE_SYS_PARAM_H -#include -#endif -#if HAVE_SYS_TIME_H -#include -#endif -#if HAVE_SYS_RESOURCE_H -#include /* needs sys/time.h above it */ -#endif -#if HAVE_SYS_SOCKET_H -#include -#endif -#if HAVE_NETINET_IN_H -#include -#endif -#if HAVE_ARPA_INET_H -#include -#endif -#if HAVE_SYS_STAT_H -#include -#endif -#if HAVE_SYS_UN_H -#include -#endif -#if HAVE_SYS_WAIT_H -#include -#endif -#if HAVE_LIBC_H -#include -#endif -#if HAVE_STRING_H -#include -#endif -#if HAVE_STRINGS_H -#include -#endif -#if HAVE_BSTRING_H -#include -#endif -#if HAVE_CRYPT_H -#include -#endif -#if HAVE_SYS_SELECT_H -#include -#endif - -#include - -#include "util.h" -#include "snprintf.h" -#include "defines.h" - -typedef struct { - char *hostname; - int port; - char *action; - char *user_name; - char *passwd; - char *pub_auth; -} cachemgr_request; - -/* - * Debugging macros (info goes to error_log on your web server) - * Note: do not run cache manager with non zero debugging level - * if you do not debug, it may write a lot of [sensitive] - * information to your error log. - */ - -/* debugging level 0 (disabled) - 3 (max) */ -#define DEBUG_LEVEL 0 -#undef debug -#define debug(level) if ((level) <= DEBUG_LEVEL && DEBUG_LEVEL > 0) - -/* - * Static variables and constants - */ -static const time_t passwd_ttl = 60 * 60 * 3; /* in sec */ -static const char *script_name = "/cgi-bin/cachemgr.cgi"; -static const char *progname = NULL; -static time_t now; -static struct IN_ADDR no_addr; - -/* - * Function prototypes - */ -#undef safe_free -#define safe_free(str) { if (str) { xfree(str); (str) = NULL; } } -static const char *safe_str(const char *str); -static const char *xstrtok(char **str, char del); -static void print_trailer(void); -static void auth_html(const char *host, int port, const char *user_name); -static void error_html(const char *msg); -static char *menu_url(cachemgr_request * req, const char *action); -static int parse_status_line(const char *sline, const char **statusStr); -static cachemgr_request *read_request(void); -static char *read_get_request(void); -static char *read_post_request(void); - -static void make_pub_auth(cachemgr_request * req); -static void decode_pub_auth(cachemgr_request * req); -static void reset_auth(cachemgr_request * req); -static const char *make_auth_header(const cachemgr_request * req); - - -static const char * -safe_str(const char *str) -{ - return str ? str : ""; -} - -/* relaxed number format */ -static int -is_number(const char *str) -{ - return strspn(str, "\t -+01234567890./\n") == strlen(str); -} - -static const char * -xstrtok(char **str, char del) -{ - if (*str) { - char *p = strchr(*str, del); - char *tok = *str; - int len; - if (p) { - *str = p + 1; - *p = '\0'; - } else - *str = NULL; - /* trim */ - len = strlen(tok); - while (len && xisspace(tok[len - 1])) - tok[--len] = '\0'; - while (xisspace(*tok)) - tok++; - return tok; - } else - return ""; -} - -static void -print_trailer(void) -{ - printf("
\n"); - printf("
\n"); - printf("Generated %s, by %s/%s@%s\n", - mkrfc1123(now), progname, VERSION, getfullhostname()); - printf("
\n"); -} - -static void -auth_html(const char *host, int port, const char *user_name) -{ - if (!user_name) - user_name = ""; - if (!host || !strlen(host)) - host = "localhost"; - printf("Content-Type: text/html\r\n\r\n"); - printf("\n"); - printf("Cache Manager Interface\n"); - printf("\n"); - printf("

Cache Manager Interface

\n"); - printf("

This is a WWW interface to the instrumentation interface\n"); - printf("for the Squid object cache.

\n"); - printf("
\n"); - printf("
\n", script_name); - printf("\n"); - printf("\n", host); - printf("\n", port); - printf("\n", user_name); - printf("\n"); - printf("
Cache Host:
Cache Port:
Manager name:
Password:

\n"); - printf("\n"); - printf("
\n"); - print_trailer(); -} - -static void -error_html(const char *msg) -{ - printf("Content-Type: text/html\r\n\r\n"); - printf("\n"); - printf("Cache Manager Error\n"); - printf("\n"); - printf("

Cache Manager Error

\n"); - printf("

\n%s

\n", msg); - print_trailer(); -} - -/* returns http status extracted from status line or -1 on parsing failure */ -static int -parse_status_line(const char *sline, const char **statusStr) -{ - const char *sp = strchr(sline, ' '); - if (statusStr) - *statusStr = NULL; - if (strncasecmp(sline, "HTTP/", 5) || !sp) - return -1; - while (xisspace(*++sp)); - if (!xisdigit(*sp)) - return -1; - if (statusStr) - *statusStr = sp; - return atoi(sp); -} - -static char * -menu_url(cachemgr_request * req, const char *action) -{ - static char url[1024]; - snprintf(url, sizeof(url), "%s?host=%s&port=%d&user_name=%s&operation=%s&auth=%s", - script_name, - req->hostname, - req->port, - safe_str(req->user_name), - action, - safe_str(req->pub_auth)); - return url; -} - -static const char * -munge_menu_line(const char *buf, cachemgr_request * req) -{ - char *x; - const char *a; - const char *d; - const char *p; - char *a_url; - char *buf_copy; - static char html[2 * 1024]; - if (strlen(buf) < 1) - return buf; - if (*buf != ' ') - return buf; - buf_copy = x = xstrdup(buf); - a = xstrtok(&x, '\t'); - d = xstrtok(&x, '\t'); - p = xstrtok(&x, '\t'); - a_url = xstrdup(menu_url(req, a)); - /* no reason to give a url for a disabled action */ - if (!strcmp(p, "disabled")) - snprintf(html, sizeof(html), "
  • %s (disabled).\n", d, a_url); - else - /* disable a hidden action (requires a password, but password is not in squid.conf) */ - if (!strcmp(p, "hidden")) - snprintf(html, sizeof(html), "
  • %s (hidden).\n", d, a_url); - else - /* disable link if authentication is required and we have no password */ - if (!strcmp(p, "protected") && !req->passwd) - snprintf(html, sizeof(html), "
  • %s (requires authentication).\n", - d, menu_url(req, "authenticate"), a_url); - else - /* highlight protected but probably available entries */ - if (!strcmp(p, "protected")) - snprintf(html, sizeof(html), "
  • %s\n", - a_url, d); - /* public entry or unknown type of protection */ - else - snprintf(html, sizeof(html), "
  • %s\n", a_url, d); - xfree(a_url); - xfree(buf_copy); - return html; -} - -static const char * -munge_other_line(const char *buf, cachemgr_request * req) -{ - static const char *ttags[] = - {"td", "th"}; - static char html[4096]; - static int table_line_num = 0; - static int next_is_header = 0; - int is_header = 0; - const char *ttag; - char *buf_copy; - char *x, *p; - int l = 0; - /* does it look like a table? */ - if (!strchr(buf, '\t') || *buf == '\t') { - /* nope, just text */ - snprintf(html, sizeof(html), "%s%s", - table_line_num ? "\n
    " : "", buf);
    -	table_line_num = 0;
    -	return html;
    -    }
    -    /* start html table */
    -    if (!table_line_num) {
    -	l += snprintf(html + l, sizeof(html) - l, "
    \n"); - next_is_header = 0; - } - /* remove '\n' */ - is_header = (!table_line_num || next_is_header) && !strchr(buf, ':') && !is_number(buf); - ttag = ttags[is_header]; - /* record starts */ - l += snprintf(html + l, sizeof(html) - l, ""); - /* substitute '\t' */ - buf_copy = x = xstrdup(buf); - if ((p = strchr(x, '\n'))) - *p = '\0'; - while (x && strlen(x)) { - int column_span = 1; - const char *cell = xstrtok(&x, '\t'); - while (x && *x == '\t') { - column_span++; - x++; - } - l += snprintf(html + l, sizeof(html) - l, "<%s colspan=\"%d\" align=\"%s\">%s", - ttag, column_span, - is_header ? "center" : is_number(cell) ? "right" : "left", - cell, ttag); - } - xfree(buf_copy); - /* record ends */ - l += snprintf(html + l, sizeof(html) - l, "\n"); - next_is_header = is_header && strstr(buf, "\t\t"); - table_line_num++; - return html; -} - -static int -read_reply(int s, cachemgr_request * req) -{ - char buf[4 * 1024]; - FILE *fp = fdopen(s, "r"); - /* interpretation states */ - enum { - isStatusLine, isHeaders, isBodyStart, isBody, isForward, isEof, isForwardEof, isSuccess, isError - } istate = isStatusLine; - int parse_menu = 0; - const char *action = req->action; - const char *statusStr = NULL; - int status = -1; - if (0 == strlen(req->action)) - parse_menu = 1; - else if (0 == strcasecmp(req->action, "menu")) - parse_menu = 1; - if (fp == NULL) { - perror("fdopen"); - return 1; - } - if (parse_menu) - action = "menu"; - /* read reply interpreting one line at a time depending on state */ - while (istate < isEof) { - if (!fgets(buf, sizeof(buf), fp)) - istate = istate == isForward ? isForwardEof : isEof; - switch (istate) { - case isStatusLine: - /* get HTTP status */ - /* uncomment the following if you want to debug headers */ - /* fputs("\r\n\r\n", stdout); */ - status = parse_status_line(buf, &statusStr); - istate = status == 200 ? isHeaders : isForward; - /* if cache asks for authentication, we have to reset our info */ - if (status == 401 || status == 407) { - reset_auth(req); - status = 403; /* Forbiden, see comments in case isForward: */ - } - /* this is a way to pass HTTP status to the Web server */ - if (statusStr) - printf("Status: %d %s", status, statusStr); /* statusStr has '\n' */ - break; - case isHeaders: - /* forward header field */ - if (!strcmp(buf, "\r\n")) { /* end of headers */ - fputs("Content-Type: text/html\r\n", stdout); /* add our type */ - istate = isBodyStart; - } - if (strncasecmp(buf, "Content-Type:", 13)) /* filter out their type */ - fputs(buf, stdout); - break; - case isBodyStart: - printf("\n"); - printf("CacheMgr@%s: %s\n", - req->hostname, action); - printf("\n"); - printf("\n"); - if (parse_menu) { - printf("

    Cache Manager menu for %s:

    ", - menu_url(req, "authenticate"), req->hostname); - printf("
      \n"); - } else { - printf("

      %s\n


      \n", - menu_url(req, "menu"), "Cache Manager menu"); - printf("
      \n");
      -	    }
      -	    istate = isBody;
      -	    /* yes, fall through, we do not want to loose the first line */
      -	case isBody:
      -	    /* interpret [and reformat] cache response */
      -	    if (parse_menu)
      -		fputs(munge_menu_line(buf, req), stdout);
      -	    else
      -		fputs(munge_other_line(buf, req), stdout);
      -	    break;
      -	case isForward:
      -	    /* forward: no modifications allowed */
      -	    /*
      -	     * Note: we currently do not know any way to get browser.reply to
      -	     * 401 to .cgi because web server filters out all auth info. Thus we
      -	     * disable authentication headers for now.
      -	     */
      -	    if (!strncasecmp(buf, "WWW-Authenticate:", 17) || !strncasecmp(buf, "Proxy-Authenticate:", 19));	/* skip */
      -	    else
      -		fputs(buf, stdout);
      -	    break;
      -	case isEof:
      -	    /* print trailers */
      -	    if (parse_menu)
      -		printf("
    \n"); - else - printf("
    \n"); - print_trailer(); - istate = isSuccess; - break; - case isForwardEof: - /* indicate that we finished processing an "error" sequence */ - istate = isError; - break; - default: - printf("%s: internal bug: invalid state reached: %d", script_name, istate); - istate = isError; - } - } - close(s); - return 0; -} - -static int -process_request(cachemgr_request * req) -{ - const struct hostent *hp; - static struct SOCKADDR_IN S; - int s; - int l; - static char buf[2 * 1024]; - if (req == NULL) { - auth_html(CACHEMGR_HOSTNAME, CACHE_HTTP_PORT, ""); - return 1; - } - if (req->hostname == NULL) { - req->hostname = xstrdup(CACHEMGR_HOSTNAME); - } - if (req->port == 0) { - req->port = CACHE_HTTP_PORT; - } - if (req->action == NULL) { - req->action = xstrdup(""); - } - if (!strcmp(req->action, "authenticate")) { - auth_html(req->hostname, req->port, req->user_name); - return 0; - } - if ((s = socket(PF_INET, SOCK_STREAM, 0)) < 0) { - snprintf(buf, 1024, "socket: %s\n", xstrerror()); - error_html(buf); - return 1; - } - memset(&S, '\0', sizeof(struct SOCKADDR_IN)); - FAMILY_FROM_SA(S) = AF_FAMILY; - if ((hp = gethostbyname(req->hostname)) != NULL) { - assert(hp->h_length <= sizeof(S.sin_addr.s_addr)); - xmemcpy(&ADDR_FROM_SA(S), hp->h_addr, hp->h_length); - } else if (SAFE_INET_ADDR(req->hostname, &ADDR_FROM_SA(S))) - (void) 0; - else { - snprintf(buf, 1024, "Unknown host: %s\n", req->hostname); - error_html(buf); - return 1; - } - PORT_FROM_SA(S) = htons(req->port); - if (connect(s, (struct sockaddr *) &S, sizeof(struct SOCKADDR_IN)) < 0) { - snprintf(buf, 1024, "connect: %s\n", xstrerror()); - error_html(buf); - return 1; - } - l = snprintf(buf, sizeof(buf), - "GET cache_object://%s/%s HTTP/1.0\r\n" - "Accept: */*\r\n" - "%s" /* Authentication info or nothing */ - "\r\n", - req->hostname, - req->action, - make_auth_header(req)); - write(s, buf, l); - debug(1) fprintf(stderr, "wrote request: '%s'\n", buf); - return read_reply(s, req); -} - -int -main(int argc, char *argv[]) -{ - char *s; - cachemgr_request *req; - memset(&no_addr, '\xFF', sizeof(no_addr)); - now = time(NULL); - if ((s = strrchr(argv[0], '/'))) - progname = xstrdup(s + 1); - else - progname = xstrdup(argv[0]); - if ((s = getenv("SCRIPT_NAME")) != NULL) - script_name = xstrdup(s); - req = read_request(); - return process_request(req); -} - -static char * -read_post_request(void) -{ - char *s; - char *buf; - int len; - if ((s = getenv("REQUEST_METHOD")) == NULL) - return NULL; - if (0 != strcasecmp(s, "POST")) - return NULL; - if ((s = getenv("CONTENT_LENGTH")) == NULL) - return NULL; - if ((len = atoi(s)) <= 0) - return NULL; - buf = xmalloc(len + 1); - fread(buf, len, 1, stdin); - buf[len] = '\0'; - return buf; -} - -static char * -read_get_request(void) -{ - char *s; - if ((s = getenv("QUERY_STRING")) == NULL) - return NULL; - return xstrdup(s); -} - -static cachemgr_request * -read_request(void) -{ - char *buf; - cachemgr_request *req; - char *s; - char *t; - char *q; - if ((buf = read_post_request()) != NULL) - (void) 0; - else if ((buf = read_get_request()) != NULL) - (void) 0; - else - return NULL; - if (strlen(buf) == 0) - return NULL; - req = xcalloc(1, sizeof(cachemgr_request)); - for (s = strtok(buf, "&"); s != NULL; s = strtok(NULL, "&")) { - t = xstrdup(s); - if ((q = strchr(t, '=')) == NULL) - continue; - *q++ = '\0'; - if (0 == strcasecmp(t, "host") && strlen(q)) - req->hostname = xstrdup(q); - else if (0 == strcasecmp(t, "port") && strlen(q)) - req->port = atoi(q); - else if (0 == strcasecmp(t, "user_name") && strlen(q)) - req->user_name = xstrdup(q); - else if (0 == strcasecmp(t, "passwd") && strlen(q)) - req->passwd = xstrdup(q); - else if (0 == strcasecmp(t, "auth") && strlen(q)) - req->pub_auth = xstrdup(q), decode_pub_auth(req); - else if (0 == strcasecmp(t, "operation")) - req->action = xstrdup(q); - } - make_pub_auth(req); - debug(1) fprintf(stderr, "cmgr: got req: host: '%s' port: %d uname: '%s' passwd: '%s' auth: '%s' oper: '%s'\n", - safe_str(req->hostname), req->port, safe_str(req->user_name), safe_str(req->passwd), safe_str(req->pub_auth), safe_str(req->action)); - return req; -} - - -/* Routines to support authentication */ - -/* - * Encodes auth info into a "public" form. - * Currently no powerful encryption is used. - */ -static void -make_pub_auth(cachemgr_request * req) -{ - static char buf[1024]; - safe_free(req->pub_auth); - debug(3) fprintf(stderr, "cmgr: encoding for pub...\n"); - if (!req->passwd || !strlen(req->passwd)) - return; - /* host | time | user | passwd */ - snprintf(buf, sizeof(buf), "%s|%d|%s|%s", - req->hostname, - (int) now, - req->user_name ? req->user_name : "", - req->passwd); - debug(3) fprintf(stderr, "cmgr: pre-encoded for pub: %s\n", buf); - debug(3) fprintf(stderr, "cmgr: encoded: '%s'\n", base64_encode(buf)); - req->pub_auth = xstrdup(base64_encode(buf)); -} - -static void -decode_pub_auth(cachemgr_request * req) -{ - char *buf; - const char *host_name; - const char *time_str; - const char *user_name; - const char *passwd; - - debug(2) fprintf(stderr, "cmgr: decoding pub: '%s'\n", safe_str(req->pub_auth)); - safe_free(req->passwd); - if (!req->pub_auth || strlen(req->pub_auth) < 4 + strlen(safe_str(req->hostname))) - return; - buf = xstrdup(base64_decode(req->pub_auth)); - debug(3) fprintf(stderr, "cmgr: length ok\n"); - /* parse ( a lot of memory leaks, but that is cachemgr style :) */ - if ((host_name = strtok(buf, "|")) == NULL) - return; - debug(3) fprintf(stderr, "cmgr: decoded host: '%s'\n", host_name); - if ((time_str = strtok(NULL, "|")) == NULL) - return; - debug(3) fprintf(stderr, "cmgr: decoded time: '%s' (now: %d)\n", time_str, (int) now); - if ((user_name = strtok(NULL, "|")) == NULL) - return; - debug(3) fprintf(stderr, "cmgr: decoded uname: '%s'\n", user_name); - if ((passwd = strtok(NULL, "|")) == NULL) - return; - debug(2) fprintf(stderr, "cmgr: decoded passwd: '%s'\n", passwd); - /* verify freshness and validity */ - if (atoi(time_str) + passwd_ttl < now) - return; - if (strcasecmp(host_name, req->hostname)) - return; - debug(1) fprintf(stderr, "cmgr: verified auth. info.\n"); - /* ok, accept */ - xfree(req->user_name); - req->user_name = xstrdup(user_name); - req->passwd = xstrdup(passwd); - xfree(buf); -} - -static void -reset_auth(cachemgr_request * req) -{ - safe_free(req->passwd); - safe_free(req->pub_auth); -} - -static const char * -make_auth_header(const cachemgr_request * req) -{ - static char buf[1024]; - off_t l = 0; - const char *str64; - if (!req->passwd) - return ""; - - snprintf(buf, sizeof(buf), "%s:%s", - req->user_name ? req->user_name : "", - req->passwd); - - str64 = base64_encode(buf); - l += snprintf(buf, sizeof(buf), "Authorization: Basic %s\r\n", str64); - assert(l < sizeof(buf)); - l += snprintf(&buf[l], sizeof(buf) - l, - "Proxy-Authorization: Basic %s\r\n", str64); - return buf; -} --- squid/src/client.c Sun Jul 1 00:19:58 2007 +++ /dev/null Sun Jul 1 00:19:58 2007 @@ -1,504 +0,0 @@ - -/* - * $Id: client.c,v 1.3.6.4 2005/02/10 02:41:04 hno Exp $ - * - * DEBUG: section 0 WWW Client - * AUTHOR: Harvest Derived - * - * SQUID Web Proxy Cache http://www.squid-cache.org/ - * ---------------------------------------------------------- - * - * Squid is the result of efforts by numerous individuals from - * the Internet community; see the CONTRIBUTORS file for full - * details. Many organizations have provided support for Squid's - * development; see the SPONSORS file for full details. Squid is - * Copyrighted (C) 2001 by the Regents of the University of - * California; see the COPYRIGHT file for full details. Squid - * incorporates software developed and/or copyrighted by other - * sources; see the CREDITS file for full details. - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA. - * - */ - -#include "squid.h" - -#ifndef BUFSIZ -#define BUFSIZ 8192 -#endif - -/* Local functions */ -static int client_comm_bind(int, const char *); -static int client_comm_connect(int, const char *, u_short, struct timeval *); -static void usage(const char *progname); -static int Now(struct timeval *); -static SIGHDLR catch; -static SIGHDLR pipe_handler; -static void set_our_signal(void); -static ssize_t myread(int fd, void *buf, size_t len); -static ssize_t mywrite(int fd, void *buf, size_t len); -static int put_fd; -static char *put_file = NULL; -static struct stat sb; -int total_bytes = 0; -int io_timeout = 120; - -static void -usage(const char *progname) -{ - fprintf(stderr, - "Usage: %s [-arsv] [-i IMS] [-h remote host] [-l local host] [-p port] [-m method] [-t count] [-I ping-interval] [-H 'strings'] [-T timeout] url\n" - "Options:\n" - " -P file PUT request.\n" - " -a Do NOT include Accept: header.\n" - " -r Force cache to reload URL.\n" - " -s Silent. Do not print data to stdout.\n" - " -v Verbose. Print outgoing message to stderr.\n" - " -i IMS If-Modified-Since time (in Epoch seconds).\n" - " -h host Retrieve URL from cache on hostname. Default is localhost.\n" - " -l host Specify a local IP address to bind to. Default is none.\n" - " -p port Port number of cache. Default is %d.\n" - " -m method Request method, default is GET.\n" - " -t count Trace count cache-hops\n" - " -g count Ping mode, \"count\" iterations (0 to loop until interrupted).\n" - " -I interval Ping interval in seconds (default 1 second).\n" - " -H 'string' Extra headers to send. Use '\\n' for new lines.\n" - " -T timeout Timeout value (seconds) for read/write operations.\n" - " -u user Proxy authentication username\n" - " -w password Proxy authentication password\n" - " -U user WWW authentication username\n" - " -W password WWW authentication password\n", - progname, CACHE_HTTP_PORT); - exit(1); -} - -static int interrupted = 0; -int -main(int argc, char *argv[]) -{ - int conn, c, len, bytesWritten; - int port, to_stdout, reload; - int ping, pcount; - int keep_alive = 0; - int opt_noaccept = 0; - int opt_verbose = 0; - const char *hostname, *localhost; - char url[BUFSIZ], msg[BUFSIZ], buf[BUFSIZ]; - char extra_hdrs[BUFSIZ]; - const char *method = "GET"; - extern char *optarg; - time_t ims = 0; - int max_forwards = -1; - struct timeval tv1, tv2; - int i = 0, loops; - long ping_int; - long ping_min = 0, ping_max = 0, ping_sum = 0, ping_mean = 0; - char *proxy_user = NULL; - char *proxy_password = NULL; - char *www_user = NULL; - char *www_password = NULL; - - /* set the defaults */ - hostname = "localhost"; - localhost = NULL; - extra_hdrs[0] = '\0'; - port = CACHE_HTTP_PORT; - to_stdout = 1; - reload = 0; - ping = 0; - pcount = 0; - ping_int = 1 * 1000; - - if (argc < 2) { - usage(argv[0]); /* need URL */ - } else if (argc >= 2) { - strncpy(url, argv[argc - 1], BUFSIZ); - url[BUFSIZ - 1] = '\0'; - if (url[0] == '-') - usage(argv[0]); - while ((c = getopt(argc, argv, "ah:l:P:i:km:p:rsvt:g:p:I:H:T:u:U:w:W:?")) != -1) - switch (c) { - case 'a': - opt_noaccept = 1; - break; - case 'h': /* remote host */ - if (optarg != NULL) - hostname = optarg; - break; - case 'l': /* local host */ - if (optarg != NULL) - localhost = optarg; - break; - case 's': /* silent */ - to_stdout = 0; - break; - case 'k': /* backward compat */ - keep_alive = 1; - break; - case 'r': /* reload */ - reload = 1; - break; - case 'p': /* port number */ - sscanf(optarg, "%d", &port); - if (port < 1) - port = CACHE_HTTP_PORT; /* default */ - break; - case 'P': - put_file = xstrdup(optarg); - break; - case 'i': /* IMS */ - ims = (time_t) atoi(optarg); - break; - case 'm': - method = xstrdup(optarg); - break; - case 't': - method = xstrdup("TRACE"); - max_forwards = atoi(optarg); - break; - case 'g': - ping = 1; - pcount = atoi(optarg); - to_stdout = 0; - break; - case 'I': - if ((ping_int = atoi(optarg) * 1000) <= 0) - usage(argv[0]); - break; - case 'H': - if (strlen(optarg)) { - char *t; - strncpy(extra_hdrs, optarg, sizeof(extra_hdrs)); - while ((t = strstr(extra_hdrs, "\\n"))) - *t = '\r', *(t + 1) = '\n'; - } - break; - case 'T': - io_timeout = atoi(optarg); - break; - case 'u': - proxy_user = optarg; - break; - case 'w': - proxy_password = optarg; - break; - case 'U': - www_user = optarg; - break; - case 'W': - www_password = optarg; - break; - case 'v': - /* undocumented: may increase verb-level by giving more -v's */ - opt_verbose++; - break; - case '?': /* usage */ - default: - usage(argv[0]); - break; - } - } - /* Build the HTTP request */ - if (strncmp(url, "mgr:", 4) == 0) { - char *t = xstrdup(url + 4); - snprintf(url, BUFSIZ, "cache_object://%s/%s", hostname, t); - xfree(t); - } - if (put_file) { - put_fd = open(put_file, O_RDONLY); - set_our_signal(); - if (put_fd < 0) { - fprintf(stderr, "%s: can't open file (%s)\n", argv[0], - xstrerror()); - exit(-1); - } -#if defined(_SQUID_CYGWIN_) - setmode(put_fd, O_BINARY); -#endif - fstat(put_fd, &sb); - } - snprintf(msg, BUFSIZ, "%s %s HTTP/1.0\r\n", method, url); - if (reload) { - snprintf(buf, BUFSIZ, "Pragma: no-cache\r\n"); - strcat(msg, buf); - } - if (put_fd > 0) { - snprintf(buf, BUFSIZ, "Content-length: %d\r\n", (int) sb.st_size); - strcat(msg, buf); - } - if (opt_noaccept == 0) { - snprintf(buf, BUFSIZ, "Accept: */*\r\n"); - strcat(msg, buf); - } - if (ims) { - snprintf(buf, BUFSIZ, "If-Modified-Since: %s\r\n", mkrfc1123(ims)); - strcat(msg, buf); - } - if (max_forwards > -1) { - snprintf(buf, BUFSIZ, "Max-Forwards: %d\r\n", max_forwards); - strcat(msg, buf); - } - if (proxy_user) { - char *user = proxy_user; - char *password = proxy_password; -#if HAVE_GETPASS - if (!password) - password = getpass("Proxy password: "); -#endif - if (!password) { - fprintf(stderr, "ERROR: Proxy password missing\n"); - exit(1); - } - snprintf(buf, BUFSIZ, "%s:%s", user, password); - snprintf(buf, BUFSIZ, "Proxy-Authorization: Basic %s\r\n", base64_encode(buf)); - strcat(msg, buf); - } - if (www_user) { - char *user = www_user; - char *password = www_password; -#if HAVE_GETPASS - if (!password) - password = getpass("WWW password: "); -#endif - if (!password) { - fprintf(stderr, "ERROR: WWW password missing\n"); - exit(1); - } - snprintf(buf, BUFSIZ, "%s:%s", user, password); - snprintf(buf, BUFSIZ, "Authorization: Basic %s\r\n", base64_encode(buf)); - strcat(msg, buf); - } - if (keep_alive) { - if (port != 80) - snprintf(buf, BUFSIZ, "Proxy-Connection: keep-alive\r\n"); - else - snprintf(buf, BUFSIZ, "Connection: keep-alive\r\n"); - strcat(msg, buf); - } - strcat(msg, extra_hdrs); - snprintf(buf, BUFSIZ, "\r\n"); - strcat(msg, buf); - - if (opt_verbose) - fprintf(stderr, "headers: '%s'\n", msg); - - if (ping) { -#if HAVE_SIGACTION - struct sigaction sa, osa; - if (sigaction(SIGINT, NULL, &osa) == 0 && osa.sa_handler == SIG_DFL) { - sa.sa_handler = catch; - sa.sa_flags = 0; - sigemptyset(&sa.sa_mask); - (void) sigaction(SIGINT, &sa, NULL); - } -#else - void (*osig) (); - if ((osig = signal(SIGINT, catch)) != SIG_DFL) - (void) signal(SIGINT, osig); -#endif - } - loops = ping ? pcount : 1; - for (i = 0; loops == 0 || i < loops; i++) { - int fsize = 0; - /* Connect to the server */ - if ((conn = socket(PF_INET, SOCK_STREAM, 0)) < 0) { - perror("client: socket"); - exit(1); - } - if (localhost && client_comm_bind(conn, localhost) < 0) { - perror("client: bind"); - exit(1); - } - if (client_comm_connect(conn, hostname, port, ping ? &tv1 : NULL) < 0) { - if (errno == 0) { - fprintf(stderr, "client: ERROR: Cannot connect to %s:%d: Host unknown.\n", hostname, port); - } else { - char tbuf[BUFSIZ]; - snprintf(tbuf, BUFSIZ, "client: ERROR: Cannot connect to %s:%d", - hostname, port); - perror(tbuf); - } - exit(1); - } - /* Send the HTTP request */ - bytesWritten = mywrite(conn, msg, strlen(msg)); - if (bytesWritten < 0) { - perror("client: ERROR: write"); - exit(1); - } else if (bytesWritten != strlen(msg)) { - fprintf(stderr, "client: ERROR: Cannot send request?: %s\n", msg); - exit(1); - } - if (put_file) { - int x; - lseek(put_fd, 0, SEEK_SET); - while ((x = myread(put_fd, buf, sizeof(buf))) > 0) { - x = mywrite(conn, buf, x); - total_bytes += x; - if (x <= 0) - break; - } - if (x != 0) - fprintf(stderr, "client: ERROR: Cannot send file.\n"); - } - /* Read the data */ - - while ((len = myread(conn, buf, sizeof(buf))) > 0) { - fsize += len; - if (to_stdout) - fwrite(buf, len, 1, stdout); - } - (void) close(conn); /* done with socket */ - - if (interrupted) - break; - - if (ping) { - struct tm *tmp; - time_t t2s; - long elapsed_msec; - - (void) Now(&tv2); - elapsed_msec = tvSubMsec(tv1, tv2); - t2s = tv2.tv_sec; - tmp = localtime(&t2s); - fprintf(stderr, "%d-%02d-%02d %02d:%02d:%02d [%d]: %ld.%03ld secs, %f KB/s\n", - tmp->tm_year + 1900, tmp->tm_mon + 1, tmp->tm_mday, - tmp->tm_hour, tmp->tm_min, tmp->tm_sec, i + 1, - elapsed_msec / 1000, elapsed_msec % 1000, - elapsed_msec ? (double) fsize / elapsed_msec : -1.0); - if (i == 0 || elapsed_msec < ping_min) - ping_min = elapsed_msec; - if (i == 0 || elapsed_msec > ping_max) - ping_max = elapsed_msec; - ping_sum += elapsed_msec; - /* Delay until next "ping_int" boundary */ - if ((loops == 0 || i + 1 < loops) && elapsed_msec < ping_int) { - struct timeval tvs; - long msec_left = ping_int - elapsed_msec; - - tvs.tv_sec = msec_left / 1000; - tvs.tv_usec = (msec_left % 1000) * 1000; - select(0, NULL, NULL, NULL, &tvs); - } - } - } - - if (ping && i) { - ping_mean = ping_sum / i; - fprintf(stderr, "%d requests, round-trip (secs) min/avg/max = " - "%ld.%03ld/%ld.%03ld/%ld.%03ld\n", i, - ping_min / 1000, ping_min % 1000, ping_mean / 1000, ping_mean % 1000, - ping_max / 1000, ping_max % 1000); - } - exit(0); - /*NOTREACHED */ - return 0; -} - -static int -client_comm_bind(int sock, const char *local_host) -{ - static const struct hostent *hp = NULL; - static struct SOCKADDR_IN from_addr; - - /* Set up the source socket address from which to send. */ - if (hp == NULL) { - FAMILY_FROM_SA(from_addr) = AF_FAMILY; - - if ((hp = gethostbyname(local_host)) == 0) - return (-1); - - xmemcpy(&ADDR_FROM_SA(from_addr), hp->h_addr, hp->h_length); - PORT_FROM_SA(from_addr) = 0; - } - return bind(sock, (struct sockaddr *) &from_addr, sizeof(struct SOCKADDR_IN)); -} - -static int -client_comm_connect(int sock, const char *dest_host, u_short dest_port, struct timeval *tvp) -{ - static const struct hostent *hp = NULL; - static struct SOCKADDR_IN to_addr; - - /* Set up the destination socket address for message to send to. */ - if (hp == NULL) { - FAMILY_FROM_SA(to_addr) = AF_FAMILY; - - if ((hp = gethostbyname(dest_host)) == 0) { - return (-1); - } - xmemcpy(&ADDR_FROM_SA(to_addr), hp->h_addr, hp->h_length); - PORT_FROM_SA(to_addr) = htons(dest_port); - } - if (tvp) - (void) Now(tvp); - return connect(sock, (struct sockaddr *) &to_addr, sizeof(struct SOCKADDR_IN)); -} - -static int -Now(struct timeval *tp) -{ -#if GETTIMEOFDAY_NO_TZP - return gettimeofday(tp); -#else - return gettimeofday(tp, NULL); -#endif -} /* ARGSUSED */ - -static void -catch(int sig) -{ - interrupted = 1; - fprintf(stderr, "Interrupted.\n"); -} - -static void -pipe_handler(int sig) -{ - fprintf(stderr, "SIGPIPE received.\n"); -} - -static void -set_our_signal(void) -{ -#if HAVE_SIGACTION - struct sigaction sa; - sa.sa_handler = pipe_handler; - sa.sa_flags = SA_RESTART; - sigemptyset(&sa.sa_mask); - if (sigaction(SIGPIPE, &sa, NULL) < 0) { - fprintf(stderr, "Cannot set PIPE signal.\n"); - exit(-1); - } -#else - signal(SIGPIPE, pipe_handler); -#endif - -} - -static ssize_t -myread(int fd, void *buf, size_t len) -{ - alarm(io_timeout); - return read(fd, buf, len); -} - -static ssize_t -mywrite(int fd, void *buf, size_t len) -{ - alarm(io_timeout); - return write(fd, buf, len); -} --- squid/src/wais.c Sun Jul 1 00:19:58 2007 +++ /dev/null Sun Jul 1 00:19:58 2007 @@ -1,245 +0,0 @@ - -/* - * $Id: wais.c,v 1.3.6.4 2001/10/25 18:24:55 hno Exp $ - * - * DEBUG: section 24 WAIS Relay - * AUTHOR: Harvest Derived - * - * SQUID Web Proxy Cache http://www.squid-cache.org/ - * ---------------------------------------------------------- - * - * Squid is the result of efforts by numerous individuals from - * the Internet community; see the CONTRIBUTORS file for full - * details. Many organizations have provided support for Squid's - * development; see the SPONSORS file for full details. Squid is - * Copyrighted (C) 2001 by the Regents of the University of - * California; see the COPYRIGHT file for full details. Squid - * incorporates software developed and/or copyrighted by other - * sources; see the CREDITS file for full details. - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA. - * - */ - -#include "squid.h" - -typedef struct { - int fd; - StoreEntry *entry; - method_t method; - const HttpHeader *request_hdr; - char url[MAX_URL]; - request_t *request; - FwdState *fwd; -} WaisStateData; - -static PF waisStateFree; -static PF waisTimeout; -static PF waisReadReply; -static CWCB waisSendComplete; -static PF waisSendRequest; - -static void -waisStateFree(int fdnotused, void *data) -{ - WaisStateData *waisState = data; - if (waisState == NULL) - return; - storeUnlockObject(waisState->entry); - requestUnlink(waisState->request); - cbdataFree(waisState); -} - -/* This will be called when socket lifetime is expired. */ -static void -waisTimeout(int fd, void *data) -{ - WaisStateData *waisState = data; - StoreEntry *entry = waisState->entry; - debug(24, 4) ("waisTimeout: FD %d: '%s'\n", fd, storeUrl(entry)); - if (entry->store_status == STORE_PENDING) { - if (entry->mem_obj->inmem_hi == 0) { - fwdFail(waisState->fwd, - errorCon(ERR_READ_TIMEOUT, HTTP_GATEWAY_TIMEOUT)); - } - } - comm_close(fd); -} - -/* This will be called when data is ready to be read from fd. Read until - * error or connection closed. */ -static void -waisReadReply(int fd, void *data) -{ - WaisStateData *waisState = data; - LOCAL_ARRAY(char, buf, 4096); - StoreEntry *entry = waisState->entry; - int len; - int clen; - int bin; - size_t read_sz; -#if DELAY_POOLS - delay_id delay_id = delayMostBytesAllowed(entry->mem_obj); -#endif - if (EBIT_TEST(entry->flags, ENTRY_ABORTED)) { - comm_close(fd); - return; - } - errno = 0; - read_sz = 4096; -#if DELAY_POOLS - read_sz = delayBytesWanted(delay_id, 1, read_sz); -#endif - statCounter.syscalls.sock.reads++; - len = FD_READ_METHOD(fd, buf, read_sz); - if (len > 0) { - fd_bytes(fd, len, FD_READ); -#if DELAY_POOLS - delayBytesIn(delay_id, len); -#endif - kb_incr(&statCounter.server.all.kbytes_in, len); - kb_incr(&statCounter.server.other.kbytes_in, len); - } - debug(24, 5) ("waisReadReply: FD %d read len:%d\n", fd, len); - if (len > 0) { - commSetTimeout(fd, Config.Timeout.read, NULL, NULL); - IOStats.Wais.reads++; - for (clen = len - 1, bin = 0; clen; bin++) - clen >>= 1; - IOStats.Wais.read_hist[bin]++; - } - if (len < 0) { - debug(50, 1) ("waisReadReply: FD %d: read failure: %s.\n", - fd, xstrerror()); - if (ignoreErrno(errno)) { - /* reinstall handlers */ - /* XXX This may loop forever */ - commSetSelect(fd, COMM_SELECT_READ, - waisReadReply, waisState, 0); - } else { - ErrorState *err; - EBIT_CLR(entry->flags, ENTRY_CACHABLE); - storeReleaseRequest(entry); - err = errorCon(ERR_READ_ERROR, HTTP_INTERNAL_SERVER_ERROR); - err->xerrno = errno; - err->request = requestLink(waisState->request); - errorAppendEntry(entry, err); - comm_close(fd); - } - } else if (len == 0 && entry->mem_obj->inmem_hi == 0) { - ErrorState *err; - err = errorCon(ERR_ZERO_SIZE_OBJECT, HTTP_SERVICE_UNAVAILABLE); - err->xerrno = errno; - err->request = requestLink(waisState->request); - errorAppendEntry(entry, err); - comm_close(fd); - } else if (len == 0) { - /* Connection closed; retrieval done. */ - entry->expires = squid_curtime; - fwdComplete(waisState->fwd); - comm_close(fd); - } else { - storeAppend(entry, buf, len); - commSetSelect(fd, - COMM_SELECT_READ, - waisReadReply, - waisState, 0); - } -} - -/* This will be called when request write is complete. Schedule read of - * reply. */ -static void -waisSendComplete(int fd, char *bufnotused, size_t size, int errflag, void *data) -{ - WaisStateData *waisState = data; - StoreEntry *entry = waisState->entry; - debug(24, 5) ("waisSendComplete: FD %d size: %d errflag: %d\n", - fd, (int) size, errflag); - if (size > 0) { - fd_bytes(fd, size, FD_WRITE); - kb_incr(&statCounter.server.all.kbytes_out, size); - kb_incr(&statCounter.server.other.kbytes_out, size); - } - if (errflag == COMM_ERR_CLOSING) - return; - if (errflag) { - ErrorState *err; - err = errorCon(ERR_WRITE_ERROR, HTTP_SERVICE_UNAVAILABLE); - err->xerrno = errno; - err->request = requestLink(waisState->request); - errorAppendEntry(entry, err); - comm_close(fd); - } else { - /* Schedule read reply. */ - commSetSelect(fd, - COMM_SELECT_READ, - waisReadReply, - waisState, 0); - commSetDefer(fd, fwdCheckDeferRead, entry); - } -} - -/* This will be called when connect completes. Write request. */ -static void -waisSendRequest(int fd, void *data) -{ - WaisStateData *waisState = data; - MemBuf mb; - const char *Method = RequestMethodStr[waisState->method]; - debug(24, 5) ("waisSendRequest: FD %d\n", fd); - memBufDefInit(&mb); - memBufPrintf(&mb, "%s %s HTTP/1.0\r\n", Method, waisState->url); - if (waisState->request_hdr) { - Packer p; - packerToMemInit(&p, &mb); - httpHeaderPackInto(waisState->request_hdr, &p); - packerClean(&p); - } - memBufPrintf(&mb, "\r\n"); - debug(24, 6) ("waisSendRequest: buf: %s\n", mb.buf); - comm_write_mbuf(fd, mb, waisSendComplete, waisState); - if (EBIT_TEST(waisState->entry->flags, ENTRY_CACHABLE)) - storeSetPublicKey(waisState->entry); /* Make it public */ - EBIT_CLR(waisState->entry->flags, ENTRY_FWD_HDR_WAIT); -} - -CBDATA_TYPE(WaisStateData); -void -waisStart(FwdState * fwd) -{ - WaisStateData *waisState = NULL; - request_t *request = fwd->request; - StoreEntry *entry = fwd->entry; - int fd = fwd->server_fd; - const char *url = storeUrl(entry); - method_t method = request->method; - debug(24, 3) ("waisStart: \"%s %s\"\n", RequestMethodStr[method], url); - statCounter.server.all.requests++; - statCounter.server.other.requests++; - CBDATA_INIT_TYPE(WaisStateData); - waisState = cbdataAlloc(WaisStateData); - waisState->method = method; - waisState->request_hdr = &request->header; - waisState->fd = fd; - waisState->entry = entry; - xstrncpy(waisState->url, url, MAX_URL); - waisState->request = requestLink(request); - waisState->fwd = fwd; - comm_add_close_handler(waisState->fd, waisStateFree, waisState); - storeLockObject(entry); - commSetSelect(fd, COMM_SELECT_WRITE, waisSendRequest, waisState, 0); - commSetTimeout(fd, Config.Timeout.read, waisTimeout, waisState); -} --- squid/src/auth/basic/Makefile.am Sun Jul 1 00:19:58 2007 +++ /dev/null Sun Jul 1 00:19:58 2007 @@ -1 +0,0 @@ -SUBDIRS = --- squid/src/auth/digest/Makefile.am Sun Jul 1 00:19:59 2007 +++ /dev/null Sun Jul 1 00:19:58 2007 @@ -1 +0,0 @@ -SUBDIRS = --- squid/src/auth/ntlm/Makefile.am Sun Jul 1 00:19:59 2007 +++ /dev/null Sun Jul 1 00:19:58 2007 @@ -1 +0,0 @@ -SUBDIRS = --- squid/src/fs/aufs/Makefile.am Sun Jul 1 00:19:59 2007 +++ /dev/null Sun Jul 1 00:19:58 2007 @@ -1,2 +0,0 @@ -all clean: - @cd .. && $(MAKE) $(MFLAGS) aufs/$@ --- squid/src/fs/coss/Makefile.am Sun Jul 1 00:19:59 2007 +++ /dev/null Sun Jul 1 00:19:58 2007 @@ -1,2 +0,0 @@ -all clean: - @cd .. && $(MAKE) $(MFLAGS) coss/$@ --- squid/src/fs/diskd/Makefile.am Sun Jul 1 00:19:59 2007 +++ /dev/null Sun Jul 1 00:19:58 2007 @@ -1,11 +0,0 @@ -# -# Makefile for the DISKD storage driver for the Squid Object Cache server -# -# $Id$ -# - -libexec_PROGRAMS = diskd -LDADD = $(top_builddir)/lib/libmiscutil.a @XTRA_LIBS@ - -INCLUDES = -I. -I$(top_builddir)/include -I$(top_srcdir)/include \ - -I$(top_srcdir)/src/ --- squid/src/fs/null/Makefile.am Sun Jul 1 00:19:59 2007 +++ /dev/null Sun Jul 1 00:19:58 2007 @@ -1,2 +0,0 @@ -all clean: - @cd .. && $(MAKE) $(MFLAGS) null/$@ --- squid/src/fs/ufs/Makefile.am Sun Jul 1 00:19:59 2007 +++ /dev/null Sun Jul 1 00:19:58 2007 @@ -1,2 +0,0 @@ -all clean: - @cd .. && $(MAKE) $(MFLAGS) ufs/$@